src/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
   6
   7 #include "base/bind.h"
   8 #include "base/bind_helpers.h"
   9 #include "base/prefs/pref_registry_simple.h"
  10 #include "base/prefs/pref_service.h"
  11 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h"
  12 #include "chrome/browser/chromeos/login/startup_utils.h"
  13 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
  14 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h"
  15 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  16 #include "chrome/browser/policy/cloud/cloud_policy_constants.h"
  17 #include "chrome/browser/policy/cloud/cloud_policy_store.h"
  18 #include "chrome/browser/policy/cloud/device_management_service.h"
  19 #include "chrome/browser/policy/proto/cloud/device_management_backend.pb.h"
  20 #include "chrome/common/pref_names.h"
  21 #include "chromeos/chromeos_constants.h"
  22 #include "chromeos/system/statistics_provider.h"
  23
  24 namespace em = enterprise_management;
  25
  26 namespace policy {
  27
  28 namespace {
  29
  30 // MachineInfo key names.
  31 const char kMachineInfoSystemHwqual[] = "hardware_class";
  32
  33 // These are the machine serial number keys that we check in order until we
  34 // find a non-empty serial number. The VPD spec says the serial number should be
  35 // in the "serial_number" key for v2+ VPDs. However, legacy devices used a
  36 // different keys to report their serial number, which we fall back to if
  37 // "serial_number" is not present.
  38 //
  39 // Product_S/N is still special-cased due to inconsistencies with serial
  40 // numbers on Lumpy devices: On these devices, serial_number is identical to
  41 // Product_S/N with an appended checksum. Unfortunately, the sticker on the
  42 // packaging doesn't include that checksum either (the sticker on the device
  43 // does though!). The former sticker is the source of the serial number used by
  44 // device management service, so we prefer Product_S/N over serial number to
  45 // match the server.
  46 //
  47 // TODO(mnissler): Move serial_number back to the top once the server side uses
  48 // the correct serial number.
  49 const char* kMachineInfoSerialNumberKeys[] = {
  50   "Product_S/N",    // Lumpy/Alex devices
  51   "serial_number",  // VPD v2+ devices
  52   "Product_SN",     // Mario
  53   "sn",             // old ZGB devices (more recent ones use serial_number)
  54 };
  55
  56 // Fetches a machine statistic value from StatisticsProvider, returns an empty
  57 // string on failure.
  58 std::string GetMachineStatistic(const std::string& key) {
  59   std::string value;
  60   chromeos::system::StatisticsProvider* provider =
  61       chromeos::system::StatisticsProvider::GetInstance();
  62   if (!provider->GetMachineStatistic(key, &value))
  63     return std::string();
  64
  65   return value;
  66 }
  67
  68 // Gets a machine flag from StatisticsProvider, returns the given
  69 // |default_value| if not present.
  70 bool GetMachineFlag(const std::string& key, bool default_value) {
  71   bool value = default_value;
  72   chromeos::system::StatisticsProvider* provider =
  73       chromeos::system::StatisticsProvider::GetInstance();
  74   if (!provider->GetMachineFlag(key, &value))
  75     return default_value;
  76
  77   return value;
  78 }
  79
  80 }  // namespace
  81
  82 DeviceCloudPolicyManagerChromeOS::DeviceCloudPolicyManagerChromeOS(
  83     scoped_ptr<DeviceCloudPolicyStoreChromeOS> store,
  84     const scoped_refptr<base::SequencedTaskRunner>& task_runner,
  85     const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
  86     EnterpriseInstallAttributes* install_attributes)
  87     : CloudPolicyManager(
  88           PolicyNamespaceKey(dm_protocol::kChromeDevicePolicyType,
  89                              std::string()),
  90           store.get(),
  91           task_runner),
  92       device_store_(store.Pass()),
  93       background_task_runner_(background_task_runner),
  94       install_attributes_(install_attributes),
  95       device_management_service_(NULL),
  96       local_state_(NULL) {}
  97
  98 DeviceCloudPolicyManagerChromeOS::~DeviceCloudPolicyManagerChromeOS() {}
  99
 100 void DeviceCloudPolicyManagerChromeOS::Connect(
 101     PrefService* local_state,
 102     DeviceManagementService* device_management_service,
 103     scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider) {
 104   CHECK(!device_management_service_);
 105   CHECK(device_management_service);
 106   CHECK(local_state);
 107
 108   local_state_ = local_state;
 109   device_management_service_ = device_management_service;
 110   device_status_provider_ = device_status_provider.Pass();
 111
 112   StartIfManaged();
 113 }
 114
 115 void DeviceCloudPolicyManagerChromeOS::StartEnrollment(
 116     const std::string& auth_token,
 117     bool is_auto_enrollment,
 118     const AllowedDeviceModes& allowed_device_modes,
 119     const EnrollmentCallback& callback) {
 120   CHECK(device_management_service_);
 121   core()->Disconnect();
 122
 123   enrollment_handler_.reset(
 124       new EnrollmentHandlerChromeOS(
 125           device_store_.get(), install_attributes_, CreateClient(),
 126           background_task_runner_, auth_token,
 127           install_attributes_->GetDeviceId(), is_auto_enrollment,
 128           GetDeviceRequisition(), allowed_device_modes,
 129           base::Bind(&DeviceCloudPolicyManagerChromeOS::EnrollmentCompleted,
 130                      base::Unretained(this), callback)));
 131   enrollment_handler_->StartEnrollment();
 132 }
 133
 134 void DeviceCloudPolicyManagerChromeOS::CancelEnrollment() {
 135   if (enrollment_handler_.get()) {
 136     enrollment_handler_.reset();
 137     StartIfManaged();
 138   }
 139 }
 140
 141 std::string DeviceCloudPolicyManagerChromeOS::GetDeviceRequisition() const {
 142   std::string requisition;
 143   const PrefService::Preference* pref = local_state_->FindPreference(
 144       prefs::kDeviceEnrollmentRequisition);
 145   if (pref->IsDefaultValue() && !chromeos::StartupUtils::IsOobeCompleted()) {
 146     // OEM statistics are only loaded when OOBE is not completed.
 147     requisition =
 148         GetMachineStatistic(chromeos::system::kOemDeviceRequisitionKey);
 149   } else {
 150     pref->GetValue()->GetAsString(&requisition);
 151   }
 152
 153   return requisition;
 154 }
 155
 156 void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition(
 157     const std::string& requisition) {
 158   if (local_state_) {
 159     if (requisition.empty()) {
 160       local_state_->ClearPref(prefs::kDeviceEnrollmentRequisition);
 161       local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart);
 162       local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit);
 163     } else {
 164       local_state_->SetString(prefs::kDeviceEnrollmentRequisition, requisition);
 165       local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
 166       local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
 167     }
 168   }
 169 }
 170
 171 bool DeviceCloudPolicyManagerChromeOS::ShouldAutoStartEnrollment() const {
 172   if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentAutoStart))
 173     return local_state_->GetBoolean(prefs::kDeviceEnrollmentAutoStart);
 174
 175   return GetMachineFlag(chromeos::system::kOemIsEnterpriseManagedKey, false);
 176 }
 177
 178 bool DeviceCloudPolicyManagerChromeOS::CanExitEnrollment() const {
 179   if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentCanExit))
 180     return local_state_->GetBoolean(prefs::kDeviceEnrollmentCanExit);
 181
 182   return GetMachineFlag(chromeos::system::kOemCanExitEnterpriseEnrollmentKey,
 183                         true);
 184 }
 185
 186 void DeviceCloudPolicyManagerChromeOS::Shutdown() {
 187   CloudPolicyManager::Shutdown();
 188   device_status_provider_.reset();
 189 }
 190
 191 void DeviceCloudPolicyManagerChromeOS::OnStoreLoaded(CloudPolicyStore* store) {
 192   CloudPolicyManager::OnStoreLoaded(store);
 193
 194   if (!enrollment_handler_.get())
 195     StartIfManaged();
 196 }
 197
 198 // static
 199 void DeviceCloudPolicyManagerChromeOS::RegisterPrefs(
 200     PrefRegistrySimple* registry) {
 201   registry->RegisterStringPref(prefs::kDeviceEnrollmentRequisition,
 202                                std::string());
 203   registry->RegisterBooleanPref(prefs::kDeviceEnrollmentAutoStart, false);
 204   registry->RegisterBooleanPref(prefs::kDeviceEnrollmentCanExit, true);
 205 }
 206
 207 // static
 208 std::string DeviceCloudPolicyManagerChromeOS::GetMachineID() {
 209   std::string machine_id;
 210   chromeos::system::StatisticsProvider* provider =
 211       chromeos::system::StatisticsProvider::GetInstance();
 212   for (size_t i = 0; i < arraysize(kMachineInfoSerialNumberKeys); i++) {
 213     if (provider->GetMachineStatistic(kMachineInfoSerialNumberKeys[i],
 214                                       &machine_id) &&
 215         !machine_id.empty()) {
 216       break;
 217     }
 218   }
 219
 220   if (machine_id.empty())
 221     LOG(WARNING) << "Failed to get machine id.";
 222
 223   return machine_id;
 224 }
 225
 226 // static
 227 std::string DeviceCloudPolicyManagerChromeOS::GetMachineModel() {
 228   return GetMachineStatistic(kMachineInfoSystemHwqual);
 229 }
 230
 231 std::string DeviceCloudPolicyManagerChromeOS::GetRobotAccountId() {
 232   const enterprise_management::PolicyData* policy = device_store_->policy();
 233   return policy ? policy->service_account_identity() : std::string();
 234 }
 235
 236 scoped_ptr<CloudPolicyClient> DeviceCloudPolicyManagerChromeOS::CreateClient() {
 237   return make_scoped_ptr(
 238       new CloudPolicyClient(GetMachineID(), GetMachineModel(),
 239                             USER_AFFILIATION_NONE,
 240                             device_status_provider_.get(),
 241                             device_management_service_));
 242 }
 243
 244 void DeviceCloudPolicyManagerChromeOS::EnrollmentCompleted(
 245     const EnrollmentCallback& callback,
 246     EnrollmentStatus status) {
 247   if (status.status() == EnrollmentStatus::STATUS_SUCCESS) {
 248     core()->Connect(enrollment_handler_->ReleaseClient());
 249     core()->StartRefreshScheduler();
 250     core()->TrackRefreshDelayPref(local_state_,
 251                                   prefs::kDevicePolicyRefreshRate);
 252     attestation_policy_observer_.reset(
 253         new chromeos::attestation::AttestationPolicyObserver(client()));
 254   } else {
 255     StartIfManaged();
 256   }
 257
 258   enrollment_handler_.reset();
 259   if (!callback.is_null())
 260     callback.Run(status);
 261 }
 262
 263 void DeviceCloudPolicyManagerChromeOS::StartIfManaged() {
 264   if (device_management_service_ &&
 265       local_state_ &&
 266       store()->is_initialized() &&
 267       store()->is_managed() &&
 268       !service()) {
 269     core()->Connect(CreateClient());
 270     core()->StartRefreshScheduler();
 271     core()->TrackRefreshDelayPref(local_state_,
 272                                   prefs::kDevicePolicyRefreshRate);
 273     attestation_policy_observer_.reset(
 274         new chromeos::attestation::AttestationPolicyObserver(client()));
 275   }
 276 }
 277
 278 }  // namespace policy