1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_
12 #include "base/basictypes.h"
13 #include "base/callback.h"
14 #include "base/compiler_specific.h"
15 #include "base/memory/ref_counted.h"
16 #include "base/memory/scoped_ptr.h"
17 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
18 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
19 #include "components/policy/core/common/cloud/cloud_policy_client.h"
20 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
21 #include "components/policy/core/common/cloud/cloud_policy_store.h"
24 class SequencedTaskRunner;
28 namespace attestation {
29 class AttestationPolicyObserver;
33 class PrefRegistrySimple;
38 class DeviceCloudPolicyStoreChromeOS;
39 class DeviceManagementService;
40 class EnrollmentHandlerChromeOS;
41 class EnterpriseInstallAttributes;
43 // CloudPolicyManager specialization for device policy on Chrome OS. The most
44 // significant addition is support for device enrollment.
45 class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager {
47 typedef std::bitset<32> AllowedDeviceModes;
48 typedef base::Callback<void(EnrollmentStatus)> EnrollmentCallback;
50 // |task_runner| is the runner for policy refresh tasks.
51 // |background_task_runner| is used to execute long-running background tasks
52 // that may involve file I/O.
53 DeviceCloudPolicyManagerChromeOS(
54 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store,
55 const scoped_refptr<base::SequencedTaskRunner>& task_runner,
56 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
57 EnterpriseInstallAttributes* install_attributes,
58 ServerBackedStateKeysBroker* state_keys_broker);
59 virtual ~DeviceCloudPolicyManagerChromeOS();
61 // Establishes the connection to the cloud, updating policy as necessary.
63 PrefService* local_state,
64 DeviceManagementService* device_management_service,
65 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider);
67 // Starts enrollment or re-enrollment. Once the enrollment process completes,
68 // |callback| is invoked and gets passed the status of the operation.
69 // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for
71 void StartEnrollment(const std::string& auth_token,
72 bool is_auto_enrollment,
73 const AllowedDeviceModes& allowed_modes,
74 const EnrollmentCallback& callback);
76 // Cancels a pending enrollment operation, if any.
77 void CancelEnrollment();
79 // Gets/Sets the device requisition.
80 std::string GetDeviceRequisition() const;
81 void SetDeviceRequisition(const std::string& requisition);
83 // Checks whether enterprise enrollment should be a regular step during OOBE.
84 bool ShouldAutoStartEnrollment() const;
86 // Checks whether the user can cancel enrollment.
87 bool CanExitEnrollment() const;
89 // Gets the domain this device is supposed to be enrolled to.
90 std::string GetForcedEnrollmentDomain() const;
92 // CloudPolicyManager:
93 virtual void Shutdown() OVERRIDE;
95 // CloudPolicyStore::Observer:
96 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
98 // Pref registration helper.
99 static void RegisterPrefs(PrefRegistrySimple* registry);
101 // Returns the device serial number, or an empty string if not available.
102 static std::string GetMachineID();
104 // Returns the machine model, or an empty string if not available.
105 static std::string GetMachineModel();
107 // Returns the robot 'email address' associated with the device robot
108 // account (sometimes called a service account) associated with this device
109 // during enterprise enrollment.
110 std::string GetRobotAccountId();
113 // Creates a new CloudPolicyClient.
114 scoped_ptr<CloudPolicyClient> CreateClient();
116 // Starts policy refreshes if |store_| indicates a managed device and the
117 // necessary dependencies have been provided via Initialize().
118 void StartIfManaged();
120 // Handles completion signaled by |enrollment_handler_|.
121 void EnrollmentCompleted(const EnrollmentCallback& callback,
122 EnrollmentStatus status);
124 // Starts the connection via |client_to_connect|.
125 void StartConnection(scoped_ptr<CloudPolicyClient> client_to_connect);
127 // Saves the state keys received from |session_manager_client_|.
128 void OnStateKeysUpdated();
130 // Initializes requisition settings at OOBE with values from VPD.
131 void InitializeRequisition();
133 // Gets the device restore mode as stored in |local_state_|.
134 std::string GetRestoreMode() const;
136 // Points to the same object as the base CloudPolicyManager::store(), but with
137 // actual device policy specific type.
138 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_store_;
139 scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
140 EnterpriseInstallAttributes* install_attributes_;
141 ServerBackedStateKeysBroker* state_keys_broker_;
143 ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_;
145 DeviceManagementService* device_management_service_;
146 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider_;
148 // PrefService instance to read the policy refresh rate from.
149 PrefService* local_state_;
151 // Non-null if there is an enrollment operation pending.
152 scoped_ptr<EnrollmentHandlerChromeOS> enrollment_handler_;
154 scoped_ptr<chromeos::attestation::AttestationPolicyObserver>
155 attestation_policy_observer_;
157 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOS);
160 } // namespace policy
162 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_