1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_
12 #include "base/basictypes.h"
13 #include "base/callback.h"
14 #include "base/compiler_specific.h"
15 #include "base/memory/ref_counted.h"
16 #include "base/memory/scoped_ptr.h"
17 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h"
18 #include "components/policy/core/common/cloud/cloud_policy_client.h"
19 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
20 #include "components/policy/core/common/cloud/cloud_policy_store.h"
23 class SequencedTaskRunner;
27 namespace attestation {
28 class AttestationPolicyObserver;
32 class PrefRegistrySimple;
37 class DeviceCloudPolicyStoreChromeOS;
38 class DeviceManagementService;
39 class EnrollmentHandlerChromeOS;
40 class EnterpriseInstallAttributes;
42 // CloudPolicyManager specialization for device policy on Chrome OS. The most
43 // significant addition is support for device enrollment.
44 class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager {
46 typedef std::bitset<32> AllowedDeviceModes;
47 typedef base::Callback<void(EnrollmentStatus)> EnrollmentCallback;
49 // The power of two determining the size of the time quanta for device state
50 // keys, i.e. the quanta will be of size 2^kDeviceStateKeyTimeQuantumPower
51 // seconds. 2^23 seconds corresponds to 97.09 days.
52 static const int kDeviceStateKeyTimeQuantumPower = 23;
54 // The number of future time quanta to generate device state identifiers for.
55 // This determines the interval after which a device will no longer receive
56 // server-backed state information and thus corresponds to the delay until a
57 // device becomes anonymous to the server again.
59 // The goal here is to guarantee state key validity for 1 year into the
60 // future. 4 quanta are needed to cover a year, but the current quantum is
61 // clipped short in the general case. Hence, one buffer quantum is needed to
62 // make up for the clipping, yielding a total of 5 quanta.
63 static const int kDeviceStateKeyFutureQuanta = 5;
65 // |task_runner| is the runner for policy refresh tasks.
66 // |background_task_runner| is used to execute long-running background tasks
67 // that may involve file I/O.
68 DeviceCloudPolicyManagerChromeOS(
69 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store,
70 const scoped_refptr<base::SequencedTaskRunner>& task_runner,
71 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner,
72 EnterpriseInstallAttributes* install_attributes);
73 virtual ~DeviceCloudPolicyManagerChromeOS();
75 // Establishes the connection to the cloud, updating policy as necessary.
77 PrefService* local_state,
78 DeviceManagementService* device_management_service,
79 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider);
81 // Starts enrollment or re-enrollment. Once the enrollment process completes,
82 // |callback| is invoked and gets passed the status of the operation.
83 // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for
85 void StartEnrollment(const std::string& auth_token,
86 bool is_auto_enrollment,
87 const AllowedDeviceModes& allowed_modes,
88 const EnrollmentCallback& callback);
90 // Cancels a pending enrollment operation, if any.
91 void CancelEnrollment();
93 // Gets/Sets the device requisition.
94 std::string GetDeviceRequisition() const;
95 void SetDeviceRequisition(const std::string& requisition);
97 // Checks whether enterprise enrollment should be a regular step during OOBE.
98 bool ShouldAutoStartEnrollment() const;
100 // Checks whether the user can cancel enrollment.
101 bool CanExitEnrollment() const;
103 // Gets the domain this device is supposed to be enrolled to.
104 std::string GetForcedEnrollmentDomain() const;
106 // CloudPolicyManager:
107 virtual void Shutdown() OVERRIDE;
109 // CloudPolicyStore::Observer:
110 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
112 // Pref registration helper.
113 static void RegisterPrefs(PrefRegistrySimple* registry);
115 // Returns the device serial number, or an empty string if not available.
116 static std::string GetMachineID();
118 // Returns the machine model, or an empty string if not available.
119 static std::string GetMachineModel();
121 // Gets the device state keys for |timestamp|. These will cover a time frame
122 // including |timestamp| and extending into the future as configured by the
123 // constants declared above.
124 static bool GetDeviceStateKeys(const base::Time& timestamp,
125 std::vector<std::string>* state_keys);
127 // Returns the currently valid device state key.
128 static std::string GetCurrentDeviceStateKey();
130 // Returns the robot 'email address' associated with the device robot
131 // account (sometimes called a service account) associated with this device
132 // during enterprise enrollment.
133 std::string GetRobotAccountId();
136 // Creates a new CloudPolicyClient.
137 scoped_ptr<CloudPolicyClient> CreateClient();
139 // Starts policy refreshes if |store_| indicates a managed device and the
140 // necessary dependencies have been provided via Initialize().
141 void StartIfManaged();
143 // Handles completion signaled by |enrollment_handler_|.
144 void EnrollmentCompleted(const EnrollmentCallback& callback,
145 EnrollmentStatus status);
147 // Starts the connection via |client_to_connect|.
148 void StartConnection(scoped_ptr<CloudPolicyClient> client_to_connect);
150 // Initializes requisition settings at OOBE with values from VPD.
151 void InitalizeRequisition();
153 // Gets the device restore mode as stored in |local_state_|.
154 std::string GetRestoreMode() const;
156 // Points to the same object as the base CloudPolicyManager::store(), but with
157 // actual device policy specific type.
158 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_store_;
159 scoped_refptr<base::SequencedTaskRunner> background_task_runner_;
160 EnterpriseInstallAttributes* install_attributes_;
162 DeviceManagementService* device_management_service_;
163 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider_;
165 // PrefService instance to read the policy refresh rate from.
166 PrefService* local_state_;
168 // Non-null if there is an enrollment operation pending.
169 scoped_ptr<EnrollmentHandlerChromeOS> enrollment_handler_;
171 scoped_ptr<chromeos::attestation::AttestationPolicyObserver>
172 attestation_policy_observer_;
174 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOS);
177 } // namespace policy
179 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_