1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_
12 #include "base/basictypes.h"
13 #include "base/compiler_specific.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/scoped_ptr.h"
16 #include "base/memory/weak_ptr.h"
17 #include "base/observer_list.h"
18 #include "chrome/browser/chromeos/extensions/device_local_account_external_policy_loader.h"
19 #include "chrome/browser/chromeos/settings/cros_settings.h"
20 #include "chrome/browser/policy/cloud/cloud_policy_core.h"
21 #include "chrome/browser/policy/cloud/cloud_policy_store.h"
24 class SequencedTaskRunner;
28 class DeviceSettingsService;
29 class SessionManagerClient;
34 struct DeviceLocalAccount;
35 class DeviceLocalAccountPolicyStore;
36 class DeviceManagementService;
38 // The main switching central that downloads, caches, refreshes, etc. policy for
39 // a single device-local account.
40 class DeviceLocalAccountPolicyBroker {
42 // |task_runner| is the runner for policy refresh tasks.
43 DeviceLocalAccountPolicyBroker(
44 const DeviceLocalAccount& account,
45 scoped_ptr<DeviceLocalAccountPolicyStore> store,
46 const scoped_refptr<base::SequencedTaskRunner>& task_runner);
47 ~DeviceLocalAccountPolicyBroker();
49 // Initialize the broker, loading its |store_|.
52 // For the difference between |account_id| and |user_id|, see the
53 // documentation of DeviceLocalAccount.
54 const std::string& account_id() const { return account_id_; }
55 const std::string& user_id() const { return user_id_; }
57 scoped_refptr<chromeos::DeviceLocalAccountExternalPolicyLoader>
58 extension_loader() const { return extension_loader_; }
60 CloudPolicyCore* core() { return &core_; }
61 const CloudPolicyCore* core() const { return &core_; }
63 // Fire up the cloud connection for fetching policy for the account from the
64 // cloud if this is an enterprise-managed device.
65 void ConnectIfPossible(
66 chromeos::DeviceSettingsService* device_settings_service,
67 DeviceManagementService* device_management_service);
69 // Destroy the cloud connection, stopping policy refreshes.
72 // Reads the refresh delay from policy and configures the refresh scheduler.
73 void UpdateRefreshDelay();
75 // Retrieves the display name for the account as stored in policy. Returns an
76 // empty string if the policy is not present.
77 std::string GetDisplayName() const;
80 const std::string account_id_;
81 const std::string user_id_;
82 const scoped_ptr<DeviceLocalAccountPolicyStore> store_;
83 scoped_refptr<chromeos::DeviceLocalAccountExternalPolicyLoader>
85 CloudPolicyCore core_;
87 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyBroker);
90 // Manages user policy blobs for device-local accounts present on the device.
91 // The actual policy blobs are brokered by session_manager (to prevent file
92 // manipulation), and we're making signature checks on the policy blobs to
93 // ensure they're issued by the device owner.
94 class DeviceLocalAccountPolicyService : public CloudPolicyStore::Observer {
96 // Interface for interested parties to observe policy changes.
99 virtual ~Observer() {}
101 // Policy for the given |user_id| has changed.
102 virtual void OnPolicyUpdated(const std::string& user_id) = 0;
104 // The list of accounts has been updated.
105 virtual void OnDeviceLocalAccountsChanged() = 0;
108 DeviceLocalAccountPolicyService(
109 chromeos::SessionManagerClient* session_manager_client,
110 chromeos::DeviceSettingsService* device_settings_service,
111 chromeos::CrosSettings* cros_settings,
112 scoped_refptr<base::SequencedTaskRunner> store_background_task_runner,
113 scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner);
114 virtual ~DeviceLocalAccountPolicyService();
116 // Initializes the cloud policy service connection.
117 void Connect(DeviceManagementService* device_management_service);
119 // Prevents further policy fetches from the cloud.
122 // Get the policy broker for a given |user_id|. Returns NULL if that |user_id|
123 // does not belong to an existing device-local account.
124 DeviceLocalAccountPolicyBroker* GetBrokerForUser(const std::string& user_id);
126 // Indicates whether policy has been successfully fetched for the given
128 bool IsPolicyAvailableForUser(const std::string& user_id);
130 void AddObserver(Observer* observer);
131 void RemoveObserver(Observer* observer);
133 // CloudPolicyStore::Observer:
134 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE;
135 virtual void OnStoreError(CloudPolicyStore* store) OVERRIDE;
138 typedef std::map<std::string, DeviceLocalAccountPolicyBroker*>
141 // Returns |true| if the directory in which force-installed extensions are
142 // cached for |account_id| is busy, either because a broker that was using
143 // this directory has not shut down completely yet or because the directory is
145 bool IsExtensionCacheDirectoryBusy(const std::string& account_id);
147 // Starts any extension caches that are not running yet but can be started now
148 // because their cache directories are no longer busy.
149 void StartExtensionCachesIfPossible();
151 // Checks whether a broker exists for |account_id|. If so, starts the broker's
152 // extension cache and returns |true|. Otherwise, returns |false|.
153 bool StartExtensionCacheForAccountIfPresent(const std::string& account_id);
155 // Called back when any extension caches belonging to device-local accounts
156 // that no longer exist have been removed at start-up.
157 void OnOrphanedExtensionCachesDeleted();
159 // Called back when the extension cache for |account_id| has been shut down.
160 void OnObsoleteExtensionCacheShutdown(const std::string& account_id);
162 // Called back when the extension cache for |account_id| has been removed.
163 void OnObsoleteExtensionCacheDeleted(const std::string& account_id);
165 // Re-queries the list of defined device-local accounts from device settings
166 // and updates |policy_brokers_| to match that list.
167 void UpdateAccountList();
169 // Calls |UpdateAccountList| if there are no previous calls pending.
170 void UpdateAccountListIfNonePending();
172 // Deletes brokers in |map| and clears it.
173 void DeleteBrokers(PolicyBrokerMap* map);
175 // Find the broker for a given |store|. Returns NULL if |store| is unknown.
176 DeviceLocalAccountPolicyBroker* GetBrokerForStore(CloudPolicyStore* store);
178 chromeos::SessionManagerClient* session_manager_client_;
179 chromeos::DeviceSettingsService* device_settings_service_;
180 chromeos::CrosSettings* cros_settings_;
182 DeviceManagementService* device_management_service_;
184 // The device-local account policy brokers, keyed by user ID.
185 PolicyBrokerMap policy_brokers_;
187 // Whether a call to UpdateAccountList() is pending because |cros_settings_|
188 // are not trusted yet.
189 bool waiting_for_cros_settings_;
191 // Orphaned extension caches are removed at startup. This tracks the status of
193 enum OrphanCacheDeletionState {
198 OrphanCacheDeletionState orphan_cache_deletion_state_;
200 // Account IDs whose extension cache directories are busy, either because a
201 // broker for the account has not shut down completely yet or because the
202 // directory is being deleted.
203 std::set<std::string> busy_extension_cache_directories_;
205 const scoped_refptr<base::SequencedTaskRunner> store_background_task_runner_;
206 const scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner_;
208 ObserverList<Observer, true> observers_;
210 const scoped_ptr<chromeos::CrosSettings::ObserverSubscription>
211 local_accounts_subscription_;
213 base::WeakPtrFactory<DeviceLocalAccountPolicyService> weak_factory_;
215 DISALLOW_COPY_AND_ASSIGN(DeviceLocalAccountPolicyService);
218 } // namespace policy
220 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_LOCAL_ACCOUNT_POLICY_SERVICE_H_