src/chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
   6
   7 #include "base/bind.h"
   8 #include "base/command_line.h"
   9 #include "base/files/file_path.h"
  10 #include "base/logging.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "base/message_loop/message_loop_proxy.h"
  13 #include "base/path_service.h"
  14 #include "base/sequenced_task_runner.h"
  15 #include "base/threading/sequenced_worker_pool.h"
  16 #include "base/time/time.h"
  17 #include "chrome/browser/browser_process.h"
  18 #include "chrome/browser/chromeos/login/login_utils.h"
  19 #include "chrome/browser/chromeos/login/user.h"
  20 #include "chrome/browser/chromeos/login/user_manager.h"
  21 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
  22 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
  23 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
  24 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
  25 #include "chrome/browser/chromeos/profiles/profile_helper.h"
  26 #include "chrome/browser/policy/schema_registry_service.h"
  27 #include "chrome/browser/policy/schema_registry_service_factory.h"
  28 #include "chrome/browser/profiles/profile.h"
  29 #include "chromeos/chromeos_paths.h"
  30 #include "chromeos/chromeos_switches.h"
  31 #include "chromeos/dbus/dbus_thread_manager.h"
  32 #include "components/browser_context_keyed_service/browser_context_dependency_manager.h"
  33 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
  34 #include "components/policy/core/common/cloud/device_management_service.h"
  35 #include "content/public/browser/browser_thread.h"
  36 #include "net/url_request/url_request_context_getter.h"
  37 #include "policy/policy_constants.h"
  38
  39 namespace policy {
  40
  41 namespace {
  42
  43 // Subdirectory in the user's profile for storing legacy user policies.
  44 const base::FilePath::CharType kDeviceManagementDir[] =
  45     FILE_PATH_LITERAL("Device Management");
  46
  47 // File in the above directory for storing legacy user policy dmtokens.
  48 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
  49
  50 // This constant is used to build two different paths. It can be a file inside
  51 // kDeviceManagementDir where legacy user policy data is stored, and it can be
  52 // a directory inside the profile directory where other resources are stored.
  53 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
  54
  55 // Directory under kPolicy, in the user's profile dir, where policy for
  56 // components is cached.
  57 const base::FilePath::CharType kComponentsDir[] =
  58     FILE_PATH_LITERAL("Components");
  59
  60 // Directory in which to store external policy data. This is specified relative
  61 // to kPolicy.
  62 const base::FilePath::CharType kPolicyExternalDataDir[] =
  63     FILE_PATH_LITERAL("External Data");
  64
  65 // Timeout in seconds after which to abandon the initial policy fetch and start
  66 // the session regardless.
  67 const int kInitialPolicyFetchTimeoutSeconds = 10;
  68
  69 }  // namespace
  70
  71 // static
  72 UserCloudPolicyManagerFactoryChromeOS*
  73     UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
  74   return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
  75 }
  76
  77 // static
  78 UserCloudPolicyManagerChromeOS*
  79     UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
  80         Profile* profile) {
  81   return GetInstance()->GetManagerForProfile(profile);
  82 }
  83
  84 // static
  85 scoped_ptr<UserCloudPolicyManagerChromeOS>
  86     UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
  87         Profile* profile,
  88         bool force_immediate_load,
  89         scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
  90   return GetInstance()->CreateManagerForProfile(
  91       profile, force_immediate_load, background_task_runner);
  92 }
  93
  94 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
  95     : BrowserContextKeyedBaseFactory(
  96         "UserCloudPolicyManagerChromeOS",
  97         BrowserContextDependencyManager::GetInstance()) {
  98   DependsOn(SchemaRegistryServiceFactory::GetInstance());
  99 }
 100
 101 UserCloudPolicyManagerFactoryChromeOS::
 102     ~UserCloudPolicyManagerFactoryChromeOS() {}
 103
 104 UserCloudPolicyManagerChromeOS*
 105     UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
 106         Profile* profile) {
 107   // Get the manager for the original profile, since the PolicyService is
 108   // also shared between the incognito Profile and the original Profile.
 109   ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
 110   return it != managers_.end() ? it->second : NULL;
 111 }
 112
 113 scoped_ptr<UserCloudPolicyManagerChromeOS>
 114     UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
 115         Profile* profile,
 116         bool force_immediate_load,
 117         scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
 118   const CommandLine* command_line = CommandLine::ForCurrentProcess();
 119   // Don't initialize cloud policy for the signin profile.
 120   if (chromeos::ProfileHelper::IsSigninProfile(profile))
 121     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
 122
 123   // |user| should never be NULL except for the signin profile. This object is
 124   // created as part of the Profile creation, which happens right after
 125   // sign-in. The just-signed-in User is the active user during that time.
 126   chromeos::UserManager* user_manager = chromeos::UserManager::Get();
 127   chromeos::User* user = user_manager->GetUserByProfile(profile);
 128   CHECK(user);
 129
 130   // Only USER_TYPE_REGULAR users have user cloud policy.
 131   // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
 132   // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the
 133   // policy registration.
 134   // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
 135   // DeviceLocalAccountPolicyService.
 136   const std::string& username = user->email();
 137   if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
 138       BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
 139     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
 140   }
 141
 142   policy::BrowserPolicyConnectorChromeOS* connector =
 143       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 144   UserAffiliation affiliation = connector->GetUserAffiliation(username);
 145   const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
 146   const bool is_browser_restart =
 147       command_line->HasSwitch(chromeos::switches::kLoginUser) &&
 148       !command_line->HasSwitch(chromeos::switches::kLoginPassword);
 149   const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
 150
 151   DeviceManagementService* device_management_service =
 152       connector->device_management_service();
 153   if (wait_for_initial_policy)
 154     device_management_service->ScheduleInitialization(0);
 155
 156   base::FilePath profile_dir = profile->GetPath();
 157   const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
 158   const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
 159   const base::FilePath token_cache_file = legacy_dir.Append(kToken);
 160   const base::FilePath component_policy_cache_dir =
 161       profile_dir.Append(kPolicy).Append(kComponentsDir);
 162   const base::FilePath external_data_dir =
 163         profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
 164   base::FilePath policy_key_dir;
 165   CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
 166
 167   scoped_ptr<UserCloudPolicyStoreChromeOS> store(
 168       new UserCloudPolicyStoreChromeOS(
 169           chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
 170           chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
 171           background_task_runner,
 172           username, policy_key_dir, token_cache_file, policy_cache_file));
 173
 174   scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
 175       content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
 176           content::BrowserThread::GetBlockingPool()->GetSequenceToken());
 177   scoped_refptr<base::SequencedTaskRunner> io_task_runner =
 178       content::BrowserThread::GetMessageLoopProxyForThread(
 179           content::BrowserThread::IO);
 180   scoped_ptr<CloudExternalDataManager> external_data_manager(
 181       new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
 182                                        backend_task_runner,
 183                                        io_task_runner,
 184                                        external_data_dir,
 185                                        store.get()));
 186   if (force_immediate_load)
 187     store->LoadImmediately();
 188
 189   scoped_refptr<base::SequencedTaskRunner> file_task_runner =
 190       content::BrowserThread::GetMessageLoopProxyForThread(
 191           content::BrowserThread::FILE);
 192
 193   scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
 194       new UserCloudPolicyManagerChromeOS(
 195           store.PassAs<CloudPolicyStore>(),
 196           external_data_manager.Pass(),
 197           component_policy_cache_dir,
 198           wait_for_initial_policy,
 199           base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds),
 200           base::MessageLoopProxy::current(),
 201           file_task_runner,
 202           io_task_runner));
 203
 204   bool wildcard_match = false;
 205   if (connector->IsEnterpriseManaged() &&
 206       chromeos::LoginUtils::IsWhitelisted(username, &wildcard_match) &&
 207       wildcard_match &&
 208       !connector->IsNonEnterpriseUser(username)) {
 209     manager->EnableWildcardLoginCheck(username);
 210   }
 211
 212   manager->Init(SchemaRegistryServiceFactory::GetForContext(profile));
 213   manager->Connect(g_browser_process->local_state(),
 214                    device_management_service,
 215                    g_browser_process->system_request_context(),
 216                    affiliation);
 217
 218   DCHECK(managers_.find(profile) == managers_.end());
 219   managers_[profile] = manager.get();
 220   return manager.Pass();
 221 }
 222
 223 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
 224     content::BrowserContext* context) {
 225   Profile* profile = static_cast<Profile*>(context);
 226   if (profile->IsOffTheRecord())
 227     return;
 228   UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
 229   if (manager)
 230     manager->Shutdown();
 231 }
 232
 233 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
 234     content::BrowserContext* context) {
 235   Profile* profile = static_cast<Profile*>(context);
 236   managers_.erase(profile);
 237   BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
 238 }
 239
 240 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
 241     content::BrowserContext* context) {}
 242
 243 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
 244     content::BrowserContext* context) {}
 245
 246 }  // namespace policy