1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
8 #include "base/command_line.h"
9 #include "base/files/file_path.h"
10 #include "base/logging.h"
11 #include "base/memory/ref_counted.h"
12 #include "base/message_loop/message_loop_proxy.h"
13 #include "base/path_service.h"
14 #include "base/sequenced_task_runner.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "base/time/time.h"
17 #include "chrome/browser/browser_process.h"
18 #include "chrome/browser/chromeos/login/login_utils.h"
19 #include "chrome/browser/chromeos/login/user.h"
20 #include "chrome/browser/chromeos/login/user_manager.h"
21 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
22 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
23 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
24 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
25 #include "chrome/browser/chromeos/profiles/profile_helper.h"
26 #include "chrome/browser/policy/schema_registry_service.h"
27 #include "chrome/browser/policy/schema_registry_service_factory.h"
28 #include "chrome/browser/profiles/profile.h"
29 #include "chromeos/chromeos_paths.h"
30 #include "chromeos/chromeos_switches.h"
31 #include "chromeos/dbus/dbus_thread_manager.h"
32 #include "components/browser_context_keyed_service/browser_context_dependency_manager.h"
33 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
34 #include "components/policy/core/common/cloud/device_management_service.h"
35 #include "content/public/browser/browser_thread.h"
36 #include "net/url_request/url_request_context_getter.h"
37 #include "policy/policy_constants.h"
43 // Subdirectory in the user's profile for storing legacy user policies.
44 const base::FilePath::CharType kDeviceManagementDir[] =
45 FILE_PATH_LITERAL("Device Management");
47 // File in the above directory for storing legacy user policy dmtokens.
48 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
50 // This constant is used to build two different paths. It can be a file inside
51 // kDeviceManagementDir where legacy user policy data is stored, and it can be
52 // a directory inside the profile directory where other resources are stored.
53 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
55 // Directory under kPolicy, in the user's profile dir, where policy for
56 // components is cached.
57 const base::FilePath::CharType kComponentsDir[] =
58 FILE_PATH_LITERAL("Components");
60 // Directory in which to store external policy data. This is specified relative
62 const base::FilePath::CharType kPolicyExternalDataDir[] =
63 FILE_PATH_LITERAL("External Data");
65 // Timeout in seconds after which to abandon the initial policy fetch and start
66 // the session regardless.
67 const int kInitialPolicyFetchTimeoutSeconds = 10;
72 UserCloudPolicyManagerFactoryChromeOS*
73 UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
74 return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
78 UserCloudPolicyManagerChromeOS*
79 UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
81 return GetInstance()->GetManagerForProfile(profile);
85 scoped_ptr<UserCloudPolicyManagerChromeOS>
86 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
88 bool force_immediate_load,
89 scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
90 return GetInstance()->CreateManagerForProfile(
91 profile, force_immediate_load, background_task_runner);
94 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
95 : BrowserContextKeyedBaseFactory(
96 "UserCloudPolicyManagerChromeOS",
97 BrowserContextDependencyManager::GetInstance()) {
98 DependsOn(SchemaRegistryServiceFactory::GetInstance());
101 UserCloudPolicyManagerFactoryChromeOS::
102 ~UserCloudPolicyManagerFactoryChromeOS() {}
104 UserCloudPolicyManagerChromeOS*
105 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
107 // Get the manager for the original profile, since the PolicyService is
108 // also shared between the incognito Profile and the original Profile.
109 ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
110 return it != managers_.end() ? it->second : NULL;
113 scoped_ptr<UserCloudPolicyManagerChromeOS>
114 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
116 bool force_immediate_load,
117 scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
118 const CommandLine* command_line = CommandLine::ForCurrentProcess();
119 // Don't initialize cloud policy for the signin profile.
120 if (chromeos::ProfileHelper::IsSigninProfile(profile))
121 return scoped_ptr<UserCloudPolicyManagerChromeOS>();
123 // |user| should never be NULL except for the signin profile. This object is
124 // created as part of the Profile creation, which happens right after
125 // sign-in. The just-signed-in User is the active user during that time.
126 chromeos::UserManager* user_manager = chromeos::UserManager::Get();
127 chromeos::User* user = user_manager->GetUserByProfile(profile);
130 // Only USER_TYPE_REGULAR users have user cloud policy.
131 // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
132 // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the
133 // policy registration.
134 // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
135 // DeviceLocalAccountPolicyService.
136 const std::string& username = user->email();
137 if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
138 BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
139 return scoped_ptr<UserCloudPolicyManagerChromeOS>();
142 policy::BrowserPolicyConnectorChromeOS* connector =
143 g_browser_process->platform_part()->browser_policy_connector_chromeos();
144 UserAffiliation affiliation = connector->GetUserAffiliation(username);
145 const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
146 const bool is_browser_restart =
147 command_line->HasSwitch(chromeos::switches::kLoginUser) &&
148 !command_line->HasSwitch(chromeos::switches::kLoginPassword);
149 const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
151 DeviceManagementService* device_management_service =
152 connector->device_management_service();
153 if (wait_for_initial_policy)
154 device_management_service->ScheduleInitialization(0);
156 base::FilePath profile_dir = profile->GetPath();
157 const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
158 const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
159 const base::FilePath token_cache_file = legacy_dir.Append(kToken);
160 const base::FilePath component_policy_cache_dir =
161 profile_dir.Append(kPolicy).Append(kComponentsDir);
162 const base::FilePath external_data_dir =
163 profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
164 base::FilePath policy_key_dir;
165 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
167 scoped_ptr<UserCloudPolicyStoreChromeOS> store(
168 new UserCloudPolicyStoreChromeOS(
169 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
170 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
171 background_task_runner,
172 username, policy_key_dir, token_cache_file, policy_cache_file));
174 scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
175 content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
176 content::BrowserThread::GetBlockingPool()->GetSequenceToken());
177 scoped_refptr<base::SequencedTaskRunner> io_task_runner =
178 content::BrowserThread::GetMessageLoopProxyForThread(
179 content::BrowserThread::IO);
180 scoped_ptr<CloudExternalDataManager> external_data_manager(
181 new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
186 if (force_immediate_load)
187 store->LoadImmediately();
189 scoped_refptr<base::SequencedTaskRunner> file_task_runner =
190 content::BrowserThread::GetMessageLoopProxyForThread(
191 content::BrowserThread::FILE);
193 scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
194 new UserCloudPolicyManagerChromeOS(
195 store.PassAs<CloudPolicyStore>(),
196 external_data_manager.Pass(),
197 component_policy_cache_dir,
198 wait_for_initial_policy,
199 base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds),
200 base::MessageLoopProxy::current(),
204 bool wildcard_match = false;
205 if (connector->IsEnterpriseManaged() &&
206 chromeos::LoginUtils::IsWhitelisted(username, &wildcard_match) &&
208 !connector->IsNonEnterpriseUser(username)) {
209 manager->EnableWildcardLoginCheck(username);
212 manager->Init(SchemaRegistryServiceFactory::GetForContext(profile));
213 manager->Connect(g_browser_process->local_state(),
214 device_management_service,
215 g_browser_process->system_request_context(),
218 DCHECK(managers_.find(profile) == managers_.end());
219 managers_[profile] = manager.get();
220 return manager.Pass();
223 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
224 content::BrowserContext* context) {
225 Profile* profile = static_cast<Profile*>(context);
226 if (profile->IsOffTheRecord())
228 UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
233 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
234 content::BrowserContext* context) {
235 Profile* profile = static_cast<Profile*>(context);
236 managers_.erase(profile);
237 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
240 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
241 content::BrowserContext* context) {}
243 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
244 content::BrowserContext* context) {}
246 } // namespace policy