1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/policy/profile_policy_connector.h" 6 7 #include <vector> 8 9 #include "base/logging.h" 10 #include "chrome/browser/browser_process.h" 11 #include "chrome/browser/policy/browser_policy_connector.h" 12 #include "chrome/browser/policy/configuration_policy_provider.h" 13 #include "chrome/browser/policy/policy_service_impl.h" 14 15 #if defined(ENABLE_MANAGED_USERS) 16 #include "chrome/browser/policy/managed_mode_policy_provider.h" 17 #endif 18 19 #if defined(OS_CHROMEOS) 20 #include "base/bind.h" 21 #include "base/prefs/pref_service.h" 22 #include "chrome/browser/chromeos/login/user.h" 23 #include "chrome/browser/chromeos/login/user_manager.h" 24 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 25 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h" 26 #include "chrome/browser/chromeos/policy/network_configuration_updater.h" 27 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" 28 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h" 29 #include "chrome/browser/chromeos/profiles/profile_helper.h" 30 #include "chrome/browser/policy/policy_service.h" 31 #include "chrome/common/pref_names.h" 32 #include "chromeos/dbus/cryptohome_client.h" 33 #include "chromeos/dbus/dbus_thread_manager.h" 34 #else 35 #include "chrome/browser/policy/cloud/user_cloud_policy_manager.h" 36 #include "chrome/browser/policy/cloud/user_cloud_policy_manager_factory.h" 37 #endif 38 39 namespace policy { 40 41 ProfilePolicyConnector::ProfilePolicyConnector(Profile* profile) 42 : profile_(profile), 43 #if defined(OS_CHROMEOS) 44 is_primary_user_(false), 45 #endif 46 weak_ptr_factory_(this) {} 47 48 ProfilePolicyConnector::~ProfilePolicyConnector() {} 49 50 void ProfilePolicyConnector::Init( 51 bool force_immediate_load, 52 base::SequencedTaskRunner* sequenced_task_runner) { 53 BrowserPolicyConnector* connector = 54 g_browser_process->browser_policy_connector(); 55 // |providers| contains a list of the policy providers available for the 56 // PolicyService of this connector. 57 std::vector<ConfigurationPolicyProvider*> providers; 58 59 #if defined(OS_CHROMEOS) 60 UserCloudPolicyManagerChromeOS* cloud_policy_manager = 61 UserCloudPolicyManagerFactoryChromeOS::GetForProfile(profile_); 62 if (cloud_policy_manager) 63 providers.push_back(cloud_policy_manager); 64 65 bool allow_trusted_certs_from_policy = false; 66 std::string username; 67 if (chromeos::ProfileHelper::IsSigninProfile(profile_)) { 68 special_user_policy_provider_.reset(new LoginProfilePolicyProvider( 69 connector->GetPolicyService())); 70 special_user_policy_provider_->Init(); 71 } else { 72 // |user| should never be NULL except for the signin profile. 73 // TODO(joaodasilva): get the |user| that corresponds to the |profile_| 74 // from the ProfileHelper, once that's ready. 75 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); 76 chromeos::User* user = user_manager->GetActiveUser(); 77 CHECK(user); 78 username = user->email(); 79 is_primary_user_ = 80 chromeos::UserManager::Get()->GetLoggedInUsers().size() == 1; 81 if (user->GetType() == chromeos::User::USER_TYPE_PUBLIC_ACCOUNT) 82 InitializeDeviceLocalAccountPolicyProvider(username); 83 // Allow trusted certs from policy only for managed regular accounts. 84 const bool is_managed = 85 connector->GetUserAffiliation(username) == USER_AFFILIATION_MANAGED; 86 if (is_managed && user->GetType() == chromeos::User::USER_TYPE_REGULAR) 87 allow_trusted_certs_from_policy = true; 88 } 89 if (special_user_policy_provider_) 90 providers.push_back(special_user_policy_provider_.get()); 91 92 #else 93 UserCloudPolicyManager* cloud_policy_manager = 94 UserCloudPolicyManagerFactory::GetForProfile(profile_); 95 if (cloud_policy_manager) 96 providers.push_back(cloud_policy_manager); 97 #endif 98 99 #if defined(ENABLE_MANAGED_USERS) 100 managed_mode_policy_provider_ = ManagedModePolicyProvider::Create( 101 profile_, sequenced_task_runner, force_immediate_load); 102 managed_mode_policy_provider_->Init(); 103 providers.push_back(managed_mode_policy_provider_.get()); 104 #endif 105 106 policy_service_ = connector->CreatePolicyService(providers); 107 108 #if defined(OS_CHROMEOS) 109 if (is_primary_user_) { 110 if (cloud_policy_manager) 111 connector->SetUserPolicyDelegate(cloud_policy_manager); 112 else if (special_user_policy_provider_) 113 connector->SetUserPolicyDelegate(special_user_policy_provider_.get()); 114 115 chromeos::CryptohomeClient* cryptohome_client = 116 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(); 117 cryptohome_client->GetSanitizedUsername( 118 username, 119 base::Bind( 120 &ProfilePolicyConnector::InitializeNetworkConfigurationUpdater, 121 weak_ptr_factory_.GetWeakPtr(), 122 allow_trusted_certs_from_policy)); 123 } 124 #endif 125 } 126 127 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) { 128 policy_service_ = service.Pass(); 129 } 130 131 void ProfilePolicyConnector::Shutdown() { 132 #if defined(OS_CHROMEOS) 133 if (is_primary_user_) { 134 BrowserPolicyConnector* connector = 135 g_browser_process->browser_policy_connector(); 136 connector->SetUserPolicyDelegate(NULL); 137 connector->network_configuration_updater()->UnsetUserPolicyService(); 138 } 139 if (special_user_policy_provider_) 140 special_user_policy_provider_->Shutdown(); 141 #endif 142 143 #if defined(ENABLE_MANAGED_USERS) 144 if (managed_mode_policy_provider_) 145 managed_mode_policy_provider_->Shutdown(); 146 #endif 147 } 148 149 bool ProfilePolicyConnector::UsedPolicyCertificates() { 150 #if defined(OS_CHROMEOS) 151 return profile_->GetPrefs()->GetBoolean(prefs::kUsedPolicyCertificatesOnce); 152 #else 153 return false; 154 #endif 155 } 156 157 #if defined(OS_CHROMEOS) 158 void ProfilePolicyConnector::InitializeDeviceLocalAccountPolicyProvider( 159 const std::string& username) { 160 BrowserPolicyConnector* connector = 161 g_browser_process->browser_policy_connector(); 162 DeviceLocalAccountPolicyService* device_local_account_policy_service = 163 connector->GetDeviceLocalAccountPolicyService(); 164 if (!device_local_account_policy_service) 165 return; 166 special_user_policy_provider_.reset(new DeviceLocalAccountPolicyProvider( 167 username, device_local_account_policy_service)); 168 special_user_policy_provider_->Init(); 169 } 170 171 void ProfilePolicyConnector::InitializeNetworkConfigurationUpdater( 172 bool allow_trusted_certs_from_policy, 173 chromeos::DBusMethodCallStatus status, 174 const std::string& hashed_username) { 175 // TODO(joaodasilva): create the NetworkConfigurationUpdater for user ONC 176 // here, after splitting that class into an instance for device policy and 177 // another per profile for user policy. 178 g_browser_process->browser_policy_connector()-> 179 network_configuration_updater()->SetUserPolicyService( 180 allow_trusted_certs_from_policy, hashed_username, policy_service()); 181 } 182 #endif 183 184 } // namespace policy 185