1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ 6 #define CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/memory/weak_ptr.h" 15 #include "chrome/browser/policy/cloud/cloud_policy_constants.h" 16 #include "chrome/browser/policy/configuration_policy_handler_list.h" 17 18 #if defined(OS_CHROMEOS) 19 #include "chrome/browser/chromeos/policy/proxy_policy_provider.h" 20 #endif 21 22 class PrefRegistrySimple; 23 class PrefService; 24 25 namespace net { 26 class CertTrustAnchorProvider; 27 class URLRequestContextGetter; 28 } 29 30 namespace policy { 31 32 class ConfigurationPolicyProvider; 33 class DeviceManagementService; 34 class PolicyService; 35 class PolicyStatisticsCollector; 36 37 #if defined(OS_CHROMEOS) 38 class AppPackUpdater; 39 class DeviceCloudPolicyManagerChromeOS; 40 class DeviceLocalAccountPolicyService; 41 class EnterpriseInstallAttributes; 42 class NetworkConfigurationUpdater; 43 #endif 44 45 // Manages the lifecycle of browser-global policy infrastructure, such as the 46 // platform policy providers, device- and the user-cloud policy infrastructure. 47 class BrowserPolicyConnector { 48 public: 49 // Builds an uninitialized BrowserPolicyConnector, suitable for testing. 50 // Init() should be called to create and start the policy machinery. 51 BrowserPolicyConnector(); 52 53 // Invoke Shutdown() before deleting, see below. 54 virtual ~BrowserPolicyConnector(); 55 56 // Finalizes the initialization of the connector. This call can be skipped on 57 // tests that don't require the full policy system running. 58 void Init(PrefService* local_state, 59 scoped_refptr<net::URLRequestContextGetter> request_context); 60 61 // Stops the policy providers and cleans up the connector before it can be 62 // safely deleted. This must be invoked before the destructor and while the 63 // threads are still running. The policy providers are still valid but won't 64 // update anymore after this call. 65 void Shutdown(); 66 67 // Returns true if Init() has been called but Shutdown() hasn't been yet. 68 bool is_initialized() const { return is_initialized_; } 69 70 // Returns the browser-global PolicyService, that contains policies for the 71 // whole browser. 72 PolicyService* GetPolicyService(); 73 74 #if defined(OS_CHROMEOS) 75 // Returns true if this device is managed by an enterprise (as opposed to 76 // a local owner). 77 bool IsEnterpriseManaged(); 78 79 // Returns the enterprise domain if device is managed. 80 std::string GetEnterpriseDomain(); 81 82 // Returns the device mode. For ChromeOS this function will return the mode 83 // stored in the lockbox, or DEVICE_MODE_CONSUMER if the lockbox has been 84 // locked empty, or DEVICE_MODE_UNKNOWN if the device has not been owned yet. 85 // For other OSes the function will always return DEVICE_MODE_CONSUMER. 86 DeviceMode GetDeviceMode(); 87 #endif 88 89 // Schedules initialization of the cloud policy backend services, if the 90 // services are already constructed. 91 void ScheduleServiceInitialization(int64 delay_milliseconds); 92 93 // Creates a new PolicyService that gets its policies from the global policy 94 // providers owned by the BrowserPolicyConnector and the optional 95 // |additional_providers|, which will have lower priority. 96 // The lifetime of the returned PolicyService is tied to the lifetime of 97 // the BrowserPolicyConnector. 98 scoped_ptr<PolicyService> CreatePolicyService( 99 const std::vector<ConfigurationPolicyProvider*>& additional_providers); 100 101 const ConfigurationPolicyHandlerList* GetHandlerList() const; 102 103 // Works out the user affiliation by checking the given |user_name| against 104 // the installation attributes. 105 UserAffiliation GetUserAffiliation(const std::string& user_name); 106 107 DeviceManagementService* device_management_service() { 108 return device_management_service_.get(); 109 } 110 111 #if defined(OS_CHROMEOS) 112 AppPackUpdater* GetAppPackUpdater(); 113 114 NetworkConfigurationUpdater* network_configuration_updater() { 115 return network_configuration_updater_.get(); 116 } 117 118 net::CertTrustAnchorProvider* GetCertTrustAnchorProvider(); 119 120 DeviceCloudPolicyManagerChromeOS* GetDeviceCloudPolicyManager() { 121 return device_cloud_policy_manager_.get(); 122 } 123 DeviceLocalAccountPolicyService* GetDeviceLocalAccountPolicyService() { 124 return device_local_account_policy_service_.get(); 125 } 126 EnterpriseInstallAttributes* GetInstallAttributes() { 127 return install_attributes_.get(); 128 } 129 130 // The browser-global PolicyService is created before Profiles are ready, to 131 // provide managed values for the local state PrefService. It includes a 132 // policy provider that forwards policies from a delegate policy provider. 133 // This call can be used to set the user policy provider as that delegate 134 // once the Profile is ready, so that user policies can also affect local 135 // state preferences. 136 // Only one user policy provider can be set as a delegate at a time, and any 137 // previously set delegate is removed. Passing NULL removes the current 138 // delegate, if there is one. 139 void SetUserPolicyDelegate(ConfigurationPolicyProvider* user_policy_provider); 140 #endif 141 142 // Allows setting a DeviceManagementService (for injecting mocks in 143 // unit tests). 144 void SetDeviceManagementServiceForTesting( 145 scoped_ptr<DeviceManagementService> service); 146 147 // Sets a |provider| that will be included in PolicyServices returned by 148 // CreatePolicyService. This is a static method because local state is 149 // created immediately after the connector, and tests don't have a chance to 150 // inject the provider otherwise. |provider| must outlive the connector, and 151 // its ownership is not taken though the connector will initialize and shut it 152 // down. 153 static void SetPolicyProviderForTesting( 154 ConfigurationPolicyProvider* provider); 155 156 // Gets the URL of the DM server (either the default or a URL provided via the 157 // command line). 158 static std::string GetDeviceManagementUrl(); 159 160 // Check whether a user is known to be non-enterprise. Domains such as 161 // gmail.com and googlemail.com are known to not be managed. Also returns 162 // false if the username is empty. 163 static bool IsNonEnterpriseUser(const std::string& username); 164 165 // Registers refresh rate prefs. 166 static void RegisterPrefs(PrefRegistrySimple* registry); 167 168 private: 169 // Set the timezone as soon as the policies are available. 170 void SetTimezoneIfPolicyAvailable(); 171 172 static ConfigurationPolicyProvider* CreatePlatformProvider(); 173 174 // Whether Init() but not Shutdown() has been invoked. 175 bool is_initialized_; 176 177 PrefService* local_state_; 178 scoped_refptr<net::URLRequestContextGetter> request_context_; 179 180 // Used to convert policies to preferences. The providers declared below 181 // may trigger policy updates during shutdown, which will result in 182 // |handler_list_| being consulted for policy translation. 183 // Therefore, it's important to destroy |handler_list_| after the providers. 184 ConfigurationPolicyHandlerList handler_list_; 185 186 scoped_ptr<ConfigurationPolicyProvider> platform_provider_; 187 188 // Components of the device cloud policy implementation. 189 #if defined(OS_CHROMEOS) 190 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 191 scoped_ptr<DeviceCloudPolicyManagerChromeOS> device_cloud_policy_manager_; 192 scoped_ptr<DeviceLocalAccountPolicyService> 193 device_local_account_policy_service_; 194 195 // This policy provider is used on Chrome OS to feed user policy into the 196 // global PolicyService instance. This works by installing the cloud policy 197 // provider of the primary profile as the delegate of the ProxyPolicyProvider, 198 // after login. 199 ProxyPolicyProvider global_user_cloud_policy_provider_; 200 #endif 201 202 // Must be deleted before all the policy providers. 203 scoped_ptr<PolicyService> policy_service_; 204 205 scoped_ptr<PolicyStatisticsCollector> policy_statistics_collector_; 206 207 scoped_ptr<DeviceManagementService> device_management_service_; 208 209 // Used to initialize the device policy subsystem once the message loops 210 // are spinning. 211 base::WeakPtrFactory<BrowserPolicyConnector> weak_ptr_factory_; 212 213 #if defined(OS_CHROMEOS) 214 scoped_ptr<AppPackUpdater> app_pack_updater_; 215 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; 216 #endif 217 218 DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnector); 219 }; 220 221 } // namespace policy 222 223 #endif // CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ 224
