Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
      6 
      7 #include "base/command_line.h"
      8 #include "base/files/file_path.h"
      9 #include "base/logging.h"
     10 #include "base/path_service.h"
     11 #include "base/time/time.h"
     12 #include "chrome/browser/browser_process.h"
     13 #include "chrome/browser/chromeos/login/user.h"
     14 #include "chrome/browser/chromeos/login/user_manager.h"
     15 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
     16 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
     17 #include "chrome/browser/chromeos/profiles/profile_helper.h"
     18 #include "chrome/browser/policy/browser_policy_connector.h"
     19 #include "chrome/browser/policy/cloud/device_management_service.h"
     20 #include "chrome/browser/policy/cloud/resource_cache.h"
     21 #include "chrome/browser/profiles/profile.h"
     22 #include "chrome/common/chrome_switches.h"
     23 #include "chromeos/chromeos_paths.h"
     24 #include "chromeos/chromeos_switches.h"
     25 #include "chromeos/dbus/dbus_thread_manager.h"
     26 #include "components/browser_context_keyed_service/browser_context_dependency_manager.h"
     27 #include "net/url_request/url_request_context_getter.h"
     28 
     29 namespace policy {
     30 
     31 namespace {
     32 
     33 // Subdirectory in the user's profile for storing legacy user policies.
     34 const base::FilePath::CharType kDeviceManagementDir[] =
     35     FILE_PATH_LITERAL("Device Management");
     36 // File in the above directory for storing legacy user policy dmtokens.
     37 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
     38 // This constant is used to build two different paths. It can be a file inside
     39 // kDeviceManagementDir where legacy user policy data is stored, and it can be
     40 // a directory inside the profile directory where other resources are stored.
     41 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
     42 // Directory under kPolicy, in the user's profile dir, where external policy
     43 // resources are stored.
     44 const base::FilePath::CharType kResourceDir[] = FILE_PATH_LITERAL("Resources");
     45 
     46 // Timeout in seconds after which to abandon the initial policy fetch and start
     47 // the session regardless.
     48 const int kInitialPolicyFetchTimeoutSeconds = 10;
     49 
     50 }  // namespace
     51 
     52 // static
     53 UserCloudPolicyManagerFactoryChromeOS*
     54     UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
     55   return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
     56 }
     57 
     58 // static
     59 UserCloudPolicyManagerChromeOS*
     60     UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
     61         Profile* profile) {
     62   return GetInstance()->GetManagerForProfile(profile);
     63 }
     64 
     65 // static
     66 scoped_ptr<UserCloudPolicyManagerChromeOS>
     67     UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
     68         Profile* profile,
     69         bool force_immediate_load) {
     70   return GetInstance()->CreateManagerForProfile(profile, force_immediate_load);
     71 }
     72 
     73 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
     74     : BrowserContextKeyedBaseFactory(
     75         "UserCloudPolicyManagerChromeOS",
     76         BrowserContextDependencyManager::GetInstance()) {}
     77 
     78 UserCloudPolicyManagerFactoryChromeOS::
     79     ~UserCloudPolicyManagerFactoryChromeOS() {}
     80 
     81 UserCloudPolicyManagerChromeOS*
     82     UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
     83         Profile* profile) {
     84   // Get the manager for the original profile, since the PolicyService is
     85   // also shared between the incognito Profile and the original Profile.
     86   ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
     87   return it != managers_.end() ? it->second : NULL;
     88 }
     89 
     90 scoped_ptr<UserCloudPolicyManagerChromeOS>
     91     UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
     92         Profile* profile,
     93         bool force_immediate_load) {
     94   const CommandLine* command_line = CommandLine::ForCurrentProcess();
     95   // Don't initialize cloud policy for the signin profile.
     96   if (chromeos::ProfileHelper::IsSigninProfile(profile))
     97     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
     98 
     99   // |user| should never be NULL except for the signin profile. This object is
    100   // created as part of the Profile creation, which happens right after
    101   // sign-in. The just-signed-in User is the active user during that time.
    102   chromeos::UserManager* user_manager = chromeos::UserManager::Get();
    103   chromeos::User* user = user_manager->GetActiveUser();
    104   CHECK(user);
    105 
    106   // Only USER_TYPE_REGULAR users have user cloud policy.
    107   // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP and USER_TYPE_GUEST are not
    108   // signed in and can't authenticate the policy registration.
    109   // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
    110   // DeviceLocalAccountPolicyService.
    111   // USER_TYPE_LOCALLY_MANAGED gets its policy from the
    112   // ManagedModePolicyProvider.
    113   const std::string& username = user->email();
    114   if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
    115       BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
    116     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
    117   }
    118 
    119   BrowserPolicyConnector* connector =
    120       g_browser_process->browser_policy_connector();
    121   UserAffiliation affiliation = connector->GetUserAffiliation(username);
    122   const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
    123   const bool is_browser_restart =
    124       command_line->HasSwitch(chromeos::switches::kLoginUser) &&
    125       !command_line->HasSwitch(chromeos::switches::kLoginPassword);
    126   const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
    127 
    128   DeviceManagementService* device_management_service =
    129       connector->device_management_service();
    130   if (wait_for_initial_policy)
    131     device_management_service->ScheduleInitialization(0);
    132 
    133   base::FilePath profile_dir = profile->GetPath();
    134   const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
    135   const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
    136   const base::FilePath token_cache_file = legacy_dir.Append(kToken);
    137   const base::FilePath resource_cache_dir =
    138       profile_dir.Append(kPolicy).Append(kResourceDir);
    139   base::FilePath policy_key_dir;
    140   CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
    141 
    142   scoped_ptr<UserCloudPolicyStoreChromeOS> store(
    143       new UserCloudPolicyStoreChromeOS(
    144           chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
    145           chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
    146           username, policy_key_dir, token_cache_file, policy_cache_file));
    147   if (force_immediate_load)
    148     store->LoadImmediately();
    149 
    150   scoped_ptr<ResourceCache> resource_cache;
    151   if (command_line->HasSwitch(switches::kEnableComponentCloudPolicy))
    152     resource_cache.reset(new ResourceCache(resource_cache_dir));
    153 
    154   scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
    155       new UserCloudPolicyManagerChromeOS(
    156           store.PassAs<CloudPolicyStore>(),
    157           resource_cache.Pass(),
    158           wait_for_initial_policy,
    159           base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds)));
    160   manager->Init();
    161   manager->Connect(g_browser_process->local_state(),
    162                    device_management_service,
    163                    g_browser_process->system_request_context(),
    164                    affiliation);
    165 
    166   DCHECK(managers_.find(profile) == managers_.end());
    167   managers_[profile] = manager.get();
    168   return manager.Pass();
    169 }
    170 
    171 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
    172     content::BrowserContext* context) {
    173   Profile* profile = static_cast<Profile*>(context);
    174   if (profile->IsOffTheRecord())
    175     return;
    176   UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
    177   if (manager)
    178     manager->Shutdown();
    179 }
    180 
    181 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
    182     content::BrowserContext* context) {
    183   Profile* profile = static_cast<Profile*>(context);
    184   managers_.erase(profile);
    185   BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
    186 }
    187 
    188 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
    189     content::BrowserContext* context) {}
    190 
    191 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
    192     content::BrowserContext* context) {}
    193 
    194 }  // namespace policy
    195