1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_POLICY_MANAGED_MODE_POLICY_PROVIDER_H_ 6 #define CHROME_BROWSER_POLICY_MANAGED_MODE_POLICY_PROVIDER_H_ 7 8 #include "base/memory/ref_counted.h" 9 #include "base/prefs/pref_store.h" 10 #include "chrome/browser/policy/configuration_policy_provider.h" 11 #include "sync/api/sync_error_factory.h" 12 #include "sync/api/syncable_service.h" 13 14 class PersistentPrefStore; 15 class Profile; 16 17 namespace base { 18 class SequencedTaskRunner; 19 } 20 21 namespace policy { 22 23 // This class syncs managed user settings from a server, which are mapped to 24 // policies. The downloaded settings are persisted in a PrefStore. 25 // Settings are key-value pairs. The key uniquely identifies the setting, and 26 // in most cases corresponds to a policy key. The value is a string containing 27 // a JSON serialization of an arbitrary value, which is the value of the policy. 28 // 29 // There are two kinds of settings handled by this class: Atomic and split 30 // settings. 31 // Atomic settings consist of a single key (that corresponds to a policy name) 32 // and a single (arbitrary) value. 33 // Split settings encode a dictionary value and are stored as multiple Sync 34 // items, one for each dictionary entry. The key for each of these Sync items 35 // is the key of the split setting, followed by a separator (':') and the key 36 // for the dictionary entry. The value of the Sync item is the value of the 37 // dictionary entry. 38 // 39 // As an example, a split setting with key "Moose" and value 40 // { 41 // "foo": "bar", 42 // "baz": "blurp" 43 // } 44 // would be encoded as two sync items, one with key "Moose:foo" and value "bar", 45 // and one with key "Moose:baz" and value "blurp". 46 // 47 // TODO(bauerb): This should be split up into a SyncableService and a 48 // ConfigurationPolicyProvider. 49 class ManagedModePolicyProvider 50 : public ConfigurationPolicyProvider, 51 public PrefStore::Observer, 52 public syncer::SyncableService { 53 public: 54 // Creates a new ManagedModePolicyProvider that caches its policies in a JSON 55 // file inside the profile folder. |sequenced_task_runner| ensures that all 56 // file I/O operations are executed in the order that does not collide 57 // with Profile's file operations. If |force_immediate_policy_load| is true, 58 // then the underlying policies are loaded immediately before this call 59 // returns, otherwise they will be loaded asynchronously in the background. 60 static scoped_ptr<ManagedModePolicyProvider> Create( 61 Profile* profile, 62 base::SequencedTaskRunner* sequenced_task_runner, 63 bool force_immediate_policy_load); 64 65 // Use this constructor to inject a different PrefStore (e.g. for testing). 66 explicit ManagedModePolicyProvider(PersistentPrefStore* store); 67 virtual ~ManagedModePolicyProvider(); 68 69 // Sets all local policies, i.e. policies that will not be configured via 70 // the server. 71 void InitLocalPolicies(); 72 73 // Clears all managed user settings and items. 74 void Clear(); 75 76 // Constructs a key for a split managed user setting from a prefix and a 77 // variable key. 78 static std::string MakeSplitSettingKey(const std::string& prefix, 79 const std::string& key); 80 81 // Uploads an item to the Sync server. Items are the same data structure as 82 // managed user settings (i.e. key-value pairs, as described at the top of 83 // the file), but they are only uploaded (whereas managed user settings are 84 // only downloaded), and never passed to the policy system. 85 // An example of an uploaded item is an access request to a blocked URL. 86 void UploadItem(const std::string& key, scoped_ptr<Value> value); 87 88 // Sets the policy with the given |key| to a copy of the given |value|. 89 // Note that policies are updated asynchronously, so the policy won't take 90 // effect immediately after this method. 91 void SetLocalPolicyForTesting(const std::string& key, 92 scoped_ptr<base::Value> value); 93 94 // Public for testing. 95 static syncer::SyncData CreateSyncDataForPolicy(const std::string& name, 96 const Value* value); 97 98 // ConfigurationPolicyProvider implementation: 99 virtual void Shutdown() OVERRIDE; 100 virtual void RefreshPolicies() OVERRIDE; 101 virtual bool IsInitializationComplete(PolicyDomain domain) const OVERRIDE; 102 103 // PrefStore::Observer implementation: 104 virtual void OnPrefValueChanged(const std::string& key) OVERRIDE; 105 virtual void OnInitializationCompleted(bool success) OVERRIDE; 106 107 // SyncableService implementation: 108 virtual syncer::SyncMergeResult MergeDataAndStartSyncing( 109 syncer::ModelType type, 110 const syncer::SyncDataList& initial_sync_data, 111 scoped_ptr<syncer::SyncChangeProcessor> sync_processor, 112 scoped_ptr<syncer::SyncErrorFactory> error_handler) OVERRIDE; 113 virtual void StopSyncing(syncer::ModelType type) OVERRIDE; 114 virtual syncer::SyncDataList GetAllSyncData( 115 syncer::ModelType type) const OVERRIDE; 116 virtual syncer::SyncError ProcessSyncChanges( 117 const tracked_objects::Location& from_here, 118 const syncer::SyncChangeList& change_list) OVERRIDE; 119 120 private: 121 base::DictionaryValue* GetOrCreateDictionary(const std::string& key) const; 122 base::DictionaryValue* GetAtomicSettings() const; 123 base::DictionaryValue* GetSplitSettings() const; 124 base::DictionaryValue* GetQueuedItems() const; 125 126 // Returns the dictionary where a given Sync item should be stored, depending 127 // on whether the managed user setting is atomic or split. In case of a split 128 // setting, the split setting prefix of |key| is removed, so that |key| can 129 // be used to update the returned dictionary. 130 DictionaryValue* GetDictionaryAndSplitKey(std::string* key) const; 131 void UpdatePolicyFromCache(); 132 133 // Used for persisting policies. Unlike other PrefStores, this one is not 134 // hooked up to the PrefService. 135 scoped_refptr<PersistentPrefStore> store_; 136 137 // A set of local policies that are fixed and not configured remotely. 138 scoped_ptr<base::DictionaryValue> local_policies_; 139 140 scoped_ptr<syncer::SyncChangeProcessor> sync_processor_; 141 scoped_ptr<syncer::SyncErrorFactory> error_handler_; 142 }; 143 144 } // namespace policy 145 146 #endif // CHROME_BROWSER_POLICY_MANAGED_MODE_POLICY_PROVIDER_H_ 147