Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef CHROME_BROWSER_POLICY_POLICY_LOADER_WIN_H_
      6 #define CHROME_BROWSER_POLICY_POLICY_LOADER_WIN_H_
      7 
      8 #include <userenv.h>
      9 #include <windows.h>
     10 
     11 #include "base/basictypes.h"
     12 #include "base/files/file_path.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "base/synchronization/waitable_event.h"
     15 #include "base/values.h"
     16 #include "base/win/object_watcher.h"
     17 #include "chrome/browser/policy/async_policy_loader.h"
     18 #include "chrome/browser/policy/policy_types.h"
     19 
     20 namespace policy {
     21 
     22 class AppliedGPOListProvider;
     23 class PolicyLoadStatusSample;
     24 class PolicyMap;
     25 class RegistryDict;
     26 struct PolicyDefinitionList;
     27 
     28 // Interface for mocking out GPO enumeration in tests.
     29 class AppliedGPOListProvider {
     30  public:
     31   virtual ~AppliedGPOListProvider() {}
     32   virtual DWORD GetAppliedGPOList(DWORD flags,
     33                                   LPCTSTR machine_name,
     34                                   PSID sid_user,
     35                                   GUID* extension_guid,
     36                                   PGROUP_POLICY_OBJECT* gpo_list) = 0;
     37   virtual BOOL FreeGPOList(PGROUP_POLICY_OBJECT gpo_list) = 0;
     38 };
     39 
     40 // Loads policies from the Windows registry, and watches for Group Policy
     41 // notifications to trigger reloads.
     42 class PolicyLoaderWin : public AsyncPolicyLoader,
     43                         public base::win::ObjectWatcher::Delegate {
     44  public:
     45   // The PReg file name used by GPO.
     46   static const base::FilePath::CharType kPRegFileName[];
     47 
     48   explicit PolicyLoaderWin(const PolicyDefinitionList* policy_list,
     49                            const string16& chrome_policy_key,
     50                            AppliedGPOListProvider* gpo_provider);
     51   virtual ~PolicyLoaderWin();
     52 
     53   // Creates a policy loader that uses the Win API to access GPO.
     54   static scoped_ptr<PolicyLoaderWin> Create(
     55       const PolicyDefinitionList* policy_list);
     56 
     57   // AsyncPolicyLoader implementation.
     58   virtual void InitOnFile() OVERRIDE;
     59   virtual scoped_ptr<PolicyBundle> Load() OVERRIDE;
     60 
     61  private:
     62   // Builds the Chrome policy schema in |chrome_policy_schema_|.
     63   void BuildChromePolicySchema();
     64 
     65   // Reads Chrome Policy from a PReg file at the given path and stores the
     66   // result in |policy|.
     67   bool ReadPRegFile(const base::FilePath& preg_file,
     68                     RegistryDict* policy,
     69                     PolicyLoadStatusSample *status);
     70 
     71   // Loads and parses GPO policy in |policy_object_list| for scope |scope|. If
     72   // successful, stores the result in |policy| and returns true. Returns false
     73   // on failure reading the policy, indicating that policy loading should fall
     74   // back to reading the registry.
     75   bool LoadGPOPolicy(PolicyScope scope,
     76                      PGROUP_POLICY_OBJECT policy_object_list,
     77                      RegistryDict* policy,
     78                      PolicyLoadStatusSample *status);
     79 
     80   // Queries Windows for applied group policy and writes the result to |policy|.
     81   // This is the preferred way to obtain GPO data, there are reports of abuse
     82   // of the registry GPO keys by 3rd-party software.
     83   bool ReadPolicyFromGPO(PolicyScope scope,
     84                          RegistryDict* policy,
     85                          PolicyLoadStatusSample *status);
     86 
     87   // Parses Chrome policy from |gpo_dict| for the given |scope| and |level| and
     88   // merges it into |chrome_policy_map|.
     89   void LoadChromePolicy(const RegistryDict* gpo_dict,
     90                         PolicyLevel level,
     91                         PolicyScope scope,
     92                         PolicyMap* chrome_policy_map);
     93 
     94   // Loads 3rd-party policy from |gpo_dict| and merges it into |bundle|.
     95   void Load3rdPartyPolicy(const RegistryDict* gpo_dict,
     96                           PolicyScope scope,
     97                           PolicyBundle* bundle);
     98 
     99   // Installs the watchers for the Group Policy update events.
    100   void SetupWatches();
    101 
    102   // ObjectWatcher::Delegate overrides:
    103   virtual void OnObjectSignaled(HANDLE object) OVERRIDE;
    104 
    105   bool is_initialized_;
    106   const PolicyDefinitionList* policy_list_;
    107   const string16 chrome_policy_key_;
    108   class AppliedGPOListProvider* gpo_provider_;
    109   base::DictionaryValue chrome_policy_schema_;
    110 
    111   base::WaitableEvent user_policy_changed_event_;
    112   base::WaitableEvent machine_policy_changed_event_;
    113   base::win::ObjectWatcher user_policy_watcher_;
    114   base::win::ObjectWatcher machine_policy_watcher_;
    115   bool user_policy_watcher_failed_;
    116   bool machine_policy_watcher_failed_;
    117 
    118   DISALLOW_COPY_AND_ASSIGN(PolicyLoaderWin);
    119 };
    120 
    121 }  // namespace policy
    122 
    123 #endif  // CHROME_BROWSER_POLICY_POLICY_LOADER_WIN_H_
    124