1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h" 6 7 #include "base/command_line.h" 8 #include "base/files/file_path.h" 9 #include "base/logging.h" 10 #include "base/path_service.h" 11 #include "base/time/time.h" 12 #include "chrome/browser/browser_process.h" 13 #include "chrome/browser/chromeos/login/user.h" 14 #include "chrome/browser/chromeos/login/user_manager.h" 15 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" 16 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 17 #include "chrome/browser/chromeos/profiles/profile_helper.h" 18 #include "chrome/browser/policy/browser_policy_connector.h" 19 #include "chrome/browser/policy/cloud/device_management_service.h" 20 #include "chrome/browser/policy/cloud/resource_cache.h" 21 #include "chrome/browser/profiles/profile.h" 22 #include "chrome/common/chrome_switches.h" 23 #include "chromeos/chromeos_paths.h" 24 #include "chromeos/chromeos_switches.h" 25 #include "chromeos/dbus/dbus_thread_manager.h" 26 #include "components/browser_context_keyed_service/browser_context_dependency_manager.h" 27 #include "net/url_request/url_request_context_getter.h" 28 29 namespace policy { 30 31 namespace { 32 33 // Subdirectory in the user's profile for storing legacy user policies. 34 const base::FilePath::CharType kDeviceManagementDir[] = 35 FILE_PATH_LITERAL("Device Management"); 36 // File in the above directory for storing legacy user policy dmtokens. 37 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token"); 38 // This constant is used to build two different paths. It can be a file inside 39 // kDeviceManagementDir where legacy user policy data is stored, and it can be 40 // a directory inside the profile directory where other resources are stored. 41 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy"); 42 // Directory under kPolicy, in the user's profile dir, where external policy 43 // resources are stored. 44 const base::FilePath::CharType kResourceDir[] = FILE_PATH_LITERAL("Resources"); 45 46 // Timeout in seconds after which to abandon the initial policy fetch and start 47 // the session regardless. 48 const int kInitialPolicyFetchTimeoutSeconds = 10; 49 50 } // namespace 51 52 // static 53 UserCloudPolicyManagerFactoryChromeOS* 54 UserCloudPolicyManagerFactoryChromeOS::GetInstance() { 55 return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get(); 56 } 57 58 // static 59 UserCloudPolicyManagerChromeOS* 60 UserCloudPolicyManagerFactoryChromeOS::GetForProfile( 61 Profile* profile) { 62 return GetInstance()->GetManagerForProfile(profile); 63 } 64 65 // static 66 scoped_ptr<UserCloudPolicyManagerChromeOS> 67 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile( 68 Profile* profile, 69 bool force_immediate_load) { 70 return GetInstance()->CreateManagerForProfile(profile, force_immediate_load); 71 } 72 73 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS() 74 : BrowserContextKeyedBaseFactory( 75 "UserCloudPolicyManagerChromeOS", 76 BrowserContextDependencyManager::GetInstance()) {} 77 78 UserCloudPolicyManagerFactoryChromeOS:: 79 ~UserCloudPolicyManagerFactoryChromeOS() {} 80 81 UserCloudPolicyManagerChromeOS* 82 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile( 83 Profile* profile) { 84 // Get the manager for the original profile, since the PolicyService is 85 // also shared between the incognito Profile and the original Profile. 86 ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile()); 87 return it != managers_.end() ? it->second : NULL; 88 } 89 90 scoped_ptr<UserCloudPolicyManagerChromeOS> 91 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile( 92 Profile* profile, 93 bool force_immediate_load) { 94 const CommandLine* command_line = CommandLine::ForCurrentProcess(); 95 // Don't initialize cloud policy for the signin profile. 96 if (chromeos::ProfileHelper::IsSigninProfile(profile)) 97 return scoped_ptr<UserCloudPolicyManagerChromeOS>(); 98 99 // |user| should never be NULL except for the signin profile. This object is 100 // created as part of the Profile creation, which happens right after 101 // sign-in. The just-signed-in User is the active user during that time. 102 chromeos::UserManager* user_manager = chromeos::UserManager::Get(); 103 chromeos::User* user = user_manager->GetActiveUser(); 104 CHECK(user); 105 106 // Only USER_TYPE_REGULAR users have user cloud policy. 107 // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP and USER_TYPE_GUEST are not 108 // signed in and can't authenticate the policy registration. 109 // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the 110 // DeviceLocalAccountPolicyService. 111 // USER_TYPE_LOCALLY_MANAGED gets its policy from the 112 // ManagedModePolicyProvider. 113 const std::string& username = user->email(); 114 if (user->GetType() != chromeos::User::USER_TYPE_REGULAR || 115 BrowserPolicyConnector::IsNonEnterpriseUser(username)) { 116 return scoped_ptr<UserCloudPolicyManagerChromeOS>(); 117 } 118 119 BrowserPolicyConnector* connector = 120 g_browser_process->browser_policy_connector(); 121 UserAffiliation affiliation = connector->GetUserAffiliation(username); 122 const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED; 123 const bool is_browser_restart = 124 command_line->HasSwitch(chromeos::switches::kLoginUser) && 125 !command_line->HasSwitch(chromeos::switches::kLoginPassword); 126 const bool wait_for_initial_policy = is_managed_user && !is_browser_restart; 127 128 DeviceManagementService* device_management_service = 129 connector->device_management_service(); 130 if (wait_for_initial_policy) 131 device_management_service->ScheduleInitialization(0); 132 133 base::FilePath profile_dir = profile->GetPath(); 134 const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir); 135 const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy); 136 const base::FilePath token_cache_file = legacy_dir.Append(kToken); 137 const base::FilePath resource_cache_dir = 138 profile_dir.Append(kPolicy).Append(kResourceDir); 139 base::FilePath policy_key_dir; 140 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir)); 141 142 scoped_ptr<UserCloudPolicyStoreChromeOS> store( 143 new UserCloudPolicyStoreChromeOS( 144 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), 145 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), 146 username, policy_key_dir, token_cache_file, policy_cache_file)); 147 if (force_immediate_load) 148 store->LoadImmediately(); 149 150 scoped_ptr<ResourceCache> resource_cache; 151 if (command_line->HasSwitch(switches::kEnableComponentCloudPolicy)) 152 resource_cache.reset(new ResourceCache(resource_cache_dir)); 153 154 scoped_ptr<UserCloudPolicyManagerChromeOS> manager( 155 new UserCloudPolicyManagerChromeOS( 156 store.PassAs<CloudPolicyStore>(), 157 resource_cache.Pass(), 158 wait_for_initial_policy, 159 base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds))); 160 manager->Init(); 161 manager->Connect(g_browser_process->local_state(), 162 device_management_service, 163 g_browser_process->system_request_context(), 164 affiliation); 165 166 DCHECK(managers_.find(profile) == managers_.end()); 167 managers_[profile] = manager.get(); 168 return manager.Pass(); 169 } 170 171 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown( 172 content::BrowserContext* context) { 173 Profile* profile = static_cast<Profile*>(context); 174 if (profile->IsOffTheRecord()) 175 return; 176 UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile); 177 if (manager) 178 manager->Shutdown(); 179 } 180 181 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed( 182 content::BrowserContext* context) { 183 Profile* profile = static_cast<Profile*>(context); 184 managers_.erase(profile); 185 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context); 186 } 187 188 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory( 189 content::BrowserContext* context) {} 190 191 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow( 192 content::BrowserContext* context) {} 193 194 } // namespace policy 195