1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h" 6 7 #include <string> 8 9 #include "ash/magnifier/magnifier_constants.h" 10 #include "base/callback.h" 11 #include "base/json/json_reader.h" 12 #include "base/json/json_writer.h" 13 #include "base/memory/scoped_ptr.h" 14 #include "base/prefs/pref_value_map.h" 15 #include "base/strings/string_util.h" 16 #include "base/values.h" 17 #include "chrome/browser/chromeos/policy/login_screen_power_management_policy.h" 18 #include "chrome/browser/policy/external_data_fetcher.h" 19 #include "chrome/browser/policy/policy_error_map.h" 20 #include "chrome/browser/policy/policy_map.h" 21 #include "chrome/browser/ui/ash/chrome_launcher_prefs.h" 22 #include "chrome/common/pref_names.h" 23 #include "chromeos/dbus/power_policy_controller.h" 24 #include "chromeos/network/onc/onc_constants.h" 25 #include "chromeos/network/onc/onc_signature.h" 26 #include "chromeos/network/onc/onc_utils.h" 27 #include "chromeos/network/onc/onc_validator.h" 28 #include "grit/generated_resources.h" 29 #include "policy/policy_constants.h" 30 31 namespace onc = chromeos::onc; 32 33 namespace policy { 34 35 // static 36 NetworkConfigurationPolicyHandler* 37 NetworkConfigurationPolicyHandler::CreateForUserPolicy() { 38 return new NetworkConfigurationPolicyHandler( 39 key::kOpenNetworkConfiguration, 40 onc::ONC_SOURCE_USER_POLICY, 41 prefs::kOpenNetworkConfiguration); 42 } 43 44 // static 45 NetworkConfigurationPolicyHandler* 46 NetworkConfigurationPolicyHandler::CreateForDevicePolicy() { 47 return new NetworkConfigurationPolicyHandler( 48 key::kDeviceOpenNetworkConfiguration, 49 onc::ONC_SOURCE_DEVICE_POLICY, 50 prefs::kDeviceOpenNetworkConfiguration); 51 } 52 53 NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {} 54 55 bool NetworkConfigurationPolicyHandler::CheckPolicySettings( 56 const PolicyMap& policies, 57 PolicyErrorMap* errors) { 58 const base::Value* value; 59 if (!CheckAndGetValue(policies, errors, &value)) 60 return false; 61 62 if (value) { 63 std::string onc_blob; 64 value->GetAsString(&onc_blob); 65 scoped_ptr<base::DictionaryValue> root_dict = 66 onc::ReadDictionaryFromJson(onc_blob); 67 if (root_dict.get() == NULL) { 68 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED); 69 return false; 70 } 71 72 // Validate the ONC dictionary. We are liberal and ignore unknown field 73 // names and ignore invalid field names in kRecommended arrays. 74 onc::Validator validator(false, // Ignore unknown fields. 75 false, // Ignore invalid recommended field names. 76 true, // Fail on missing fields. 77 true); // Validate for managed ONC 78 validator.SetOncSource(onc_source_); 79 80 // ONC policies are always unencrypted. 81 onc::Validator::Result validation_result; 82 root_dict = validator.ValidateAndRepairObject( 83 &onc::kToplevelConfigurationSignature, *root_dict, &validation_result); 84 if (validation_result == onc::Validator::VALID_WITH_WARNINGS) 85 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL); 86 else if (validation_result == onc::Validator::INVALID) 87 errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED); 88 89 // In any case, don't reject the policy as some networks or certificates 90 // could still be applied. 91 } 92 93 return true; 94 } 95 96 void NetworkConfigurationPolicyHandler::ApplyPolicySettings( 97 const PolicyMap& policies, 98 PrefValueMap* prefs) { 99 const base::Value* value = policies.GetValue(policy_name()); 100 if (!value) 101 return; 102 103 std::string onc_blob; 104 value->GetAsString(&onc_blob); 105 106 scoped_ptr<base::ListValue> network_configs(new base::ListValue); 107 base::ListValue certificates; 108 chromeos::onc::ParseAndValidateOncForImport( 109 onc_blob, onc_source_, "", network_configs.get(), &certificates); 110 111 prefs->SetValue(pref_path_, network_configs.release()); 112 } 113 114 void NetworkConfigurationPolicyHandler::PrepareForDisplaying( 115 PolicyMap* policies) const { 116 const PolicyMap::Entry* entry = policies->Get(policy_name()); 117 if (!entry) 118 return; 119 base::Value* sanitized_config = SanitizeNetworkConfig(entry->value); 120 if (!sanitized_config) 121 sanitized_config = base::Value::CreateNullValue(); 122 123 policies->Set(policy_name(), entry->level, entry->scope, 124 sanitized_config, NULL); 125 } 126 127 NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler( 128 const char* policy_name, 129 chromeos::onc::ONCSource onc_source, 130 const char* pref_path) 131 : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING), 132 onc_source_(onc_source), 133 pref_path_(pref_path) { 134 } 135 136 // static 137 base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig( 138 const base::Value* config) { 139 std::string json_string; 140 if (!config->GetAsString(&json_string)) 141 return NULL; 142 143 scoped_ptr<base::DictionaryValue> toplevel_dict = 144 onc::ReadDictionaryFromJson(json_string); 145 if (!toplevel_dict) 146 return NULL; 147 148 // Placeholder to insert in place of the filtered setting. 149 const char kPlaceholder[] = "********"; 150 151 toplevel_dict = onc::MaskCredentialsInOncObject( 152 onc::kToplevelConfigurationSignature, 153 *toplevel_dict, 154 kPlaceholder); 155 156 base::JSONWriter::WriteWithOptions(toplevel_dict.get(), 157 base::JSONWriter::OPTIONS_DO_NOT_ESCAPE | 158 base::JSONWriter::OPTIONS_PRETTY_PRINT, 159 &json_string); 160 return base::Value::CreateStringValue(json_string); 161 } 162 163 PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler() 164 : ExtensionListPolicyHandler(key::kPinnedLauncherApps, 165 prefs::kPinnedLauncherApps, 166 false) {} 167 168 PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {} 169 170 void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings( 171 const PolicyMap& policies, 172 PrefValueMap* prefs) { 173 PolicyErrorMap errors; 174 const base::Value* policy_value = policies.GetValue(policy_name()); 175 const base::ListValue* policy_list = NULL; 176 if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) { 177 base::ListValue* pinned_apps_list = new base::ListValue(); 178 for (base::ListValue::const_iterator entry(policy_list->begin()); 179 entry != policy_list->end(); ++entry) { 180 std::string id; 181 if ((*entry)->GetAsString(&id)) { 182 base::DictionaryValue* app_dict = new base::DictionaryValue(); 183 app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id); 184 pinned_apps_list->Append(app_dict); 185 } 186 } 187 prefs->SetValue(pref_path(), pinned_apps_list); 188 } 189 } 190 191 ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler() 192 : IntRangePolicyHandlerBase(key::kScreenMagnifierType, 193 0, ash::MAGNIFIER_FULL, false) { 194 } 195 196 ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() { 197 } 198 199 void ScreenMagnifierPolicyHandler::ApplyPolicySettings( 200 const PolicyMap& policies, 201 PrefValueMap* prefs) { 202 const base::Value* value = policies.GetValue(policy_name()); 203 int value_in_range; 204 if (value && EnsureInRange(value, &value_in_range, NULL)) { 205 prefs->SetValue(prefs::kScreenMagnifierEnabled, 206 base::Value::CreateBooleanValue(value_in_range != 0)); 207 prefs->SetValue(prefs::kScreenMagnifierType, 208 base::Value::CreateIntegerValue(value_in_range)); 209 } 210 } 211 212 LoginScreenPowerManagementPolicyHandler:: 213 LoginScreenPowerManagementPolicyHandler() 214 : TypeCheckingPolicyHandler(key::kDeviceLoginScreenPowerManagement, 215 base::Value::TYPE_STRING) { 216 } 217 218 LoginScreenPowerManagementPolicyHandler:: 219 ~LoginScreenPowerManagementPolicyHandler() { 220 } 221 222 bool LoginScreenPowerManagementPolicyHandler::CheckPolicySettings( 223 const PolicyMap& policies, 224 PolicyErrorMap* errors) { 225 const base::Value* value; 226 if (!CheckAndGetValue(policies, errors, &value)) 227 return false; 228 229 if (!value) 230 return true; 231 232 std::string json; 233 value->GetAsString(&json); 234 return LoginScreenPowerManagementPolicy().Init(json, errors); 235 } 236 237 void LoginScreenPowerManagementPolicyHandler::ApplyPolicySettings( 238 const PolicyMap& policies, 239 PrefValueMap* prefs) { 240 } 241 242 DeprecatedIdleActionHandler::DeprecatedIdleActionHandler() 243 : IntRangePolicyHandlerBase( 244 key::kIdleAction, 245 chromeos::PowerPolicyController::ACTION_SUSPEND, 246 chromeos::PowerPolicyController::ACTION_DO_NOTHING, 247 false) {} 248 249 DeprecatedIdleActionHandler::~DeprecatedIdleActionHandler() {} 250 251 void DeprecatedIdleActionHandler::ApplyPolicySettings(const PolicyMap& policies, 252 PrefValueMap* prefs) { 253 const base::Value* value = policies.GetValue(policy_name()); 254 if (value && EnsureInRange(value, NULL, NULL)) { 255 if (!prefs->GetValue(prefs::kPowerAcIdleAction, NULL)) 256 prefs->SetValue(prefs::kPowerAcIdleAction, value->DeepCopy()); 257 if (!prefs->GetValue(prefs::kPowerBatteryIdleAction, NULL)) 258 prefs->SetValue(prefs::kPowerBatteryIdleAction, value->DeepCopy()); 259 } 260 } 261 262 } // namespace policy 263