Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/configuration_policy_handler_chromeos.h"
      6 
      7 #include <string>
      8 
      9 #include "ash/magnifier/magnifier_constants.h"
     10 #include "base/callback.h"
     11 #include "base/json/json_reader.h"
     12 #include "base/json/json_writer.h"
     13 #include "base/memory/scoped_ptr.h"
     14 #include "base/prefs/pref_value_map.h"
     15 #include "base/strings/string_util.h"
     16 #include "base/values.h"
     17 #include "chrome/browser/chromeos/policy/login_screen_power_management_policy.h"
     18 #include "chrome/browser/policy/external_data_fetcher.h"
     19 #include "chrome/browser/policy/policy_error_map.h"
     20 #include "chrome/browser/policy/policy_map.h"
     21 #include "chrome/browser/ui/ash/chrome_launcher_prefs.h"
     22 #include "chrome/common/pref_names.h"
     23 #include "chromeos/dbus/power_policy_controller.h"
     24 #include "chromeos/network/onc/onc_constants.h"
     25 #include "chromeos/network/onc/onc_signature.h"
     26 #include "chromeos/network/onc/onc_utils.h"
     27 #include "chromeos/network/onc/onc_validator.h"
     28 #include "grit/generated_resources.h"
     29 #include "policy/policy_constants.h"
     30 
     31 namespace onc = chromeos::onc;
     32 
     33 namespace policy {
     34 
     35 // static
     36 NetworkConfigurationPolicyHandler*
     37 NetworkConfigurationPolicyHandler::CreateForUserPolicy() {
     38   return new NetworkConfigurationPolicyHandler(
     39       key::kOpenNetworkConfiguration,
     40       onc::ONC_SOURCE_USER_POLICY,
     41       prefs::kOpenNetworkConfiguration);
     42 }
     43 
     44 // static
     45 NetworkConfigurationPolicyHandler*
     46 NetworkConfigurationPolicyHandler::CreateForDevicePolicy() {
     47   return new NetworkConfigurationPolicyHandler(
     48       key::kDeviceOpenNetworkConfiguration,
     49       onc::ONC_SOURCE_DEVICE_POLICY,
     50       prefs::kDeviceOpenNetworkConfiguration);
     51 }
     52 
     53 NetworkConfigurationPolicyHandler::~NetworkConfigurationPolicyHandler() {}
     54 
     55 bool NetworkConfigurationPolicyHandler::CheckPolicySettings(
     56     const PolicyMap& policies,
     57     PolicyErrorMap* errors) {
     58   const base::Value* value;
     59   if (!CheckAndGetValue(policies, errors, &value))
     60     return false;
     61 
     62   if (value) {
     63     std::string onc_blob;
     64     value->GetAsString(&onc_blob);
     65     scoped_ptr<base::DictionaryValue> root_dict =
     66         onc::ReadDictionaryFromJson(onc_blob);
     67     if (root_dict.get() == NULL) {
     68       errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_PARSE_FAILED);
     69       return false;
     70     }
     71 
     72     // Validate the ONC dictionary. We are liberal and ignore unknown field
     73     // names and ignore invalid field names in kRecommended arrays.
     74     onc::Validator validator(false,  // Ignore unknown fields.
     75                              false,  // Ignore invalid recommended field names.
     76                              true,  // Fail on missing fields.
     77                              true);  // Validate for managed ONC
     78     validator.SetOncSource(onc_source_);
     79 
     80     // ONC policies are always unencrypted.
     81     onc::Validator::Result validation_result;
     82     root_dict = validator.ValidateAndRepairObject(
     83         &onc::kToplevelConfigurationSignature, *root_dict, &validation_result);
     84     if (validation_result == onc::Validator::VALID_WITH_WARNINGS)
     85       errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_PARTIAL);
     86     else if (validation_result == onc::Validator::INVALID)
     87       errors->AddError(policy_name(), IDS_POLICY_NETWORK_CONFIG_IMPORT_FAILED);
     88 
     89     // In any case, don't reject the policy as some networks or certificates
     90     // could still be applied.
     91   }
     92 
     93   return true;
     94 }
     95 
     96 void NetworkConfigurationPolicyHandler::ApplyPolicySettings(
     97     const PolicyMap& policies,
     98     PrefValueMap* prefs) {
     99   const base::Value* value = policies.GetValue(policy_name());
    100   if (!value)
    101     return;
    102 
    103   std::string onc_blob;
    104   value->GetAsString(&onc_blob);
    105 
    106   scoped_ptr<base::ListValue> network_configs(new base::ListValue);
    107   base::ListValue certificates;
    108   chromeos::onc::ParseAndValidateOncForImport(
    109       onc_blob, onc_source_, "", network_configs.get(), &certificates);
    110 
    111   prefs->SetValue(pref_path_, network_configs.release());
    112 }
    113 
    114 void NetworkConfigurationPolicyHandler::PrepareForDisplaying(
    115     PolicyMap* policies) const {
    116   const PolicyMap::Entry* entry = policies->Get(policy_name());
    117   if (!entry)
    118     return;
    119   base::Value* sanitized_config = SanitizeNetworkConfig(entry->value);
    120   if (!sanitized_config)
    121     sanitized_config = base::Value::CreateNullValue();
    122 
    123   policies->Set(policy_name(), entry->level, entry->scope,
    124                 sanitized_config, NULL);
    125 }
    126 
    127 NetworkConfigurationPolicyHandler::NetworkConfigurationPolicyHandler(
    128     const char* policy_name,
    129     chromeos::onc::ONCSource onc_source,
    130     const char* pref_path)
    131     : TypeCheckingPolicyHandler(policy_name, base::Value::TYPE_STRING),
    132       onc_source_(onc_source),
    133       pref_path_(pref_path) {
    134 }
    135 
    136 // static
    137 base::Value* NetworkConfigurationPolicyHandler::SanitizeNetworkConfig(
    138     const base::Value* config) {
    139   std::string json_string;
    140   if (!config->GetAsString(&json_string))
    141     return NULL;
    142 
    143   scoped_ptr<base::DictionaryValue> toplevel_dict =
    144       onc::ReadDictionaryFromJson(json_string);
    145   if (!toplevel_dict)
    146     return NULL;
    147 
    148   // Placeholder to insert in place of the filtered setting.
    149   const char kPlaceholder[] = "********";
    150 
    151   toplevel_dict = onc::MaskCredentialsInOncObject(
    152       onc::kToplevelConfigurationSignature,
    153       *toplevel_dict,
    154       kPlaceholder);
    155 
    156   base::JSONWriter::WriteWithOptions(toplevel_dict.get(),
    157                                      base::JSONWriter::OPTIONS_DO_NOT_ESCAPE |
    158                                          base::JSONWriter::OPTIONS_PRETTY_PRINT,
    159                                      &json_string);
    160   return base::Value::CreateStringValue(json_string);
    161 }
    162 
    163 PinnedLauncherAppsPolicyHandler::PinnedLauncherAppsPolicyHandler()
    164     : ExtensionListPolicyHandler(key::kPinnedLauncherApps,
    165                                  prefs::kPinnedLauncherApps,
    166                                  false) {}
    167 
    168 PinnedLauncherAppsPolicyHandler::~PinnedLauncherAppsPolicyHandler() {}
    169 
    170 void PinnedLauncherAppsPolicyHandler::ApplyPolicySettings(
    171     const PolicyMap& policies,
    172     PrefValueMap* prefs) {
    173   PolicyErrorMap errors;
    174   const base::Value* policy_value = policies.GetValue(policy_name());
    175   const base::ListValue* policy_list = NULL;
    176   if (policy_value && policy_value->GetAsList(&policy_list) && policy_list) {
    177     base::ListValue* pinned_apps_list = new base::ListValue();
    178     for (base::ListValue::const_iterator entry(policy_list->begin());
    179          entry != policy_list->end(); ++entry) {
    180       std::string id;
    181       if ((*entry)->GetAsString(&id)) {
    182         base::DictionaryValue* app_dict = new base::DictionaryValue();
    183         app_dict->SetString(ash::kPinnedAppsPrefAppIDPath, id);
    184         pinned_apps_list->Append(app_dict);
    185       }
    186     }
    187     prefs->SetValue(pref_path(), pinned_apps_list);
    188   }
    189 }
    190 
    191 ScreenMagnifierPolicyHandler::ScreenMagnifierPolicyHandler()
    192     : IntRangePolicyHandlerBase(key::kScreenMagnifierType,
    193                                 0, ash::MAGNIFIER_FULL, false) {
    194 }
    195 
    196 ScreenMagnifierPolicyHandler::~ScreenMagnifierPolicyHandler() {
    197 }
    198 
    199 void ScreenMagnifierPolicyHandler::ApplyPolicySettings(
    200     const PolicyMap& policies,
    201     PrefValueMap* prefs) {
    202   const base::Value* value = policies.GetValue(policy_name());
    203   int value_in_range;
    204   if (value && EnsureInRange(value, &value_in_range, NULL)) {
    205     prefs->SetValue(prefs::kScreenMagnifierEnabled,
    206                     base::Value::CreateBooleanValue(value_in_range != 0));
    207     prefs->SetValue(prefs::kScreenMagnifierType,
    208                     base::Value::CreateIntegerValue(value_in_range));
    209   }
    210 }
    211 
    212 LoginScreenPowerManagementPolicyHandler::
    213     LoginScreenPowerManagementPolicyHandler()
    214     : TypeCheckingPolicyHandler(key::kDeviceLoginScreenPowerManagement,
    215                                 base::Value::TYPE_STRING) {
    216 }
    217 
    218 LoginScreenPowerManagementPolicyHandler::
    219     ~LoginScreenPowerManagementPolicyHandler() {
    220 }
    221 
    222 bool LoginScreenPowerManagementPolicyHandler::CheckPolicySettings(
    223     const PolicyMap& policies,
    224     PolicyErrorMap* errors) {
    225   const base::Value* value;
    226   if (!CheckAndGetValue(policies, errors, &value))
    227     return false;
    228 
    229   if (!value)
    230     return true;
    231 
    232   std::string json;
    233   value->GetAsString(&json);
    234   return LoginScreenPowerManagementPolicy().Init(json, errors);
    235 }
    236 
    237 void LoginScreenPowerManagementPolicyHandler::ApplyPolicySettings(
    238     const PolicyMap& policies,
    239     PrefValueMap* prefs) {
    240 }
    241 
    242 DeprecatedIdleActionHandler::DeprecatedIdleActionHandler()
    243     : IntRangePolicyHandlerBase(
    244           key::kIdleAction,
    245           chromeos::PowerPolicyController::ACTION_SUSPEND,
    246           chromeos::PowerPolicyController::ACTION_DO_NOTHING,
    247           false) {}
    248 
    249 DeprecatedIdleActionHandler::~DeprecatedIdleActionHandler() {}
    250 
    251 void DeprecatedIdleActionHandler::ApplyPolicySettings(const PolicyMap& policies,
    252                                                       PrefValueMap* prefs) {
    253   const base::Value* value = policies.GetValue(policy_name());
    254   if (value && EnsureInRange(value, NULL, NULL)) {
    255     if (!prefs->GetValue(prefs::kPowerAcIdleAction, NULL))
    256       prefs->SetValue(prefs::kPowerAcIdleAction, value->DeepCopy());
    257     if (!prefs->GetValue(prefs::kPowerBatteryIdleAction, NULL))
    258       prefs->SetValue(prefs::kPowerBatteryIdleAction, value->DeepCopy());
    259   }
    260 }
    261 
    262 }  // namespace policy
    263