1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 7 8 #include <bitset> 9 #include <string> 10 11 #include "base/basictypes.h" 12 #include "base/callback.h" 13 #include "base/compiler_specific.h" 14 #include "base/memory/ref_counted.h" 15 #include "base/memory/scoped_ptr.h" 16 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" 17 #include "components/policy/core/common/cloud/cloud_policy_client.h" 18 #include "components/policy/core/common/cloud/cloud_policy_manager.h" 19 #include "components/policy/core/common/cloud/cloud_policy_store.h" 20 21 namespace base { 22 class SequencedTaskRunner; 23 } 24 25 namespace chromeos { 26 namespace attestation { 27 class AttestationPolicyObserver; 28 } 29 } 30 31 class PrefRegistrySimple; 32 class PrefService; 33 34 namespace policy { 35 36 class DeviceCloudPolicyStoreChromeOS; 37 class DeviceManagementService; 38 class EnrollmentHandlerChromeOS; 39 class EnterpriseInstallAttributes; 40 41 // CloudPolicyManager specialization for device policy on Chrome OS. The most 42 // significant addition is support for device enrollment. 43 class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager { 44 public: 45 typedef std::bitset<32> AllowedDeviceModes; 46 typedef base::Callback<void(EnrollmentStatus)> EnrollmentCallback; 47 48 // |task_runner| is the runner for policy refresh tasks. 49 // |background_task_runner| is used to execute long-running background tasks 50 // that may involve file I/O. 51 DeviceCloudPolicyManagerChromeOS( 52 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store, 53 const scoped_refptr<base::SequencedTaskRunner>& task_runner, 54 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, 55 EnterpriseInstallAttributes* install_attributes); 56 virtual ~DeviceCloudPolicyManagerChromeOS(); 57 58 // Establishes the connection to the cloud, updating policy as necessary. 59 void Connect( 60 PrefService* local_state, 61 DeviceManagementService* device_management_service, 62 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider); 63 64 // Starts enrollment or re-enrollment. Once the enrollment process completes, 65 // |callback| is invoked and gets passed the status of the operation. 66 // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for 67 // enrollment. 68 void StartEnrollment(const std::string& auth_token, 69 bool is_auto_enrollment, 70 const AllowedDeviceModes& allowed_modes, 71 const EnrollmentCallback& callback); 72 73 // Cancels a pending enrollment operation, if any. 74 void CancelEnrollment(); 75 76 // Gets/Sets the device requisition. 77 std::string GetDeviceRequisition() const; 78 void SetDeviceRequisition(const std::string& requisition); 79 80 // Checks whether enterprise enrollment should be a regular step during OOBE. 81 bool ShouldAutoStartEnrollment() const; 82 83 // Checks whether the user can cancel enrollment. 84 bool CanExitEnrollment() const; 85 86 // CloudPolicyManager: 87 virtual void Shutdown() OVERRIDE; 88 89 // CloudPolicyStore::Observer: 90 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 91 92 // Pref registration helper. 93 static void RegisterPrefs(PrefRegistrySimple* registry); 94 95 // Returns the device serial number, or an empty string if not available. 96 static std::string GetMachineID(); 97 98 // Returns the machine model, or an empty string if not available. 99 static std::string GetMachineModel(); 100 101 // Returns the robot 'email address' associated with the device robot 102 // account (sometimes called a service account) associated with this device 103 // during enterprise enrollment. 104 std::string GetRobotAccountId(); 105 106 private: 107 // Creates a new CloudPolicyClient. 108 scoped_ptr<CloudPolicyClient> CreateClient(); 109 110 // Starts policy refreshes if |store_| indicates a managed device and the 111 // necessary dependencies have been provided via Initialize(). 112 void StartIfManaged(); 113 114 // Handles completion signaled by |enrollment_handler_|. 115 void EnrollmentCompleted(const EnrollmentCallback& callback, 116 EnrollmentStatus status); 117 118 // Initializes requisition settings at OOBE with values from VPD. 119 void InitalizeRequisition(); 120 121 // Points to the same object as the base CloudPolicyManager::store(), but with 122 // actual device policy specific type. 123 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_store_; 124 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; 125 EnterpriseInstallAttributes* install_attributes_; 126 127 DeviceManagementService* device_management_service_; 128 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider_; 129 130 // PrefService instance to read the policy refresh rate from. 131 PrefService* local_state_; 132 133 // Non-null if there is an enrollment operation pending. 134 scoped_ptr<EnrollmentHandlerChromeOS> enrollment_handler_; 135 136 scoped_ptr<chromeos::attestation::AttestationPolicyObserver> 137 attestation_policy_observer_; 138 139 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOS); 140 }; 141 142 } // namespace policy 143 144 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 145
