1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ 6 #define CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "base/memory/ref_counted.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/memory/weak_ptr.h" 14 #include "components/policy/core/browser/configuration_policy_handler_list.h" 15 #include "components/policy/core/common/cloud/cloud_policy_constants.h" 16 #include "components/policy/core/common/schema.h" 17 #include "components/policy/core/common/schema_registry.h" 18 19 #if defined(OS_CHROMEOS) 20 #include "chrome/browser/chromeos/policy/proxy_policy_provider.h" 21 #endif 22 23 class PrefRegistrySimple; 24 class PrefService; 25 26 namespace net { 27 class URLRequestContextGetter; 28 } 29 30 namespace policy { 31 32 class ConfigurationPolicyProvider; 33 class DeviceManagementService; 34 class PolicyService; 35 class PolicyStatisticsCollector; 36 37 #if defined(OS_CHROMEOS) 38 class AppPackUpdater; 39 class DeviceCloudPolicyManagerChromeOS; 40 class DeviceLocalAccountPolicyService; 41 class EnterpriseInstallAttributes; 42 class NetworkConfigurationUpdater; 43 #endif 44 45 // Manages the lifecycle of browser-global policy infrastructure, such as the 46 // platform policy providers, device- and the user-cloud policy infrastructure. 47 class BrowserPolicyConnector { 48 public: 49 // Builds an uninitialized BrowserPolicyConnector, suitable for testing. 50 // Init() should be called to create and start the policy machinery. 51 BrowserPolicyConnector(); 52 53 // Invoke Shutdown() before deleting, see below. 54 virtual ~BrowserPolicyConnector(); 55 56 // Finalizes the initialization of the connector. This call can be skipped on 57 // tests that don't require the full policy system running. 58 void Init(PrefService* local_state, 59 scoped_refptr<net::URLRequestContextGetter> request_context); 60 61 // Stops the policy providers and cleans up the connector before it can be 62 // safely deleted. This must be invoked before the destructor and while the 63 // threads are still running. The policy providers are still valid but won't 64 // update anymore after this call. 65 void Shutdown(); 66 67 // Returns true if Init() has been called but Shutdown() hasn't been yet. 68 bool is_initialized() const { return is_initialized_; } 69 70 // Returns a handle to the Chrome schema. 71 const Schema& GetChromeSchema() const; 72 73 // Returns the global CombinedSchemaRegistry. SchemaRegistries from Profiles 74 // should be tracked by the global registry, so that the global policy 75 // providers also load policies for the components of each Profile. 76 CombinedSchemaRegistry* GetSchemaRegistry(); 77 78 // Returns the platform policy provider. 79 ConfigurationPolicyProvider* GetPlatformProvider(); 80 81 // Returns the browser-global PolicyService, that contains policies for the 82 // whole browser. 83 PolicyService* GetPolicyService(); 84 85 #if defined(OS_CHROMEOS) 86 // Returns true if this device is managed by an enterprise (as opposed to 87 // a local owner). 88 bool IsEnterpriseManaged(); 89 90 // Returns the enterprise domain if device is managed. 91 std::string GetEnterpriseDomain(); 92 93 // Returns the device mode. For ChromeOS this function will return the mode 94 // stored in the lockbox, or DEVICE_MODE_CONSUMER if the lockbox has been 95 // locked empty, or DEVICE_MODE_UNKNOWN if the device has not been owned yet. 96 // For other OSes the function will always return DEVICE_MODE_CONSUMER. 97 DeviceMode GetDeviceMode(); 98 #endif 99 100 // Schedules initialization of the cloud policy backend services, if the 101 // services are already constructed. 102 void ScheduleServiceInitialization(int64 delay_milliseconds); 103 104 const ConfigurationPolicyHandlerList* GetHandlerList() const; 105 106 // Works out the user affiliation by checking the given |user_name| against 107 // the installation attributes. 108 UserAffiliation GetUserAffiliation(const std::string& user_name); 109 110 DeviceManagementService* device_management_service() { 111 return device_management_service_.get(); 112 } 113 114 #if defined(OS_CHROMEOS) 115 AppPackUpdater* GetAppPackUpdater(); 116 117 DeviceCloudPolicyManagerChromeOS* GetDeviceCloudPolicyManager() { 118 return device_cloud_policy_manager_.get(); 119 } 120 DeviceLocalAccountPolicyService* GetDeviceLocalAccountPolicyService() { 121 return device_local_account_policy_service_.get(); 122 } 123 EnterpriseInstallAttributes* GetInstallAttributes() { 124 return install_attributes_.get(); 125 } 126 127 // The browser-global PolicyService is created before Profiles are ready, to 128 // provide managed values for the local state PrefService. It includes a 129 // policy provider that forwards policies from a delegate policy provider. 130 // This call can be used to set the user policy provider as that delegate 131 // once the Profile is ready, so that user policies can also affect local 132 // state preferences. 133 // Only one user policy provider can be set as a delegate at a time, and any 134 // previously set delegate is removed. Passing NULL removes the current 135 // delegate, if there is one. 136 void SetUserPolicyDelegate(ConfigurationPolicyProvider* user_policy_provider); 137 138 // Sets the install attributes for testing. Must be called before the browser 139 // is created. Takes ownership of |attributes|. 140 static void SetInstallAttributesForTesting( 141 EnterpriseInstallAttributes* attributes); 142 #endif 143 144 // Sets a |provider| that will be included in PolicyServices returned by 145 // CreatePolicyService. This is a static method because local state is 146 // created immediately after the connector, and tests don't have a chance to 147 // inject the provider otherwise. |provider| must outlive the connector, and 148 // its ownership is not taken though the connector will initialize and shut it 149 // down. 150 static void SetPolicyProviderForTesting( 151 ConfigurationPolicyProvider* provider); 152 153 // Check whether a user is known to be non-enterprise. Domains such as 154 // gmail.com and googlemail.com are known to not be managed. Also returns 155 // false if the username is empty. 156 static bool IsNonEnterpriseUser(const std::string& username); 157 158 // Registers refresh rate prefs. 159 static void RegisterPrefs(PrefRegistrySimple* registry); 160 161 private: 162 // Set the timezone as soon as the policies are available. 163 void SetTimezoneIfPolicyAvailable(); 164 165 ConfigurationPolicyProvider* CreatePlatformProvider(); 166 167 // Whether Init() but not Shutdown() has been invoked. 168 bool is_initialized_; 169 170 PrefService* local_state_; 171 scoped_refptr<net::URLRequestContextGetter> request_context_; 172 173 // Used to convert policies to preferences. The providers declared below 174 // may trigger policy updates during shutdown, which will result in 175 // |handler_list_| being consulted for policy translation. 176 // Therefore, it's important to destroy |handler_list_| after the providers. 177 scoped_ptr<ConfigurationPolicyHandlerList> handler_list_; 178 179 // The Chrome schema. This wraps the structure generated by 180 // generate_policy_source.py at compile time. 181 Schema chrome_schema_; 182 183 // The global SchemaRegistry, which will track all the other registries. 184 CombinedSchemaRegistry schema_registry_; 185 186 scoped_ptr<ConfigurationPolicyProvider> platform_provider_; 187 188 // Components of the device cloud policy implementation. 189 #if defined(OS_CHROMEOS) 190 scoped_ptr<EnterpriseInstallAttributes> install_attributes_; 191 scoped_ptr<DeviceCloudPolicyManagerChromeOS> device_cloud_policy_manager_; 192 scoped_ptr<DeviceLocalAccountPolicyService> 193 device_local_account_policy_service_; 194 195 // This policy provider is used on Chrome OS to feed user policy into the 196 // global PolicyService instance. This works by installing the cloud policy 197 // provider of the primary profile as the delegate of the ProxyPolicyProvider, 198 // after login. 199 ProxyPolicyProvider global_user_cloud_policy_provider_; 200 #endif 201 202 // Must be deleted before all the policy providers. 203 scoped_ptr<PolicyService> policy_service_; 204 205 scoped_ptr<PolicyStatisticsCollector> policy_statistics_collector_; 206 207 scoped_ptr<DeviceManagementService> device_management_service_; 208 209 // Used to initialize the device policy subsystem once the message loops 210 // are spinning. 211 base::WeakPtrFactory<BrowserPolicyConnector> weak_ptr_factory_; 212 213 #if defined(OS_CHROMEOS) 214 scoped_ptr<AppPackUpdater> app_pack_updater_; 215 scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_; 216 #endif 217 218 DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnector); 219 }; 220 221 } // namespace policy 222 223 #endif // CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_ 224
