Home | History | Annotate | Download | only in policy 
      1 // Copyright 2014 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
      6 
      7 #include <string>
      8 #include "base/command_line.h"
      9 #include "base/files/file_path.h"
     10 #include "base/logging.h"
     11 #include "base/message_loop/message_loop_proxy.h"
     12 #include "base/path_service.h"
     13 #include "base/prefs/pref_registry_simple.h"
     14 #include "base/sequenced_task_runner.h"
     15 #include "base/strings/utf_string_conversions.h"
     16 #include "base/threading/sequenced_worker_pool.h"
     17 #include "chrome/browser/chromeos/policy/app_pack_updater.h"
     18 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
     19 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
     20 #include "chrome/browser/chromeos/policy/device_local_account.h"
     21 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
     22 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
     23 #include "chrome/browser/chromeos/policy/device_status_collector.h"
     24 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
     25 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
     26 #include "chrome/browser/chromeos/settings/cros_settings.h"
     27 #include "chrome/browser/chromeos/settings/device_settings_service.h"
     28 #include "chrome/browser/policy/device_management_service_configuration.h"
     29 #include "chrome/common/pref_names.h"
     30 #include "chromeos/chromeos_paths.h"
     31 #include "chromeos/chromeos_switches.h"
     32 #include "chromeos/cryptohome/system_salt_getter.h"
     33 #include "chromeos/dbus/dbus_thread_manager.h"
     34 #include "chromeos/network/network_handler.h"
     35 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
     36 #include "chromeos/settings/cros_settings_names.h"
     37 #include "chromeos/settings/cros_settings_provider.h"
     38 #include "chromeos/settings/timezone_settings.h"
     39 #include "chromeos/system/statistics_provider.h"
     40 #include "components/policy/core/common/cloud/cloud_policy_client.h"
     41 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
     42 #include "components/policy/core/common/proxy_policy_provider.h"
     43 #include "content/public/browser/browser_thread.h"
     44 #include "google_apis/gaia/gaia_auth_util.h"
     45 #include "net/url_request/url_request_context_getter.h"
     46 
     47 using content::BrowserThread;
     48 
     49 namespace policy {
     50 
     51 namespace {
     52 
     53 // TODO(davidyu): Update the URL to the real one once it is ready.
     54 // http://crbug.com/366491.
     55 //
     56 // The URL for the consumer device management server.
     57 const char kDefaultConsumerDeviceManagementServerUrl[] =
     58     "https://m.google.com/devicemanagement/data/api";
     59 
     60 // Install attributes for tests.
     61 EnterpriseInstallAttributes* g_testing_install_attributes = NULL;
     62 
     63 // Helper that returns a new SequencedTaskRunner backed by the blocking pool.
     64 // Each SequencedTaskRunner returned is independent from the others.
     65 scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() {
     66   base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
     67   CHECK(pool);
     68   return pool->GetSequencedTaskRunnerWithShutdownBehavior(
     69       pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
     70 }
     71 
     72 std::string GetConsumerDeviceManagementServerUrl() {
     73   const CommandLine* command_line = CommandLine::ForCurrentProcess();
     74   if (command_line->HasSwitch(
     75           chromeos::switches::kConsumerDeviceManagementUrl)) {
     76     return command_line->GetSwitchValueASCII(
     77         chromeos::switches::kConsumerDeviceManagementUrl);
     78   }
     79   return kDefaultConsumerDeviceManagementServerUrl;
     80 };
     81 
     82 }  // namespace
     83 
     84 BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS()
     85     : device_cloud_policy_manager_(NULL),
     86       global_user_cloud_policy_provider_(NULL),
     87       weak_ptr_factory_(this) {
     88   if (g_testing_install_attributes) {
     89     install_attributes_.reset(g_testing_install_attributes);
     90     g_testing_install_attributes = NULL;
     91   }
     92 
     93   // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests.
     94 
     95   // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready
     96   // (removing it now breaks tests). crbug.com/141016.
     97   if (chromeos::SystemSaltGetter::IsInitialized() &&
     98       chromeos::DBusThreadManager::IsInitialized()) {
     99     state_keys_broker_.reset(new ServerBackedStateKeysBroker(
    100         chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
    101         base::MessageLoopProxy::current()));
    102 
    103     chromeos::CryptohomeClient* cryptohome_client =
    104         chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
    105     if (!install_attributes_) {
    106       install_attributes_.reset(
    107           new EnterpriseInstallAttributes(cryptohome_client));
    108     }
    109     base::FilePath install_attrs_file;
    110     CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES,
    111                            &install_attrs_file));
    112     install_attributes_->ReadCacheFile(install_attrs_file);
    113 
    114     scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store(
    115         new DeviceCloudPolicyStoreChromeOS(
    116             chromeos::DeviceSettingsService::Get(),
    117             install_attributes_.get(),
    118             GetBackgroundTaskRunner()));
    119     device_cloud_policy_manager_ =
    120         new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(),
    121                                              base::MessageLoopProxy::current(),
    122                                              GetBackgroundTaskRunner(),
    123                                              install_attributes_.get(),
    124                                              state_keys_broker_.get());
    125     AddPolicyProvider(
    126         scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_));
    127   }
    128 
    129   global_user_cloud_policy_provider_ = new ProxyPolicyProvider();
    130   AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>(
    131       global_user_cloud_policy_provider_));
    132 }
    133 
    134 BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {}
    135 
    136 void BrowserPolicyConnectorChromeOS::Init(
    137     PrefService* local_state,
    138     scoped_refptr<net::URLRequestContextGetter> request_context) {
    139   ChromeBrowserPolicyConnector::Init(local_state, request_context);
    140 
    141   scoped_ptr<DeviceManagementService::Configuration> configuration(
    142       new DeviceManagementServiceConfiguration(
    143           GetConsumerDeviceManagementServerUrl()));
    144   consumer_device_management_service_.reset(
    145       new DeviceManagementService(configuration.Pass()));
    146   consumer_device_management_service_->ScheduleInitialization(
    147       kServiceInitializationStartupDelay);
    148 
    149   if (device_cloud_policy_manager_) {
    150     // Note: for now the |device_cloud_policy_manager_| is using the global
    151     // schema registry. Eventually it will have its own registry, once device
    152     // cloud policy for extensions is introduced. That means it'd have to be
    153     // initialized from here instead of BrowserPolicyConnector::Init().
    154 
    155     scoped_ptr<CloudPolicyClient::StatusProvider> status_provider(
    156         new DeviceStatusCollector(
    157             local_state,
    158             chromeos::system::StatisticsProvider::GetInstance(),
    159             NULL));
    160     device_cloud_policy_manager_->Connect(
    161         local_state, device_management_service(), status_provider.Pass());
    162   }
    163 
    164   device_local_account_policy_service_.reset(
    165       new DeviceLocalAccountPolicyService(
    166           chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
    167           chromeos::DeviceSettingsService::Get(),
    168           chromeos::CrosSettings::Get(),
    169           GetBackgroundTaskRunner(),
    170           GetBackgroundTaskRunner(),
    171           GetBackgroundTaskRunner(),
    172           content::BrowserThread::GetMessageLoopProxyForThread(
    173               content::BrowserThread::IO),
    174           request_context));
    175   device_local_account_policy_service_->Connect(device_management_service());
    176 
    177   // request_context is NULL in unit tests.
    178   if (request_context && install_attributes_) {
    179     app_pack_updater_.reset(
    180         new AppPackUpdater(request_context, install_attributes_.get()));
    181   }
    182 
    183   SetTimezoneIfPolicyAvailable();
    184 
    185   network_configuration_updater_ =
    186       DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
    187           GetPolicyService(),
    188           chromeos::NetworkHandler::Get()
    189               ->managed_network_configuration_handler(),
    190           chromeos::NetworkHandler::Get()->network_device_handler(),
    191           chromeos::CrosSettings::Get());
    192 }
    193 
    194 void BrowserPolicyConnectorChromeOS::Shutdown() {
    195   // The AppPackUpdater may be observing the |device_cloud_policy_manager_|.
    196   // Delete it first.
    197   app_pack_updater_.reset();
    198 
    199   network_configuration_updater_.reset();
    200 
    201   if (device_local_account_policy_service_)
    202     device_local_account_policy_service_->Shutdown();
    203 
    204   ChromeBrowserPolicyConnector::Shutdown();
    205 }
    206 
    207 bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() {
    208   return install_attributes_ && install_attributes_->IsEnterpriseDevice();
    209 }
    210 
    211 std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() {
    212   return install_attributes_ ? install_attributes_->GetDomain() : std::string();
    213 }
    214 
    215 DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() {
    216   return install_attributes_ ? install_attributes_->GetMode()
    217                              : DEVICE_MODE_NOT_SET;
    218 }
    219 
    220 UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation(
    221     const std::string& user_name) {
    222   // An empty username means incognito user in case of ChromiumOS and
    223   // no logged-in user in case of Chromium (SigninService). Many tests use
    224   // nonsense email addresses (e.g. 'test') so treat those as non-enterprise
    225   // users.
    226   if (user_name.empty() || user_name.find('@') == std::string::npos)
    227     return USER_AFFILIATION_NONE;
    228 
    229   if (install_attributes_ &&
    230       (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) ==
    231            install_attributes_->GetDomain() ||
    232        policy::IsDeviceLocalAccountUser(user_name, NULL))) {
    233     return USER_AFFILIATION_MANAGED;
    234   }
    235 
    236   return USER_AFFILIATION_NONE;
    237 }
    238 
    239 AppPackUpdater* BrowserPolicyConnectorChromeOS::GetAppPackUpdater() {
    240   return app_pack_updater_.get();
    241 }
    242 
    243 void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate(
    244     ConfigurationPolicyProvider* user_policy_provider) {
    245   global_user_cloud_policy_provider_->SetDelegate(user_policy_provider);
    246 }
    247 
    248 void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
    249     EnterpriseInstallAttributes* attributes) {
    250   DCHECK(!g_testing_install_attributes);
    251   g_testing_install_attributes = attributes;
    252 }
    253 
    254 void BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting() {
    255   if (g_testing_install_attributes) {
    256     delete g_testing_install_attributes;
    257     g_testing_install_attributes = NULL;
    258   }
    259 }
    260 
    261 // static
    262 void BrowserPolicyConnectorChromeOS::RegisterPrefs(
    263     PrefRegistrySimple* registry) {
    264   registry->RegisterIntegerPref(
    265       prefs::kDevicePolicyRefreshRate,
    266       CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
    267 }
    268 
    269 void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() {
    270   typedef chromeos::CrosSettingsProvider Provider;
    271   Provider::TrustedStatus result =
    272       chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind(
    273           &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable,
    274           weak_ptr_factory_.GetWeakPtr()));
    275 
    276   if (result != Provider::TRUSTED)
    277     return;
    278 
    279   std::string timezone;
    280   if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy,
    281                                                &timezone) &&
    282       !timezone.empty()) {
    283     chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID(
    284         base::UTF8ToUTF16(timezone));
    285   }
    286 }
    287 
    288 }  // namespace policy
    289