1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "chrome/browser/policy/profile_policy_connector.h" 6 7 #include <vector> 8 9 #include "base/bind.h" 10 #include "base/logging.h" 11 #include "base/values.h" 12 #include "chrome/browser/browser_process.h" 13 #include "components/policy/core/browser/browser_policy_connector.h" 14 #include "components/policy/core/common/cloud/cloud_policy_core.h" 15 #include "components/policy/core/common/cloud/cloud_policy_manager.h" 16 #include "components/policy/core/common/cloud/cloud_policy_store.h" 17 #include "components/policy/core/common/configuration_policy_provider.h" 18 #include "components/policy/core/common/forwarding_policy_provider.h" 19 #include "components/policy/core/common/policy_service_impl.h" 20 #include "google_apis/gaia/gaia_auth_util.h" 21 22 #if defined(OS_CHROMEOS) 23 #include "chrome/browser/chromeos/login/users/user.h" 24 #include "chrome/browser/chromeos/login/users/user_manager.h" 25 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" 26 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" 27 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" 28 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h" 29 #endif 30 31 namespace policy { 32 33 namespace { 34 35 bool HasChromePolicy(ConfigurationPolicyProvider* provider, 36 const char* name) { 37 if (!provider) 38 return false; 39 PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, ""); 40 return provider->policies().Get(chrome_ns).Get(name) != NULL; 41 } 42 43 } // namespace 44 45 ProfilePolicyConnector::ProfilePolicyConnector() 46 #if defined(OS_CHROMEOS) 47 : is_primary_user_(false), 48 user_cloud_policy_manager_(NULL) 49 #else 50 : user_cloud_policy_manager_(NULL) 51 #endif 52 {} 53 54 ProfilePolicyConnector::~ProfilePolicyConnector() {} 55 56 void ProfilePolicyConnector::Init( 57 bool force_immediate_load, 58 #if defined(OS_CHROMEOS) 59 const chromeos::User* user, 60 #endif 61 SchemaRegistry* schema_registry, 62 CloudPolicyManager* user_cloud_policy_manager) { 63 user_cloud_policy_manager_ = user_cloud_policy_manager; 64 65 // |providers| contains a list of the policy providers available for the 66 // PolicyService of this connector, in decreasing order of priority. 67 // 68 // Note: all the providers appended to this vector must eventually become 69 // initialized for every policy domain, otherwise some subsystems will never 70 // use the policies exposed by the PolicyService! 71 // The default ConfigurationPolicyProvider::IsInitializationComplete() 72 // result is true, so take care if a provider overrides that. 73 // 74 // Note: if you append a new provider then make sure IsPolicyFromCloudPolicy() 75 // is also updated below. 76 std::vector<ConfigurationPolicyProvider*> providers; 77 78 #if defined(OS_CHROMEOS) 79 BrowserPolicyConnectorChromeOS* connector = 80 g_browser_process->platform_part()->browser_policy_connector_chromeos(); 81 #else 82 BrowserPolicyConnector* connector = 83 g_browser_process->browser_policy_connector(); 84 #endif 85 86 if (connector->GetPlatformProvider()) { 87 forwarding_policy_provider_.reset( 88 new ForwardingPolicyProvider(connector->GetPlatformProvider())); 89 forwarding_policy_provider_->Init(schema_registry); 90 providers.push_back(forwarding_policy_provider_.get()); 91 } 92 93 #if defined(OS_CHROMEOS) 94 if (connector->GetDeviceCloudPolicyManager()) 95 providers.push_back(connector->GetDeviceCloudPolicyManager()); 96 #endif 97 98 if (user_cloud_policy_manager) 99 providers.push_back(user_cloud_policy_manager); 100 101 #if defined(OS_CHROMEOS) 102 if (!user) { 103 DCHECK(schema_registry); 104 // This case occurs for the signin profile. 105 special_user_policy_provider_.reset( 106 new LoginProfilePolicyProvider(connector->GetPolicyService())); 107 } else { 108 // |user| should never be NULL except for the signin profile. 109 is_primary_user_ = user == chromeos::UserManager::Get()->GetPrimaryUser(); 110 special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create( 111 user->email(), 112 connector->GetDeviceLocalAccountPolicyService()); 113 } 114 if (special_user_policy_provider_) { 115 special_user_policy_provider_->Init(schema_registry); 116 providers.push_back(special_user_policy_provider_.get()); 117 } 118 #endif 119 120 policy_service_.reset(new PolicyServiceImpl(providers)); 121 122 #if defined(OS_CHROMEOS) 123 if (is_primary_user_) { 124 if (user_cloud_policy_manager) 125 connector->SetUserPolicyDelegate(user_cloud_policy_manager); 126 else if (special_user_policy_provider_) 127 connector->SetUserPolicyDelegate(special_user_policy_provider_.get()); 128 } 129 #endif 130 } 131 132 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) { 133 policy_service_ = service.Pass(); 134 } 135 136 void ProfilePolicyConnector::Shutdown() { 137 #if defined(OS_CHROMEOS) 138 BrowserPolicyConnectorChromeOS* connector = 139 g_browser_process->platform_part()->browser_policy_connector_chromeos(); 140 if (is_primary_user_) 141 connector->SetUserPolicyDelegate(NULL); 142 if (special_user_policy_provider_) 143 special_user_policy_provider_->Shutdown(); 144 #endif 145 if (forwarding_policy_provider_) 146 forwarding_policy_provider_->Shutdown(); 147 } 148 149 bool ProfilePolicyConnector::IsManaged() const { 150 return !GetManagementDomain().empty(); 151 } 152 153 std::string ProfilePolicyConnector::GetManagementDomain() const { 154 if (!user_cloud_policy_manager_) 155 return ""; 156 CloudPolicyStore* store = user_cloud_policy_manager_->core()->store(); 157 if (store && store->is_managed() && store->policy()->has_username()) 158 return gaia::ExtractDomainName(store->policy()->username()); 159 return ""; 160 } 161 162 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const { 163 if (!HasChromePolicy(user_cloud_policy_manager_, name)) 164 return false; 165 166 // Check all the providers that have higher priority than the 167 // |user_cloud_policy_manager_|. These checks must be kept in sync with the 168 // order of the providers in Init(). 169 170 if (HasChromePolicy(forwarding_policy_provider_.get(), name)) 171 return false; 172 173 #if defined(OS_CHROMEOS) 174 BrowserPolicyConnectorChromeOS* connector = 175 g_browser_process->platform_part()->browser_policy_connector_chromeos(); 176 if (HasChromePolicy(connector->GetDeviceCloudPolicyManager(), name)) 177 return false; 178 #endif 179 180 return true; 181 } 182 183 } // namespace policy 184