Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/policy/profile_policy_connector.h"
      6 
      7 #include <vector>
      8 
      9 #include "base/bind.h"
     10 #include "base/logging.h"
     11 #include "base/values.h"
     12 #include "chrome/browser/browser_process.h"
     13 #include "components/policy/core/browser/browser_policy_connector.h"
     14 #include "components/policy/core/common/cloud/cloud_policy_core.h"
     15 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
     16 #include "components/policy/core/common/cloud/cloud_policy_store.h"
     17 #include "components/policy/core/common/configuration_policy_provider.h"
     18 #include "components/policy/core/common/forwarding_policy_provider.h"
     19 #include "components/policy/core/common/policy_service_impl.h"
     20 #include "google_apis/gaia/gaia_auth_util.h"
     21 
     22 #if defined(OS_CHROMEOS)
     23 #include "chrome/browser/chromeos/login/users/user.h"
     24 #include "chrome/browser/chromeos/login/users/user_manager.h"
     25 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
     26 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
     27 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
     28 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h"
     29 #endif
     30 
     31 namespace policy {
     32 
     33 namespace {
     34 
     35 bool HasChromePolicy(ConfigurationPolicyProvider* provider,
     36                      const char* name) {
     37   if (!provider)
     38     return false;
     39   PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, "");
     40   return provider->policies().Get(chrome_ns).Get(name) != NULL;
     41 }
     42 
     43 }  // namespace
     44 
     45 ProfilePolicyConnector::ProfilePolicyConnector()
     46 #if defined(OS_CHROMEOS)
     47     : is_primary_user_(false),
     48       user_cloud_policy_manager_(NULL)
     49 #else
     50     : user_cloud_policy_manager_(NULL)
     51 #endif
     52       {}
     53 
     54 ProfilePolicyConnector::~ProfilePolicyConnector() {}
     55 
     56 void ProfilePolicyConnector::Init(
     57     bool force_immediate_load,
     58 #if defined(OS_CHROMEOS)
     59     const chromeos::User* user,
     60 #endif
     61     SchemaRegistry* schema_registry,
     62     CloudPolicyManager* user_cloud_policy_manager) {
     63   user_cloud_policy_manager_ = user_cloud_policy_manager;
     64 
     65   // |providers| contains a list of the policy providers available for the
     66   // PolicyService of this connector, in decreasing order of priority.
     67   //
     68   // Note: all the providers appended to this vector must eventually become
     69   // initialized for every policy domain, otherwise some subsystems will never
     70   // use the policies exposed by the PolicyService!
     71   // The default ConfigurationPolicyProvider::IsInitializationComplete()
     72   // result is true, so take care if a provider overrides that.
     73   //
     74   // Note: if you append a new provider then make sure IsPolicyFromCloudPolicy()
     75   // is also updated below.
     76   std::vector<ConfigurationPolicyProvider*> providers;
     77 
     78 #if defined(OS_CHROMEOS)
     79   BrowserPolicyConnectorChromeOS* connector =
     80       g_browser_process->platform_part()->browser_policy_connector_chromeos();
     81 #else
     82   BrowserPolicyConnector* connector =
     83       g_browser_process->browser_policy_connector();
     84 #endif
     85 
     86   if (connector->GetPlatformProvider()) {
     87     forwarding_policy_provider_.reset(
     88         new ForwardingPolicyProvider(connector->GetPlatformProvider()));
     89     forwarding_policy_provider_->Init(schema_registry);
     90     providers.push_back(forwarding_policy_provider_.get());
     91   }
     92 
     93 #if defined(OS_CHROMEOS)
     94   if (connector->GetDeviceCloudPolicyManager())
     95     providers.push_back(connector->GetDeviceCloudPolicyManager());
     96 #endif
     97 
     98   if (user_cloud_policy_manager)
     99     providers.push_back(user_cloud_policy_manager);
    100 
    101 #if defined(OS_CHROMEOS)
    102   if (!user) {
    103     DCHECK(schema_registry);
    104     // This case occurs for the signin profile.
    105     special_user_policy_provider_.reset(
    106         new LoginProfilePolicyProvider(connector->GetPolicyService()));
    107   } else {
    108     // |user| should never be NULL except for the signin profile.
    109     is_primary_user_ = user == chromeos::UserManager::Get()->GetPrimaryUser();
    110     special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create(
    111         user->email(),
    112         connector->GetDeviceLocalAccountPolicyService());
    113   }
    114   if (special_user_policy_provider_) {
    115     special_user_policy_provider_->Init(schema_registry);
    116     providers.push_back(special_user_policy_provider_.get());
    117   }
    118 #endif
    119 
    120   policy_service_.reset(new PolicyServiceImpl(providers));
    121 
    122 #if defined(OS_CHROMEOS)
    123   if (is_primary_user_) {
    124     if (user_cloud_policy_manager)
    125       connector->SetUserPolicyDelegate(user_cloud_policy_manager);
    126     else if (special_user_policy_provider_)
    127       connector->SetUserPolicyDelegate(special_user_policy_provider_.get());
    128   }
    129 #endif
    130 }
    131 
    132 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) {
    133   policy_service_ = service.Pass();
    134 }
    135 
    136 void ProfilePolicyConnector::Shutdown() {
    137 #if defined(OS_CHROMEOS)
    138   BrowserPolicyConnectorChromeOS* connector =
    139       g_browser_process->platform_part()->browser_policy_connector_chromeos();
    140   if (is_primary_user_)
    141     connector->SetUserPolicyDelegate(NULL);
    142   if (special_user_policy_provider_)
    143     special_user_policy_provider_->Shutdown();
    144 #endif
    145   if (forwarding_policy_provider_)
    146     forwarding_policy_provider_->Shutdown();
    147 }
    148 
    149 bool ProfilePolicyConnector::IsManaged() const {
    150   return !GetManagementDomain().empty();
    151 }
    152 
    153 std::string ProfilePolicyConnector::GetManagementDomain() const {
    154   if (!user_cloud_policy_manager_)
    155     return "";
    156   CloudPolicyStore* store = user_cloud_policy_manager_->core()->store();
    157   if (store && store->is_managed() && store->policy()->has_username())
    158     return gaia::ExtractDomainName(store->policy()->username());
    159   return "";
    160 }
    161 
    162 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const {
    163   if (!HasChromePolicy(user_cloud_policy_manager_, name))
    164     return false;
    165 
    166   // Check all the providers that have higher priority than the
    167   // |user_cloud_policy_manager_|. These checks must be kept in sync with the
    168   // order of the providers in Init().
    169 
    170   if (HasChromePolicy(forwarding_policy_provider_.get(), name))
    171     return false;
    172 
    173 #if defined(OS_CHROMEOS)
    174   BrowserPolicyConnectorChromeOS* connector =
    175       g_browser_process->platform_part()->browser_policy_connector_chromeos();
    176   if (HasChromePolicy(connector->GetDeviceCloudPolicyManager(), name))
    177     return false;
    178 #endif
    179 
    180   return true;
    181 }
    182 
    183 }  // namespace policy
    184