Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
      6 
      7 #include "base/bind.h"
      8 #include "base/command_line.h"
      9 #include "base/files/file_path.h"
     10 #include "base/logging.h"
     11 #include "base/memory/ref_counted.h"
     12 #include "base/message_loop/message_loop_proxy.h"
     13 #include "base/path_service.h"
     14 #include "base/sequenced_task_runner.h"
     15 #include "base/threading/sequenced_worker_pool.h"
     16 #include "base/time/time.h"
     17 #include "chrome/browser/browser_process.h"
     18 #include "chrome/browser/chromeos/login/login_utils.h"
     19 #include "chrome/browser/chromeos/login/users/user.h"
     20 #include "chrome/browser/chromeos/login/users/user_manager.h"
     21 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
     22 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
     23 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
     24 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
     25 #include "chrome/browser/chromeos/profiles/profile_helper.h"
     26 #include "chrome/browser/policy/schema_registry_service.h"
     27 #include "chrome/browser/policy/schema_registry_service_factory.h"
     28 #include "chrome/browser/profiles/profile.h"
     29 #include "chromeos/chromeos_paths.h"
     30 #include "chromeos/chromeos_switches.h"
     31 #include "chromeos/dbus/dbus_thread_manager.h"
     32 #include "components/keyed_service/content/browser_context_dependency_manager.h"
     33 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
     34 #include "components/policy/core/common/cloud/device_management_service.h"
     35 #include "content/public/browser/browser_thread.h"
     36 #include "net/url_request/url_request_context_getter.h"
     37 #include "policy/policy_constants.h"
     38 
     39 namespace policy {
     40 
     41 namespace {
     42 
     43 // Subdirectory in the user's profile for storing legacy user policies.
     44 const base::FilePath::CharType kDeviceManagementDir[] =
     45     FILE_PATH_LITERAL("Device Management");
     46 
     47 // File in the above directory for storing legacy user policy dmtokens.
     48 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
     49 
     50 // This constant is used to build two different paths. It can be a file inside
     51 // kDeviceManagementDir where legacy user policy data is stored, and it can be
     52 // a directory inside the profile directory where other resources are stored.
     53 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
     54 
     55 // Directory under kPolicy, in the user's profile dir, where policy for
     56 // components is cached.
     57 const base::FilePath::CharType kComponentsDir[] =
     58     FILE_PATH_LITERAL("Components");
     59 
     60 // Directory in which to store external policy data. This is specified relative
     61 // to kPolicy.
     62 const base::FilePath::CharType kPolicyExternalDataDir[] =
     63     FILE_PATH_LITERAL("External Data");
     64 
     65 // Timeout in seconds after which to abandon the initial policy fetch and start
     66 // the session regardless.
     67 const int kInitialPolicyFetchTimeoutSeconds = 10;
     68 
     69 }  // namespace
     70 
     71 // static
     72 UserCloudPolicyManagerFactoryChromeOS*
     73     UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
     74   return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
     75 }
     76 
     77 // static
     78 UserCloudPolicyManagerChromeOS*
     79     UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
     80         Profile* profile) {
     81   return GetInstance()->GetManagerForProfile(profile);
     82 }
     83 
     84 // static
     85 scoped_ptr<UserCloudPolicyManagerChromeOS>
     86     UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
     87         Profile* profile,
     88         bool force_immediate_load,
     89         scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
     90   return GetInstance()->CreateManagerForProfile(
     91       profile, force_immediate_load, background_task_runner);
     92 }
     93 
     94 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
     95     : BrowserContextKeyedBaseFactory(
     96         "UserCloudPolicyManagerChromeOS",
     97         BrowserContextDependencyManager::GetInstance()) {
     98   DependsOn(SchemaRegistryServiceFactory::GetInstance());
     99 }
    100 
    101 UserCloudPolicyManagerFactoryChromeOS::
    102     ~UserCloudPolicyManagerFactoryChromeOS() {}
    103 
    104 UserCloudPolicyManagerChromeOS*
    105     UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
    106         Profile* profile) {
    107   // Get the manager for the original profile, since the PolicyService is
    108   // also shared between the incognito Profile and the original Profile.
    109   ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
    110   return it != managers_.end() ? it->second : NULL;
    111 }
    112 
    113 scoped_ptr<UserCloudPolicyManagerChromeOS>
    114     UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
    115         Profile* profile,
    116         bool force_immediate_load,
    117         scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
    118   const CommandLine* command_line = CommandLine::ForCurrentProcess();
    119   // Don't initialize cloud policy for the signin profile.
    120   if (chromeos::ProfileHelper::IsSigninProfile(profile))
    121     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
    122 
    123   // |user| should never be NULL except for the signin profile. This object is
    124   // created as part of the Profile creation, which happens right after
    125   // sign-in. The just-signed-in User is the active user during that time.
    126   chromeos::UserManager* user_manager = chromeos::UserManager::Get();
    127   chromeos::User* user = user_manager->GetUserByProfile(profile);
    128   CHECK(user);
    129 
    130   // Only USER_TYPE_REGULAR users have user cloud policy.
    131   // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
    132   // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the
    133   // policy registration.
    134   // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
    135   // DeviceLocalAccountPolicyService.
    136   const std::string& username = user->email();
    137   if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
    138       BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
    139     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
    140   }
    141 
    142   policy::BrowserPolicyConnectorChromeOS* connector =
    143       g_browser_process->platform_part()->browser_policy_connector_chromeos();
    144   UserAffiliation affiliation = connector->GetUserAffiliation(username);
    145   const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
    146   const bool is_browser_restart =
    147       command_line->HasSwitch(chromeos::switches::kLoginUser) &&
    148       !command_line->HasSwitch(chromeos::switches::kLoginPassword);
    149   const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
    150 
    151   DeviceManagementService* device_management_service =
    152       connector->device_management_service();
    153   if (wait_for_initial_policy)
    154     device_management_service->ScheduleInitialization(0);
    155 
    156   base::FilePath profile_dir = profile->GetPath();
    157   const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
    158   const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
    159   const base::FilePath token_cache_file = legacy_dir.Append(kToken);
    160   const base::FilePath component_policy_cache_dir =
    161       profile_dir.Append(kPolicy).Append(kComponentsDir);
    162   const base::FilePath external_data_dir =
    163         profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
    164   base::FilePath policy_key_dir;
    165   CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
    166 
    167   scoped_ptr<UserCloudPolicyStoreChromeOS> store(
    168       new UserCloudPolicyStoreChromeOS(
    169           chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
    170           chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
    171           background_task_runner,
    172           username, policy_key_dir, token_cache_file, policy_cache_file));
    173 
    174   scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
    175       content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
    176           content::BrowserThread::GetBlockingPool()->GetSequenceToken());
    177   scoped_refptr<base::SequencedTaskRunner> io_task_runner =
    178       content::BrowserThread::GetMessageLoopProxyForThread(
    179           content::BrowserThread::IO);
    180   scoped_ptr<CloudExternalDataManager> external_data_manager(
    181       new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
    182                                        backend_task_runner,
    183                                        io_task_runner,
    184                                        external_data_dir,
    185                                        store.get()));
    186   if (force_immediate_load)
    187     store->LoadImmediately();
    188 
    189   scoped_refptr<base::SequencedTaskRunner> file_task_runner =
    190       content::BrowserThread::GetMessageLoopProxyForThread(
    191           content::BrowserThread::FILE);
    192 
    193   scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
    194       new UserCloudPolicyManagerChromeOS(
    195           store.PassAs<CloudPolicyStore>(),
    196           external_data_manager.Pass(),
    197           component_policy_cache_dir,
    198           wait_for_initial_policy,
    199           base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds),
    200           base::MessageLoopProxy::current(),
    201           file_task_runner,
    202           io_task_runner));
    203 
    204   bool wildcard_match = false;
    205   if (connector->IsEnterpriseManaged() &&
    206       chromeos::LoginUtils::IsWhitelisted(username, &wildcard_match) &&
    207       wildcard_match &&
    208       !connector->IsNonEnterpriseUser(username)) {
    209     manager->EnableWildcardLoginCheck(username);
    210   }
    211 
    212   manager->Init(
    213       SchemaRegistryServiceFactory::GetForContext(profile)->registry());
    214   manager->Connect(g_browser_process->local_state(),
    215                    device_management_service,
    216                    g_browser_process->system_request_context(),
    217                    affiliation);
    218 
    219   DCHECK(managers_.find(profile) == managers_.end());
    220   managers_[profile] = manager.get();
    221   return manager.Pass();
    222 }
    223 
    224 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
    225     content::BrowserContext* context) {
    226   Profile* profile = static_cast<Profile*>(context);
    227   if (profile->IsOffTheRecord())
    228     return;
    229   UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
    230   if (manager)
    231     manager->Shutdown();
    232 }
    233 
    234 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
    235     content::BrowserContext* context) {
    236   Profile* profile = static_cast<Profile*>(context);
    237   managers_.erase(profile);
    238   BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
    239 }
    240 
    241 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
    242     content::BrowserContext* context) {}
    243 
    244 bool UserCloudPolicyManagerFactoryChromeOS::HasTestingFactory(
    245     content::BrowserContext* context) {
    246   return false;
    247 }
    248 
    249 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
    250     content::BrowserContext* context) {}
    251 
    252 }  // namespace policy
    253