Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/policy/profile_policy_connector.h"
      6 
      7 #include <vector>
      8 
      9 #include "base/bind.h"
     10 #include "base/logging.h"
     11 #include "base/values.h"
     12 #include "chrome/browser/browser_process.h"
     13 #include "components/policy/core/browser/browser_policy_connector.h"
     14 #include "components/policy/core/common/cloud/cloud_policy_core.h"
     15 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
     16 #include "components/policy/core/common/cloud/cloud_policy_store.h"
     17 #include "components/policy/core/common/configuration_policy_provider.h"
     18 #include "components/policy/core/common/forwarding_policy_provider.h"
     19 #include "components/policy/core/common/policy_service_impl.h"
     20 #include "google_apis/gaia/gaia_auth_util.h"
     21 
     22 #if defined(OS_CHROMEOS)
     23 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
     24 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
     25 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
     26 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h"
     27 #include "components/user_manager/user.h"
     28 #include "components/user_manager/user_manager.h"
     29 #endif
     30 
     31 namespace policy {
     32 
     33 namespace {
     34 
     35 bool HasChromePolicy(ConfigurationPolicyProvider* provider,
     36                      const char* name) {
     37   if (!provider)
     38     return false;
     39   PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, "");
     40   return provider->policies().Get(chrome_ns).Get(name) != NULL;
     41 }
     42 
     43 }  // namespace
     44 
     45 ProfilePolicyConnector::ProfilePolicyConnector()
     46 #if defined(OS_CHROMEOS)
     47     : is_primary_user_(false),
     48       user_cloud_policy_manager_(NULL)
     49 #else
     50     : user_cloud_policy_manager_(NULL)
     51 #endif
     52       {}
     53 
     54 ProfilePolicyConnector::~ProfilePolicyConnector() {}
     55 
     56 void ProfilePolicyConnector::Init(
     57     bool force_immediate_load,
     58 #if defined(OS_CHROMEOS)
     59     const user_manager::User* user,
     60 #endif
     61     SchemaRegistry* schema_registry,
     62     CloudPolicyManager* user_cloud_policy_manager) {
     63   user_cloud_policy_manager_ = user_cloud_policy_manager;
     64 
     65   // |providers| contains a list of the policy providers available for the
     66   // PolicyService of this connector, in decreasing order of priority.
     67   //
     68   // Note: all the providers appended to this vector must eventually become
     69   // initialized for every policy domain, otherwise some subsystems will never
     70   // use the policies exposed by the PolicyService!
     71   // The default ConfigurationPolicyProvider::IsInitializationComplete()
     72   // result is true, so take care if a provider overrides that.
     73   //
     74   // Note: if you append a new provider then make sure IsPolicyFromCloudPolicy()
     75   // is also updated below.
     76   std::vector<ConfigurationPolicyProvider*> providers;
     77 
     78 #if defined(OS_CHROMEOS)
     79   BrowserPolicyConnectorChromeOS* connector =
     80       g_browser_process->platform_part()->browser_policy_connector_chromeos();
     81 #else
     82   BrowserPolicyConnector* connector =
     83       g_browser_process->browser_policy_connector();
     84 #endif
     85 
     86   if (connector->GetPlatformProvider()) {
     87     forwarding_policy_provider_.reset(
     88         new ForwardingPolicyProvider(connector->GetPlatformProvider()));
     89     forwarding_policy_provider_->Init(schema_registry);
     90     providers.push_back(forwarding_policy_provider_.get());
     91   }
     92 
     93 #if defined(OS_CHROMEOS)
     94   if (connector->GetDeviceCloudPolicyManager())
     95     providers.push_back(connector->GetDeviceCloudPolicyManager());
     96 #endif
     97 
     98   if (user_cloud_policy_manager)
     99     providers.push_back(user_cloud_policy_manager);
    100 
    101 #if defined(OS_CHROMEOS)
    102   if (!user) {
    103     DCHECK(schema_registry);
    104     // This case occurs for the signin profile.
    105     special_user_policy_provider_.reset(
    106         new LoginProfilePolicyProvider(connector->GetPolicyService()));
    107   } else {
    108     // |user| should never be NULL except for the signin profile.
    109     is_primary_user_ =
    110         user == user_manager::UserManager::Get()->GetPrimaryUser();
    111     special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create(
    112         user->email(),
    113         connector->GetDeviceLocalAccountPolicyService());
    114   }
    115   if (special_user_policy_provider_) {
    116     special_user_policy_provider_->Init(schema_registry);
    117     providers.push_back(special_user_policy_provider_.get());
    118   }
    119 #endif
    120 
    121   policy_service_.reset(new PolicyServiceImpl(providers));
    122 
    123 #if defined(OS_CHROMEOS)
    124   if (is_primary_user_) {
    125     if (user_cloud_policy_manager)
    126       connector->SetUserPolicyDelegate(user_cloud_policy_manager);
    127     else if (special_user_policy_provider_)
    128       connector->SetUserPolicyDelegate(special_user_policy_provider_.get());
    129   }
    130 #endif
    131 }
    132 
    133 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) {
    134   policy_service_ = service.Pass();
    135 }
    136 
    137 void ProfilePolicyConnector::Shutdown() {
    138 #if defined(OS_CHROMEOS)
    139   BrowserPolicyConnectorChromeOS* connector =
    140       g_browser_process->platform_part()->browser_policy_connector_chromeos();
    141   if (is_primary_user_)
    142     connector->SetUserPolicyDelegate(NULL);
    143   if (special_user_policy_provider_)
    144     special_user_policy_provider_->Shutdown();
    145 #endif
    146   if (forwarding_policy_provider_)
    147     forwarding_policy_provider_->Shutdown();
    148 }
    149 
    150 bool ProfilePolicyConnector::IsManaged() const {
    151   return !GetManagementDomain().empty();
    152 }
    153 
    154 std::string ProfilePolicyConnector::GetManagementDomain() const {
    155   if (!user_cloud_policy_manager_)
    156     return "";
    157   CloudPolicyStore* store = user_cloud_policy_manager_->core()->store();
    158   if (store && store->is_managed() && store->policy()->has_username())
    159     return gaia::ExtractDomainName(store->policy()->username());
    160   return "";
    161 }
    162 
    163 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const {
    164   if (!HasChromePolicy(user_cloud_policy_manager_, name))
    165     return false;
    166 
    167   // Check all the providers that have higher priority than the
    168   // |user_cloud_policy_manager_|. These checks must be kept in sync with the
    169   // order of the providers in Init().
    170 
    171   if (HasChromePolicy(forwarding_policy_provider_.get(), name))
    172     return false;
    173 
    174 #if defined(OS_CHROMEOS)
    175   BrowserPolicyConnectorChromeOS* connector =
    176       g_browser_process->platform_part()->browser_policy_connector_chromeos();
    177   if (HasChromePolicy(connector->GetDeviceCloudPolicyManager(), name))
    178     return false;
    179 #endif
    180 
    181   return true;
    182 }
    183 
    184 }  // namespace policy
    185