1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_ 6 #define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_ 7 8 #include <map> 9 #include <set> 10 #include <string> 11 #include <vector> 12 13 #include "base/callback.h" 14 #include "base/gtest_prod_util.h" 15 #include "base/memory/scoped_ptr.h" 16 #include "base/observer_list.h" 17 #include "base/prefs/pref_change_registrar.h" 18 #include "base/scoped_observer.h" 19 #include "base/strings/string16.h" 20 #include "chrome/browser/supervised_user/experimental/supervised_user_blacklist.h" 21 #include "chrome/browser/supervised_user/supervised_user_url_filter.h" 22 #include "chrome/browser/supervised_user/supervised_users.h" 23 #include "chrome/browser/sync/profile_sync_service_observer.h" 24 #include "chrome/browser/sync/sync_type_preference_provider.h" 25 #include "chrome/browser/ui/browser_list_observer.h" 26 #include "components/keyed_service/core/keyed_service.h" 27 #include "content/public/browser/web_contents.h" 28 29 #if defined(ENABLE_EXTENSIONS) 30 #include "extensions/browser/extension_registry_observer.h" 31 #include "extensions/browser/management_policy.h" 32 #endif 33 34 class Browser; 35 class GoogleServiceAuthError; 36 class PermissionRequestCreator; 37 class Profile; 38 class SupervisedUserBlacklistDownloader; 39 class SupervisedUserRegistrationUtility; 40 class SupervisedUserServiceObserver; 41 class SupervisedUserSettingsService; 42 class SupervisedUserSiteList; 43 class SupervisedUserURLFilter; 44 45 namespace base { 46 class FilePath; 47 } 48 49 namespace extensions { 50 class ExtensionRegistry; 51 } 52 53 namespace user_prefs { 54 class PrefRegistrySyncable; 55 } 56 57 // This class handles all the information related to a given supervised profile 58 // (e.g. the installed content packs, the default URL filtering behavior, or 59 // manual whitelist/blacklist overrides). 60 class SupervisedUserService : public KeyedService, 61 #if defined(ENABLE_EXTENSIONS) 62 public extensions::ManagementPolicy::Provider, 63 public extensions::ExtensionRegistryObserver, 64 #endif 65 public SyncTypePreferenceProvider, 66 public ProfileSyncServiceObserver, 67 public chrome::BrowserListObserver { 68 public: 69 typedef std::vector<base::string16> CategoryList; 70 typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback; 71 typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback; 72 73 enum ManualBehavior { 74 MANUAL_NONE = 0, 75 MANUAL_ALLOW, 76 MANUAL_BLOCK 77 }; 78 79 class Delegate { 80 public: 81 virtual ~Delegate() {} 82 // Returns true to indicate that the delegate handled the (de)activation, or 83 // false to indicate that the SupervisedUserService itself should handle it. 84 virtual bool SetActive(bool active) = 0; 85 // Returns the path to a blacklist file to load, or an empty path to 86 // indicate "none". 87 virtual base::FilePath GetBlacklistPath() const = 0; 88 // Returns the URL from which to download a blacklist if no local one exists 89 // yet. The blacklist file will be stored at |GetBlacklistPath()|. 90 virtual GURL GetBlacklistURL() const = 0; 91 }; 92 93 virtual ~SupervisedUserService(); 94 95 // ProfileKeyedService override: 96 virtual void Shutdown() OVERRIDE; 97 98 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry); 99 100 void SetDelegate(Delegate* delegate); 101 102 // Returns the URL filter for the IO thread, for filtering network requests 103 // (in SupervisedUserResourceThrottle). 104 scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread(); 105 106 // Returns the URL filter for the UI thread, for filtering navigations and 107 // classifying sites in the history view. 108 SupervisedUserURLFilter* GetURLFilterForUIThread(); 109 110 // Returns the URL's category, obtained from the installed content packs. 111 int GetCategory(const GURL& url); 112 113 // Returns the list of all known human-readable category names, sorted by ID 114 // number. Called in the critical path of drawing the history UI, so needs to 115 // be fast. 116 void GetCategoryNames(CategoryList* list); 117 118 // Whether the user can request access to blocked URLs. 119 bool AccessRequestsEnabled(); 120 121 void OnPermissionRequestIssued(); 122 123 // Adds an access request for the given URL. The requests are stored using 124 // a prefix followed by a URIEncoded version of the URL. Each entry contains 125 // a dictionary which currently has the timestamp of the request in it. 126 void AddAccessRequest(const GURL& url); 127 128 // Returns the email address of the custodian. 129 std::string GetCustodianEmailAddress() const; 130 131 // Returns the name of the custodian, or the email address if the name is 132 // empty. 133 std::string GetCustodianName() const; 134 135 // These methods allow querying and modifying the manual filtering behavior. 136 // The manual behavior is set by the user and overrides all other settings 137 // (whitelists or the default behavior). 138 139 // Returns the manual behavior for the given host. 140 ManualBehavior GetManualBehaviorForHost(const std::string& hostname); 141 142 // Returns the manual behavior for the given URL. 143 ManualBehavior GetManualBehaviorForURL(const GURL& url); 144 145 // Returns all URLS on the given host that have exceptions. 146 void GetManualExceptionsForHost(const std::string& host, 147 std::vector<GURL>* urls); 148 149 // Initializes this object. This method does nothing if the profile is not 150 // supervised. 151 void Init(); 152 153 // Initializes this profile for syncing, using the provided |refresh_token| to 154 // mint access tokens for Sync. 155 void InitSync(const std::string& refresh_token); 156 157 // Convenience method that registers this supervised user using 158 // |registration_utility| and initializes sync with the returned token. 159 // The |callback| will be called when registration is complete, 160 // whether it succeeded or not -- unless registration was cancelled manually, 161 // in which case the callback will be ignored. 162 void RegisterAndInitSync( 163 SupervisedUserRegistrationUtility* registration_utility, 164 Profile* custodian_profile, 165 const std::string& supervised_user_id, 166 const AuthErrorCallback& callback); 167 168 void set_elevated_for_testing(bool skip) { 169 elevated_for_testing_ = skip; 170 } 171 172 void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback); 173 void DidBlockNavigation(content::WebContents* web_contents); 174 175 void AddObserver(SupervisedUserServiceObserver* observer); 176 void RemoveObserver(SupervisedUserServiceObserver* observer); 177 178 #if defined(ENABLE_EXTENSIONS) 179 // extensions::ManagementPolicy::Provider implementation: 180 virtual std::string GetDebugPolicyProviderName() const OVERRIDE; 181 virtual bool UserMayLoad(const extensions::Extension* extension, 182 base::string16* error) const OVERRIDE; 183 virtual bool UserMayModifySettings(const extensions::Extension* extension, 184 base::string16* error) const OVERRIDE; 185 186 // extensions::ExtensionRegistryObserver implementation. 187 virtual void OnExtensionLoaded( 188 content::BrowserContext* browser_context, 189 const extensions::Extension* extension) OVERRIDE; 190 virtual void OnExtensionUnloaded( 191 content::BrowserContext* browser_context, 192 const extensions::Extension* extension, 193 extensions::UnloadedExtensionInfo::Reason reason) OVERRIDE; 194 #endif 195 196 // SyncTypePreferenceProvider implementation: 197 virtual syncer::ModelTypeSet GetPreferredDataTypes() const OVERRIDE; 198 199 // ProfileSyncServiceObserver implementation: 200 virtual void OnStateChanged() OVERRIDE; 201 202 // chrome::BrowserListObserver implementation: 203 virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE; 204 205 private: 206 friend class SupervisedUserServiceExtensionTestBase; 207 friend class SupervisedUserServiceFactory; 208 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration); 209 210 // A bridge from the UI thread to the SupervisedUserURLFilters, one of which 211 // lives on the IO thread. This class mediates access to them and makes sure 212 // they are kept in sync. 213 class URLFilterContext { 214 public: 215 URLFilterContext(); 216 ~URLFilterContext(); 217 218 SupervisedUserURLFilter* ui_url_filter() const; 219 SupervisedUserURLFilter* io_url_filter() const; 220 221 void SetDefaultFilteringBehavior( 222 SupervisedUserURLFilter::FilteringBehavior behavior); 223 void LoadWhitelists(ScopedVector<SupervisedUserSiteList> site_lists); 224 void LoadBlacklist(const base::FilePath& path); 225 void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map); 226 void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map); 227 228 private: 229 void OnBlacklistLoaded(); 230 231 // SupervisedUserURLFilter is refcounted because the IO thread filter is 232 // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter 233 // network requests), so they both keep a reference to it. 234 // Clients should not keep references to the UI thread filter, however 235 // (the filter will live as long as the profile lives, and afterwards it 236 // should not be used anymore either). 237 scoped_refptr<SupervisedUserURLFilter> ui_url_filter_; 238 scoped_refptr<SupervisedUserURLFilter> io_url_filter_; 239 240 SupervisedUserBlacklist blacklist_; 241 242 DISALLOW_COPY_AND_ASSIGN(URLFilterContext); 243 }; 244 245 // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get 246 // an instance of this service. 247 explicit SupervisedUserService(Profile* profile); 248 249 void SetActive(bool active); 250 251 void OnCustodianProfileDownloaded(const base::string16& full_name); 252 253 void OnSupervisedUserRegistered(const AuthErrorCallback& callback, 254 Profile* custodian_profile, 255 const GoogleServiceAuthError& auth_error, 256 const std::string& token); 257 258 void SetupSync(); 259 void StartSetupSync(); 260 void FinishSetupSyncWhenReady(); 261 void FinishSetupSync(); 262 263 bool ProfileIsSupervised() const; 264 265 void OnCustodianInfoChanged(); 266 267 #if defined(ENABLE_EXTENSIONS) 268 // Internal implementation for ExtensionManagementPolicy::Delegate methods. 269 // If |error| is not NULL, it will be filled with an error message if the 270 // requested extension action (install, modify status, etc.) is not permitted. 271 bool ExtensionManagementPolicyImpl(const extensions::Extension* extension, 272 base::string16* error) const; 273 274 // Returns a list of all installed and enabled site lists in the current 275 // supervised profile. 276 ScopedVector<SupervisedUserSiteList> GetActiveSiteLists(); 277 278 // Extensions helper to SetActive(). 279 void SetExtensionsActive(); 280 #endif 281 282 SupervisedUserSettingsService* GetSettingsService(); 283 284 void OnSupervisedUserIdChanged(); 285 286 void OnDefaultFilteringBehaviorChanged(); 287 288 void UpdateSiteLists(); 289 290 // Asynchronously downloads a static blacklist file from |url|, stores it at 291 // |path|, loads it, and applies it to the URL filters. If |url| is not valid 292 // (e.g. empty), directly tries to load from |path|. 293 void LoadBlacklist(const base::FilePath& path, const GURL& url); 294 295 // Asynchronously loads a static blacklist from a binary file at |path| and 296 // applies it to the URL filters. 297 void LoadBlacklistFromFile(const base::FilePath& path); 298 299 void OnBlacklistDownloadDone(const base::FilePath& path, bool success); 300 301 // Updates the manual overrides for hosts in the URL filters when the 302 // corresponding preference is changed. 303 void UpdateManualHosts(); 304 305 // Updates the manual overrides for URLs in the URL filters when the 306 // corresponding preference is changed. 307 void UpdateManualURLs(); 308 309 // Returns the human readable name of the supervised user. 310 std::string GetSupervisedUserName() const; 311 312 // Owns us via the KeyedService mechanism. 313 Profile* profile_; 314 315 bool active_; 316 317 Delegate* delegate_; 318 319 #if defined(ENABLE_EXTENSIONS) 320 ScopedObserver<extensions::ExtensionRegistry, 321 extensions::ExtensionRegistryObserver> 322 extension_registry_observer_; 323 #endif 324 325 PrefChangeRegistrar pref_change_registrar_; 326 327 // True iff we're waiting for the Sync service to be initialized. 328 bool waiting_for_sync_initialization_; 329 bool is_profile_active_; 330 331 std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_; 332 333 // Sets a profile in elevated state for testing if set to true. 334 bool elevated_for_testing_; 335 336 // True only when |Init()| method has been called. 337 bool did_init_; 338 339 // True only when |Shutdown()| method has been called. 340 bool did_shutdown_; 341 342 URLFilterContext url_filter_context_; 343 scoped_ptr<SupervisedUserBlacklistDownloader> blacklist_downloader_; 344 345 // Used to create permission requests. 346 scoped_ptr<PermissionRequestCreator> permissions_creator_; 347 348 ObserverList<SupervisedUserServiceObserver> observer_list_; 349 350 base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_; 351 }; 352 353 #endif // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_ 354