Home | History | Annotate | Download | only in policy 
      1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef LIBBRILLO_POLICY_DEVICE_POLICY_H_
      6 #define LIBBRILLO_POLICY_DEVICE_POLICY_H_
      7 
      8 #include <stdint.h>
      9 
     10 #include <set>
     11 #include <string>
     12 #include <vector>
     13 
     14 #include <base/macros.h>
     15 
     16 #pragma GCC visibility push(default)
     17 
     18 namespace policy {
     19 
     20 // This class holds device settings that are to be enforced across all users.
     21 // It is also responsible for loading the policy blob from disk and verifying
     22 // the signature against the owner's key.
     23 //
     24 // This class defines the interface for querying device policy on ChromeOS.
     25 // The implementation is hidden in DevicePolicyImpl to prevent protobuf
     26 // definition from leaking into the libraries using this interface.
     27 class DevicePolicy {
     28  public:
     29   // Identifiers of a USB device or device family.
     30   struct UsbDeviceId {
     31     // USB Vendor Identifier (aka idVendor).
     32     uint16_t vendor_id;
     33 
     34     // USB Product Identifier (aka idProduct).
     35     uint16_t product_id;
     36   };
     37 
     38   DevicePolicy();
     39   virtual ~DevicePolicy();
     40 
     41   // Load the signed policy off of disk into |policy_|.
     42   // Returns true unless there is a policy on disk and loading it fails.
     43   virtual bool LoadPolicy() = 0;
     44 
     45   // Writes the value of the DevicePolicyRefreshRate policy in |rate|. Returns
     46   // true on success.
     47   virtual bool GetPolicyRefreshRate(int* rate) const = 0;
     48 
     49   // Writes the value of the UserWhitelist policy in |user_whitelist|. Returns
     50   // true on success.
     51   virtual bool GetUserWhitelist(
     52       std::vector<std::string>* user_whitelist) const = 0;
     53 
     54   // Writes the value of the GuestModeEnabled policy in |guest_mode_enabled|.
     55   // Returns true on success.
     56   virtual bool GetGuestModeEnabled(bool* guest_mode_enabled) const = 0;
     57 
     58   // Writes the value of the CameraEnabled policy in |camera_enabled|. Returns
     59   // true on success.
     60   virtual bool GetCameraEnabled(bool* camera_enabled) const = 0;
     61 
     62   // Writes the value of the ShowUserNamesOnSignIn policy in |show_user_names|.
     63   // Returns true on success.
     64   virtual bool GetShowUserNames(bool* show_user_names) const = 0;
     65 
     66   // Writes the value of the DataRoamingEnabled policy in |data_roaming_enabled|
     67   // Returns true on success.
     68   virtual bool GetDataRoamingEnabled(bool* data_roaming_enabled) const = 0;
     69 
     70   // Writes the value of the AllowNewUsers policy in |allow_new_users|. Returns
     71   // true on success.
     72   virtual bool GetAllowNewUsers(bool* allow_new_users) const = 0;
     73 
     74   // Writes the value of MetricEnabled policy in |metrics_enabled|. Returns true
     75   // on success.
     76   virtual bool GetMetricsEnabled(bool* metrics_enabled) const = 0;
     77 
     78   // Writes the value of ReportVersionInfo policy in |report_version_info|.
     79   // Returns true on success.
     80   virtual bool GetReportVersionInfo(bool* report_version_info) const = 0;
     81 
     82   // Writes the value of ReportActivityTimes policy in |report_activity_times|.
     83   // Returns true on success.
     84   virtual bool GetReportActivityTimes(bool* report_activity_times) const = 0;
     85 
     86   // Writes the value of ReportBootMode policy in |report_boot_mode|. Returns
     87   // true on success.
     88   virtual bool GetReportBootMode(bool* report_boot_mode) const = 0;
     89 
     90   // Writes the value of the EphemeralUsersEnabled policy in
     91   // |ephemeral_users_enabled|. Returns true on success.
     92   virtual bool GetEphemeralUsersEnabled(
     93       bool* ephemeral_users_enabled) const =  0;
     94 
     95   // Writes the value of the release channel policy in |release_channel|.
     96   // Returns true on success.
     97   virtual bool GetReleaseChannel(std::string* release_channel) const = 0;
     98 
     99   // Writes the value of the release_channel_delegated policy in
    100   // |release_channel_delegated|. Returns true on success.
    101   virtual bool GetReleaseChannelDelegated(
    102       bool* release_channel_delegated) const = 0;
    103 
    104   // Writes the value of the update_disabled policy in |update_disabled|.
    105   // Returns true on success.
    106   virtual bool GetUpdateDisabled(bool* update_disabled) const = 0;
    107 
    108   // Writes the value of the target_version_prefix policy in
    109   // |target_version_prefix|. Returns true on success.
    110   virtual bool GetTargetVersionPrefix(
    111       std::string* target_version_prefix) const = 0;
    112 
    113   // Writes the value of the scatter_factor_in_seconds policy in
    114   // |scatter_factor_in_seconds|. Returns true on success.
    115   virtual bool GetScatterFactorInSeconds(
    116       int64_t* scatter_factor_in_seconds) const = 0;
    117 
    118   // Writes the connection types on which updates are allowed to
    119   // |connection_types|. The identifiers returned are intended to be consistent
    120   // with what the connection manager users: ethernet, wifi, wimax, bluetooth,
    121   // cellular.
    122   virtual bool GetAllowedConnectionTypesForUpdate(
    123       std::set<std::string>* connection_types) const = 0;
    124 
    125   // Writes the value of the OpenNetworkConfiguration policy in
    126   // |open_network_configuration|. Returns true on success.
    127   virtual bool GetOpenNetworkConfiguration(
    128       std::string* open_network_configuration) const = 0;
    129 
    130   // Writes the name of the device owner in |owner|. For enterprise enrolled
    131   // devices, this will be an empty string.
    132   // Returns true on success.
    133   virtual bool GetOwner(std::string* owner) const = 0;
    134 
    135   // Write the value of http_downloads_enabled policy in
    136   // |http_downloads_enabled|. Returns true on success.
    137   virtual bool GetHttpDownloadsEnabled(bool* http_downloads_enabled) const = 0;
    138 
    139   // Writes the value of au_p2p_enabled policy in
    140   // |au_p2p_enabled|. Returns true on success.
    141   virtual bool GetAuP2PEnabled(bool* au_p2p_enabled) const = 0;
    142 
    143   // Writes the value of allow_kiosk_app_control_chrome_version policy in
    144   // |allow_kiosk_app_control_chrome_version|. Returns true on success.
    145   virtual bool GetAllowKioskAppControlChromeVersion(
    146       bool* allow_kiosk_app_control_chrome_version) const = 0;
    147 
    148   // Writes the value of the UsbDetachableWhitelist policy in |usb_whitelist|.
    149   // Returns true on success.
    150   virtual bool GetUsbDetachableWhitelist(
    151       std::vector<UsbDeviceId>* usb_whitelist) const = 0;
    152 
    153  private:
    154   // Verifies that the policy files are owned by root and exist.
    155   virtual bool VerifyPolicyFiles() = 0;
    156 
    157   // Verifies that the policy signature is correct.
    158   virtual bool VerifyPolicySignature() = 0;
    159 
    160   DISALLOW_COPY_AND_ASSIGN(DevicePolicy);
    161 };
    162 }  // namespace policy
    163 
    164 #pragma GCC visibility pop
    165 
    166 #endif  // LIBBRILLO_POLICY_DEVICE_POLICY_H_
    167