Device policy infrastructure

chrome/browser/policy/cloud_policy_cache.h

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_
 #define CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_
 
 #include <string>
 
 #include "base/file_path.h"
 #include "base/gtest_prod_util.h"
+#include "base/observer_list.h"
 #include "base/ref_counted.h"
 #include "base/scoped_ptr.h"
-#include "base/synchronization/lock.h"
+#include "base/threading/non_thread_safe.h"
 #include "base/time.h"
 #include "chrome/browser/policy/configuration_policy_provider.h"
 #include "chrome/browser/policy/policy_map.h"
 #include "chrome/browser/policy/proto/device_management_backend.pb.h"
 #include "policy/configuration_policy_type.h"
 
 class DictionaryValue;
 class ListValue;
 class Value;
 
 using google::protobuf::RepeatedPtrField;
 
 namespace policy {
 
 namespace em = enterprise_management;
 
 // Keeps the authoritative copy of cloud policy information as read from the
 // persistence file or determined by the policy backend. The cache doesn't talk
 // to the service directly, but receives updated policy information through
 // SetPolicy() calls, which is then persisted and decoded into the internal
 // Value representation chrome uses.
-class CloudPolicyCache {
+class CloudPolicyCache : public base::NonThreadSafe {

[Mattias Nissler (ping if slow), 2011/02/21 14:39:13]

I don't know who requested to derive from NonThreadSafe (was it me?). The
documentation states "This is intended to be used with classes that appear to be
thread safe, but aren't." I think our default is to assume non-thread-safety,
except for classes that obviously do thread switching, so I don't think that
CloudPolicyCache "appears to be thread safe" here, but YMMV.

[Jakob Kummerow, 2011/02/22 10:02:33]

As discussed offline, we'll leave it as is.

  public:
+  // Used to distinguish mandatory from recommended policies.
+  enum PolicyLevel {
+    // Policy is forced upon the user and should always take effect.
+    POLICY_LEVEL_MANDATORY,
+    // The value is just a recommendation that the user may override.
+    POLICY_LEVEL_RECOMMENDED,
+  };
+
   explicit CloudPolicyCache(const FilePath& backing_file_path);
   ~CloudPolicyCache();
 
   // Loads policy information from the backing file. Non-existing or erroneous
   // cache files are ignored.
-  void LoadPolicyFromFile();
+  void LoadFromFile();
 
-  // Resets the policy information. Returns true if the new policy is different
-  // from the previously stored policy.
-  bool SetPolicy(const em::CloudPolicyResponse& policy);
-  bool SetDevicePolicy(const em::DevicePolicyResponse& policy);
+  // Resets the policy information.
+  void SetPolicy(const em::CloudPolicyResponse& policy);
+  void SetDevicePolicy(const em::DevicePolicyResponse& policy);
 
-  // Gets the policy information. Ownership of the return value is transferred
-  // to the caller.
-  DictionaryValue* GetDevicePolicy();
-  const PolicyMap* GetMandatoryPolicy() const;
-  const PolicyMap* GetRecommendedPolicy() const;
+  ConfigurationPolicyProvider* GetManagedPolicyProvider();
+  ConfigurationPolicyProvider* GetRecommendedPolicyProvider();
 
   void SetUnmanaged();
   bool is_unmanaged() const {
     return is_unmanaged_;
   }
 
   // Returns the time at which the policy was last fetched.
   base::Time last_policy_refresh_time() const {
     return last_policy_refresh_time_;
   }
 
   // Returns true if this cache holds (old-style) device policy that should be
   // given preference over (new-style) mandatory/recommended policy.
   bool has_device_policy() const {
     return has_device_policy_;
   }
 
  private:
+  class CloudPolicyProvider;
+
   friend class CloudPolicyCacheTest;
+  friend class DeviceManagementPolicyCacheTest;
   friend class DeviceManagementPolicyCacheDecodeTest;
 
   // Decodes a CloudPolicyResponse into two (ConfigurationPolicyType -> Value*)
   // maps and a timestamp. Also performs verification, returns NULL if any
   // check fails.
   static bool DecodePolicyResponse(
       const em::CloudPolicyResponse& policy_response,
       PolicyMap* mandatory,
       PolicyMap* recommended,
       base::Time* timestamp);
@@ skipping 15 matching lines @@
   static Value* DecodeValue(const em::GenericValue& value);
 
   // Decodes a policy message and returns it in Value representation. Ownership
   // of the returned dictionary is transferred to the caller.
   static DictionaryValue* DecodeDevicePolicy(
       const em::DevicePolicyResponse& response);
 
   // The file in which we store a cached version of the policy information.
   const FilePath backing_file_path_;
 
-  // Protects both |mandatory_policy_| and |recommended_policy_| as well as
-  // |device_policy_|.
-  base::Lock lock_;
-
   // Policy key-value information.
   PolicyMap mandatory_policy_;
   PolicyMap recommended_policy_;
   scoped_ptr<DictionaryValue> device_policy_;
 
-  // Tracks whether the store received a SetPolicy() call, which overrides any
-  // information loaded from the file.
-  bool fresh_policy_;
+  // Whether initialization has been completed. This is the case when we have
+  // valid policy, learned that the device is unmanaged or ran into
+  // unrecoverable errors.
+  bool initialization_complete_;
 
+  // Whether the the server has indicated this device is unmanaged.
   bool is_unmanaged_;
 
   // Tracks whether the cache currently stores |device_policy_| that should be
   // given preference over |mandatory_policy_| and |recommended_policy_|.
   bool has_device_policy_;
 
   // The time at which the policy was last refreshed.
   base::Time last_policy_refresh_time_;
+
+  // Policy providers.
+  scoped_ptr<ConfigurationPolicyProvider> managed_policy_provider_;
+  scoped_ptr<ConfigurationPolicyProvider> recommended_policy_provider_;
+
+  // Provider observers that are registered with this cache's providers.
+  ObserverList<ConfigurationPolicyProvider::Observer, true> observer_list_;

[Mattias Nissler (ping if slow), 2011/02/21 14:39:13]

DISALLOW_COPY_AND_ASSIGN

[Jakob Kummerow, 2011/02/22 10:02:33]

Done.

 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_H_