Send policy blobs to session_manager

chrome/browser/policy/device_policy_cache.cc

Index: chrome/browser/policy/device_policy_cache.cc
diff --git a/chrome/browser/policy/device_policy_cache.cc b/chrome/browser/policy/device_policy_cache.cc
new file mode 100644
index 0000000000000000000000000000000000000000..f5a5129d8bbcdffb9b98a474cc44891fa0518988
--- /dev/null
+++ b/chrome/browser/policy/device_policy_cache.cc
@@ -0,0 +1,159 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/policy/device_policy_cache.h"
+
+#include "base/file_util.h"
+#include "base/logging.h"
+#include "base/task.h"
+#include "base/values.h"
+#include "content/browser/browser_thread.h"
+#include "chrome/browser/policy/configuration_policy_pref_store.h"
+#include "chrome/browser/policy/policy_map.h"
+#include "chrome/browser/policy/proto/cloud_policy.pb.h"
+#include "chrome/browser/policy/proto/device_management_constants.h"
+#include "chrome/browser/policy/proto/device_management_local.pb.h"
+#include "policy/configuration_policy_type.h"
+
+using google::protobuf::RepeatedPtrField;
+
+namespace policy {
+
+// Lives in <generated code output directory>/policy/cloud_policy_generated.cc.
+void DecodeIntegerValue(google::protobuf::int64 value);

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

We shouldn't make use of this here, since this class has nothing to do with the
generated code.

[Jakob Kummerow, 2011/03/28 13:53:53]

Done (has become a moot point since we've scratched decoding completely for
now).

+
+DevicePolicyCache::DevicePolicyCache()
+    : signed_settings_helper_(chromeos::SignedSettingsHelper::Get()) {
+}
+
+DevicePolicyCache::DevicePolicyCache(
+    chromeos::SignedSettingsHelper* signed_settings_helper)
+    : signed_settings_helper_(signed_settings_helper) {
+}
+
+DevicePolicyCache::~DevicePolicyCache() {
+  signed_settings_helper_->CancelCallback(this);
+}
+
+void DevicePolicyCache::Load() {
+  // TODO(jkummerow): check if we're unmanaged; if so, set is_unmanaged_ = true
+  // and return immediately.
+
+  signed_settings_helper_->StartRetrievePolicyOp(this);
+}
+
+void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) {
+  std::string data;
+  if (!policy.SerializeToString(&data)) {
+    LOG(WARNING) << "Failed to serialize policy data.";
+    return;
+  }
+  signed_settings_helper_->StartStorePolicyOp(data, this);
+}
+
+void DevicePolicyCache::SetUnmanaged() {
+  LOG(WARNING) << "Tried to set DevicePolicyCache to 'unmanaged'!";
+  // This is not supported for DevicePolicyCache.
+}
+
+void DevicePolicyCache::OnRetrievePolicyCompleted(
+    chromeos::SignedSettings::ReturnCode code,
+    const std::string& value) {
+  DCHECK(CalledOnValidThread());
+  if (code != chromeos::SignedSettings::SUCCESS) {
+    // TODO(jkummerow): error handling?

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

Maybe make this comment a bit more elaborate, something like:

We cannot do anything about this, but we may want to notify the user that
something is wrong.

[Jakob Kummerow, 2011/03/28 13:53:53]

Done.

+    return;
+  }
+  em::PolicyFetchResponse policy;
+  if (!policy.ParseFromArray(value.c_str(), value.size())) {
+    LOG(WARNING) << "Failed to parse policy blob fetched from SignedSettings!";
+    return;
+  }
+  SetPolicyInternal(policy);
+}
+
+void DevicePolicyCache::OnStorePolicyCompleted(
+    chromeos::SignedSettings::ReturnCode code) {
+  if (code != chromeos::SignedSettings::SUCCESS) {
+    // TODO(jkummerow): error handling?

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

Same here.

[Jakob Kummerow, 2011/03/28 13:53:53]

Done.

+    return;
+  }
+  Load();
+}
+
+bool DevicePolicyCache::DecodePolicyData(const em::PolicyData& policy_data,
+                                         PolicyMap* mandatory,
+                                         PolicyMap* recommended) {
+  em::ChromeDeviceSettingsProto policy;
+  if (!policy.ParseFromString(policy_data.policy_value())) {
+    LOG(WARNING) << "Failed to parse ChromeDeviceSettingsProto.";
+    return false;
+  }
+  DecodeDevicePolicy(policy, mandatory, recommended);
+  return true;
+}
+
+// static
+void DevicePolicyCache::DecodeDevicePolicy(
+    const em::ChromeDeviceSettingsProto& policy,
+    PolicyMap* mandatory,
+    PolicyMap* recommended) {
+  DCHECK(mandatory);
+  // |recommended| isn't used yet; it is passed in for consistency with
+  // user-level policy, and for future extensibility.
+  if (policy.has_policy_refresh_rate()) {
+    const em::DevicePolicyRefreshRateProto& refresh_rate =
+        policy.policy_refresh_rate();
+    if (refresh_rate.has_policy_refresh_rate()) {
+      // TODO(jkummerow): define kPolicyDevicePolicyRefreshRate.

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

So why not do it?

[Jakob Kummerow, 2011/03/28 13:53:53]

As discussed, let's remove all of this protobuf-decoding code for now, and add
it back once we know we need it.

+      // mandatory->Set(kPolicyDevicePolicyRefreshRate,
+      //                DecodeIntegerValue(refresh_rate.policy_refresh_rate()));
+    }
+  }
+  if (policy.has_user_whitelist()) {

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

I guess we don't need the user whitelist in prefs at this point, but I guess it
doesn't hurt either. Anyway, let's make a decision before committing this.

[Jakob Kummerow, 2011/03/28 13:53:53]

As discussed, let's remove all of this protobuf-decoding code for now, and add
it back once we know we need it.

+    const em::UserWhitelistProto user_whitelist = policy.user_whitelist();
+    ListValue* list = new ListValue();
+    RepeatedPtrField<std::string>::const_iterator entry;
+    for (entry = user_whitelist.user_whitelist().begin();
+         entry != user_whitelist.user_whitelist().end(); ++entry) {
+      list->Append(Value::CreateStringValue(*entry));
+    }
+    if (!list->empty()) {
+      // TODO(jkummerow): define kPolicyUserWhitelist.
+      // mandatory->Set(kPolicyUserWhitelist, list);
+    }
+    // TODO(jkummerow): remove this when |mandatory->Set()| is enabled.

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

If list is empty, you still need to delete!

[Jakob Kummerow, 2011/03/28 13:53:53]

Good point. Solved by using a scoped_ptr.

+    delete list;
+  }
+  if (policy.has_guest_mode_enabled()) {
+    const em::GuestModeEnabledProto guest_mode = policy.guest_mode_enabled();
+    if (guest_mode.has_guest_mode_enabled()) {
+      // TODO(jkummerow): define kPolicyGuestModeEnabled.
+      // mandatory->Set(
+      //     kPolicyGuestModeEnabled,
+      //     Value::CreateBooleanValue(guest_mode.guest_mode_enabled()));
+    }
+  }
+  if (policy.has_device_proxy_settings()) {
+    const em::DeviceProxySettingsProto proxy = policy.device_proxy_settings();
+    if (proxy.has_proxy_mode()) {
+      Value* value = Value::CreateStringValue(proxy.proxy_mode());
+      mandatory->Set(kPolicyProxyMode, value);
+    }
+    if (proxy.has_proxy_server()) {
+      Value* value = Value::CreateStringValue(proxy.proxy_server());
+      mandatory->Set(kPolicyProxyServer, value);
+    }
+    if (proxy.has_proxy_pac_url()) {
+      Value* value = Value::CreateStringValue(proxy.proxy_pac_url());
+      mandatory->Set(kPolicyProxyPacUrl, value);
+    }
+    if (proxy.has_proxy_bypass_list()) {
+      Value* value = Value::CreateStringValue(proxy.proxy_bypass_list());
+      mandatory->Set(kPolicyProxyBypassList, value);
+    }
+  }
+}
+
+}  // namespace policy