Chromium Code Reviews Chromium Code Reviews
Issue 6821075:
Chrome-side lockbox bindings (Closed)
Base URL: http://git.chromium.org/git/chromium.git@trunk| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/ownership_service.h" | 5 #include "chrome/browser/chromeos/login/ownership_service.h" |
| 6 | 6 |
| 7 #include "base/file_path.h" | 7 #include "base/file_path.h" |
| 8 #include "base/file_util.h" | 8 #include "base/file_util.h" |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "base/synchronization/lock.h" | 10 #include "base/synchronization/lock.h" |
| 11 #include "chrome/browser/browser_process.h" | 11 #include "chrome/browser/browser_process.h" |
| 12 #include "chrome/browser/chromeos/cros/cros_library.h" | |
| 13 #include "chrome/browser/chromeos/cros/cryptohome_library.h" | |
| 12 #include "content/browser/browser_thread.h" | 14 #include "content/browser/browser_thread.h" |
| 13 | 15 |
| 14 // We want to use NewRunnableMethod for non-static methods of this class but | 16 // We want to use NewRunnableMethod for non-static methods of this class but |
| 15 // need to disable reference counting since it is singleton. | 17 // need to disable reference counting since it is singleton. |
| 16 DISABLE_RUNNABLE_METHOD_REFCOUNT(chromeos::OwnershipService); | 18 DISABLE_RUNNABLE_METHOD_REFCOUNT(chromeos::OwnershipService); |
| 17 | 19 |
| 18 namespace chromeos { | 20 namespace chromeos { |
| 19 | 21 |
| 20 static base::LazyInstance<OwnershipService> g_ownership_service( | 22 static base::LazyInstance<OwnershipService> g_ownership_service( |
| 21 base::LINKER_INITIALIZED); | 23 base::LINKER_INITIALIZED); |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 65 return status; | 67 return status; |
| 66 // Under common usage there is very short lapse of time when ownership | 68 // Under common usage there is very short lapse of time when ownership |
| 67 // status is still unknown after constructing OwnershipService. | 69 // status is still unknown after constructing OwnershipService. |
| 68 LOG(ERROR) << "Blocking on UI thread in OwnershipService::GetStatus"; | 70 LOG(ERROR) << "Blocking on UI thread in OwnershipService::GetStatus"; |
| 69 base::ThreadRestrictions::ScopedAllowIO allow_io; | 71 base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 70 is_owned = IsAlreadyOwned(); | 72 is_owned = IsAlreadyOwned(); |
| 71 } else { | 73 } else { |
| 72 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 74 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| 73 is_owned = IsAlreadyOwned(); | 75 is_owned = IsAlreadyOwned(); |
| 74 } | 76 } |
| 75 status = is_owned ? OWNERSHIP_TAKEN : OWNERSHIP_NONE; | 77 status = is_owned ? DetermineOwnerType() : OWNERSHIP_NONE; |
|
Chris Masone
2011/04/15 16:59:26
You will wind up doing this from the file thread i
| |
| 76 SetStatus(status); | 78 SetStatus(status); |
| 77 return status; | 79 return status; |
| 78 } | 80 } |
| 79 | 81 |
| 80 void OwnershipService::StartLoadOwnerKeyAttempt() { | 82 void OwnershipService::StartLoadOwnerKeyAttempt() { |
| 81 BrowserThread::PostTask( | 83 BrowserThread::PostTask( |
| 82 BrowserThread::FILE, FROM_HERE, | 84 BrowserThread::FILE, FROM_HERE, |
| 83 NewRunnableFunction(&TryLoadOwnerKeyAttempt, this)); | 85 NewRunnableFunction(&TryLoadOwnerKeyAttempt, this)); |
| 84 } | 86 } |
| 85 | 87 |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 112 data, | 114 data, |
| 113 signature, | 115 signature, |
| 114 d)); | 116 d)); |
| 115 return; | 117 return; |
| 116 } | 118 } |
| 117 | 119 |
| 118 void OwnershipService::Observe(NotificationType type, | 120 void OwnershipService::Observe(NotificationType type, |
| 119 const NotificationSource& source, | 121 const NotificationSource& source, |
| 120 const NotificationDetails& details) { | 122 const NotificationDetails& details) { |
| 121 if (type.value == NotificationType::OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED) { | 123 if (type.value == NotificationType::OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED) { |
| 122 SetStatus(OWNERSHIP_TAKEN); | 124 SetStatus(DetermineOwnerType()); |
|
Chris Masone
2011/04/15 16:59:26
why do we need to do this all over the code?
| |
| 123 notification_registrar_.RemoveAll(); | 125 notification_registrar_.RemoveAll(); |
| 124 } else { | 126 } else { |
| 125 NOTREACHED(); | 127 NOTREACHED(); |
| 126 } | 128 } |
| 127 } | 129 } |
| 128 | 130 |
| 129 bool OwnershipService::CurrentUserIsOwner() { | 131 bool OwnershipService::CurrentUserIsOwner() { |
| 130 // If this user has the private key associated with the owner's | 132 // If this user has the private key associated with the owner's |
| 131 // public key, this user is the owner. | 133 // public key, this user is the owner. |
| 132 return IsAlreadyOwned() && manager_->EnsurePrivateKey(); | 134 return IsAlreadyOwned() && manager_->EnsurePrivateKey(); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 175 service->manager()->Verify(thread_id, data, signature, d); | 177 service->manager()->Verify(thread_id, data, signature, d); |
| 176 } | 178 } |
| 177 | 179 |
| 178 // static | 180 // static |
| 179 void OwnershipService::FailAttempt(OwnerManager::Delegate* d) { | 181 void OwnershipService::FailAttempt(OwnerManager::Delegate* d) { |
| 180 d->OnKeyOpComplete(OwnerManager::KEY_UNAVAILABLE, std::vector<uint8>()); | 182 d->OnKeyOpComplete(OwnerManager::KEY_UNAVAILABLE, std::vector<uint8>()); |
| 181 } | 183 } |
| 182 | 184 |
| 183 void OwnershipService::FetchStatus() { | 185 void OwnershipService::FetchStatus() { |
| 184 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); | 186 DCHECK(BrowserThread::CurrentlyOn(BrowserThread::FILE)); |
| 185 Status status = IsAlreadyOwned() ? OWNERSHIP_TAKEN : OWNERSHIP_NONE; | 187 Status status = IsAlreadyOwned() ? DetermineOwnerType() : OWNERSHIP_NONE; |
| 186 SetStatus(status); | 188 SetStatus(status); |
| 187 } | 189 } |
| 188 | 190 |
| 189 void OwnershipService::SetStatus(Status new_status) { | 191 void OwnershipService::SetStatus(Status new_status) { |
| 190 DCHECK(new_status == OWNERSHIP_TAKEN || new_status == OWNERSHIP_NONE); | 192 DCHECK(new_status != OWNERSHIP_UNKNOWN); |
| 191 base::AutoLock lk(ownership_status_lock_); | 193 base::AutoLock lk(ownership_status_lock_); |
| 192 ownership_status_ = new_status; | 194 ownership_status_ = new_status; |
| 193 } | 195 } |
| 194 | 196 |
| 197 OwnershipService::Status OwnershipService::DetermineOwnerType() { | |
| 198 // We assume we are user owned if there is no valid information in the lockbox | |
| 199 // this should be backwards compatible and safe enough in case the data has | |
| 200 // been tampered with or corrupted. | |
| 201 OwnershipService::Status owned = OWNERSHIP_USER; | |
| 202 chromeos::CryptohomeLibrary* cryptohome = | |
| 203 chromeos::CrosLibrary::Get()->GetCryptohomeLibrary(); | |
| 204 if (cryptohome && cryptohome->InstallAttributesIsReady() && | |
| 205 !cryptohome->InstallAttributesIsFirstInstall()) { | |
| 206 std::string value; | |
| 207 if (cryptohome->InstallAttributesGet("enterprise.owned", &value)) { | |
| 208 owned = | |
| 209 (0 == value.compare("true") ? OWNERSHIP_ENTERPRISE : OWNERSHIP_USER); | |
| 210 } | |
| 211 } | |
| 212 return owned; | |
| 213 } | |
| 214 | |
| 195 } // namespace chromeos | 215 } // namespace chromeos |
| 196 | 216 |
| OLD | NEW |
