| Index: chrome/browser/policy/device_policy_cache.cc
|
| diff --git a/chrome/browser/policy/device_policy_cache.cc b/chrome/browser/policy/device_policy_cache.cc
|
| index 6ab2e33c0385f1e3a30ffbf3c1dee1d86bd85702..57456fb037b980ea266a9d0fe7e4c2583e32f9e6 100644
|
| --- a/chrome/browser/policy/device_policy_cache.cc
|
| +++ b/chrome/browser/policy/device_policy_cache.cc
|
| @@ -15,6 +15,7 @@
|
| #include "chrome/browser/chromeos/user_cros_settings_provider.h"
|
| #include "chrome/browser/policy/configuration_policy_pref_store.h"
|
| #include "chrome/browser/policy/device_policy_identity_strategy.h"
|
| +#include "chrome/browser/policy/enterprise_install_attributes.h"
|
| #include "chrome/browser/policy/policy_map.h"
|
| #include "chrome/browser/policy/proto/device_management_backend.pb.h"
|
| #include "chrome/browser/policy/proto/device_management_constants.h"
|
| @@ -109,8 +110,10 @@ Value* DecodeIntegerValue(google::protobuf::int64 value) {
|
| namespace policy {
|
|
|
| DevicePolicyCache::DevicePolicyCache(
|
| - DevicePolicyIdentityStrategy* identity_strategy)
|
| + DevicePolicyIdentityStrategy* identity_strategy,
|
| + EnterpriseInstallAttributes* install_attributes)
|
| : identity_strategy_(identity_strategy),
|
| + install_attributes_(install_attributes),
|
| signed_settings_helper_(chromeos::SignedSettingsHelper::Get()),
|
| starting_up_(true),
|
| ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) {
|
| @@ -118,8 +121,10 @@ DevicePolicyCache::DevicePolicyCache(
|
|
|
| DevicePolicyCache::DevicePolicyCache(
|
| DevicePolicyIdentityStrategy* identity_strategy,
|
| + EnterpriseInstallAttributes* install_attributes,
|
| chromeos::SignedSettingsHelper* signed_settings_helper)
|
| : identity_strategy_(identity_strategy),
|
| + install_attributes_(install_attributes),
|
| signed_settings_helper_(signed_settings_helper),
|
| starting_up_(true),
|
| ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) {
|
| @@ -135,6 +140,33 @@ void DevicePolicyCache::Load() {
|
|
|
| void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) {
|
| DCHECK(!starting_up_);
|
| +
|
| + // Make sure we have an enterprise device.
|
| + std::string registration_user(install_attributes_->GetRegistrationUser());
|
| + if (registration_user.empty()) {
|
| + LOG(WARNING) << "Refusing to accept policy on non-enterprise device.";
|
| + InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
|
| + CloudPolicySubsystem::POLICY_LOCAL_ERROR);
|
| + return;
|
| + }
|
| +
|
| + // Check the user this policy is for against the device-locked name.
|
| + em::PolicyData policy_data;
|
| + if (!policy_data.ParseFromString(policy.policy_data())) {
|
| + LOG(WARNING) << "Invalid policy protobuf";
|
| + InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
|
| + CloudPolicySubsystem::POLICY_LOCAL_ERROR);
|
| + return;
|
| + }
|
| +
|
| + if (registration_user != policy_data.username()) {
|
| + LOG(WARNING) << "Refusing policy blob for " << policy_data.username()
|
| + << " which doesn't match " << registration_user;
|
| + InformNotifier(CloudPolicySubsystem::LOCAL_ERROR,
|
| + CloudPolicySubsystem::POLICY_LOCAL_ERROR);
|
| + return;
|
| + }
|
| +
|
| set_last_policy_refresh_time(base::Time::NowFromSystemTime());
|
|
|
| // Start a store operation.
|
|
|
Chromium Code Reviews
Issue 6869042:
Add immutable settings checks when handling policy. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src