Chromium Code Reviews Chromium Code Reviews
Issue 7105018:
UMA metrics for cloud policies. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/device_policy_cache.h" | 5 #include "chrome/browser/policy/device_policy_cache.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/compiler_specific.h" | 8 #include "base/compiler_specific.h" |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "base/task.h" | 10 #include "base/task.h" |
| 11 #include "base/values.h" | 11 #include "base/values.h" |
| 12 #include "chrome/browser/chromeos/cros_settings_names.h" | 12 #include "chrome/browser/chromeos/cros_settings_names.h" |
| 13 #include "chrome/browser/chromeos/login/ownership_service.h" | 13 #include "chrome/browser/chromeos/login/ownership_service.h" |
| 14 #include "chrome/browser/chromeos/login/signed_settings_helper.h" | 14 #include "chrome/browser/chromeos/login/signed_settings_helper.h" |
| 15 #include "chrome/browser/chromeos/user_cros_settings_provider.h" | 15 #include "chrome/browser/chromeos/user_cros_settings_provider.h" |
| 16 #include "chrome/browser/policy/configuration_policy_pref_store.h" | 16 #include "chrome/browser/policy/configuration_policy_pref_store.h" |
| 17 #include "chrome/browser/policy/device_policy_identity_strategy.h" | 17 #include "chrome/browser/policy/device_policy_identity_strategy.h" |
| 18 #include "chrome/browser/policy/enterprise_install_attributes.h" | 18 #include "chrome/browser/policy/enterprise_install_attributes.h" |
| 19 #include "chrome/browser/policy/enterprise_metrics.h" | |
| 19 #include "chrome/browser/policy/policy_map.h" | 20 #include "chrome/browser/policy/policy_map.h" |
| 20 #include "chrome/browser/policy/proto/device_management_backend.pb.h" | 21 #include "chrome/browser/policy/proto/device_management_backend.pb.h" |
| 21 #include "chrome/browser/policy/proto/device_management_constants.h" | 22 #include "chrome/browser/policy/proto/device_management_constants.h" |
| 22 #include "chrome/browser/policy/proto/device_management_local.pb.h" | 23 #include "chrome/browser/policy/proto/device_management_local.pb.h" |
| 23 #include "content/browser/browser_thread.h" | 24 #include "content/browser/browser_thread.h" |
| 24 #include "policy/configuration_policy_type.h" | 25 #include "policy/configuration_policy_type.h" |
| 25 | 26 |
| 26 namespace { | 27 namespace { |
| 27 | 28 |
| 28 // Stores policy, updates the owner key if required and reports the status | 29 // Stores policy, updates the owner key if required and reports the status |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 102 return NULL; | 103 return NULL; |
| 103 } | 104 } |
| 104 | 105 |
| 105 return Value::CreateIntegerValue(static_cast<int>(value)); | 106 return Value::CreateIntegerValue(static_cast<int>(value)); |
| 106 } | 107 } |
| 107 | 108 |
| 108 } // namespace | 109 } // namespace |
| 109 | 110 |
| 110 namespace policy { | 111 namespace policy { |
| 111 | 112 |
| 113 namespace em = enterprise_management; | |
| 114 | |
| 112 DevicePolicyCache::DevicePolicyCache( | 115 DevicePolicyCache::DevicePolicyCache( |
| 113 DevicePolicyIdentityStrategy* identity_strategy, | 116 DevicePolicyIdentityStrategy* identity_strategy, |
| 114 EnterpriseInstallAttributes* install_attributes) | 117 EnterpriseInstallAttributes* install_attributes) |
| 115 : identity_strategy_(identity_strategy), | 118 : identity_strategy_(identity_strategy), |
| 116 install_attributes_(install_attributes), | 119 install_attributes_(install_attributes), |
| 117 signed_settings_helper_(chromeos::SignedSettingsHelper::Get()), | 120 signed_settings_helper_(chromeos::SignedSettingsHelper::Get()), |
| 118 starting_up_(true), | 121 starting_up_(true), |
| 119 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { | 122 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { |
| 120 } | 123 } |
| 121 | 124 |
| 122 DevicePolicyCache::DevicePolicyCache( | 125 DevicePolicyCache::DevicePolicyCache( |
| 123 DevicePolicyIdentityStrategy* identity_strategy, | 126 DevicePolicyIdentityStrategy* identity_strategy, |
| 124 EnterpriseInstallAttributes* install_attributes, | 127 EnterpriseInstallAttributes* install_attributes, |
| 125 chromeos::SignedSettingsHelper* signed_settings_helper) | 128 chromeos::SignedSettingsHelper* signed_settings_helper) |
| 126 : identity_strategy_(identity_strategy), | 129 : identity_strategy_(identity_strategy), |
| 127 install_attributes_(install_attributes), | 130 install_attributes_(install_attributes), |
| 128 signed_settings_helper_(signed_settings_helper), | 131 signed_settings_helper_(signed_settings_helper), |
| 129 starting_up_(true), | 132 starting_up_(true), |
| 130 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { | 133 ALLOW_THIS_IN_INITIALIZER_LIST(callback_factory_(this)) { |
| 131 } | 134 } |
| 132 | 135 |
| 133 DevicePolicyCache::~DevicePolicyCache() { | 136 DevicePolicyCache::~DevicePolicyCache() { |
| 134 signed_settings_helper_->CancelCallback(this); | 137 signed_settings_helper_->CancelCallback(this); |
| 135 } | 138 } |
| 136 | 139 |
| 137 void DevicePolicyCache::Load() { | 140 void DevicePolicyCache::Load() { |
| 141 em::LogPolicyOperation(em::kPolicyLoadRequested); | |
| 138 signed_settings_helper_->StartRetrievePolicyOp(this); | 142 signed_settings_helper_->StartRetrievePolicyOp(this); |
| 139 } | 143 } |
| 140 | 144 |
| 141 void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { | 145 void DevicePolicyCache::SetPolicy(const em::PolicyFetchResponse& policy) { |
| 142 DCHECK(!starting_up_); | 146 DCHECK(!starting_up_); |
| 143 | 147 |
| 144 // Make sure we have an enterprise device. | 148 // Make sure we have an enterprise device. |
| 145 std::string registration_user(install_attributes_->GetRegistrationUser()); | 149 std::string registration_user(install_attributes_->GetRegistrationUser()); |
| 146 if (registration_user.empty()) { | 150 if (registration_user.empty()) { |
| 147 LOG(WARNING) << "Refusing to accept policy on non-enterprise device."; | 151 LOG(WARNING) << "Refusing to accept policy on non-enterprise device."; |
| 152 em::LogPolicyOperation(em::kPolicyFetchNonEnterpriseDevice); | |
| 148 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 153 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 149 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 154 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 150 return; | 155 return; |
| 151 } | 156 } |
| 152 | 157 |
| 153 // Check the user this policy is for against the device-locked name. | 158 // Check the user this policy is for against the device-locked name. |
| 154 em::PolicyData policy_data; | 159 em::PolicyData policy_data; |
| 155 if (!policy_data.ParseFromString(policy.policy_data())) { | 160 if (!policy_data.ParseFromString(policy.policy_data())) { |
| 156 LOG(WARNING) << "Invalid policy protobuf"; | 161 LOG(WARNING) << "Invalid policy protobuf"; |
| 162 em::LogPolicyOperation(em::kPolicyFetchInvalidPolicy); | |
| 157 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 163 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 158 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 164 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 159 return; | 165 return; |
| 160 } | 166 } |
| 161 | 167 |
| 162 if (registration_user != policy_data.username()) { | 168 if (registration_user != policy_data.username()) { |
| 163 LOG(WARNING) << "Refusing policy blob for " << policy_data.username() | 169 LOG(WARNING) << "Refusing policy blob for " << policy_data.username() |
| 164 << " which doesn't match " << registration_user; | 170 << " which doesn't match " << registration_user; |
| 171 em::LogPolicyOperation(em::kPolicyFetchUserMismatch); | |
| 165 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 172 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 166 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 173 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 167 return; | 174 return; |
| 168 } | 175 } |
| 169 | 176 |
| 170 set_last_policy_refresh_time(base::Time::NowFromSystemTime()); | 177 set_last_policy_refresh_time(base::Time::NowFromSystemTime()); |
| 171 | 178 |
| 172 // Start a store operation. | 179 // Start a store operation. |
| 180 em::LogPolicyOperation(em::kPolicyStoreRequested); | |
| 173 new StorePolicyOperation(signed_settings_helper_, | 181 new StorePolicyOperation(signed_settings_helper_, |
| 174 policy, | 182 policy, |
| 175 callback_factory_.NewCallback( | 183 callback_factory_.NewCallback( |
| 176 &DevicePolicyCache::PolicyStoreOpCompleted)); | 184 &DevicePolicyCache::PolicyStoreOpCompleted)); |
| 177 } | 185 } |
| 178 | 186 |
| 179 void DevicePolicyCache::SetUnmanaged() { | 187 void DevicePolicyCache::SetUnmanaged() { |
| 180 LOG(WARNING) << "Tried to set DevicePolicyCache to 'unmanaged'!"; | 188 LOG(WARNING) << "Tried to set DevicePolicyCache to 'unmanaged'!"; |
| 181 // This is not supported for DevicePolicyCache. | 189 // This is not supported for DevicePolicyCache. |
| 182 } | 190 } |
| 183 | 191 |
| 184 void DevicePolicyCache::OnRetrievePolicyCompleted( | 192 void DevicePolicyCache::OnRetrievePolicyCompleted( |
| 185 chromeos::SignedSettings::ReturnCode code, | 193 chromeos::SignedSettings::ReturnCode code, |
| 186 const em::PolicyFetchResponse& policy) { | 194 const em::PolicyFetchResponse& policy) { |
| 187 DCHECK(CalledOnValidThread()); | 195 DCHECK(CalledOnValidThread()); |
| 188 if (starting_up_) { | 196 if (starting_up_) { |
| 189 starting_up_ = false; | 197 starting_up_ = false; |
| 190 if (code == chromeos::SignedSettings::NOT_FOUND || | 198 if (code == chromeos::SignedSettings::NOT_FOUND || |
| 191 code == chromeos::SignedSettings::KEY_UNAVAILABLE || | 199 code == chromeos::SignedSettings::KEY_UNAVAILABLE || |
| 192 !policy.has_policy_data()) { | 200 !policy.has_policy_data()) { |
| 193 InformNotifier(CloudPolicySubsystem::UNENROLLED, | 201 InformNotifier(CloudPolicySubsystem::UNENROLLED, |
| 194 CloudPolicySubsystem::NO_DETAILS); | 202 CloudPolicySubsystem::NO_DETAILS); |
| 195 return; | 203 return; |
| 196 } | 204 } |
| 197 em::PolicyData policy_data; | 205 em::PolicyData policy_data; |
| 198 if (!policy_data.ParseFromString(policy.policy_data())) { | 206 if (!policy_data.ParseFromString(policy.policy_data())) { |
| 199 LOG(WARNING) << "Failed to parse PolicyData protobuf."; | 207 LOG(WARNING) << "Failed to parse PolicyData protobuf."; |
| 208 em::LogPolicyOperation(em::kPolicyLoadFailed); | |
| 200 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 209 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 201 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 210 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 202 return; | 211 return; |
| 203 } | 212 } |
| 204 if (!policy_data.has_request_token() || | 213 if (!policy_data.has_request_token() || |
| 205 policy_data.request_token().empty()) { | 214 policy_data.request_token().empty()) { |
| 206 SetUnmanagedInternal(base::Time::NowFromSystemTime()); | 215 SetUnmanagedInternal(base::Time::NowFromSystemTime()); |
| 207 InformNotifier(CloudPolicySubsystem::UNMANAGED, | 216 InformNotifier(CloudPolicySubsystem::UNMANAGED, |
| 208 CloudPolicySubsystem::NO_DETAILS); | 217 CloudPolicySubsystem::NO_DETAILS); |
| 209 // TODO(jkummerow): Reminder: When we want to feed device-wide settings | 218 // TODO(jkummerow): Reminder: When we want to feed device-wide settings |
| 210 // made by a local owner into this cache, we need to call | 219 // made by a local owner into this cache, we need to call |
| 211 // SetPolicyInternal() here. | 220 // SetPolicyInternal() here. |
| 212 return; | 221 return; |
| 213 } | 222 } |
| 214 if (!policy_data.has_username() || !policy_data.has_device_id()) { | 223 if (!policy_data.has_username() || !policy_data.has_device_id()) { |
| 224 em::LogPolicyOperation(em::kPolicyLoadFailed); | |
| 215 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 225 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 216 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 226 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 217 return; | 227 return; |
| 218 } | 228 } |
| 219 identity_strategy_->SetDeviceManagementCredentials( | 229 identity_strategy_->SetDeviceManagementCredentials( |
| 220 policy_data.username(), | 230 policy_data.username(), |
| 221 policy_data.device_id(), | 231 policy_data.device_id(), |
| 222 policy_data.request_token()); | 232 policy_data.request_token()); |
| 223 SetPolicyInternal(policy, NULL, false); | 233 SetPolicyInternal(policy, NULL, false); |
| 224 } else { // In other words, starting_up_ == false. | 234 } else { // In other words, starting_up_ == false. |
| 225 if (code != chromeos::SignedSettings::SUCCESS) { | 235 if (code != chromeos::SignedSettings::SUCCESS) { |
| 226 if (code == chromeos::SignedSettings::BAD_SIGNATURE) { | 236 if (code == chromeos::SignedSettings::BAD_SIGNATURE) { |
| 237 em::LogPolicyOperation(em::kPolicyFetchBadSignature); | |
| 227 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 238 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 228 CloudPolicySubsystem::SIGNATURE_MISMATCH); | 239 CloudPolicySubsystem::SIGNATURE_MISMATCH); |
| 229 } else { | 240 } else { |
| 241 em::LogPolicyOperation(em::kPolicyFetchOtherFailed); | |
| 230 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 242 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 231 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 243 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 232 } | 244 } |
| 233 return; | 245 return; |
| 234 } | 246 } |
| 235 SetPolicyInternal(policy, NULL, false); | 247 bool ok = SetPolicyInternal(policy, NULL, false); |
| 248 if (ok) { | |
| 249 em::LogPolicyOperation(em::kPolicyFetchOK); | |
| 250 } | |
| 236 } | 251 } |
| 237 } | 252 } |
| 238 | 253 |
| 239 bool DevicePolicyCache::DecodePolicyData(const em::PolicyData& policy_data, | 254 bool DevicePolicyCache::DecodePolicyData(const em::PolicyData& policy_data, |
| 240 PolicyMap* mandatory, | 255 PolicyMap* mandatory, |
| 241 PolicyMap* recommended) { | 256 PolicyMap* recommended) { |
| 242 em::ChromeDeviceSettingsProto policy; | 257 em::ChromeDeviceSettingsProto policy; |
| 243 if (!policy.ParseFromString(policy_data.policy_value())) { | 258 if (!policy.ParseFromString(policy_data.policy_value())) { |
| 244 LOG(WARNING) << "Failed to parse ChromeDeviceSettingsProto."; | 259 LOG(WARNING) << "Failed to parse ChromeDeviceSettingsProto."; |
| 260 em::LogPolicyOperation(em::kPolicyFetchInvalidPolicy); | |
|
kmixter1
2011/06/28 01:06:02
Is there a user policy equivalent to this or are u
Joao da Silva
2011/06/30 12:57:00
There is an equivalent. Actually both invalid user
| |
| 245 return false; | 261 return false; |
| 246 } | 262 } |
| 247 DecodeDevicePolicy(policy, mandatory, recommended); | 263 DecodeDevicePolicy(policy, mandatory, recommended); |
| 248 return true; | 264 return true; |
| 249 } | 265 } |
| 250 | 266 |
| 251 void DevicePolicyCache::PolicyStoreOpCompleted( | 267 void DevicePolicyCache::PolicyStoreOpCompleted( |
| 252 chromeos::SignedSettings::ReturnCode code) { | 268 chromeos::SignedSettings::ReturnCode code) { |
| 253 DCHECK(CalledOnValidThread()); | 269 DCHECK(CalledOnValidThread()); |
| 254 if (code != chromeos::SignedSettings::SUCCESS) { | 270 if (code != chromeos::SignedSettings::SUCCESS) { |
| 271 em::LogPolicyOperation(em::kPolicyStoreFailed); | |
| 255 if (code == chromeos::SignedSettings::BAD_SIGNATURE) { | 272 if (code == chromeos::SignedSettings::BAD_SIGNATURE) { |
| 273 em::LogPolicyOperation(em::kPolicyFetchBadSignature); | |
| 256 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 274 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 257 CloudPolicySubsystem::SIGNATURE_MISMATCH); | 275 CloudPolicySubsystem::SIGNATURE_MISMATCH); |
| 258 } else { | 276 } else { |
| 277 em::LogPolicyOperation(em::kPolicyFetchOtherFailed); | |
| 259 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, | 278 InformNotifier(CloudPolicySubsystem::LOCAL_ERROR, |
| 260 CloudPolicySubsystem::POLICY_LOCAL_ERROR); | 279 CloudPolicySubsystem::POLICY_LOCAL_ERROR); |
| 261 } | 280 } |
| 262 return; | 281 return; |
| 263 } | 282 } |
| 264 signed_settings_helper_->StartRetrievePolicyOp(this); | 283 signed_settings_helper_->StartRetrievePolicyOp(this); |
| 265 } | 284 } |
| 266 | 285 |
| 267 // static | 286 // static |
| 268 void DevicePolicyCache::DecodeDevicePolicy( | 287 void DevicePolicyCache::DecodeDevicePolicy( |
| (...skipping 26 matching lines...) Expand all Loading... | |
| 295 Value::CreateStringValue(container.proxy_pac_url())); | 314 Value::CreateStringValue(container.proxy_pac_url())); |
| 296 } | 315 } |
| 297 if (container.has_proxy_bypass_list()) { | 316 if (container.has_proxy_bypass_list()) { |
| 298 recommended->Set(kPolicyProxyBypassList, | 317 recommended->Set(kPolicyProxyBypassList, |
| 299 Value::CreateStringValue(container.proxy_bypass_list())); | 318 Value::CreateStringValue(container.proxy_bypass_list())); |
| 300 } | 319 } |
| 301 } | 320 } |
| 302 } | 321 } |
| 303 | 322 |
| 304 } // namespace policy | 323 } // namespace policy |
| OLD | NEW |
