Chromium Code Reviews Chromium Code Reviews
Issue 9466005:
Make sure the device recovers from policy loss in the consumer case. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/device_settings_provider.h" | 5 #include "chrome/browser/chromeos/device_settings_provider.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback.h" | 9 #include "base/callback.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| (...skipping 27 matching lines...) Expand all Loading... | |
| 38 | 38 |
| 39 const char* kBooleanSettings[] = { | 39 const char* kBooleanSettings[] = { |
| 40 kAccountsPrefAllowNewUser, | 40 kAccountsPrefAllowNewUser, |
| 41 kAccountsPrefAllowGuest, | 41 kAccountsPrefAllowGuest, |
| 42 kAccountsPrefShowUserNamesOnSignIn, | 42 kAccountsPrefShowUserNamesOnSignIn, |
| 43 kAccountsPrefEphemeralUsersEnabled, | 43 kAccountsPrefEphemeralUsersEnabled, |
| 44 kSignedDataRoamingEnabled, | 44 kSignedDataRoamingEnabled, |
| 45 kStatsReportingPref, | 45 kStatsReportingPref, |
| 46 kReportDeviceVersionInfo, | 46 kReportDeviceVersionInfo, |
| 47 kReportDeviceActivityTimes, | 47 kReportDeviceActivityTimes, |
| 48 kReportDeviceBootMode | 48 kReportDeviceBootMode, |
| 49 kPolicyMissingMitigationMode, | |
| 49 }; | 50 }; |
| 50 | 51 |
| 51 const char* kStringSettings[] = { | 52 const char* kStringSettings[] = { |
| 52 kDeviceOwner, | 53 kDeviceOwner, |
| 53 kReleaseChannel, | 54 kReleaseChannel, |
| 54 kSettingProxyEverywhere | 55 kSettingProxyEverywhere |
| 55 }; | 56 }; |
| 56 | 57 |
| 57 const char* kListSettings[] = { | 58 const char* kListSettings[] = { |
| 58 kAccountsPrefUsers | 59 kAccountsPrefUsers |
| (...skipping 450 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 509 if (pol.has_metrics_enabled()) | 510 if (pol.has_metrics_enabled()) |
| 510 ApplyMetricsSetting(false, pol.metrics_enabled().metrics_enabled()); | 511 ApplyMetricsSetting(false, pol.metrics_enabled().metrics_enabled()); |
| 511 else | 512 else |
| 512 ApplyMetricsSetting(true, false); | 513 ApplyMetricsSetting(true, false); |
| 513 // Next set the roaming setting as needed. | 514 // Next set the roaming setting as needed. |
| 514 ApplyRoamingSetting(pol.has_data_roaming_enabled() ? | 515 ApplyRoamingSetting(pol.has_data_roaming_enabled() ? |
| 515 pol.data_roaming_enabled().data_roaming_enabled() : false); | 516 pol.data_roaming_enabled().data_roaming_enabled() : false); |
| 516 } | 517 } |
| 517 | 518 |
| 518 bool DeviceSettingsProvider::MitigateMissingPolicy() { | 519 bool DeviceSettingsProvider::MitigateMissingPolicy() { |
| 519 // As this code runs only in exceptional cases it's fine to allow I/O here. | 520 // First check if the device has been owned already and if not exit |
| 520 base::ThreadRestrictions::ScopedAllowIO allow_io; | 521 // immediately. |
| 521 FilePath legacy_policy_file(kLegacyPolicyFile); | 522 //if (g_browser_process->browser_policy_connector()->GetDeviceMode() != |
| 522 // Check if legacy file exists but is not writable to avoid possible | 523 // policy::DEVICE_MODE_CONSUMER) |
| 523 // attack of creating this file through chronos (although this should be | 524 // return false; |
| 524 // not possible in root owned location), but better be safe than sorry. | 525 |
| 525 // TODO(pastarmovj): Remove this workaround once we have proper checking | 526 // If we are here the policy file were corrupted or missing. This can happen |
| 526 // for policy corruption or when Cr48 is phased out the very latest. | 527 // because we are migrating Pre R11 device to the new secure policies or there |
| 527 // See: http://crosbug.com/24916. | 528 // was an attempt to circumvent policy system. In this case we should populate |
| 528 if (file_util::PathExists(legacy_policy_file) && | 529 // the policy cache with "safe-mode" defaults which should allow the owner to |
| 529 !file_util::PathIsWritable(legacy_policy_file)) { | 530 // log in but lock the device for anyone else until the policy blob has been |
| 530 // We are in pre 11 dev upgrading to post 17 version mode. | 531 // recreated by the session manager. |
| 531 LOG(ERROR) << "Detected system upgraded from ChromeOS 11 or older with " | 532 LOG(ERROR) << "Corruption of the policy data has been detected." |
| 532 << "missing policies. Switching to migration policy mode " | 533 << "Switching to \"safe-mode\" policies until the owner logs in " |
| 533 << "until the owner logs in to regenerate the policy data."; | 534 << "to regenerate the policy data."; |
| 534 // In this situation we should pretend we have policy even though we | 535 values_cache_.SetBoolean(kAccountsPrefAllowNewUser, true); |
| 535 // don't until the owner logs in and restores the policy blob. | 536 values_cache_.SetBoolean(kAccountsPrefAllowGuest, true); |
| 536 values_cache_.SetBoolean(kAccountsPrefAllowNewUser, true); | 537 values_cache_.SetBoolean(kPolicyMissingMitigationMode, true); |
| 537 values_cache_.SetBoolean(kAccountsPrefAllowGuest, true); | 538 trusted_ = true; |
| 538 trusted_ = true; | 539 // Make sure we will recreate the policy once the owner logs in. |
| 539 // Make sure we will recreate the policy once the owner logs in. | 540 // Any value not in this list will be left to the default which is fine as |
| 540 // Any value not in this list will be left to the default which is fine as | 541 // we repopulate the whitelist with the owner and any other possible every |
|
Chris Masone
2012/02/24 18:49:45
Any other possible what?
pastarmovj
2012/03/13 15:21:55
Sorry it seems I have drifted away while writing t
| |
| 541 // we repopulate the whitelist with the owner and any other possible every | 542 // time the user enables whitelist filtering on the UI. |
| 542 // time the user enables whitelist filtering on the UI. | 543 migration_helper_->AddMigrationValue( |
| 543 migration_helper_->AddMigrationValue( | 544 kAccountsPrefAllowNewUser, base::Value::CreateBooleanValue(true)); |
| 544 kAccountsPrefAllowNewUser, base::Value::CreateBooleanValue(true)); | 545 migration_helper_->MigrateValues(); |
| 545 migration_helper_->MigrateValues(); | 546 // The last step is to pretend we loaded policy correctly and call everyone. |
| 546 // The last step is to pretend we loaded policy correctly and call everyone. | 547 for (size_t i = 0; i < callbacks_.size(); ++i) |
| 547 for (size_t i = 0; i < callbacks_.size(); ++i) | 548 callbacks_[i].Run(); |
| 548 callbacks_[i].Run(); | 549 callbacks_.clear(); |
| 549 callbacks_.clear(); | 550 return true; |
| 550 return true; | |
| 551 } | |
| 552 return false; | |
| 553 } | 551 } |
| 554 | 552 |
| 555 const base::Value* DeviceSettingsProvider::Get(const std::string& path) const { | 553 const base::Value* DeviceSettingsProvider::Get(const std::string& path) const { |
| 556 if (IsControlledSetting(path)) { | 554 if (IsControlledSetting(path)) { |
| 557 const base::Value* value; | 555 const base::Value* value; |
| 558 if (values_cache_.GetValue(path, &value)) | 556 if (values_cache_.GetValue(path, &value)) |
| 559 return value; | 557 return value; |
| 560 } else { | 558 } else { |
| 561 NOTREACHED() << "Trying to get non cros setting."; | 559 NOTREACHED() << "Trying to get non cros setting."; |
| 562 } | 560 } |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 621 trusted_ = true; | 619 trusted_ = true; |
| 622 for (size_t i = 0; i < callbacks_.size(); ++i) | 620 for (size_t i = 0; i < callbacks_.size(); ++i) |
| 623 callbacks_[i].Run(); | 621 callbacks_[i].Run(); |
| 624 callbacks_.clear(); | 622 callbacks_.clear(); |
| 625 // TODO(pastarmovj): Make those side effects responsibility of the | 623 // TODO(pastarmovj): Make those side effects responsibility of the |
| 626 // respective subsystems. | 624 // respective subsystems. |
| 627 ApplySideEffects(); | 625 ApplySideEffects(); |
| 628 break; | 626 break; |
| 629 } | 627 } |
| 630 case SignedSettings::NOT_FOUND: | 628 case SignedSettings::NOT_FOUND: |
| 631 // Verify if we don't have to mitigate pre Chrome 12 machine here and if | |
| 632 // needed do the magic. | |
| 633 if (MitigateMissingPolicy()) | 629 if (MitigateMissingPolicy()) |
| 634 break; | 630 break; |
| 635 case SignedSettings::KEY_UNAVAILABLE: { | 631 case SignedSettings::KEY_UNAVAILABLE: { |
| 636 if (ownership_status_ != OwnershipService::OWNERSHIP_TAKEN) | 632 if (ownership_status_ != OwnershipService::OWNERSHIP_TAKEN) |
| 637 NOTREACHED() << "No policies present yet, will use the temp storage."; | 633 NOTREACHED() << "No policies present yet, will use the temp storage."; |
| 638 break; | 634 break; |
| 639 } | 635 } |
| 640 case SignedSettings::BAD_SIGNATURE: | 636 case SignedSettings::BAD_SIGNATURE: |
| 641 case SignedSettings::OPERATION_FAILED: { | 637 case SignedSettings::OPERATION_FAILED: { |
| 642 LOG(ERROR) << "Failed to retrieve cros policies. Reason:" << code; | 638 LOG(ERROR) << "Failed to retrieve cros policies. Reason:" << code; |
| 643 if (retries_left_ > 0) { | 639 if (retries_left_ > 0) { |
| 644 retries_left_ -= 1; | 640 retries_left_ -= 1; |
| 645 Reload(); | 641 Reload(); |
| 646 return; | 642 return; |
| 647 } | 643 } |
| 648 LOG(ERROR) << "No retries left"; | 644 LOG(ERROR) << "No retries left"; |
| 649 break; | 645 break; |
| 650 } | 646 } |
| 651 } | 647 } |
| 652 } | 648 } |
| 653 | 649 |
| 654 } // namespace chromeos | 650 } // namespace chromeos |
| OLD | NEW |
