chrome/browser/policy/device_local_account_policy_store.cc - Issue 12189011: Split up chrome/browser/policy subdirectory

Side by Side Diff: chrome/browser/policy/device_local_account_policy_store.cc

Issue 12189011: Split up chrome/browser/policy subdirectory (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase, add chrome/browser/chromeos/policy/OWNERS Created 7 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "chrome/browser/policy/device_local_account_policy_store.h"

6

7 #include "base/bind.h"

8 #include "base/values.h"

9 #include "chrome/browser/policy/device_management_service.h"

10 #include "chrome/browser/policy/policy_types.h"

11 #include "chrome/browser/policy/proto/cloud_policy.pb.h"

12 #include "chrome/browser/policy/proto/device_management_backend.pb.h"

13 #include "chromeos/dbus/session_manager_client.h"

14 #include "policy/policy_constants.h"

15

16 namespace em = enterprise_management;

17

18 namespace policy {

19

20 DeviceLocalAccountPolicyStore::DeviceLocalAccountPolicyStore(

21 const std::string& account_id,

22 chromeos::SessionManagerClient* session_manager_client,

23 chromeos::DeviceSettingsService* device_settings_service)

24 : account_id_(account_id),

25 session_manager_client_(session_manager_client),

26 device_settings_service_(device_settings_service),

27 ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) {}

28

29 DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {}

30

31 void DeviceLocalAccountPolicyStore::Load() {

32 weak_factory_.InvalidateWeakPtrs();

33 session_manager_client_->RetrieveDeviceLocalAccountPolicy(

34 account_id_,

35 base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob,

36 weak_factory_.GetWeakPtr()));

37 }

38

39 void DeviceLocalAccountPolicyStore::Store(

40 const em::PolicyFetchResponse& policy) {

41 weak_factory_.InvalidateWeakPtrs();

42 CheckKeyAndValidate(

43 make_scoped_ptr(new em::PolicyFetchResponse(policy)),

44 base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy,

45 weak_factory_.GetWeakPtr()));

46 }

47

48 void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob(

49 const std::string& policy_blob) {

50 if (policy_blob.empty()) {

51 status_ = CloudPolicyStore::STATUS_LOAD_ERROR;

52 NotifyStoreError();

53 } else {

54 scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse());

55 if (policy->ParseFromString(policy_blob)) {

56 CheckKeyAndValidate(

57 policy.Pass(),

58 base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy,

59 weak_factory_.GetWeakPtr()));

60 } else {

61 status_ = CloudPolicyStore::STATUS_PARSE_ERROR;

62 NotifyStoreError();

63 }

64 }

65 }

66

67 void DeviceLocalAccountPolicyStore::UpdatePolicy(

68 UserCloudPolicyValidator* validator) {

69 validation_status_ = validator->status();

70 if (!validator->success()) {

71 status_ = STATUS_VALIDATION_ERROR;

72 NotifyStoreError();

73 return;

74 }

75

76 InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass());

77 // Force the \|ShelfAutoHideBehavior\| policy to \|Never\|, ensuring that the ash

78 // shelf does not auto-hide.

79 policy_map_.Set(key::kShelfAutoHideBehavior,

80 POLICY_LEVEL_MANDATORY,

81 POLICY_SCOPE_USER,

82 Value::CreateStringValue("Never"));

83 // Force the \|ShowLogoutButtonInTray\| policy to \|true\|, ensuring that a big,

84 // red logout button is shown in the ash system tray.

85 policy_map_.Set(key::kShowLogoutButtonInTray,

86 POLICY_LEVEL_MANDATORY,

87 POLICY_SCOPE_USER,

88 Value::CreateBooleanValue(true));

89 // Restrict device-local accounts to hosted apps for now (i.e. no extensions,

90 // packaged apps etc.) for security/privacy reasons (i.e. we'd like to

91 // prevent the admin from stealing private information from random people).

92 scoped_ptr<base::ListValue> allowed_extension_types(new base::ListValue());

93 allowed_extension_types->AppendString("hosted_app");

94 policy_map_.Set(key::kExtensionAllowedTypes,

95 POLICY_LEVEL_MANDATORY,

96 POLICY_SCOPE_USER,

97 allowed_extension_types.release());

98

99 status_ = STATUS_OK;

100 NotifyStoreLoaded();

101 }

102

103 void DeviceLocalAccountPolicyStore::StoreValidatedPolicy(

104 UserCloudPolicyValidator* validator) {

105 if (!validator->success()) {

106 status_ = CloudPolicyStore::STATUS_VALIDATION_ERROR;

107 validation_status_ = validator->status();

108 NotifyStoreError();

109 return;

110 }

111

112 std::string policy_blob;

113 if (!validator->policy()->SerializeToString(&policy_blob)) {

114 status_ = CloudPolicyStore::STATUS_SERIALIZE_ERROR;

115 NotifyStoreError();

116 return;

117 }

118

119 session_manager_client_->StoreDeviceLocalAccountPolicy(

120 account_id_,

121 policy_blob,

122 base::Bind(&DeviceLocalAccountPolicyStore::HandleStoreResult,

123 weak_factory_.GetWeakPtr()));

124 }

125

126 void DeviceLocalAccountPolicyStore::HandleStoreResult(bool success) {

127 if (!success) {

128 status_ = CloudPolicyStore::STATUS_STORE_ERROR;

129 NotifyStoreError();

130 } else {

131 Load();

132 }

133 }

134

135 void DeviceLocalAccountPolicyStore::CheckKeyAndValidate(

136 scoped_ptr<em::PolicyFetchResponse> policy,

137 const UserCloudPolicyValidator::CompletionCallback& callback) {

138 device_settings_service_->GetOwnershipStatusAsync(

139 base::Bind(&DeviceLocalAccountPolicyStore::Validate,

140 weak_factory_.GetWeakPtr(),

141 base::Passed(&policy),

142 callback));

143 }

144

145 void DeviceLocalAccountPolicyStore::Validate(

146 scoped_ptr<em::PolicyFetchResponse> policy_response,

147 const UserCloudPolicyValidator::CompletionCallback& callback,

148 chromeos::DeviceSettingsService::OwnershipStatus ownership_status,

149 bool is_owner) {

150 DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN,

151 ownership_status);

152 chromeos::OwnerKey* key = device_settings_service_->GetOwnerKey();

153 if (!key->public_key()) {

154 status_ = CloudPolicyStore::STATUS_BAD_STATE;

155 NotifyStoreLoaded();

156 return;

157 }

158

159 scoped_ptr<UserCloudPolicyValidator> validator(

160 UserCloudPolicyValidator::Create(policy_response.Pass()));

161 validator->ValidateUsername(account_id_);

162 validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType);

163 validator->ValidateAgainstCurrentPolicy(

164 policy(),

165 CloudPolicyValidatorBase::TIMESTAMP_REQUIRED,

166 CloudPolicyValidatorBase::DM_TOKEN_REQUIRED);

167 validator->ValidatePayload();

168 validator->ValidateSignature(*key->public_key(), false);

169 validator.release()->StartValidation(callback);

170 }

171

172 } // namespace policy

OLD	NEW

« no previous file with comments | « chrome/browser/policy/device_local_account_policy_store.h ('k') | chrome/browser/policy/device_management_service.h » ('j') | no next file with comments »