Index: chrome/browser/policy/device_local_account_policy_store.cc |
diff --git a/chrome/browser/policy/device_local_account_policy_store.cc b/chrome/browser/policy/device_local_account_policy_store.cc |
deleted file mode 100644 |
index 7f93f11274b6a109d3faf2e1890e1bb0ba05e806..0000000000000000000000000000000000000000 |
--- a/chrome/browser/policy/device_local_account_policy_store.cc |
+++ /dev/null |
@@ -1,172 +0,0 @@ |
-// Copyright (c) 2012 The Chromium Authors. All rights reserved. |
-// Use of this source code is governed by a BSD-style license that can be |
-// found in the LICENSE file. |
- |
-#include "chrome/browser/policy/device_local_account_policy_store.h" |
- |
-#include "base/bind.h" |
-#include "base/values.h" |
-#include "chrome/browser/policy/device_management_service.h" |
-#include "chrome/browser/policy/policy_types.h" |
-#include "chrome/browser/policy/proto/cloud_policy.pb.h" |
-#include "chrome/browser/policy/proto/device_management_backend.pb.h" |
-#include "chromeos/dbus/session_manager_client.h" |
-#include "policy/policy_constants.h" |
- |
-namespace em = enterprise_management; |
- |
-namespace policy { |
- |
-DeviceLocalAccountPolicyStore::DeviceLocalAccountPolicyStore( |
- const std::string& account_id, |
- chromeos::SessionManagerClient* session_manager_client, |
- chromeos::DeviceSettingsService* device_settings_service) |
- : account_id_(account_id), |
- session_manager_client_(session_manager_client), |
- device_settings_service_(device_settings_service), |
- ALLOW_THIS_IN_INITIALIZER_LIST(weak_factory_(this)) {} |
- |
-DeviceLocalAccountPolicyStore::~DeviceLocalAccountPolicyStore() {} |
- |
-void DeviceLocalAccountPolicyStore::Load() { |
- weak_factory_.InvalidateWeakPtrs(); |
- session_manager_client_->RetrieveDeviceLocalAccountPolicy( |
- account_id_, |
- base::Bind(&DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob, |
- weak_factory_.GetWeakPtr())); |
-} |
- |
-void DeviceLocalAccountPolicyStore::Store( |
- const em::PolicyFetchResponse& policy) { |
- weak_factory_.InvalidateWeakPtrs(); |
- CheckKeyAndValidate( |
- make_scoped_ptr(new em::PolicyFetchResponse(policy)), |
- base::Bind(&DeviceLocalAccountPolicyStore::StoreValidatedPolicy, |
- weak_factory_.GetWeakPtr())); |
-} |
- |
-void DeviceLocalAccountPolicyStore::ValidateLoadedPolicyBlob( |
- const std::string& policy_blob) { |
- if (policy_blob.empty()) { |
- status_ = CloudPolicyStore::STATUS_LOAD_ERROR; |
- NotifyStoreError(); |
- } else { |
- scoped_ptr<em::PolicyFetchResponse> policy(new em::PolicyFetchResponse()); |
- if (policy->ParseFromString(policy_blob)) { |
- CheckKeyAndValidate( |
- policy.Pass(), |
- base::Bind(&DeviceLocalAccountPolicyStore::UpdatePolicy, |
- weak_factory_.GetWeakPtr())); |
- } else { |
- status_ = CloudPolicyStore::STATUS_PARSE_ERROR; |
- NotifyStoreError(); |
- } |
- } |
-} |
- |
-void DeviceLocalAccountPolicyStore::UpdatePolicy( |
- UserCloudPolicyValidator* validator) { |
- validation_status_ = validator->status(); |
- if (!validator->success()) { |
- status_ = STATUS_VALIDATION_ERROR; |
- NotifyStoreError(); |
- return; |
- } |
- |
- InstallPolicy(validator->policy_data().Pass(), validator->payload().Pass()); |
- // Force the |ShelfAutoHideBehavior| policy to |Never|, ensuring that the ash |
- // shelf does not auto-hide. |
- policy_map_.Set(key::kShelfAutoHideBehavior, |
- POLICY_LEVEL_MANDATORY, |
- POLICY_SCOPE_USER, |
- Value::CreateStringValue("Never")); |
- // Force the |ShowLogoutButtonInTray| policy to |true|, ensuring that a big, |
- // red logout button is shown in the ash system tray. |
- policy_map_.Set(key::kShowLogoutButtonInTray, |
- POLICY_LEVEL_MANDATORY, |
- POLICY_SCOPE_USER, |
- Value::CreateBooleanValue(true)); |
- // Restrict device-local accounts to hosted apps for now (i.e. no extensions, |
- // packaged apps etc.) for security/privacy reasons (i.e. we'd like to |
- // prevent the admin from stealing private information from random people). |
- scoped_ptr<base::ListValue> allowed_extension_types(new base::ListValue()); |
- allowed_extension_types->AppendString("hosted_app"); |
- policy_map_.Set(key::kExtensionAllowedTypes, |
- POLICY_LEVEL_MANDATORY, |
- POLICY_SCOPE_USER, |
- allowed_extension_types.release()); |
- |
- status_ = STATUS_OK; |
- NotifyStoreLoaded(); |
-} |
- |
-void DeviceLocalAccountPolicyStore::StoreValidatedPolicy( |
- UserCloudPolicyValidator* validator) { |
- if (!validator->success()) { |
- status_ = CloudPolicyStore::STATUS_VALIDATION_ERROR; |
- validation_status_ = validator->status(); |
- NotifyStoreError(); |
- return; |
- } |
- |
- std::string policy_blob; |
- if (!validator->policy()->SerializeToString(&policy_blob)) { |
- status_ = CloudPolicyStore::STATUS_SERIALIZE_ERROR; |
- NotifyStoreError(); |
- return; |
- } |
- |
- session_manager_client_->StoreDeviceLocalAccountPolicy( |
- account_id_, |
- policy_blob, |
- base::Bind(&DeviceLocalAccountPolicyStore::HandleStoreResult, |
- weak_factory_.GetWeakPtr())); |
-} |
- |
-void DeviceLocalAccountPolicyStore::HandleStoreResult(bool success) { |
- if (!success) { |
- status_ = CloudPolicyStore::STATUS_STORE_ERROR; |
- NotifyStoreError(); |
- } else { |
- Load(); |
- } |
-} |
- |
-void DeviceLocalAccountPolicyStore::CheckKeyAndValidate( |
- scoped_ptr<em::PolicyFetchResponse> policy, |
- const UserCloudPolicyValidator::CompletionCallback& callback) { |
- device_settings_service_->GetOwnershipStatusAsync( |
- base::Bind(&DeviceLocalAccountPolicyStore::Validate, |
- weak_factory_.GetWeakPtr(), |
- base::Passed(&policy), |
- callback)); |
-} |
- |
-void DeviceLocalAccountPolicyStore::Validate( |
- scoped_ptr<em::PolicyFetchResponse> policy_response, |
- const UserCloudPolicyValidator::CompletionCallback& callback, |
- chromeos::DeviceSettingsService::OwnershipStatus ownership_status, |
- bool is_owner) { |
- DCHECK_NE(chromeos::DeviceSettingsService::OWNERSHIP_UNKNOWN, |
- ownership_status); |
- chromeos::OwnerKey* key = device_settings_service_->GetOwnerKey(); |
- if (!key->public_key()) { |
- status_ = CloudPolicyStore::STATUS_BAD_STATE; |
- NotifyStoreLoaded(); |
- return; |
- } |
- |
- scoped_ptr<UserCloudPolicyValidator> validator( |
- UserCloudPolicyValidator::Create(policy_response.Pass())); |
- validator->ValidateUsername(account_id_); |
- validator->ValidatePolicyType(dm_protocol::kChromePublicAccountPolicyType); |
- validator->ValidateAgainstCurrentPolicy( |
- policy(), |
- CloudPolicyValidatorBase::TIMESTAMP_REQUIRED, |
- CloudPolicyValidatorBase::DM_TOKEN_REQUIRED); |
- validator->ValidatePayload(); |
- validator->ValidateSignature(*key->public_key(), false); |
- validator.release()->StartValidation(callback); |
-} |
- |
-} // namespace policy |