Chromium Code Reviews Chromium Code Reviews
Issue 1431563005:
Handle prohibited technologies in device policy ONC (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/managed_network_configuration_handler_impl.h" | 5 #include "chromeos/network/managed_network_configuration_handler_impl.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/guid.h" | 10 #include "base/guid.h" |
| (...skipping 408 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 419 Policies* policies = NULL; | 419 Policies* policies = NULL; |
| 420 if (ContainsKey(policies_by_user_, userhash)) { | 420 if (ContainsKey(policies_by_user_, userhash)) { |
| 421 policies = policies_by_user_[userhash].get(); | 421 policies = policies_by_user_[userhash].get(); |
| 422 } else { | 422 } else { |
| 423 policies = new Policies; | 423 policies = new Policies; |
| 424 policies_by_user_[userhash] = make_linked_ptr(policies); | 424 policies_by_user_[userhash] = make_linked_ptr(policies); |
| 425 } | 425 } |
| 426 | 426 |
| 427 policies->global_network_config.MergeDictionary(&global_network_config); | 427 policies->global_network_config.MergeDictionary(&global_network_config); |
| 428 | 428 |
| 429 // Update prohibited technologies. | |
| 430 const base::ListValue* prohibited_list = nullptr; | |
| 431 if (policies->global_network_config.GetListWithoutPathExpansion( | |
| 432 ::onc::global_network_config::kDisableNetworkTypes, | |
| 433 &prohibited_list)) { | |
| 434 // Prohobited technologies are only allowed in user policy. | |
| 435 DCHECK_EQ(::onc::ONC_SOURCE_DEVICE_POLICY, onc_source); | |
|
stevenjb
2015/11/10 21:40:21
Shouldn't this be checking for USER_POLICY? Also,
fqj
2015/11/11 16:53:54
I sent you a new PRD serveral days ago. It describ
stevenjb
2015/11/11 18:07:31
I saw that, I just wanted to make sure that this i
| |
| 436 | |
| 437 // Build up prohibited network type list and update NetworkStateHandler. | |
| 438 std::vector<std::string> prohibited_technologies; | |
| 439 for (const base::Value* item : *prohibited_list) { | |
| 440 std::string prohibited_technology; | |
| 441 item->GetAsString(&prohibited_technology); | |
| 442 prohibited_technologies.push_back( | |
| 443 network_util::TranslateONCTypeToShill(prohibited_technology)); | |
|
stevenjb
2015/11/10 21:40:21
We should validate the result of TranslateONCTypeT
fqj
2015/11/11 16:53:54
Done.
| |
| 444 } | |
| 445 network_state_handler_->SetProhibitedTechnologies( | |
| 446 prohibited_technologies, chromeos::network_handler::ErrorCallback()); | |
| 447 } | |
| 448 if (!userhash.empty()) | |
| 449 network_state_handler_->UserPolicyApplied(); | |
|
stevenjb
2015/11/10 21:40:21
I don't think we should need this extra call, but
fqj
2015/11/11 16:53:54
Done.
| |
| 450 | |
| 429 GuidToPolicyMap old_per_network_config; | 451 GuidToPolicyMap old_per_network_config; |
| 430 policies->per_network_config.swap(old_per_network_config); | 452 policies->per_network_config.swap(old_per_network_config); |
| 431 | 453 |
| 432 // This stores all GUIDs of policies that have changed or are new. | 454 // This stores all GUIDs of policies that have changed or are new. |
| 433 std::set<std::string> modified_policies; | 455 std::set<std::string> modified_policies; |
| 434 | 456 |
| 435 for (base::ListValue::const_iterator it = network_configs_onc.begin(); | 457 for (base::ListValue::const_iterator it = network_configs_onc.begin(); |
| 436 it != network_configs_onc.end(); ++it) { | 458 it != network_configs_onc.end(); ++it) { |
| 437 const base::DictionaryValue* network = NULL; | 459 const base::DictionaryValue* network = NULL; |
| 438 (*it)->GetAsDictionary(&network); | 460 (*it)->GetAsDictionary(&network); |
| (...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 708 void ManagedNetworkConfigurationHandlerImpl::Init( | 730 void ManagedNetworkConfigurationHandlerImpl::Init( |
| 709 NetworkStateHandler* network_state_handler, | 731 NetworkStateHandler* network_state_handler, |
| 710 NetworkProfileHandler* network_profile_handler, | 732 NetworkProfileHandler* network_profile_handler, |
| 711 NetworkConfigurationHandler* network_configuration_handler, | 733 NetworkConfigurationHandler* network_configuration_handler, |
| 712 NetworkDeviceHandler* network_device_handler) { | 734 NetworkDeviceHandler* network_device_handler) { |
| 713 network_state_handler_ = network_state_handler; | 735 network_state_handler_ = network_state_handler; |
| 714 network_profile_handler_ = network_profile_handler; | 736 network_profile_handler_ = network_profile_handler; |
| 715 network_configuration_handler_ = network_configuration_handler; | 737 network_configuration_handler_ = network_configuration_handler; |
| 716 network_device_handler_ = network_device_handler; | 738 network_device_handler_ = network_device_handler; |
| 717 network_profile_handler_->AddObserver(this); | 739 network_profile_handler_->AddObserver(this); |
| 740 | |
| 741 // Clear the list of prohibited network technologies. As a user logout always | |
| 742 // triggers a browser process restart, Init() is always invoked to reallow any | |
| 743 // network technology forbidden for the previous user. | |
| 744 network_state_handler_->SetProhibitedTechnologies( | |
| 745 std::vector<std::string>(), chromeos::network_handler::ErrorCallback()); | |
|
stevenjb
2015/11/10 21:40:21
This is not the right place to do this. We should
fqj
2015/11/11 16:53:54
Moved to the new ProhibitedTechnologiesHandler::In
| |
| 718 } | 746 } |
| 719 | 747 |
| 720 void ManagedNetworkConfigurationHandlerImpl::OnPolicyAppliedToNetwork( | 748 void ManagedNetworkConfigurationHandlerImpl::OnPolicyAppliedToNetwork( |
| 721 const std::string& service_path) { | 749 const std::string& service_path) { |
| 722 if (service_path.empty()) | 750 if (service_path.empty()) |
| 723 return; | 751 return; |
| 724 FOR_EACH_OBSERVER( | 752 FOR_EACH_OBSERVER( |
| 725 NetworkPolicyObserver, observers_, PolicyAppliedToNetwork(service_path)); | 753 NetworkPolicyObserver, observers_, PolicyAppliedToNetwork(service_path)); |
| 726 } | 754 } |
| 727 | 755 |
| (...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 843 scoped_ptr<base::DictionaryValue> network_properties, | 871 scoped_ptr<base::DictionaryValue> network_properties, |
| 844 GetDevicePropertiesCallback send_callback, | 872 GetDevicePropertiesCallback send_callback, |
| 845 const std::string& error_name, | 873 const std::string& error_name, |
| 846 scoped_ptr<base::DictionaryValue> error_data) { | 874 scoped_ptr<base::DictionaryValue> error_data) { |
| 847 NET_LOG_ERROR("Error getting device properties", service_path); | 875 NET_LOG_ERROR("Error getting device properties", service_path); |
| 848 send_callback.Run(service_path, network_properties.Pass()); | 876 send_callback.Run(service_path, network_properties.Pass()); |
| 849 } | 877 } |
| 850 | 878 |
| 851 | 879 |
| 852 } // namespace chromeos | 880 } // namespace chromeos |
| OLD | NEW |
