OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "components/policy/core/common/policy_loader_win.h" | 5 #include "components/policy/core/common/policy_loader_win.h" |
6 | 6 |
7 #include <windows.h> | 7 #include <windows.h> |
8 #include <lm.h> // For limits. | 8 #include <lm.h> // For limits. |
9 #include <ntdsapi.h> // For Ds[Un]Bind | 9 #include <ntdsapi.h> // For Ds[Un]Bind |
10 #include <rpc.h> // For struct GUID | 10 #include <rpc.h> // For struct GUID |
(...skipping 17 matching lines...) Expand all Loading... | |
28 #include "base/json/json_writer.h" | 28 #include "base/json/json_writer.h" |
29 #include "base/lazy_instance.h" | 29 #include "base/lazy_instance.h" |
30 #include "base/logging.h" | 30 #include "base/logging.h" |
31 #include "base/metrics/histogram.h" | 31 #include "base/metrics/histogram.h" |
32 #include "base/scoped_native_library.h" | 32 #include "base/scoped_native_library.h" |
33 #include "base/sequenced_task_runner.h" | 33 #include "base/sequenced_task_runner.h" |
34 #include "base/stl_util.h" | 34 #include "base/stl_util.h" |
35 #include "base/strings/string16.h" | 35 #include "base/strings/string16.h" |
36 #include "base/strings/string_util.h" | 36 #include "base/strings/string_util.h" |
37 #include "base/values.h" | 37 #include "base/values.h" |
38 #include "base/win/win_util.h" | |
38 #include "base/win/windows_version.h" | 39 #include "base/win/windows_version.h" |
39 #include "components/json_schema/json_schema_constants.h" | 40 #include "components/json_schema/json_schema_constants.h" |
40 #include "components/policy/core/common/policy_bundle.h" | 41 #include "components/policy/core/common/policy_bundle.h" |
41 #include "components/policy/core/common/policy_load_status.h" | 42 #include "components/policy/core/common/policy_load_status.h" |
42 #include "components/policy/core/common/policy_map.h" | 43 #include "components/policy/core/common/policy_map.h" |
43 #include "components/policy/core/common/policy_namespace.h" | 44 #include "components/policy/core/common/policy_namespace.h" |
44 #include "components/policy/core/common/preg_parser_win.h" | 45 #include "components/policy/core/common/preg_parser_win.h" |
45 #include "components/policy/core/common/registry_dict_win.h" | 46 #include "components/policy/core/common/registry_dict_win.h" |
46 #include "components/policy/core/common/schema.h" | 47 #include "components/policy/core/common/schema.h" |
47 | 48 |
(...skipping 291 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
339 | 340 |
340 // Policy scope and corresponding hive. | 341 // Policy scope and corresponding hive. |
341 static const struct { | 342 static const struct { |
342 PolicyScope scope; | 343 PolicyScope scope; |
343 HKEY hive; | 344 HKEY hive; |
344 } kScopes[] = { | 345 } kScopes[] = { |
345 { POLICY_SCOPE_MACHINE, HKEY_LOCAL_MACHINE }, | 346 { POLICY_SCOPE_MACHINE, HKEY_LOCAL_MACHINE }, |
346 { POLICY_SCOPE_USER, HKEY_CURRENT_USER }, | 347 { POLICY_SCOPE_USER, HKEY_CURRENT_USER }, |
347 }; | 348 }; |
348 | 349 |
350 bool is_enterprise = base::win::IsEnrolledToDomain(); | |
351 | |
349 // Load policy data for the different scopes/levels and merge them. | 352 // Load policy data for the different scopes/levels and merge them. |
350 scoped_ptr<PolicyBundle> bundle(new PolicyBundle()); | 353 scoped_ptr<PolicyBundle> bundle(new PolicyBundle()); |
351 PolicyMap* chrome_policy = | 354 PolicyMap* chrome_policy = |
352 &bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); | 355 &bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())); |
353 for (size_t i = 0; i < arraysize(kScopes); ++i) { | 356 for (size_t i = 0; i < arraysize(kScopes); ++i) { |
354 PolicyScope scope = kScopes[i].scope; | 357 PolicyScope scope = kScopes[i].scope; |
355 PolicyLoadStatusSample status; | 358 PolicyLoadStatusSample status; |
356 RegistryDict gpo_dict; | 359 RegistryDict gpo_dict; |
357 | 360 |
358 // Note: GPO rules mandate a call to EnterCriticalPolicySection() here, and | 361 // Note: GPO rules mandate a call to EnterCriticalPolicySection() here, and |
359 // a matching LeaveCriticalPolicySection() call below after the | 362 // a matching LeaveCriticalPolicySection() call below after the |
360 // ReadPolicyFromGPO() block. Unfortunately, the policy mutex may be | 363 // ReadPolicyFromGPO() block. Unfortunately, the policy mutex may be |
361 // unavailable for extended periods of time, and there are reports of this | 364 // unavailable for extended periods of time, and there are reports of this |
362 // happening in the wild: http://crbug.com/265862. | 365 // happening in the wild: http://crbug.com/265862. |
363 // | 366 // |
364 // Blocking for minutes is neither acceptable for Chrome startup, nor on | 367 // Blocking for minutes is neither acceptable for Chrome startup, nor on |
365 // the FILE thread on which this code runs in steady state. Given that | 368 // the FILE thread on which this code runs in steady state. Given that |
366 // there have never been any reports of issues due to partially-applied / | 369 // there have never been any reports of issues due to partially-applied / |
367 // corrupt group policy, this code intentionally omits the | 370 // corrupt group policy, this code intentionally omits the |
368 // EnterCriticalPolicySection() call. | 371 // EnterCriticalPolicySection() call. |
369 // | 372 // |
370 // If there's ever reason to revisit this decision, one option could be to | 373 // If there's ever reason to revisit this decision, one option could be to |
371 // make the EnterCriticalPolicySection() call on a dedicated thread and | 374 // make the EnterCriticalPolicySection() call on a dedicated thread and |
372 // timeout on it more aggressively. For now, there's no justification for | 375 // timeout on it more aggressively. For now, there's no justification for |
373 // the additional effort this would introduce. | 376 // the additional effort this would introduce. |
374 | 377 |
375 if (!ReadPolicyFromGPO(scope, &gpo_dict, &status)) { | 378 if (is_enterprise || !ReadPolicyFromGPO(scope, &gpo_dict, &status)) { |
376 VLOG(1) << "Failed to read GPO files for " << scope | 379 VLOG(1) << (!is_enterprise ? "Failed to read GPO files for " : "For ") |
377 << " falling back to registry."; | 380 << scope << " falling back to registry."; |
Mattias Nissler (ping if slow)
2014/02/05 13:23:42
This is silly. Just turn the log message into:
VL
pastarmovj
2014/02/05 14:05:45
The idea was to achieve both with one go :)
| |
378 gpo_dict.ReadRegistry(kScopes[i].hive, chrome_policy_key_); | 381 gpo_dict.ReadRegistry(kScopes[i].hive, chrome_policy_key_); |
379 } | 382 } |
380 | 383 |
381 // Remove special-cased entries from the GPO dictionary. | 384 // Remove special-cased entries from the GPO dictionary. |
382 scoped_ptr<RegistryDict> recommended_dict( | 385 scoped_ptr<RegistryDict> recommended_dict( |
383 gpo_dict.RemoveKey(kKeyRecommended)); | 386 gpo_dict.RemoveKey(kKeyRecommended)); |
384 scoped_ptr<RegistryDict> third_party_dict( | 387 scoped_ptr<RegistryDict> third_party_dict( |
385 gpo_dict.RemoveKey(kKeyThirdParty)); | 388 gpo_dict.RemoveKey(kKeyThirdParty)); |
386 | 389 |
387 // Load Chrome policy. | 390 // Load Chrome policy. |
(...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
592 | 595 |
593 void PolicyLoaderWin::OnObjectSignaled(HANDLE object) { | 596 void PolicyLoaderWin::OnObjectSignaled(HANDLE object) { |
594 DCHECK(object == user_policy_changed_event_.handle() || | 597 DCHECK(object == user_policy_changed_event_.handle() || |
595 object == machine_policy_changed_event_.handle()) | 598 object == machine_policy_changed_event_.handle()) |
596 << "unexpected object signaled policy reload, obj = " | 599 << "unexpected object signaled policy reload, obj = " |
597 << std::showbase << std::hex << object; | 600 << std::showbase << std::hex << object; |
598 Reload(false); | 601 Reload(false); |
599 } | 602 } |
600 | 603 |
601 } // namespace policy | 604 } // namespace policy |
OLD | NEW |