OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Most of this code is copied from: | 5 // Most of this code is copied from: |
6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc} | 6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc} |
7 | 7 |
8 #include "remoting/host/policy_watcher.h" | 8 #include "remoting/host/policy_watcher.h" |
9 | 9 |
| 10 #include <utility> |
| 11 |
10 #include "base/bind.h" | 12 #include "base/bind.h" |
11 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
12 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
13 #include "base/location.h" | 15 #include "base/location.h" |
14 #include "base/single_thread_task_runner.h" | 16 #include "base/single_thread_task_runner.h" |
15 #include "base/values.h" | 17 #include "base/values.h" |
16 #include "build/build_config.h" | 18 #include "build/build_config.h" |
17 #include "components/policy/core/common/async_policy_loader.h" | 19 #include "components/policy/core/common/async_policy_loader.h" |
18 #include "components/policy/core/common/async_policy_provider.h" | 20 #include "components/policy/core/common/async_policy_provider.h" |
19 #include "components/policy/core/common/policy_namespace.h" | 21 #include "components/policy/core/common/policy_namespace.h" |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
56 | 58 |
57 // If the policy isn't in |from|, use the default. | 59 // If the policy isn't in |from|, use the default. |
58 if (!from.Get(i.key(), &value)) { | 60 if (!from.Get(i.key(), &value)) { |
59 continue; | 61 continue; |
60 } | 62 } |
61 | 63 |
62 CHECK(value->IsType(i.value().GetType())); | 64 CHECK(value->IsType(i.value().GetType())); |
63 to->Set(i.key(), value->DeepCopy()); | 65 to->Set(i.key(), value->DeepCopy()); |
64 } | 66 } |
65 | 67 |
66 return to.Pass(); | 68 return to; |
67 } | 69 } |
68 | 70 |
69 policy::PolicyNamespace GetPolicyNamespace() { | 71 policy::PolicyNamespace GetPolicyNamespace() { |
70 return policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string()); | 72 return policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string()); |
71 } | 73 } |
72 | 74 |
73 scoped_ptr<policy::SchemaRegistry> CreateSchemaRegistry() { | 75 scoped_ptr<policy::SchemaRegistry> CreateSchemaRegistry() { |
74 // TODO(lukasza): Schema below should ideally only cover Chromoting-specific | 76 // TODO(lukasza): Schema below should ideally only cover Chromoting-specific |
75 // policies (expecting perf and maintanability improvement, but no functional | 77 // policies (expecting perf and maintanability improvement, but no functional |
76 // impact). | 78 // impact). |
77 policy::Schema schema = policy::Schema::Wrap(policy::GetChromeSchemaData()); | 79 policy::Schema schema = policy::Schema::Wrap(policy::GetChromeSchemaData()); |
78 | 80 |
79 scoped_ptr<policy::SchemaRegistry> schema_registry( | 81 scoped_ptr<policy::SchemaRegistry> schema_registry( |
80 new policy::SchemaRegistry()); | 82 new policy::SchemaRegistry()); |
81 schema_registry->RegisterComponent(GetPolicyNamespace(), schema); | 83 schema_registry->RegisterComponent(GetPolicyNamespace(), schema); |
82 return schema_registry.Pass(); | 84 return schema_registry; |
83 } | 85 } |
84 | 86 |
85 scoped_ptr<base::DictionaryValue> CopyChromotingPoliciesIntoDictionary( | 87 scoped_ptr<base::DictionaryValue> CopyChromotingPoliciesIntoDictionary( |
86 const policy::PolicyMap& current) { | 88 const policy::PolicyMap& current) { |
87 const char kPolicyNameSubstring[] = "RemoteAccessHost"; | 89 const char kPolicyNameSubstring[] = "RemoteAccessHost"; |
88 scoped_ptr<base::DictionaryValue> policy_dict(new base::DictionaryValue()); | 90 scoped_ptr<base::DictionaryValue> policy_dict(new base::DictionaryValue()); |
89 for (auto it = current.begin(); it != current.end(); ++it) { | 91 for (auto it = current.begin(); it != current.end(); ++it) { |
90 const std::string& key = it->first; | 92 const std::string& key = it->first; |
91 const base::Value* value = it->second.value; | 93 const base::Value* value = it->second.value; |
92 | 94 |
93 // Copying only Chromoting-specific policies helps avoid false alarms | 95 // Copying only Chromoting-specific policies helps avoid false alarms |
94 // raised by NormalizePolicies below (such alarms shutdown the host). | 96 // raised by NormalizePolicies below (such alarms shutdown the host). |
95 // TODO(lukasza): Removing this somewhat brittle filtering will be possible | 97 // TODO(lukasza): Removing this somewhat brittle filtering will be possible |
96 // after having separate, Chromoting-specific schema. | 98 // after having separate, Chromoting-specific schema. |
97 if (key.find(kPolicyNameSubstring) != std::string::npos) { | 99 if (key.find(kPolicyNameSubstring) != std::string::npos) { |
98 policy_dict->Set(key, value->DeepCopy()); | 100 policy_dict->Set(key, value->DeepCopy()); |
99 } | 101 } |
100 } | 102 } |
101 | 103 |
102 return policy_dict.Pass(); | 104 return policy_dict; |
103 } | 105 } |
104 | 106 |
105 // Takes a dictionary containing only 1) recognized policy names and 2) | 107 // Takes a dictionary containing only 1) recognized policy names and 2) |
106 // well-typed policy values and further verifies policy contents. | 108 // well-typed policy values and further verifies policy contents. |
107 bool VerifyWellformedness(const base::DictionaryValue& changed_policies) { | 109 bool VerifyWellformedness(const base::DictionaryValue& changed_policies) { |
108 // Verify ThirdPartyAuthConfig policy. | 110 // Verify ThirdPartyAuthConfig policy. |
109 ThirdPartyAuthConfig not_used; | 111 ThirdPartyAuthConfig not_used; |
110 switch (ThirdPartyAuthConfig::Parse(changed_policies, ¬_used)) { | 112 switch (ThirdPartyAuthConfig::Parse(changed_policies, ¬_used)) { |
111 case ThirdPartyAuthConfig::NoPolicy: | 113 case ThirdPartyAuthConfig::NoPolicy: |
112 case ThirdPartyAuthConfig::ParsingSuccess: | 114 case ThirdPartyAuthConfig::ParsingSuccess: |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
160 } | 162 } |
161 | 163 |
162 PolicyWatcher::PolicyWatcher( | 164 PolicyWatcher::PolicyWatcher( |
163 policy::PolicyService* policy_service, | 165 policy::PolicyService* policy_service, |
164 scoped_ptr<policy::PolicyService> owned_policy_service, | 166 scoped_ptr<policy::PolicyService> owned_policy_service, |
165 scoped_ptr<policy::ConfigurationPolicyProvider> owned_policy_provider, | 167 scoped_ptr<policy::ConfigurationPolicyProvider> owned_policy_provider, |
166 scoped_ptr<policy::SchemaRegistry> owned_schema_registry) | 168 scoped_ptr<policy::SchemaRegistry> owned_schema_registry) |
167 : old_policies_(new base::DictionaryValue()), | 169 : old_policies_(new base::DictionaryValue()), |
168 default_values_(new base::DictionaryValue()), | 170 default_values_(new base::DictionaryValue()), |
169 policy_service_(policy_service), | 171 policy_service_(policy_service), |
170 owned_schema_registry_(owned_schema_registry.Pass()), | 172 owned_schema_registry_(std::move(owned_schema_registry)), |
171 owned_policy_provider_(owned_policy_provider.Pass()), | 173 owned_policy_provider_(std::move(owned_policy_provider)), |
172 owned_policy_service_(owned_policy_service.Pass()) { | 174 owned_policy_service_(std::move(owned_policy_service)) { |
173 DCHECK(policy_service_); | 175 DCHECK(policy_service_); |
174 DCHECK(owned_schema_registry_); | 176 DCHECK(owned_schema_registry_); |
175 | 177 |
176 // Initialize the default values for each policy. | 178 // Initialize the default values for each policy. |
177 default_values_->SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); | 179 default_values_->SetBoolean(key::kRemoteAccessHostFirewallTraversal, true); |
178 default_values_->SetBoolean(key::kRemoteAccessHostRequireCurtain, false); | 180 default_values_->SetBoolean(key::kRemoteAccessHostRequireCurtain, false); |
179 default_values_->SetBoolean(key::kRemoteAccessHostMatchUsername, false); | 181 default_values_->SetBoolean(key::kRemoteAccessHostMatchUsername, false); |
180 default_values_->SetString(key::kRemoteAccessHostDomain, std::string()); | 182 default_values_->SetString(key::kRemoteAccessHostDomain, std::string()); |
181 default_values_->SetString(key::kRemoteAccessHostTalkGadgetPrefix, | 183 default_values_->SetString(key::kRemoteAccessHostTalkGadgetPrefix, |
182 kDefaultHostTalkGadgetPrefix); | 184 kDefaultHostTalkGadgetPrefix); |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 key::kRemoteAccessHostTokenUrl); | 270 key::kRemoteAccessHostTokenUrl); |
269 CopyDictionaryValue(*new_policies, *changed_policies, | 271 CopyDictionaryValue(*new_policies, *changed_policies, |
270 key::kRemoteAccessHostTokenValidationUrl); | 272 key::kRemoteAccessHostTokenValidationUrl); |
271 CopyDictionaryValue(*new_policies, *changed_policies, | 273 CopyDictionaryValue(*new_policies, *changed_policies, |
272 key::kRemoteAccessHostTokenValidationCertificateIssuer); | 274 key::kRemoteAccessHostTokenValidationCertificateIssuer); |
273 } | 275 } |
274 | 276 |
275 // Save the new policies. | 277 // Save the new policies. |
276 old_policies_.swap(new_policies); | 278 old_policies_.swap(new_policies); |
277 | 279 |
278 return changed_policies.Pass(); | 280 return changed_policies; |
279 } | 281 } |
280 | 282 |
281 void PolicyWatcher::OnPolicyUpdated(const policy::PolicyNamespace& ns, | 283 void PolicyWatcher::OnPolicyUpdated(const policy::PolicyNamespace& ns, |
282 const policy::PolicyMap& previous, | 284 const policy::PolicyMap& previous, |
283 const policy::PolicyMap& current) { | 285 const policy::PolicyMap& current) { |
284 scoped_ptr<base::DictionaryValue> new_policies = | 286 scoped_ptr<base::DictionaryValue> new_policies = |
285 CopyChromotingPoliciesIntoDictionary(current); | 287 CopyChromotingPoliciesIntoDictionary(current); |
286 | 288 |
287 // Check for mistyped values and get rid of unknown policies. | 289 // Check for mistyped values and get rid of unknown policies. |
288 if (!NormalizePolicies(new_policies.get())) { | 290 if (!NormalizePolicies(new_policies.get())) { |
289 SignalPolicyError(); | 291 SignalPolicyError(); |
290 return; | 292 return; |
291 } | 293 } |
292 | 294 |
293 // Use default values for any missing policies. | 295 // Use default values for any missing policies. |
294 scoped_ptr<base::DictionaryValue> filled_policies = | 296 scoped_ptr<base::DictionaryValue> filled_policies = |
295 CopyValuesAndAddDefaults(*new_policies, *default_values_); | 297 CopyValuesAndAddDefaults(*new_policies, *default_values_); |
296 | 298 |
297 // Limit reporting to only the policies that were changed. | 299 // Limit reporting to only the policies that were changed. |
298 scoped_ptr<base::DictionaryValue> changed_policies = | 300 scoped_ptr<base::DictionaryValue> changed_policies = |
299 StoreNewAndReturnChangedPolicies(filled_policies.Pass()); | 301 StoreNewAndReturnChangedPolicies(std::move(filled_policies)); |
300 if (changed_policies->empty()) { | 302 if (changed_policies->empty()) { |
301 return; | 303 return; |
302 } | 304 } |
303 | 305 |
304 // Verify that we are calling the callback with valid policies. | 306 // Verify that we are calling the callback with valid policies. |
305 if (!VerifyWellformedness(*changed_policies)) { | 307 if (!VerifyWellformedness(*changed_policies)) { |
306 SignalPolicyError(); | 308 SignalPolicyError(); |
307 return; | 309 return; |
308 } | 310 } |
309 | 311 |
310 // Notify our client of the changed policies. | 312 // Notify our client of the changed policies. |
311 policy_updated_callback_.Run(changed_policies.Pass()); | 313 policy_updated_callback_.Run(std::move(changed_policies)); |
312 } | 314 } |
313 | 315 |
314 void PolicyWatcher::OnPolicyServiceInitialized(policy::PolicyDomain domain) { | 316 void PolicyWatcher::OnPolicyServiceInitialized(policy::PolicyDomain domain) { |
315 policy::PolicyNamespace ns = GetPolicyNamespace(); | 317 policy::PolicyNamespace ns = GetPolicyNamespace(); |
316 const policy::PolicyMap& current = policy_service_->GetPolicies(ns); | 318 const policy::PolicyMap& current = policy_service_->GetPolicies(ns); |
317 OnPolicyUpdated(ns, current, current); | 319 OnPolicyUpdated(ns, current, current); |
318 } | 320 } |
319 | 321 |
320 scoped_ptr<PolicyWatcher> PolicyWatcher::CreateFromPolicyLoader( | 322 scoped_ptr<PolicyWatcher> PolicyWatcher::CreateFromPolicyLoader( |
321 scoped_ptr<policy::AsyncPolicyLoader> async_policy_loader) { | 323 scoped_ptr<policy::AsyncPolicyLoader> async_policy_loader) { |
322 scoped_ptr<policy::SchemaRegistry> schema_registry = CreateSchemaRegistry(); | 324 scoped_ptr<policy::SchemaRegistry> schema_registry = CreateSchemaRegistry(); |
323 scoped_ptr<policy::AsyncPolicyProvider> policy_provider( | 325 scoped_ptr<policy::AsyncPolicyProvider> policy_provider( |
324 new policy::AsyncPolicyProvider(schema_registry.get(), | 326 new policy::AsyncPolicyProvider(schema_registry.get(), |
325 async_policy_loader.Pass())); | 327 std::move(async_policy_loader))); |
326 policy_provider->Init(schema_registry.get()); | 328 policy_provider->Init(schema_registry.get()); |
327 | 329 |
328 policy::PolicyServiceImpl::Providers providers; | 330 policy::PolicyServiceImpl::Providers providers; |
329 providers.push_back(policy_provider.get()); | 331 providers.push_back(policy_provider.get()); |
330 scoped_ptr<policy::PolicyService> policy_service( | 332 scoped_ptr<policy::PolicyService> policy_service( |
331 new policy::PolicyServiceImpl(providers)); | 333 new policy::PolicyServiceImpl(providers)); |
332 | 334 |
333 policy::PolicyService* borrowed_policy_service = policy_service.get(); | 335 policy::PolicyService* borrowed_policy_service = policy_service.get(); |
334 return make_scoped_ptr( | 336 return make_scoped_ptr(new PolicyWatcher( |
335 new PolicyWatcher(borrowed_policy_service, policy_service.Pass(), | 337 borrowed_policy_service, std::move(policy_service), |
336 policy_provider.Pass(), schema_registry.Pass())); | 338 std::move(policy_provider), std::move(schema_registry))); |
337 } | 339 } |
338 | 340 |
339 scoped_ptr<PolicyWatcher> PolicyWatcher::Create( | 341 scoped_ptr<PolicyWatcher> PolicyWatcher::Create( |
340 policy::PolicyService* policy_service, | 342 policy::PolicyService* policy_service, |
341 const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner) { | 343 const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner) { |
342 #if defined(OS_CHROMEOS) | 344 #if defined(OS_CHROMEOS) |
343 // On Chrome OS the PolicyService is owned by the browser. | 345 // On Chrome OS the PolicyService is owned by the browser. |
344 DCHECK(policy_service); | 346 DCHECK(policy_service); |
345 return make_scoped_ptr(new PolicyWatcher(policy_service, nullptr, nullptr, | 347 return make_scoped_ptr(new PolicyWatcher(policy_service, nullptr, nullptr, |
346 CreateSchemaRegistry())); | 348 CreateSchemaRegistry())); |
(...skipping 16 matching lines...) Expand all Loading... |
363 new MacPreferences(), bundle_id)); | 365 new MacPreferences(), bundle_id)); |
364 #elif defined(OS_POSIX) && !defined(OS_ANDROID) | 366 #elif defined(OS_POSIX) && !defined(OS_ANDROID) |
365 policy_loader.reset(new policy::ConfigDirPolicyLoader( | 367 policy_loader.reset(new policy::ConfigDirPolicyLoader( |
366 file_task_runner, | 368 file_task_runner, |
367 base::FilePath(FILE_PATH_LITERAL("/etc/opt/chrome/policies")), | 369 base::FilePath(FILE_PATH_LITERAL("/etc/opt/chrome/policies")), |
368 policy::POLICY_SCOPE_MACHINE)); | 370 policy::POLICY_SCOPE_MACHINE)); |
369 #else | 371 #else |
370 #error OS that is not yet supported by PolicyWatcher code. | 372 #error OS that is not yet supported by PolicyWatcher code. |
371 #endif | 373 #endif |
372 | 374 |
373 return PolicyWatcher::CreateFromPolicyLoader(policy_loader.Pass()); | 375 return PolicyWatcher::CreateFromPolicyLoader(std::move(policy_loader)); |
374 #endif // !(OS_CHROMEOS) | 376 #endif // !(OS_CHROMEOS) |
375 } | 377 } |
376 | 378 |
377 } // namespace remoting | 379 } // namespace remoting |
OLD | NEW |