OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Most of this code is copied from: | 5 // Most of this code is copied from: |
6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc} | 6 // src/chrome/browser/policy/asynchronous_policy_loader.{h,cc} |
7 | 7 |
8 #include "remoting/host/policy_watcher.h" | 8 #include "remoting/host/policy_watcher.h" |
9 | 9 |
10 #include <utility> | 10 #include <utility> |
11 | 11 |
12 #include "base/bind.h" | 12 #include "base/bind.h" |
13 #include "base/compiler_specific.h" | 13 #include "base/compiler_specific.h" |
14 #include "base/files/file_path.h" | 14 #include "base/files/file_path.h" |
15 #include "base/location.h" | 15 #include "base/location.h" |
| 16 #include "base/memory/ptr_util.h" |
16 #include "base/single_thread_task_runner.h" | 17 #include "base/single_thread_task_runner.h" |
17 #include "base/values.h" | 18 #include "base/values.h" |
18 #include "build/build_config.h" | 19 #include "build/build_config.h" |
19 #include "components/policy/core/common/async_policy_loader.h" | 20 #include "components/policy/core/common/async_policy_loader.h" |
20 #include "components/policy/core/common/async_policy_provider.h" | 21 #include "components/policy/core/common/async_policy_provider.h" |
21 #include "components/policy/core/common/policy_namespace.h" | 22 #include "components/policy/core/common/policy_namespace.h" |
22 #include "components/policy/core/common/policy_service_impl.h" | 23 #include "components/policy/core/common/policy_service_impl.h" |
23 #include "components/policy/core/common/schema.h" | 24 #include "components/policy/core/common/schema.h" |
24 #include "components/policy/core/common/schema_registry.h" | 25 #include "components/policy/core/common/schema_registry.h" |
25 #include "policy/policy_constants.h" | 26 #include "policy/policy_constants.h" |
(...skipping 15 matching lines...) Expand all Loading... |
41 #endif | 42 #endif |
42 | 43 |
43 namespace remoting { | 44 namespace remoting { |
44 | 45 |
45 namespace key = ::policy::key; | 46 namespace key = ::policy::key; |
46 | 47 |
47 namespace { | 48 namespace { |
48 | 49 |
49 // Copies all policy values from one dictionary to another, using values from | 50 // Copies all policy values from one dictionary to another, using values from |
50 // |default_values| if they are not set in |from|. | 51 // |default_values| if they are not set in |from|. |
51 scoped_ptr<base::DictionaryValue> CopyValuesAndAddDefaults( | 52 std::unique_ptr<base::DictionaryValue> CopyValuesAndAddDefaults( |
52 const base::DictionaryValue& from, | 53 const base::DictionaryValue& from, |
53 const base::DictionaryValue& default_values) { | 54 const base::DictionaryValue& default_values) { |
54 scoped_ptr<base::DictionaryValue> to(default_values.DeepCopy()); | 55 std::unique_ptr<base::DictionaryValue> to(default_values.DeepCopy()); |
55 for (base::DictionaryValue::Iterator i(default_values); !i.IsAtEnd(); | 56 for (base::DictionaryValue::Iterator i(default_values); !i.IsAtEnd(); |
56 i.Advance()) { | 57 i.Advance()) { |
57 const base::Value* value = nullptr; | 58 const base::Value* value = nullptr; |
58 | 59 |
59 // If the policy isn't in |from|, use the default. | 60 // If the policy isn't in |from|, use the default. |
60 if (!from.Get(i.key(), &value)) { | 61 if (!from.Get(i.key(), &value)) { |
61 continue; | 62 continue; |
62 } | 63 } |
63 | 64 |
64 CHECK(value->IsType(i.value().GetType())); | 65 CHECK(value->IsType(i.value().GetType())); |
65 to->Set(i.key(), value->DeepCopy()); | 66 to->Set(i.key(), value->DeepCopy()); |
66 } | 67 } |
67 | 68 |
68 return to; | 69 return to; |
69 } | 70 } |
70 | 71 |
71 policy::PolicyNamespace GetPolicyNamespace() { | 72 policy::PolicyNamespace GetPolicyNamespace() { |
72 return policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string()); | 73 return policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME, std::string()); |
73 } | 74 } |
74 | 75 |
75 scoped_ptr<policy::SchemaRegistry> CreateSchemaRegistry() { | 76 std::unique_ptr<policy::SchemaRegistry> CreateSchemaRegistry() { |
76 // TODO(lukasza): Schema below should ideally only cover Chromoting-specific | 77 // TODO(lukasza): Schema below should ideally only cover Chromoting-specific |
77 // policies (expecting perf and maintanability improvement, but no functional | 78 // policies (expecting perf and maintanability improvement, but no functional |
78 // impact). | 79 // impact). |
79 policy::Schema schema = policy::Schema::Wrap(policy::GetChromeSchemaData()); | 80 policy::Schema schema = policy::Schema::Wrap(policy::GetChromeSchemaData()); |
80 | 81 |
81 scoped_ptr<policy::SchemaRegistry> schema_registry( | 82 std::unique_ptr<policy::SchemaRegistry> schema_registry( |
82 new policy::SchemaRegistry()); | 83 new policy::SchemaRegistry()); |
83 schema_registry->RegisterComponent(GetPolicyNamespace(), schema); | 84 schema_registry->RegisterComponent(GetPolicyNamespace(), schema); |
84 return schema_registry; | 85 return schema_registry; |
85 } | 86 } |
86 | 87 |
87 scoped_ptr<base::DictionaryValue> CopyChromotingPoliciesIntoDictionary( | 88 std::unique_ptr<base::DictionaryValue> CopyChromotingPoliciesIntoDictionary( |
88 const policy::PolicyMap& current) { | 89 const policy::PolicyMap& current) { |
89 const char kPolicyNameSubstring[] = "RemoteAccessHost"; | 90 const char kPolicyNameSubstring[] = "RemoteAccessHost"; |
90 scoped_ptr<base::DictionaryValue> policy_dict(new base::DictionaryValue()); | 91 std::unique_ptr<base::DictionaryValue> policy_dict( |
| 92 new base::DictionaryValue()); |
91 for (auto it = current.begin(); it != current.end(); ++it) { | 93 for (auto it = current.begin(); it != current.end(); ++it) { |
92 const std::string& key = it->first; | 94 const std::string& key = it->first; |
93 const base::Value* value = it->second.value; | 95 const base::Value* value = it->second.value; |
94 | 96 |
95 // Copying only Chromoting-specific policies helps avoid false alarms | 97 // Copying only Chromoting-specific policies helps avoid false alarms |
96 // raised by NormalizePolicies below (such alarms shutdown the host). | 98 // raised by NormalizePolicies below (such alarms shutdown the host). |
97 // TODO(lukasza): Removing this somewhat brittle filtering will be possible | 99 // TODO(lukasza): Removing this somewhat brittle filtering will be possible |
98 // after having separate, Chromoting-specific schema. | 100 // after having separate, Chromoting-specific schema. |
99 if (key.find(kPolicyNameSubstring) != std::string::npos) { | 101 if (key.find(kPolicyNameSubstring) != std::string::npos) { |
100 policy_dict->Set(key, value->DeepCopy()); | 102 policy_dict->Set(key, value->DeepCopy()); |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
156 } | 158 } |
157 } | 159 } |
158 | 160 |
159 void PolicyWatcher::SignalPolicyError() { | 161 void PolicyWatcher::SignalPolicyError() { |
160 old_policies_->Clear(); | 162 old_policies_->Clear(); |
161 policy_error_callback_.Run(); | 163 policy_error_callback_.Run(); |
162 } | 164 } |
163 | 165 |
164 PolicyWatcher::PolicyWatcher( | 166 PolicyWatcher::PolicyWatcher( |
165 policy::PolicyService* policy_service, | 167 policy::PolicyService* policy_service, |
166 scoped_ptr<policy::PolicyService> owned_policy_service, | 168 std::unique_ptr<policy::PolicyService> owned_policy_service, |
167 scoped_ptr<policy::ConfigurationPolicyProvider> owned_policy_provider, | 169 std::unique_ptr<policy::ConfigurationPolicyProvider> owned_policy_provider, |
168 scoped_ptr<policy::SchemaRegistry> owned_schema_registry) | 170 std::unique_ptr<policy::SchemaRegistry> owned_schema_registry) |
169 : old_policies_(new base::DictionaryValue()), | 171 : old_policies_(new base::DictionaryValue()), |
170 default_values_(new base::DictionaryValue()), | 172 default_values_(new base::DictionaryValue()), |
171 policy_service_(policy_service), | 173 policy_service_(policy_service), |
172 owned_schema_registry_(std::move(owned_schema_registry)), | 174 owned_schema_registry_(std::move(owned_schema_registry)), |
173 owned_policy_provider_(std::move(owned_policy_provider)), | 175 owned_policy_provider_(std::move(owned_policy_provider)), |
174 owned_policy_service_(std::move(owned_policy_service)) { | 176 owned_policy_service_(std::move(owned_policy_service)) { |
175 DCHECK(policy_service_); | 177 DCHECK(policy_service_); |
176 DCHECK(owned_schema_registry_); | 178 DCHECK(owned_schema_registry_); |
177 | 179 |
178 // Initialize the default values for each policy. | 180 // Initialize the default values for each policy. |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
239 void CopyDictionaryValue(const base::DictionaryValue& from, | 241 void CopyDictionaryValue(const base::DictionaryValue& from, |
240 base::DictionaryValue& to, | 242 base::DictionaryValue& to, |
241 std::string key) { | 243 std::string key) { |
242 const base::Value* value; | 244 const base::Value* value; |
243 if (from.Get(key, &value)) { | 245 if (from.Get(key, &value)) { |
244 to.Set(key, value->DeepCopy()); | 246 to.Set(key, value->DeepCopy()); |
245 } | 247 } |
246 } | 248 } |
247 } // namespace | 249 } // namespace |
248 | 250 |
249 scoped_ptr<base::DictionaryValue> | 251 std::unique_ptr<base::DictionaryValue> |
250 PolicyWatcher::StoreNewAndReturnChangedPolicies( | 252 PolicyWatcher::StoreNewAndReturnChangedPolicies( |
251 scoped_ptr<base::DictionaryValue> new_policies) { | 253 std::unique_ptr<base::DictionaryValue> new_policies) { |
252 // Find the changed policies. | 254 // Find the changed policies. |
253 scoped_ptr<base::DictionaryValue> changed_policies( | 255 std::unique_ptr<base::DictionaryValue> changed_policies( |
254 new base::DictionaryValue()); | 256 new base::DictionaryValue()); |
255 base::DictionaryValue::Iterator iter(*new_policies); | 257 base::DictionaryValue::Iterator iter(*new_policies); |
256 while (!iter.IsAtEnd()) { | 258 while (!iter.IsAtEnd()) { |
257 base::Value* old_policy; | 259 base::Value* old_policy; |
258 if (!(old_policies_->Get(iter.key(), &old_policy) && | 260 if (!(old_policies_->Get(iter.key(), &old_policy) && |
259 old_policy->Equals(&iter.value()))) { | 261 old_policy->Equals(&iter.value()))) { |
260 changed_policies->Set(iter.key(), iter.value().DeepCopy()); | 262 changed_policies->Set(iter.key(), iter.value().DeepCopy()); |
261 } | 263 } |
262 iter.Advance(); | 264 iter.Advance(); |
263 } | 265 } |
(...skipping 13 matching lines...) Expand all Loading... |
277 | 279 |
278 // Save the new policies. | 280 // Save the new policies. |
279 old_policies_.swap(new_policies); | 281 old_policies_.swap(new_policies); |
280 | 282 |
281 return changed_policies; | 283 return changed_policies; |
282 } | 284 } |
283 | 285 |
284 void PolicyWatcher::OnPolicyUpdated(const policy::PolicyNamespace& ns, | 286 void PolicyWatcher::OnPolicyUpdated(const policy::PolicyNamespace& ns, |
285 const policy::PolicyMap& previous, | 287 const policy::PolicyMap& previous, |
286 const policy::PolicyMap& current) { | 288 const policy::PolicyMap& current) { |
287 scoped_ptr<base::DictionaryValue> new_policies = | 289 std::unique_ptr<base::DictionaryValue> new_policies = |
288 CopyChromotingPoliciesIntoDictionary(current); | 290 CopyChromotingPoliciesIntoDictionary(current); |
289 | 291 |
290 // Check for mistyped values and get rid of unknown policies. | 292 // Check for mistyped values and get rid of unknown policies. |
291 if (!NormalizePolicies(new_policies.get())) { | 293 if (!NormalizePolicies(new_policies.get())) { |
292 SignalPolicyError(); | 294 SignalPolicyError(); |
293 return; | 295 return; |
294 } | 296 } |
295 | 297 |
296 // Use default values for any missing policies. | 298 // Use default values for any missing policies. |
297 scoped_ptr<base::DictionaryValue> filled_policies = | 299 std::unique_ptr<base::DictionaryValue> filled_policies = |
298 CopyValuesAndAddDefaults(*new_policies, *default_values_); | 300 CopyValuesAndAddDefaults(*new_policies, *default_values_); |
299 | 301 |
300 // Limit reporting to only the policies that were changed. | 302 // Limit reporting to only the policies that were changed. |
301 scoped_ptr<base::DictionaryValue> changed_policies = | 303 std::unique_ptr<base::DictionaryValue> changed_policies = |
302 StoreNewAndReturnChangedPolicies(std::move(filled_policies)); | 304 StoreNewAndReturnChangedPolicies(std::move(filled_policies)); |
303 if (changed_policies->empty()) { | 305 if (changed_policies->empty()) { |
304 return; | 306 return; |
305 } | 307 } |
306 | 308 |
307 // Verify that we are calling the callback with valid policies. | 309 // Verify that we are calling the callback with valid policies. |
308 if (!VerifyWellformedness(*changed_policies)) { | 310 if (!VerifyWellformedness(*changed_policies)) { |
309 SignalPolicyError(); | 311 SignalPolicyError(); |
310 return; | 312 return; |
311 } | 313 } |
312 | 314 |
313 // Notify our client of the changed policies. | 315 // Notify our client of the changed policies. |
314 policy_updated_callback_.Run(std::move(changed_policies)); | 316 policy_updated_callback_.Run(std::move(changed_policies)); |
315 } | 317 } |
316 | 318 |
317 void PolicyWatcher::OnPolicyServiceInitialized(policy::PolicyDomain domain) { | 319 void PolicyWatcher::OnPolicyServiceInitialized(policy::PolicyDomain domain) { |
318 policy::PolicyNamespace ns = GetPolicyNamespace(); | 320 policy::PolicyNamespace ns = GetPolicyNamespace(); |
319 const policy::PolicyMap& current = policy_service_->GetPolicies(ns); | 321 const policy::PolicyMap& current = policy_service_->GetPolicies(ns); |
320 OnPolicyUpdated(ns, current, current); | 322 OnPolicyUpdated(ns, current, current); |
321 } | 323 } |
322 | 324 |
323 scoped_ptr<PolicyWatcher> PolicyWatcher::CreateFromPolicyLoader( | 325 std::unique_ptr<PolicyWatcher> PolicyWatcher::CreateFromPolicyLoader( |
324 scoped_ptr<policy::AsyncPolicyLoader> async_policy_loader) { | 326 std::unique_ptr<policy::AsyncPolicyLoader> async_policy_loader) { |
325 scoped_ptr<policy::SchemaRegistry> schema_registry = CreateSchemaRegistry(); | 327 std::unique_ptr<policy::SchemaRegistry> schema_registry = |
326 scoped_ptr<policy::AsyncPolicyProvider> policy_provider( | 328 CreateSchemaRegistry(); |
| 329 std::unique_ptr<policy::AsyncPolicyProvider> policy_provider( |
327 new policy::AsyncPolicyProvider(schema_registry.get(), | 330 new policy::AsyncPolicyProvider(schema_registry.get(), |
328 std::move(async_policy_loader))); | 331 std::move(async_policy_loader))); |
329 policy_provider->Init(schema_registry.get()); | 332 policy_provider->Init(schema_registry.get()); |
330 | 333 |
331 policy::PolicyServiceImpl::Providers providers; | 334 policy::PolicyServiceImpl::Providers providers; |
332 providers.push_back(policy_provider.get()); | 335 providers.push_back(policy_provider.get()); |
333 scoped_ptr<policy::PolicyService> policy_service( | 336 std::unique_ptr<policy::PolicyService> policy_service( |
334 new policy::PolicyServiceImpl(providers)); | 337 new policy::PolicyServiceImpl(providers)); |
335 | 338 |
336 policy::PolicyService* borrowed_policy_service = policy_service.get(); | 339 policy::PolicyService* borrowed_policy_service = policy_service.get(); |
337 return make_scoped_ptr(new PolicyWatcher( | 340 return base::WrapUnique(new PolicyWatcher( |
338 borrowed_policy_service, std::move(policy_service), | 341 borrowed_policy_service, std::move(policy_service), |
339 std::move(policy_provider), std::move(schema_registry))); | 342 std::move(policy_provider), std::move(schema_registry))); |
340 } | 343 } |
341 | 344 |
342 scoped_ptr<PolicyWatcher> PolicyWatcher::Create( | 345 std::unique_ptr<PolicyWatcher> PolicyWatcher::Create( |
343 policy::PolicyService* policy_service, | 346 policy::PolicyService* policy_service, |
344 const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner) { | 347 const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner) { |
345 #if defined(OS_CHROMEOS) | 348 #if defined(OS_CHROMEOS) |
346 // On Chrome OS the PolicyService is owned by the browser. | 349 // On Chrome OS the PolicyService is owned by the browser. |
347 DCHECK(policy_service); | 350 DCHECK(policy_service); |
348 return make_scoped_ptr(new PolicyWatcher(policy_service, nullptr, nullptr, | 351 return base::WrapUnique(new PolicyWatcher(policy_service, nullptr, nullptr, |
349 CreateSchemaRegistry())); | 352 CreateSchemaRegistry())); |
350 #else // !defined(OS_CHROMEOS) | 353 #else // !defined(OS_CHROMEOS) |
351 DCHECK(!policy_service); | 354 DCHECK(!policy_service); |
352 | 355 |
353 // Create platform-specific PolicyLoader. Always read the Chrome policies | 356 // Create platform-specific PolicyLoader. Always read the Chrome policies |
354 // (even on Chromium) so that policy enforcement can't be bypassed by running | 357 // (even on Chromium) so that policy enforcement can't be bypassed by running |
355 // Chromium. | 358 // Chromium. |
356 scoped_ptr<policy::AsyncPolicyLoader> policy_loader; | 359 std::unique_ptr<policy::AsyncPolicyLoader> policy_loader; |
357 #if defined(OS_WIN) | 360 #if defined(OS_WIN) |
358 policy_loader.reset(new policy::PolicyLoaderWin( | 361 policy_loader.reset(new policy::PolicyLoaderWin( |
359 file_task_runner, L"SOFTWARE\\Policies\\Google\\Chrome", | 362 file_task_runner, L"SOFTWARE\\Policies\\Google\\Chrome", |
360 nullptr)); // nullptr = don't use GPO / always read from the registry. | 363 nullptr)); // nullptr = don't use GPO / always read from the registry. |
361 #elif defined(OS_MACOSX) | 364 #elif defined(OS_MACOSX) |
362 CFStringRef bundle_id = CFSTR("com.google.Chrome"); | 365 CFStringRef bundle_id = CFSTR("com.google.Chrome"); |
363 policy_loader.reset(new policy::PolicyLoaderMac( | 366 policy_loader.reset(new policy::PolicyLoaderMac( |
364 file_task_runner, | 367 file_task_runner, |
365 policy::PolicyLoaderMac::GetManagedPolicyPath(bundle_id), | 368 policy::PolicyLoaderMac::GetManagedPolicyPath(bundle_id), |
366 new MacPreferences(), bundle_id)); | 369 new MacPreferences(), bundle_id)); |
367 #elif defined(OS_POSIX) && !defined(OS_ANDROID) | 370 #elif defined(OS_POSIX) && !defined(OS_ANDROID) |
368 policy_loader.reset(new policy::ConfigDirPolicyLoader( | 371 policy_loader.reset(new policy::ConfigDirPolicyLoader( |
369 file_task_runner, | 372 file_task_runner, |
370 base::FilePath(FILE_PATH_LITERAL("/etc/opt/chrome/policies")), | 373 base::FilePath(FILE_PATH_LITERAL("/etc/opt/chrome/policies")), |
371 policy::POLICY_SCOPE_MACHINE)); | 374 policy::POLICY_SCOPE_MACHINE)); |
372 #else | 375 #else |
373 #error OS that is not yet supported by PolicyWatcher code. | 376 #error OS that is not yet supported by PolicyWatcher code. |
374 #endif | 377 #endif |
375 | 378 |
376 return PolicyWatcher::CreateFromPolicyLoader(std::move(policy_loader)); | 379 return PolicyWatcher::CreateFromPolicyLoader(std::move(policy_loader)); |
377 #endif // !(OS_CHROMEOS) | 380 #endif // !(OS_CHROMEOS) |
378 } | 381 } |
379 | 382 |
380 } // namespace remoting | 383 } // namespace remoting |
OLD | NEW |