Extended the iOS platform policy loader to load an additional key.

components/policy/core/common/policy_loader_ios.mm

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/policy/core/common/policy_loader_ios.h"
 
 #import <Foundation/Foundation.h>
 #import <UIKit/UIKit.h>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/mac/scoped_nsobject.h"
 #include "base/sequenced_task_runner.h"
 #include "components/policy/core/common/mac_util.h"
 #include "components/policy/core/common/policy_bundle.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_namespace.h"
 #include "policy/policy_constants.h"
 
 // This policy loader loads a managed app configuration from the NSUserDefaults.
 // For example code from Apple see:
 // https://developer.apple.com/library/ios/samplecode/sc2279/Introduction/Intro.html
 // For an introduction to the API see session 301 from WWDC 2013,
 // "Extending Your Apps for Enterprise and Education Use":
 // https://developer.apple.com/videos/wwdc/2013/?id=301
 
 namespace {
 
 // Key in the NSUserDefaults that contains the managed app configuration.
 NSString* const kConfigurationKey = @"com.apple.configuration.managed";
 
 // Key in the managed app configuration that contains the Chrome policy.
 NSString* const kChromePolicyKey = @"ChromePolicy";
 
+// Key in the managed app configuration that contains the encoded Chrome policy.
+// This is a serialized Property List, encoded in base 64.
+NSString* const kEncodedChromePolicyKey = @"EncodedChromePolicy";
+
 }  // namespace
 
 // Helper that observes notifications for NSUserDefaults and triggers an update
 // at the loader on the right thread.
 @interface PolicyNotificationObserver : NSObject {
   base::Closure callback_;
   scoped_refptr<base::SequencedTaskRunner> taskRunner_;
 }
 
 // Designated initializer. |callback| will be posted to |taskRunner| whenever
@@ skipping 55 matching lines @@
   notification_observer_.reset(
       [[PolicyNotificationObserver alloc] initWithCallback:callback
                                                 taskRunner:task_runner()]);
 }
 
 scoped_ptr<PolicyBundle> PolicyLoaderIOS::Load() {
   scoped_ptr<PolicyBundle> bundle(new PolicyBundle());
   NSDictionary* configuration = [[NSUserDefaults standardUserDefaults]
       dictionaryForKey:kConfigurationKey];
   id chromePolicy = configuration[kChromePolicyKey];
+  id encodedChromePolicy = configuration[kEncodedChromePolicyKey];

[dconnelly, 2014/03/27 13:14:19]

I think a warning on !(chromePolicy ^ encodedChromePolicy) would be helpful.

[Joao da Silva, 2014/03/27 14:05:08]

Added a warning on chromePolicy && encodedChromePolicy (if both are not set then
that's fine)

+
   if (chromePolicy && [chromePolicy isKindOfClass:[NSDictionary class]]) {
-    // NSDictionary is toll-free bridged to CFDictionaryRef, which is a
-    // CFPropertyListRef.
-    scoped_ptr<base::Value> value =
-        PropertyToValue(static_cast<CFPropertyListRef>(chromePolicy));
-    base::DictionaryValue* dict = NULL;
-    if (value && value->GetAsDictionary(&dict)) {
-      PolicyMap& map = bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, ""));
-      map.LoadFrom(dict, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE);
+    LoadNSDictionaryToPolicyBundle(chromePolicy, bundle.get());
+  } else if (encodedChromePolicy &&
+             [encodedChromePolicy isKindOfClass:[NSString class]]) {
+    base::scoped_nsobject<NSData> data(
+        [[NSData alloc] initWithBase64EncodedString:encodedChromePolicy
+                                            options:0]);
+    if (!data) {
+      NSLog(@"Invalid Base64 encoding of EncodedChromePolicy");
+    } else {
+      NSError* error = nil;
+      NSDictionary* properties = [NSPropertyListSerialization
+          propertyListWithData:data.get()
+                       options:NSPropertyListImmutable
+                        format:NULL
+                         error:&error];
+      if (!properties || error) {
+        NSLog(@"Invalid property list in EncodedChromePolicy: %@", error);

[dconnelly, 2014/03/27 13:14:19]

Does !properties imply !!error? If not, maybe a different error message?

[Joao da Silva, 2014/03/27 14:05:08]

Done.

+      } else if (![properties isKindOfClass:[NSDictionary class]]) {
+        NSLog(@"Invalid property list in EncodedChromePolicy: expected an "
+               "NSDictionary but found %@", [properties class]);
+      } else {
+        LoadNSDictionaryToPolicyBundle(properties, bundle.get());
+      }
     }
   }
 
   return bundle.Pass();
 }
 
 base::Time PolicyLoaderIOS::LastModificationTime() {
   return last_notification_time_;
 }
 
 void PolicyLoaderIOS::UserDefaultsChanged() {
   // The base class coalesces multiple Reload() calls into a single Load() if
   // the LastModificationTime() has a small delta between Reload() calls.
   // This coalesces the multiple notifications sent during startup into a single
   // Load() call.
   last_notification_time_ = base::Time::Now();
   Reload(false);
 }
 
+// static
+void PolicyLoaderIOS::LoadNSDictionaryToPolicyBundle(NSDictionary* dictionary,
+                                                     PolicyBundle* bundle) {
+  // NSDictionary is toll-free bridged to CFDictionaryRef, which is a
+  // CFPropertyListRef.
+  scoped_ptr<base::Value> value =
+      PropertyToValue(static_cast<CFPropertyListRef>(dictionary));
+  base::DictionaryValue* dict = NULL;
+  if (value && value->GetAsDictionary(&dict)) {
+    PolicyMap& map = bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, ""));
+    map.LoadFrom(dict, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE);
+  }
+}
+
 }  // namespace policy