OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ |
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ | 6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 namespace policy { | 10 namespace policy { |
(...skipping 17 matching lines...) Expand all Loading... | |
28 MODE_LOCAL_FORCED, | 28 MODE_LOCAL_FORCED, |
29 // Advertised enrollment triggered by local OEM manifest or device | 29 // Advertised enrollment triggered by local OEM manifest or device |
30 // requisition, user can skip. | 30 // requisition, user can skip. |
31 MODE_LOCAL_ADVERTISED, | 31 MODE_LOCAL_ADVERTISED, |
32 // Server-backed-state-triggered forced enrollment, user can't skip. | 32 // Server-backed-state-triggered forced enrollment, user can't skip. |
33 MODE_SERVER_FORCED, | 33 MODE_SERVER_FORCED, |
34 // Server-backed-state-triggered advertised enrollment, user can skip. | 34 // Server-backed-state-triggered advertised enrollment, user can skip. |
35 MODE_SERVER_ADVERTISED, | 35 MODE_SERVER_ADVERTISED, |
36 // Recover from "spontaneous unenrollment", user can't skip. | 36 // Recover from "spontaneous unenrollment", user can't skip. |
37 MODE_RECOVERY, | 37 MODE_RECOVERY, |
38 // Start attestation-based enrollment. | |
39 MODE_ATTESTATION, | |
40 // Start attestation-based enrollment and only uses that. | |
41 MODE_ATTESTATION_FORCED, | |
38 }; | 42 }; |
39 | 43 |
40 // An enumeration of authentication mechanisms that can be used for | 44 // An enumeration of authentication mechanisms that can be used for |
41 // enrollment. | 45 // enrollment. |
42 enum AuthMechanism { | 46 enum AuthMechanism { |
43 // Interactive authentication. | 47 // Interactive authentication. |
44 AUTH_MECHANISM_INTERACTIVE, | 48 AUTH_MECHANISM_INTERACTIVE, |
45 // Automatic authentication relying on the attestation process. | 49 // Automatic authentication relying on the attestation process. |
46 AUTH_MECHANISM_ATTESTATION, | 50 AUTH_MECHANISM_ATTESTATION, |
47 // Let the system determine the best mechanism (typically the one | 51 // Let the system determine the best mechanism (typically the one |
48 // that requires the least user interaction). | 52 // that requires the least user interaction). |
49 AUTH_MECHANISM_BEST_AVAILABLE, | 53 AUTH_MECHANISM_BEST_AVAILABLE, |
50 }; | 54 }; |
51 | 55 |
52 // Whether enrollment should be triggered. | 56 // Whether enrollment should be triggered. |
53 bool should_enroll() const { return mode != MODE_NONE; } | 57 bool should_enroll() const { |
achuithb
2016/08/23 18:16:45
Why are these underscore_case? Shouldn't they be C
The one and only Dr. Crash
2016/08/23 21:24:19
Because is_forced() was and I am respecting the st
| |
58 return should_enroll_with_attestation() || should_enroll_interactively(); | |
59 } | |
60 | |
61 // Whether attestation enrollment should be triggered. | |
62 bool should_enroll_with_attestation() const { | |
63 return auth_mechanism != AUTH_MECHANISM_INTERACTIVE; | |
64 } | |
65 | |
66 // Whether interactive enrollment should be triggered. | |
67 bool should_enroll_interactively() const { return mode != MODE_NONE; } | |
54 | 68 |
55 // Whether enrollment is forced. The user can't skip the enrollment step | 69 // Whether enrollment is forced. The user can't skip the enrollment step |
56 // during OOBE if this returns true. | 70 // during OOBE if this returns true. |
57 bool is_forced() const { | 71 bool is_forced() const { |
58 return mode == MODE_LOCAL_FORCED || mode == MODE_SERVER_FORCED || | 72 return mode == MODE_LOCAL_FORCED || mode == MODE_SERVER_FORCED || |
59 mode == MODE_RECOVERY; | 73 mode == MODE_RECOVERY || is_attestation_forced(); |
74 } | |
75 | |
76 // Whether attestation-based enrollment is forced. The user can't skip | |
77 // the enrollment step during OOBE if this returns true. | |
78 bool is_attestation_forced() const { | |
79 return auth_mechanism == AUTH_MECHANISM_ATTESTATION; | |
60 } | 80 } |
61 | 81 |
62 // Indicates the enrollment flow variant to trigger during OOBE. | 82 // Indicates the enrollment flow variant to trigger during OOBE. |
63 Mode mode = MODE_NONE; | 83 Mode mode = MODE_NONE; |
64 | 84 |
65 // The domain to enroll the device to, if applicable. If this is not set, the | 85 // The domain to enroll the device to, if applicable. If this is not set, the |
66 // device may be enrolled to any domain. Note that for the case where the | 86 // device may be enrolled to any domain. Note that for the case where the |
67 // device is not already locked to a certain domain, this value is used for | 87 // device is not already locked to a certain domain, this value is used for |
68 // display purposes only and the server makes the final decision on which | 88 // display purposes only and the server makes the final decision on which |
69 // domain the device should be enrolled with. If the device is already locked | 89 // domain the device should be enrolled with. If the device is already locked |
70 // to a domain, policy validation during enrollment will verify the domains | 90 // to a domain, policy validation during enrollment will verify the domains |
71 // match. | 91 // match. |
72 std::string management_domain; | 92 std::string management_domain; |
73 | 93 |
74 // The authentication mechanism to use. | 94 // The authentication mechanism to use. |
75 // TODO(drcrash): Change to best available once ZTE is everywhere. | 95 // TODO(drcrash): Change to best available once ZTE is everywhere. |
76 AuthMechanism auth_mechanism = AUTH_MECHANISM_INTERACTIVE; | 96 AuthMechanism auth_mechanism = AUTH_MECHANISM_INTERACTIVE; |
77 }; | 97 }; |
78 | 98 |
79 } // namespace policy | 99 } // namespace policy |
80 | 100 |
81 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ | 101 #endif // CHROME_BROWSER_CHROMEOS_POLICY_ENROLLMENT_CONFIG_H_ |
OLD | NEW |