OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/settings/device_settings_provider.h" | 5 #include "chrome/browser/chromeos/settings/device_settings_provider.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback.h" | 9 #include "base/callback.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/metrics/histogram.h" | 11 #include "base/metrics/histogram.h" |
12 #include "base/prefs/pref_service.h" | 12 #include "base/prefs/pref_service.h" |
13 #include "base/threading/thread_restrictions.h" | 13 #include "base/threading/thread_restrictions.h" |
14 #include "base/values.h" | 14 #include "base/values.h" |
15 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
17 #include "chrome/browser/chromeos/policy/device_local_account.h" | 17 #include "chrome/browser/chromeos/policy/device_local_account.h" |
18 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | |
18 #include "chrome/browser/chromeos/settings/cros_settings.h" | 19 #include "chrome/browser/chromeos/settings/cros_settings.h" |
19 #include "chrome/browser/chromeos/settings/device_settings_cache.h" | 20 #include "chrome/browser/chromeos/settings/device_settings_cache.h" |
20 #include "chrome/browser/ui/options/options_util.h" | 21 #include "chrome/browser/ui/options/options_util.h" |
21 #include "chrome/installer/util/google_update_settings.h" | 22 #include "chrome/installer/util/google_update_settings.h" |
22 #include "chromeos/chromeos_switches.h" | 23 #include "chromeos/chromeos_switches.h" |
24 #include "chromeos/dbus/cryptohome_client.h" | |
25 #include "chromeos/dbus/dbus_thread_manager.h" | |
23 #include "chromeos/settings/cros_settings_names.h" | 26 #include "chromeos/settings/cros_settings_names.h" |
24 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 27 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
25 #include "policy/proto/device_management_backend.pb.h" | 28 #include "policy/proto/device_management_backend.pb.h" |
26 | 29 |
27 using google::protobuf::RepeatedField; | 30 using google::protobuf::RepeatedField; |
28 using google::protobuf::RepeatedPtrField; | 31 using google::protobuf::RepeatedPtrField; |
29 | 32 |
30 namespace em = enterprise_management; | 33 namespace em = enterprise_management; |
31 | 34 |
32 namespace chromeos { | 35 namespace chromeos { |
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
209 else | 212 else |
210 NOTREACHED(); | 213 NOTREACHED(); |
211 } else if (prop == kAccountsPrefAllowGuest) { | 214 } else if (prop == kAccountsPrefAllowGuest) { |
212 em::GuestModeEnabledProto* guest = | 215 em::GuestModeEnabledProto* guest = |
213 device_settings_.mutable_guest_mode_enabled(); | 216 device_settings_.mutable_guest_mode_enabled(); |
214 bool guest_value; | 217 bool guest_value; |
215 if (value->GetAsBoolean(&guest_value)) | 218 if (value->GetAsBoolean(&guest_value)) |
216 guest->set_guest_mode_enabled(guest_value); | 219 guest->set_guest_mode_enabled(guest_value); |
217 else | 220 else |
218 NOTREACHED(); | 221 NOTREACHED(); |
222 } else if (prop == kAccountsPrefSupervisedUsersEnabled) { | |
223 em::SupervisedUsersSettingsProto* supervised = | |
224 device_settings_.mutable_supervised_users_settings(); | |
225 bool supervised_value; | |
226 if (value->GetAsBoolean(&supervised_value)) | |
227 supervised->set_supervised_users_enabled(supervised_value); | |
228 else | |
229 NOTREACHED(); | |
219 } else if (prop == kAccountsPrefShowUserNamesOnSignIn) { | 230 } else if (prop == kAccountsPrefShowUserNamesOnSignIn) { |
220 em::ShowUserNamesOnSigninProto* show = | 231 em::ShowUserNamesOnSigninProto* show = |
221 device_settings_.mutable_show_user_names(); | 232 device_settings_.mutable_show_user_names(); |
222 bool show_value; | 233 bool show_value; |
223 if (value->GetAsBoolean(&show_value)) | 234 if (value->GetAsBoolean(&show_value)) |
224 show->set_show_user_names(show_value); | 235 show->set_show_user_names(show_value); |
225 else | 236 else |
226 NOTREACHED(); | 237 NOTREACHED(); |
227 } else if (prop == kAccountsPrefDeviceLocalAccounts) { | 238 } else if (prop == kAccountsPrefDeviceLocalAccounts) { |
228 em::DeviceLocalAccountsProto* device_local_accounts = | 239 em::DeviceLocalAccountsProto* device_local_accounts = |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
380 device_settings_.mutable_attestation_settings(); | 391 device_settings_.mutable_attestation_settings(); |
381 bool setting_enabled; | 392 bool setting_enabled; |
382 if (value->GetAsBoolean(&setting_enabled)) { | 393 if (value->GetAsBoolean(&setting_enabled)) { |
383 attestation_settings->set_content_protection_enabled(setting_enabled); | 394 attestation_settings->set_content_protection_enabled(setting_enabled); |
384 } else { | 395 } else { |
385 NOTREACHED(); | 396 NOTREACHED(); |
386 } | 397 } |
387 } else { | 398 } else { |
388 // The remaining settings don't support Set(), since they are not | 399 // The remaining settings don't support Set(), since they are not |
389 // intended to be customizable by the user: | 400 // intended to be customizable by the user: |
390 // kAccountsPrefSupervisedUsersEnabled | |
391 // kAppPack | 401 // kAppPack |
392 // kDeviceAttestationEnabled | 402 // kDeviceAttestationEnabled |
393 // kDeviceOwner | 403 // kDeviceOwner |
394 // kIdleLogoutTimeout | 404 // kIdleLogoutTimeout |
395 // kIdleLogoutWarningDuration | 405 // kIdleLogoutWarningDuration |
396 // kReleaseChannelDelegated | 406 // kReleaseChannelDelegated |
397 // kReportDeviceActivityTimes | 407 // kReportDeviceActivityTimes |
398 // kReportDeviceBootMode | 408 // kReportDeviceBootMode |
399 // kReportDeviceLocation | 409 // kReportDeviceLocation |
400 // kReportDeviceVersionInfo | 410 // kReportDeviceVersionInfo |
(...skipping 29 matching lines...) Expand all Loading... | |
430 } | 440 } |
431 } | 441 } |
432 | 442 |
433 void DeviceSettingsProvider::DecodeLoginPolicies( | 443 void DeviceSettingsProvider::DecodeLoginPolicies( |
434 const em::ChromeDeviceSettingsProto& policy, | 444 const em::ChromeDeviceSettingsProto& policy, |
435 PrefValueMap* new_values_cache) const { | 445 PrefValueMap* new_values_cache) const { |
436 // For all our boolean settings the following is applicable: | 446 // For all our boolean settings the following is applicable: |
437 // true is default permissive value and false is safe prohibitive value. | 447 // true is default permissive value and false is safe prohibitive value. |
438 // Exceptions: | 448 // Exceptions: |
439 // kAccountsPrefEphemeralUsersEnabled has a default value of false. | 449 // kAccountsPrefEphemeralUsersEnabled has a default value of false. |
450 // kAccountsPrefSupervisedUsersEnabled has a default value of false | |
451 // for enterprise devices and true for consumer devices. | |
440 if (policy.has_allow_new_users() && | 452 if (policy.has_allow_new_users() && |
441 policy.allow_new_users().has_allow_new_users()) { | 453 policy.allow_new_users().has_allow_new_users()) { |
442 if (policy.allow_new_users().allow_new_users()) { | 454 if (policy.allow_new_users().allow_new_users()) { |
443 // New users allowed, user whitelist ignored. | 455 // New users allowed, user whitelist ignored. |
444 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, true); | 456 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, true); |
445 } else { | 457 } else { |
446 // New users not allowed, enforce user whitelist if present. | 458 // New users not allowed, enforce user whitelist if present. |
447 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, | 459 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, |
448 !policy.has_user_whitelist()); | 460 !policy.has_user_whitelist()); |
449 } | 461 } |
450 } else { | 462 } else { |
451 // No configured allow-new-users value, enforce whitelist if non-empty. | 463 // No configured allow-new-users value, enforce whitelist if non-empty. |
452 new_values_cache->SetBoolean( | 464 new_values_cache->SetBoolean( |
453 kAccountsPrefAllowNewUser, | 465 kAccountsPrefAllowNewUser, |
454 policy.user_whitelist().user_whitelist_size() == 0); | 466 policy.user_whitelist().user_whitelist_size() == 0); |
455 } | 467 } |
456 | 468 |
457 new_values_cache->SetBoolean( | 469 new_values_cache->SetBoolean( |
458 kAccountsPrefAllowGuest, | 470 kAccountsPrefAllowGuest, |
459 !policy.has_guest_mode_enabled() || | 471 !policy.has_guest_mode_enabled() || |
460 !policy.guest_mode_enabled().has_guest_mode_enabled() || | 472 !policy.guest_mode_enabled().has_guest_mode_enabled() || |
461 policy.guest_mode_enabled().guest_mode_enabled()); | 473 policy.guest_mode_enabled().guest_mode_enabled()); |
462 | 474 |
475 scoped_ptr<policy::EnterpriseInstallAttributes> install_attributes; | |
476 install_attributes.reset(new policy::EnterpriseInstallAttributes( | |
477 DBusThreadManager::Get()->GetCryptohomeClient())); | |
Mattias Nissler (ping if slow)
2014/05/26 08:11:42
EnterpriseInstallAttributes is not meant to be ins
| |
478 | |
479 bool supervised_users_enabled = false; | |
480 if (install_attributes->IsEnterpriseDevice()) { | |
481 supervised_users_enabled = | |
482 policy.has_supervised_users_settings() && | |
483 policy.supervised_users_settings().has_supervised_users_enabled() && | |
484 policy.supervised_users_settings().supervised_users_enabled(); | |
485 } else { | |
486 supervised_users_enabled = | |
487 !policy.has_supervised_users_settings() || | |
488 !policy.supervised_users_settings().has_supervised_users_enabled() || | |
489 policy.supervised_users_settings().supervised_users_enabled(); | |
490 } | |
491 new_values_cache->SetBoolean( | |
492 kAccountsPrefSupervisedUsersEnabled, supervised_users_enabled); | |
493 | |
463 new_values_cache->SetBoolean( | 494 new_values_cache->SetBoolean( |
464 kAccountsPrefShowUserNamesOnSignIn, | 495 kAccountsPrefShowUserNamesOnSignIn, |
465 !policy.has_show_user_names() || | 496 !policy.has_show_user_names() || |
466 !policy.show_user_names().has_show_user_names() || | 497 !policy.show_user_names().has_show_user_names() || |
467 policy.show_user_names().show_user_names()); | 498 policy.show_user_names().show_user_names()); |
468 | 499 |
469 new_values_cache->SetBoolean( | 500 new_values_cache->SetBoolean( |
470 kAccountsPrefEphemeralUsersEnabled, | 501 kAccountsPrefEphemeralUsersEnabled, |
471 policy.has_ephemeral_users_enabled() && | 502 policy.has_ephemeral_users_enabled() && |
472 policy.ephemeral_users_enabled().has_ephemeral_users_enabled() && | 503 policy.ephemeral_users_enabled().has_ephemeral_users_enabled() && |
473 policy.ephemeral_users_enabled().ephemeral_users_enabled()); | 504 policy.ephemeral_users_enabled().ephemeral_users_enabled()); |
474 | 505 |
475 new_values_cache->SetBoolean( | |
476 kAccountsPrefSupervisedUsersEnabled, | |
477 policy.has_supervised_users_settings() && | |
478 policy.supervised_users_settings().supervised_users_enabled()); | |
479 | |
480 base::ListValue* list = new base::ListValue(); | 506 base::ListValue* list = new base::ListValue(); |
481 const em::UserWhitelistProto& whitelist_proto = policy.user_whitelist(); | 507 const em::UserWhitelistProto& whitelist_proto = policy.user_whitelist(); |
482 const RepeatedPtrField<std::string>& whitelist = | 508 const RepeatedPtrField<std::string>& whitelist = |
483 whitelist_proto.user_whitelist(); | 509 whitelist_proto.user_whitelist(); |
484 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin(); | 510 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin(); |
485 it != whitelist.end(); ++it) { | 511 it != whitelist.end(); ++it) { |
486 list->Append(new base::StringValue(*it)); | 512 list->Append(new base::StringValue(*it)); |
487 } | 513 } |
488 new_values_cache->SetValue(kAccountsPrefUsers, list); | 514 new_values_cache->SetValue(kAccountsPrefUsers, list); |
489 | 515 |
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
973 void DeviceSettingsProvider::AttemptMigration() { | 999 void DeviceSettingsProvider::AttemptMigration() { |
974 if (device_settings_service_->HasPrivateOwnerKey()) { | 1000 if (device_settings_service_->HasPrivateOwnerKey()) { |
975 PrefValueMap::const_iterator i; | 1001 PrefValueMap::const_iterator i; |
976 for (i = migration_values_.begin(); i != migration_values_.end(); ++i) | 1002 for (i = migration_values_.begin(); i != migration_values_.end(); ++i) |
977 DoSet(i->first, *i->second); | 1003 DoSet(i->first, *i->second); |
978 migration_values_.Clear(); | 1004 migration_values_.Clear(); |
979 } | 1005 } |
980 } | 1006 } |
981 | 1007 |
982 } // namespace chromeos | 1008 } // namespace chromeos |
OLD | NEW |