OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/settings/device_settings_provider.h" | 5 #include "chrome/browser/chromeos/settings/device_settings_provider.h" |
6 | 6 |
7 #include "base/bind.h" | 7 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
9 #include "base/callback.h" | 9 #include "base/callback.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "base/metrics/histogram.h" | 11 #include "base/metrics/histogram.h" |
12 #include "base/prefs/pref_service.h" | 12 #include "base/prefs/pref_service.h" |
13 #include "base/threading/thread_restrictions.h" | 13 #include "base/threading/thread_restrictions.h" |
14 #include "base/values.h" | 14 #include "base/values.h" |
15 #include "chrome/browser/browser_process.h" | 15 #include "chrome/browser/browser_process.h" |
16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
17 #include "chrome/browser/chromeos/policy/device_local_account.h" | 17 #include "chrome/browser/chromeos/policy/device_local_account.h" |
| 18 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" |
18 #include "chrome/browser/chromeos/settings/cros_settings.h" | 19 #include "chrome/browser/chromeos/settings/cros_settings.h" |
19 #include "chrome/browser/chromeos/settings/device_settings_cache.h" | 20 #include "chrome/browser/chromeos/settings/device_settings_cache.h" |
20 #include "chrome/browser/ui/options/options_util.h" | 21 #include "chrome/browser/ui/options/options_util.h" |
21 #include "chrome/installer/util/google_update_settings.h" | 22 #include "chrome/installer/util/google_update_settings.h" |
22 #include "chromeos/chromeos_switches.h" | 23 #include "chromeos/chromeos_switches.h" |
| 24 #include "chromeos/dbus/cryptohome_client.h" |
| 25 #include "chromeos/dbus/dbus_thread_manager.h" |
23 #include "chromeos/settings/cros_settings_names.h" | 26 #include "chromeos/settings/cros_settings_names.h" |
24 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | |
25 #include "policy/proto/device_management_backend.pb.h" | 27 #include "policy/proto/device_management_backend.pb.h" |
26 | 28 |
27 using google::protobuf::RepeatedField; | 29 using google::protobuf::RepeatedField; |
28 using google::protobuf::RepeatedPtrField; | 30 using google::protobuf::RepeatedPtrField; |
29 | 31 |
30 namespace em = enterprise_management; | 32 namespace em = enterprise_management; |
31 | 33 |
32 namespace chromeos { | 34 namespace chromeos { |
33 | 35 |
34 namespace { | 36 namespace { |
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
209 else | 211 else |
210 NOTREACHED(); | 212 NOTREACHED(); |
211 } else if (prop == kAccountsPrefAllowGuest) { | 213 } else if (prop == kAccountsPrefAllowGuest) { |
212 em::GuestModeEnabledProto* guest = | 214 em::GuestModeEnabledProto* guest = |
213 device_settings_.mutable_guest_mode_enabled(); | 215 device_settings_.mutable_guest_mode_enabled(); |
214 bool guest_value; | 216 bool guest_value; |
215 if (value->GetAsBoolean(&guest_value)) | 217 if (value->GetAsBoolean(&guest_value)) |
216 guest->set_guest_mode_enabled(guest_value); | 218 guest->set_guest_mode_enabled(guest_value); |
217 else | 219 else |
218 NOTREACHED(); | 220 NOTREACHED(); |
| 221 } else if (prop == kAccountsPrefSupervisedUsersEnabled) { |
| 222 em::SupervisedUsersSettingsProto* supervised = |
| 223 device_settings_.mutable_supervised_users_settings(); |
| 224 bool supervised_value; |
| 225 if (value->GetAsBoolean(&supervised_value)) |
| 226 supervised->set_supervised_users_enabled(supervised_value); |
| 227 else |
| 228 NOTREACHED(); |
219 } else if (prop == kAccountsPrefShowUserNamesOnSignIn) { | 229 } else if (prop == kAccountsPrefShowUserNamesOnSignIn) { |
220 em::ShowUserNamesOnSigninProto* show = | 230 em::ShowUserNamesOnSigninProto* show = |
221 device_settings_.mutable_show_user_names(); | 231 device_settings_.mutable_show_user_names(); |
222 bool show_value; | 232 bool show_value; |
223 if (value->GetAsBoolean(&show_value)) | 233 if (value->GetAsBoolean(&show_value)) |
224 show->set_show_user_names(show_value); | 234 show->set_show_user_names(show_value); |
225 else | 235 else |
226 NOTREACHED(); | 236 NOTREACHED(); |
227 } else if (prop == kAccountsPrefDeviceLocalAccounts) { | 237 } else if (prop == kAccountsPrefDeviceLocalAccounts) { |
228 em::DeviceLocalAccountsProto* device_local_accounts = | 238 em::DeviceLocalAccountsProto* device_local_accounts = |
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
380 device_settings_.mutable_attestation_settings(); | 390 device_settings_.mutable_attestation_settings(); |
381 bool setting_enabled; | 391 bool setting_enabled; |
382 if (value->GetAsBoolean(&setting_enabled)) { | 392 if (value->GetAsBoolean(&setting_enabled)) { |
383 attestation_settings->set_content_protection_enabled(setting_enabled); | 393 attestation_settings->set_content_protection_enabled(setting_enabled); |
384 } else { | 394 } else { |
385 NOTREACHED(); | 395 NOTREACHED(); |
386 } | 396 } |
387 } else { | 397 } else { |
388 // The remaining settings don't support Set(), since they are not | 398 // The remaining settings don't support Set(), since they are not |
389 // intended to be customizable by the user: | 399 // intended to be customizable by the user: |
390 // kAccountsPrefSupervisedUsersEnabled | |
391 // kAppPack | 400 // kAppPack |
392 // kDeviceAttestationEnabled | 401 // kDeviceAttestationEnabled |
393 // kDeviceOwner | 402 // kDeviceOwner |
394 // kIdleLogoutTimeout | 403 // kIdleLogoutTimeout |
395 // kIdleLogoutWarningDuration | 404 // kIdleLogoutWarningDuration |
396 // kReleaseChannelDelegated | 405 // kReleaseChannelDelegated |
397 // kReportDeviceActivityTimes | 406 // kReportDeviceActivityTimes |
398 // kReportDeviceBootMode | 407 // kReportDeviceBootMode |
399 // kReportDeviceLocation | 408 // kReportDeviceLocation |
400 // kReportDeviceVersionInfo | 409 // kReportDeviceVersionInfo |
(...skipping 29 matching lines...) Expand all Loading... |
430 } | 439 } |
431 } | 440 } |
432 | 441 |
433 void DeviceSettingsProvider::DecodeLoginPolicies( | 442 void DeviceSettingsProvider::DecodeLoginPolicies( |
434 const em::ChromeDeviceSettingsProto& policy, | 443 const em::ChromeDeviceSettingsProto& policy, |
435 PrefValueMap* new_values_cache) const { | 444 PrefValueMap* new_values_cache) const { |
436 // For all our boolean settings the following is applicable: | 445 // For all our boolean settings the following is applicable: |
437 // true is default permissive value and false is safe prohibitive value. | 446 // true is default permissive value and false is safe prohibitive value. |
438 // Exceptions: | 447 // Exceptions: |
439 // kAccountsPrefEphemeralUsersEnabled has a default value of false. | 448 // kAccountsPrefEphemeralUsersEnabled has a default value of false. |
| 449 // kAccountsPrefSupervisedUsersEnabled has a default value of false |
| 450 // for enterprise devices and true for consumer devices. |
440 if (policy.has_allow_new_users() && | 451 if (policy.has_allow_new_users() && |
441 policy.allow_new_users().has_allow_new_users()) { | 452 policy.allow_new_users().has_allow_new_users()) { |
442 if (policy.allow_new_users().allow_new_users()) { | 453 if (policy.allow_new_users().allow_new_users()) { |
443 // New users allowed, user whitelist ignored. | 454 // New users allowed, user whitelist ignored. |
444 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, true); | 455 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, true); |
445 } else { | 456 } else { |
446 // New users not allowed, enforce user whitelist if present. | 457 // New users not allowed, enforce user whitelist if present. |
447 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, | 458 new_values_cache->SetBoolean(kAccountsPrefAllowNewUser, |
448 !policy.has_user_whitelist()); | 459 !policy.has_user_whitelist()); |
449 } | 460 } |
450 } else { | 461 } else { |
451 // No configured allow-new-users value, enforce whitelist if non-empty. | 462 // No configured allow-new-users value, enforce whitelist if non-empty. |
452 new_values_cache->SetBoolean( | 463 new_values_cache->SetBoolean( |
453 kAccountsPrefAllowNewUser, | 464 kAccountsPrefAllowNewUser, |
454 policy.user_whitelist().user_whitelist_size() == 0); | 465 policy.user_whitelist().user_whitelist_size() == 0); |
455 } | 466 } |
456 | 467 |
457 new_values_cache->SetBoolean( | 468 new_values_cache->SetBoolean( |
458 kAccountsPrefAllowGuest, | 469 kAccountsPrefAllowGuest, |
459 !policy.has_guest_mode_enabled() || | 470 !policy.has_guest_mode_enabled() || |
460 !policy.guest_mode_enabled().has_guest_mode_enabled() || | 471 !policy.guest_mode_enabled().has_guest_mode_enabled() || |
461 policy.guest_mode_enabled().guest_mode_enabled()); | 472 policy.guest_mode_enabled().guest_mode_enabled()); |
462 | 473 |
| 474 policy::BrowserPolicyConnectorChromeOS* connector = |
| 475 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 476 bool supervised_users_enabled = false; |
| 477 if (connector->IsEnterpriseManaged()) { |
| 478 supervised_users_enabled = |
| 479 policy.has_supervised_users_settings() && |
| 480 policy.supervised_users_settings().has_supervised_users_enabled() && |
| 481 policy.supervised_users_settings().supervised_users_enabled(); |
| 482 } else { |
| 483 supervised_users_enabled = |
| 484 !policy.has_supervised_users_settings() || |
| 485 !policy.supervised_users_settings().has_supervised_users_enabled() || |
| 486 policy.supervised_users_settings().supervised_users_enabled(); |
| 487 } |
| 488 new_values_cache->SetBoolean( |
| 489 kAccountsPrefSupervisedUsersEnabled, supervised_users_enabled); |
| 490 |
463 new_values_cache->SetBoolean( | 491 new_values_cache->SetBoolean( |
464 kAccountsPrefShowUserNamesOnSignIn, | 492 kAccountsPrefShowUserNamesOnSignIn, |
465 !policy.has_show_user_names() || | 493 !policy.has_show_user_names() || |
466 !policy.show_user_names().has_show_user_names() || | 494 !policy.show_user_names().has_show_user_names() || |
467 policy.show_user_names().show_user_names()); | 495 policy.show_user_names().show_user_names()); |
468 | 496 |
469 new_values_cache->SetBoolean( | 497 new_values_cache->SetBoolean( |
470 kAccountsPrefEphemeralUsersEnabled, | 498 kAccountsPrefEphemeralUsersEnabled, |
471 policy.has_ephemeral_users_enabled() && | 499 policy.has_ephemeral_users_enabled() && |
472 policy.ephemeral_users_enabled().has_ephemeral_users_enabled() && | 500 policy.ephemeral_users_enabled().has_ephemeral_users_enabled() && |
473 policy.ephemeral_users_enabled().ephemeral_users_enabled()); | 501 policy.ephemeral_users_enabled().ephemeral_users_enabled()); |
474 | 502 |
475 new_values_cache->SetBoolean( | |
476 kAccountsPrefSupervisedUsersEnabled, | |
477 policy.has_supervised_users_settings() && | |
478 policy.supervised_users_settings().supervised_users_enabled()); | |
479 | |
480 base::ListValue* list = new base::ListValue(); | 503 base::ListValue* list = new base::ListValue(); |
481 const em::UserWhitelistProto& whitelist_proto = policy.user_whitelist(); | 504 const em::UserWhitelistProto& whitelist_proto = policy.user_whitelist(); |
482 const RepeatedPtrField<std::string>& whitelist = | 505 const RepeatedPtrField<std::string>& whitelist = |
483 whitelist_proto.user_whitelist(); | 506 whitelist_proto.user_whitelist(); |
484 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin(); | 507 for (RepeatedPtrField<std::string>::const_iterator it = whitelist.begin(); |
485 it != whitelist.end(); ++it) { | 508 it != whitelist.end(); ++it) { |
486 list->Append(new base::StringValue(*it)); | 509 list->Append(new base::StringValue(*it)); |
487 } | 510 } |
488 new_values_cache->SetValue(kAccountsPrefUsers, list); | 511 new_values_cache->SetValue(kAccountsPrefUsers, list); |
489 | 512 |
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
973 void DeviceSettingsProvider::AttemptMigration() { | 996 void DeviceSettingsProvider::AttemptMigration() { |
974 if (device_settings_service_->HasPrivateOwnerKey()) { | 997 if (device_settings_service_->HasPrivateOwnerKey()) { |
975 PrefValueMap::const_iterator i; | 998 PrefValueMap::const_iterator i; |
976 for (i = migration_values_.begin(); i != migration_values_.end(); ++i) | 999 for (i = migration_values_.begin(); i != migration_values_.end(); ++i) |
977 DoSet(i->first, *i->second); | 1000 DoSet(i->first, *i->second); |
978 migration_values_.Clear(); | 1001 migration_values_.Clear(); |
979 } | 1002 } |
980 } | 1003 } |
981 | 1004 |
982 } // namespace chromeos | 1005 } // namespace chromeos |
OLD | NEW |