OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h" | 5 #include "chrome/browser/chromeos/settings/install_attributes.h" |
6 | 6 |
7 #include <stddef.h> | 7 #include <stddef.h> |
8 | 8 |
9 #include <utility> | 9 #include <utility> |
10 | 10 |
11 #include "base/bind.h" | 11 #include "base/bind.h" |
12 #include "base/files/file_util.h" | 12 #include "base/files/file_util.h" |
13 #include "base/location.h" | 13 #include "base/location.h" |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "base/macros.h" | 15 #include "base/macros.h" |
16 #include "base/metrics/histogram_base.h" | 16 #include "base/metrics/histogram_base.h" |
17 #include "base/metrics/histogram_macros.h" | 17 #include "base/metrics/histogram_macros.h" |
18 #include "base/single_thread_task_runner.h" | 18 #include "base/single_thread_task_runner.h" |
19 #include "base/threading/thread_task_runner_handle.h" | 19 #include "base/threading/thread_task_runner_handle.h" |
20 #include "base/time/time.h" | 20 #include "base/time/time.h" |
21 #include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h" | 21 #include "chrome/browser/chromeos/policy/proto/install_attributes.pb.h" |
22 #include "chromeos/cryptohome/cryptohome_util.h" | 22 #include "chromeos/cryptohome/cryptohome_util.h" |
23 #include "chromeos/dbus/dbus_thread_manager.h" | 23 #include "chromeos/dbus/dbus_thread_manager.h" |
24 #include "google_apis/gaia/gaia_auth_util.h" | 24 #include "google_apis/gaia/gaia_auth_util.h" |
25 | 25 |
26 namespace policy { | 26 namespace chromeos { |
27 | |
28 namespace cryptohome_util = chromeos::cryptohome_util; | |
29 | 27 |
30 namespace { | 28 namespace { |
31 | 29 |
32 // Number of TPM lock state query retries during consistency check. | 30 // Number of TPM lock state query retries during consistency check. |
33 int kDbusRetryCount = 12; | 31 int kDbusRetryCount = 12; |
34 | 32 |
35 // Interval of TPM lock state query retries during consistency check. | 33 // Interval of TPM lock state query retries during consistency check. |
36 int kDbusRetryIntervalInSeconds = 5; | 34 int kDbusRetryIntervalInSeconds = 5; |
37 | 35 |
38 bool ReadMapKey(const std::map<std::string, std::string>& map, | 36 bool ReadMapKey(const std::map<std::string, std::string>& map, |
39 const std::string& key, | 37 const std::string& key, |
40 std::string* value) { | 38 std::string* value) { |
41 std::map<std::string, std::string>::const_iterator entry = map.find(key); | 39 std::map<std::string, std::string>::const_iterator entry = map.find(key); |
42 if (entry == map.end()) | 40 if (entry == map.end()) |
43 return false; | 41 return false; |
44 | 42 |
45 *value = entry->second; | 43 *value = entry->second; |
46 return true; | 44 return true; |
47 } | 45 } |
48 | 46 |
49 } // namespace | 47 } // namespace |
50 | 48 |
51 // static | 49 // static |
52 std::string | 50 std::string |
53 EnterpriseInstallAttributes::GetEnterpriseOwnedInstallAttributesBlobForTesting( | 51 InstallAttributes::GetEnterpriseOwnedInstallAttributesBlobForTesting( |
54 const std::string& user_name) { | 52 const std::string& user_name) { |
55 cryptohome::SerializedInstallAttributes install_attrs_proto; | 53 cryptohome::SerializedInstallAttributes install_attrs_proto; |
56 cryptohome::SerializedInstallAttributes::Attribute* attribute = NULL; | 54 cryptohome::SerializedInstallAttributes::Attribute* attribute = nullptr; |
57 | 55 |
58 attribute = install_attrs_proto.add_attributes(); | 56 attribute = install_attrs_proto.add_attributes(); |
59 attribute->set_name(EnterpriseInstallAttributes::kAttrEnterpriseOwned); | 57 attribute->set_name(InstallAttributes::kAttrEnterpriseOwned); |
60 attribute->set_value("true"); | 58 attribute->set_value("true"); |
61 | 59 |
62 attribute = install_attrs_proto.add_attributes(); | 60 attribute = install_attrs_proto.add_attributes(); |
63 attribute->set_name(EnterpriseInstallAttributes::kAttrEnterpriseUser); | 61 attribute->set_name(InstallAttributes::kAttrEnterpriseUser); |
64 attribute->set_value(user_name); | 62 attribute->set_value(user_name); |
65 | 63 |
66 return install_attrs_proto.SerializeAsString(); | 64 return install_attrs_proto.SerializeAsString(); |
67 } | 65 } |
68 | 66 |
69 EnterpriseInstallAttributes::EnterpriseInstallAttributes( | 67 InstallAttributes::InstallAttributes(CryptohomeClient* cryptohome_client) |
70 chromeos::CryptohomeClient* cryptohome_client) | |
71 : device_locked_(false), | 68 : device_locked_(false), |
72 consistency_check_running_(false), | 69 consistency_check_running_(false), |
73 device_lock_running_(false), | 70 device_lock_running_(false), |
74 registration_mode_(DEVICE_MODE_PENDING), | 71 registration_mode_(policy::DEVICE_MODE_PENDING), |
75 cryptohome_client_(cryptohome_client), | 72 cryptohome_client_(cryptohome_client), |
76 weak_ptr_factory_(this) { | 73 weak_ptr_factory_(this) { |
77 } | 74 } |
78 | 75 |
79 EnterpriseInstallAttributes::~EnterpriseInstallAttributes() {} | 76 InstallAttributes::~InstallAttributes() {} |
80 | 77 |
81 void EnterpriseInstallAttributes::Init(const base::FilePath& cache_file) { | 78 void InstallAttributes::Init(const base::FilePath& cache_file) { |
82 DCHECK(!device_locked_); | 79 DCHECK(!device_locked_); |
83 | 80 |
84 // Mark the consistency check as running to ensure that LockDevice() is | 81 // Mark the consistency check as running to ensure that LockDevice() is |
85 // blocked, but wait for the cryptohome service to be available before | 82 // blocked, but wait for the cryptohome service to be available before |
86 // actually calling TriggerConsistencyCheck(). | 83 // actually calling TriggerConsistencyCheck(). |
87 consistency_check_running_ = true; | 84 consistency_check_running_ = true; |
88 cryptohome_client_->WaitForServiceToBeAvailable(base::Bind( | 85 cryptohome_client_->WaitForServiceToBeAvailable( |
89 &EnterpriseInstallAttributes::OnCryptohomeServiceInitiallyAvailable, | 86 base::Bind(&InstallAttributes::OnCryptohomeServiceInitiallyAvailable, |
90 weak_ptr_factory_.GetWeakPtr())); | 87 weak_ptr_factory_.GetWeakPtr())); |
91 | 88 |
92 if (!base::PathExists(cache_file)) | 89 if (!base::PathExists(cache_file)) |
93 return; | 90 return; |
94 | 91 |
95 device_locked_ = true; | 92 device_locked_ = true; |
96 | 93 |
97 char buf[16384]; | 94 char buf[16384]; |
98 int len = base::ReadFile(cache_file, buf, sizeof(buf)); | 95 int len = base::ReadFile(cache_file, buf, sizeof(buf)); |
99 if (len == -1 || len >= static_cast<int>(sizeof(buf))) { | 96 if (len == -1 || len >= static_cast<int>(sizeof(buf))) { |
100 PLOG(ERROR) << "Failed to read " << cache_file.value(); | 97 PLOG(ERROR) << "Failed to read " << cache_file.value(); |
(...skipping 14 matching lines...) Expand all Loading... |
115 ++entry) { | 112 ++entry) { |
116 // The protobuf values unfortunately contain terminating null characters, so | 113 // The protobuf values unfortunately contain terminating null characters, so |
117 // we have to sanitize the value here. | 114 // we have to sanitize the value here. |
118 attr_map.insert(std::make_pair(entry->name(), | 115 attr_map.insert(std::make_pair(entry->name(), |
119 std::string(entry->value().c_str()))); | 116 std::string(entry->value().c_str()))); |
120 } | 117 } |
121 | 118 |
122 DecodeInstallAttributes(attr_map); | 119 DecodeInstallAttributes(attr_map); |
123 } | 120 } |
124 | 121 |
125 void EnterpriseInstallAttributes::ReadImmutableAttributes( | 122 void InstallAttributes::ReadImmutableAttributes(const base::Closure& callback) { |
126 const base::Closure& callback) { | |
127 if (device_locked_) { | 123 if (device_locked_) { |
128 callback.Run(); | 124 callback.Run(); |
129 return; | 125 return; |
130 } | 126 } |
131 | 127 |
132 cryptohome_client_->InstallAttributesIsReady( | 128 cryptohome_client_->InstallAttributesIsReady( |
133 base::Bind(&EnterpriseInstallAttributes::ReadAttributesIfReady, | 129 base::Bind(&InstallAttributes::ReadAttributesIfReady, |
134 weak_ptr_factory_.GetWeakPtr(), | 130 weak_ptr_factory_.GetWeakPtr(), callback)); |
135 callback)); | |
136 } | 131 } |
137 | 132 |
138 void EnterpriseInstallAttributes::ReadAttributesIfReady( | 133 void InstallAttributes::ReadAttributesIfReady(const base::Closure& callback, |
139 const base::Closure& callback, | 134 DBusMethodCallStatus call_status, |
140 chromeos::DBusMethodCallStatus call_status, | 135 bool result) { |
141 bool result) { | 136 if (call_status == DBUS_METHOD_CALL_SUCCESS && result) { |
142 if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS && result) { | 137 registration_mode_ = policy::DEVICE_MODE_NOT_SET; |
143 registration_mode_ = DEVICE_MODE_NOT_SET; | |
144 if (!cryptohome_util::InstallAttributesIsInvalid() && | 138 if (!cryptohome_util::InstallAttributesIsInvalid() && |
145 !cryptohome_util::InstallAttributesIsFirstInstall()) { | 139 !cryptohome_util::InstallAttributesIsFirstInstall()) { |
146 device_locked_ = true; | 140 device_locked_ = true; |
147 | 141 |
148 static const char* const kEnterpriseAttributes[] = { | 142 static const char* const kEnterpriseAttributes[] = { |
149 kAttrEnterpriseDeviceId, | 143 kAttrEnterpriseDeviceId, |
150 kAttrEnterpriseDomain, | 144 kAttrEnterpriseDomain, |
151 kAttrEnterpriseMode, | 145 kAttrEnterpriseMode, |
152 kAttrEnterpriseOwned, | 146 kAttrEnterpriseOwned, |
153 kAttrEnterpriseUser, | 147 kAttrEnterpriseUser, |
154 kAttrConsumerKioskEnabled, | 148 kAttrConsumerKioskEnabled, |
155 }; | 149 }; |
156 std::map<std::string, std::string> attr_map; | 150 std::map<std::string, std::string> attr_map; |
157 for (size_t i = 0; i < arraysize(kEnterpriseAttributes); ++i) { | 151 for (size_t i = 0; i < arraysize(kEnterpriseAttributes); ++i) { |
158 std::string value; | 152 std::string value; |
159 if (cryptohome_util::InstallAttributesGet(kEnterpriseAttributes[i], | 153 if (cryptohome_util::InstallAttributesGet(kEnterpriseAttributes[i], |
160 &value)) | 154 &value)) |
161 attr_map[kEnterpriseAttributes[i]] = value; | 155 attr_map[kEnterpriseAttributes[i]] = value; |
162 } | 156 } |
163 | 157 |
164 DecodeInstallAttributes(attr_map); | 158 DecodeInstallAttributes(attr_map); |
165 } | 159 } |
166 } | 160 } |
167 callback.Run(); | 161 callback.Run(); |
168 } | 162 } |
169 | 163 |
170 void EnterpriseInstallAttributes::LockDevice( | 164 void InstallAttributes::LockDevice(const std::string& user, |
171 const std::string& user, | 165 policy::DeviceMode device_mode, |
172 DeviceMode device_mode, | 166 const std::string& device_id, |
173 const std::string& device_id, | 167 const LockResultCallback& callback) { |
174 const LockResultCallback& callback) { | |
175 DCHECK(!callback.is_null()); | 168 DCHECK(!callback.is_null()); |
176 CHECK_EQ(device_lock_running_, false); | 169 CHECK_EQ(device_lock_running_, false); |
177 CHECK_NE(device_mode, DEVICE_MODE_PENDING); | 170 CHECK_NE(device_mode, policy::DEVICE_MODE_PENDING); |
178 CHECK_NE(device_mode, DEVICE_MODE_NOT_SET); | 171 CHECK_NE(device_mode, policy::DEVICE_MODE_NOT_SET); |
179 | 172 |
180 // Check for existing lock first. | 173 // Check for existing lock first. |
181 if (device_locked_) { | 174 if (device_locked_) { |
182 if (device_mode != registration_mode_) { | 175 if (device_mode != registration_mode_) { |
183 callback.Run(LOCK_WRONG_MODE); | 176 callback.Run(LOCK_WRONG_MODE); |
184 return; | 177 return; |
185 } | 178 } |
186 | 179 |
187 switch (registration_mode_) { | 180 switch (registration_mode_) { |
188 case DEVICE_MODE_ENTERPRISE: | 181 case policy::DEVICE_MODE_ENTERPRISE: |
189 case DEVICE_MODE_LEGACY_RETAIL_MODE: { | 182 case policy::DEVICE_MODE_LEGACY_RETAIL_MODE: { |
190 // Check domain match for enterprise devices. | 183 // Check domain match for enterprise devices. |
191 std::string domain = gaia::ExtractDomainName(user); | 184 std::string domain = gaia::ExtractDomainName(user); |
192 if (registration_domain_.empty() || domain != registration_domain_) { | 185 if (registration_domain_.empty() || domain != registration_domain_) { |
193 callback.Run(LOCK_WRONG_DOMAIN); | 186 callback.Run(LOCK_WRONG_DOMAIN); |
194 return; | 187 return; |
195 } | 188 } |
196 break; | 189 break; |
197 } | 190 } |
198 case DEVICE_MODE_NOT_SET: | 191 case policy::DEVICE_MODE_NOT_SET: |
199 case DEVICE_MODE_PENDING: | 192 case policy::DEVICE_MODE_PENDING: |
200 // This case can't happen due to the CHECK_NE asserts above. | 193 // This case can't happen due to the CHECK_NE asserts above. |
201 NOTREACHED(); | 194 NOTREACHED(); |
202 break; | 195 break; |
203 case DEVICE_MODE_CONSUMER: | 196 case policy::DEVICE_MODE_CONSUMER: |
204 case DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH: | 197 case policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH: |
205 // The user parameter is ignored for consumer devices. | 198 // The user parameter is ignored for consumer devices. |
206 break; | 199 break; |
207 } | 200 } |
208 | 201 |
209 // Already locked in the right mode, signal success. | 202 // Already locked in the right mode, signal success. |
210 callback.Run(LOCK_SUCCESS); | 203 callback.Run(LOCK_SUCCESS); |
211 return; | 204 return; |
212 } | 205 } |
213 | 206 |
214 // In case the consistency check is still running, postpone the device locking | 207 // In case the consistency check is still running, postpone the device locking |
215 // until it has finished. This should not introduce additional delay since | 208 // until it has finished. This should not introduce additional delay since |
216 // device locking must wait for TPM initialization anyways. | 209 // device locking must wait for TPM initialization anyways. |
217 if (consistency_check_running_) { | 210 if (consistency_check_running_) { |
218 CHECK(post_check_action_.is_null()); | 211 CHECK(post_check_action_.is_null()); |
219 post_check_action_ = base::Bind(&EnterpriseInstallAttributes::LockDevice, | 212 post_check_action_ = base::Bind(&InstallAttributes::LockDevice, |
220 weak_ptr_factory_.GetWeakPtr(), | 213 weak_ptr_factory_.GetWeakPtr(), |
221 user, | 214 user, |
222 device_mode, | 215 device_mode, |
223 device_id, | 216 device_id, |
224 callback); | 217 callback); |
225 return; | 218 return; |
226 } | 219 } |
227 | 220 |
228 device_lock_running_ = true; | 221 device_lock_running_ = true; |
229 cryptohome_client_->InstallAttributesIsReady( | 222 cryptohome_client_->InstallAttributesIsReady( |
230 base::Bind(&EnterpriseInstallAttributes::LockDeviceIfAttributesIsReady, | 223 base::Bind(&InstallAttributes::LockDeviceIfAttributesIsReady, |
231 weak_ptr_factory_.GetWeakPtr(), | 224 weak_ptr_factory_.GetWeakPtr(), |
232 user, | 225 user, |
233 device_mode, | 226 device_mode, |
234 device_id, | 227 device_id, |
235 callback)); | 228 callback)); |
236 } | 229 } |
237 | 230 |
238 void EnterpriseInstallAttributes::LockDeviceIfAttributesIsReady( | 231 void InstallAttributes::LockDeviceIfAttributesIsReady( |
239 const std::string& user, | 232 const std::string& user, |
240 DeviceMode device_mode, | 233 policy::DeviceMode device_mode, |
241 const std::string& device_id, | 234 const std::string& device_id, |
242 const LockResultCallback& callback, | 235 const LockResultCallback& callback, |
243 chromeos::DBusMethodCallStatus call_status, | 236 DBusMethodCallStatus call_status, |
244 bool result) { | 237 bool result) { |
245 if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS || !result) { | 238 if (call_status != DBUS_METHOD_CALL_SUCCESS || !result) { |
246 device_lock_running_ = false; | 239 device_lock_running_ = false; |
247 callback.Run(LOCK_NOT_READY); | 240 callback.Run(LOCK_NOT_READY); |
248 return; | 241 return; |
249 } | 242 } |
250 | 243 |
251 // Clearing the TPM password seems to be always a good deal. | 244 // Clearing the TPM password seems to be always a good deal. |
252 if (cryptohome_util::TpmIsEnabled() && | 245 if (cryptohome_util::TpmIsEnabled() && |
253 !cryptohome_util::TpmIsBeingOwned() && | 246 !cryptohome_util::TpmIsBeingOwned() && |
254 cryptohome_util::TpmIsOwned()) { | 247 cryptohome_util::TpmIsOwned()) { |
255 cryptohome_client_->CallTpmClearStoredPasswordAndBlock(); | 248 cryptohome_client_->CallTpmClearStoredPasswordAndBlock(); |
(...skipping 12 matching lines...) Expand all Loading... |
268 device_lock_running_ = false; | 261 device_lock_running_ = false; |
269 callback.Run(LOCK_ALREADY_LOCKED); | 262 callback.Run(LOCK_ALREADY_LOCKED); |
270 return; | 263 return; |
271 } | 264 } |
272 | 265 |
273 std::string mode = GetDeviceModeString(device_mode); | 266 std::string mode = GetDeviceModeString(device_mode); |
274 std::string registration_user; | 267 std::string registration_user; |
275 if (!user.empty()) | 268 if (!user.empty()) |
276 registration_user = gaia::CanonicalizeEmail(user); | 269 registration_user = gaia::CanonicalizeEmail(user); |
277 | 270 |
278 if (device_mode == DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH) { | 271 if (device_mode == policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH) { |
279 // Set values in the InstallAttrs and lock it. | 272 // Set values in the InstallAttrs and lock it. |
280 if (!cryptohome_util::InstallAttributesSet(kAttrConsumerKioskEnabled, | 273 if (!cryptohome_util::InstallAttributesSet(kAttrConsumerKioskEnabled, |
281 "true")) { | 274 "true")) { |
282 LOG(ERROR) << "Failed writing attributes."; | 275 LOG(ERROR) << "Failed writing attributes."; |
283 device_lock_running_ = false; | 276 device_lock_running_ = false; |
284 callback.Run(LOCK_SET_ERROR); | 277 callback.Run(LOCK_SET_ERROR); |
285 return; | 278 return; |
286 } | 279 } |
287 } else { | 280 } else { |
288 std::string domain = gaia::ExtractDomainName(registration_user); | 281 std::string domain = gaia::ExtractDomainName(registration_user); |
289 // Set values in the InstallAttrs and lock it. | 282 // Set values in the InstallAttrs and lock it. |
290 if (!cryptohome_util::InstallAttributesSet(kAttrEnterpriseOwned, "true") || | 283 if (!cryptohome_util::InstallAttributesSet(kAttrEnterpriseOwned, "true") || |
291 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseUser, | 284 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseUser, |
292 registration_user) || | 285 registration_user) || |
293 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseDomain, | 286 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseDomain, domain) || |
294 domain) || | |
295 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseMode, mode) || | 287 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseMode, mode) || |
296 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseDeviceId, | 288 !cryptohome_util::InstallAttributesSet(kAttrEnterpriseDeviceId, |
297 device_id)) { | 289 device_id)) { |
298 LOG(ERROR) << "Failed writing attributes."; | 290 LOG(ERROR) << "Failed writing attributes."; |
299 device_lock_running_ = false; | 291 device_lock_running_ = false; |
300 callback.Run(LOCK_SET_ERROR); | 292 callback.Run(LOCK_SET_ERROR); |
301 return; | 293 return; |
302 } | 294 } |
303 } | 295 } |
304 | 296 |
305 if (!cryptohome_util::InstallAttributesFinalize() || | 297 if (!cryptohome_util::InstallAttributesFinalize() || |
306 cryptohome_util::InstallAttributesIsFirstInstall()) { | 298 cryptohome_util::InstallAttributesIsFirstInstall()) { |
307 LOG(ERROR) << "Failed locking."; | 299 LOG(ERROR) << "Failed locking."; |
308 device_lock_running_ = false; | 300 device_lock_running_ = false; |
309 callback.Run(LOCK_FINALIZE_ERROR); | 301 callback.Run(LOCK_FINALIZE_ERROR); |
310 return; | 302 return; |
311 } | 303 } |
312 | 304 |
313 ReadImmutableAttributes( | 305 ReadImmutableAttributes( |
314 base::Bind(&EnterpriseInstallAttributes::OnReadImmutableAttributes, | 306 base::Bind(&InstallAttributes::OnReadImmutableAttributes, |
315 weak_ptr_factory_.GetWeakPtr(), | 307 weak_ptr_factory_.GetWeakPtr(), |
316 registration_user, | 308 registration_user, |
317 callback)); | 309 callback)); |
318 } | 310 } |
319 | 311 |
320 void EnterpriseInstallAttributes::OnReadImmutableAttributes( | 312 void InstallAttributes::OnReadImmutableAttributes( |
321 const std::string& registration_user, | 313 const std::string& registration_user, |
322 const LockResultCallback& callback) { | 314 const LockResultCallback& callback) { |
323 | 315 |
324 if (GetRegistrationUser() != registration_user) { | 316 if (GetRegistrationUser() != registration_user) { |
325 LOG(ERROR) << "Locked data doesn't match."; | 317 LOG(ERROR) << "Locked data doesn't match."; |
326 device_lock_running_ = false; | 318 device_lock_running_ = false; |
327 callback.Run(LOCK_READBACK_ERROR); | 319 callback.Run(LOCK_READBACK_ERROR); |
328 return; | 320 return; |
329 } | 321 } |
330 | 322 |
331 device_lock_running_ = false; | 323 device_lock_running_ = false; |
332 callback.Run(LOCK_SUCCESS); | 324 callback.Run(LOCK_SUCCESS); |
333 } | 325 } |
334 | 326 |
335 bool EnterpriseInstallAttributes::IsEnterpriseDevice() const { | 327 bool InstallAttributes::IsEnterpriseDevice() const { |
336 return device_locked_ && !registration_user_.empty(); | 328 return device_locked_ && !registration_user_.empty(); |
337 } | 329 } |
338 | 330 |
339 bool EnterpriseInstallAttributes::IsConsumerKioskDeviceWithAutoLaunch() { | 331 bool InstallAttributes::IsConsumerKioskDeviceWithAutoLaunch() { |
340 return device_locked_ && | 332 return device_locked_ && |
341 registration_mode_ == DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; | 333 registration_mode_ == policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; |
342 } | 334 } |
343 | 335 |
344 std::string EnterpriseInstallAttributes::GetDomain() const { | 336 std::string InstallAttributes::GetDomain() const { |
345 if (!IsEnterpriseDevice()) | 337 if (!IsEnterpriseDevice()) |
346 return std::string(); | 338 return std::string(); |
347 | 339 |
348 return registration_domain_; | 340 return registration_domain_; |
349 } | 341 } |
350 | 342 |
351 std::string EnterpriseInstallAttributes::GetDeviceId() { | 343 std::string InstallAttributes::GetDeviceId() { |
352 if (!IsEnterpriseDevice()) | 344 if (!IsEnterpriseDevice()) |
353 return std::string(); | 345 return std::string(); |
354 | 346 |
355 return registration_device_id_; | 347 return registration_device_id_; |
356 } | 348 } |
357 | 349 |
358 DeviceMode EnterpriseInstallAttributes::GetMode() { | 350 policy::DeviceMode InstallAttributes::GetMode() { |
359 return registration_mode_; | 351 return registration_mode_; |
360 } | 352 } |
361 | 353 |
362 void EnterpriseInstallAttributes::TriggerConsistencyCheck(int dbus_retries) { | 354 void InstallAttributes::TriggerConsistencyCheck(int dbus_retries) { |
363 cryptohome_client_->TpmIsOwned( | 355 cryptohome_client_->TpmIsOwned( |
364 base::Bind(&EnterpriseInstallAttributes::OnTpmOwnerCheckCompleted, | 356 base::Bind(&InstallAttributes::OnTpmOwnerCheckCompleted, |
365 weak_ptr_factory_.GetWeakPtr(), | 357 weak_ptr_factory_.GetWeakPtr(), |
366 dbus_retries)); | 358 dbus_retries)); |
367 } | 359 } |
368 | 360 |
369 void EnterpriseInstallAttributes::OnTpmOwnerCheckCompleted( | 361 void InstallAttributes::OnTpmOwnerCheckCompleted( |
370 int dbus_retries_remaining, | 362 int dbus_retries_remaining, |
371 chromeos::DBusMethodCallStatus call_status, | 363 DBusMethodCallStatus call_status, |
372 bool result) { | 364 bool result) { |
373 if (call_status != chromeos::DBUS_METHOD_CALL_SUCCESS && | 365 if (call_status != DBUS_METHOD_CALL_SUCCESS && dbus_retries_remaining) { |
374 dbus_retries_remaining) { | |
375 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( | 366 base::ThreadTaskRunnerHandle::Get()->PostDelayedTask( |
376 FROM_HERE, | 367 FROM_HERE, |
377 base::Bind(&EnterpriseInstallAttributes::TriggerConsistencyCheck, | 368 base::Bind(&InstallAttributes::TriggerConsistencyCheck, |
378 weak_ptr_factory_.GetWeakPtr(), dbus_retries_remaining - 1), | 369 weak_ptr_factory_.GetWeakPtr(), dbus_retries_remaining - 1), |
379 base::TimeDelta::FromSeconds(kDbusRetryIntervalInSeconds)); | 370 base::TimeDelta::FromSeconds(kDbusRetryIntervalInSeconds)); |
380 return; | 371 return; |
381 } | 372 } |
382 | 373 |
383 base::HistogramBase::Sample state = device_locked_; | 374 base::HistogramBase::Sample state = device_locked_; |
384 state |= 0x2 * (registration_mode_ == DEVICE_MODE_ENTERPRISE); | 375 state |= 0x2 * (registration_mode_ == policy::DEVICE_MODE_ENTERPRISE); |
385 if (call_status == chromeos::DBUS_METHOD_CALL_SUCCESS) | 376 if (call_status == DBUS_METHOD_CALL_SUCCESS) |
386 state |= 0x4 * result; | 377 state |= 0x4 * result; |
387 else | 378 else |
388 state = 0x8; // This case is not a bit mask. | 379 state = 0x8; // This case is not a bit mask. |
389 UMA_HISTOGRAM_ENUMERATION("Enterprise.AttributesTPMConsistency", state, 9); | 380 UMA_HISTOGRAM_ENUMERATION("Enterprise.AttributesTPMConsistency", state, 9); |
390 | 381 |
391 // Run any action (LockDevice call) that might have queued behind the | 382 // Run any action (LockDevice call) that might have queued behind the |
392 // consistency check. | 383 // consistency check. |
393 consistency_check_running_ = false; | 384 consistency_check_running_ = false; |
394 if (!post_check_action_.is_null()) { | 385 if (!post_check_action_.is_null()) { |
395 post_check_action_.Run(); | 386 post_check_action_.Run(); |
396 post_check_action_.Reset(); | 387 post_check_action_.Reset(); |
397 } | 388 } |
398 } | 389 } |
399 | 390 |
400 // Warning: The values for these keys (but not the keys themselves) are stored | 391 // Warning: The values for these keys (but not the keys themselves) are stored |
401 // in the protobuf with a trailing zero. Also note that some of these constants | 392 // in the protobuf with a trailing zero. Also note that some of these constants |
402 // have been copied to login_manager/device_policy_service.cc. Please make sure | 393 // have been copied to login_manager/device_policy_service.cc. Please make sure |
403 // that all changes to the constants are reflected there as well. | 394 // that all changes to the constants are reflected there as well. |
404 const char EnterpriseInstallAttributes::kConsumerDeviceMode[] = "consumer"; | 395 const char InstallAttributes::kConsumerDeviceMode[] = "consumer"; |
405 const char EnterpriseInstallAttributes::kEnterpriseDeviceMode[] = "enterprise"; | 396 const char InstallAttributes::kEnterpriseDeviceMode[] = "enterprise"; |
406 const char EnterpriseInstallAttributes::kLegacyRetailDeviceMode[] = "kiosk"; | 397 const char InstallAttributes::kLegacyRetailDeviceMode[] = "kiosk"; |
407 const char EnterpriseInstallAttributes::kConsumerKioskDeviceMode[] = | 398 const char InstallAttributes::kConsumerKioskDeviceMode[] = "consumer_kiosk"; |
408 "consumer_kiosk"; | 399 const char InstallAttributes::kUnknownDeviceMode[] = "unknown"; |
409 const char EnterpriseInstallAttributes::kUnknownDeviceMode[] = "unknown"; | |
410 | 400 |
411 const char EnterpriseInstallAttributes::kAttrEnterpriseDeviceId[] = | 401 const char InstallAttributes::kAttrEnterpriseDeviceId[] = |
412 "enterprise.device_id"; | 402 "enterprise.device_id"; |
413 const char EnterpriseInstallAttributes::kAttrEnterpriseDomain[] = | 403 const char InstallAttributes::kAttrEnterpriseDomain[] = "enterprise.domain"; |
414 "enterprise.domain"; | 404 const char InstallAttributes::kAttrEnterpriseMode[] = "enterprise.mode"; |
415 const char EnterpriseInstallAttributes::kAttrEnterpriseMode[] = | 405 const char InstallAttributes::kAttrEnterpriseOwned[] = "enterprise.owned"; |
416 "enterprise.mode"; | 406 const char InstallAttributes::kAttrEnterpriseUser[] = "enterprise.user"; |
417 const char EnterpriseInstallAttributes::kAttrEnterpriseOwned[] = | 407 const char InstallAttributes::kAttrConsumerKioskEnabled[] = |
418 "enterprise.owned"; | |
419 const char EnterpriseInstallAttributes::kAttrEnterpriseUser[] = | |
420 "enterprise.user"; | |
421 const char EnterpriseInstallAttributes::kAttrConsumerKioskEnabled[] = | |
422 "consumer.app_kiosk_enabled"; | 408 "consumer.app_kiosk_enabled"; |
423 | 409 |
424 void EnterpriseInstallAttributes::OnCryptohomeServiceInitiallyAvailable( | 410 void InstallAttributes::OnCryptohomeServiceInitiallyAvailable( |
425 bool service_is_ready) { | 411 bool service_is_ready) { |
426 if (!service_is_ready) | 412 if (!service_is_ready) |
427 LOG(ERROR) << "Failed waiting for cryptohome D-Bus service availability."; | 413 LOG(ERROR) << "Failed waiting for cryptohome D-Bus service availability."; |
428 | 414 |
429 // Start the consistency check even if we failed to wait for availability; | 415 // Start the consistency check even if we failed to wait for availability; |
430 // hopefully the service will become available eventually. | 416 // hopefully the service will become available eventually. |
431 TriggerConsistencyCheck(kDbusRetryCount); | 417 TriggerConsistencyCheck(kDbusRetryCount); |
432 } | 418 } |
433 | 419 |
434 std::string EnterpriseInstallAttributes::GetDeviceModeString(DeviceMode mode) { | 420 std::string InstallAttributes::GetDeviceModeString(policy::DeviceMode mode) { |
435 switch (mode) { | 421 switch (mode) { |
436 case DEVICE_MODE_CONSUMER: | 422 case policy::DEVICE_MODE_CONSUMER: |
437 return EnterpriseInstallAttributes::kConsumerDeviceMode; | 423 return InstallAttributes::kConsumerDeviceMode; |
438 case DEVICE_MODE_ENTERPRISE: | 424 case policy::DEVICE_MODE_ENTERPRISE: |
439 return EnterpriseInstallAttributes::kEnterpriseDeviceMode; | 425 return InstallAttributes::kEnterpriseDeviceMode; |
440 case DEVICE_MODE_LEGACY_RETAIL_MODE: | 426 case policy::DEVICE_MODE_LEGACY_RETAIL_MODE: |
441 return EnterpriseInstallAttributes::kLegacyRetailDeviceMode; | 427 return InstallAttributes::kLegacyRetailDeviceMode; |
442 case DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH: | 428 case policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH: |
443 return EnterpriseInstallAttributes::kConsumerKioskDeviceMode; | 429 return InstallAttributes::kConsumerKioskDeviceMode; |
444 case DEVICE_MODE_PENDING: | 430 case policy::DEVICE_MODE_PENDING: |
445 case DEVICE_MODE_NOT_SET: | 431 case policy::DEVICE_MODE_NOT_SET: |
446 break; | 432 break; |
447 } | 433 } |
448 NOTREACHED() << "Invalid device mode: " << mode; | 434 NOTREACHED() << "Invalid device mode: " << mode; |
449 return EnterpriseInstallAttributes::kUnknownDeviceMode; | 435 return InstallAttributes::kUnknownDeviceMode; |
450 } | 436 } |
451 | 437 |
452 DeviceMode EnterpriseInstallAttributes::GetDeviceModeFromString( | 438 policy::DeviceMode InstallAttributes::GetDeviceModeFromString( |
453 const std::string& mode) { | 439 const std::string& mode) { |
454 if (mode == EnterpriseInstallAttributes::kConsumerDeviceMode) | 440 if (mode == InstallAttributes::kConsumerDeviceMode) |
455 return DEVICE_MODE_CONSUMER; | 441 return policy::DEVICE_MODE_CONSUMER; |
456 else if (mode == EnterpriseInstallAttributes::kEnterpriseDeviceMode) | 442 else if (mode == InstallAttributes::kEnterpriseDeviceMode) |
457 return DEVICE_MODE_ENTERPRISE; | 443 return policy::DEVICE_MODE_ENTERPRISE; |
458 else if (mode == EnterpriseInstallAttributes::kLegacyRetailDeviceMode) | 444 else if (mode == InstallAttributes::kLegacyRetailDeviceMode) |
459 return DEVICE_MODE_LEGACY_RETAIL_MODE; | 445 return policy::DEVICE_MODE_LEGACY_RETAIL_MODE; |
460 else if (mode == EnterpriseInstallAttributes::kConsumerKioskDeviceMode) | 446 else if (mode == InstallAttributes::kConsumerKioskDeviceMode) |
461 return DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; | 447 return policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; |
462 NOTREACHED() << "Unknown device mode string: " << mode; | 448 NOTREACHED() << "Unknown device mode string: " << mode; |
463 return DEVICE_MODE_NOT_SET; | 449 return policy::DEVICE_MODE_NOT_SET; |
464 } | 450 } |
465 | 451 |
466 void EnterpriseInstallAttributes::DecodeInstallAttributes( | 452 void InstallAttributes::DecodeInstallAttributes( |
467 const std::map<std::string, std::string>& attr_map) { | 453 const std::map<std::string, std::string>& attr_map) { |
468 std::string enterprise_owned; | 454 std::string enterprise_owned; |
469 std::string enterprise_user; | 455 std::string enterprise_user; |
470 std::string consumer_kiosk_enabled; | 456 std::string consumer_kiosk_enabled; |
471 if (ReadMapKey(attr_map, kAttrEnterpriseOwned, &enterprise_owned) && | 457 if (ReadMapKey(attr_map, kAttrEnterpriseOwned, &enterprise_owned) && |
472 ReadMapKey(attr_map, kAttrEnterpriseUser, &enterprise_user) && | 458 ReadMapKey(attr_map, kAttrEnterpriseUser, &enterprise_user) && |
473 enterprise_owned == "true" && | 459 enterprise_owned == "true" && |
474 !enterprise_user.empty()) { | 460 !enterprise_user.empty()) { |
475 registration_user_ = gaia::CanonicalizeEmail(enterprise_user); | 461 registration_user_ = gaia::CanonicalizeEmail(enterprise_user); |
476 | 462 |
477 // Initialize the mode to the legacy enterprise mode here and update | 463 // Initialize the mode to the legacy enterprise mode here and update |
478 // below if more information is present. | 464 // below if more information is present. |
479 registration_mode_ = DEVICE_MODE_ENTERPRISE; | 465 registration_mode_ = policy::DEVICE_MODE_ENTERPRISE; |
480 | 466 |
481 // If we could extract basic setting we should try to extract the | 467 // If we could extract basic setting we should try to extract the |
482 // extended ones too. We try to set these to defaults as good as | 468 // extended ones too. We try to set these to defaults as good as |
483 // as possible if present, which could happen for device enrolled in | 469 // as possible if present, which could happen for device enrolled in |
484 // pre 19 revisions of the code, before these new attributes were added. | 470 // pre 19 revisions of the code, before these new attributes were added. |
485 if (ReadMapKey(attr_map, kAttrEnterpriseDomain, ®istration_domain_)) | 471 if (ReadMapKey(attr_map, kAttrEnterpriseDomain, ®istration_domain_)) |
486 registration_domain_ = gaia::CanonicalizeDomain(registration_domain_); | 472 registration_domain_ = gaia::CanonicalizeDomain(registration_domain_); |
487 else | 473 else |
488 registration_domain_ = gaia::ExtractDomainName(registration_user_); | 474 registration_domain_ = gaia::ExtractDomainName(registration_user_); |
489 | 475 |
490 ReadMapKey(attr_map, kAttrEnterpriseDeviceId, ®istration_device_id_); | 476 ReadMapKey(attr_map, kAttrEnterpriseDeviceId, ®istration_device_id_); |
491 | 477 |
492 std::string mode; | 478 std::string mode; |
493 if (ReadMapKey(attr_map, kAttrEnterpriseMode, &mode)) | 479 if (ReadMapKey(attr_map, kAttrEnterpriseMode, &mode)) |
494 registration_mode_ = GetDeviceModeFromString(mode); | 480 registration_mode_ = GetDeviceModeFromString(mode); |
495 } else if (ReadMapKey(attr_map, | 481 } else if (ReadMapKey(attr_map, |
496 kAttrConsumerKioskEnabled, | 482 kAttrConsumerKioskEnabled, |
497 &consumer_kiosk_enabled) && | 483 &consumer_kiosk_enabled) && |
498 consumer_kiosk_enabled == "true") { | 484 consumer_kiosk_enabled == "true") { |
499 registration_mode_ = DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; | 485 registration_mode_ = policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; |
500 } else if (enterprise_user.empty() && enterprise_owned != "true") { | 486 } else if (enterprise_user.empty() && enterprise_owned != "true") { |
501 // |registration_user_| is empty on consumer devices. | 487 // |registration_user_| is empty on consumer devices. |
502 registration_mode_ = DEVICE_MODE_CONSUMER; | 488 registration_mode_ = policy::DEVICE_MODE_CONSUMER; |
503 } | 489 } |
504 } | 490 } |
505 | 491 |
506 std::string EnterpriseInstallAttributes::GetRegistrationUser() const { | 492 std::string InstallAttributes::GetRegistrationUser() const { |
507 if (!device_locked_) | 493 if (!device_locked_) |
508 return std::string(); | 494 return std::string(); |
509 | 495 |
510 return registration_user_; | 496 return registration_user_; |
511 } | 497 } |
512 | 498 |
513 } // namespace policy | 499 } // namespace chromeos |
OLD | NEW |