chrome/browser/chromeos/arc/arc_policy_bridge.cc - Issue 2441563002: arc: Create intermediate directories in c/b/c/arc

Unified Diff: chrome/browser/chromeos/arc/arc_policy_bridge.cc

Issue 2441563002: arc: Create intermediate directories in c/b/c/arc (Closed)

Patch Set: Re-rebase to ToT Created 4 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Index: chrome/browser/chromeos/arc/arc_policy_bridge.cc

diff --git a/chrome/browser/chromeos/arc/arc_policy_bridge.cc b/chrome/browser/chromeos/arc/arc_policy_bridge.cc

deleted file mode 100644

index 3b0784c0ff9abbf913c56a9598e58e66fba82b74..0000000000000000000000000000000000000000

--- a/chrome/browser/chromeos/arc/arc_policy_bridge.cc

+++ /dev/null

@@ -1,319 +0,0 @@

-// Use of this source code is governed by a BSD-style license that can be

-// found in the LICENSE file.

-#include "chrome/browser/chromeos/arc/arc_policy_bridge.h"

-#include <memory>

-#include <string>

-#include <utility>

-#include "base/json/json_reader.h"

-#include "base/json/json_string_value_serializer.h"

-#include "base/logging.h"

-#include "base/memory/ptr_util.h"

-#include "base/values.h"

-#include "chrome/browser/chromeos/profiles/profile_helper.h"

-#include "chrome/browser/policy/profile_policy_connector.h"

-#include "chrome/browser/policy/profile_policy_connector_factory.h"

-#include "chromeos/network/onc/onc_utils.h"

-#include "components/arc/arc_bridge_service.h"

-#include "components/onc/onc_constants.h"

-#include "components/policy/core/common/policy_map.h"

-#include "components/policy/core/common/policy_namespace.h"

-#include "components/policy/policy_constants.h"

-#include "components/user_manager/user.h"

-#include "mojo/public/cpp/bindings/string.h"

-namespace arc {

-namespace {

-const char kArcGlobalAppRestrictions[] = "globalAppRestrictions";

-const char kArcCaCerts[] = "caCerts";

-// invert_bool_value: If the Chrome policy and the ARC policy with boolean value

-// have opposite semantics, set this to true so the bool is inverted before

-// being added. Otherwise, set it to false.

-void MapBoolToBool(const std::string& arc_policy_name,

- const std::string& policy_name,

- const policy::PolicyMap& policy_map,

- bool invert_bool_value,

- base::DictionaryValue* filtered_policies) {

- const base::Value* const policy_value = policy_map.GetValue(policy_name);

- if (!policy_value)

- return;

- if (!policy_value->IsType(base::Value::TYPE_BOOLEAN)) {

- LOG(ERROR) << "Policy " << policy_name << " is not a boolean.";

- return;

- }

- bool bool_value;

- policy_value->GetAsBoolean(&bool_value);

- filtered_policies->SetBoolean(arc_policy_name,

- bool_value != invert_bool_value);

-// int_true: value of Chrome OS policy for which arc policy is set to true.

-// It is set to false for all other values.

-void MapIntToBool(const std::string& arc_policy_name,

- const std::string& policy_name,

- const policy::PolicyMap& policy_map,

- int int_true,

- base::DictionaryValue* filtered_policies) {

- const base::Value* const policy_value = policy_map.GetValue(policy_name);

- if (!policy_value)

- return;

- if (!policy_value->IsType(base::Value::TYPE_INTEGER)) {

- LOG(ERROR) << "Policy " << policy_name << " is not an integer.";

- return;

- }

- int int_value;

- policy_value->GetAsInteger(&int_value);

- filtered_policies->SetBoolean(arc_policy_name, int_value == int_true);

-void AddGlobalAppRestriction(const std::string& arc_app_restriction_name,

- const std::string& policy_name,

- const policy::PolicyMap& policy_map,

- base::DictionaryValue* filtered_policies) {

- const base::Value* const policy_value = policy_map.GetValue(policy_name);

- if (policy_value) {

- base::DictionaryValue* global_app_restrictions = nullptr;

- if (!filtered_policies->GetDictionary(kArcGlobalAppRestrictions,

- &global_app_restrictions)) {

- global_app_restrictions = new base::DictionaryValue();

- filtered_policies->Set(kArcGlobalAppRestrictions,

- global_app_restrictions);

- }

- global_app_restrictions->SetWithoutPathExpansion(

- arc_app_restriction_name, policy_value->CreateDeepCopy());

- }

-void AddOncCaCertsToPolicies(const policy::PolicyMap& policy_map,

- base::DictionaryValue* filtered_policies) {

- const base::Value* const policy_value =

- policy_map.GetValue(policy::key::kArcCertificatesSyncMode);

- int32_t mode = ArcCertsSyncMode::SYNC_DISABLED;

- // Old certs should be uninstalled if the sync is disabled or policy is not

- // set.

- if (!policy_value || !policy_value->GetAsInteger(&mode) ||

- mode != ArcCertsSyncMode::COPY_CA_CERTS) {

- return;

- }

- // Importing CA certificates from device policy is not allowed.

- // Import only from user policy.

- const base::Value* onc_policy_value =

- policy_map.GetValue(policy::key::kOpenNetworkConfiguration);

- if (!onc_policy_value) {

- VLOG(1) << "onc policy is not set.";

- return;

- }

- std::string onc_blob;

- if (!onc_policy_value->GetAsString(&onc_blob)) {

- LOG(ERROR) << "Value of onc policy has invalid format.";

- return;

- }

- base::ListValue certificates;

- {

- base::ListValue unused_network_configs;

- base::DictionaryValue unused_global_network_config;

- if (!chromeos::onc::ParseAndValidateOncForImport(

- onc_blob, onc::ONCSource::ONC_SOURCE_USER_POLICY,

- "" /* no passphrase */, &unused_network_configs,

- &unused_global_network_config, &certificates)) {

- LOG(ERROR) << "Value of onc policy has invalid format =" << onc_blob;

- }

- std::unique_ptr<base::ListValue> ca_certs(

- base::MakeUnique<base::ListValue>());

- for (const auto& entry : certificates) {

- const base::DictionaryValue* certificate = nullptr;

- if (!entry->GetAsDictionary(&certificate)) {

- DLOG(FATAL) << "Value of a certificate entry is not a dictionary "

- << "value.";

- continue;

- }

- std::string cert_type;

- certificate->GetStringWithoutPathExpansion(::onc::certificate::kType,

- &cert_type);

- if (cert_type != ::onc::certificate::kAuthority)

- continue;

- const base::ListValue* trust_list = nullptr;

- if (!certificate->GetListWithoutPathExpansion(

- ::onc::certificate::kTrustBits, &trust_list)) {

- continue;

- }

- bool web_trust_flag = false;

- for (const auto& list_val : *trust_list) {

- std::string trust_type;

- if (!list_val->GetAsString(&trust_type))

- NOTREACHED();

- if (trust_type == ::onc::certificate::kWeb) {

- // "Web" implies that the certificate is to be trusted for SSL

- // identification.

- web_trust_flag = true;

- break;

- }

- if (!web_trust_flag)

- continue;

- std::string x509_data;

- if (!certificate->GetStringWithoutPathExpansion(::onc::certificate::kX509,

- &x509_data)) {

- continue;

- }

- base::DictionaryValue data;

- data.SetString("X509", x509_data);

- ca_certs->Append(data.CreateDeepCopy());

- }

- filtered_policies->Set(kArcCaCerts, std::move(ca_certs));

-std::string GetFilteredJSONPolicies(const policy::PolicyMap& policy_map) {

- base::DictionaryValue filtered_policies;

- // Parse ArcPolicy as JSON string before adding other policies to the

- // dictionary.

- const base::Value* const app_policy_value =

- policy_map.GetValue(policy::key::kArcPolicy);

- if (app_policy_value) {

- std::string app_policy_string;

- app_policy_value->GetAsString(&app_policy_string);

- std::unique_ptr<base::DictionaryValue> app_policy_dict =

- base::DictionaryValue::From(base::JSONReader::Read(app_policy_string));

- if (app_policy_dict) {

- // Need a deep copy of all values here instead of doing a swap, because

- // JSONReader::Read constructs a dictionary whose StringValues are

- // JSONStringValues which are based on StringPiece instead of string.

- filtered_policies.MergeDictionary(app_policy_dict.get());

- } else {

- LOG(ERROR) << "Value of ArcPolicy has invalid format: "

- << app_policy_string;

- }

- // Keep them sorted by the ARC policy names.

- MapBoolToBool("cameraDisabled", policy::key::kVideoCaptureAllowed, policy_map,

- true, &filtered_policies);

- MapBoolToBool("debuggingFeaturesDisabled",

- policy::key::kDeveloperToolsDisabled, policy_map, false,

- &filtered_policies);

- MapBoolToBool("screenCaptureDisabled", policy::key::kDisableScreenshots,

- policy_map, false, &filtered_policies);

- MapIntToBool("shareLocationDisabled", policy::key::kDefaultGeolocationSetting,

- policy_map, 2 /*BlockGeolocation*/, &filtered_policies);

- MapBoolToBool("unmuteMicrophoneDisabled", policy::key::kAudioCaptureAllowed,

- policy_map, true, &filtered_policies);

- MapBoolToBool("mountPhysicalMediaDisabled",

- policy::key::kExternalStorageDisabled, policy_map, false,

- &filtered_policies);

- // Add global app restrictions.

- AddGlobalAppRestriction("com.android.browser:URLBlacklist",

- policy::key::kURLBlacklist, policy_map,

- &filtered_policies);

- AddGlobalAppRestriction("com.android.browser:URLWhitelist",

- policy::key::kURLWhitelist, policy_map,

- &filtered_policies);

- // Add CA certificates.

- AddOncCaCertsToPolicies(policy_map, &filtered_policies);

- std::string policy_json;

- JSONStringValueSerializer serializer(&policy_json);

- serializer.Serialize(filtered_policies);

- return policy_json;

-} // namespace

-ArcPolicyBridge::ArcPolicyBridge(ArcBridgeService* bridge_service)

- : ArcService(bridge_service), binding_(this) {

- VLOG(2) << "ArcPolicyBridge::ArcPolicyBridge";

- arc_bridge_service()->policy()->AddObserver(this);

-ArcPolicyBridge::ArcPolicyBridge(ArcBridgeService* bridge_service,

- policy::PolicyService* policy_service)

- : ArcService(bridge_service),

- binding_(this),

- policy_service_(policy_service) {

- VLOG(2) << "ArcPolicyBridge::ArcPolicyBridge(bridge_service, policy_service)";

- arc_bridge_service()->policy()->AddObserver(this);

-ArcPolicyBridge::~ArcPolicyBridge() {

- VLOG(2) << "ArcPolicyBridge::~ArcPolicyBridge";

- arc_bridge_service()->policy()->RemoveObserver(this);

-void ArcPolicyBridge::OverrideIsManagedForTesting(bool is_managed) {

- is_managed_ = is_managed;

-void ArcPolicyBridge::OnInstanceReady() {

- VLOG(1) << "ArcPolicyBridge::OnPolicyInstanceReady";

- if (policy_service_ == nullptr) {

- InitializePolicyService();

- }

- policy_service_->AddObserver(policy::POLICY_DOMAIN_CHROME, this);

- mojom::PolicyInstance* const policy_instance =

- arc_bridge_service()->policy()->GetInstanceForMethod("Init");

- DCHECK(policy_instance);

- policy_instance->Init(binding_.CreateInterfacePtrAndBind());

-void ArcPolicyBridge::OnInstanceClosed() {

- VLOG(1) << "ArcPolicyBridge::OnPolicyInstanceClosed";

- policy_service_->RemoveObserver(policy::POLICY_DOMAIN_CHROME, this);

- policy_service_ = nullptr;

-void ArcPolicyBridge::GetPolicies(const GetPoliciesCallback& callback) {

- VLOG(1) << "ArcPolicyBridge::GetPolicies";

- if (!is_managed_) {

- callback.Run(mojo::String(""));

- return;

- }

- const policy::PolicyNamespace policy_namespace(policy::POLICY_DOMAIN_CHROME,

- std::string());

- const policy::PolicyMap& policy_map =

- policy_service_->GetPolicies(policy_namespace);

- const std::string json_policies = GetFilteredJSONPolicies(policy_map);

- callback.Run(mojo::String(json_policies));

-void ArcPolicyBridge::OnPolicyUpdated(const policy::PolicyNamespace& ns,

- const policy::PolicyMap& previous,

- const policy::PolicyMap& current) {

- VLOG(1) << "ArcPolicyBridge::OnPolicyUpdated";

- auto* instance =

- arc_bridge_service()->policy()->GetInstanceForMethod("OnPolicyUpdated");

- if (!instance)

- return;

- instance->OnPolicyUpdated();

-void ArcPolicyBridge::InitializePolicyService() {

- const user_manager::User* const primary_user =

- user_manager::UserManager::Get()->GetPrimaryUser();

- Profile* const profile =

- chromeos::ProfileHelper::Get()->GetProfileByUser(primary_user);

- auto* profile_policy_connector =

- policy::ProfilePolicyConnectorFactory::GetForBrowserContext(profile);

- policy_service_ = profile_policy_connector->policy_service();

- is_managed_ = profile_policy_connector->IsManaged();

-} // namespace arc

« no previous file with comments | « chrome/browser/chromeos/arc/arc_policy_bridge.h ('k') | chrome/browser/chromeos/arc/arc_policy_bridge_unittest.cc » ('j') | no next file with comments »