Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(366)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: components/policy/core/common/policy_loader_win.cc

Issue 2581353002: Use the Windows MDM API to check if the machine is being managed. (Closed)
Patch Set: Address review comments Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/component_updater/chrome_component_updater_configurator.cc ('K') | « chrome/browser/upgrade_detector_impl.cc ('k') | components/update_client/updater_state.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: components/policy/core/common/policy_loader_win.cc
diff --git a/components/policy/core/common/policy_loader_win.cc b/components/policy/core/common/policy_loader_win.cc
index 431bfc6e88621e347f787da2d2fb75d0b411f317..253769be9490914e956be7b0a195f41945ba543d 100644
--- a/components/policy/core/common/policy_loader_win.cc
+++ b/components/policy/core/common/policy_loader_win.cc
@@ -90,10 +90,14 @@ enum DomainCheckErrors {
DOMAIN_CHECK_ERROR_SIZE, // Not a DomainCheckError. Must be last.
};
+bool ShouldHonorPolicies() {
pastarmovj 2017/02/17 16:21:17 nit: I presume the indirection here is to be able
Roger Tawa OOO till Jul 10th 2017/02/17 19:20:13 Done.
+ return base::win::IsEnterpriseManaged();
+}
+
// Verifies that untrusted policies contain only safe values. Modifies the
// |policy| in place.
void FilterUntrustedPolicy(PolicyMap* policy) {
- if (base::win::IsEnrolledToDomain())
+ if (ShouldHonorPolicies())
return;
int invalid_policies = 0;
@@ -291,8 +295,12 @@ void CollectEnterpriseUMAs() {
base::win::OSInfo::GetInstance()->version_type(),
base::win::SUITE_LAST);
- bool in_domain = base::win::IsEnrolledToDomain();
- UMA_HISTOGRAM_BOOLEAN("EnterpriseCheck.InDomain", in_domain);
+ UMA_HISTOGRAM_BOOLEAN("EnterpriseCheck.InDomain",
+ base::win::IsEnrolledToDomain());
+ UMA_HISTOGRAM_BOOLEAN("EnterpriseCheck.IsManaged",
+ base::win::IsDeviceRegisteredWithManagement());
+ UMA_HISTOGRAM_BOOLEAN("EnterpriseCheck.IsEnterpriseUser",
+ base::win::IsEnterpriseManaged());
}
} // namespace
@@ -366,9 +374,9 @@ std::unique_ptr<PolicyBundle> PolicyLoaderWin::Load() {
{ POLICY_SCOPE_USER, HKEY_CURRENT_USER },
};
- bool is_enterprise = base::win::IsEnrolledToDomain();
+ bool honor_policies = ShouldHonorPolicies();
VLOG(1) << "Reading policy from the registry is "
- << (is_enterprise ? "enabled." : "disabled.");
+ << (honor_policies ? "enabled." : "disabled.");
// Load policy data for the different scopes/levels and merge them.
std::unique_ptr<PolicyBundle> bundle(new PolicyBundle());
@@ -396,7 +404,7 @@ std::unique_ptr<PolicyBundle> PolicyLoaderWin::Load() {
// timeout on it more aggressively. For now, there's no justification for
// the additional effort this would introduce.
- bool is_registry_forced = is_enterprise || gpo_provider_ == nullptr;
+ bool is_registry_forced = honor_policies || gpo_provider_ == nullptr;
if (is_registry_forced || !ReadPolicyFromGPO(scope, &gpo_dict, &status)) {
VLOG_IF(1, !is_registry_forced) << "Failed to read GPO files for "
<< scope << " falling back to registry.";
« chrome/browser/component_updater/chrome_component_updater_configurator.cc ('K') | « chrome/browser/upgrade_detector_impl.cc ('k') | components/update_client/updater_state.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698