| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chrom
eos.h" | |
| 6 | |
| 7 #include <utility> | |
| 8 | |
| 9 #include "base/bind.h" | |
| 10 #include "base/command_line.h" | |
| 11 #include "base/files/file_path.h" | |
| 12 #include "base/logging.h" | |
| 13 #include "base/memory/ref_counted.h" | |
| 14 #include "base/path_service.h" | |
| 15 #include "base/sequenced_task_runner.h" | |
| 16 #include "base/threading/sequenced_worker_pool.h" | |
| 17 #include "base/threading/thread_task_runner_handle.h" | |
| 18 #include "base/time/time.h" | |
| 19 #include "chrome/browser/browser_process.h" | |
| 20 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
| 21 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h" | |
| 22 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h" | |
| 23 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" | |
| 24 #include "chrome/browser/chromeos/profiles/profile_helper.h" | |
| 25 #include "chrome/browser/chromeos/settings/cros_settings.h" | |
| 26 #include "chrome/browser/policy/schema_registry_service.h" | |
| 27 #include "chrome/browser/policy/schema_registry_service_factory.h" | |
| 28 #include "chrome/browser/profiles/profile.h" | |
| 29 #include "chromeos/chromeos_paths.h" | |
| 30 #include "chromeos/chromeos_switches.h" | |
| 31 #include "chromeos/dbus/dbus_thread_manager.h" | |
| 32 #include "components/keyed_service/content/browser_context_dependency_manager.h" | |
| 33 #include "components/policy/core/browser/browser_policy_connector.h" | |
| 34 #include "components/policy/core/common/cloud/cloud_external_data_manager.h" | |
| 35 #include "components/policy/core/common/cloud/device_management_service.h" | |
| 36 #include "components/policy/policy_constants.h" | |
| 37 #include "components/user_manager/user.h" | |
| 38 #include "components/user_manager/user_manager.h" | |
| 39 #include "content/public/browser/browser_thread.h" | |
| 40 #include "net/url_request/url_request_context_getter.h" | |
| 41 | |
| 42 namespace policy { | |
| 43 | |
| 44 namespace { | |
| 45 | |
| 46 // Directory under the profile directory where policy-related resources are | |
| 47 // stored, see the following constants for details. | |
| 48 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy"); | |
| 49 | |
| 50 // Directory under kPolicy, in the user's profile dir, where policy for | |
| 51 // components is cached. | |
| 52 const base::FilePath::CharType kComponentsDir[] = | |
| 53 FILE_PATH_LITERAL("Components"); | |
| 54 | |
| 55 // Directory in which to store external policy data. This is specified relative | |
| 56 // to kPolicy. | |
| 57 const base::FilePath::CharType kPolicyExternalDataDir[] = | |
| 58 FILE_PATH_LITERAL("External Data"); | |
| 59 | |
| 60 // Timeout in seconds after which to abandon the initial policy fetch and start | |
| 61 // the session regardless. | |
| 62 const int kInitialPolicyFetchTimeoutSeconds = 10; | |
| 63 | |
| 64 } // namespace | |
| 65 | |
| 66 // static | |
| 67 UserCloudPolicyManagerFactoryChromeOS* | |
| 68 UserCloudPolicyManagerFactoryChromeOS::GetInstance() { | |
| 69 return base::Singleton<UserCloudPolicyManagerFactoryChromeOS>::get(); | |
| 70 } | |
| 71 | |
| 72 // static | |
| 73 UserCloudPolicyManagerChromeOS* | |
| 74 UserCloudPolicyManagerFactoryChromeOS::GetForProfile( | |
| 75 Profile* profile) { | |
| 76 return GetInstance()->GetManagerForProfile(profile); | |
| 77 } | |
| 78 | |
| 79 // static | |
| 80 std::unique_ptr<UserCloudPolicyManagerChromeOS> | |
| 81 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile( | |
| 82 Profile* profile, | |
| 83 bool force_immediate_load, | |
| 84 scoped_refptr<base::SequencedTaskRunner> background_task_runner) { | |
| 85 return GetInstance()->CreateManagerForProfile( | |
| 86 profile, force_immediate_load, background_task_runner); | |
| 87 } | |
| 88 | |
| 89 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS() | |
| 90 : BrowserContextKeyedBaseFactory( | |
| 91 "UserCloudPolicyManagerChromeOS", | |
| 92 BrowserContextDependencyManager::GetInstance()) { | |
| 93 DependsOn(SchemaRegistryServiceFactory::GetInstance()); | |
| 94 } | |
| 95 | |
| 96 UserCloudPolicyManagerFactoryChromeOS:: | |
| 97 ~UserCloudPolicyManagerFactoryChromeOS() {} | |
| 98 | |
| 99 UserCloudPolicyManagerChromeOS* | |
| 100 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile( | |
| 101 Profile* profile) { | |
| 102 // Get the manager for the original profile, since the PolicyService is | |
| 103 // also shared between the incognito Profile and the original Profile. | |
| 104 ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile()); | |
| 105 return it != managers_.end() ? it->second : NULL; | |
| 106 } | |
| 107 | |
| 108 std::unique_ptr<UserCloudPolicyManagerChromeOS> | |
| 109 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile( | |
| 110 Profile* profile, | |
| 111 bool force_immediate_load, | |
| 112 scoped_refptr<base::SequencedTaskRunner> background_task_runner) { | |
| 113 const base::CommandLine* command_line = | |
| 114 base::CommandLine::ForCurrentProcess(); | |
| 115 // Don't initialize cloud policy for the signin profile. | |
| 116 if (chromeos::ProfileHelper::IsSigninProfile(profile)) | |
| 117 return std::unique_ptr<UserCloudPolicyManagerChromeOS>(); | |
| 118 | |
| 119 // |user| should never be NULL except for the signin profile. This object is | |
| 120 // created as part of the Profile creation, which happens right after | |
| 121 // sign-in. The just-signed-in User is the active user during that time. | |
| 122 const user_manager::User* user = | |
| 123 chromeos::ProfileHelper::Get()->GetUserByProfile(profile); | |
| 124 CHECK(user); | |
| 125 | |
| 126 // User policy exists for enterprise accounts only: | |
| 127 // - For regular enterprise users (those who have a GAIA account), a | |
| 128 // |UserCloudPolicyManagerChromeOS| is created here. | |
| 129 // - For device-local accounts, policy is provided by | |
| 130 // |DeviceLocalAccountPolicyService|. | |
| 131 // All other user types do not have user policy. | |
| 132 const AccountId account_id = user->GetAccountId(); | |
| 133 if (!user->HasGaiaAccount() || user->IsSupervised() || | |
| 134 BrowserPolicyConnector::IsNonEnterpriseUser(account_id.GetUserEmail())) { | |
| 135 return std::unique_ptr<UserCloudPolicyManagerChromeOS>(); | |
| 136 } | |
| 137 | |
| 138 policy::BrowserPolicyConnectorChromeOS* connector = | |
| 139 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | |
| 140 const bool is_browser_restart = | |
| 141 command_line->HasSwitch(chromeos::switches::kLoginUser); | |
| 142 const user_manager::UserManager* const user_manager = | |
| 143 user_manager::UserManager::Get(); | |
| 144 | |
| 145 // We want to block for policy in a few situations: if the user is new, or | |
| 146 // if we are forcing an online signin. An online signin will be forced if | |
| 147 // there has been a credential error, or if the initial session creation | |
| 148 // was not completed (the oauth_token_status is not set to valid by | |
| 149 // OAuth2LoginManager until profile creation/session restore is complete). | |
| 150 const bool block_forever_for_policy = | |
| 151 !user_manager->IsLoggedInAsStub() && | |
| 152 (user_manager->IsCurrentUserNew() || | |
| 153 user_manager->GetActiveUser()->force_online_signin() || | |
| 154 user_manager->GetActiveUser()->oauth_token_status() != | |
| 155 user_manager::User::OAUTH2_TOKEN_STATUS_VALID); | |
| 156 | |
| 157 const bool wait_for_policy_fetch = | |
| 158 block_forever_for_policy || !is_browser_restart; | |
| 159 | |
| 160 base::TimeDelta initial_policy_fetch_timeout; | |
| 161 if (block_forever_for_policy) { | |
| 162 initial_policy_fetch_timeout = base::TimeDelta::Max(); | |
| 163 } else if (wait_for_policy_fetch) { | |
| 164 initial_policy_fetch_timeout = | |
| 165 base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds); | |
| 166 } | |
| 167 | |
| 168 DeviceManagementService* device_management_service = | |
| 169 connector->device_management_service(); | |
| 170 if (wait_for_policy_fetch) | |
| 171 device_management_service->ScheduleInitialization(0); | |
| 172 | |
| 173 base::FilePath profile_dir = profile->GetPath(); | |
| 174 const base::FilePath component_policy_cache_dir = | |
| 175 profile_dir.Append(kPolicy).Append(kComponentsDir); | |
| 176 const base::FilePath external_data_dir = | |
| 177 profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir); | |
| 178 base::FilePath policy_key_dir; | |
| 179 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir)); | |
| 180 | |
| 181 std::unique_ptr<UserCloudPolicyStoreChromeOS> store( | |
| 182 new UserCloudPolicyStoreChromeOS( | |
| 183 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(), | |
| 184 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(), | |
| 185 background_task_runner, account_id, policy_key_dir)); | |
| 186 | |
| 187 scoped_refptr<base::SequencedTaskRunner> backend_task_runner = | |
| 188 content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner( | |
| 189 content::BrowserThread::GetBlockingPool()->GetSequenceToken()); | |
| 190 scoped_refptr<base::SequencedTaskRunner> io_task_runner = | |
| 191 content::BrowserThread::GetTaskRunnerForThread( | |
| 192 content::BrowserThread::IO); | |
| 193 std::unique_ptr<CloudExternalDataManager> external_data_manager( | |
| 194 new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails), | |
| 195 backend_task_runner, io_task_runner, | |
| 196 external_data_dir, store.get())); | |
| 197 if (force_immediate_load) | |
| 198 store->LoadImmediately(); | |
| 199 | |
| 200 scoped_refptr<base::SequencedTaskRunner> file_task_runner = | |
| 201 content::BrowserThread::GetTaskRunnerForThread( | |
| 202 content::BrowserThread::FILE); | |
| 203 | |
| 204 std::unique_ptr<UserCloudPolicyManagerChromeOS> manager( | |
| 205 new UserCloudPolicyManagerChromeOS( | |
| 206 std::move(store), std::move(external_data_manager), | |
| 207 component_policy_cache_dir, wait_for_policy_fetch, | |
| 208 initial_policy_fetch_timeout, base::ThreadTaskRunnerHandle::Get(), | |
| 209 file_task_runner, io_task_runner)); | |
| 210 | |
| 211 bool wildcard_match = false; | |
| 212 if (connector->IsEnterpriseManaged() && | |
| 213 chromeos::CrosSettings::IsWhitelisted(account_id.GetUserEmail(), | |
| 214 &wildcard_match) && | |
| 215 wildcard_match && | |
| 216 !connector->IsNonEnterpriseUser(account_id.GetUserEmail())) { | |
| 217 manager->EnableWildcardLoginCheck(account_id.GetUserEmail()); | |
| 218 } | |
| 219 | |
| 220 manager->Init( | |
| 221 SchemaRegistryServiceFactory::GetForContext(profile)->registry()); | |
| 222 manager->Connect(g_browser_process->local_state(), device_management_service, | |
| 223 g_browser_process->system_request_context()); | |
| 224 | |
| 225 DCHECK(managers_.find(profile) == managers_.end()); | |
| 226 managers_[profile] = manager.get(); | |
| 227 return manager; | |
| 228 } | |
| 229 | |
| 230 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown( | |
| 231 content::BrowserContext* context) { | |
| 232 Profile* profile = static_cast<Profile*>(context); | |
| 233 if (profile->IsOffTheRecord()) | |
| 234 return; | |
| 235 UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile); | |
| 236 if (manager) | |
| 237 manager->Shutdown(); | |
| 238 } | |
| 239 | |
| 240 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed( | |
| 241 content::BrowserContext* context) { | |
| 242 Profile* profile = static_cast<Profile*>(context); | |
| 243 managers_.erase(profile); | |
| 244 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context); | |
| 245 } | |
| 246 | |
| 247 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory( | |
| 248 content::BrowserContext* context) {} | |
| 249 | |
| 250 bool UserCloudPolicyManagerFactoryChromeOS::HasTestingFactory( | |
| 251 content::BrowserContext* context) { | |
| 252 return false; | |
| 253 } | |
| 254 | |
| 255 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow( | |
| 256 content::BrowserContext* context) {} | |
| 257 | |
| 258 } // namespace policy | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2606773002:
Setup Chromad user policy plumbing (Closed)
