| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/policy/profile_policy_connector.h" | 5 #include "chrome/browser/policy/profile_policy_connector.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 #include "google_apis/gaia/gaia_auth_util.h" | 24 #include "google_apis/gaia/gaia_auth_util.h" |
| 25 | 25 |
| 26 #if defined(OS_CHROMEOS) | 26 #if defined(OS_CHROMEOS) |
| 27 #include "chrome/browser/browser_process_platform_part.h" | 27 #include "chrome/browser/browser_process_platform_part.h" |
| 28 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | 28 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 29 #include "chrome/browser/chromeos/policy/device_active_directory_policy_manager.
h" | 29 #include "chrome/browser/chromeos/policy/device_active_directory_policy_manager.
h" |
| 30 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 30 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 31 #include "chrome/browser/chromeos/policy/device_local_account.h" | 31 #include "chrome/browser/chromeos/policy/device_local_account.h" |
| 32 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" | 32 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h" |
| 33 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h" | 33 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h" |
| 34 #include "chrome/browser/chromeos/policy/user_active_directory_policy_manager.h" |
| 34 #include "components/user_manager/user.h" | 35 #include "components/user_manager/user.h" |
| 35 #include "components/user_manager/user_manager.h" | 36 #include "components/user_manager/user_manager.h" |
| 36 #endif | 37 #endif |
| 37 | 38 |
| 38 namespace policy { | 39 namespace policy { |
| 39 | 40 |
| 40 namespace { | 41 namespace { |
| 41 | 42 |
| 42 std::string GetCloudPolicyManagementDomain( | 43 std::string GetStoreManagementDomain(const CloudPolicyStore* policy_store) { |
| 43 const CloudPolicyManager* cloud_policy_manager) { | 44 if (policy_store) { |
| 44 const CloudPolicyStore* const store = cloud_policy_manager->core()->store(); | 45 CHECK(policy_store->is_initialized()) |
| 45 if (store) { | |
| 46 CHECK(store->is_initialized()) | |
| 47 << "Cloud policy management domain must be " | 46 << "Cloud policy management domain must be " |
| 48 "requested only after the policy system is fully initialized"; | 47 "requested only after the policy system is fully initialized"; |
| 49 if (store->is_managed() && store->policy()->has_username()) | 48 if (policy_store->is_managed() && policy_store->policy()->has_username()) |
| 50 return gaia::ExtractDomainName(store->policy()->username()); | 49 return gaia::ExtractDomainName(policy_store->policy()->username()); |
| 51 } | 50 } |
| 52 return ""; | 51 return std::string(); |
| 53 } | 52 } |
| 54 | 53 |
| 55 } // namespace | 54 } // namespace |
| 56 | 55 |
| 57 ProfilePolicyConnector::ProfilePolicyConnector() | 56 ProfilePolicyConnector::ProfilePolicyConnector() {} |
| 58 #if defined(OS_CHROMEOS) | |
| 59 : is_primary_user_(false), | |
| 60 user_cloud_policy_manager_(nullptr) | |
| 61 #else | |
| 62 : user_cloud_policy_manager_(nullptr) | |
| 63 #endif | |
| 64 { | |
| 65 } | |
| 66 | 57 |
| 67 ProfilePolicyConnector::~ProfilePolicyConnector() {} | 58 ProfilePolicyConnector::~ProfilePolicyConnector() {} |
| 68 | 59 |
| 69 void ProfilePolicyConnector::Init( | 60 void ProfilePolicyConnector::Init( |
| 70 #if defined(OS_CHROMEOS) | |
| 71 const user_manager::User* user, | 61 const user_manager::User* user, |
| 72 #endif | |
| 73 SchemaRegistry* schema_registry, | 62 SchemaRegistry* schema_registry, |
| 74 CloudPolicyManager* user_cloud_policy_manager) { | 63 ConfigurationPolicyProvider* configuration_policy_provider, |
| 75 user_cloud_policy_manager_ = user_cloud_policy_manager; | 64 const CloudPolicyStore* policy_store) { |
| 65 configuration_policy_provider_ = configuration_policy_provider; |
| 66 policy_store_ = policy_store; |
| 76 | 67 |
| 77 #if defined(OS_CHROMEOS) | 68 #if defined(OS_CHROMEOS) |
| 78 BrowserPolicyConnectorChromeOS* connector = | 69 BrowserPolicyConnectorChromeOS* connector = |
| 79 g_browser_process->platform_part()->browser_policy_connector_chromeos(); | 70 g_browser_process->platform_part()->browser_policy_connector_chromeos(); |
| 80 #else | 71 #else |
| 72 DCHECK_EQ(nullptr, user); |
| 81 BrowserPolicyConnector* connector = | 73 BrowserPolicyConnector* connector = |
| 82 g_browser_process->browser_policy_connector(); | 74 g_browser_process->browser_policy_connector(); |
| 83 #endif | 75 #endif |
| 84 | 76 |
| 85 if (connector->GetPlatformProvider()) { | 77 if (connector->GetPlatformProvider()) { |
| 86 wrapped_platform_policy_provider_.reset( | 78 wrapped_platform_policy_provider_.reset( |
| 87 new SchemaRegistryTrackingPolicyProvider( | 79 new SchemaRegistryTrackingPolicyProvider( |
| 88 connector->GetPlatformProvider())); | 80 connector->GetPlatformProvider())); |
| 89 wrapped_platform_policy_provider_->Init(schema_registry); | 81 wrapped_platform_policy_provider_->Init(schema_registry); |
| 90 policy_providers_.push_back(wrapped_platform_policy_provider_.get()); | 82 policy_providers_.push_back(wrapped_platform_policy_provider_.get()); |
| 91 } | 83 } |
| 92 | 84 |
| 93 #if defined(OS_CHROMEOS) | 85 #if defined(OS_CHROMEOS) |
| 94 if (connector->GetDeviceCloudPolicyManager()) { | 86 if (connector->GetDeviceCloudPolicyManager()) { |
| 95 policy_providers_.push_back(connector->GetDeviceCloudPolicyManager()); | 87 policy_providers_.push_back(connector->GetDeviceCloudPolicyManager()); |
| 96 } | 88 } |
| 97 if (connector->GetDeviceActiveDirectoryPolicyManager()) { | 89 if (connector->GetDeviceActiveDirectoryPolicyManager()) { |
| 98 policy_providers_.push_back( | 90 policy_providers_.push_back( |
| 99 connector->GetDeviceActiveDirectoryPolicyManager()); | 91 connector->GetDeviceActiveDirectoryPolicyManager()); |
| 100 } | 92 } |
| 101 #endif | 93 #endif |
| 102 | 94 |
| 103 if (user_cloud_policy_manager) | 95 if (configuration_policy_provider) |
| 104 policy_providers_.push_back(user_cloud_policy_manager); | 96 policy_providers_.push_back(configuration_policy_provider); |
| 105 | 97 |
| 106 #if defined(OS_CHROMEOS) | 98 #if defined(OS_CHROMEOS) |
| 107 if (!user) { | 99 if (!user) { |
| 108 DCHECK(schema_registry); | 100 DCHECK(schema_registry); |
| 109 // This case occurs for the signin profile. | 101 // This case occurs for the signin profile. |
| 110 special_user_policy_provider_.reset( | 102 special_user_policy_provider_.reset( |
| 111 new LoginProfilePolicyProvider(connector->GetPolicyService())); | 103 new LoginProfilePolicyProvider(connector->GetPolicyService())); |
| 112 } else { | 104 } else { |
| 113 // |user| should never be nullptr except for the signin profile. | 105 // |user| should never be nullptr except for the signin profile. |
| 114 is_primary_user_ = | 106 is_primary_user_ = |
| 115 user == user_manager::UserManager::Get()->GetPrimaryUser(); | 107 user == user_manager::UserManager::Get()->GetPrimaryUser(); |
| 116 // Note that |DeviceLocalAccountPolicyProvider::Create| returns nullptr when | 108 // Note that |DeviceLocalAccountPolicyProvider::Create| returns nullptr when |
| 117 // the user supplied is not a device-local account user. | 109 // the user supplied is not a device-local account user. |
| 118 special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create( | 110 special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create( |
| 119 user->GetAccountId().GetUserEmail(), | 111 user->GetAccountId().GetUserEmail(), |
| 120 connector->GetDeviceLocalAccountPolicyService()); | 112 connector->GetDeviceLocalAccountPolicyService()); |
| 121 } | 113 } |
| 122 if (special_user_policy_provider_) { | 114 if (special_user_policy_provider_) { |
| 123 special_user_policy_provider_->Init(schema_registry); | 115 special_user_policy_provider_->Init(schema_registry); |
| 124 policy_providers_.push_back(special_user_policy_provider_.get()); | 116 policy_providers_.push_back(special_user_policy_provider_.get()); |
| 125 } | 117 } |
| 126 #endif | 118 #endif |
| 127 | 119 |
| 128 policy_service_.reset(new PolicyServiceImpl(policy_providers_)); | 120 policy_service_.reset(new PolicyServiceImpl(policy_providers_)); |
| 129 | 121 |
| 130 #if defined(OS_CHROMEOS) | 122 #if defined(OS_CHROMEOS) |
| 131 if (is_primary_user_) { | 123 if (is_primary_user_) { |
| 132 if (user_cloud_policy_manager) | 124 if (configuration_policy_provider) |
| 133 connector->SetUserPolicyDelegate(user_cloud_policy_manager); | 125 connector->SetUserPolicyDelegate(configuration_policy_provider); |
| 134 else if (special_user_policy_provider_) | 126 else if (special_user_policy_provider_) |
| 135 connector->SetUserPolicyDelegate(special_user_policy_provider_.get()); | 127 connector->SetUserPolicyDelegate(special_user_policy_provider_.get()); |
| 136 } | 128 } |
| 137 #endif | 129 #endif |
| 138 } | 130 } |
| 139 | 131 |
| 140 void ProfilePolicyConnector::InitForTesting( | 132 void ProfilePolicyConnector::InitForTesting( |
| 141 std::unique_ptr<PolicyService> service) { | 133 std::unique_ptr<PolicyService> service) { |
| 142 policy_service_ = std::move(service); | 134 policy_service_ = std::move(service); |
| 143 } | 135 } |
| (...skipping 16 matching lines...) Expand all Loading... |
| 160 wrapped_platform_policy_provider_->Shutdown(); | 152 wrapped_platform_policy_provider_->Shutdown(); |
| 161 } | 153 } |
| 162 | 154 |
| 163 bool ProfilePolicyConnector::IsManaged() const { | 155 bool ProfilePolicyConnector::IsManaged() const { |
| 164 if (is_managed_override_) | 156 if (is_managed_override_) |
| 165 return *is_managed_override_; | 157 return *is_managed_override_; |
| 166 return !GetManagementDomain().empty(); | 158 return !GetManagementDomain().empty(); |
| 167 } | 159 } |
| 168 | 160 |
| 169 std::string ProfilePolicyConnector::GetManagementDomain() const { | 161 std::string ProfilePolicyConnector::GetManagementDomain() const { |
| 170 if (user_cloud_policy_manager_) | 162 if (policy_store_) |
| 171 return GetCloudPolicyManagementDomain(user_cloud_policy_manager_); | 163 return GetStoreManagementDomain(policy_store_); |
| 172 #if defined(OS_CHROMEOS) | 164 #if defined(OS_CHROMEOS) |
| 173 if (special_user_policy_provider_) { | 165 if (special_user_policy_provider_) { |
| 174 // |special_user_policy_provider_| is non-null for device-local accounts and | 166 // |special_user_policy_provider_| is non-null for device-local accounts and |
| 175 // for the login profile. | 167 // for the login profile. |
| 176 // They receive policy iff the device itself is managed. | 168 // They receive policy iff the device itself is managed. |
| 177 const DeviceCloudPolicyManagerChromeOS* const device_cloud_policy_manager = | 169 const DeviceCloudPolicyManagerChromeOS* const device_cloud_policy_manager = |
| 178 g_browser_process->platform_part() | 170 g_browser_process->platform_part() |
| 179 ->browser_policy_connector_chromeos() | 171 ->browser_policy_connector_chromeos() |
| 180 ->GetDeviceCloudPolicyManager(); | 172 ->GetDeviceCloudPolicyManager(); |
| 181 // The device_cloud_policy_manager can be a nullptr in unit tests. | 173 // The device_cloud_policy_manager can be a nullptr in unit tests. |
| 182 if (device_cloud_policy_manager) | 174 if (device_cloud_policy_manager) |
| 183 return GetCloudPolicyManagementDomain(device_cloud_policy_manager); | 175 return GetStoreManagementDomain( |
| 176 device_cloud_policy_manager->core()->store()); |
| 184 } | 177 } |
| 185 #endif | 178 #endif |
| 186 return ""; | 179 return std::string(); |
| 187 } | 180 } |
| 188 | 181 |
| 189 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const { | 182 bool ProfilePolicyConnector::IsProfilePolicy(const char* policy_key) const { |
| 190 const ConfigurationPolicyProvider* const provider = | 183 const ConfigurationPolicyProvider* const provider = |
| 191 DeterminePolicyProviderForPolicy(name); | 184 DeterminePolicyProviderForPolicy(policy_key); |
| 192 return provider == user_cloud_policy_manager_; | 185 return provider == configuration_policy_provider_; |
| 193 } | 186 } |
| 194 | 187 |
| 195 const ConfigurationPolicyProvider* | 188 const ConfigurationPolicyProvider* |
| 196 ProfilePolicyConnector::DeterminePolicyProviderForPolicy( | 189 ProfilePolicyConnector::DeterminePolicyProviderForPolicy( |
| 197 const char* name) const { | 190 const char* policy_key) const { |
| 198 const PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, ""); | 191 const PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, ""); |
| 199 for (const ConfigurationPolicyProvider* provider : policy_providers_) { | 192 for (const ConfigurationPolicyProvider* provider : policy_providers_) { |
| 200 if (provider->policies().Get(chrome_ns).Get(name)) | 193 if (provider->policies().Get(chrome_ns).Get(policy_key)) |
| 201 return provider; | 194 return provider; |
| 202 } | 195 } |
| 203 return nullptr; | 196 return nullptr; |
| 204 } | 197 } |
| 205 | 198 |
| 206 } // namespace policy | 199 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2606773002:
Setup Chromad user policy plumbing (Closed)
