| Index: chrome/browser/chromeos/policy/active_directory_policy_manager.cc
|
| diff --git a/chrome/browser/chromeos/policy/active_directory_policy_manager.cc b/chrome/browser/chromeos/policy/active_directory_policy_manager.cc
|
| index fd358156d9068a733f005805ddfc827e0f3d1b75..2c532255008272cd9a55a861f2b61fc5b65004a3 100644
|
| --- a/chrome/browser/chromeos/policy/active_directory_policy_manager.cc
|
| +++ b/chrome/browser/chromeos/policy/active_directory_policy_manager.cc
|
| @@ -9,12 +9,28 @@
|
|
|
| #include "base/logging.h"
|
| #include "base/memory/ptr_util.h"
|
| +#include "base/threading/thread_task_runner_handle.h"
|
| #include "chromeos/dbus/auth_policy_client.h"
|
| #include "chromeos/dbus/dbus_thread_manager.h"
|
| #include "components/policy/core/common/policy_bundle.h"
|
| #include "components/policy/core/common/policy_types.h"
|
| #include "components/policy/policy_constants.h"
|
|
|
| +namespace {
|
| +
|
| +// Refresh policy every 90 minutes which matches the Windows default:
|
| +// https://technet.microsoft.com/en-us/library/cc940895.aspx
|
| +constexpr base::TimeDelta kRefreshInterval = base::TimeDelta::FromMinutes(90);
|
| +
|
| +// After startup, delay initial policy fetch to keep authpolicyd free for more
|
| +// important tasks like user auth.
|
| +constexpr base::TimeDelta kInitialFetchDelay = base::TimeDelta::FromSeconds(60);
|
| +
|
| +// Retry delay in case of |refresh_in_progress_|.
|
| +constexpr base::TimeDelta kBusyRetryInterval = base::TimeDelta::FromSeconds(1);
|
| +
|
| +} // namespace
|
| +
|
| namespace policy {
|
|
|
| ActiveDirectoryPolicyManager::~ActiveDirectoryPolicyManager() {}
|
| @@ -47,7 +63,7 @@ void ActiveDirectoryPolicyManager::Init(SchemaRegistry* registry) {
|
| // Does nothing if |store_| hasn't yet initialized.
|
| PublishPolicy();
|
|
|
| - RefreshPolicies();
|
| + ScheduleAutomaticRefresh();
|
| }
|
|
|
| void ActiveDirectoryPolicyManager::Shutdown() {
|
| @@ -57,28 +73,14 @@ void ActiveDirectoryPolicyManager::Shutdown() {
|
|
|
| bool ActiveDirectoryPolicyManager::IsInitializationComplete(
|
| PolicyDomain domain) const {
|
| - if (domain == POLICY_DOMAIN_CHROME)
|
| + if (domain == POLICY_DOMAIN_CHROME) {
|
| return store_->is_initialized();
|
| + }
|
| return true;
|
| }
|
|
|
| void ActiveDirectoryPolicyManager::RefreshPolicies() {
|
| - chromeos::DBusThreadManager* thread_manager =
|
| - chromeos::DBusThreadManager::Get();
|
| - DCHECK(thread_manager);
|
| - chromeos::AuthPolicyClient* auth_policy_client =
|
| - thread_manager->GetAuthPolicyClient();
|
| - DCHECK(auth_policy_client);
|
| - if (account_id_ == EmptyAccountId()) {
|
| - auth_policy_client->RefreshDevicePolicy(
|
| - base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
|
| - weak_ptr_factory_.GetWeakPtr()));
|
| - } else {
|
| - auth_policy_client->RefreshUserPolicy(
|
| - account_id_,
|
| - base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
|
| - weak_ptr_factory_.GetWeakPtr()));
|
| - }
|
| + ScheduleRefresh(base::TimeDelta());
|
| }
|
|
|
| void ActiveDirectoryPolicyManager::OnStoreLoaded(
|
| @@ -127,6 +129,70 @@ void ActiveDirectoryPolicyManager::OnPolicyRefreshed(bool success) {
|
| // Load independently of success or failure to keep up to date with whatever
|
| // has happened on the authpolicyd / session manager side.
|
| store_->Load();
|
| +
|
| + refresh_in_progress_ = false;
|
| + last_refresh_ = base::TimeTicks::Now();
|
| + ScheduleAutomaticRefresh();
|
| +}
|
| +
|
| +void ActiveDirectoryPolicyManager::ScheduleRefresh(base::TimeDelta delay) {
|
| + if (refresh_task_) {
|
| + refresh_task_->Cancel();
|
| + }
|
| + refresh_task_ = base::MakeUnique<base::CancelableClosure>(
|
| + base::Bind(&ActiveDirectoryPolicyManager::RunScheduledRefresh,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| + base::ThreadTaskRunnerHandle::Get()->PostDelayedTask(
|
| + FROM_HERE, refresh_task_->callback(), delay);
|
| +}
|
| +
|
| +void ActiveDirectoryPolicyManager::ScheduleAutomaticRefresh() {
|
| + base::TimeTicks baseline;
|
| + base::TimeDelta interval;
|
| + if (retry_refresh_) {
|
| + baseline = last_refresh_;
|
| + interval = kBusyRetryInterval;
|
| + } else if (last_refresh_ == base::TimeTicks()) {
|
| + baseline = startup_;
|
| + interval = kInitialFetchDelay;
|
| + } else {
|
| + baseline = last_refresh_;
|
| + interval = kRefreshInterval;
|
| + }
|
| + base::TimeDelta delay;
|
| + const base::TimeTicks now(base::TimeTicks::Now());
|
| + if (now < baseline + interval) {
|
| + delay = baseline + interval - now;
|
| + }
|
| + ScheduleRefresh(delay);
|
| +}
|
| +
|
| +void ActiveDirectoryPolicyManager::RunScheduledRefresh() {
|
| + // Abort if a refresh is currently in progress (to avoid D-Bus jobs piling up
|
| + // behind each other).
|
| + if (refresh_in_progress_) {
|
| + retry_refresh_ = true;
|
| + return;
|
| + }
|
| +
|
| + retry_refresh_ = false;
|
| + refresh_in_progress_ = true;
|
| + chromeos::DBusThreadManager* thread_manager =
|
| + chromeos::DBusThreadManager::Get();
|
| + DCHECK(thread_manager);
|
| + chromeos::AuthPolicyClient* auth_policy_client =
|
| + thread_manager->GetAuthPolicyClient();
|
| + DCHECK(auth_policy_client);
|
| + if (account_id_ == EmptyAccountId()) {
|
| + auth_policy_client->RefreshDevicePolicy(
|
| + base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| + } else {
|
| + auth_policy_client->RefreshUserPolicy(
|
| + account_id_,
|
| + base::Bind(&ActiveDirectoryPolicyManager::OnPolicyRefreshed,
|
| + weak_ptr_factory_.GetWeakPtr()));
|
| + }
|
| }
|
|
|
| } // namespace policy
|
|
|