OLD | NEW |
---|---|
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef REMOTING_HOST_POLICY_WATCHER_H_ | 5 #ifndef REMOTING_HOST_POLICY_WATCHER_H_ |
6 #define REMOTING_HOST_POLICY_WATCHER_H_ | 6 #define REMOTING_HOST_POLICY_WATCHER_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 | 9 |
10 #include "base/callback.h" | 10 #include "base/callback.h" |
11 #include "base/macros.h" | 11 #include "base/macros.h" |
12 #include "base/memory/ref_counted.h" | 12 #include "base/memory/ref_counted.h" |
13 #include "base/threading/non_thread_safe.h" | 13 #include "base/threading/non_thread_safe.h" |
14 #include "components/policy/core/common/policy_service.h" | 14 #include "components/policy/core/common/policy_service.h" |
15 | 15 |
16 namespace base { | 16 namespace base { |
17 class DictionaryValue; | 17 class DictionaryValue; |
18 class SingleThreadTaskRunner; | 18 class SingleThreadTaskRunner; |
19 } // namespace base | 19 } // namespace base |
20 | 20 |
21 namespace policy { | 21 namespace policy { |
22 class AsyncPolicyLoader; | 22 class AsyncPolicyLoader; |
23 class ConfigurationPolicyProvider; | |
24 class Schema; | 23 class Schema; |
25 class SchemaRegistry; | |
26 } // namespace policy | 24 } // namespace policy |
27 | 25 |
28 namespace remoting { | 26 namespace remoting { |
29 | 27 |
30 // Watches for changes to the managed remote access host policies. | 28 // Watches for changes to the managed remote access host policies. |
31 class PolicyWatcher : public policy::PolicyService::Observer, | 29 class PolicyWatcher : public base::NonThreadSafe { |
32 public base::NonThreadSafe { | |
33 public: | 30 public: |
34 // Called first with all policies, and subsequently with any changed policies. | 31 // Called first with all policies, and subsequently with any changed policies. |
35 typedef base::Callback<void(std::unique_ptr<base::DictionaryValue>)> | 32 typedef base::Callback<void(std::unique_ptr<base::DictionaryValue>)> |
36 PolicyUpdatedCallback; | 33 PolicyUpdatedCallback; |
37 | 34 |
38 // Called after detecting malformed policies. | 35 // Called after detecting malformed policies. |
39 typedef base::Callback<void()> PolicyErrorCallback; | 36 typedef base::Callback<void()> PolicyErrorCallback; |
40 | 37 |
41 ~PolicyWatcher() override; | 38 virtual ~PolicyWatcher() = 0; |
Sergey Ulanov
2017/02/23 19:18:55
s/=0/{}/
I didn't know destructor can be pure virt
rkjnsn
2017/02/23 22:28:10
Pure virtual destructors are interesting beasts. U
| |
42 | 39 |
43 // This guarantees that the |policy_updated_callback| is called at least once | 40 // This guarantees that the |policy_updated_callback| is called at least once |
44 // with the current policies. After that, |policy_updated_callback| will be | 41 // with the current policies. After that, |policy_updated_callback| will be |
45 // called whenever a change to any policy is detected. It will then be called | 42 // called whenever a change to any policy is detected. It will then be called |
46 // only with the changed policies. | 43 // only with the changed policies. |
47 // | 44 // |
48 // |policy_error_callback| will be called when malformed policies are detected | 45 // |policy_error_callback| will be called when malformed policies are detected |
49 // (i.e. wrong type of policy value, or unparseable files under | 46 // (i.e. wrong type of policy value, or unparseable files under |
50 // /etc/opt/chrome/policies/managed). | 47 // /etc/opt/chrome/policies/managed). |
51 // When called, the |policy_error_callback| is responsible for mitigating the | 48 // When called, the |policy_error_callback| is responsible for mitigating the |
52 // security risk of running with incorrectly formulated policies (by either | 49 // security risk of running with incorrectly formulated policies (by either |
53 // shutting down or locking down the host). | 50 // shutting down or locking down the host). |
54 // After calling |policy_error_callback| PolicyWatcher will continue watching | 51 // After calling |policy_error_callback| PolicyWatcher will continue watching |
55 // for policy changes and will call |policy_updated_callback| when the error | 52 // for policy changes and will call |policy_updated_callback| when the error |
56 // is recovered from and may call |policy_error_callback| when new errors are | 53 // is recovered from and may call |policy_error_callback| when new errors are |
57 // found. | 54 // found. |
58 virtual void StartWatching( | 55 virtual void StartWatching( |
59 const PolicyUpdatedCallback& policy_updated_callback, | 56 const PolicyUpdatedCallback& policy_updated_callback, |
60 const PolicyErrorCallback& policy_error_callback); | 57 const PolicyErrorCallback& policy_error_callback) = 0; |
61 | 58 |
62 // Specify a |policy_service| to borrow (on Chrome OS, from the browser | 59 // Specify a |policy_service| to borrow (on Chrome OS, from the browser |
63 // process) or specify nullptr to internally construct and use a new | 60 // process) or specify nullptr to internally construct and use a new |
64 // PolicyService (on other OS-es). PolicyWatcher must be used on the thread on | 61 // PolicyService (on other OS-es). PolicyWatcher must be used on the thread on |
65 // which it is created. |policy_service| is called on the same thread. | 62 // which it is created. |policy_service| is called on the same thread. |
66 // | 63 // |
67 // When |policy_service| is null, then |file_task_runner| is used for reading | 64 // When |policy_service| is null, then |file_task_runner| is used for reading |
68 // the policy from files / registry / preferences (which are blocking | 65 // the policy from files / registry / preferences (which are blocking |
69 // operations). |file_task_runner| should be of TYPE_IO type. | 66 // operations). |file_task_runner| should be of TYPE_IO type. |
70 // | 67 // |
71 // When |policy_service| is specified then |file_task_runner| argument is | 68 // When |policy_service| is specified then |file_task_runner| argument is |
72 // ignored and 1) BrowserThread::UI is used for PolicyUpdatedCallback and | 69 // ignored and 1) BrowserThread::UI is used for PolicyUpdatedCallback and |
73 // PolicyErrorCallback and 2) BrowserThread::FILE is used for reading the | 70 // PolicyErrorCallback and 2) BrowserThread::FILE is used for reading the |
74 // policy from files / registry / preferences (although (2) is just an | 71 // policy from files / registry / preferences (although (2) is just an |
75 // implementation detail and should likely be ignored outside of | 72 // implementation detail and should likely be ignored outside of |
76 // PolicyWatcher). | 73 // PolicyWatcher). |
77 static std::unique_ptr<PolicyWatcher> Create( | 74 static std::unique_ptr<PolicyWatcher> Create( |
78 policy::PolicyService* policy_service, | 75 policy::PolicyService* policy_service, |
79 const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner); | 76 const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner); |
80 | 77 |
78 protected: | |
79 PolicyWatcher(); | |
Sergey Ulanov
2017/02/23 19:18:55
Usually for interfaces the constructor should have
rkjnsn
2017/02/23 22:28:10
Okay, I'll move it inline.
| |
80 | |
81 private: | 81 private: |
82 friend class PolicyWatcherTest; | 82 friend class PolicyWatcherTest; |
83 | 83 |
84 // Gets Chromoting schema stored inside |owned_schema_registry_|. | |
85 const policy::Schema* GetPolicySchema() const; | |
86 | |
87 // Simplifying wrapper around Schema::Normalize. | |
88 // - Returns false if |dict| is invalid (i.e. contains mistyped policy | |
89 // values). | |
90 // - Returns true if |dict| was valid or got normalized. | |
91 bool NormalizePolicies(base::DictionaryValue* dict); | |
92 | |
93 // Stores |new_policies| into |old_policies_|. Returns dictionary with items | |
94 // from |new_policies| that are different from the old |old_policies_|. | |
95 std::unique_ptr<base::DictionaryValue> StoreNewAndReturnChangedPolicies( | |
96 std::unique_ptr<base::DictionaryValue> new_policies); | |
97 | |
98 // Signals policy error to the registered |PolicyErrorCallback|. | |
99 void SignalPolicyError(); | |
100 | |
101 // |policy_service_task_runner| is the task runner where it is safe | |
102 // to call |policy_service_| methods and where we expect to get callbacks | |
103 // from |policy_service_|. | |
104 PolicyWatcher(policy::PolicyService* policy_service, | |
105 std::unique_ptr<policy::PolicyService> owned_policy_service, | |
106 std::unique_ptr<policy::ConfigurationPolicyProvider> | |
107 owned_policy_provider, | |
108 std::unique_ptr<policy::SchemaRegistry> owned_schema_registry); | |
109 | |
110 // Creates PolicyWatcher that wraps the owned |async_policy_loader| with an | 84 // Creates PolicyWatcher that wraps the owned |async_policy_loader| with an |
111 // appropriate PolicySchema. | 85 // appropriate PolicySchema. |
112 // | 86 // |
113 // |policy_service_task_runner| is passed through to the constructor of | 87 // |policy_service_task_runner| is passed through to the constructor of |
114 // PolicyWatcher. | 88 // PolicyWatcher. |
115 static std::unique_ptr<PolicyWatcher> CreateFromPolicyLoader( | 89 static std::unique_ptr<PolicyWatcher> CreateFromPolicyLoader( |
116 std::unique_ptr<policy::AsyncPolicyLoader> async_policy_loader); | 90 std::unique_ptr<policy::AsyncPolicyLoader> async_policy_loader); |
117 | 91 |
118 // PolicyService::Observer interface. | 92 // Gets Chromoting schema stored inside |owned_schema_registry_|. |
119 void OnPolicyUpdated(const policy::PolicyNamespace& ns, | 93 virtual const policy::Schema* GetPolicySchema() const = 0; |
120 const policy::PolicyMap& previous, | |
121 const policy::PolicyMap& current) override; | |
122 void OnPolicyServiceInitialized(policy::PolicyDomain domain) override; | |
123 | 94 |
124 PolicyUpdatedCallback policy_updated_callback_; | 95 // Gets default policy values. |
125 PolicyErrorCallback policy_error_callback_; | 96 virtual const base::DictionaryValue* GetDefaultValues() const = 0; |
Sergey Ulanov
2017/02/23 19:18:55
I don't think these private methods need to be her
| |
126 | |
127 std::unique_ptr<base::DictionaryValue> old_policies_; | |
128 std::unique_ptr<base::DictionaryValue> default_values_; | |
129 | |
130 policy::PolicyService* policy_service_; | |
131 | |
132 // Order of fields below is important to ensure destruction takes object | |
133 // dependencies into account: | |
134 // - |owned_policy_service_| uses |owned_policy_provider_| | |
135 // - |owned_policy_provider_| uses |owned_schema_registry_| | |
136 std::unique_ptr<policy::SchemaRegistry> owned_schema_registry_; | |
137 std::unique_ptr<policy::ConfigurationPolicyProvider> owned_policy_provider_; | |
138 std::unique_ptr<policy::PolicyService> owned_policy_service_; | |
139 | 97 |
140 DISALLOW_COPY_AND_ASSIGN(PolicyWatcher); | 98 DISALLOW_COPY_AND_ASSIGN(PolicyWatcher); |
141 }; | 99 }; |
142 | 100 |
143 } // namespace remoting | 101 } // namespace remoting |
144 | 102 |
145 #endif // REMOTING_HOST_POLICY_WATCHER_H_ | 103 #endif // REMOTING_HOST_POLICY_WATCHER_H_ |
OLD | NEW |