Precache policy-for-extensions for device-local accounts.

components/policy/core/common/cloud/component_cloud_policy_service.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/policy/core/common/cloud/component_cloud_policy_service.h"
 
 #include <string>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
@@ skipping 82 matching lines @@
   scoped_refptr<base::SequencedTaskRunner> task_runner_;
 
   // The thread that the |service_| runs on. Used to post policy changes to the
   // right thread.
   scoped_refptr<base::SequencedTaskRunner> service_task_runner_;
 
   scoped_ptr<ResourceCache> cache_;
   scoped_ptr<ExternalPolicyDataFetcher> external_policy_data_fetcher_;
   ComponentCloudPolicyStore store_;
   scoped_ptr<ComponentCloudPolicyUpdater> updater_;
-  scoped_refptr<SchemaMap> schema_map_;
+  bool initialized_;
 
   DISALLOW_COPY_AND_ASSIGN(Backend);
 };
 
 ComponentCloudPolicyService::Backend::Backend(
     base::WeakPtr<ComponentCloudPolicyService> service,
     scoped_refptr<base::SequencedTaskRunner> task_runner,
     scoped_refptr<base::SequencedTaskRunner> service_task_runner,
     scoped_ptr<ResourceCache> cache,
     scoped_ptr<ExternalPolicyDataFetcher> external_policy_data_fetcher)
     : service_(service),
       task_runner_(task_runner),
       service_task_runner_(service_task_runner),
       cache_(cache.Pass()),
       external_policy_data_fetcher_(external_policy_data_fetcher.Pass()),
-      store_(this, cache_.get()) {}
+      store_(this, cache_.get()),
+      initialized_(false) {}
 
 ComponentCloudPolicyService::Backend::~Backend() {}
 
 void ComponentCloudPolicyService::Backend::SetCredentials(
     const std::string& username,
     const std::string& dm_token) {
   if (username.empty() || dm_token.empty()) {
     // No sign-in credentials, so drop any cached policy.
     store_.Clear();
   } else {
     store_.SetCredentials(username, dm_token);
   }
 }
 
 void ComponentCloudPolicyService::Backend::Init(
     scoped_refptr<SchemaMap> schema_map) {
-  DCHECK(!schema_map_);
+  DCHECK(!initialized_);
 
   OnSchemasUpdated(schema_map, scoped_ptr<PolicyNamespaceList>());
 
   // Read the initial policy. Note that this does not trigger notifications
   // through OnComponentCloudPolicyStoreUpdated. Note also that the cached
   // data may contain names or values that don't match the schema for that
   // component; the data must be cached without modifications so that its
   // integrity can be verified using the hash, but it must also be filtered
   // right after a Load().
   store_.Load();
   scoped_ptr<PolicyBundle> bundle(new PolicyBundle);
   bundle->CopyFrom(store_.policy());
-  schema_map_->FilterBundle(bundle.get());
 
   // Start downloading any pending data.
   updater_.reset(new ComponentCloudPolicyUpdater(
       task_runner_, external_policy_data_fetcher_.Pass(), &store_));
 
   service_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&ComponentCloudPolicyService::OnBackendInitialized,
                  service_,
                  base::Passed(&bundle)));
+
+  initialized_ = true;
 }
 
 void ComponentCloudPolicyService::Backend::UpdateExternalPolicy(
     scoped_ptr<em::PolicyFetchResponse> response) {
   updater_->UpdateExternalPolicy(response.Pass());
 }
 
 void ComponentCloudPolicyService::Backend::
     OnComponentCloudPolicyStoreUpdated() {
-  if (!schema_map_) {
+  if (!initialized_) {
     // Ignore notifications triggered by the initial Purge or Clear.
     return;
   }
 
   scoped_ptr<PolicyBundle> bundle(new PolicyBundle);
   bundle->CopyFrom(store_.policy());
-  schema_map_->FilterBundle(bundle.get());
   service_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&ComponentCloudPolicyService::OnPolicyUpdated,
                  service_,
                  base::Passed(&bundle)));
 }
 
 void ComponentCloudPolicyService::Backend::OnSchemasUpdated(
     scoped_refptr<SchemaMap> schema_map,
     scoped_ptr<PolicyNamespaceList> removed) {
   // Purge any components that have been removed.
   const DomainMap& domains = schema_map->GetDomains();
   for (DomainMap::const_iterator domain = domains.begin();
        domain != domains.end(); ++domain) {
     store_.Purge(domain->first,
                  base::Bind(&NotInSchemaMap, schema_map, domain->first));
   }
 
-  // Set |schema_map_| after purging so that the notifications from the store
-  // are ignored on the first OnSchemasUpdated() call from Init().
-  schema_map_ = schema_map;
-
   if (removed) {
     for (size_t i = 0; i < removed->size(); ++i)
       updater_->CancelUpdate((*removed)[i]);
   }
 }
 
 ComponentCloudPolicyService::ComponentCloudPolicyService(
     Delegate* delegate,
     SchemaRegistry* schema_registry,
     CloudPolicyCore* core,
     scoped_ptr<ResourceCache> cache,
     scoped_refptr<net::URLRequestContextGetter> request_context,
     scoped_refptr<base::SequencedTaskRunner> backend_task_runner,
     scoped_refptr<base::SequencedTaskRunner> io_task_runner)
     : delegate_(delegate),
       schema_registry_(schema_registry),
       core_(core),
       request_context_(request_context),
       backend_task_runner_(backend_task_runner),
       io_task_runner_(io_task_runner),
       current_schema_map_(new SchemaMap),
+      unfiltered_policy_(new PolicyBundle),
       started_loading_initial_policy_(false),
       loaded_initial_policy_(false),
       is_registered_for_cloud_policy_(false),
       weak_ptr_factory_(this) {
   external_policy_data_fetcher_backend_.reset(
       new ExternalPolicyDataFetcherBackend(io_task_runner_, request_context));
 
   backend_.reset(
       new Backend(weak_ptr_factory_.GetWeakPtr(),
                   backend_task_runner_,
                   base::MessageLoopProxy::current(),
                   cache.Pass(),
                   external_policy_data_fetcher_backend_->CreateFrontend(
                       backend_task_runner_)));
 
   schema_registry_->AddObserver(this);
   core_->store()->AddObserver(this);
 
   // Wait for the store and the schema registry to become ready before
   // initializing the backend, so that it can get the initial list of
   // components and the cached credentials (if any) to validate the cached
   // policies.
   if (core_->store()->is_initialized())
     OnStoreLoaded(core_->store());
+
+  // Start observing the core and tracking the state of the client.
+  core_->AddObserver(this);
+  if (core_->client())
+    OnCoreConnected(core_);
 }
 
 ComponentCloudPolicyService::~ComponentCloudPolicyService() {
   DCHECK(CalledOnValidThread());
 
   schema_registry_->RemoveObserver(this);
   core_->store()->RemoveObserver(this);
   core_->RemoveObserver(this);
   if (core_->client())
     OnCoreDisconnecting(core_);
@@ skipping 26 matching lines @@
     bool has_new_schemas) {
   DCHECK(CalledOnValidThread());
 
   // Ignore schema updates until the backend is initialized.
   // OnBackendInitialized() will send the current schema to the backend again,
   // in case it was updated before the backend initialized.
   if (!loaded_initial_policy_)
     return;
 
   ReloadSchema();
+
+  // Filter the |unfiltered_policy_| again, now that |current_schema_map_| has
+  // been updated. We must make sure we never serve invalid policy; we must
+  // also filter again if an invalid Schema has now been loaded.
+  OnPolicyUpdated(unfiltered_policy_.Pass());
 }
 
 void ComponentCloudPolicyService::OnCoreConnected(CloudPolicyCore* core) {
   DCHECK(CalledOnValidThread());
   DCHECK_EQ(core_, core);
 
   core_->client()->AddObserver(this);
 
   // Register the supported policy domains at the client.
   core_->client()->AddNamespaceToFetch(
       PolicyNamespaceKey(dm_protocol::kChromeExtensionPolicyType, ""));
 
   // Immediately load any PolicyFetchResponses that the client may already
-  // have.
-  OnPolicyFetched(core_->client());
+  // have if the backend is ready.
+  if (loaded_initial_policy_)
+    OnPolicyFetched(core_->client());
 }
 
 void ComponentCloudPolicyService::OnCoreDisconnecting(CloudPolicyCore* core) {
   DCHECK(CalledOnValidThread());
   DCHECK_EQ(core_, core);
 
   core_->client()->RemoveObserver(this);
 
   // Remove all the namespaces from the client.
   core_->client()->RemoveNamespaceToFetch(
@@ skipping 99 matching lines @@
   DCHECK(CalledOnValidThread());
   // Ignored.
 }
 
 void ComponentCloudPolicyService::InitializeIfReady() {
   DCHECK(CalledOnValidThread());
   if (started_loading_initial_policy_ || !schema_registry_->IsReady() ||
       !core_->store()->is_initialized()) {
     return;
   }
+
   // The initial list of components is ready. Initialize the backend now, which
   // will call back to OnBackendInitialized.
   backend_task_runner_->PostTask(FROM_HERE,
                                  base::Bind(&Backend::Init,
                                             base::Unretained(backend_.get()),
                                             schema_registry_->schema_map()));
   started_loading_initial_policy_ = true;
 }
 
 void ComponentCloudPolicyService::OnBackendInitialized(
     scoped_ptr<PolicyBundle> initial_policy) {
   DCHECK(CalledOnValidThread());
   DCHECK(!loaded_initial_policy_);
 
   loaded_initial_policy_ = true;
 
-  // We're now ready to serve the initial policy; notify the policy observers.
-  OnPolicyUpdated(initial_policy.Pass());
-
   // Send the current schema to the backend, in case it has changed while the
   // backend was initializing.
   ReloadSchema();
 
-  // Start observing the core and tracking the state of the client.
-  core_->AddObserver(this);
-
-  if (core_->client())
-    OnCoreConnected(core_);
+  // We're now ready to serve the initial policy; notify the policy observers.
+  OnPolicyUpdated(initial_policy.Pass());
 }
 
 void ComponentCloudPolicyService::ReloadSchema() {
   DCHECK(CalledOnValidThread());
 
   scoped_ptr<PolicyNamespaceList> removed(new PolicyNamespaceList);
   PolicyNamespaceList added;
   const scoped_refptr<SchemaMap>& new_schema_map =
       schema_registry_->schema_map();
   new_schema_map->GetChanges(current_schema_map_, removed.get(), &added);
 
   current_schema_map_ = new_schema_map;
 
-  // Schedule a policy refresh if a new managed component was added.
-  if (core_->client() && !added.empty())
-    core_->RefreshSoon();
-
   // Send the updated SchemaMap and a list of removed components to the
   // backend.
   backend_task_runner_->PostTask(FROM_HERE,
                                  base::Bind(&Backend::OnSchemasUpdated,
                                             base::Unretained(backend_.get()),
                                             current_schema_map_,
                                             base::Passed(&removed)));
+
+  // Have another look at the client if the core is already connected.
+  // The client may have already fetched policy for some component and it was
+  // previously ignored because the component wasn't listed in the schema map.
+  // There's no point in fetching policy from the server again; the server
+  // always pushes all the components it knows about.
+  if (core_->client())
+    OnPolicyFetched(core_->client());
 }
 
 void ComponentCloudPolicyService::OnPolicyUpdated(
     scoped_ptr<PolicyBundle> policy) {
   DCHECK(CalledOnValidThread());
-  policy_.Swap(policy.get());
+
+  // Store the current unfiltered policies.
+  unfiltered_policy_ = policy.Pass();
+
+  // Make a copy in |policy_| and filter it; this is what's passed to the
+  // outside world.
+  policy_.CopyFrom(*unfiltered_policy_);
+  current_schema_map_->FilterBundle(&policy_);
+
   delegate_->OnComponentCloudPolicyUpdated();
 }
 
 }  // namespace policy