OLD | NEW |
1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef LOGIN_MANAGER_DEVICE_POLICY_H_ | 5 #ifndef LOGIN_MANAGER_DEVICE_POLICY_H_ |
6 #define LOGIN_MANAGER_DEVICE_POLICY_H_ | 6 #define LOGIN_MANAGER_DEVICE_POLICY_H_ |
7 | 7 |
| 8 #include <glib.h> |
8 #include <string> | 9 #include <string> |
9 | 10 |
10 #include <base/basictypes.h> | 11 #include <base/basictypes.h> |
11 #include <base/file_path.h> | 12 #include <base/file_path.h> |
12 | 13 |
13 #include "login_manager/bindings/device_management_backend.pb.h" | 14 #include "login_manager/bindings/device_management_backend.pb.h" |
14 | 15 |
15 namespace login_manager { | 16 namespace login_manager { |
| 17 class OwnerKey; |
16 | 18 |
17 // This class holds device settings that are to be enforced across all users. | 19 // This class holds device settings that are to be enforced across all users. |
18 // | 20 // |
19 // If there is a policy on disk at creation time, we will load it | 21 // If there is a policy on disk at creation time, we will load it |
20 // along with its signature. A new policy and its attendant signature can | 22 // along with its signature. A new policy and its attendant signature can |
21 // be set at any time and persisted to disk on-demand. | 23 // be set at any time and persisted to disk on-demand. |
22 // | 24 // |
23 // THIS CLASS DOES NO SIGNATURE VALIDATION. | 25 // THIS CLASS DOES NO SIGNATURE VALIDATION. |
24 class DevicePolicy { | 26 class DevicePolicy { |
25 public: | 27 public: |
26 explicit DevicePolicy(const FilePath& policy_path); | 28 explicit DevicePolicy(const FilePath& policy_path); |
27 virtual ~DevicePolicy(); | 29 virtual ~DevicePolicy(); |
28 | 30 |
29 // Load the signed policy off of disk into |policy_|. | 31 // Load the signed policy off of disk into |policy_|. |
30 // Returns true unless there is a policy on disk and loading it fails. | 32 // Returns true unless there is a policy on disk and loading it fails. |
31 virtual bool LoadOrCreate(); | 33 virtual bool LoadOrCreate(); |
32 | 34 |
33 virtual bool Get(std::string* output) const; | 35 virtual const enterprise_management::PolicyFetchResponse& Get() const; |
34 | 36 |
35 // Persist |policy_| to disk at |policy_file_| | 37 // Persist |policy_| to disk at |policy_file_| |
36 // Returns false if there's an error while writing data. | 38 // Returns false if there's an error while writing data. |
37 virtual bool Persist(); | 39 virtual bool Persist(); |
38 | 40 |
| 41 virtual bool SerializeToString(std::string* output) const; |
| 42 |
39 // Clobber the stored policy with new data. | 43 // Clobber the stored policy with new data. |
40 virtual void Set(const enterprise_management::PolicyFetchResponse& policy); | 44 virtual void Set(const enterprise_management::PolicyFetchResponse& policy); |
41 | 45 |
| 46 // Assuming the current user has access to the owner private key |
| 47 // (read: is the owner), this call whitelists |current_user_| and sets a |
| 48 // property indicating |current_user_| is the owner in the current policy |
| 49 // and schedules a PersistPolicy(). |
| 50 // Returns false on failure, with |error| set appropriately. |
| 51 // |error| can be NULL, should you wish to ignore the particulars. |
| 52 bool StoreOwnerProperties(OwnerKey* key, |
| 53 const std::string& current_user, |
| 54 GError** error); |
| 55 |
42 static const char kDefaultPath[]; | 56 static const char kDefaultPath[]; |
| 57 // Format of this string is documented in device_management_backend.proto. |
| 58 static const char kDevicePolicyType[]; |
43 | 59 |
44 private: | 60 private: |
45 enterprise_management::PolicyFetchResponse policy_; | 61 enterprise_management::PolicyFetchResponse policy_; |
46 const FilePath policy_path_; | 62 const FilePath policy_path_; |
47 | 63 |
48 DISALLOW_COPY_AND_ASSIGN(DevicePolicy); | 64 DISALLOW_COPY_AND_ASSIGN(DevicePolicy); |
49 }; | 65 }; |
50 } // namespace login_manager | 66 } // namespace login_manager |
51 | 67 |
52 #endif // LOGIN_MANAGER_DEVICE_POLICY_H_ | 68 #endif // LOGIN_MANAGER_DEVICE_POLICY_H_ |
OLD | NEW |