| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/files/file_enumerator.h" | 12 #include "base/files/file_enumerator.h" |
| 13 #include "base/files/file_util.h" | 13 #include "base/files/file_util.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/message_loop/message_loop.h" | 15 #include "base/message_loop/message_loop.h" |
| 16 #include "base/message_loop/message_loop_proxy.h" | 16 #include "base/message_loop/message_loop_proxy.h" |
| 17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
| 18 #include "base/sequenced_task_runner.h" | 18 #include "base/sequenced_task_runner.h" |
| 19 #include "base/stl_util.h" | 19 #include "base/stl_util.h" |
| 20 #include "base/strings/string_number_conversions.h" | 20 #include "base/strings/string_number_conversions.h" |
| 21 #include "base/thread_task_runner_handle.h" |
| 22 #include "base/time/default_clock.h" |
| 21 #include "chrome/browser/browser_process.h" | 23 #include "chrome/browser/browser_process.h" |
| 22 #include "chrome/browser/chromeos/policy/device_local_account.h" | 24 #include "chrome/browser/chromeos/policy/device_local_account.h" |
| 23 #include "chrome/browser/chromeos/policy/device_local_account_external_data_serv
ice.h" | 25 #include "chrome/browser/chromeos/policy/device_local_account_external_data_serv
ice.h" |
| 24 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 26 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 25 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 27 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 28 #include "chrome/browser/policy/cloud/cloud_policy_invalidator.h" |
| 26 #include "chrome/common/chrome_content_client.h" | 29 #include "chrome/common/chrome_content_client.h" |
| 27 #include "chromeos/chromeos_paths.h" | 30 #include "chromeos/chromeos_paths.h" |
| 28 #include "chromeos/dbus/session_manager_client.h" | 31 #include "chromeos/dbus/session_manager_client.h" |
| 29 #include "chromeos/settings/cros_settings_names.h" | 32 #include "chromeos/settings/cros_settings_names.h" |
| 30 #include "chromeos/settings/cros_settings_provider.h" | 33 #include "chromeos/settings/cros_settings_provider.h" |
| 31 #include "components/policy/core/browser/browser_policy_connector.h" | 34 #include "components/policy/core/browser/browser_policy_connector.h" |
| 32 #include "components/policy/core/common/cloud/cloud_policy_client.h" | 35 #include "components/policy/core/common/cloud/cloud_policy_client.h" |
| 33 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 36 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 34 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h" | 37 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h" |
| 35 #include "components/policy/core/common/cloud/device_management_service.h" | 38 #include "components/policy/core/common/cloud/device_management_service.h" |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 108 &cache_root_dir)); | 111 &cache_root_dir)); |
| 109 const base::FilePath path = cache_root_dir.Append( | 112 const base::FilePath path = cache_root_dir.Append( |
| 110 GetCacheSubdirectoryForAccountID(account_id_to_delete)); | 113 GetCacheSubdirectoryForAccountID(account_id_to_delete)); |
| 111 if (base::DirectoryExists(path)) | 114 if (base::DirectoryExists(path)) |
| 112 base::DeleteFile(path, true); | 115 base::DeleteFile(path, true); |
| 113 } | 116 } |
| 114 | 117 |
| 115 } // namespace | 118 } // namespace |
| 116 | 119 |
| 117 DeviceLocalAccountPolicyBroker::DeviceLocalAccountPolicyBroker( | 120 DeviceLocalAccountPolicyBroker::DeviceLocalAccountPolicyBroker( |
| 121 AffiliatedInvalidationServiceProvider* invalidation_service_provider, |
| 118 const DeviceLocalAccount& account, | 122 const DeviceLocalAccount& account, |
| 119 const base::FilePath& component_policy_cache_path, | 123 const base::FilePath& component_policy_cache_path, |
| 120 scoped_ptr<DeviceLocalAccountPolicyStore> store, | 124 scoped_ptr<DeviceLocalAccountPolicyStore> store, |
| 121 scoped_refptr<DeviceLocalAccountExternalDataManager> external_data_manager, | 125 scoped_refptr<DeviceLocalAccountExternalDataManager> external_data_manager, |
| 122 const base::Closure& policy_update_callback, | 126 const base::Closure& policy_update_callback, |
| 123 const scoped_refptr<base::SequencedTaskRunner>& task_runner) | 127 const scoped_refptr<base::SequencedTaskRunner>& task_runner) |
| 124 : account_id_(account.account_id), | 128 : invalidation_service_provider_(invalidation_service_provider), |
| 129 account_id_(account.account_id), |
| 125 user_id_(account.user_id), | 130 user_id_(account.user_id), |
| 126 component_policy_cache_path_(component_policy_cache_path), | 131 component_policy_cache_path_(component_policy_cache_path), |
| 127 store_(store.Pass()), | 132 store_(store.Pass()), |
| 128 extension_tracker_(account, store_.get(), &schema_registry_), | 133 extension_tracker_(account, store_.get(), &schema_registry_), |
| 129 external_data_manager_(external_data_manager), | 134 external_data_manager_(external_data_manager), |
| 130 core_(dm_protocol::kChromePublicAccountPolicyType, | 135 core_(dm_protocol::kChromePublicAccountPolicyType, |
| 131 store_->account_id(), | 136 store_->account_id(), |
| 132 store_.get(), | 137 store_.get(), |
| 133 task_runner), | 138 task_runner), |
| 134 policy_update_callback_(policy_update_callback) { | 139 policy_update_callback_(policy_update_callback), |
| 140 highest_handled_invalidation_version_(0), |
| 141 invalidation_service_(nullptr) { |
| 135 base::FilePath cache_root_dir; | 142 base::FilePath cache_root_dir; |
| 136 CHECK(PathService::Get(chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS, | 143 CHECK(PathService::Get(chromeos::DIR_DEVICE_LOCAL_ACCOUNT_EXTENSIONS, |
| 137 &cache_root_dir)); | 144 &cache_root_dir)); |
| 138 extension_loader_ = new chromeos::DeviceLocalAccountExternalPolicyLoader( | 145 extension_loader_ = new chromeos::DeviceLocalAccountExternalPolicyLoader( |
| 139 store_.get(), | 146 store_.get(), |
| 140 cache_root_dir.Append( | 147 cache_root_dir.Append( |
| 141 GetCacheSubdirectoryForAccountID(account.account_id))); | 148 GetCacheSubdirectoryForAccountID(account.account_id))); |
| 142 store_->AddObserver(this); | 149 store_->AddObserver(this); |
| 143 | 150 |
| 144 // Unblock the |schema_registry_| so that the |component_policy_service_| | 151 // Unblock the |schema_registry_| so that the |component_policy_service_| |
| 145 // starts using it. | 152 // starts using it. |
| 146 schema_registry_.RegisterComponent( | 153 schema_registry_.RegisterComponent( |
| 147 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), | 154 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), |
| 148 g_browser_process->browser_policy_connector()->GetChromeSchema()); | 155 g_browser_process->browser_policy_connector()->GetChromeSchema()); |
| 149 schema_registry_.SetReady(POLICY_DOMAIN_CHROME); | 156 schema_registry_.SetReady(POLICY_DOMAIN_CHROME); |
| 150 schema_registry_.SetReady(POLICY_DOMAIN_EXTENSIONS); | 157 schema_registry_.SetReady(POLICY_DOMAIN_EXTENSIONS); |
| 158 |
| 159 invalidation_service_provider_->RegisterConsumer(this); |
| 151 } | 160 } |
| 152 | 161 |
| 153 DeviceLocalAccountPolicyBroker::~DeviceLocalAccountPolicyBroker() { | 162 DeviceLocalAccountPolicyBroker::~DeviceLocalAccountPolicyBroker() { |
| 163 DestroyInvalidator(); |
| 164 invalidation_service_provider_->UnregisterConsumer(this); |
| 154 store_->RemoveObserver(this); | 165 store_->RemoveObserver(this); |
| 155 external_data_manager_->SetPolicyStore(nullptr); | 166 external_data_manager_->SetPolicyStore(nullptr); |
| 156 external_data_manager_->Disconnect(); | 167 external_data_manager_->Disconnect(); |
| 157 } | 168 } |
| 158 | 169 |
| 159 void DeviceLocalAccountPolicyBroker::Initialize() { | 170 void DeviceLocalAccountPolicyBroker::Initialize() { |
| 160 store_->Load(); | 171 store_->Load(); |
| 161 } | 172 } |
| 162 | 173 |
| 163 void DeviceLocalAccountPolicyBroker::ConnectIfPossible( | 174 void DeviceLocalAccountPolicyBroker::ConnectIfPossible( |
| 164 chromeos::DeviceSettingsService* device_settings_service, | 175 chromeos::DeviceSettingsService* device_settings_service, |
| 165 DeviceManagementService* device_management_service, | 176 DeviceManagementService* device_management_service, |
| 166 scoped_refptr<net::URLRequestContextGetter> request_context) { | 177 scoped_refptr<net::URLRequestContextGetter> request_context) { |
| 167 if (core_.client()) | 178 if (IsConnected()) |
| 168 return; | 179 return; |
| 169 | 180 |
| 170 scoped_ptr<CloudPolicyClient> client(CreateClient(device_settings_service, | 181 scoped_ptr<CloudPolicyClient> client(CreateClient(device_settings_service, |
| 171 device_management_service, | 182 device_management_service, |
| 172 request_context)); | 183 request_context)); |
| 173 if (!client) | 184 if (!client) |
| 174 return; | 185 return; |
| 175 | 186 |
| 176 CreateComponentCloudPolicyService(request_context, client.get()); | 187 CreateComponentCloudPolicyService(request_context, client.get()); |
| 177 core_.Connect(client.Pass()); | 188 core_.Connect(client.Pass()); |
| 178 external_data_manager_->Connect(request_context); | 189 external_data_manager_->Connect(request_context); |
| 179 core_.StartRefreshScheduler(); | 190 core_.StartRefreshScheduler(); |
| 180 UpdateRefreshDelay(); | 191 UpdateRefreshDelay(); |
| 192 CreateInvalidatorIfPossible(); |
| 181 } | 193 } |
| 182 | 194 |
| 183 void DeviceLocalAccountPolicyBroker::UpdateRefreshDelay() { | 195 void DeviceLocalAccountPolicyBroker::UpdateRefreshDelay() { |
| 184 if (core_.refresh_scheduler()) { | 196 if (core_.refresh_scheduler()) { |
| 185 const base::Value* policy_value = | 197 const base::Value* policy_value = |
| 186 store_->policy_map().GetValue(key::kPolicyRefreshRate); | 198 store_->policy_map().GetValue(key::kPolicyRefreshRate); |
| 187 int delay = 0; | 199 int delay = 0; |
| 188 if (policy_value && policy_value->GetAsInteger(&delay)) | 200 if (policy_value && policy_value->GetAsInteger(&delay)) |
| 189 core_.refresh_scheduler()->SetRefreshDelay(delay); | 201 core_.refresh_scheduler()->SetRefreshDelay(delay); |
| 190 } | 202 } |
| (...skipping 14 matching lines...) Expand all Loading... |
| 205 } | 217 } |
| 206 | 218 |
| 207 void DeviceLocalAccountPolicyBroker::OnStoreError(CloudPolicyStore* store) { | 219 void DeviceLocalAccountPolicyBroker::OnStoreError(CloudPolicyStore* store) { |
| 208 policy_update_callback_.Run(); | 220 policy_update_callback_.Run(); |
| 209 } | 221 } |
| 210 | 222 |
| 211 void DeviceLocalAccountPolicyBroker::OnComponentCloudPolicyUpdated() { | 223 void DeviceLocalAccountPolicyBroker::OnComponentCloudPolicyUpdated() { |
| 212 policy_update_callback_.Run(); | 224 policy_update_callback_.Run(); |
| 213 } | 225 } |
| 214 | 226 |
| 227 void DeviceLocalAccountPolicyBroker::OnInvalidationServiceSet( |
| 228 invalidation::InvalidationService* invalidation_service) { |
| 229 DestroyInvalidator(); |
| 230 |
| 231 invalidation_service_ = invalidation_service; |
| 232 if (invalidation_service_) |
| 233 CreateInvalidatorIfPossible(); |
| 234 } |
| 235 |
| 236 CloudPolicyInvalidator* |
| 237 DeviceLocalAccountPolicyBroker::GetInvalidatorForTest() const { |
| 238 return invalidator_.get(); |
| 239 } |
| 240 |
| 241 bool DeviceLocalAccountPolicyBroker::IsConnected() { |
| 242 return core_.client(); |
| 243 } |
| 244 |
| 215 void DeviceLocalAccountPolicyBroker::CreateComponentCloudPolicyService( | 245 void DeviceLocalAccountPolicyBroker::CreateComponentCloudPolicyService( |
| 216 const scoped_refptr<net::URLRequestContextGetter>& request_context, | 246 const scoped_refptr<net::URLRequestContextGetter>& request_context, |
| 217 CloudPolicyClient* client) { | 247 CloudPolicyClient* client) { |
| 218 if (base::CommandLine::ForCurrentProcess()->HasSwitch( | 248 if (base::CommandLine::ForCurrentProcess()->HasSwitch( |
| 219 switches::kDisableComponentCloudPolicy)) { | 249 switches::kDisableComponentCloudPolicy)) { |
| 220 // Disabled via the command line. | 250 // Disabled via the command line. |
| 221 return; | 251 return; |
| 222 } | 252 } |
| 223 | 253 |
| 224 scoped_ptr<ResourceCache> resource_cache( | 254 scoped_ptr<ResourceCache> resource_cache( |
| 225 new ResourceCache(component_policy_cache_path_, | 255 new ResourceCache(component_policy_cache_path_, |
| 226 content::BrowserThread::GetMessageLoopProxyForThread( | 256 content::BrowserThread::GetMessageLoopProxyForThread( |
| 227 content::BrowserThread::FILE))); | 257 content::BrowserThread::FILE))); |
| 228 | 258 |
| 229 component_policy_service_.reset(new ComponentCloudPolicyService( | 259 component_policy_service_.reset(new ComponentCloudPolicyService( |
| 230 this, | 260 this, |
| 231 &schema_registry_, | 261 &schema_registry_, |
| 232 core(), | 262 core(), |
| 233 client, | 263 client, |
| 234 resource_cache.Pass(), | 264 resource_cache.Pass(), |
| 235 request_context, | 265 request_context, |
| 236 content::BrowserThread::GetMessageLoopProxyForThread( | 266 content::BrowserThread::GetMessageLoopProxyForThread( |
| 237 content::BrowserThread::FILE), | 267 content::BrowserThread::FILE), |
| 238 content::BrowserThread::GetMessageLoopProxyForThread( | 268 content::BrowserThread::GetMessageLoopProxyForThread( |
| 239 content::BrowserThread::IO))); | 269 content::BrowserThread::IO))); |
| 240 } | 270 } |
| 241 | 271 |
| 272 void DeviceLocalAccountPolicyBroker::CreateInvalidatorIfPossible() { |
| 273 DCHECK(!invalidator_); |
| 274 |
| 275 if (!invalidation_service_ || !IsConnected()) |
| 276 return; |
| 277 |
| 278 invalidator_.reset(new CloudPolicyInvalidator( |
| 279 enterprise_management::DeviceRegisterRequest::USER, |
| 280 core(), |
| 281 base::ThreadTaskRunnerHandle::Get(), |
| 282 make_scoped_ptr(new base::DefaultClock), |
| 283 highest_handled_invalidation_version_)); |
| 284 invalidator_->Initialize(invalidation_service_); |
| 285 } |
| 286 |
| 287 void DeviceLocalAccountPolicyBroker::DestroyInvalidator() { |
| 288 if (!invalidator_) |
| 289 return; |
| 290 |
| 291 highest_handled_invalidation_version_ = |
| 292 invalidator_->highest_handled_invalidation_version(); |
| 293 invalidator_->Shutdown(); |
| 294 invalidator_.reset(); |
| 295 } |
| 296 |
| 242 DeviceLocalAccountPolicyService::DeviceLocalAccountPolicyService( | 297 DeviceLocalAccountPolicyService::DeviceLocalAccountPolicyService( |
| 243 chromeos::SessionManagerClient* session_manager_client, | 298 chromeos::SessionManagerClient* session_manager_client, |
| 244 chromeos::DeviceSettingsService* device_settings_service, | 299 chromeos::DeviceSettingsService* device_settings_service, |
| 245 chromeos::CrosSettings* cros_settings, | 300 chromeos::CrosSettings* cros_settings, |
| 301 AffiliatedInvalidationServiceProvider* invalidation_service_provider, |
| 246 scoped_refptr<base::SequencedTaskRunner> store_background_task_runner, | 302 scoped_refptr<base::SequencedTaskRunner> store_background_task_runner, |
| 247 scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner, | 303 scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner, |
| 248 scoped_refptr<base::SequencedTaskRunner> | 304 scoped_refptr<base::SequencedTaskRunner> |
| 249 external_data_service_backend_task_runner, | 305 external_data_service_backend_task_runner, |
| 250 scoped_refptr<base::SequencedTaskRunner> io_task_runner, | 306 scoped_refptr<base::SequencedTaskRunner> io_task_runner, |
| 251 scoped_refptr<net::URLRequestContextGetter> request_context) | 307 scoped_refptr<net::URLRequestContextGetter> request_context) |
| 252 : session_manager_client_(session_manager_client), | 308 : session_manager_client_(session_manager_client), |
| 253 device_settings_service_(device_settings_service), | 309 device_settings_service_(device_settings_service), |
| 254 cros_settings_(cros_settings), | 310 cros_settings_(cros_settings), |
| 311 invalidation_service_provider_(invalidation_service_provider), |
| 255 device_management_service_(nullptr), | 312 device_management_service_(nullptr), |
| 256 waiting_for_cros_settings_(false), | 313 waiting_for_cros_settings_(false), |
| 257 orphan_extension_cache_deletion_state_(NOT_STARTED), | 314 orphan_extension_cache_deletion_state_(NOT_STARTED), |
| 258 store_background_task_runner_(store_background_task_runner), | 315 store_background_task_runner_(store_background_task_runner), |
| 259 extension_cache_task_runner_(extension_cache_task_runner), | 316 extension_cache_task_runner_(extension_cache_task_runner), |
| 260 request_context_(request_context), | 317 request_context_(request_context), |
| 261 local_accounts_subscription_(cros_settings_->AddSettingsObserver( | 318 local_accounts_subscription_(cros_settings_->AddSettingsObserver( |
| 262 chromeos::kAccountsPrefDeviceLocalAccounts, | 319 chromeos::kAccountsPrefDeviceLocalAccounts, |
| 263 base::Bind(&DeviceLocalAccountPolicyService:: | 320 base::Bind(&DeviceLocalAccountPolicyService:: |
| 264 UpdateAccountListIfNonePending, | 321 UpdateAccountListIfNonePending, |
| (...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 447 scoped_ptr<DeviceLocalAccountPolicyStore> store( | 504 scoped_ptr<DeviceLocalAccountPolicyStore> store( |
| 448 new DeviceLocalAccountPolicyStore(it->account_id, | 505 new DeviceLocalAccountPolicyStore(it->account_id, |
| 449 session_manager_client_, | 506 session_manager_client_, |
| 450 device_settings_service_, | 507 device_settings_service_, |
| 451 store_background_task_runner_)); | 508 store_background_task_runner_)); |
| 452 scoped_refptr<DeviceLocalAccountExternalDataManager> | 509 scoped_refptr<DeviceLocalAccountExternalDataManager> |
| 453 external_data_manager = | 510 external_data_manager = |
| 454 external_data_service_->GetExternalDataManager(it->account_id, | 511 external_data_service_->GetExternalDataManager(it->account_id, |
| 455 store.get()); | 512 store.get()); |
| 456 broker.reset(new DeviceLocalAccountPolicyBroker( | 513 broker.reset(new DeviceLocalAccountPolicyBroker( |
| 514 invalidation_service_provider_, |
| 457 *it, | 515 *it, |
| 458 component_policy_cache_root_.Append( | 516 component_policy_cache_root_.Append( |
| 459 GetCacheSubdirectoryForAccountID(it->account_id)), | 517 GetCacheSubdirectoryForAccountID(it->account_id)), |
| 460 store.Pass(), | 518 store.Pass(), |
| 461 external_data_manager, | 519 external_data_manager, |
| 462 base::Bind(&DeviceLocalAccountPolicyService::NotifyPolicyUpdated, | 520 base::Bind(&DeviceLocalAccountPolicyService::NotifyPolicyUpdated, |
| 463 base::Unretained(this), | 521 base::Unretained(this), |
| 464 it->user_id), | 522 it->user_id), |
| 465 base::MessageLoopProxy::current())); | 523 base::MessageLoopProxy::current())); |
| 466 } | 524 } |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 560 } | 618 } |
| 561 return nullptr; | 619 return nullptr; |
| 562 } | 620 } |
| 563 | 621 |
| 564 void DeviceLocalAccountPolicyService::NotifyPolicyUpdated( | 622 void DeviceLocalAccountPolicyService::NotifyPolicyUpdated( |
| 565 const std::string& user_id) { | 623 const std::string& user_id) { |
| 566 FOR_EACH_OBSERVER(Observer, observers_, OnPolicyUpdated(user_id)); | 624 FOR_EACH_OBSERVER(Observer, observers_, OnPolicyUpdated(user_id)); |
| 567 } | 625 } |
| 568 | 626 |
| 569 } // namespace policy | 627 } // namespace policy |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 822523003:
Implement device-local account policy pushing (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@f_2_442800_switch_device_cloud_policy_invalidator