Chromium Code Reviews Chromium Code Reviews
Issue 822523003:
Implement device-local account policy pushing (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@f_2_442800_switch_device_cloud_policy_invalidator| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" | 5 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| 11 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/files/file_enumerator.h" | 12 #include "base/files/file_enumerator.h" |
| 13 #include "base/files/file_util.h" | 13 #include "base/files/file_util.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "base/message_loop/message_loop.h" | 15 #include "base/message_loop/message_loop.h" |
| 16 #include "base/message_loop/message_loop_proxy.h" | 16 #include "base/message_loop/message_loop_proxy.h" |
| 17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
| 18 #include "base/sequenced_task_runner.h" | 18 #include "base/sequenced_task_runner.h" |
| 19 #include "base/stl_util.h" | 19 #include "base/stl_util.h" |
| 20 #include "base/strings/string_number_conversions.h" | 20 #include "base/strings/string_number_conversions.h" |
| 21 #include "base/thread_task_runner_handle.h" | |
| 21 #include "chrome/browser/browser_process.h" | 22 #include "chrome/browser/browser_process.h" |
| 23 #include "chrome/browser/chromeos/policy/affiliated_cloud_policy_invalidator.h" | |
| 24 #include "chrome/browser/chromeos/policy/affiliated_invalidation_service_provide r.h" | |
|
pneubeck (no reviews)
2015/02/04 10:02:14
shouldn't be required as you're not actually acces
bartfab (slow)
2015/02/04 12:34:51
Done.
| |
| 22 #include "chrome/browser/chromeos/policy/device_local_account.h" | 25 #include "chrome/browser/chromeos/policy/device_local_account.h" |
| 23 #include "chrome/browser/chromeos/policy/device_local_account_external_data_serv ice.h" | 26 #include "chrome/browser/chromeos/policy/device_local_account_external_data_serv ice.h" |
| 24 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" | 27 #include "chrome/browser/chromeos/policy/device_local_account_policy_store.h" |
| 25 #include "chrome/browser/chromeos/settings/device_settings_service.h" | 28 #include "chrome/browser/chromeos/settings/device_settings_service.h" |
| 26 #include "chrome/common/chrome_content_client.h" | 29 #include "chrome/common/chrome_content_client.h" |
| 27 #include "chromeos/chromeos_paths.h" | 30 #include "chromeos/chromeos_paths.h" |
| 28 #include "chromeos/dbus/session_manager_client.h" | 31 #include "chromeos/dbus/session_manager_client.h" |
| 29 #include "chromeos/settings/cros_settings_names.h" | 32 #include "chromeos/settings/cros_settings_names.h" |
| 30 #include "chromeos/settings/cros_settings_provider.h" | 33 #include "chromeos/settings/cros_settings_provider.h" |
| 31 #include "components/policy/core/browser/browser_policy_connector.h" | 34 #include "components/policy/core/browser/browser_policy_connector.h" |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 113 } | 116 } |
| 114 | 117 |
| 115 } // namespace | 118 } // namespace |
| 116 | 119 |
| 117 DeviceLocalAccountPolicyBroker::DeviceLocalAccountPolicyBroker( | 120 DeviceLocalAccountPolicyBroker::DeviceLocalAccountPolicyBroker( |
| 118 const DeviceLocalAccount& account, | 121 const DeviceLocalAccount& account, |
| 119 const base::FilePath& component_policy_cache_path, | 122 const base::FilePath& component_policy_cache_path, |
| 120 scoped_ptr<DeviceLocalAccountPolicyStore> store, | 123 scoped_ptr<DeviceLocalAccountPolicyStore> store, |
| 121 scoped_refptr<DeviceLocalAccountExternalDataManager> external_data_manager, | 124 scoped_refptr<DeviceLocalAccountExternalDataManager> external_data_manager, |
| 122 const base::Closure& policy_update_callback, | 125 const base::Closure& policy_update_callback, |
| 123 const scoped_refptr<base::SequencedTaskRunner>& task_runner) | 126 const scoped_refptr<base::SequencedTaskRunner>& task_runner, |
| 124 : account_id_(account.account_id), | 127 AffiliatedInvalidationServiceProvider* invalidation_service_provider) |
| 128 : invalidation_service_provider_(invalidation_service_provider), | |
| 129 account_id_(account.account_id), | |
| 125 user_id_(account.user_id), | 130 user_id_(account.user_id), |
| 126 component_policy_cache_path_(component_policy_cache_path), | 131 component_policy_cache_path_(component_policy_cache_path), |
| 127 store_(store.Pass()), | 132 store_(store.Pass()), |
| 128 extension_tracker_(account, store_.get(), &schema_registry_), | 133 extension_tracker_(account, store_.get(), &schema_registry_), |
| 129 external_data_manager_(external_data_manager), | 134 external_data_manager_(external_data_manager), |
| 130 core_(dm_protocol::kChromePublicAccountPolicyType, | 135 core_(dm_protocol::kChromePublicAccountPolicyType, |
| 131 store_->account_id(), | 136 store_->account_id(), |
| 132 store_.get(), | 137 store_.get(), |
| 133 task_runner), | 138 task_runner), |
| 134 policy_update_callback_(policy_update_callback) { | 139 policy_update_callback_(policy_update_callback) { |
| (...skipping 18 matching lines...) Expand all Loading... | |
| 153 DeviceLocalAccountPolicyBroker::~DeviceLocalAccountPolicyBroker() { | 158 DeviceLocalAccountPolicyBroker::~DeviceLocalAccountPolicyBroker() { |
| 154 store_->RemoveObserver(this); | 159 store_->RemoveObserver(this); |
| 155 external_data_manager_->SetPolicyStore(nullptr); | 160 external_data_manager_->SetPolicyStore(nullptr); |
| 156 external_data_manager_->Disconnect(); | 161 external_data_manager_->Disconnect(); |
| 157 } | 162 } |
| 158 | 163 |
| 159 void DeviceLocalAccountPolicyBroker::Initialize() { | 164 void DeviceLocalAccountPolicyBroker::Initialize() { |
| 160 store_->Load(); | 165 store_->Load(); |
| 161 } | 166 } |
| 162 | 167 |
| 168 bool DeviceLocalAccountPolicyBroker::HasInvalidatorForTest() const { | |
| 169 return invalidator_; | |
| 170 } | |
| 171 | |
| 163 void DeviceLocalAccountPolicyBroker::ConnectIfPossible( | 172 void DeviceLocalAccountPolicyBroker::ConnectIfPossible( |
| 164 chromeos::DeviceSettingsService* device_settings_service, | 173 chromeos::DeviceSettingsService* device_settings_service, |
| 165 DeviceManagementService* device_management_service, | 174 DeviceManagementService* device_management_service, |
| 166 scoped_refptr<net::URLRequestContextGetter> request_context) { | 175 scoped_refptr<net::URLRequestContextGetter> request_context) { |
| 167 if (core_.client()) | 176 if (core_.client()) |
| 168 return; | 177 return; |
| 169 | 178 |
| 170 scoped_ptr<CloudPolicyClient> client(CreateClient(device_settings_service, | 179 scoped_ptr<CloudPolicyClient> client(CreateClient(device_settings_service, |
| 171 device_management_service, | 180 device_management_service, |
| 172 request_context)); | 181 request_context)); |
| 173 if (!client) | 182 if (!client) |
| 174 return; | 183 return; |
| 175 | 184 |
| 176 CreateComponentCloudPolicyService(request_context, client.get()); | 185 CreateComponentCloudPolicyService(request_context, client.get()); |
| 177 core_.Connect(client.Pass()); | 186 core_.Connect(client.Pass()); |
| 178 external_data_manager_->Connect(request_context); | 187 external_data_manager_->Connect(request_context); |
| 179 core_.StartRefreshScheduler(); | 188 core_.StartRefreshScheduler(); |
| 180 UpdateRefreshDelay(); | 189 UpdateRefreshDelay(); |
| 190 invalidator_.reset(new AffiliatedCloudPolicyInvalidator( | |
| 191 em::DeviceRegisterRequest::DEVICE, | |
| 192 &core_, | |
| 193 invalidation_service_provider_)); | |
| 181 } | 194 } |
| 182 | 195 |
| 183 void DeviceLocalAccountPolicyBroker::UpdateRefreshDelay() { | 196 void DeviceLocalAccountPolicyBroker::UpdateRefreshDelay() { |
| 184 if (core_.refresh_scheduler()) { | 197 if (core_.refresh_scheduler()) { |
| 185 const base::Value* policy_value = | 198 const base::Value* policy_value = |
| 186 store_->policy_map().GetValue(key::kPolicyRefreshRate); | 199 store_->policy_map().GetValue(key::kPolicyRefreshRate); |
| 187 int delay = 0; | 200 int delay = 0; |
| 188 if (policy_value && policy_value->GetAsInteger(&delay)) | 201 if (policy_value && policy_value->GetAsInteger(&delay)) |
| 189 core_.refresh_scheduler()->SetRefreshDelay(delay); | 202 core_.refresh_scheduler()->SetRefreshDelay(delay); |
| 190 } | 203 } |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 236 content::BrowserThread::GetMessageLoopProxyForThread( | 249 content::BrowserThread::GetMessageLoopProxyForThread( |
| 237 content::BrowserThread::FILE), | 250 content::BrowserThread::FILE), |
| 238 content::BrowserThread::GetMessageLoopProxyForThread( | 251 content::BrowserThread::GetMessageLoopProxyForThread( |
| 239 content::BrowserThread::IO))); | 252 content::BrowserThread::IO))); |
| 240 } | 253 } |
| 241 | 254 |
| 242 DeviceLocalAccountPolicyService::DeviceLocalAccountPolicyService( | 255 DeviceLocalAccountPolicyService::DeviceLocalAccountPolicyService( |
| 243 chromeos::SessionManagerClient* session_manager_client, | 256 chromeos::SessionManagerClient* session_manager_client, |
| 244 chromeos::DeviceSettingsService* device_settings_service, | 257 chromeos::DeviceSettingsService* device_settings_service, |
| 245 chromeos::CrosSettings* cros_settings, | 258 chromeos::CrosSettings* cros_settings, |
| 259 AffiliatedInvalidationServiceProvider* invalidation_service_provider, | |
| 246 scoped_refptr<base::SequencedTaskRunner> store_background_task_runner, | 260 scoped_refptr<base::SequencedTaskRunner> store_background_task_runner, |
| 247 scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner, | 261 scoped_refptr<base::SequencedTaskRunner> extension_cache_task_runner, |
| 248 scoped_refptr<base::SequencedTaskRunner> | 262 scoped_refptr<base::SequencedTaskRunner> |
| 249 external_data_service_backend_task_runner, | 263 external_data_service_backend_task_runner, |
| 250 scoped_refptr<base::SequencedTaskRunner> io_task_runner, | 264 scoped_refptr<base::SequencedTaskRunner> io_task_runner, |
| 251 scoped_refptr<net::URLRequestContextGetter> request_context) | 265 scoped_refptr<net::URLRequestContextGetter> request_context) |
| 252 : session_manager_client_(session_manager_client), | 266 : session_manager_client_(session_manager_client), |
| 253 device_settings_service_(device_settings_service), | 267 device_settings_service_(device_settings_service), |
| 254 cros_settings_(cros_settings), | 268 cros_settings_(cros_settings), |
| 269 invalidation_service_provider_(invalidation_service_provider), | |
| 255 device_management_service_(nullptr), | 270 device_management_service_(nullptr), |
| 256 waiting_for_cros_settings_(false), | 271 waiting_for_cros_settings_(false), |
| 257 orphan_extension_cache_deletion_state_(NOT_STARTED), | 272 orphan_extension_cache_deletion_state_(NOT_STARTED), |
| 258 store_background_task_runner_(store_background_task_runner), | 273 store_background_task_runner_(store_background_task_runner), |
| 259 extension_cache_task_runner_(extension_cache_task_runner), | 274 extension_cache_task_runner_(extension_cache_task_runner), |
| 260 request_context_(request_context), | 275 request_context_(request_context), |
| 261 local_accounts_subscription_(cros_settings_->AddSettingsObserver( | 276 local_accounts_subscription_(cros_settings_->AddSettingsObserver( |
| 262 chromeos::kAccountsPrefDeviceLocalAccounts, | 277 chromeos::kAccountsPrefDeviceLocalAccounts, |
| 263 base::Bind(&DeviceLocalAccountPolicyService:: | 278 base::Bind(&DeviceLocalAccountPolicyService:: |
| 264 UpdateAccountListIfNonePending, | 279 UpdateAccountListIfNonePending, |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 455 store.get()); | 470 store.get()); |
| 456 broker.reset(new DeviceLocalAccountPolicyBroker( | 471 broker.reset(new DeviceLocalAccountPolicyBroker( |
| 457 *it, | 472 *it, |
| 458 component_policy_cache_root_.Append( | 473 component_policy_cache_root_.Append( |
| 459 GetCacheSubdirectoryForAccountID(it->account_id)), | 474 GetCacheSubdirectoryForAccountID(it->account_id)), |
| 460 store.Pass(), | 475 store.Pass(), |
| 461 external_data_manager, | 476 external_data_manager, |
| 462 base::Bind(&DeviceLocalAccountPolicyService::NotifyPolicyUpdated, | 477 base::Bind(&DeviceLocalAccountPolicyService::NotifyPolicyUpdated, |
| 463 base::Unretained(this), | 478 base::Unretained(this), |
| 464 it->user_id), | 479 it->user_id), |
| 465 base::MessageLoopProxy::current())); | 480 base::ThreadTaskRunnerHandle::Get(), |
| 481 invalidation_service_provider_)); | |
| 466 } | 482 } |
| 467 | 483 |
| 468 // Fire up the cloud connection for fetching policy for the account from | 484 // Fire up the cloud connection for fetching policy for the account from |
| 469 // the cloud if this is an enterprise-managed device. | 485 // the cloud if this is an enterprise-managed device. |
| 470 broker->ConnectIfPossible(device_settings_service_, | 486 broker->ConnectIfPossible(device_settings_service_, |
| 471 device_management_service_, | 487 device_management_service_, |
| 472 request_context_); | 488 request_context_); |
| 473 | 489 |
| 474 policy_brokers_[it->user_id] = broker.release(); | 490 policy_brokers_[it->user_id] = broker.release(); |
| 475 if (!broker_initialized) { | 491 if (!broker_initialized) { |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 560 } | 576 } |
| 561 return nullptr; | 577 return nullptr; |
| 562 } | 578 } |
| 563 | 579 |
| 564 void DeviceLocalAccountPolicyService::NotifyPolicyUpdated( | 580 void DeviceLocalAccountPolicyService::NotifyPolicyUpdated( |
| 565 const std::string& user_id) { | 581 const std::string& user_id) { |
| 566 FOR_EACH_OBSERVER(Observer, observers_, OnPolicyUpdated(user_id)); | 582 FOR_EACH_OBSERVER(Observer, observers_, OnPolicyUpdated(user_id)); |
| 567 } | 583 } |
| 568 | 584 |
| 569 } // namespace policy | 585 } // namespace policy |
| OLD | NEW |
