OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "base/files/file_path.h" | |
6 #include "base/single_thread_task_runner.h" | |
7 #include "components/policy/core/common/async_policy_loader.h" | |
8 #include "components/policy/core/common/async_policy_provider.h" | |
9 #include "components/policy/core/common/policy_namespace.h" | |
10 #include "components/policy/core/common/policy_service.h" | |
11 #include "components/policy/core/common/policy_service_impl.h" | |
12 #include "components/policy/core/common/schema.h" | |
13 #include "components/policy/core/common/schema_registry.h" | |
14 #include "policy/policy_constants.h" | |
15 #include "remoting/host/policy_hack/policy_watcher.h" | |
16 | |
17 #if defined(OS_CHROMEOS) | |
18 #include "content/public/browser/browser_thread.h" | |
19 #elif defined(OS_WIN) | |
20 #include "components/policy/core/common/policy_loader_win.h" | |
21 #elif defined(OS_MACOSX) | |
22 #include "components/policy/core/common/policy_loader_mac.h" | |
23 #include "components/policy/core/common/preferences_mac.h" | |
24 #elif defined(OS_POSIX) && !defined(OS_ANDROID) | |
25 #include "components/policy/core/common/config_dir_policy_loader.h" | |
26 #endif | |
27 | |
28 using namespace policy; | |
29 | |
30 namespace remoting { | |
31 namespace policy_hack { | |
32 | |
33 bool GetManagedPrefsDir(base::FilePath* result); | |
34 | |
35 namespace { | |
36 | |
37 // PolicyServiceWatcher is a concrete implementation of PolicyWatcher that wraps | |
38 // an instance of PolicyService. | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:11
Given that this is now the only implementation of
Łukasz Anforowicz
2015/01/07 17:54:14
I am not sure if I fully understand (my C++ is rus
Mattias Nissler (ping if slow)
2015/01/08 09:58:36
That is what I meant.
| |
39 class PolicyServiceWatcher : public PolicyWatcher, | |
40 public PolicyService::Observer { | |
41 public: | |
42 // Constructor for the case when |policy_service| is borrowed. | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:12
It'd be nice to document what |task_runner| is use
Łukasz Anforowicz
2015/01/07 17:54:14
Good point.
I tried adding comments to construc
| |
43 PolicyServiceWatcher( | |
44 const scoped_refptr<base::SingleThreadTaskRunner>& task_runner, | |
45 PolicyService* policy_service); | |
46 | |
47 // Constructor for the case when |policy_service| is owned. | |
48 PolicyServiceWatcher( | |
49 const scoped_refptr<base::SingleThreadTaskRunner>& task_runner, | |
50 scoped_ptr<PolicyService> owned_policy_service, | |
51 scoped_ptr<ConfigurationPolicyProvider> owned_policy_provider, | |
52 scoped_ptr<SchemaRegistry> owned_schema_registry); | |
53 | |
54 ~PolicyServiceWatcher() override; | |
55 | |
56 // PolicyService::Observer interface. | |
57 void OnPolicyUpdated(const PolicyNamespace& ns, | |
58 const PolicyMap& previous, | |
59 const PolicyMap& current) override; | |
60 | |
61 static PolicyNamespace GetPolicyNamespace() { | |
62 return PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()); | |
63 } | |
64 | |
65 protected: | |
66 // PolicyWatcher interface. | |
67 void Reload() override; | |
68 void StartWatchingInternal() override; | |
69 void StopWatchingInternal() override; | |
70 | |
71 private: | |
72 PolicyService* policy_service_; | |
73 | |
74 // Order of fields below is important to ensure destruction takes object | |
75 // dependencies into account: | |
76 // - |owned_policy_service_| uses |owned_policy_provider_| | |
77 // - |owned_policy_provider_| uses |owned_schema_registry_| | |
78 scoped_ptr<SchemaRegistry> owned_schema_registry_; | |
79 scoped_ptr<ConfigurationPolicyProvider> owned_policy_provider_; | |
80 scoped_ptr<PolicyService> owned_policy_service_; | |
81 | |
82 DISALLOW_COPY_AND_ASSIGN(PolicyServiceWatcher); | |
83 }; | |
84 | |
85 PolicyServiceWatcher::PolicyServiceWatcher( | |
86 const scoped_refptr<base::SingleThreadTaskRunner>& task_runner, | |
87 PolicyService* policy_service) | |
88 : PolicyWatcher(task_runner) { | |
89 policy_service_ = policy_service; | |
90 } | |
91 | |
92 PolicyServiceWatcher::PolicyServiceWatcher( | |
93 const scoped_refptr<base::SingleThreadTaskRunner>& task_runner, | |
94 scoped_ptr<PolicyService> owned_policy_service, | |
95 scoped_ptr<ConfigurationPolicyProvider> owned_policy_provider, | |
96 scoped_ptr<SchemaRegistry> owned_schema_registry) | |
97 : PolicyWatcher(task_runner), | |
98 owned_schema_registry_(owned_schema_registry.Pass()), | |
99 owned_policy_provider_(owned_policy_provider.Pass()), | |
100 owned_policy_service_(owned_policy_service.Pass()) { | |
101 policy_service_ = owned_policy_service_.get(); | |
102 } | |
103 | |
104 PolicyServiceWatcher::~PolicyServiceWatcher() { | |
105 if (owned_policy_provider_) { | |
106 owned_policy_provider_->Shutdown(); | |
107 } | |
108 } | |
109 | |
110 void PolicyServiceWatcher::OnPolicyUpdated(const PolicyNamespace& ns, | |
111 const PolicyMap& previous, | |
112 const PolicyMap& current) { | |
113 scoped_ptr<base::DictionaryValue> policy_dict(new base::DictionaryValue()); | |
114 for (PolicyMap::const_iterator it = current.begin(); it != current.end(); | |
115 it++) { | |
116 // TODO(lukasza): Use policy::Schema::Normalize for schema verification. | |
117 policy_dict->Set(it->first, it->second.value->DeepCopy()); | |
118 } | |
119 UpdatePolicies(policy_dict.get()); | |
120 } | |
121 | |
122 void PolicyServiceWatcher::Reload() { | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:12
What are the desired semantics for Reload()? This
Łukasz Anforowicz
2015/01/07 17:54:14
Presence of Reload method is an artifact from the
Mattias Nissler (ping if slow)
2015/01/08 09:58:36
OK, thanks for the explanation. Your conclusion re
Łukasz Anforowicz
2015/01/08 23:09:26
Thanks for pointing this out. This is useful to k
| |
123 PolicyNamespace ns = GetPolicyNamespace(); | |
124 const PolicyMap& current = policy_service_->GetPolicies(ns); | |
125 OnPolicyUpdated(ns, current, current); | |
126 }; | |
127 | |
128 void PolicyServiceWatcher::StartWatchingInternal() { | |
129 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, this); | |
130 Reload(); | |
131 }; | |
132 | |
133 void PolicyServiceWatcher::StopWatchingInternal() { | |
134 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, this); | |
135 }; | |
136 | |
137 #if defined(OS_MACOSX) | |
138 | |
139 // This function is based on GetManagedPolicyPath from | |
140 // chrome/browser/policy/chrome_browser_policy_connector.cc | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:11
How about moving this as a static helper to policy
Łukasz Anforowicz
2015/01/07 17:54:14
It probably makes sense and I am trying to do this
| |
141 base::FilePath GetManagedPolicyPath() { | |
142 // This constructs the path to the plist file in which Mac OS X stores the | |
143 // managed preference for the application. This is undocumented and therefore | |
144 // fragile, but if it doesn't work out, AsyncPolicyLoader has a task that | |
145 // polls periodically in order to reload managed preferences later even if we | |
146 // missed the change. | |
147 base::FilePath path; | |
148 if (!GetManagedPrefsDir(&path)) | |
149 return base::FilePath(); | |
150 | |
151 return path.Append("com.google.Chrome.plist"); | |
152 } | |
153 | |
154 #endif // defined(OS_MACOSX) | |
155 | |
156 #if !defined(OS_CHROMEOS) | |
157 | |
158 scoped_ptr<PolicyServiceWatcher> CreateFromPolicyLoader( | |
159 const scoped_refptr<base::SingleThreadTaskRunner>& task_runner, | |
160 scoped_ptr<AsyncPolicyLoader> async_policy_loader) { | |
161 scoped_ptr<SchemaRegistry> schema_registry(new SchemaRegistry()); | |
162 schema_registry->RegisterComponent(PolicyServiceWatcher::GetPolicyNamespace(), | |
163 Schema::Wrap(GetChromeSchemaData())); | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:12
Side note relating to the email thread: You're con
Łukasz Anforowicz
2015/01/07 17:54:14
Ack, although I am not sure about details of what
Mattias Nissler (ping if slow)
2015/01/08 09:58:36
That works, but given that the policy_templates.js
| |
164 | |
165 scoped_ptr<AsyncPolicyProvider> policy_provider(new AsyncPolicyProvider( | |
166 schema_registry.get(), async_policy_loader.Pass())); | |
167 policy_provider->Init(schema_registry.get()); | |
168 | |
169 PolicyServiceImpl::Providers providers; | |
170 providers.push_back(policy_provider.get()); | |
171 scoped_ptr<PolicyService> policy_service(new PolicyServiceImpl(providers)); | |
172 | |
173 return make_scoped_ptr( | |
174 new PolicyServiceWatcher(task_runner, policy_service.Pass(), | |
175 policy_provider.Pass(), schema_registry.Pass())); | |
176 } | |
177 | |
178 #endif | |
179 | |
180 } // anonymous namespace | |
181 | |
182 // This function is based on CreatePlatformProvider from | |
183 // src/chrome/browser/policy/chrome_browser_policy_connector.cc. | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:12
nit: This comment will get less and less useful ov
Łukasz Anforowicz
2015/01/07 17:54:14
Done.
| |
184 scoped_ptr<PolicyWatcher> PolicyWatcher::Create( | |
185 policy::PolicyService* policy_service, | |
186 const scoped_refptr<base::SingleThreadTaskRunner>& task_runner) { | |
187 #if defined(OS_CHROMEOS) | |
188 DCHECK(policy_service != nullptr); | |
189 return make_scoped_ptr(new PolicyServiceWatcher( | |
190 content::BrowserThread::GetMessageLoopProxyForThread( | |
191 content::BrowserThread::UI), | |
192 policy_service)); | |
193 #elif defined(OS_WIN) | |
194 DCHECK(policy_service == nullptr); | |
195 static const wchar_t kRegistryKey[] = L"SOFTWARE\\Policies\\Google\\Chrome"; | |
196 return CreateFromPolicyLoader( | |
197 task_runner, scoped_ptr<AsyncPolicyLoader>( | |
198 PolicyLoaderWin::Create(task_runner, kRegistryKey))); | |
199 #elif defined(OS_MACOSX) | |
200 DCHECK(policy_service == nullptr); | |
201 return CreateFromPolicyLoader( | |
202 task_runner, make_scoped_ptr(new PolicyLoaderMac( | |
203 task_runner, GetManagedPolicyPath(), | |
204 new MacPreferences(), CFSTR("com.google.Chrome")))); | |
205 #elif defined(OS_POSIX) && !defined(OS_ANDROID) | |
206 DCHECK(policy_service == nullptr); | |
207 static const base::FilePath::CharType kPolicyDir[] = | |
208 // Always read the Chrome policies (even on Chromium) so that policy | |
209 // enforcement can't be bypassed by running Chromium. | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:11
nit: This comment should go before line 207.
Łukasz Anforowicz
2015/01/07 17:54:14
Done (I was just copying the formatting from polic
| |
210 FILE_PATH_LITERAL("/etc/opt/chrome/policies"); | |
Mattias Nissler (ping if slow)
2015/01/06 09:06:12
I don't think the reasoning in the comment makes s
Łukasz Anforowicz
2015/01/07 17:54:14
Ack and we should definitely discuss this (maybe y
Mattias Nissler (ping if slow)
2015/01/08 09:58:36
OK, fair enough.
| |
211 return CreateFromPolicyLoader( | |
212 task_runner, | |
213 make_scoped_ptr(new ConfigDirPolicyLoader( | |
214 task_runner, base::FilePath(kPolicyDir), POLICY_SCOPE_MACHINE))); | |
215 #else | |
216 #error OS that is not yet supported by PolicyWatcher code. | |
217 #endif | |
218 } | |
219 | |
220 } // namespace policy_hack | |
221 } // namespace remoting | |
OLD | NEW |