Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(477)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/core/common/policy_loader_win.cc

Issue 937153003: Document the idiosyncrasies of policy provisioning on Windows. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add missing comma. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | components/policy/resources/policy_templates.json » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "components/policy/core/common/policy_loader_win.h" 5 #include "components/policy/core/common/policy_loader_win.h"
6 6
7 #include <windows.h> 7 #include <windows.h>
8 #include <lm.h> // For limits. 8 #include <lm.h> // For limits.
9 #include <ntdsapi.h> // For Ds[Un]Bind 9 #include <ntdsapi.h> // For Ds[Un]Bind
10 #include <rpc.h> // For struct GUID 10 #include <rpc.h> // For struct GUID
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 const char kLegacyBrowserSupportExtensionId[] = 68 const char kLegacyBrowserSupportExtensionId[] =
69 "heildphpnddilhkemkielfhnkaagiabh"; 69 "heildphpnddilhkemkielfhnkaagiabh";
70 70
71 // The web store url that is the only trusted source for extensions. 71 // The web store url that is the only trusted source for extensions.
72 const char kExpectedWebStoreUrl[] = 72 const char kExpectedWebStoreUrl[] =
73 ";https://clients2.google.com/service/update2/crx"; 73 ";https://clients2.google.com/service/update2/crx";
74 // String to be prepended to each blocked entry. 74 // String to be prepended to each blocked entry.
75 const char kBlockedExtensionPrefix[] = "[BLOCKED]"; 75 const char kBlockedExtensionPrefix[] = "[BLOCKED]";
76 76
77 // List of policies that are considered only if the user is part of a AD domain. 77 // List of policies that are considered only if the user is part of a AD domain.
78 // Please document any new additions in policy_templates.json!
78 const char* kInsecurePolicies[] = { 79 const char* kInsecurePolicies[] = {
79 key::kMetricsReportingEnabled, 80 key::kMetricsReportingEnabled,
80 key::kDefaultSearchProviderEnabled, 81 key::kDefaultSearchProviderEnabled,
81 key::kHomepageIsNewTabPage, 82 key::kHomepageIsNewTabPage,
82 key::kHomepageLocation, 83 key::kHomepageLocation,
83 key::kRestoreOnStartup, 84 key::kRestoreOnStartup,
84 key::kRestoreOnStartupURLs 85 key::kRestoreOnStartupURLs
85 }; 86 };
86 87
87 // The GUID of the registry settings group policy extension. 88 // The GUID of the registry settings group policy extension.
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
133 } 134 }
134 135
135 // Verifies that untrusted policies contain only safe values. Modifies the 136 // Verifies that untrusted policies contain only safe values. Modifies the
136 // |policy| in place. 137 // |policy| in place.
137 void FilterUntrustedPolicy(PolicyMap* policy) { 138 void FilterUntrustedPolicy(PolicyMap* policy) {
138 if (base::win::IsEnrolledToDomain()) 139 if (base::win::IsEnrolledToDomain())
139 return; 140 return;
140 141
141 int invalid_policies = 0; 142 int invalid_policies = 0;
142 const PolicyMap::Entry* map_entry = 143 const PolicyMap::Entry* map_entry =
143 policy->Get(policy::key::kExtensionInstallForcelist); 144 policy->Get(key::kExtensionInstallForcelist);
144 if (map_entry && map_entry->value) { 145 if (map_entry && map_entry->value) {
145 const base::ListValue* policy_list_value = NULL; 146 const base::ListValue* policy_list_value = NULL;
146 if (!map_entry->value->GetAsList(&policy_list_value)) 147 if (!map_entry->value->GetAsList(&policy_list_value))
147 return; 148 return;
148 149
149 scoped_ptr<base::ListValue> filtered_values(new base::ListValue); 150 scoped_ptr<base::ListValue> filtered_values(new base::ListValue);
150 for (base::ListValue::const_iterator list_entry(policy_list_value->begin()); 151 for (base::ListValue::const_iterator list_entry(policy_list_value->begin());
151 list_entry != policy_list_value->end(); ++list_entry) { 152 list_entry != policy_list_value->end(); ++list_entry) {
152 std::string entry; 153 std::string entry;
153 if (!(*list_entry)->GetAsString(&entry)) 154 if (!(*list_entry)->GetAsString(&entry))
154 continue; 155 continue;
155 size_t pos = entry.find(';'); 156 size_t pos = entry.find(';');
156 if (pos == std::string::npos) 157 if (pos == std::string::npos)
157 continue; 158 continue;
158 // Only allow custom update urls in enterprise environments. 159 // Only allow custom update urls in enterprise environments.
159 if (!LowerCaseEqualsASCII(entry.substr(pos), kExpectedWebStoreUrl)) { 160 if (!LowerCaseEqualsASCII(entry.substr(pos), kExpectedWebStoreUrl)) {
160 entry = kBlockedExtensionPrefix + entry; 161 entry = kBlockedExtensionPrefix + entry;
161 invalid_policies++; 162 invalid_policies++;
162 } 163 }
163 164
164 filtered_values->AppendString(entry); 165 filtered_values->AppendString(entry);
165 } 166 }
166 if (invalid_policies) { 167 if (invalid_policies) {
167 policy->Set(policy::key::kExtensionInstallForcelist, 168 policy->Set(key::kExtensionInstallForcelist,
168 map_entry->level, map_entry->scope, 169 map_entry->level, map_entry->scope,
169 filtered_values.release(), 170 filtered_values.release(),
170 map_entry->external_data_fetcher); 171 map_entry->external_data_fetcher);
171 172
172 const PolicyDetails* details = policy::GetChromePolicyDetails( 173 const PolicyDetails* details = GetChromePolicyDetails(
173 policy::key::kExtensionInstallForcelist); 174 key::kExtensionInstallForcelist);
174 UMA_HISTOGRAM_SPARSE_SLOWLY("EnterpriseCheck.InvalidPolicies", 175 UMA_HISTOGRAM_SPARSE_SLOWLY("EnterpriseCheck.InvalidPolicies",
175 details->id); 176 details->id);
176 } 177 }
177 } 178 }
178 179
179 for (size_t i = 0; i < arraysize(kInsecurePolicies); ++i) { 180 for (size_t i = 0; i < arraysize(kInsecurePolicies); ++i) {
180 if (policy->Get(kInsecurePolicies[i])) { 181 if (policy->Get(kInsecurePolicies[i])) {
181 // TODO(pastarmovj): Surface this issue in the about:policy page. 182 // TODO(pastarmovj): Surface this issue in the about:policy page.
182 policy->Erase(kInsecurePolicies[i]); 183 policy->Erase(kInsecurePolicies[i]);
183 invalid_policies++; 184 invalid_policies++;
184 const PolicyDetails* details = 185 const PolicyDetails* details =
185 policy::GetChromePolicyDetails(kInsecurePolicies[i]); 186 GetChromePolicyDetails(kInsecurePolicies[i]);
186 UMA_HISTOGRAM_SPARSE_SLOWLY("EnterpriseCheck.InvalidPolicies", 187 UMA_HISTOGRAM_SPARSE_SLOWLY("EnterpriseCheck.InvalidPolicies",
187 details->id); 188 details->id);
188 } 189 }
189 } 190 }
190 191
191 UMA_HISTOGRAM_COUNTS("EnterpriseCheck.InvalidPoliciesDetected", 192 UMA_HISTOGRAM_COUNTS("EnterpriseCheck.InvalidPoliciesDetected",
192 invalid_policies); 193 invalid_policies);
193 } 194 }
194 195
195 // A helper class encapsulating run-time-linked function calls to Wow64 APIs. 196 // A helper class encapsulating run-time-linked function calls to Wow64 APIs.
(...skipping 491 matching lines...) Expand 10 before | Expand all | Expand 10 after
687 "418183 PolicyLoaderWin::OnObjectSignaled")); 688 "418183 PolicyLoaderWin::OnObjectSignaled"));
688 689
689 DCHECK(object == user_policy_changed_event_.handle() || 690 DCHECK(object == user_policy_changed_event_.handle() ||
690 object == machine_policy_changed_event_.handle()) 691 object == machine_policy_changed_event_.handle())
691 << "unexpected object signaled policy reload, obj = " 692 << "unexpected object signaled policy reload, obj = "
692 << std::showbase << std::hex << object; 693 << std::showbase << std::hex << object;
693 Reload(false); 694 Reload(false);
694 } 695 }
695 696
696 } // namespace policy 697 } // namespace policy
OLDNEW
« no previous file with comments | « no previous file | components/policy/resources/policy_templates.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698