Chromium Code Reviews Chromium Code Reviews
Issue 985093002:
Fix up Owner settings on first load (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 93 const ManagementSettings& settings, | 93 const ManagementSettings& settings, |
| 94 const OnManagementSettingsSetCallback& callback); | 94 const OnManagementSettingsSetCallback& callback); |
| 95 | 95 |
| 96 // Checks if the user is the device owner, without the user profile having to | 96 // Checks if the user is the device owner, without the user profile having to |
| 97 // been initialized. Should be used only if login state is in safe mode. | 97 // been initialized. Should be used only if login state is in safe mode. |
| 98 static void IsOwnerForSafeModeAsync( | 98 static void IsOwnerForSafeModeAsync( |
| 99 const std::string& user_hash, | 99 const std::string& user_hash, |
| 100 const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util, | 100 const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util, |
| 101 const IsOwnerCallback& callback); | 101 const IsOwnerCallback& callback); |
| 102 | 102 |
| 103 // Assembles PolicyData based on |settings|, |policy_data| and | 103 // Assembles PolicyData based on |settings|, |policy_data|, |user_id| and |
| 104 // |user_id|. | 104 // |pending_management_settings|. Applies local-owner policy fixups if needed. |
| 105 static scoped_ptr<enterprise_management::PolicyData> AssemblePolicy( | 105 static scoped_ptr<enterprise_management::PolicyData> AssemblePolicy( |
| 106 const std::string& user_id, | 106 const std::string& user_id, |
| 107 const enterprise_management::PolicyData* policy_data, | 107 const enterprise_management::PolicyData* policy_data, |
| 108 const enterprise_management::ChromeDeviceSettingsProto* settings); | 108 bool apply_pending_mangement_settings, |
| 109 const ManagementSettings& pending_management_settings, | |
| 110 enterprise_management::ChromeDeviceSettingsProto* settings); | |
| 109 | 111 |
| 110 // Updates device |settings|. | 112 // Updates device |settings|. |
| 111 static void UpdateDeviceSettings( | 113 static void UpdateDeviceSettings( |
| 112 const std::string& path, | 114 const std::string& path, |
| 113 const base::Value& value, | 115 const base::Value& value, |
| 114 enterprise_management::ChromeDeviceSettingsProto& settings); | 116 enterprise_management::ChromeDeviceSettingsProto& settings); |
| 115 | 117 |
| 116 bool has_pending_changes() const { | 118 bool has_pending_changes() const { |
|
stevenjb
2015/03/26 15:54:01
optional nit: This should really be named somethin
| |
| 117 return !pending_changes_.empty() || tentative_settings_.get() || | 119 return !pending_changes_.empty() || tentative_settings_.get() || |
| 118 has_pending_management_settings_; | 120 has_pending_management_settings_ || has_pending_fixups_; |
| 119 } | 121 } |
| 120 | 122 |
| 121 protected: | 123 protected: |
| 122 OwnerSettingsServiceChromeOS( | 124 OwnerSettingsServiceChromeOS( |
| 123 DeviceSettingsService* device_settings_service, | 125 DeviceSettingsService* device_settings_service, |
| 124 Profile* profile, | 126 Profile* profile, |
| 125 const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util); | 127 const scoped_refptr<ownership::OwnerKeyUtil>& owner_key_util); |
| 126 | 128 |
| 127 private: | 129 private: |
| 128 friend class OwnerSettingsServiceChromeOSFactory; | 130 friend class OwnerSettingsServiceChromeOSFactory; |
| 129 | 131 |
| 132 // Perform fixups required to ensure sensical local-owner device policy: | |
| 133 // 1) user whitelisting must be explicitly allowed or disallowed, and | |
| 134 // 2) the owner user must be on the whitelist, if it's enforced. | |
| 135 static void FixupLocalOwnerPolicy( | |
| 136 const std::string& user_id, | |
| 137 enterprise_management::ChromeDeviceSettingsProto* settings); | |
| 138 | |
| 130 // OwnerSettingsService protected interface overrides: | 139 // OwnerSettingsService protected interface overrides: |
| 131 | 140 |
| 132 // Reloads private key from profile's NSS slots, responds via |callback|. | 141 // Reloads private key from profile's NSS slots, responds via |callback|. |
| 133 void ReloadKeypairImpl(const base::Callback< | 142 void ReloadKeypairImpl(const base::Callback< |
| 134 void(const scoped_refptr<ownership::PublicKey>& public_key, | 143 void(const scoped_refptr<ownership::PublicKey>& public_key, |
| 135 const scoped_refptr<ownership::PrivateKey>& private_key)>& callback) | 144 const scoped_refptr<ownership::PrivateKey>& private_key)>& callback) |
| 136 override; | 145 override; |
| 137 | 146 |
| 138 // Possibly notifies DeviceSettingsService that owner's keypair is loaded. | 147 // Possibly notifies DeviceSettingsService that owner's keypair is loaded. |
| 139 void OnPostKeypairLoadedActions() override; | 148 void OnPostKeypairLoadedActions() override; |
| (...skipping 21 matching lines...) Expand all Loading... | |
| 161 | 170 |
| 162 // User ID this service instance belongs to. | 171 // User ID this service instance belongs to. |
| 163 std::string user_id_; | 172 std::string user_id_; |
| 164 | 173 |
| 165 // Whether profile still needs to be initialized. | 174 // Whether profile still needs to be initialized. |
| 166 bool waiting_for_profile_creation_; | 175 bool waiting_for_profile_creation_; |
| 167 | 176 |
| 168 // Whether TPM token still needs to be initialized. | 177 // Whether TPM token still needs to be initialized. |
| 169 bool waiting_for_tpm_token_; | 178 bool waiting_for_tpm_token_; |
| 170 | 179 |
| 180 // True if local-owner policy fixups are still pending. | |
| 181 bool has_pending_fixups_; | |
| 182 | |
| 171 // A set of pending changes to device settings. | 183 // A set of pending changes to device settings. |
| 172 base::ScopedPtrHashMap<std::string, base::Value> pending_changes_; | 184 base::ScopedPtrHashMap<std::string, base::Value> pending_changes_; |
| 173 | 185 |
| 174 // True if there're pending changes to management settings. | 186 // True if there're pending changes to management settings. |
| 175 bool has_pending_management_settings_; | 187 bool has_pending_management_settings_; |
| 176 | 188 |
| 177 // A set of pending changes to management settings. | 189 // A set of pending changes to management settings. |
| 178 ManagementSettings pending_management_settings_; | 190 ManagementSettings pending_management_settings_; |
| 179 | 191 |
| 180 // A set of callbacks that need to be run after management settings | 192 // A set of callbacks that need to be run after management settings |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 191 base::WeakPtrFactory<OwnerSettingsServiceChromeOS> weak_factory_; | 203 base::WeakPtrFactory<OwnerSettingsServiceChromeOS> weak_factory_; |
| 192 | 204 |
| 193 base::WeakPtrFactory<OwnerSettingsServiceChromeOS> store_settings_factory_; | 205 base::WeakPtrFactory<OwnerSettingsServiceChromeOS> store_settings_factory_; |
| 194 | 206 |
| 195 DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOS); | 207 DISALLOW_COPY_AND_ASSIGN(OwnerSettingsServiceChromeOS); |
| 196 }; | 208 }; |
| 197 | 209 |
| 198 } // namespace chromeos | 210 } // namespace chromeos |
| 199 | 211 |
| 200 #endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ | 212 #endif // CHROME_BROWSER_CHROMEOS_OWNERSHIP_OWNER_SETTINGS_SERVICE_CHROMEOS_H_ |
| OLD | NEW |
