chrome/browser/policy/profile_policy_connector.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/policy/profile_policy_connector.h"
   6
   7 #include <vector>
   8
   9 #include "base/bind.h"
  10 #include "base/logging.h"
  11 #include "base/values.h"
  12 #include "chrome/browser/browser_process.h"
  13 #include "components/policy/core/browser/browser_policy_connector.h"
  14 #include "components/policy/core/common/cloud/cloud_policy_core.h"
  15 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
  16 #include "components/policy/core/common/cloud/cloud_policy_store.h"
  17 #include "components/policy/core/common/configuration_policy_provider.h"
  18 #include "components/policy/core/common/policy_service_impl.h"
  19 #include "components/policy/core/common/schema_registry_tracking_policy_provider.h"
  20 #include "google_apis/gaia/gaia_auth_util.h"
  21
  22 #if defined(OS_CHROMEOS)
  23 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
  24 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
  25 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
  26 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h"
  27 #include "components/user_manager/user.h"
  28 #include "components/user_manager/user_manager.h"
  29 #endif
  30
  31 namespace policy {
  32
  33 namespace {
  34
  35 bool HasChromePolicy(ConfigurationPolicyProvider* provider,
  36                      const char* name) {
  37   if (!provider)
  38     return false;
  39   PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, "");
  40   return provider->policies().Get(chrome_ns).Get(name) != NULL;
  41 }
  42
  43 }  // namespace
  44
  45 ProfilePolicyConnector::ProfilePolicyConnector()
  46 #if defined(OS_CHROMEOS)
  47     : is_primary_user_(false),
  48       user_cloud_policy_manager_(NULL)
  49 #else
  50     : user_cloud_policy_manager_(NULL)
  51 #endif
  52       {}
  53
  54 ProfilePolicyConnector::~ProfilePolicyConnector() {}
  55
  56 void ProfilePolicyConnector::Init(
  57     bool force_immediate_load,
  58 #if defined(OS_CHROMEOS)
  59     const user_manager::User* user,
  60 #endif
  61     SchemaRegistry* schema_registry,
  62     CloudPolicyManager* user_cloud_policy_manager) {
  63   user_cloud_policy_manager_ = user_cloud_policy_manager;
  64
  65   // |providers| contains a list of the policy providers available for the
  66   // PolicyService of this connector, in decreasing order of priority.
  67   //
  68   // Note: all the providers appended to this vector must eventually become
  69   // initialized for every policy domain, otherwise some subsystems will never
  70   // use the policies exposed by the PolicyService!
  71   // The default ConfigurationPolicyProvider::IsInitializationComplete()
  72   // result is true, so take care if a provider overrides that.
  73   //
  74   // Note: if you append a new provider then make sure IsPolicyFromCloudPolicy()
  75   // is also updated below.
  76   std::vector<ConfigurationPolicyProvider*> providers;
  77
  78 #if defined(OS_CHROMEOS)
  79   BrowserPolicyConnectorChromeOS* connector =
  80       g_browser_process->platform_part()->browser_policy_connector_chromeos();
  81 #else
  82   BrowserPolicyConnector* connector =
  83       g_browser_process->browser_policy_connector();
  84 #endif
  85
  86   if (connector->GetPlatformProvider()) {
  87     wrapped_platform_policy_provider_.reset(
  88         new SchemaRegistryTrackingPolicyProvider(
  89             connector->GetPlatformProvider()));
  90     wrapped_platform_policy_provider_->Init(schema_registry);
  91     providers.push_back(wrapped_platform_policy_provider_.get());
  92   }
  93
  94 #if defined(OS_CHROMEOS)
  95   if (connector->GetDeviceCloudPolicyManager())
  96     providers.push_back(connector->GetDeviceCloudPolicyManager());
  97 #endif
  98
  99   if (user_cloud_policy_manager)
 100     providers.push_back(user_cloud_policy_manager);
 101
 102 #if defined(OS_CHROMEOS)
 103   if (!user) {
 104     DCHECK(schema_registry);
 105     // This case occurs for the signin profile.
 106     special_user_policy_provider_.reset(
 107         new LoginProfilePolicyProvider(connector->GetPolicyService()));
 108   } else {
 109     // |user| should never be NULL except for the signin profile.
 110     is_primary_user_ =
 111         user == user_manager::UserManager::Get()->GetPrimaryUser();
 112     special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create(
 113         user->email(),
 114         connector->GetDeviceLocalAccountPolicyService());
 115   }
 116   if (special_user_policy_provider_) {
 117     special_user_policy_provider_->Init(schema_registry);
 118     providers.push_back(special_user_policy_provider_.get());
 119   }
 120 #endif
 121
 122   policy_service_.reset(new PolicyServiceImpl(providers));
 123
 124 #if defined(OS_CHROMEOS)
 125   if (is_primary_user_) {
 126     if (user_cloud_policy_manager)
 127       connector->SetUserPolicyDelegate(user_cloud_policy_manager);
 128     else if (special_user_policy_provider_)
 129       connector->SetUserPolicyDelegate(special_user_policy_provider_.get());
 130   }
 131 #endif
 132 }
 133
 134 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) {
 135   policy_service_ = service.Pass();
 136 }
 137
 138 void ProfilePolicyConnector::OverrideIsManagedForTesting(bool is_managed) {
 139   is_managed_override_.reset(new bool(is_managed));
 140 }
 141
 142 void ProfilePolicyConnector::Shutdown() {
 143 #if defined(OS_CHROMEOS)
 144   BrowserPolicyConnectorChromeOS* connector =
 145       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 146   if (is_primary_user_)
 147     connector->SetUserPolicyDelegate(NULL);
 148   if (special_user_policy_provider_)
 149     special_user_policy_provider_->Shutdown();
 150 #endif
 151   if (wrapped_platform_policy_provider_)
 152     wrapped_platform_policy_provider_->Shutdown();
 153 }
 154
 155 bool ProfilePolicyConnector::IsManaged() const {
 156   if (is_managed_override_)
 157     return *is_managed_override_;
 158   return !GetManagementDomain().empty();
 159 }
 160
 161 std::string ProfilePolicyConnector::GetManagementDomain() const {
 162   if (!user_cloud_policy_manager_)
 163     return "";
 164   CloudPolicyStore* store = user_cloud_policy_manager_->core()->store();
 165   if (store && store->is_managed() && store->policy()->has_username())
 166     return gaia::ExtractDomainName(store->policy()->username());
 167   return "";
 168 }
 169
 170 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const {
 171   if (!HasChromePolicy(user_cloud_policy_manager_, name))
 172     return false;
 173
 174   // Check all the providers that have higher priority than the
 175   // |user_cloud_policy_manager_|. These checks must be kept in sync with the
 176   // order of the providers in Init().
 177
 178   if (HasChromePolicy(wrapped_platform_policy_provider_.get(), name))
 179     return false;
 180
 181 #if defined(OS_CHROMEOS)
 182   BrowserPolicyConnectorChromeOS* connector =
 183       g_browser_process->platform_part()->browser_policy_connector_chromeos();
 184   if (HasChromePolicy(connector->GetDeviceCloudPolicyManager(), name))
 185     return false;
 186 #endif
 187
 188   return true;
 189 }
 190
 191 }  // namespace policy