chrome/browser/supervised_user/supervised_user_service.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
   6 #define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
   7
   8 #include <set>
   9 #include <vector>
  10
  11 #include "base/callback.h"
  12 #include "base/gtest_prod_util.h"
  13 #include "base/memory/scoped_ptr.h"
  14 #include "base/prefs/pref_change_registrar.h"
  15 #include "base/scoped_observer.h"
  16 #include "base/strings/string16.h"
  17 #include "chrome/browser/supervised_user/experimental/supervised_user_blacklist.h"
  18 #include "chrome/browser/supervised_user/supervised_user_url_filter.h"
  19 #include "chrome/browser/supervised_user/supervised_users.h"
  20 #include "chrome/browser/sync/profile_sync_service_observer.h"
  21 #include "chrome/browser/sync/sync_type_preference_provider.h"
  22 #include "chrome/browser/ui/browser_list_observer.h"
  23 #include "components/keyed_service/core/keyed_service.h"
  24 #include "content/public/browser/web_contents.h"
  25
  26 #if defined(ENABLE_EXTENSIONS)
  27 #include "extensions/browser/extension_registry_observer.h"
  28 #include "extensions/browser/management_policy.h"
  29 #endif
  30
  31 class Browser;
  32 class GoogleServiceAuthError;
  33 class PermissionRequestCreator;
  34 class Profile;
  35 class SupervisedUserRegistrationUtility;
  36 class SupervisedUserSettingsService;
  37 class SupervisedUserSiteList;
  38 class SupervisedUserURLFilter;
  39
  40 namespace base {
  41 class FilePath;
  42 }
  43
  44 namespace extensions {
  45 class ExtensionRegistry;
  46 }
  47
  48 namespace user_prefs {
  49 class PrefRegistrySyncable;
  50 }
  51
  52 // This class handles all the information related to a given supervised profile
  53 // (e.g. the installed content packs, the default URL filtering behavior, or
  54 // manual whitelist/blacklist overrides).
  55 class SupervisedUserService : public KeyedService,
  56 #if defined(ENABLE_EXTENSIONS)
  57                               public extensions::ManagementPolicy::Provider,
  58                               public extensions::ExtensionRegistryObserver,
  59 #endif
  60                               public SyncTypePreferenceProvider,
  61                               public ProfileSyncServiceObserver,
  62                               public chrome::BrowserListObserver {
  63  public:
  64   typedef std::vector<base::string16> CategoryList;
  65   typedef base::Callback<void(content::WebContents*)> NavigationBlockedCallback;
  66   typedef base::Callback<void(const GoogleServiceAuthError&)> AuthErrorCallback;
  67
  68   enum ManualBehavior {
  69     MANUAL_NONE = 0,
  70     MANUAL_ALLOW,
  71     MANUAL_BLOCK
  72   };
  73
  74   class Delegate {
  75    public:
  76     virtual ~Delegate() {}
  77     // Returns true to indicate that the delegate handled the (de)activation, or
  78     // false to indicate that the SupervisedUserService itself should handle it.
  79     virtual bool SetActive(bool active) = 0;
  80     // Returns the path to a blacklist file to load, or an empty path to
  81     // indicate "none".
  82     virtual base::FilePath GetBlacklistPath() const = 0;
  83   };
  84
  85   virtual ~SupervisedUserService();
  86
  87   // ProfileKeyedService override:
  88   virtual void Shutdown() OVERRIDE;
  89
  90   static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
  91
  92   void SetDelegate(Delegate* delegate);
  93
  94   // Returns the URL filter for the IO thread, for filtering network requests
  95   // (in SupervisedUserResourceThrottle).
  96   scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread();
  97
  98   // Returns the URL filter for the UI thread, for filtering navigations and
  99   // classifying sites in the history view.
 100   SupervisedUserURLFilter* GetURLFilterForUIThread();
 101
 102   // Returns the URL's category, obtained from the installed content packs.
 103   int GetCategory(const GURL& url);
 104
 105   // Returns the list of all known human-readable category names, sorted by ID
 106   // number. Called in the critical path of drawing the history UI, so needs to
 107   // be fast.
 108   void GetCategoryNames(CategoryList* list);
 109
 110   // Whether the user can request access to blocked URLs.
 111   bool AccessRequestsEnabled();
 112
 113   void OnPermissionRequestIssued();
 114
 115   // Adds an access request for the given URL. The requests are stored using
 116   // a prefix followed by a URIEncoded version of the URL. Each entry contains
 117   // a dictionary which currently has the timestamp of the request in it.
 118   void AddAccessRequest(const GURL& url);
 119
 120   // Returns the email address of the custodian.
 121   std::string GetCustodianEmailAddress() const;
 122
 123   // Returns the name of the custodian, or the email address if the name is
 124   // empty.
 125   std::string GetCustodianName() const;
 126
 127   // These methods allow querying and modifying the manual filtering behavior.
 128   // The manual behavior is set by the user and overrides all other settings
 129   // (whitelists or the default behavior).
 130
 131   // Returns the manual behavior for the given host.
 132   ManualBehavior GetManualBehaviorForHost(const std::string& hostname);
 133
 134   // Returns the manual behavior for the given URL.
 135   ManualBehavior GetManualBehaviorForURL(const GURL& url);
 136
 137   // Returns all URLS on the given host that have exceptions.
 138   void GetManualExceptionsForHost(const std::string& host,
 139                                   std::vector<GURL>* urls);
 140
 141   // Initializes this object. This method does nothing if the profile is not
 142   // supervised.
 143   void Init();
 144
 145   // Initializes this profile for syncing, using the provided |refresh_token| to
 146   // mint access tokens for Sync.
 147   void InitSync(const std::string& refresh_token);
 148
 149   // Convenience method that registers this supervised user using
 150   // |registration_utility| and initializes sync with the returned token.
 151   // The |callback| will be called when registration is complete,
 152   // whether it succeeded or not -- unless registration was cancelled manually,
 153   // in which case the callback will be ignored.
 154   void RegisterAndInitSync(
 155       SupervisedUserRegistrationUtility* registration_utility,
 156       Profile* custodian_profile,
 157       const std::string& supervised_user_id,
 158       const AuthErrorCallback& callback);
 159
 160   void set_elevated_for_testing(bool skip) {
 161     elevated_for_testing_ = skip;
 162   }
 163
 164   void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback);
 165   void DidBlockNavigation(content::WebContents* web_contents);
 166
 167 #if defined(ENABLE_EXTENSIONS)
 168   // extensions::ManagementPolicy::Provider implementation:
 169   virtual std::string GetDebugPolicyProviderName() const OVERRIDE;
 170   virtual bool UserMayLoad(const extensions::Extension* extension,
 171                            base::string16* error) const OVERRIDE;
 172   virtual bool UserMayModifySettings(const extensions::Extension* extension,
 173                                      base::string16* error) const OVERRIDE;
 174
 175   // extensions::ExtensionRegistryObserver implementation.
 176   virtual void OnExtensionLoaded(
 177       content::BrowserContext* browser_context,
 178       const extensions::Extension* extension) OVERRIDE;
 179   virtual void OnExtensionUnloaded(
 180       content::BrowserContext* browser_context,
 181       const extensions::Extension* extension,
 182       extensions::UnloadedExtensionInfo::Reason reason) OVERRIDE;
 183 #endif
 184
 185   // SyncTypePreferenceProvider implementation:
 186   virtual syncer::ModelTypeSet GetPreferredDataTypes() const OVERRIDE;
 187
 188   // ProfileSyncServiceObserver implementation:
 189   virtual void OnStateChanged() OVERRIDE;
 190
 191   // chrome::BrowserListObserver implementation:
 192   virtual void OnBrowserSetLastActive(Browser* browser) OVERRIDE;
 193
 194  private:
 195   friend class SupervisedUserServiceExtensionTestBase;
 196   friend class SupervisedUserServiceFactory;
 197   FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration);
 198
 199   // A bridge from the UI thread to the SupervisedUserURLFilters, one of which
 200   // lives on the IO thread. This class mediates access to them and makes sure
 201   // they are kept in sync.
 202   class URLFilterContext {
 203    public:
 204     URLFilterContext();
 205     ~URLFilterContext();
 206
 207     SupervisedUserURLFilter* ui_url_filter() const;
 208     SupervisedUserURLFilter* io_url_filter() const;
 209
 210     void SetDefaultFilteringBehavior(
 211         SupervisedUserURLFilter::FilteringBehavior behavior);
 212     void LoadWhitelists(ScopedVector<SupervisedUserSiteList> site_lists);
 213     void LoadBlacklist(const base::FilePath& path);
 214     void SetManualHosts(scoped_ptr<std::map<std::string, bool> > host_map);
 215     void SetManualURLs(scoped_ptr<std::map<GURL, bool> > url_map);
 216
 217    private:
 218     void OnBlacklistLoaded();
 219
 220     // SupervisedUserURLFilter is refcounted because the IO thread filter is
 221     // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
 222     // network requests), so they both keep a reference to it.
 223     // Clients should not keep references to the UI thread filter, however
 224     // (the filter will live as long as the profile lives, and afterwards it
 225     // should not be used anymore either).
 226     scoped_refptr<SupervisedUserURLFilter> ui_url_filter_;
 227     scoped_refptr<SupervisedUserURLFilter> io_url_filter_;
 228
 229     SupervisedUserBlacklist blacklist_;
 230
 231     DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
 232   };
 233
 234   // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get
 235   // an instance of this service.
 236   explicit SupervisedUserService(Profile* profile);
 237
 238   void SetActive(bool active);
 239
 240   void OnCustodianProfileDownloaded(const base::string16& full_name);
 241
 242   void OnSupervisedUserRegistered(const AuthErrorCallback& callback,
 243                                   Profile* custodian_profile,
 244                                   const GoogleServiceAuthError& auth_error,
 245                                   const std::string& token);
 246
 247   void SetupSync();
 248   void StartSetupSync();
 249   void FinishSetupSyncWhenReady();
 250   void FinishSetupSync();
 251
 252   bool ProfileIsSupervised() const;
 253
 254 #if defined(ENABLE_EXTENSIONS)
 255   // Internal implementation for ExtensionManagementPolicy::Delegate methods.
 256   // If |error| is not NULL, it will be filled with an error message if the
 257   // requested extension action (install, modify status, etc.) is not permitted.
 258   bool ExtensionManagementPolicyImpl(const extensions::Extension* extension,
 259                                      base::string16* error) const;
 260
 261   // Returns a list of all installed and enabled site lists in the current
 262   // supervised profile.
 263   ScopedVector<SupervisedUserSiteList> GetActiveSiteLists();
 264
 265   // Extensions helper to SetActive().
 266   void SetExtensionsActive();
 267 #endif
 268
 269   SupervisedUserSettingsService* GetSettingsService();
 270
 271   void OnSupervisedUserIdChanged();
 272
 273   void OnDefaultFilteringBehaviorChanged();
 274
 275   void UpdateSiteLists();
 276
 277   // Asynchronously loads a static blacklist from a binary file at |path| and
 278   // applies it to the URL filters.
 279   void LoadBlacklist(const base::FilePath& path);
 280
 281   // Updates the manual overrides for hosts in the URL filters when the
 282   // corresponding preference is changed.
 283   void UpdateManualHosts();
 284
 285   // Updates the manual overrides for URLs in the URL filters when the
 286   // corresponding preference is changed.
 287   void UpdateManualURLs();
 288
 289   // Returns the human readable name of the supervised user.
 290   std::string GetSupervisedUserName() const;
 291
 292   // Owns us via the KeyedService mechanism.
 293   Profile* profile_;
 294
 295   bool active_;
 296
 297   Delegate* delegate_;
 298
 299 #if defined(ENABLE_EXTENSIONS)
 300   ScopedObserver<extensions::ExtensionRegistry,
 301                  extensions::ExtensionRegistryObserver>
 302       extension_registry_observer_;
 303 #endif
 304
 305   PrefChangeRegistrar pref_change_registrar_;
 306
 307   // True iff we're waiting for the Sync service to be initialized.
 308   bool waiting_for_sync_initialization_;
 309   bool is_profile_active_;
 310
 311   std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_;
 312
 313   // Sets a profile in elevated state for testing if set to true.
 314   bool elevated_for_testing_;
 315
 316   // True only when |Init()| method has been called.
 317   bool did_init_;
 318
 319   // True only when |Shutdown()| method has been called.
 320   bool did_shutdown_;
 321
 322   URLFilterContext url_filter_context_;
 323
 324   // Used to create permission requests.
 325   scoped_ptr<PermissionRequestCreator> permissions_creator_;
 326
 327   // True iff we are waiting for a permission request to be issued.
 328   bool waiting_for_permissions_;
 329
 330   base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_;
 331 };
 332
 333 #endif  // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_