chrome/browser/chromeos/policy/device_local_account_policy_provider.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
   6
   7 #include "base/bind.h"
   8 #include "base/values.h"
   9 #include "chrome/browser/chromeos/policy/device_local_account.h"
  10 #include "chrome/browser/chromeos/policy/device_local_account_external_data_manager.h"
  11 #include "chromeos/dbus/power_policy_controller.h"
  12 #include "components/policy/core/common/cloud/cloud_policy_core.h"
  13 #include "components/policy/core/common/cloud/cloud_policy_service.h"
  14 #include "components/policy/core/common/cloud/component_cloud_policy_service.h"
  15 #include "components/policy/core/common/policy_bundle.h"
  16 #include "components/policy/core/common/policy_map.h"
  17 #include "components/policy/core/common/policy_namespace.h"
  18 #include "components/policy/core/common/policy_types.h"
  19 #include "policy/policy_constants.h"
  20
  21 namespace policy {
  22
  23 DeviceLocalAccountPolicyProvider::DeviceLocalAccountPolicyProvider(
  24     const std::string& user_id,
  25     DeviceLocalAccountPolicyService* service,
  26     scoped_ptr<PolicyMap> chrome_policy_overrides)
  27     : user_id_(user_id),
  28       service_(service),
  29       chrome_policy_overrides_(chrome_policy_overrides.Pass()),
  30       store_initialized_(false),
  31       waiting_for_policy_refresh_(false),
  32       weak_factory_(this) {
  33   service_->AddObserver(this);
  34   UpdateFromBroker();
  35 }
  36
  37 DeviceLocalAccountPolicyProvider::~DeviceLocalAccountPolicyProvider() {
  38   service_->RemoveObserver(this);
  39 }
  40
  41 // static
  42 scoped_ptr<DeviceLocalAccountPolicyProvider>
  43 DeviceLocalAccountPolicyProvider::Create(
  44     const std::string& user_id,
  45     DeviceLocalAccountPolicyService* device_local_account_policy_service) {
  46   DeviceLocalAccount::Type type;
  47   if (!device_local_account_policy_service ||
  48       !IsDeviceLocalAccountUser(user_id, &type)) {
  49     return scoped_ptr<DeviceLocalAccountPolicyProvider>();
  50   }
  51
  52   scoped_ptr<PolicyMap> chrome_policy_overrides;
  53   if (type == DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
  54     chrome_policy_overrides.reset(new PolicyMap());
  55
  56     // Exit the session when the lid is closed. The default behavior is to
  57     // suspend while leaving the session running, which is not desirable for
  58     // public sessions.
  59     chrome_policy_overrides->Set(
  60         key::kLidCloseAction,
  61         POLICY_LEVEL_MANDATORY,
  62         POLICY_SCOPE_MACHINE,
  63         POLICY_SOURCE_ENTERPRISE_OVERRIDE,
  64         new base::FundamentalValue(
  65             chromeos::PowerPolicyController::ACTION_STOP_SESSION),
  66         NULL);
  67     // Force the |ShelfAutoHideBehavior| policy to |Never|, ensuring that the
  68     // ash shelf does not auto-hide.
  69     chrome_policy_overrides->Set(
  70         key::kShelfAutoHideBehavior,
  71         POLICY_LEVEL_MANDATORY,
  72         POLICY_SCOPE_MACHINE,
  73         POLICY_SOURCE_ENTERPRISE_OVERRIDE,
  74         new base::StringValue("Never"),
  75         NULL);
  76     // Force the |ShowLogoutButtonInTray| policy to |true|, ensuring that a big,
  77     // red logout button is shown in the ash system tray.
  78     chrome_policy_overrides->Set(
  79         key::kShowLogoutButtonInTray,
  80         POLICY_LEVEL_MANDATORY,
  81         POLICY_SCOPE_MACHINE,
  82         POLICY_SOURCE_ENTERPRISE_OVERRIDE,
  83         new base::FundamentalValue(true),
  84         NULL);
  85     // Force the |FullscreenAllowed| policy to |false|, ensuring that the ash
  86     // shelf cannot be hidden by entering fullscreen mode.
  87     chrome_policy_overrides->Set(
  88         key::kFullscreenAllowed,
  89         POLICY_LEVEL_MANDATORY,
  90         POLICY_SCOPE_MACHINE,
  91         POLICY_SOURCE_ENTERPRISE_OVERRIDE,
  92         new base::FundamentalValue(false),
  93         NULL);
  94   }
  95
  96   scoped_ptr<DeviceLocalAccountPolicyProvider> provider(
  97       new DeviceLocalAccountPolicyProvider(user_id,
  98                                            device_local_account_policy_service,
  99                                            chrome_policy_overrides.Pass()));
 100   return provider.Pass();
 101 }
 102
 103 bool DeviceLocalAccountPolicyProvider::IsInitializationComplete(
 104     PolicyDomain domain) const {
 105   if (domain == POLICY_DOMAIN_CHROME)
 106     return store_initialized_;
 107   if (ComponentCloudPolicyService::SupportsDomain(domain) &&
 108       GetBroker() && GetBroker()->component_policy_service()) {
 109     return GetBroker()->component_policy_service()->is_initialized();
 110   }
 111   return true;
 112 }
 113
 114 void DeviceLocalAccountPolicyProvider::RefreshPolicies() {
 115   DeviceLocalAccountPolicyBroker* broker = GetBroker();
 116   if (broker && broker->core()->service()) {
 117     waiting_for_policy_refresh_ = true;
 118     broker->core()->service()->RefreshPolicy(
 119         base::Bind(&DeviceLocalAccountPolicyProvider::ReportPolicyRefresh,
 120                    weak_factory_.GetWeakPtr()));
 121   } else {
 122     UpdateFromBroker();
 123   }
 124 }
 125
 126 void DeviceLocalAccountPolicyProvider::OnPolicyUpdated(
 127     const std::string& user_id) {
 128   if (user_id == user_id_)
 129     UpdateFromBroker();
 130 }
 131
 132 void DeviceLocalAccountPolicyProvider::OnDeviceLocalAccountsChanged() {
 133   UpdateFromBroker();
 134 }
 135
 136 DeviceLocalAccountPolicyBroker* DeviceLocalAccountPolicyProvider::GetBroker()
 137     const {
 138   return service_->GetBrokerForUser(user_id_);
 139 }
 140
 141 void DeviceLocalAccountPolicyProvider::ReportPolicyRefresh(bool success) {
 142   waiting_for_policy_refresh_ = false;
 143   UpdateFromBroker();
 144 }
 145
 146 void DeviceLocalAccountPolicyProvider::UpdateFromBroker() {
 147   DeviceLocalAccountPolicyBroker* broker = GetBroker();
 148   scoped_ptr<PolicyBundle> bundle(new PolicyBundle());
 149   if (broker) {
 150     store_initialized_ |= broker->core()->store()->is_initialized();
 151     if (!waiting_for_policy_refresh_) {
 152       // Copy policy from the broker.
 153       bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
 154           .CopyFrom(broker->core()->store()->policy_map());
 155       external_data_manager_ = broker->external_data_manager();
 156
 157       if (broker->component_policy_service())
 158         bundle->MergeFrom(broker->component_policy_service()->policy());
 159     } else {
 160       // Wait for the refresh to finish.
 161       return;
 162     }
 163   } else {
 164     // Keep existing policy, but do send an update.
 165     waiting_for_policy_refresh_ = false;
 166     weak_factory_.InvalidateWeakPtrs();
 167     bundle->CopyFrom(policies());
 168   }
 169
 170   // Apply overrides.
 171   if (chrome_policy_overrides_) {
 172     PolicyMap& chrome_policy =
 173         bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()));
 174     for (PolicyMap::const_iterator it(chrome_policy_overrides_->begin());
 175          it != chrome_policy_overrides_->end();
 176          ++it) {
 177       const PolicyMap::Entry& entry = it->second;
 178       chrome_policy.Set(it->first,
 179                         entry.level,
 180                         entry.scope,
 181                         entry.source,
 182                         entry.value->DeepCopy(),
 183                         nullptr);
 184     }
 185   }
 186
 187   UpdatePolicy(bundle.Pass());
 188 }
 189
 190 }  // namespace policy