Check USB device path access when prompting users to select a device.
[chromium-blink-merge.git] / chrome / browser / chromeos / system / device_disabling_manager.h
blobc72091f483f30d3e6af2e47249da6788298b002b
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_SYSTEM_DEVICE_DISABLING_MANAGER_H_
6 #define CHROME_BROWSER_CHROMEOS_SYSTEM_DEVICE_DISABLING_MANAGER_H_
8 #include <string>
10 #include "base/callback.h"
11 #include "base/macros.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
14 #include "base/observer_list.h"
15 #include "chrome/browser/chromeos/settings/cros_settings.h"
17 namespace policy {
18 class BrowserPolicyConnectorChromeOS;
21 namespace user_manager {
22 class UserManager;
25 namespace chromeos {
26 namespace system {
28 // If an enrolled device is lost or stolen, it can be remotely disabled by its
29 // owner. The disabling is triggered in two different ways, depending on the
30 // state the device is in:
31 // - If the device has been wiped, it will perform a hash dance during OOBE to
32 // find out whether any persistent state has been stored for it on the server.
33 // If so, persistent state is retrieved as a |DeviceStateRetrievalResponse|
34 // protobuf, parsed and written to the |prefs::kServerBackedDeviceState| local
35 // state pref. At the appropriate place in the OOBE flow, the
36 // |WizardController| will call CheckWhetherDeviceDisabledDuringOOBE() to find
37 // out whether the device is disabled, causing it to either show or skip the
38 // device disabled screen.
39 // - If the device has not been wiped, the disabled state is retrieved with
40 // every device policy fetch as part of the |PolicyData| protobuf, parsed and
41 // written to the |chromeos::kDeviceDisabled| cros setting. This class
42 // monitors the cros setting. When the device becomes disabled, one of two
43 // actions is taken:
44 // 1) If no session is in progress, the device disabled screen is shown
45 // immediately.
46 // 2) If a session is in progress, the session is terminated. After Chrome has
47 // restarted on the login screen, the disabled screen is shown per 1).
48 // This ensures that when a device is disabled, there is never any user
49 // session running in the backround.
50 // When the device is re-enabled, Chrome is restarted once more to resume the
51 // regular login screen flows from a known-good point.
52 class DeviceDisablingManager {
53 public:
54 using DeviceDisabledCheckCallback = base::Callback<void(bool)>;
56 class Observer {
57 public:
58 virtual ~Observer();
60 virtual void OnDisabledMessageChanged(
61 const std::string& disabled_message) = 0;
63 private:
64 DISALLOW_ASSIGN(Observer);
67 class Delegate {
68 public:
69 virtual ~Delegate();
71 // Terminate the current session (if any) and restart Chrome to show the
72 // login screen.
73 virtual void RestartToLoginScreen() = 0;
75 // Show the device disabled screen.
76 virtual void ShowDeviceDisabledScreen() = 0;
78 private:
79 DISALLOW_ASSIGN(Delegate);
82 // |delegate| must outlive |this|.
83 DeviceDisablingManager(Delegate* delegate,
84 CrosSettings* cros_settings,
85 user_manager::UserManager* user_manager);
86 ~DeviceDisablingManager();
88 void AddObserver(Observer* observer);
89 void RemoveObserver(Observer* observer);
91 // Returns the cached domain that owns the device. The domain is only
92 // guaranteed to be up to date if the disabled screen was triggered.
93 const std::string& enrollment_domain() const { return enrollment_domain_; }
95 // Returns the cached disabled message. The message is only guaranteed to be
96 // up to date if the disabled screen was triggered.
97 const std::string& disabled_message() const { return disabled_message_; }
99 // Performs a check whether the device is disabled during OOBE. |callback|
100 // will be invoked with the result of the check.
101 void CheckWhetherDeviceDisabledDuringOOBE(
102 const DeviceDisabledCheckCallback& callback);
104 // Whenever trusted cros settings indicate that the device is disabled, this
105 // method should be used to check whether the device disabling is to be
106 // honored. If this method returns false, the device should not be disabled.
107 static bool HonorDeviceDisablingDuringNormalOperation();
109 private:
110 void Init();
112 // Cache the disabled message and inform observers if it changed.
113 void CacheDisabledMessageAndNotify(const std::string& disabled_message);
115 void UpdateFromCrosSettings();
117 Delegate* delegate_;
118 policy::BrowserPolicyConnectorChromeOS* browser_policy_connector_;
119 CrosSettings* cros_settings_;
120 user_manager::UserManager* user_manager_;
122 ObserverList<Observer> observers_;
124 scoped_ptr<CrosSettings::ObserverSubscription> device_disabled_subscription_;
125 scoped_ptr<CrosSettings::ObserverSubscription> disabled_message_subscription_;
127 // Indicates whether the device was disabled when the cros settings were last
128 // read.
129 bool device_disabled_;
131 // A cached copy of the domain that owns the device.
132 std::string enrollment_domain_;
134 // A cached copy of the message to show on the device disabled screen.
135 std::string disabled_message_;
137 base::WeakPtrFactory<DeviceDisablingManager> weak_factory_;
139 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManager);
142 } // namespace system
143 } // namespace chromeos
145 #endif // CHROME_BROWSER_CHROMEOS_SYSTEM_DEVICE_DISABLING_MANAGER_H_