1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_CHROMEOS_SYSTEM_DEVICE_DISABLING_MANAGER_H_
6 #define CHROME_BROWSER_CHROMEOS_SYSTEM_DEVICE_DISABLING_MANAGER_H_
10 #include "base/callback.h"
11 #include "base/macros.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/memory/weak_ptr.h"
14 #include "base/observer_list.h"
15 #include "chrome/browser/chromeos/settings/cros_settings.h"
18 class BrowserPolicyConnectorChromeOS
;
21 namespace user_manager
{
28 // If an enrolled device is lost or stolen, it can be remotely disabled by its
29 // owner. The disabling is triggered in two different ways, depending on the
30 // state the device is in:
31 // - If the device has been wiped, it will perform a hash dance during OOBE to
32 // find out whether any persistent state has been stored for it on the server.
33 // If so, persistent state is retrieved as a |DeviceStateRetrievalResponse|
34 // protobuf, parsed and written to the |prefs::kServerBackedDeviceState| local
35 // state pref. At the appropriate place in the OOBE flow, the
36 // |WizardController| will call CheckWhetherDeviceDisabledDuringOOBE() to find
37 // out whether the device is disabled, causing it to either show or skip the
38 // device disabled screen.
39 // - If the device has not been wiped, the disabled state is retrieved with
40 // every device policy fetch as part of the |PolicyData| protobuf, parsed and
41 // written to the |chromeos::kDeviceDisabled| cros setting. This class
42 // monitors the cros setting. When the device becomes disabled, one of two
44 // 1) If no session is in progress, the device disabled screen is shown
46 // 2) If a session is in progress, the session is terminated. After Chrome has
47 // restarted on the login screen, the disabled screen is shown per 1).
48 // This ensures that when a device is disabled, there is never any user
49 // session running in the backround.
50 // When the device is re-enabled, Chrome is restarted once more to resume the
51 // regular login screen flows from a known-good point.
52 class DeviceDisablingManager
{
54 using DeviceDisabledCheckCallback
= base::Callback
<void(bool)>;
60 virtual void OnDisabledMessageChanged(
61 const std::string
& disabled_message
) = 0;
64 DISALLOW_ASSIGN(Observer
);
71 // Terminate the current session (if any) and restart Chrome to show the
73 virtual void RestartToLoginScreen() = 0;
75 // Show the device disabled screen.
76 virtual void ShowDeviceDisabledScreen() = 0;
79 DISALLOW_ASSIGN(Delegate
);
82 // |delegate| must outlive |this|.
83 DeviceDisablingManager(Delegate
* delegate
,
84 CrosSettings
* cros_settings
,
85 user_manager::UserManager
* user_manager
);
86 ~DeviceDisablingManager();
88 void AddObserver(Observer
* observer
);
89 void RemoveObserver(Observer
* observer
);
91 // Returns the cached domain that owns the device. The domain is only
92 // guaranteed to be up to date if the disabled screen was triggered.
93 const std::string
& enrollment_domain() const { return enrollment_domain_
; }
95 // Returns the cached disabled message. The message is only guaranteed to be
96 // up to date if the disabled screen was triggered.
97 const std::string
& disabled_message() const { return disabled_message_
; }
99 // Performs a check whether the device is disabled during OOBE. |callback|
100 // will be invoked with the result of the check.
101 void CheckWhetherDeviceDisabledDuringOOBE(
102 const DeviceDisabledCheckCallback
& callback
);
104 // Whenever trusted cros settings indicate that the device is disabled, this
105 // method should be used to check whether the device disabling is to be
106 // honored. If this method returns false, the device should not be disabled.
107 static bool HonorDeviceDisablingDuringNormalOperation();
112 // Cache the disabled message and inform observers if it changed.
113 void CacheDisabledMessageAndNotify(const std::string
& disabled_message
);
115 void UpdateFromCrosSettings();
118 policy::BrowserPolicyConnectorChromeOS
* browser_policy_connector_
;
119 CrosSettings
* cros_settings_
;
120 user_manager::UserManager
* user_manager_
;
122 ObserverList
<Observer
> observers_
;
124 scoped_ptr
<CrosSettings::ObserverSubscription
> device_disabled_subscription_
;
125 scoped_ptr
<CrosSettings::ObserverSubscription
> disabled_message_subscription_
;
127 // Indicates whether the device was disabled when the cros settings were last
129 bool device_disabled_
;
131 // A cached copy of the domain that owns the device.
132 std::string enrollment_domain_
;
134 // A cached copy of the message to show on the device disabled screen.
135 std::string disabled_message_
;
137 base::WeakPtrFactory
<DeviceDisablingManager
> weak_factory_
;
139 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManager
);
142 } // namespace system
143 } // namespace chromeos
145 #endif // CHROME_BROWSER_CHROMEOS_SYSTEM_DEVICE_DISABLING_MANAGER_H_