Check USB device path access when prompting users to select a device.
[chromium-blink-merge.git] / chrome / browser / supervised_user / supervised_user_service.h
blob1519450722ccdf4eca114fb8157ab2cfd0071021
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
6 #define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
8 #include <map>
9 #include <string>
10 #include <vector>
12 #include "base/callback.h"
13 #include "base/gtest_prod_util.h"
14 #include "base/memory/scoped_ptr.h"
15 #include "base/observer_list.h"
16 #include "base/prefs/pref_change_registrar.h"
17 #include "base/scoped_observer.h"
18 #include "base/strings/string16.h"
19 #include "chrome/browser/supervised_user/experimental/supervised_user_blacklist.h"
20 #include "chrome/browser/supervised_user/supervised_user_url_filter.h"
21 #include "chrome/browser/supervised_user/supervised_users.h"
22 #include "chrome/browser/sync/sync_type_preference_provider.h"
23 #include "chrome/browser/ui/browser_list_observer.h"
24 #include "components/keyed_service/core/keyed_service.h"
25 #include "components/sync_driver/sync_service_observer.h"
26 #include "net/url_request/url_request_context_getter.h"
28 #if defined(ENABLE_EXTENSIONS)
29 #include "extensions/browser/management_policy.h"
30 #endif
32 class Browser;
33 class GoogleServiceAuthError;
34 class PermissionRequestCreator;
35 class Profile;
36 class SupervisedUserBlacklistDownloader;
37 class SupervisedUserRegistrationUtility;
38 class SupervisedUserServiceObserver;
39 class SupervisedUserSettingsService;
40 class SupervisedUserSiteList;
41 class SupervisedUserURLFilter;
42 class SupervisedUserWhitelistService;
44 namespace base {
45 class FilePath;
46 class Version;
49 namespace content {
50 class WebContents;
53 namespace extensions {
54 class ExtensionRegistry;
57 namespace user_prefs {
58 class PrefRegistrySyncable;
61 // This class handles all the information related to a given supervised profile
62 // (e.g. the installed content packs, the default URL filtering behavior, or
63 // manual whitelist/blacklist overrides).
64 class SupervisedUserService : public KeyedService,
65 #if defined(ENABLE_EXTENSIONS)
66 public extensions::ManagementPolicy::Provider,
67 #endif
68 public SyncTypePreferenceProvider,
69 public sync_driver::SyncServiceObserver,
70 public chrome::BrowserListObserver,
71 public SupervisedUserURLFilter::Observer {
72 public:
73 using NavigationBlockedCallback = base::Callback<void(content::WebContents*)>;
74 using AuthErrorCallback = base::Callback<void(const GoogleServiceAuthError&)>;
75 using SuccessCallback = base::Callback<void(bool)>;
77 class Delegate {
78 public:
79 virtual ~Delegate() {}
80 // Returns true to indicate that the delegate handled the (de)activation, or
81 // false to indicate that the SupervisedUserService itself should handle it.
82 virtual bool SetActive(bool active) = 0;
83 // Returns the path to a blacklist file to load, or an empty path to
84 // indicate "none".
85 virtual base::FilePath GetBlacklistPath() const;
86 // Returns the URL from which to download a blacklist if no local one exists
87 // yet. The blacklist file will be stored at |GetBlacklistPath()|.
88 virtual GURL GetBlacklistURL() const;
89 // Returns the identifier ("cx") of the Custom Search Engine to use for the
90 // experimental "SafeSites" feature, or the empty string to disable the
91 // feature.
92 virtual std::string GetSafeSitesCx() const;
95 ~SupervisedUserService() override;
97 // ProfileKeyedService override:
98 void Shutdown() override;
100 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
102 void SetDelegate(Delegate* delegate);
104 // Returns the URL filter for the IO thread, for filtering network requests
105 // (in SupervisedUserResourceThrottle).
106 scoped_refptr<const SupervisedUserURLFilter> GetURLFilterForIOThread();
108 // Returns the URL filter for the UI thread, for filtering navigations and
109 // classifying sites in the history view.
110 SupervisedUserURLFilter* GetURLFilterForUIThread();
112 // Returns the whitelist service.
113 SupervisedUserWhitelistService* GetWhitelistService();
115 // Whether the user can request to get access to blocked URLs or to new
116 // extensions.
117 bool AccessRequestsEnabled();
119 // Adds an access request for the given URL.
120 void AddURLAccessRequest(const GURL& url, const SuccessCallback& callback);
122 // Adds an update request for the given WebStore item (App/Extension).
123 void AddExtensionUpdateRequest(const std::string& extension_id,
124 const base::Version& version,
125 const SuccessCallback& callback);
127 // Returns the email address of the custodian.
128 std::string GetCustodianEmailAddress() const;
130 // Returns the name of the custodian, or the email address if the name is
131 // empty.
132 std::string GetCustodianName() const;
134 // Returns the email address of the second custodian, or the empty string
135 // if there is no second custodian.
136 std::string GetSecondCustodianEmailAddress() const;
138 // Returns the name of the second custodian, or the email address if the name
139 // is empty, or the empty string is there is no second custodian.
140 std::string GetSecondCustodianName() const;
142 // Initializes this object. This method does nothing if the profile is not
143 // supervised.
144 void Init();
146 // Initializes this profile for syncing, using the provided |refresh_token| to
147 // mint access tokens for Sync.
148 void InitSync(const std::string& refresh_token);
150 // Convenience method that registers this supervised user using
151 // |registration_utility| and initializes sync with the returned token.
152 // The |callback| will be called when registration is complete,
153 // whether it succeeded or not -- unless registration was cancelled manually,
154 // in which case the callback will be ignored.
155 void RegisterAndInitSync(
156 SupervisedUserRegistrationUtility* registration_utility,
157 Profile* custodian_profile,
158 const std::string& supervised_user_id,
159 const AuthErrorCallback& callback);
161 void AddNavigationBlockedCallback(const NavigationBlockedCallback& callback);
162 void DidBlockNavigation(content::WebContents* web_contents);
164 void AddObserver(SupervisedUserServiceObserver* observer);
165 void RemoveObserver(SupervisedUserServiceObserver* observer);
167 void AddPermissionRequestCreator(
168 scoped_ptr<PermissionRequestCreator> creator);
170 // SyncTypePreferenceProvider implementation:
171 syncer::ModelTypeSet GetPreferredDataTypes() const override;
173 // sync_driver::SyncServiceObserver implementation:
174 void OnStateChanged() override;
176 // chrome::BrowserListObserver implementation:
177 void OnBrowserSetLastActive(Browser* browser) override;
179 // SupervisedUserURLFilter::Observer implementation:
180 void OnSiteListUpdated() override;
182 private:
183 friend class SupervisedUserServiceExtensionTestBase;
184 friend class SupervisedUserServiceFactory;
185 FRIEND_TEST_ALL_PREFIXES(SingleClientSupervisedUserSettingsSyncTest, Sanity);
186 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest, ClearOmitOnRegistration);
187 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest,
188 ChangesIncludedSessionOnChangedSettings);
189 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceTest,
190 ChangesSyncSessionStateOnChangedSettings);
191 FRIEND_TEST_ALL_PREFIXES(SupervisedUserServiceExtensionTest,
192 ExtensionManagementPolicyProvider);
194 using CreatePermissionRequestCallback =
195 base::Callback<void(PermissionRequestCreator*, const SuccessCallback&)>;
197 // A bridge from the UI thread to the SupervisedUserURLFilters, one of which
198 // lives on the IO thread. This class mediates access to them and makes sure
199 // they are kept in sync.
200 class URLFilterContext {
201 public:
202 URLFilterContext();
203 ~URLFilterContext();
205 SupervisedUserURLFilter* ui_url_filter() const;
206 SupervisedUserURLFilter* io_url_filter() const;
208 void SetDefaultFilteringBehavior(
209 SupervisedUserURLFilter::FilteringBehavior behavior);
210 void LoadWhitelists(
211 const std::vector<scoped_refptr<SupervisedUserSiteList>>& site_lists);
212 void LoadBlacklist(const base::FilePath& path,
213 const base::Closure& callback);
214 void SetManualHosts(scoped_ptr<std::map<std::string, bool>> host_map);
215 void SetManualURLs(scoped_ptr<std::map<GURL, bool>> url_map);
217 void InitAsyncURLChecker(
218 const scoped_refptr<net::URLRequestContextGetter>& context,
219 const std::string& cx);
221 void Clear();
223 private:
224 void OnBlacklistLoaded(const base::Closure& callback);
226 // SupervisedUserURLFilter is refcounted because the IO thread filter is
227 // used both by ProfileImplIOData and OffTheRecordProfileIOData (to filter
228 // network requests), so they both keep a reference to it.
229 // Clients should not keep references to the UI thread filter, however
230 // (the filter will live as long as the profile lives, and afterwards it
231 // should not be used anymore either).
232 scoped_refptr<SupervisedUserURLFilter> ui_url_filter_;
233 scoped_refptr<SupervisedUserURLFilter> io_url_filter_;
235 SupervisedUserBlacklist blacklist_;
237 DISALLOW_COPY_AND_ASSIGN(URLFilterContext);
240 // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get
241 // an instance of this service.
242 explicit SupervisedUserService(Profile* profile);
244 void SetActive(bool active);
246 void OnCustodianProfileDownloaded(const base::string16& full_name);
248 void OnSupervisedUserRegistered(const AuthErrorCallback& callback,
249 Profile* custodian_profile,
250 const GoogleServiceAuthError& auth_error,
251 const std::string& token);
253 void SetupSync();
254 void StartSetupSync();
255 void FinishSetupSyncWhenReady();
256 void FinishSetupSync();
258 bool ProfileIsSupervised() const;
260 void OnCustodianInfoChanged();
262 #if defined(ENABLE_EXTENSIONS)
263 // extensions::ManagementPolicy::Provider implementation:
264 std::string GetDebugPolicyProviderName() const override;
265 bool UserMayLoad(const extensions::Extension* extension,
266 base::string16* error) const override;
267 bool UserMayModifySettings(const extensions::Extension* extension,
268 base::string16* error) const override;
269 bool MustRemainInstalled(const extensions::Extension* extension,
270 base::string16* error) const override;
272 // Extensions helper to SetActive().
273 void SetExtensionsActive();
274 #endif
276 SupervisedUserSettingsService* GetSettingsService();
278 size_t FindEnabledPermissionRequestCreator(size_t start);
279 void AddPermissionRequestInternal(
280 const CreatePermissionRequestCallback& create_request,
281 const SuccessCallback& callback,
282 size_t index);
283 void OnPermissionRequestIssued(
284 const CreatePermissionRequestCallback& create_request,
285 const SuccessCallback& callback,
286 size_t index,
287 bool success);
289 void OnSupervisedUserIdChanged();
291 void OnDefaultFilteringBehaviorChanged();
293 void OnSiteListsChanged(
294 const std::vector<scoped_refptr<SupervisedUserSiteList>>& site_lists);
296 // Asynchronously downloads a static blacklist file from |url|, stores it at
297 // |path|, loads it, and applies it to the URL filters. If |url| is not valid
298 // (e.g. empty), directly tries to load from |path|.
299 void LoadBlacklist(const base::FilePath& path, const GURL& url);
301 // Asynchronously loads a static blacklist from a binary file at |path| and
302 // applies it to the URL filters.
303 void LoadBlacklistFromFile(const base::FilePath& path);
305 void OnBlacklistDownloadDone(const base::FilePath& path, bool success);
307 void OnBlacklistLoaded();
309 // Updates the manual overrides for hosts in the URL filters when the
310 // corresponding preference is changed.
311 void UpdateManualHosts();
313 // Updates the manual overrides for URLs in the URL filters when the
314 // corresponding preference is changed.
315 void UpdateManualURLs();
317 // Returns the human readable name of the supervised user.
318 std::string GetSupervisedUserName() const;
320 // Subscribes to the SupervisedUserPrefStore, refreshes
321 // |includes_sync_sessions_type_| and triggers reconfiguring the
322 // ProfileSyncService.
323 void OnHistoryRecordingStateChanged();
325 // Returns true if the syncer::SESSIONS type should be included in Sync.
326 bool IncludesSyncSessionsType() const;
328 // The option a custodian sets to either record or prevent recording the
329 // supervised user's history. Set by |FetchNewSessionSyncState()| and
330 // defaults to true.
331 bool includes_sync_sessions_type_;
333 // Owns us via the KeyedService mechanism.
334 Profile* profile_;
336 bool active_;
338 Delegate* delegate_;
340 PrefChangeRegistrar pref_change_registrar_;
342 // True iff we're waiting for the Sync service to be initialized.
343 bool waiting_for_sync_initialization_;
344 bool is_profile_active_;
346 std::vector<NavigationBlockedCallback> navigation_blocked_callbacks_;
348 // True only when |Init()| method has been called.
349 bool did_init_;
351 // True only when |Shutdown()| method has been called.
352 bool did_shutdown_;
354 URLFilterContext url_filter_context_;
355 scoped_ptr<SupervisedUserBlacklistDownloader> blacklist_downloader_;
357 scoped_ptr<SupervisedUserWhitelistService> whitelist_service_;
359 // Used to create permission requests.
360 ScopedVector<PermissionRequestCreator> permissions_creators_;
362 ObserverList<SupervisedUserServiceObserver> observer_list_;
364 base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_;
367 #endif // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_