1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
8 #include "base/command_line.h"
9 #include "base/files/file_path.h"
10 #include "base/logging.h"
11 #include "base/memory/ref_counted.h"
12 #include "base/path_service.h"
13 #include "base/sequenced_task_runner.h"
14 #include "base/thread_task_runner_handle.h"
15 #include "base/thread_task_runner_handle.h"
16 #include "base/threading/sequenced_worker_pool.h"
17 #include "base/time/time.h"
18 #include "chrome/browser/browser_process.h"
19 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
20 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
21 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
22 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
23 #include "chrome/browser/chromeos/profiles/profile_helper.h"
24 #include "chrome/browser/chromeos/settings/cros_settings.h"
25 #include "chrome/browser/policy/schema_registry_service.h"
26 #include "chrome/browser/policy/schema_registry_service_factory.h"
27 #include "chrome/browser/profiles/profile.h"
28 #include "chromeos/chromeos_paths.h"
29 #include "chromeos/chromeos_switches.h"
30 #include "chromeos/dbus/dbus_thread_manager.h"
31 #include "components/keyed_service/content/browser_context_dependency_manager.h"
32 #include "components/policy/core/browser/browser_policy_connector.h"
33 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
34 #include "components/policy/core/common/cloud/device_management_service.h"
35 #include "components/user_manager/user.h"
36 #include "components/user_manager/user_manager.h"
37 #include "content/public/browser/browser_thread.h"
38 #include "net/url_request/url_request_context_getter.h"
39 #include "policy/policy_constants.h"
45 // Subdirectory in the user's profile for storing legacy user policies.
46 const base::FilePath::CharType kDeviceManagementDir
[] =
47 FILE_PATH_LITERAL("Device Management");
49 // File in the above directory for storing legacy user policy dmtokens.
50 const base::FilePath::CharType kToken
[] = FILE_PATH_LITERAL("Token");
52 // This constant is used to build two different paths. It can be a file inside
53 // kDeviceManagementDir where legacy user policy data is stored, and it can be
54 // a directory inside the profile directory where other resources are stored.
55 const base::FilePath::CharType kPolicy
[] = FILE_PATH_LITERAL("Policy");
57 // Directory under kPolicy, in the user's profile dir, where policy for
58 // components is cached.
59 const base::FilePath::CharType kComponentsDir
[] =
60 FILE_PATH_LITERAL("Components");
62 // Directory in which to store external policy data. This is specified relative
64 const base::FilePath::CharType kPolicyExternalDataDir
[] =
65 FILE_PATH_LITERAL("External Data");
67 // Timeout in seconds after which to abandon the initial policy fetch and start
68 // the session regardless.
69 const int kInitialPolicyFetchTimeoutSeconds
= 10;
74 UserCloudPolicyManagerFactoryChromeOS
*
75 UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
76 return Singleton
<UserCloudPolicyManagerFactoryChromeOS
>::get();
80 UserCloudPolicyManagerChromeOS
*
81 UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
83 return GetInstance()->GetManagerForProfile(profile
);
87 scoped_ptr
<UserCloudPolicyManagerChromeOS
>
88 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
90 bool force_immediate_load
,
91 scoped_refptr
<base::SequencedTaskRunner
> background_task_runner
) {
92 return GetInstance()->CreateManagerForProfile(
93 profile
, force_immediate_load
, background_task_runner
);
96 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
97 : BrowserContextKeyedBaseFactory(
98 "UserCloudPolicyManagerChromeOS",
99 BrowserContextDependencyManager::GetInstance()) {
100 DependsOn(SchemaRegistryServiceFactory::GetInstance());
103 UserCloudPolicyManagerFactoryChromeOS::
104 ~UserCloudPolicyManagerFactoryChromeOS() {}
106 UserCloudPolicyManagerChromeOS
*
107 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
109 // Get the manager for the original profile, since the PolicyService is
110 // also shared between the incognito Profile and the original Profile.
111 ManagerMap::const_iterator it
= managers_
.find(profile
->GetOriginalProfile());
112 return it
!= managers_
.end() ? it
->second
: NULL
;
115 scoped_ptr
<UserCloudPolicyManagerChromeOS
>
116 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
118 bool force_immediate_load
,
119 scoped_refptr
<base::SequencedTaskRunner
> background_task_runner
) {
120 const base::CommandLine
* command_line
=
121 base::CommandLine::ForCurrentProcess();
122 // Don't initialize cloud policy for the signin profile.
123 if (chromeos::ProfileHelper::IsSigninProfile(profile
))
124 return scoped_ptr
<UserCloudPolicyManagerChromeOS
>();
126 // |user| should never be NULL except for the signin profile. This object is
127 // created as part of the Profile creation, which happens right after
128 // sign-in. The just-signed-in User is the active user during that time.
129 const user_manager::User
* user
=
130 chromeos::ProfileHelper::Get()->GetUserByProfile(profile
);
133 // User policy exists for enterprise accounts only:
134 // - For regular enterprise users (those who have a GAIA account), a
135 // |UserCloudPolicyManagerChromeOS| is created here.
136 // - For device-local accounts, policy is provided by
137 // |DeviceLocalAccountPolicyService|.
138 // All other user types do not have user policy.
139 const std::string
& username
= user
->email();
140 if (!user
->HasGaiaAccount() ||
141 user
->IsSupervised() ||
142 BrowserPolicyConnector::IsNonEnterpriseUser(username
)) {
143 return scoped_ptr
<UserCloudPolicyManagerChromeOS
>();
146 policy::BrowserPolicyConnectorChromeOS
* connector
=
147 g_browser_process
->platform_part()->browser_policy_connector_chromeos();
148 UserAffiliation affiliation
= connector
->GetUserAffiliation(username
);
149 const bool is_affiliated_user
= affiliation
== USER_AFFILIATION_MANAGED
;
150 const bool is_browser_restart
=
151 command_line
->HasSwitch(chromeos::switches::kLoginUser
);
152 const bool wait_for_initial_policy
=
153 !is_browser_restart
&&
154 (user_manager::UserManager::Get()->IsCurrentUserNew() ||
157 const base::TimeDelta initial_policy_fetch_timeout
=
158 user_manager::UserManager::Get()->IsCurrentUserNew()
159 ? base::TimeDelta::Max()
160 : base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds
);
162 DeviceManagementService
* device_management_service
=
163 connector
->device_management_service();
164 if (wait_for_initial_policy
)
165 device_management_service
->ScheduleInitialization(0);
167 base::FilePath profile_dir
= profile
->GetPath();
168 const base::FilePath legacy_dir
= profile_dir
.Append(kDeviceManagementDir
);
169 const base::FilePath policy_cache_file
= legacy_dir
.Append(kPolicy
);
170 const base::FilePath token_cache_file
= legacy_dir
.Append(kToken
);
171 const base::FilePath component_policy_cache_dir
=
172 profile_dir
.Append(kPolicy
).Append(kComponentsDir
);
173 const base::FilePath external_data_dir
=
174 profile_dir
.Append(kPolicy
).Append(kPolicyExternalDataDir
);
175 base::FilePath policy_key_dir
;
176 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS
, &policy_key_dir
));
178 scoped_ptr
<UserCloudPolicyStoreChromeOS
> store(
179 new UserCloudPolicyStoreChromeOS(
180 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
181 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
182 background_task_runner
,
183 username
, policy_key_dir
, token_cache_file
, policy_cache_file
));
185 scoped_refptr
<base::SequencedTaskRunner
> backend_task_runner
=
186 content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
187 content::BrowserThread::GetBlockingPool()->GetSequenceToken());
188 scoped_refptr
<base::SequencedTaskRunner
> io_task_runner
=
189 content::BrowserThread::GetMessageLoopProxyForThread(
190 content::BrowserThread::IO
);
191 scoped_ptr
<CloudExternalDataManager
> external_data_manager(
192 new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails
),
197 if (force_immediate_load
)
198 store
->LoadImmediately();
200 scoped_refptr
<base::SequencedTaskRunner
> file_task_runner
=
201 content::BrowserThread::GetMessageLoopProxyForThread(
202 content::BrowserThread::FILE);
204 scoped_ptr
<UserCloudPolicyManagerChromeOS
> manager(
205 new UserCloudPolicyManagerChromeOS(
206 store
.Pass(), external_data_manager
.Pass(),
207 component_policy_cache_dir
, wait_for_initial_policy
,
208 initial_policy_fetch_timeout
, base::ThreadTaskRunnerHandle::Get(),
209 file_task_runner
, io_task_runner
));
211 bool wildcard_match
= false;
212 if (connector
->IsEnterpriseManaged() &&
213 chromeos::CrosSettings::IsWhitelisted(username
, &wildcard_match
) &&
214 wildcard_match
&& !connector
->IsNonEnterpriseUser(username
)) {
215 manager
->EnableWildcardLoginCheck(username
);
219 SchemaRegistryServiceFactory::GetForContext(profile
)->registry());
220 manager
->Connect(g_browser_process
->local_state(), device_management_service
,
221 g_browser_process
->system_request_context());
223 DCHECK(managers_
.find(profile
) == managers_
.end());
224 managers_
[profile
] = manager
.get();
225 return manager
.Pass();
228 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
229 content::BrowserContext
* context
) {
230 Profile
* profile
= static_cast<Profile
*>(context
);
231 if (profile
->IsOffTheRecord())
233 UserCloudPolicyManagerChromeOS
* manager
= GetManagerForProfile(profile
);
238 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
239 content::BrowserContext
* context
) {
240 Profile
* profile
= static_cast<Profile
*>(context
);
241 managers_
.erase(profile
);
242 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context
);
245 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
246 content::BrowserContext
* context
) {}
248 bool UserCloudPolicyManagerFactoryChromeOS::HasTestingFactory(
249 content::BrowserContext
* context
) {
253 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
254 content::BrowserContext
* context
) {}
256 } // namespace policy