1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
8 #include "base/bind_helpers.h"
9 #include "base/callback.h"
10 #include "base/command_line.h"
11 #include "base/logging.h"
12 #include "base/port.h"
13 #include "base/prefs/pref_registry_simple.h"
14 #include "base/prefs/pref_service.h"
15 #include "base/strings/string_number_conversions.h"
16 #include "base/time/time.h"
17 #include "chrome/browser/browser_process.h"
18 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h"
19 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h"
20 #include "chrome/browser/chromeos/login/startup_utils.h"
21 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
22 #include "chrome/browser/chromeos/policy/device_status_collector.h"
23 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
24 #include "chrome/browser/chromeos/policy/heartbeat_scheduler.h"
25 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
26 #include "chrome/browser/chromeos/policy/status_uploader.h"
27 #include "chrome/common/pref_names.h"
28 #include "chromeos/chromeos_constants.h"
29 #include "chromeos/chromeos_switches.h"
30 #include "chromeos/system/statistics_provider.h"
31 #include "components/policy/core/common/cloud/cloud_policy_core.h"
32 #include "components/policy/core/common/cloud/cloud_policy_service.h"
33 #include "components/policy/core/common/cloud/cloud_policy_store.h"
34 #include "content/public/browser/browser_thread.h"
35 #include "crypto/sha2.h"
36 #include "policy/proto/device_management_backend.pb.h"
39 using content::BrowserThread
;
41 namespace em
= enterprise_management
;
47 const char kNoRequisition
[] = "none";
48 const char kRemoraRequisition
[] = "remora";
49 const char kSharkRequisition
[] = "shark";
51 // These are the machine serial number keys that we check in order until we
52 // find a non-empty serial number. The VPD spec says the serial number should be
53 // in the "serial_number" key for v2+ VPDs. However, legacy devices used a
54 // different key to report their serial number, which we fall back to if
55 // "serial_number" is not present.
57 // Product_S/N is still special-cased due to inconsistencies with serial
58 // numbers on Lumpy devices: On these devices, serial_number is identical to
59 // Product_S/N with an appended checksum. Unfortunately, the sticker on the
60 // packaging doesn't include that checksum either (the sticker on the device
61 // does though!). The former sticker is the source of the serial number used by
62 // device management service, so we prefer Product_S/N over serial number to
65 // TODO(mnissler): Move serial_number back to the top once the server side uses
66 // the correct serial number.
67 const char* const kMachineInfoSerialNumberKeys
[] = {
68 "Product_S/N", // Lumpy/Alex devices
69 "serial_number", // VPD v2+ devices
70 "Product_SN", // Mario
71 "sn", // old ZGB devices (more recent ones use serial_number)
74 // Fetches a machine statistic value from StatisticsProvider, returns an empty
76 std::string
GetMachineStatistic(const std::string
& key
) {
78 chromeos::system::StatisticsProvider
* provider
=
79 chromeos::system::StatisticsProvider::GetInstance();
80 if (!provider
->GetMachineStatistic(key
, &value
))
86 // Gets a machine flag from StatisticsProvider, returns the given
87 // |default_value| if not present.
88 bool GetMachineFlag(const std::string
& key
, bool default_value
) {
89 bool value
= default_value
;
90 chromeos::system::StatisticsProvider
* provider
=
91 chromeos::system::StatisticsProvider::GetInstance();
92 if (!provider
->GetMachineFlag(key
, &value
))
98 // Checks whether forced re-enrollment is enabled.
99 bool ForcedReEnrollmentEnabled() {
100 return chromeos::AutoEnrollmentController::GetMode() ==
101 chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT
;
106 DeviceCloudPolicyManagerChromeOS::DeviceCloudPolicyManagerChromeOS(
107 scoped_ptr
<DeviceCloudPolicyStoreChromeOS
> store
,
108 const scoped_refptr
<base::SequencedTaskRunner
>& task_runner
,
109 ServerBackedStateKeysBroker
* state_keys_broker
)
110 : CloudPolicyManager(
111 dm_protocol::kChromeDevicePolicyType
,
115 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE),
116 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO
)),
117 device_store_(store
.Pass()),
118 state_keys_broker_(state_keys_broker
),
119 task_runner_(task_runner
),
120 local_state_(nullptr) {
123 DeviceCloudPolicyManagerChromeOS::~DeviceCloudPolicyManagerChromeOS() {}
125 void DeviceCloudPolicyManagerChromeOS::Initialize(PrefService
* local_state
) {
128 local_state_
= local_state
;
130 state_keys_update_subscription_
= state_keys_broker_
->RegisterUpdateCallback(
131 base::Bind(&DeviceCloudPolicyManagerChromeOS::OnStateKeysUpdated
,
132 base::Unretained(this)));
134 InitializeRequisition();
137 void DeviceCloudPolicyManagerChromeOS::AddDeviceCloudPolicyManagerObserver(
138 Observer
* observer
) {
139 observers_
.AddObserver(observer
);
142 void DeviceCloudPolicyManagerChromeOS::RemoveDeviceCloudPolicyManagerObserver(
143 Observer
* observer
) {
144 observers_
.RemoveObserver(observer
);
147 std::string
DeviceCloudPolicyManagerChromeOS::GetDeviceRequisition() const {
148 std::string requisition
;
149 const PrefService::Preference
* pref
= local_state_
->FindPreference(
150 prefs::kDeviceEnrollmentRequisition
);
151 if (!pref
->IsDefaultValue())
152 pref
->GetValue()->GetAsString(&requisition
);
154 if (requisition
== kNoRequisition
)
160 void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition(
161 const std::string
& requisition
) {
162 VLOG(1) << "SetDeviceRequisition " << requisition
;
164 if (requisition
.empty()) {
165 local_state_
->ClearPref(prefs::kDeviceEnrollmentRequisition
);
166 local_state_
->ClearPref(prefs::kDeviceEnrollmentAutoStart
);
167 local_state_
->ClearPref(prefs::kDeviceEnrollmentCanExit
);
169 local_state_
->SetString(prefs::kDeviceEnrollmentRequisition
, requisition
);
170 if (requisition
== kNoRequisition
) {
171 local_state_
->ClearPref(prefs::kDeviceEnrollmentAutoStart
);
172 local_state_
->ClearPref(prefs::kDeviceEnrollmentCanExit
);
174 local_state_
->SetBoolean(prefs::kDeviceEnrollmentAutoStart
, true);
175 local_state_
->SetBoolean(prefs::kDeviceEnrollmentCanExit
, false);
181 bool DeviceCloudPolicyManagerChromeOS::IsRemoraRequisition() const {
182 return GetDeviceRequisition() == kRemoraRequisition
;
185 bool DeviceCloudPolicyManagerChromeOS::IsSharkRequisition() const {
186 return GetDeviceRequisition() == kSharkRequisition
;
189 void DeviceCloudPolicyManagerChromeOS::Shutdown() {
190 status_uploader_
.reset();
191 heartbeat_scheduler_
.reset();
192 state_keys_update_subscription_
.reset();
193 CloudPolicyManager::Shutdown();
197 void DeviceCloudPolicyManagerChromeOS::RegisterPrefs(
198 PrefRegistrySimple
* registry
) {
199 registry
->RegisterStringPref(prefs::kDeviceEnrollmentRequisition
,
201 registry
->RegisterBooleanPref(prefs::kDeviceEnrollmentAutoStart
, false);
202 registry
->RegisterBooleanPref(prefs::kDeviceEnrollmentCanExit
, true);
203 registry
->RegisterDictionaryPref(prefs::kServerBackedDeviceState
);
207 std::string
DeviceCloudPolicyManagerChromeOS::GetMachineID() {
208 std::string machine_id
;
209 chromeos::system::StatisticsProvider
* provider
=
210 chromeos::system::StatisticsProvider::GetInstance();
211 for (size_t i
= 0; i
< arraysize(kMachineInfoSerialNumberKeys
); i
++) {
212 if (provider
->GetMachineStatistic(kMachineInfoSerialNumberKeys
[i
],
214 !machine_id
.empty()) {
219 if (machine_id
.empty())
220 LOG(WARNING
) << "Failed to get machine id.";
226 std::string
DeviceCloudPolicyManagerChromeOS::GetMachineModel() {
227 return GetMachineStatistic(chromeos::system::kHardwareClassKey
);
230 void DeviceCloudPolicyManagerChromeOS::StartConnection(
231 scoped_ptr
<CloudPolicyClient
> client_to_connect
,
232 EnterpriseInstallAttributes
* install_attributes
) {
235 // Set state keys here so the first policy fetch submits them to the server.
236 if (ForcedReEnrollmentEnabled())
237 client_to_connect
->SetStateKeysToUpload(state_keys_broker_
->state_keys());
239 core()->Connect(client_to_connect
.Pass());
240 core()->StartRefreshScheduler();
241 core()->TrackRefreshDelayPref(local_state_
,
242 prefs::kDevicePolicyRefreshRate
);
243 attestation_policy_observer_
.reset(
244 new chromeos::attestation::AttestationPolicyObserver(client()));
246 // Enable device reporting and status monitoring for enterprise enrolled
247 // devices. We want to create these objects for enrolled devices, even if
248 // monitoring is currently inactive, in case monitoring is turned back on in
249 // a future policy fetch - the classes themselves track the current state of
250 // the monitoring settings and only perform monitoring if it is active.
251 if (install_attributes
->IsEnterpriseDevice()) {
252 CreateStatusUploader();
253 heartbeat_scheduler_
.reset(
254 new HeartbeatScheduler(g_browser_process
->gcm_driver(),
255 install_attributes
->GetDomain(),
256 install_attributes
->GetDeviceId(),
263 void DeviceCloudPolicyManagerChromeOS::Unregister(
264 const UnregisterCallback
& callback
) {
266 LOG(ERROR
) << "Tried to unregister but DeviceCloudPolicyManagerChromeOS is "
272 service()->Unregister(callback
);
275 void DeviceCloudPolicyManagerChromeOS::Disconnect() {
276 status_uploader_
.reset();
277 heartbeat_scheduler_
.reset();
278 core()->Disconnect();
280 NotifyDisconnected();
283 void DeviceCloudPolicyManagerChromeOS::OnStateKeysUpdated() {
284 if (client() && ForcedReEnrollmentEnabled())
285 client()->SetStateKeysToUpload(state_keys_broker_
->state_keys());
288 void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() {
289 // OEM statistics are only loaded when OOBE is not completed.
290 if (chromeos::StartupUtils::IsOobeCompleted())
293 const PrefService::Preference
* pref
= local_state_
->FindPreference(
294 prefs::kDeviceEnrollmentRequisition
);
295 if (pref
->IsDefaultValue()) {
296 std::string requisition
=
297 GetMachineStatistic(chromeos::system::kOemDeviceRequisitionKey
);
299 if (!requisition
.empty()) {
300 local_state_
->SetString(prefs::kDeviceEnrollmentRequisition
,
302 if (requisition
== kRemoraRequisition
||
303 requisition
== kSharkRequisition
) {
304 local_state_
->SetBoolean(prefs::kDeviceEnrollmentAutoStart
, true);
305 local_state_
->SetBoolean(prefs::kDeviceEnrollmentCanExit
, false);
307 local_state_
->SetBoolean(
308 prefs::kDeviceEnrollmentAutoStart
,
309 GetMachineFlag(chromeos::system::kOemIsEnterpriseManagedKey
,
311 local_state_
->SetBoolean(
312 prefs::kDeviceEnrollmentCanExit
,
313 GetMachineFlag(chromeos::system::kOemCanExitEnterpriseEnrollmentKey
,
320 void DeviceCloudPolicyManagerChromeOS::NotifyConnected() {
322 Observer
, observers_
, OnDeviceCloudPolicyManagerConnected());
325 void DeviceCloudPolicyManagerChromeOS::NotifyDisconnected() {
327 Observer
, observers_
, OnDeviceCloudPolicyManagerDisconnected());
330 void DeviceCloudPolicyManagerChromeOS::CreateStatusUploader() {
331 status_uploader_
.reset(new StatusUploader(
333 make_scoped_ptr(new DeviceStatusCollector(
334 local_state_
, chromeos::system::StatisticsProvider::GetInstance(),
335 DeviceStatusCollector::LocationUpdateRequester(),
336 DeviceStatusCollector::VolumeInfoFetcher(),
337 DeviceStatusCollector::CPUStatisticsFetcher())),
341 } // namespace policy