search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert of Add button to add new FSP services to Files app. (patchset #8 id:140001...
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_policy_decoder_chromeos.cc
blobbfc5b14666ff5753cc63e5c249628475e7629644
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
6
7 #include <limits>
8 #include <string>
9
10 #include "base/callback.h"
11 #include "base/json/json_reader.h"
12 #include "base/logging.h"
13 #include "base/values.h"
14 #include "chrome/browser/browser_process.h"
15 #include "chrome/browser/chromeos/policy/device_local_account.h"
16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
17 #include "chromeos/dbus/dbus_thread_manager.h"
18 #include "chromeos/dbus/update_engine_client.h"
19 #include "chromeos/settings/cros_settings_names.h"
20 #include "components/policy/core/browser/browser_policy_connector.h"
21 #include "components/policy/core/common/external_data_fetcher.h"
22 #include "components/policy/core/common/policy_map.h"
23 #include "components/policy/core/common/schema.h"
24 #include "policy/policy_constants.h"
25 #include "third_party/cros_system_api/dbus/service_constants.h"
26
27 using google::protobuf::RepeatedField;
28 using google::protobuf::RepeatedPtrField;
29
30 namespace em = enterprise_management;
31
32 namespace policy {
33
34 namespace {
35
36 // Decodes a protobuf integer to an IntegerValue. Returns NULL in case the input
37 // value is out of bounds.
38 scoped_ptr<base::Value> DecodeIntegerValue(google::protobuf::int64 value) {
39 if (value < std::numeric_limits<int>::min() ||
40 value > std::numeric_limits<int>::max()) {
41 LOG(WARNING) << "Integer value " << value
42 << " out of numeric limits, ignoring.";
43 return scoped_ptr<base::Value>();
44 }
45
46 return scoped_ptr<base::Value>(
47 new base::FundamentalValue(static_cast<int>(value)));
48 }
49
50 // Decodes a JSON string to a base::Value, and drops unknown properties
51 // according to a policy schema. |policy_name| is the name of a policy schema
52 // defined in policy_templates.json. Returns NULL in case the input is not a
53 // valid JSON string.
54 scoped_ptr<base::Value> DecodeJsonStringAndDropUnknownBySchema(
55 const std::string& json_string,
56 const std::string& policy_name) {
57 std::string error;
58 base::Value* root(base::JSONReader::ReadAndReturnError(
59 json_string, base::JSON_ALLOW_TRAILING_COMMAS, NULL, &error));
60
61 if (!root) {
62 LOG(WARNING) << "Invalid JSON string: " << error << ", ignoring.";
63 return scoped_ptr<base::Value>();
64 }
65
66 const Schema& schema = g_browser_process
67 ->browser_policy_connector()
68 ->GetChromeSchema()
69 .GetKnownProperty(policy_name);
70
71 if (schema.valid()) {
72 std::string error_path;
73 bool changed = false;
74
75 if (!schema.Normalize(
76 root, SCHEMA_ALLOW_UNKNOWN, &error_path, &error, &changed)) {
77 LOG(WARNING) << "Invalid policy value for " << policy_name << ": "
78 << error << " at " << error_path << ".";
79 return scoped_ptr<base::Value>();
80 }
81
82 if (changed) {
83 LOG(WARNING) << "Some properties in " << policy_name
84 << " were dropped: " << error << " at " << error_path << ".";
85 }
86 } else {
87 LOG(WARNING) << "Unknown or invalid policy schema for " << policy_name
88 << ".";
89 return scoped_ptr<base::Value>();
90 }
91
92 return scoped_ptr<base::Value>(root);
93 }
94
95 base::Value* DecodeConnectionType(int value) {
96 static const char* const kConnectionTypes[] = {
97 shill::kTypeEthernet,
98 shill::kTypeWifi,
99 shill::kTypeWimax,
100 shill::kTypeBluetooth,
101 shill::kTypeCellular,
102 };
103
104 if (value < 0 || value >= static_cast<int>(arraysize(kConnectionTypes)))
105 return NULL;
106
107 return new base::StringValue(kConnectionTypes[value]);
108 }
109
110 void DecodeLoginPolicies(const em::ChromeDeviceSettingsProto& policy,
111 PolicyMap* policies) {
112 if (policy.has_guest_mode_enabled()) {
113 const em::GuestModeEnabledProto& container(policy.guest_mode_enabled());
114 if (container.has_guest_mode_enabled()) {
115 policies->Set(key::kDeviceGuestModeEnabled,
116 POLICY_LEVEL_MANDATORY,
117 POLICY_SCOPE_MACHINE,
118 new base::FundamentalValue(
119 container.guest_mode_enabled()),
120 NULL);
121 }
122 }
123
124 if (policy.has_reboot_on_shutdown()) {
125 const em::RebootOnShutdownProto& container(policy.reboot_on_shutdown());
126 if (container.has_reboot_on_shutdown()) {
127 policies->Set(key::kDeviceRebootOnShutdown, POLICY_LEVEL_MANDATORY,
128 POLICY_SCOPE_MACHINE,
129 new base::FundamentalValue(container.reboot_on_shutdown()),
130 NULL);
131 }
132 }
133
134 if (policy.has_show_user_names()) {
135 const em::ShowUserNamesOnSigninProto& container(policy.show_user_names());
136 if (container.has_show_user_names()) {
137 policies->Set(key::kDeviceShowUserNamesOnSignin,
138 POLICY_LEVEL_MANDATORY,
139 POLICY_SCOPE_MACHINE,
140 new base::FundamentalValue(
141 container.show_user_names()),
142 NULL);
143 }
144 }
145
146 if (policy.has_allow_new_users()) {
147 const em::AllowNewUsersProto& container(policy.allow_new_users());
148 if (container.has_allow_new_users()) {
149 policies->Set(key::kDeviceAllowNewUsers,
150 POLICY_LEVEL_MANDATORY,
151 POLICY_SCOPE_MACHINE,
152 new base::FundamentalValue(
153 container.allow_new_users()),
154 NULL);
155 }
156 }
157
158 if (policy.has_user_whitelist()) {
159 const em::UserWhitelistProto& container(policy.user_whitelist());
160 base::ListValue* whitelist = new base::ListValue();
161 RepeatedPtrField<std::string>::const_iterator entry;
162 for (entry = container.user_whitelist().begin();
163 entry != container.user_whitelist().end();
164 ++entry) {
165 whitelist->Append(new base::StringValue(*entry));
166 }
167 policies->Set(key::kDeviceUserWhitelist,
168 POLICY_LEVEL_MANDATORY,
169 POLICY_SCOPE_MACHINE,
170 whitelist,
171 NULL);
172 }
173
174 if (policy.has_ephemeral_users_enabled()) {
175 const em::EphemeralUsersEnabledProto& container(
176 policy.ephemeral_users_enabled());
177 if (container.has_ephemeral_users_enabled()) {
178 policies->Set(key::kDeviceEphemeralUsersEnabled,
179 POLICY_LEVEL_MANDATORY,
180 POLICY_SCOPE_MACHINE,
181 new base::FundamentalValue(
182 container.ephemeral_users_enabled()),
183 NULL);
184 }
185 }
186
187 if (policy.has_device_local_accounts()) {
188 const em::DeviceLocalAccountsProto& container(
189 policy.device_local_accounts());
190 const RepeatedPtrField<em::DeviceLocalAccountInfoProto>& accounts =
191 container.account();
192 scoped_ptr<base::ListValue> account_list(new base::ListValue());
193 RepeatedPtrField<em::DeviceLocalAccountInfoProto>::const_iterator entry;
194 for (entry = accounts.begin(); entry != accounts.end(); ++entry) {
195 scoped_ptr<base::DictionaryValue> entry_dict(
196 new base::DictionaryValue());
197 if (entry->has_type()) {
198 if (entry->has_account_id()) {
199 entry_dict->SetStringWithoutPathExpansion(
200 chromeos::kAccountsPrefDeviceLocalAccountsKeyId,
201 entry->account_id());
202 }
203 entry_dict->SetIntegerWithoutPathExpansion(
204 chromeos::kAccountsPrefDeviceLocalAccountsKeyType, entry->type());
205 if (entry->kiosk_app().has_app_id()) {
206 entry_dict->SetStringWithoutPathExpansion(
207 chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppId,
208 entry->kiosk_app().app_id());
209 }
210 if (entry->kiosk_app().has_update_url()) {
211 entry_dict->SetStringWithoutPathExpansion(
212 chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppUpdateURL,
213 entry->kiosk_app().update_url());
214 }
215 } else if (entry->has_deprecated_public_session_id()) {
216 // Deprecated public session specification.
217 entry_dict->SetStringWithoutPathExpansion(
218 chromeos::kAccountsPrefDeviceLocalAccountsKeyId,
219 entry->deprecated_public_session_id());
220 entry_dict->SetIntegerWithoutPathExpansion(
221 chromeos::kAccountsPrefDeviceLocalAccountsKeyType,
222 DeviceLocalAccount::TYPE_PUBLIC_SESSION);
223 }
224 account_list->Append(entry_dict.release());
225 }
226 policies->Set(key::kDeviceLocalAccounts,
227 POLICY_LEVEL_MANDATORY,
228 POLICY_SCOPE_MACHINE,
229 account_list.release(),
230 NULL);
231 if (container.has_auto_login_id()) {
232 policies->Set(key::kDeviceLocalAccountAutoLoginId,
233 POLICY_LEVEL_MANDATORY,
234 POLICY_SCOPE_MACHINE,
235 new base::StringValue(container.auto_login_id()),
236 NULL);
237 }
238 if (container.has_auto_login_delay()) {
239 policies->Set(key::kDeviceLocalAccountAutoLoginDelay,
240 POLICY_LEVEL_MANDATORY,
241 POLICY_SCOPE_MACHINE,
242 DecodeIntegerValue(container.auto_login_delay()).release(),
243 NULL);
244 }
245 if (container.has_enable_auto_login_bailout()) {
246 policies->Set(key::kDeviceLocalAccountAutoLoginBailoutEnabled,
247 POLICY_LEVEL_MANDATORY,
248 POLICY_SCOPE_MACHINE,
249 new base::FundamentalValue(
250 container.enable_auto_login_bailout()),
251 NULL);
252 }
253 if (container.has_prompt_for_network_when_offline()) {
254 policies->Set(key::kDeviceLocalAccountPromptForNetworkWhenOffline,
255 POLICY_LEVEL_MANDATORY,
256 POLICY_SCOPE_MACHINE,
257 new base::FundamentalValue(
258 container.prompt_for_network_when_offline()),
259 NULL);
260 }
261 }
262
263 if (policy.has_supervised_users_settings()) {
264 const em::SupervisedUsersSettingsProto& container =
265 policy.supervised_users_settings();
266 if (container.has_supervised_users_enabled()) {
267 base::Value* value = new base::FundamentalValue(
268 container.supervised_users_enabled());
269 policies->Set(key::kSupervisedUsersEnabled,
270 POLICY_LEVEL_MANDATORY,
271 POLICY_SCOPE_MACHINE,
272 value,
273 NULL);
274 }
275 }
276
277 if (policy.has_saml_settings()) {
278 const em::SAMLSettingsProto& container(policy.saml_settings());
279 if (container.has_transfer_saml_cookies()) {
280 policies->Set(key::kDeviceTransferSAMLCookies,
281 POLICY_LEVEL_MANDATORY,
282 POLICY_SCOPE_MACHINE,
283 new base::FundamentalValue(
284 container.transfer_saml_cookies()),
285 NULL);
286 }
287 }
288 }
289
290 void DecodeNetworkPolicies(const em::ChromeDeviceSettingsProto& policy,
291 PolicyMap* policies) {
292 // TODO(bartfab): Once the retail mode removal CL lands, remove this policy
293 // completely since it was only used from retail mode.
294 // http://crbug.com/442466
295 if (policy.has_device_proxy_settings()) {
296 const em::DeviceProxySettingsProto& container(
297 policy.device_proxy_settings());
298 scoped_ptr<base::DictionaryValue> proxy_settings(new base::DictionaryValue);
299 if (container.has_proxy_mode())
300 proxy_settings->SetString(key::kProxyMode, container.proxy_mode());
301 if (container.has_proxy_server())
302 proxy_settings->SetString(key::kProxyServer, container.proxy_server());
303 if (container.has_proxy_pac_url())
304 proxy_settings->SetString(key::kProxyPacUrl, container.proxy_pac_url());
305 if (container.has_proxy_bypass_list()) {
306 proxy_settings->SetString(key::kProxyBypassList,
307 container.proxy_bypass_list());
308 }
309
310 if (!proxy_settings->empty()) {
311 policies->Set(key::kProxySettings, POLICY_LEVEL_RECOMMENDED,
312 POLICY_SCOPE_MACHINE, proxy_settings.release(), nullptr);
313 }
314 }
315
316 if (policy.has_data_roaming_enabled()) {
317 const em::DataRoamingEnabledProto& container(policy.data_roaming_enabled());
318 if (container.has_data_roaming_enabled()) {
319 policies->Set(key::kDeviceDataRoamingEnabled,
320 POLICY_LEVEL_MANDATORY,
321 POLICY_SCOPE_MACHINE,
322 new base::FundamentalValue(
323 container.data_roaming_enabled()),
324 NULL);
325 }
326 }
327
328 if (policy.has_open_network_configuration() &&
329 policy.open_network_configuration().has_open_network_configuration()) {
330 std::string config(
331 policy.open_network_configuration().open_network_configuration());
332 policies->Set(key::kDeviceOpenNetworkConfiguration,
333 POLICY_LEVEL_MANDATORY,
334 POLICY_SCOPE_MACHINE,
335 new base::StringValue(config),
336 NULL);
337 }
338 }
339
340 void DecodeReportingPolicies(const em::ChromeDeviceSettingsProto& policy,
341 PolicyMap* policies) {
342 if (policy.has_device_reporting()) {
343 const em::DeviceReportingProto& container(policy.device_reporting());
344 if (container.has_report_version_info()) {
345 policies->Set(key::kReportDeviceVersionInfo,
346 POLICY_LEVEL_MANDATORY,
347 POLICY_SCOPE_MACHINE,
348 new base::FundamentalValue(
349 container.report_version_info()),
350 NULL);
351 }
352 if (container.has_report_activity_times()) {
353 policies->Set(key::kReportDeviceActivityTimes,
354 POLICY_LEVEL_MANDATORY,
355 POLICY_SCOPE_MACHINE,
356 new base::FundamentalValue(
357 container.report_activity_times()),
358 NULL);
359 }
360 if (container.has_report_boot_mode()) {
361 policies->Set(key::kReportDeviceBootMode,
362 POLICY_LEVEL_MANDATORY,
363 POLICY_SCOPE_MACHINE,
364 new base::FundamentalValue(
365 container.report_boot_mode()),
366 NULL);
367 }
368 if (container.has_report_location()) {
369 policies->Set(key::kReportDeviceLocation,
370 POLICY_LEVEL_MANDATORY,
371 POLICY_SCOPE_MACHINE,
372 new base::FundamentalValue(
373 container.report_location()),
374 NULL);
375 }
376 if (container.has_report_network_interfaces()) {
377 policies->Set(key::kReportDeviceNetworkInterfaces,
378 POLICY_LEVEL_MANDATORY,
379 POLICY_SCOPE_MACHINE,
380 new base::FundamentalValue(
381 container.report_network_interfaces()),
382 NULL);
383 }
384 if (container.has_report_users()) {
385 policies->Set(key::kReportDeviceUsers,
386 POLICY_LEVEL_MANDATORY,
387 POLICY_SCOPE_MACHINE,
388 new base::FundamentalValue(container.report_users()),
389 NULL);
390 }
391 if (container.has_report_hardware_status()) {
392 policies->Set(key::kReportDeviceHardwareStatus,
393 POLICY_LEVEL_MANDATORY,
394 POLICY_SCOPE_MACHINE,
395 new base::FundamentalValue(
396 container.report_hardware_status()),
397 NULL);
398 }
399 if (container.has_report_session_status()) {
400 policies->Set(key::kReportDeviceSessionStatus,
401 POLICY_LEVEL_MANDATORY,
402 POLICY_SCOPE_MACHINE,
403 new base::FundamentalValue(
404 container.report_session_status()),
405 NULL);
406 }
407 if (container.has_device_status_frequency()) {
408 policies->Set(key::kReportUploadFrequency,
409 POLICY_LEVEL_MANDATORY,
410 POLICY_SCOPE_MACHINE,
411 DecodeIntegerValue(
412 container.device_status_frequency()).release(),
413 NULL);
414 }
415 }
416
417 if (policy.has_device_heartbeat_settings()) {
418 const em::DeviceHeartbeatSettingsProto& container(
419 policy.device_heartbeat_settings());
420 if (container.has_heartbeat_enabled()) {
421 policies->Set(key::kHeartbeatEnabled,
422 POLICY_LEVEL_MANDATORY,
423 POLICY_SCOPE_MACHINE,
424 new base::FundamentalValue(
425 container.heartbeat_enabled()),
426 NULL);
427 }
428 if (container.has_heartbeat_frequency()) {
429 policies->Set(key::kHeartbeatFrequency,
430 POLICY_LEVEL_MANDATORY,
431 POLICY_SCOPE_MACHINE,
432 DecodeIntegerValue(
433 container.heartbeat_frequency()).release(),
434 NULL);
435 }
436 }
437 }
438
439 void DecodeAutoUpdatePolicies(const em::ChromeDeviceSettingsProto& policy,
440 PolicyMap* policies) {
441 if (policy.has_release_channel()) {
442 const em::ReleaseChannelProto& container(policy.release_channel());
443 if (container.has_release_channel()) {
444 std::string channel(container.release_channel());
445 policies->Set(key::kChromeOsReleaseChannel,
446 POLICY_LEVEL_MANDATORY,
447 POLICY_SCOPE_MACHINE,
448 new base::StringValue(channel),
449 NULL);
450 // TODO(dubroy): Once http://crosbug.com/17015 is implemented, we won't
451 // have to pass the channel in here, only ping the update engine to tell
452 // it to fetch the channel from the policy.
453 chromeos::DBusThreadManager::Get()->GetUpdateEngineClient()->
454 SetChannel(channel, false);
455 }
456 if (container.has_release_channel_delegated()) {
457 policies->Set(key::kChromeOsReleaseChannelDelegated,
458 POLICY_LEVEL_MANDATORY,
459 POLICY_SCOPE_MACHINE,
460 new base::FundamentalValue(
461 container.release_channel_delegated()),
462 NULL);
463 }
464 }
465
466 if (policy.has_auto_update_settings()) {
467 const em::AutoUpdateSettingsProto& container(policy.auto_update_settings());
468 if (container.has_update_disabled()) {
469 policies->Set(key::kDeviceAutoUpdateDisabled,
470 POLICY_LEVEL_MANDATORY,
471 POLICY_SCOPE_MACHINE,
472 new base::FundamentalValue(
473 container.update_disabled()),
474 NULL);
475 }
476
477 if (container.has_target_version_prefix()) {
478 policies->Set(key::kDeviceTargetVersionPrefix,
479 POLICY_LEVEL_MANDATORY,
480 POLICY_SCOPE_MACHINE,
481 new base::StringValue(
482 container.target_version_prefix()),
483 NULL);
484 }
485
486 // target_version_display_name is not actually a policy, but a display
487 // string for target_version_prefix, so we ignore it.
488
489 if (container.has_scatter_factor_in_seconds()) {
490 policies->Set(key::kDeviceUpdateScatterFactor,
491 POLICY_LEVEL_MANDATORY,
492 POLICY_SCOPE_MACHINE,
493 new base::FundamentalValue(static_cast<int>(
494 container.scatter_factor_in_seconds())),
495 NULL);
496 }
497
498 if (container.allowed_connection_types_size()) {
499 base::ListValue* allowed_connection_types = new base::ListValue();
500 RepeatedField<int>::const_iterator entry;
501 for (entry = container.allowed_connection_types().begin();
502 entry != container.allowed_connection_types().end();
503 ++entry) {
504 base::Value* value = DecodeConnectionType(*entry);
505 if (value)
506 allowed_connection_types->Append(value);
507 }
508 policies->Set(key::kDeviceUpdateAllowedConnectionTypes,
509 POLICY_LEVEL_MANDATORY,
510 POLICY_SCOPE_MACHINE,
511 allowed_connection_types,
512 NULL);
513 }
514
515 if (container.has_http_downloads_enabled()) {
516 policies->Set(
517 key::kDeviceUpdateHttpDownloadsEnabled,
518 POLICY_LEVEL_MANDATORY,
519 POLICY_SCOPE_MACHINE,
520 new base::FundamentalValue(container.http_downloads_enabled()),
521 NULL);
522 }
523
524 if (container.has_reboot_after_update()) {
525 policies->Set(key::kRebootAfterUpdate,
526 POLICY_LEVEL_MANDATORY,
527 POLICY_SCOPE_MACHINE,
528 new base::FundamentalValue(
529 container.reboot_after_update()),
530 NULL);
531 }
532
533 if (container.has_p2p_enabled()) {
534 policies->Set(key::kDeviceAutoUpdateP2PEnabled,
535 POLICY_LEVEL_MANDATORY,
536 POLICY_SCOPE_MACHINE,
537 new base::FundamentalValue(container.p2p_enabled()),
538 NULL);
539 }
540 }
541 }
542
543 void DecodeAccessibilityPolicies(const em::ChromeDeviceSettingsProto& policy,
544 PolicyMap* policies) {
545 if (policy.has_accessibility_settings()) {
546 const em::AccessibilitySettingsProto&
547 container(policy.accessibility_settings());
548
549 if (container.has_login_screen_default_large_cursor_enabled()) {
550 policies->Set(
551 key::kDeviceLoginScreenDefaultLargeCursorEnabled,
552 POLICY_LEVEL_MANDATORY,
553 POLICY_SCOPE_MACHINE,
554 new base::FundamentalValue(
555 container.login_screen_default_large_cursor_enabled()),
556 NULL);
557 }
558
559 if (container.has_login_screen_default_spoken_feedback_enabled()) {
560 policies->Set(
561 key::kDeviceLoginScreenDefaultSpokenFeedbackEnabled,
562 POLICY_LEVEL_MANDATORY,
563 POLICY_SCOPE_MACHINE,
564 new base::FundamentalValue(
565 container.login_screen_default_spoken_feedback_enabled()),
566 NULL);
567 }
568
569 if (container.has_login_screen_default_high_contrast_enabled()) {
570 policies->Set(
571 key::kDeviceLoginScreenDefaultHighContrastEnabled,
572 POLICY_LEVEL_MANDATORY,
573 POLICY_SCOPE_MACHINE,
574 new base::FundamentalValue(
575 container.login_screen_default_high_contrast_enabled()),
576 NULL);
577 }
578
579 if (container.has_login_screen_default_screen_magnifier_type()) {
580 policies->Set(
581 key::kDeviceLoginScreenDefaultScreenMagnifierType,
582 POLICY_LEVEL_MANDATORY,
583 POLICY_SCOPE_MACHINE,
584 DecodeIntegerValue(
585 container.login_screen_default_screen_magnifier_type()).release(),
586 NULL);
587 }
588
589 if (container.has_login_screen_default_virtual_keyboard_enabled()) {
590 policies->Set(
591 key::kDeviceLoginScreenDefaultVirtualKeyboardEnabled,
592 POLICY_LEVEL_MANDATORY,
593 POLICY_SCOPE_MACHINE,
594 new base::FundamentalValue(
595 container.login_screen_default_virtual_keyboard_enabled()),
596 NULL);
597 }
598
599 // The behavior when policy is not set and when it is set to an empty string
600 // is the same. Thus lets add policy to the map only if it is set and its
601 // value is not an empty string.
602 if (container.has_login_screen_domain_auto_complete() &&
603 !container.login_screen_domain_auto_complete().empty()) {
604 policies->Set(
605 key::kDeviceLoginScreenDomainAutoComplete, POLICY_LEVEL_MANDATORY,
606 POLICY_SCOPE_MACHINE,
607 new base::StringValue(container.login_screen_domain_auto_complete()),
608 nullptr);
609 }
610 }
611 }
612
613 void DecodeGenericPolicies(const em::ChromeDeviceSettingsProto& policy,
614 PolicyMap* policies) {
615 if (policy.has_device_policy_refresh_rate()) {
616 const em::DevicePolicyRefreshRateProto& container(
617 policy.device_policy_refresh_rate());
618 if (container.has_device_policy_refresh_rate()) {
619 policies->Set(
620 key::kDevicePolicyRefreshRate,
621 POLICY_LEVEL_MANDATORY,
622 POLICY_SCOPE_MACHINE,
623 DecodeIntegerValue(container.device_policy_refresh_rate()).release(),
624 NULL);
625 }
626 }
627
628 if (policy.has_metrics_enabled()) {
629 const em::MetricsEnabledProto& container(policy.metrics_enabled());
630 if (container.has_metrics_enabled()) {
631 policies->Set(key::kDeviceMetricsReportingEnabled,
632 POLICY_LEVEL_MANDATORY,
633 POLICY_SCOPE_MACHINE,
634 new base::FundamentalValue(
635 container.metrics_enabled()),
636 NULL);
637 }
638 }
639
640 if (policy.has_system_timezone()) {
641 if (policy.system_timezone().has_timezone()) {
642 policies->Set(key::kSystemTimezone,
643 POLICY_LEVEL_MANDATORY,
644 POLICY_SCOPE_MACHINE,
645 new base::StringValue(
646 policy.system_timezone().timezone()),
647 NULL);
648 }
649 }
650
651 if (policy.has_use_24hour_clock()) {
652 if (policy.use_24hour_clock().has_use_24hour_clock()) {
653 policies->Set(key::kSystemUse24HourClock,
654 POLICY_LEVEL_MANDATORY,
655 POLICY_SCOPE_MACHINE,
656 new base::FundamentalValue(
657 policy.use_24hour_clock().use_24hour_clock()),
658 NULL);
659 }
660 }
661
662 if (policy.has_allow_redeem_offers()) {
663 const em::AllowRedeemChromeOsRegistrationOffersProto& container(
664 policy.allow_redeem_offers());
665 if (container.has_allow_redeem_offers()) {
666 policies->Set(key::kDeviceAllowRedeemChromeOsRegistrationOffers,
667 POLICY_LEVEL_MANDATORY,
668 POLICY_SCOPE_MACHINE,
669 new base::FundamentalValue(
670 container.allow_redeem_offers()),
671 NULL);
672 }
673 }
674
675 if (policy.has_uptime_limit()) {
676 const em::UptimeLimitProto& container(policy.uptime_limit());
677 if (container.has_uptime_limit()) {
678 policies->Set(key::kUptimeLimit,
679 POLICY_LEVEL_MANDATORY,
680 POLICY_SCOPE_MACHINE,
681 DecodeIntegerValue(container.uptime_limit()).release(),
682 NULL);
683 }
684 }
685
686 if (policy.has_start_up_flags()) {
687 const em::StartUpFlagsProto& container(policy.start_up_flags());
688 base::ListValue* flags = new base::ListValue();
689 RepeatedPtrField<std::string>::const_iterator entry;
690 for (entry = container.flags().begin();
691 entry != container.flags().end();
692 ++entry) {
693 flags->Append(new base::StringValue(*entry));
694 }
695 policies->Set(key::kDeviceStartUpFlags,
696 POLICY_LEVEL_MANDATORY,
697 POLICY_SCOPE_MACHINE,
698 flags,
699 NULL);
700 }
701
702 if (policy.has_variations_parameter()) {
703 if (policy.variations_parameter().has_parameter()) {
704 policies->Set(key::kDeviceVariationsRestrictParameter,
705 POLICY_LEVEL_MANDATORY,
706 POLICY_SCOPE_MACHINE,
707 new base::StringValue(
708 policy.variations_parameter().parameter()),
709 NULL);
710 }
711 }
712
713 if (policy.has_attestation_settings()) {
714 if (policy.attestation_settings().has_attestation_enabled()) {
715 policies->Set(key::kAttestationEnabledForDevice,
716 POLICY_LEVEL_MANDATORY,
717 POLICY_SCOPE_MACHINE,
718 new base::FundamentalValue(
719 policy.attestation_settings().attestation_enabled()),
720 NULL);
721 }
722 if (policy.attestation_settings().has_content_protection_enabled()) {
723 policies->Set(
724 key::kAttestationForContentProtectionEnabled,
725 POLICY_LEVEL_MANDATORY,
726 POLICY_SCOPE_MACHINE,
727 new base::FundamentalValue(
728 policy.attestation_settings().content_protection_enabled()),
729 NULL);
730 }
731 }
732
733 if (policy.has_login_screen_power_management()) {
734 const em::LoginScreenPowerManagementProto& container(
735 policy.login_screen_power_management());
736 if (container.has_login_screen_power_management()) {
737 scoped_ptr<base::Value> decoded_json;
738 decoded_json = DecodeJsonStringAndDropUnknownBySchema(
739 container.login_screen_power_management(),
740 key::kDeviceLoginScreenPowerManagement);
741 if (decoded_json) {
742 policies->Set(key::kDeviceLoginScreenPowerManagement,
743 POLICY_LEVEL_MANDATORY,
744 POLICY_SCOPE_MACHINE,
745 decoded_json.release(),
746 NULL);
747 }
748 }
749 }
750
751 if (policy.has_system_settings()) {
752 const em::SystemSettingsProto& container(policy.system_settings());
753 if (container.has_block_devmode()) {
754 policies->Set(
755 key::kDeviceBlockDevmode,
756 POLICY_LEVEL_MANDATORY,
757 POLICY_SCOPE_MACHINE,
758 new base::FundamentalValue(container.block_devmode()),
759 NULL);
760 }
761 }
762
763 if (policy.has_extension_cache_size()) {
764 const em::ExtensionCacheSizeProto& container(policy.extension_cache_size());
765 if (container.has_extension_cache_size()) {
766 policies->Set(
767 key::kExtensionCacheSize, POLICY_LEVEL_MANDATORY,
768 POLICY_SCOPE_MACHINE,
769 DecodeIntegerValue(container.extension_cache_size()).release(),
770 nullptr);
771 }
772 }
773 }
774
775 } // namespace
776
777 void DecodeDevicePolicy(const em::ChromeDeviceSettingsProto& policy,
778 PolicyMap* policies) {
779 // TODO(achuith): Remove this once crbug.com/263527 is resolved.
780 VLOG(2) << "DecodeDevicePolicy " << policy.SerializeAsString();
781
782 // Decode the various groups of policies.
783 DecodeLoginPolicies(policy, policies);
784 DecodeNetworkPolicies(policy, policies);
785 DecodeReportingPolicies(policy, policies);
786 DecodeAutoUpdatePolicies(policy, policies);
787 DecodeAccessibilityPolicies(policy, policies);
788 DecodeGenericPolicies(policy, policies);
789 }
790
791 } // namespace policy