Add new certificateProvider extension API.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_policy_decoder_chromeos.cc
blob98216eb2b1bfac05cd88735953b5326403558d35
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
7 #include <limits>
8 #include <string>
10 #include "base/callback.h"
11 #include "base/json/json_reader.h"
12 #include "base/logging.h"
13 #include "base/values.h"
14 #include "chrome/browser/browser_process.h"
15 #include "chrome/browser/chromeos/policy/device_local_account.h"
16 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
17 #include "chromeos/dbus/dbus_thread_manager.h"
18 #include "chromeos/dbus/update_engine_client.h"
19 #include "chromeos/settings/cros_settings_names.h"
20 #include "components/policy/core/browser/browser_policy_connector.h"
21 #include "components/policy/core/common/external_data_fetcher.h"
22 #include "components/policy/core/common/policy_map.h"
23 #include "components/policy/core/common/schema.h"
24 #include "policy/policy_constants.h"
25 #include "third_party/cros_system_api/dbus/service_constants.h"
27 using google::protobuf::RepeatedField;
28 using google::protobuf::RepeatedPtrField;
30 namespace em = enterprise_management;
32 namespace policy {
34 namespace {
36 // Decodes a protobuf integer to an IntegerValue. Returns NULL in case the input
37 // value is out of bounds.
38 scoped_ptr<base::Value> DecodeIntegerValue(google::protobuf::int64 value) {
39 if (value < std::numeric_limits<int>::min() ||
40 value > std::numeric_limits<int>::max()) {
41 LOG(WARNING) << "Integer value " << value
42 << " out of numeric limits, ignoring.";
43 return scoped_ptr<base::Value>();
46 return scoped_ptr<base::Value>(
47 new base::FundamentalValue(static_cast<int>(value)));
50 // Decodes a JSON string to a base::Value, and drops unknown properties
51 // according to a policy schema. |policy_name| is the name of a policy schema
52 // defined in policy_templates.json. Returns NULL in case the input is not a
53 // valid JSON string.
54 scoped_ptr<base::Value> DecodeJsonStringAndDropUnknownBySchema(
55 const std::string& json_string,
56 const std::string& policy_name) {
57 std::string error;
58 scoped_ptr<base::Value> root = base::JSONReader::ReadAndReturnError(
59 json_string, base::JSON_ALLOW_TRAILING_COMMAS, NULL, &error);
61 if (!root) {
62 LOG(WARNING) << "Invalid JSON string: " << error << ", ignoring.";
63 return scoped_ptr<base::Value>();
66 const Schema& schema = g_browser_process
67 ->browser_policy_connector()
68 ->GetChromeSchema()
69 .GetKnownProperty(policy_name);
71 if (schema.valid()) {
72 std::string error_path;
73 bool changed = false;
75 if (!schema.Normalize(root.get(), SCHEMA_ALLOW_UNKNOWN, &error_path, &error,
76 &changed)) {
77 LOG(WARNING) << "Invalid policy value for " << policy_name << ": "
78 << error << " at " << error_path << ".";
79 return scoped_ptr<base::Value>();
82 if (changed) {
83 LOG(WARNING) << "Some properties in " << policy_name
84 << " were dropped: " << error << " at " << error_path << ".";
86 } else {
87 LOG(WARNING) << "Unknown or invalid policy schema for " << policy_name
88 << ".";
89 return scoped_ptr<base::Value>();
92 return root;
95 base::Value* DecodeConnectionType(int value) {
96 static const char* const kConnectionTypes[] = {
97 shill::kTypeEthernet,
98 shill::kTypeWifi,
99 shill::kTypeWimax,
100 shill::kTypeBluetooth,
101 shill::kTypeCellular,
104 if (value < 0 || value >= static_cast<int>(arraysize(kConnectionTypes)))
105 return NULL;
107 return new base::StringValue(kConnectionTypes[value]);
110 void DecodeLoginPolicies(const em::ChromeDeviceSettingsProto& policy,
111 PolicyMap* policies) {
112 if (policy.has_guest_mode_enabled()) {
113 const em::GuestModeEnabledProto& container(policy.guest_mode_enabled());
114 if (container.has_guest_mode_enabled()) {
115 policies->Set(key::kDeviceGuestModeEnabled,
116 POLICY_LEVEL_MANDATORY,
117 POLICY_SCOPE_MACHINE,
118 new base::FundamentalValue(
119 container.guest_mode_enabled()),
120 NULL);
124 if (policy.has_reboot_on_shutdown()) {
125 const em::RebootOnShutdownProto& container(policy.reboot_on_shutdown());
126 if (container.has_reboot_on_shutdown()) {
127 policies->Set(key::kDeviceRebootOnShutdown, POLICY_LEVEL_MANDATORY,
128 POLICY_SCOPE_MACHINE,
129 new base::FundamentalValue(container.reboot_on_shutdown()),
130 NULL);
134 if (policy.has_show_user_names()) {
135 const em::ShowUserNamesOnSigninProto& container(policy.show_user_names());
136 if (container.has_show_user_names()) {
137 policies->Set(key::kDeviceShowUserNamesOnSignin,
138 POLICY_LEVEL_MANDATORY,
139 POLICY_SCOPE_MACHINE,
140 new base::FundamentalValue(
141 container.show_user_names()),
142 NULL);
146 if (policy.has_allow_new_users()) {
147 const em::AllowNewUsersProto& container(policy.allow_new_users());
148 if (container.has_allow_new_users()) {
149 policies->Set(key::kDeviceAllowNewUsers,
150 POLICY_LEVEL_MANDATORY,
151 POLICY_SCOPE_MACHINE,
152 new base::FundamentalValue(
153 container.allow_new_users()),
154 NULL);
158 if (policy.has_user_whitelist()) {
159 const em::UserWhitelistProto& container(policy.user_whitelist());
160 base::ListValue* whitelist = new base::ListValue();
161 RepeatedPtrField<std::string>::const_iterator entry;
162 for (entry = container.user_whitelist().begin();
163 entry != container.user_whitelist().end();
164 ++entry) {
165 whitelist->Append(new base::StringValue(*entry));
167 policies->Set(key::kDeviceUserWhitelist,
168 POLICY_LEVEL_MANDATORY,
169 POLICY_SCOPE_MACHINE,
170 whitelist,
171 NULL);
174 if (policy.has_ephemeral_users_enabled()) {
175 const em::EphemeralUsersEnabledProto& container(
176 policy.ephemeral_users_enabled());
177 if (container.has_ephemeral_users_enabled()) {
178 policies->Set(key::kDeviceEphemeralUsersEnabled,
179 POLICY_LEVEL_MANDATORY,
180 POLICY_SCOPE_MACHINE,
181 new base::FundamentalValue(
182 container.ephemeral_users_enabled()),
183 NULL);
187 if (policy.has_device_local_accounts()) {
188 const em::DeviceLocalAccountsProto& container(
189 policy.device_local_accounts());
190 const RepeatedPtrField<em::DeviceLocalAccountInfoProto>& accounts =
191 container.account();
192 scoped_ptr<base::ListValue> account_list(new base::ListValue());
193 RepeatedPtrField<em::DeviceLocalAccountInfoProto>::const_iterator entry;
194 for (entry = accounts.begin(); entry != accounts.end(); ++entry) {
195 scoped_ptr<base::DictionaryValue> entry_dict(
196 new base::DictionaryValue());
197 if (entry->has_type()) {
198 if (entry->has_account_id()) {
199 entry_dict->SetStringWithoutPathExpansion(
200 chromeos::kAccountsPrefDeviceLocalAccountsKeyId,
201 entry->account_id());
203 entry_dict->SetIntegerWithoutPathExpansion(
204 chromeos::kAccountsPrefDeviceLocalAccountsKeyType, entry->type());
205 if (entry->kiosk_app().has_app_id()) {
206 entry_dict->SetStringWithoutPathExpansion(
207 chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppId,
208 entry->kiosk_app().app_id());
210 if (entry->kiosk_app().has_update_url()) {
211 entry_dict->SetStringWithoutPathExpansion(
212 chromeos::kAccountsPrefDeviceLocalAccountsKeyKioskAppUpdateURL,
213 entry->kiosk_app().update_url());
215 } else if (entry->has_deprecated_public_session_id()) {
216 // Deprecated public session specification.
217 entry_dict->SetStringWithoutPathExpansion(
218 chromeos::kAccountsPrefDeviceLocalAccountsKeyId,
219 entry->deprecated_public_session_id());
220 entry_dict->SetIntegerWithoutPathExpansion(
221 chromeos::kAccountsPrefDeviceLocalAccountsKeyType,
222 DeviceLocalAccount::TYPE_PUBLIC_SESSION);
224 account_list->Append(entry_dict.release());
226 policies->Set(key::kDeviceLocalAccounts,
227 POLICY_LEVEL_MANDATORY,
228 POLICY_SCOPE_MACHINE,
229 account_list.release(),
230 NULL);
231 if (container.has_auto_login_id()) {
232 policies->Set(key::kDeviceLocalAccountAutoLoginId,
233 POLICY_LEVEL_MANDATORY,
234 POLICY_SCOPE_MACHINE,
235 new base::StringValue(container.auto_login_id()),
236 NULL);
238 if (container.has_auto_login_delay()) {
239 policies->Set(key::kDeviceLocalAccountAutoLoginDelay,
240 POLICY_LEVEL_MANDATORY,
241 POLICY_SCOPE_MACHINE,
242 DecodeIntegerValue(container.auto_login_delay()).release(),
243 NULL);
245 if (container.has_enable_auto_login_bailout()) {
246 policies->Set(key::kDeviceLocalAccountAutoLoginBailoutEnabled,
247 POLICY_LEVEL_MANDATORY,
248 POLICY_SCOPE_MACHINE,
249 new base::FundamentalValue(
250 container.enable_auto_login_bailout()),
251 NULL);
253 if (container.has_prompt_for_network_when_offline()) {
254 policies->Set(key::kDeviceLocalAccountPromptForNetworkWhenOffline,
255 POLICY_LEVEL_MANDATORY,
256 POLICY_SCOPE_MACHINE,
257 new base::FundamentalValue(
258 container.prompt_for_network_when_offline()),
259 NULL);
263 if (policy.has_supervised_users_settings()) {
264 const em::SupervisedUsersSettingsProto& container =
265 policy.supervised_users_settings();
266 if (container.has_supervised_users_enabled()) {
267 base::Value* value = new base::FundamentalValue(
268 container.supervised_users_enabled());
269 policies->Set(key::kSupervisedUsersEnabled,
270 POLICY_LEVEL_MANDATORY,
271 POLICY_SCOPE_MACHINE,
272 value,
273 NULL);
277 if (policy.has_saml_settings()) {
278 const em::SAMLSettingsProto& container(policy.saml_settings());
279 if (container.has_transfer_saml_cookies()) {
280 policies->Set(key::kDeviceTransferSAMLCookies,
281 POLICY_LEVEL_MANDATORY,
282 POLICY_SCOPE_MACHINE,
283 new base::FundamentalValue(
284 container.transfer_saml_cookies()),
285 NULL);
290 void DecodeNetworkPolicies(const em::ChromeDeviceSettingsProto& policy,
291 PolicyMap* policies) {
292 if (policy.has_data_roaming_enabled()) {
293 const em::DataRoamingEnabledProto& container(policy.data_roaming_enabled());
294 if (container.has_data_roaming_enabled()) {
295 policies->Set(key::kDeviceDataRoamingEnabled,
296 POLICY_LEVEL_MANDATORY,
297 POLICY_SCOPE_MACHINE,
298 new base::FundamentalValue(
299 container.data_roaming_enabled()),
300 NULL);
304 if (policy.has_open_network_configuration() &&
305 policy.open_network_configuration().has_open_network_configuration()) {
306 std::string config(
307 policy.open_network_configuration().open_network_configuration());
308 policies->Set(key::kDeviceOpenNetworkConfiguration,
309 POLICY_LEVEL_MANDATORY,
310 POLICY_SCOPE_MACHINE,
311 new base::StringValue(config),
312 NULL);
316 void DecodeReportingPolicies(const em::ChromeDeviceSettingsProto& policy,
317 PolicyMap* policies) {
318 if (policy.has_device_reporting()) {
319 const em::DeviceReportingProto& container(policy.device_reporting());
320 if (container.has_report_version_info()) {
321 policies->Set(key::kReportDeviceVersionInfo,
322 POLICY_LEVEL_MANDATORY,
323 POLICY_SCOPE_MACHINE,
324 new base::FundamentalValue(
325 container.report_version_info()),
326 NULL);
328 if (container.has_report_activity_times()) {
329 policies->Set(key::kReportDeviceActivityTimes,
330 POLICY_LEVEL_MANDATORY,
331 POLICY_SCOPE_MACHINE,
332 new base::FundamentalValue(
333 container.report_activity_times()),
334 NULL);
336 if (container.has_report_boot_mode()) {
337 policies->Set(key::kReportDeviceBootMode,
338 POLICY_LEVEL_MANDATORY,
339 POLICY_SCOPE_MACHINE,
340 new base::FundamentalValue(
341 container.report_boot_mode()),
342 NULL);
344 if (container.has_report_location()) {
345 policies->Set(key::kReportDeviceLocation,
346 POLICY_LEVEL_MANDATORY,
347 POLICY_SCOPE_MACHINE,
348 new base::FundamentalValue(
349 container.report_location()),
350 NULL);
352 if (container.has_report_network_interfaces()) {
353 policies->Set(key::kReportDeviceNetworkInterfaces,
354 POLICY_LEVEL_MANDATORY,
355 POLICY_SCOPE_MACHINE,
356 new base::FundamentalValue(
357 container.report_network_interfaces()),
358 NULL);
360 if (container.has_report_users()) {
361 policies->Set(key::kReportDeviceUsers,
362 POLICY_LEVEL_MANDATORY,
363 POLICY_SCOPE_MACHINE,
364 new base::FundamentalValue(container.report_users()),
365 NULL);
367 if (container.has_report_hardware_status()) {
368 policies->Set(key::kReportDeviceHardwareStatus,
369 POLICY_LEVEL_MANDATORY,
370 POLICY_SCOPE_MACHINE,
371 new base::FundamentalValue(
372 container.report_hardware_status()),
373 NULL);
375 if (container.has_report_session_status()) {
376 policies->Set(key::kReportDeviceSessionStatus,
377 POLICY_LEVEL_MANDATORY,
378 POLICY_SCOPE_MACHINE,
379 new base::FundamentalValue(
380 container.report_session_status()),
381 NULL);
383 if (container.has_device_status_frequency()) {
384 policies->Set(key::kReportUploadFrequency,
385 POLICY_LEVEL_MANDATORY,
386 POLICY_SCOPE_MACHINE,
387 DecodeIntegerValue(
388 container.device_status_frequency()).release(),
389 NULL);
393 if (policy.has_device_heartbeat_settings()) {
394 const em::DeviceHeartbeatSettingsProto& container(
395 policy.device_heartbeat_settings());
396 if (container.has_heartbeat_enabled()) {
397 policies->Set(key::kHeartbeatEnabled,
398 POLICY_LEVEL_MANDATORY,
399 POLICY_SCOPE_MACHINE,
400 new base::FundamentalValue(
401 container.heartbeat_enabled()),
402 NULL);
404 if (container.has_heartbeat_frequency()) {
405 policies->Set(key::kHeartbeatFrequency,
406 POLICY_LEVEL_MANDATORY,
407 POLICY_SCOPE_MACHINE,
408 DecodeIntegerValue(
409 container.heartbeat_frequency()).release(),
410 NULL);
414 if (policy.has_device_log_upload_settings()) {
415 const em::DeviceLogUploadSettingsProto& container(
416 policy.device_log_upload_settings());
417 if (container.has_system_log_upload_enabled()) {
418 policies->Set(
419 key::kLogUploadEnabled, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
420 new base::FundamentalValue(container.system_log_upload_enabled()),
421 NULL);
426 void DecodeAutoUpdatePolicies(const em::ChromeDeviceSettingsProto& policy,
427 PolicyMap* policies) {
428 if (policy.has_release_channel()) {
429 const em::ReleaseChannelProto& container(policy.release_channel());
430 if (container.has_release_channel()) {
431 std::string channel(container.release_channel());
432 policies->Set(key::kChromeOsReleaseChannel,
433 POLICY_LEVEL_MANDATORY,
434 POLICY_SCOPE_MACHINE,
435 new base::StringValue(channel),
436 NULL);
437 // TODO(dubroy): Once http://crosbug.com/17015 is implemented, we won't
438 // have to pass the channel in here, only ping the update engine to tell
439 // it to fetch the channel from the policy.
440 chromeos::DBusThreadManager::Get()->GetUpdateEngineClient()->
441 SetChannel(channel, false);
443 if (container.has_release_channel_delegated()) {
444 policies->Set(key::kChromeOsReleaseChannelDelegated,
445 POLICY_LEVEL_MANDATORY,
446 POLICY_SCOPE_MACHINE,
447 new base::FundamentalValue(
448 container.release_channel_delegated()),
449 NULL);
453 if (policy.has_auto_update_settings()) {
454 const em::AutoUpdateSettingsProto& container(policy.auto_update_settings());
455 if (container.has_update_disabled()) {
456 policies->Set(key::kDeviceAutoUpdateDisabled,
457 POLICY_LEVEL_MANDATORY,
458 POLICY_SCOPE_MACHINE,
459 new base::FundamentalValue(
460 container.update_disabled()),
461 NULL);
464 if (container.has_target_version_prefix()) {
465 policies->Set(key::kDeviceTargetVersionPrefix,
466 POLICY_LEVEL_MANDATORY,
467 POLICY_SCOPE_MACHINE,
468 new base::StringValue(
469 container.target_version_prefix()),
470 NULL);
473 // target_version_display_name is not actually a policy, but a display
474 // string for target_version_prefix, so we ignore it.
476 if (container.has_scatter_factor_in_seconds()) {
477 policies->Set(key::kDeviceUpdateScatterFactor,
478 POLICY_LEVEL_MANDATORY,
479 POLICY_SCOPE_MACHINE,
480 new base::FundamentalValue(static_cast<int>(
481 container.scatter_factor_in_seconds())),
482 NULL);
485 if (container.allowed_connection_types_size()) {
486 base::ListValue* allowed_connection_types = new base::ListValue();
487 RepeatedField<int>::const_iterator entry;
488 for (entry = container.allowed_connection_types().begin();
489 entry != container.allowed_connection_types().end();
490 ++entry) {
491 base::Value* value = DecodeConnectionType(*entry);
492 if (value)
493 allowed_connection_types->Append(value);
495 policies->Set(key::kDeviceUpdateAllowedConnectionTypes,
496 POLICY_LEVEL_MANDATORY,
497 POLICY_SCOPE_MACHINE,
498 allowed_connection_types,
499 NULL);
502 if (container.has_http_downloads_enabled()) {
503 policies->Set(
504 key::kDeviceUpdateHttpDownloadsEnabled,
505 POLICY_LEVEL_MANDATORY,
506 POLICY_SCOPE_MACHINE,
507 new base::FundamentalValue(container.http_downloads_enabled()),
508 NULL);
511 if (container.has_reboot_after_update()) {
512 policies->Set(key::kRebootAfterUpdate,
513 POLICY_LEVEL_MANDATORY,
514 POLICY_SCOPE_MACHINE,
515 new base::FundamentalValue(
516 container.reboot_after_update()),
517 NULL);
520 if (container.has_p2p_enabled()) {
521 policies->Set(key::kDeviceAutoUpdateP2PEnabled,
522 POLICY_LEVEL_MANDATORY,
523 POLICY_SCOPE_MACHINE,
524 new base::FundamentalValue(container.p2p_enabled()),
525 NULL);
530 void DecodeAccessibilityPolicies(const em::ChromeDeviceSettingsProto& policy,
531 PolicyMap* policies) {
532 if (policy.has_accessibility_settings()) {
533 const em::AccessibilitySettingsProto&
534 container(policy.accessibility_settings());
536 if (container.has_login_screen_default_large_cursor_enabled()) {
537 policies->Set(
538 key::kDeviceLoginScreenDefaultLargeCursorEnabled,
539 POLICY_LEVEL_MANDATORY,
540 POLICY_SCOPE_MACHINE,
541 new base::FundamentalValue(
542 container.login_screen_default_large_cursor_enabled()),
543 NULL);
546 if (container.has_login_screen_default_spoken_feedback_enabled()) {
547 policies->Set(
548 key::kDeviceLoginScreenDefaultSpokenFeedbackEnabled,
549 POLICY_LEVEL_MANDATORY,
550 POLICY_SCOPE_MACHINE,
551 new base::FundamentalValue(
552 container.login_screen_default_spoken_feedback_enabled()),
553 NULL);
556 if (container.has_login_screen_default_high_contrast_enabled()) {
557 policies->Set(
558 key::kDeviceLoginScreenDefaultHighContrastEnabled,
559 POLICY_LEVEL_MANDATORY,
560 POLICY_SCOPE_MACHINE,
561 new base::FundamentalValue(
562 container.login_screen_default_high_contrast_enabled()),
563 NULL);
566 if (container.has_login_screen_default_screen_magnifier_type()) {
567 policies->Set(
568 key::kDeviceLoginScreenDefaultScreenMagnifierType,
569 POLICY_LEVEL_MANDATORY,
570 POLICY_SCOPE_MACHINE,
571 DecodeIntegerValue(
572 container.login_screen_default_screen_magnifier_type()).release(),
573 NULL);
576 if (container.has_login_screen_default_virtual_keyboard_enabled()) {
577 policies->Set(
578 key::kDeviceLoginScreenDefaultVirtualKeyboardEnabled,
579 POLICY_LEVEL_MANDATORY,
580 POLICY_SCOPE_MACHINE,
581 new base::FundamentalValue(
582 container.login_screen_default_virtual_keyboard_enabled()),
583 NULL);
588 void DecodeGenericPolicies(const em::ChromeDeviceSettingsProto& policy,
589 PolicyMap* policies) {
590 if (policy.has_device_policy_refresh_rate()) {
591 const em::DevicePolicyRefreshRateProto& container(
592 policy.device_policy_refresh_rate());
593 if (container.has_device_policy_refresh_rate()) {
594 policies->Set(
595 key::kDevicePolicyRefreshRate,
596 POLICY_LEVEL_MANDATORY,
597 POLICY_SCOPE_MACHINE,
598 DecodeIntegerValue(container.device_policy_refresh_rate()).release(),
599 NULL);
603 if (policy.has_metrics_enabled()) {
604 const em::MetricsEnabledProto& container(policy.metrics_enabled());
605 if (container.has_metrics_enabled()) {
606 policies->Set(key::kDeviceMetricsReportingEnabled,
607 POLICY_LEVEL_MANDATORY,
608 POLICY_SCOPE_MACHINE,
609 new base::FundamentalValue(
610 container.metrics_enabled()),
611 NULL);
615 if (policy.has_system_timezone()) {
616 if (policy.system_timezone().has_timezone()) {
617 policies->Set(key::kSystemTimezone,
618 POLICY_LEVEL_MANDATORY,
619 POLICY_SCOPE_MACHINE,
620 new base::StringValue(
621 policy.system_timezone().timezone()),
622 NULL);
626 if (policy.has_use_24hour_clock()) {
627 if (policy.use_24hour_clock().has_use_24hour_clock()) {
628 policies->Set(key::kSystemUse24HourClock,
629 POLICY_LEVEL_MANDATORY,
630 POLICY_SCOPE_MACHINE,
631 new base::FundamentalValue(
632 policy.use_24hour_clock().use_24hour_clock()),
633 NULL);
637 if (policy.has_allow_redeem_offers()) {
638 const em::AllowRedeemChromeOsRegistrationOffersProto& container(
639 policy.allow_redeem_offers());
640 if (container.has_allow_redeem_offers()) {
641 policies->Set(key::kDeviceAllowRedeemChromeOsRegistrationOffers,
642 POLICY_LEVEL_MANDATORY,
643 POLICY_SCOPE_MACHINE,
644 new base::FundamentalValue(
645 container.allow_redeem_offers()),
646 NULL);
650 if (policy.has_uptime_limit()) {
651 const em::UptimeLimitProto& container(policy.uptime_limit());
652 if (container.has_uptime_limit()) {
653 policies->Set(key::kUptimeLimit,
654 POLICY_LEVEL_MANDATORY,
655 POLICY_SCOPE_MACHINE,
656 DecodeIntegerValue(container.uptime_limit()).release(),
657 NULL);
661 if (policy.has_start_up_flags()) {
662 const em::StartUpFlagsProto& container(policy.start_up_flags());
663 base::ListValue* flags = new base::ListValue();
664 RepeatedPtrField<std::string>::const_iterator entry;
665 for (entry = container.flags().begin();
666 entry != container.flags().end();
667 ++entry) {
668 flags->Append(new base::StringValue(*entry));
670 policies->Set(key::kDeviceStartUpFlags,
671 POLICY_LEVEL_MANDATORY,
672 POLICY_SCOPE_MACHINE,
673 flags,
674 NULL);
677 if (policy.has_variations_parameter()) {
678 if (policy.variations_parameter().has_parameter()) {
679 policies->Set(key::kDeviceVariationsRestrictParameter,
680 POLICY_LEVEL_MANDATORY,
681 POLICY_SCOPE_MACHINE,
682 new base::StringValue(
683 policy.variations_parameter().parameter()),
684 NULL);
688 if (policy.has_attestation_settings()) {
689 if (policy.attestation_settings().has_attestation_enabled()) {
690 policies->Set(key::kAttestationEnabledForDevice,
691 POLICY_LEVEL_MANDATORY,
692 POLICY_SCOPE_MACHINE,
693 new base::FundamentalValue(
694 policy.attestation_settings().attestation_enabled()),
695 NULL);
697 if (policy.attestation_settings().has_content_protection_enabled()) {
698 policies->Set(
699 key::kAttestationForContentProtectionEnabled,
700 POLICY_LEVEL_MANDATORY,
701 POLICY_SCOPE_MACHINE,
702 new base::FundamentalValue(
703 policy.attestation_settings().content_protection_enabled()),
704 NULL);
708 if (policy.has_login_screen_power_management()) {
709 const em::LoginScreenPowerManagementProto& container(
710 policy.login_screen_power_management());
711 if (container.has_login_screen_power_management()) {
712 scoped_ptr<base::Value> decoded_json;
713 decoded_json = DecodeJsonStringAndDropUnknownBySchema(
714 container.login_screen_power_management(),
715 key::kDeviceLoginScreenPowerManagement);
716 if (decoded_json) {
717 policies->Set(key::kDeviceLoginScreenPowerManagement,
718 POLICY_LEVEL_MANDATORY,
719 POLICY_SCOPE_MACHINE,
720 decoded_json.release(),
721 NULL);
726 if (policy.has_system_settings()) {
727 const em::SystemSettingsProto& container(policy.system_settings());
728 if (container.has_block_devmode()) {
729 policies->Set(
730 key::kDeviceBlockDevmode,
731 POLICY_LEVEL_MANDATORY,
732 POLICY_SCOPE_MACHINE,
733 new base::FundamentalValue(container.block_devmode()),
734 NULL);
738 if (policy.has_extension_cache_size()) {
739 const em::ExtensionCacheSizeProto& container(policy.extension_cache_size());
740 if (container.has_extension_cache_size()) {
741 policies->Set(
742 key::kExtensionCacheSize, POLICY_LEVEL_MANDATORY,
743 POLICY_SCOPE_MACHINE,
744 DecodeIntegerValue(container.extension_cache_size()).release(),
745 nullptr);
749 if (policy.has_login_screen_domain_auto_complete()) {
750 const em::LoginScreenDomainAutoCompleteProto& container(
751 policy.login_screen_domain_auto_complete());
752 policies->Set(
753 key::kDeviceLoginScreenDomainAutoComplete, POLICY_LEVEL_MANDATORY,
754 POLICY_SCOPE_MACHINE,
755 new base::StringValue(container.login_screen_domain_auto_complete()),
756 nullptr);
760 } // namespace
762 void DecodeDevicePolicy(const em::ChromeDeviceSettingsProto& policy,
763 PolicyMap* policies) {
764 // Decode the various groups of policies.
765 DecodeLoginPolicies(policy, policies);
766 DecodeNetworkPolicies(policy, policies);
767 DecodeReportingPolicies(policy, policies);
768 DecodeAutoUpdatePolicies(policy, policies);
769 DecodeAccessibilityPolicies(policy, policies);
770 DecodeGenericPolicies(policy, policies);
773 } // namespace policy