1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/policy/profile_policy_connector.h"
8 #include "base/logging.h"
9 #include "base/values.h"
10 #include "chrome/browser/browser_process.h"
11 #include "components/policy/core/browser/browser_policy_connector.h"
12 #include "components/policy/core/common/cloud/cloud_policy_core.h"
13 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
14 #include "components/policy/core/common/cloud/cloud_policy_store.h"
15 #include "components/policy/core/common/configuration_policy_provider.h"
16 #include "components/policy/core/common/policy_bundle.h"
17 #include "components/policy/core/common/policy_map.h"
18 #include "components/policy/core/common/policy_namespace.h"
19 #include "components/policy/core/common/policy_service_impl.h"
20 #include "components/policy/core/common/schema_registry_tracking_policy_provider.h"
21 #include "google_apis/gaia/gaia_auth_util.h"
23 #if defined(OS_CHROMEOS)
24 #include "chrome/browser/browser_process_platform_part.h"
25 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
26 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
27 #include "chrome/browser/chromeos/policy/device_local_account.h"
28 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
29 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h"
30 #include "components/user_manager/user.h"
31 #include "components/user_manager/user_manager.h"
38 std::string
GetCloudPolicyManagementDomain(
39 const CloudPolicyManager
* cloud_policy_manager
) {
40 const CloudPolicyStore
* const store
= cloud_policy_manager
->core()->store();
42 CHECK(store
->is_initialized())
43 << "Cloud policy management domain must be "
44 "requested only after the policy system is fully initialized";
45 if (store
->is_managed() && store
->policy()->has_username())
46 return gaia::ExtractDomainName(store
->policy()->username());
53 ProfilePolicyConnector::ProfilePolicyConnector()
54 #if defined(OS_CHROMEOS)
55 : is_primary_user_(false),
56 user_cloud_policy_manager_(nullptr)
58 : user_cloud_policy_manager_(nullptr)
63 ProfilePolicyConnector::~ProfilePolicyConnector() {}
65 void ProfilePolicyConnector::Init(
66 #if defined(OS_CHROMEOS)
67 const user_manager::User
* user
,
69 SchemaRegistry
* schema_registry
,
70 CloudPolicyManager
* user_cloud_policy_manager
) {
71 user_cloud_policy_manager_
= user_cloud_policy_manager
;
73 #if defined(OS_CHROMEOS)
74 BrowserPolicyConnectorChromeOS
* connector
=
75 g_browser_process
->platform_part()->browser_policy_connector_chromeos();
77 BrowserPolicyConnector
* connector
=
78 g_browser_process
->browser_policy_connector();
81 if (connector
->GetPlatformProvider()) {
82 wrapped_platform_policy_provider_
.reset(
83 new SchemaRegistryTrackingPolicyProvider(
84 connector
->GetPlatformProvider()));
85 wrapped_platform_policy_provider_
->Init(schema_registry
);
86 policy_providers_
.push_back(wrapped_platform_policy_provider_
.get());
89 #if defined(OS_CHROMEOS)
90 if (connector
->GetDeviceCloudPolicyManager())
91 policy_providers_
.push_back(connector
->GetDeviceCloudPolicyManager());
94 if (user_cloud_policy_manager
)
95 policy_providers_
.push_back(user_cloud_policy_manager
);
97 #if defined(OS_CHROMEOS)
99 DCHECK(schema_registry
);
100 // This case occurs for the signin profile.
101 special_user_policy_provider_
.reset(
102 new LoginProfilePolicyProvider(connector
->GetPolicyService()));
104 // |user| should never be nullptr except for the signin profile.
106 user
== user_manager::UserManager::Get()->GetPrimaryUser();
107 // Note that |DeviceLocalAccountPolicyProvider::Create| returns nullptr when
108 // the user supplied is not a device-local account user.
109 special_user_policy_provider_
= DeviceLocalAccountPolicyProvider::Create(
111 connector
->GetDeviceLocalAccountPolicyService());
113 if (special_user_policy_provider_
) {
114 special_user_policy_provider_
->Init(schema_registry
);
115 policy_providers_
.push_back(special_user_policy_provider_
.get());
119 policy_service_
.reset(new PolicyServiceImpl(policy_providers_
));
121 #if defined(OS_CHROMEOS)
122 if (is_primary_user_
) {
123 if (user_cloud_policy_manager
)
124 connector
->SetUserPolicyDelegate(user_cloud_policy_manager
);
125 else if (special_user_policy_provider_
)
126 connector
->SetUserPolicyDelegate(special_user_policy_provider_
.get());
131 void ProfilePolicyConnector::InitForTesting(scoped_ptr
<PolicyService
> service
) {
132 policy_service_
= service
.Pass();
135 void ProfilePolicyConnector::OverrideIsManagedForTesting(bool is_managed
) {
136 is_managed_override_
.reset(new bool(is_managed
));
139 void ProfilePolicyConnector::Shutdown() {
140 #if defined(OS_CHROMEOS)
141 BrowserPolicyConnectorChromeOS
* connector
=
142 g_browser_process
->platform_part()->browser_policy_connector_chromeos();
143 if (is_primary_user_
)
144 connector
->SetUserPolicyDelegate(nullptr);
145 if (special_user_policy_provider_
)
146 special_user_policy_provider_
->Shutdown();
148 if (wrapped_platform_policy_provider_
)
149 wrapped_platform_policy_provider_
->Shutdown();
152 bool ProfilePolicyConnector::IsManaged() const {
153 if (is_managed_override_
)
154 return *is_managed_override_
;
155 return !GetManagementDomain().empty();
158 std::string
ProfilePolicyConnector::GetManagementDomain() const {
159 if (user_cloud_policy_manager_
)
160 return GetCloudPolicyManagementDomain(user_cloud_policy_manager_
);
161 #if defined(OS_CHROMEOS)
162 if (special_user_policy_provider_
) {
163 // |special_user_policy_provider_| is non-null for device-local accounts and
164 // for the login profile.
165 // They receive policy iff the device itself is managed.
166 const DeviceCloudPolicyManagerChromeOS
* const device_cloud_policy_manager
=
167 g_browser_process
->platform_part()
168 ->browser_policy_connector_chromeos()
169 ->GetDeviceCloudPolicyManager();
170 // The device_cloud_policy_manager can be a nullptr in unit tests.
171 if (device_cloud_policy_manager
)
172 return GetCloudPolicyManagementDomain(device_cloud_policy_manager
);
178 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name
) const {
179 const ConfigurationPolicyProvider
* const provider
=
180 DeterminePolicyProviderForPolicy(name
);
181 return provider
== user_cloud_policy_manager_
;
184 const ConfigurationPolicyProvider
*
185 ProfilePolicyConnector::DeterminePolicyProviderForPolicy(
186 const char* name
) const {
187 const PolicyNamespace
chrome_ns(POLICY_DOMAIN_CHROME
, "");
188 for (const ConfigurationPolicyProvider
* provider
: policy_providers_
) {
189 if (provider
->policies().Get(chrome_ns
).Get(name
))
195 } // namespace policy