chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
   6
   7 #include "base/bind.h"
   8 #include "base/command_line.h"
   9 #include "base/files/file_path.h"
  10 #include "base/logging.h"
  11 #include "base/memory/ref_counted.h"
  12 #include "base/message_loop/message_loop_proxy.h"
  13 #include "base/path_service.h"
  14 #include "base/sequenced_task_runner.h"
  15 #include "base/threading/sequenced_worker_pool.h"
  16 #include "base/time/time.h"
  17 #include "chrome/browser/browser_process.h"
  18 #include "chrome/browser/chromeos/login/user.h"
  19 #include "chrome/browser/chromeos/login/user_manager.h"
  20 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
  21 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
  22 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
  23 #include "chrome/browser/chromeos/profiles/profile_helper.h"
  24 #include "chrome/browser/policy/browser_policy_connector.h"
  25 #include "chrome/browser/policy/schema_registry_service.h"
  26 #include "chrome/browser/policy/schema_registry_service_factory.h"
  27 #include "chrome/browser/profiles/profile.h"
  28 #include "chromeos/chromeos_paths.h"
  29 #include "chromeos/chromeos_switches.h"
  30 #include "chromeos/dbus/dbus_thread_manager.h"
  31 #include "components/browser_context_keyed_service/browser_context_dependency_manager.h"
  32 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
  33 #include "components/policy/core/common/cloud/device_management_service.h"
  34 #include "content/public/browser/browser_thread.h"
  35 #include "net/url_request/url_request_context_getter.h"
  36 #include "policy/policy_constants.h"
  37
  38 namespace policy {
  39
  40 namespace {
  41
  42 // Subdirectory in the user's profile for storing legacy user policies.
  43 const base::FilePath::CharType kDeviceManagementDir[] =
  44     FILE_PATH_LITERAL("Device Management");
  45
  46 // File in the above directory for storing legacy user policy dmtokens.
  47 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
  48
  49 // This constant is used to build two different paths. It can be a file inside
  50 // kDeviceManagementDir where legacy user policy data is stored, and it can be
  51 // a directory inside the profile directory where other resources are stored.
  52 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
  53
  54 // Directory under kPolicy, in the user's profile dir, where policy for
  55 // components is cached.
  56 const base::FilePath::CharType kComponentsDir[] =
  57     FILE_PATH_LITERAL("Components");
  58
  59 // Directory in which to store external policy data. This is specified relative
  60 // to kPolicy.
  61 const base::FilePath::CharType kPolicyExternalDataDir[] =
  62     FILE_PATH_LITERAL("External Data");
  63
  64 // Timeout in seconds after which to abandon the initial policy fetch and start
  65 // the session regardless.
  66 const int kInitialPolicyFetchTimeoutSeconds = 10;
  67
  68 }  // namespace
  69
  70 // static
  71 UserCloudPolicyManagerFactoryChromeOS*
  72     UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
  73   return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
  74 }
  75
  76 // static
  77 UserCloudPolicyManagerChromeOS*
  78     UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
  79         Profile* profile) {
  80   return GetInstance()->GetManagerForProfile(profile);
  81 }
  82
  83 // static
  84 scoped_ptr<UserCloudPolicyManagerChromeOS>
  85     UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
  86         Profile* profile,
  87         bool force_immediate_load,
  88         scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
  89   return GetInstance()->CreateManagerForProfile(
  90       profile, force_immediate_load, background_task_runner);
  91 }
  92
  93 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
  94     : BrowserContextKeyedBaseFactory(
  95         "UserCloudPolicyManagerChromeOS",
  96         BrowserContextDependencyManager::GetInstance()) {
  97   DependsOn(SchemaRegistryServiceFactory::GetInstance());
  98 }
  99
 100 UserCloudPolicyManagerFactoryChromeOS::
 101     ~UserCloudPolicyManagerFactoryChromeOS() {}
 102
 103 UserCloudPolicyManagerChromeOS*
 104     UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
 105         Profile* profile) {
 106   // Get the manager for the original profile, since the PolicyService is
 107   // also shared between the incognito Profile and the original Profile.
 108   ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
 109   return it != managers_.end() ? it->second : NULL;
 110 }
 111
 112 scoped_ptr<UserCloudPolicyManagerChromeOS>
 113     UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
 114         Profile* profile,
 115         bool force_immediate_load,
 116         scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
 117   const CommandLine* command_line = CommandLine::ForCurrentProcess();
 118   // Don't initialize cloud policy for the signin profile.
 119   if (chromeos::ProfileHelper::IsSigninProfile(profile))
 120     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
 121
 122   // |user| should never be NULL except for the signin profile. This object is
 123   // created as part of the Profile creation, which happens right after
 124   // sign-in. The just-signed-in User is the active user during that time.
 125   chromeos::UserManager* user_manager = chromeos::UserManager::Get();
 126   chromeos::User* user = user_manager->GetUserByProfile(profile);
 127   CHECK(user);
 128
 129   // Only USER_TYPE_REGULAR users have user cloud policy.
 130   // USER_TYPE_RETAIL_MODE, USER_TYPE_KIOSK_APP, USER_TYPE_GUEST and
 131   // USER_TYPE_LOCALLY_MANAGED are not signed in and can't authenticate the
 132   // policy registration.
 133   // USER_TYPE_PUBLIC_ACCOUNT gets its policy from the
 134   // DeviceLocalAccountPolicyService.
 135   const std::string& username = user->email();
 136   if (user->GetType() != chromeos::User::USER_TYPE_REGULAR ||
 137       BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
 138     return scoped_ptr<UserCloudPolicyManagerChromeOS>();
 139   }
 140
 141   BrowserPolicyConnector* connector =
 142       g_browser_process->browser_policy_connector();
 143   UserAffiliation affiliation = connector->GetUserAffiliation(username);
 144   const bool is_managed_user = affiliation == USER_AFFILIATION_MANAGED;
 145   const bool is_browser_restart =
 146       command_line->HasSwitch(chromeos::switches::kLoginUser) &&
 147       !command_line->HasSwitch(chromeos::switches::kLoginPassword);
 148   const bool wait_for_initial_policy = is_managed_user && !is_browser_restart;
 149
 150   DeviceManagementService* device_management_service =
 151       connector->device_management_service();
 152   if (wait_for_initial_policy)
 153     device_management_service->ScheduleInitialization(0);
 154
 155   base::FilePath profile_dir = profile->GetPath();
 156   const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
 157   const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
 158   const base::FilePath token_cache_file = legacy_dir.Append(kToken);
 159   const base::FilePath component_policy_cache_dir =
 160       profile_dir.Append(kPolicy).Append(kComponentsDir);
 161   const base::FilePath external_data_dir =
 162         profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
 163   base::FilePath policy_key_dir;
 164   CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
 165
 166   scoped_ptr<UserCloudPolicyStoreChromeOS> store(
 167       new UserCloudPolicyStoreChromeOS(
 168           chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
 169           chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
 170           background_task_runner,
 171           username, policy_key_dir, token_cache_file, policy_cache_file));
 172
 173   scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
 174       content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
 175           content::BrowserThread::GetBlockingPool()->GetSequenceToken());
 176   scoped_refptr<base::SequencedTaskRunner> io_task_runner =
 177       content::BrowserThread::GetMessageLoopProxyForThread(
 178           content::BrowserThread::IO);
 179   scoped_ptr<CloudExternalDataManager> external_data_manager(
 180       new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
 181                                        backend_task_runner,
 182                                        io_task_runner,
 183                                        external_data_dir,
 184                                        store.get()));
 185   if (force_immediate_load)
 186     store->LoadImmediately();
 187
 188   scoped_refptr<base::SequencedTaskRunner> file_task_runner =
 189       content::BrowserThread::GetMessageLoopProxyForThread(
 190           content::BrowserThread::FILE);
 191
 192   scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
 193       new UserCloudPolicyManagerChromeOS(
 194           store.PassAs<CloudPolicyStore>(),
 195           external_data_manager.Pass(),
 196           component_policy_cache_dir,
 197           wait_for_initial_policy,
 198           base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds),
 199           base::MessageLoopProxy::current(),
 200           file_task_runner,
 201           io_task_runner));
 202   manager->Init(SchemaRegistryServiceFactory::GetForContext(profile));
 203   manager->Connect(g_browser_process->local_state(),
 204                    device_management_service,
 205                    g_browser_process->system_request_context(),
 206                    affiliation);
 207
 208   DCHECK(managers_.find(profile) == managers_.end());
 209   managers_[profile] = manager.get();
 210   return manager.Pass();
 211 }
 212
 213 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
 214     content::BrowserContext* context) {
 215   Profile* profile = static_cast<Profile*>(context);
 216   if (profile->IsOffTheRecord())
 217     return;
 218   UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
 219   if (manager)
 220     manager->Shutdown();
 221 }
 222
 223 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
 224     content::BrowserContext* context) {
 225   Profile* profile = static_cast<Profile*>(context);
 226   managers_.erase(profile);
 227   BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
 228 }
 229
 230 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
 231     content::BrowserContext* context) {}
 232
 233 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
 234     content::BrowserContext* context) {}
 235
 236 }  // namespace policy