chrome/browser/chromeos/policy/browser_policy_connector_chromeos.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
   6
   7 #include <string>
   8 #include "base/bind.h"
   9 #include "base/command_line.h"
  10 #include "base/files/file_path.h"
  11 #include "base/location.h"
  12 #include "base/logging.h"
  13 #include "base/message_loop/message_loop.h"
  14 #include "base/message_loop/message_loop_proxy.h"
  15 #include "base/path_service.h"
  16 #include "base/prefs/pref_registry_simple.h"
  17 #include "base/sequenced_task_runner.h"
  18 #include "base/strings/utf_string_conversions.h"
  19 #include "base/threading/sequenced_worker_pool.h"
  20 #include "chrome/browser/chromeos/policy/affiliated_cloud_policy_invalidator.h"
  21 #include "chrome/browser/chromeos/policy/affiliated_invalidation_service_provider.h"
  22 #include "chrome/browser/chromeos/policy/affiliated_invalidation_service_provider_impl.h"
  23 #include "chrome/browser/chromeos/policy/consumer_management_service.h"
  24 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
  25 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
  26 #include "chrome/browser/chromeos/policy/device_local_account.h"
  27 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
  28 #include "chrome/browser/chromeos/policy/device_network_configuration_updater.h"
  29 #include "chrome/browser/chromeos/policy/enrollment_config.h"
  30 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
  31 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
  32 #include "chrome/browser/chromeos/settings/cros_settings.h"
  33 #include "chrome/browser/chromeos/settings/device_settings_service.h"
  34 #include "chrome/browser/policy/device_management_service_configuration.h"
  35 #include "chrome/common/pref_names.h"
  36 #include "chromeos/chromeos_paths.h"
  37 #include "chromeos/chromeos_switches.h"
  38 #include "chromeos/cryptohome/system_salt_getter.h"
  39 #include "chromeos/dbus/cryptohome_client.h"
  40 #include "chromeos/dbus/dbus_thread_manager.h"
  41 #include "chromeos/network/network_handler.h"
  42 #include "chromeos/network/onc/onc_certificate_importer_impl.h"
  43 #include "chromeos/settings/cros_settings_names.h"
  44 #include "chromeos/settings/cros_settings_provider.h"
  45 #include "chromeos/settings/timezone_settings.h"
  46 #include "components/policy/core/common/cloud/cloud_policy_client.h"
  47 #include "components/policy/core/common/cloud/cloud_policy_refresh_scheduler.h"
  48 #include "components/policy/core/common/proxy_policy_provider.h"
  49 #include "content/public/browser/browser_thread.h"
  50 #include "google_apis/gaia/gaia_auth_util.h"
  51 #include "net/url_request/url_request_context_getter.h"
  52 #include "policy/proto/device_management_backend.pb.h"
  53
  54 using content::BrowserThread;
  55
  56 namespace policy {
  57
  58 namespace {
  59
  60 // TODO(davidyu): Update the URL to the real one once it is ready.
  61 // http://crbug.com/366491.
  62 //
  63 // The URL for the consumer device management server.
  64 const char kDefaultConsumerDeviceManagementServerUrl[] =
  65     "https://m.google.com/devicemanagement/data/api";
  66
  67 // Install attributes for tests.
  68 EnterpriseInstallAttributes* g_testing_install_attributes = NULL;
  69
  70 // Helper that returns a new SequencedTaskRunner backed by the blocking pool.
  71 // Each SequencedTaskRunner returned is independent from the others.
  72 scoped_refptr<base::SequencedTaskRunner> GetBackgroundTaskRunner() {
  73   base::SequencedWorkerPool* pool = BrowserThread::GetBlockingPool();
  74   CHECK(pool);
  75   return pool->GetSequencedTaskRunnerWithShutdownBehavior(
  76       pool->GetSequenceToken(), base::SequencedWorkerPool::SKIP_ON_SHUTDOWN);
  77 }
  78
  79 std::string GetDeviceManagementServerUrlForConsumer() {
  80   const base::CommandLine* command_line =
  81       base::CommandLine::ForCurrentProcess();
  82   if (command_line->HasSwitch(
  83           chromeos::switches::kConsumerDeviceManagementUrl)) {
  84     return command_line->GetSwitchValueASCII(
  85         chromeos::switches::kConsumerDeviceManagementUrl);
  86   }
  87   return kDefaultConsumerDeviceManagementServerUrl;
  88 }
  89
  90 }  // namespace
  91
  92 BrowserPolicyConnectorChromeOS::BrowserPolicyConnectorChromeOS()
  93     : device_cloud_policy_manager_(NULL),
  94       global_user_cloud_policy_provider_(NULL),
  95       weak_ptr_factory_(this) {
  96   if (g_testing_install_attributes) {
  97     install_attributes_.reset(g_testing_install_attributes);
  98     g_testing_install_attributes = NULL;
  99   }
 100
 101   // SystemSaltGetter or DBusThreadManager may be uninitialized on unit tests.
 102
 103   // TODO(satorux): Remove SystemSaltGetter::IsInitialized() when it's ready
 104   // (removing it now breaks tests). crbug.com/141016.
 105   if (chromeos::SystemSaltGetter::IsInitialized() &&
 106       chromeos::DBusThreadManager::IsInitialized()) {
 107     state_keys_broker_.reset(new ServerBackedStateKeysBroker(
 108         chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
 109         base::MessageLoopProxy::current()));
 110
 111     chromeos::CryptohomeClient* cryptohome_client =
 112         chromeos::DBusThreadManager::Get()->GetCryptohomeClient();
 113     if (!install_attributes_) {
 114       install_attributes_.reset(
 115           new EnterpriseInstallAttributes(cryptohome_client));
 116     }
 117     base::FilePath install_attrs_file;
 118     CHECK(PathService::Get(chromeos::FILE_INSTALL_ATTRIBUTES,
 119                            &install_attrs_file));
 120     install_attributes_->ReadCacheFile(install_attrs_file);
 121
 122     const base::CommandLine* command_line =
 123         base::CommandLine::ForCurrentProcess();
 124     if (command_line->HasSwitch(
 125             chromeos::switches::kEnableConsumerManagement)) {
 126       consumer_management_service_.reset(
 127           new ConsumerManagementService(
 128               cryptohome_client,
 129               chromeos::DeviceSettingsService::Get()));
 130     }
 131
 132     scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_cloud_policy_store(
 133         new DeviceCloudPolicyStoreChromeOS(
 134             chromeos::DeviceSettingsService::Get(),
 135             install_attributes_.get(),
 136             GetBackgroundTaskRunner()));
 137     device_cloud_policy_manager_ =
 138         new DeviceCloudPolicyManagerChromeOS(device_cloud_policy_store.Pass(),
 139                                              base::MessageLoopProxy::current(),
 140                                              state_keys_broker_.get());
 141     AddPolicyProvider(
 142         scoped_ptr<ConfigurationPolicyProvider>(device_cloud_policy_manager_));
 143   }
 144
 145   global_user_cloud_policy_provider_ = new ProxyPolicyProvider();
 146   AddPolicyProvider(scoped_ptr<ConfigurationPolicyProvider>(
 147       global_user_cloud_policy_provider_));
 148 }
 149
 150 BrowserPolicyConnectorChromeOS::~BrowserPolicyConnectorChromeOS() {}
 151
 152 void BrowserPolicyConnectorChromeOS::Init(
 153     PrefService* local_state,
 154     scoped_refptr<net::URLRequestContextGetter> request_context) {
 155   local_state_ = local_state;
 156   ChromeBrowserPolicyConnector::Init(local_state, request_context);
 157
 158   affiliated_invalidation_service_provider_.reset(
 159       new AffiliatedInvalidationServiceProviderImpl);
 160
 161   const base::CommandLine* command_line =
 162       base::CommandLine::ForCurrentProcess();
 163   if (command_line->HasSwitch(chromeos::switches::kEnableConsumerManagement)) {
 164     scoped_ptr<DeviceManagementService::Configuration> configuration(
 165         new DeviceManagementServiceConfiguration(
 166             GetDeviceManagementServerUrlForConsumer()));
 167     consumer_device_management_service_.reset(
 168         new DeviceManagementService(configuration.Pass()));
 169     consumer_device_management_service_->ScheduleInitialization(
 170         kServiceInitializationStartupDelay);
 171   }
 172
 173   if (device_cloud_policy_manager_) {
 174     // Note: for now the |device_cloud_policy_manager_| is using the global
 175     // schema registry. Eventually it will have its own registry, once device
 176     // cloud policy for extensions is introduced. That means it'd have to be
 177     // initialized from here instead of BrowserPolicyConnector::Init().
 178
 179     device_cloud_policy_manager_->Initialize(local_state);
 180     device_cloud_policy_manager_->AddDeviceCloudPolicyManagerObserver(this);
 181     RestartDeviceCloudPolicyInitializer();
 182   }
 183
 184   device_local_account_policy_service_.reset(
 185       new DeviceLocalAccountPolicyService(
 186           chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
 187           chromeos::DeviceSettingsService::Get(),
 188           chromeos::CrosSettings::Get(),
 189           affiliated_invalidation_service_provider_.get(),
 190           GetBackgroundTaskRunner(),
 191           GetBackgroundTaskRunner(),
 192           GetBackgroundTaskRunner(),
 193           content::BrowserThread::GetMessageLoopProxyForThread(
 194               content::BrowserThread::IO),
 195           request_context));
 196   device_local_account_policy_service_->Connect(device_management_service());
 197   if (device_cloud_policy_manager_) {
 198     device_cloud_policy_invalidator_.reset(new AffiliatedCloudPolicyInvalidator(
 199         enterprise_management::DeviceRegisterRequest::DEVICE,
 200         device_cloud_policy_manager_->core(),
 201         affiliated_invalidation_service_provider_.get()));
 202   }
 203
 204   SetTimezoneIfPolicyAvailable();
 205
 206   network_configuration_updater_ =
 207       DeviceNetworkConfigurationUpdater::CreateForDevicePolicy(
 208           GetPolicyService(),
 209           chromeos::NetworkHandler::Get()
 210               ->managed_network_configuration_handler(),
 211           chromeos::NetworkHandler::Get()->network_device_handler(),
 212           chromeos::CrosSettings::Get());
 213 }
 214
 215 void BrowserPolicyConnectorChromeOS::PreShutdown() {
 216   // Let the |affiliated_invalidation_service_provider_| unregister itself as an
 217   // observer of per-Profile InvalidationServices and the device-global
 218   // invalidation::TiclInvalidationService it may have created as an observer of
 219   // the DeviceOAuth2TokenService that is destroyed before Shutdown() is called.
 220   if (affiliated_invalidation_service_provider_)
 221     affiliated_invalidation_service_provider_->Shutdown();
 222 }
 223
 224 void BrowserPolicyConnectorChromeOS::Shutdown() {
 225   network_configuration_updater_.reset();
 226
 227   if (device_local_account_policy_service_)
 228     device_local_account_policy_service_->Shutdown();
 229
 230   if (device_cloud_policy_initializer_)
 231     device_cloud_policy_initializer_->Shutdown();
 232
 233   if (device_cloud_policy_manager_)
 234     device_cloud_policy_manager_->RemoveDeviceCloudPolicyManagerObserver(this);
 235
 236   ChromeBrowserPolicyConnector::Shutdown();
 237 }
 238
 239 bool BrowserPolicyConnectorChromeOS::IsEnterpriseManaged() {
 240   return install_attributes_ && install_attributes_->IsEnterpriseDevice();
 241 }
 242
 243 std::string BrowserPolicyConnectorChromeOS::GetEnterpriseDomain() {
 244   return install_attributes_ ? install_attributes_->GetDomain() : std::string();
 245 }
 246
 247 DeviceMode BrowserPolicyConnectorChromeOS::GetDeviceMode() {
 248   return install_attributes_ ? install_attributes_->GetMode()
 249                              : DEVICE_MODE_NOT_SET;
 250 }
 251
 252 EnrollmentConfig BrowserPolicyConnectorChromeOS::GetPrescribedEnrollmentConfig()
 253     const {
 254   if (device_cloud_policy_initializer_)
 255     return device_cloud_policy_initializer_->GetPrescribedEnrollmentConfig();
 256
 257   return EnrollmentConfig();
 258 }
 259
 260 UserAffiliation BrowserPolicyConnectorChromeOS::GetUserAffiliation(
 261     const std::string& user_name) {
 262   // An empty username means incognito user in case of ChromiumOS and
 263   // no logged-in user in case of Chromium (SigninService). Many tests use
 264   // nonsense email addresses (e.g. 'test') so treat those as non-enterprise
 265   // users.
 266   if (user_name.empty() || user_name.find('@') == std::string::npos)
 267     return USER_AFFILIATION_NONE;
 268
 269   if (install_attributes_ &&
 270       (gaia::ExtractDomainName(gaia::CanonicalizeEmail(user_name)) ==
 271            install_attributes_->GetDomain() ||
 272        policy::IsDeviceLocalAccountUser(user_name, NULL))) {
 273     return USER_AFFILIATION_MANAGED;
 274   }
 275
 276   return USER_AFFILIATION_NONE;
 277 }
 278
 279 void BrowserPolicyConnectorChromeOS::SetUserPolicyDelegate(
 280     ConfigurationPolicyProvider* user_policy_provider) {
 281   global_user_cloud_policy_provider_->SetDelegate(user_policy_provider);
 282 }
 283
 284 void BrowserPolicyConnectorChromeOS::SetConsumerManagementServiceForTesting(
 285     scoped_ptr<ConsumerManagementService> service) {
 286   consumer_management_service_ = service.Pass();
 287 }
 288
 289 void BrowserPolicyConnectorChromeOS::SetDeviceCloudPolicyInitializerForTesting(
 290     scoped_ptr<DeviceCloudPolicyInitializer> initializer) {
 291   device_cloud_policy_initializer_ = initializer.Pass();
 292 }
 293
 294 // static
 295 void BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
 296     EnterpriseInstallAttributes* attributes) {
 297   DCHECK(!g_testing_install_attributes);
 298   g_testing_install_attributes = attributes;
 299 }
 300
 301 // static
 302 void BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting() {
 303   if (g_testing_install_attributes) {
 304     delete g_testing_install_attributes;
 305     g_testing_install_attributes = NULL;
 306   }
 307 }
 308
 309 // static
 310 void BrowserPolicyConnectorChromeOS::RegisterPrefs(
 311     PrefRegistrySimple* registry) {
 312   registry->RegisterIntegerPref(
 313       prefs::kDevicePolicyRefreshRate,
 314       CloudPolicyRefreshScheduler::kDefaultRefreshDelayMs);
 315 }
 316
 317 void BrowserPolicyConnectorChromeOS::OnDeviceCloudPolicyManagerConnected() {
 318   CHECK(device_cloud_policy_initializer_);
 319
 320   // DeviceCloudPolicyInitializer might still be on the call stack, so we
 321   // should release the initializer after this function returns.
 322   device_cloud_policy_initializer_->Shutdown();
 323   base::MessageLoop::current()->DeleteSoon(
 324       FROM_HERE, device_cloud_policy_initializer_.release());
 325 }
 326
 327 void BrowserPolicyConnectorChromeOS::OnDeviceCloudPolicyManagerDisconnected() {
 328   DCHECK(!device_cloud_policy_initializer_);
 329
 330   RestartDeviceCloudPolicyInitializer();
 331 }
 332
 333 void BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable() {
 334   typedef chromeos::CrosSettingsProvider Provider;
 335   Provider::TrustedStatus result =
 336       chromeos::CrosSettings::Get()->PrepareTrustedValues(base::Bind(
 337           &BrowserPolicyConnectorChromeOS::SetTimezoneIfPolicyAvailable,
 338           weak_ptr_factory_.GetWeakPtr()));
 339
 340   if (result != Provider::TRUSTED)
 341     return;
 342
 343   std::string timezone;
 344   if (chromeos::CrosSettings::Get()->GetString(chromeos::kSystemTimezonePolicy,
 345                                                &timezone) &&
 346       !timezone.empty()) {
 347     chromeos::system::TimezoneSettings::GetInstance()->SetTimezoneFromID(
 348         base::UTF8ToUTF16(timezone));
 349   }
 350 }
 351
 352 void BrowserPolicyConnectorChromeOS::RestartDeviceCloudPolicyInitializer() {
 353   device_cloud_policy_initializer_.reset(
 354       new DeviceCloudPolicyInitializer(
 355           local_state_,
 356           device_management_service(),
 357           consumer_device_management_service_.get(),
 358           GetBackgroundTaskRunner(),
 359           install_attributes_.get(),
 360           state_keys_broker_.get(),
 361           device_cloud_policy_manager_->device_store(),
 362           device_cloud_policy_manager_));
 363   device_cloud_policy_initializer_->Init();
 364 }
 365
 366 }  // namespace policy