search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add ENABLE_MEDIA_ROUTER define to builds other than Android and iOS.
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / user_cloud_policy_manager_factory_chromeos.cc
blob9b56692b8e30945f987b45426353b6c8b884f622
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_factory_chromeos.h"
6
7 #include "base/bind.h"
8 #include "base/command_line.h"
9 #include "base/files/file_path.h"
10 #include "base/logging.h"
11 #include "base/memory/ref_counted.h"
12 #include "base/message_loop/message_loop_proxy.h"
13 #include "base/path_service.h"
14 #include "base/sequenced_task_runner.h"
15 #include "base/threading/sequenced_worker_pool.h"
16 #include "base/time/time.h"
17 #include "chrome/browser/browser_process.h"
18 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
19 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
20 #include "chrome/browser/chromeos/policy/user_cloud_external_data_manager.h"
21 #include "chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h"
22 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
23 #include "chrome/browser/chromeos/profiles/profile_helper.h"
24 #include "chrome/browser/chromeos/settings/cros_settings.h"
25 #include "chrome/browser/policy/schema_registry_service.h"
26 #include "chrome/browser/policy/schema_registry_service_factory.h"
27 #include "chrome/browser/profiles/profile.h"
28 #include "chromeos/chromeos_paths.h"
29 #include "chromeos/chromeos_switches.h"
30 #include "chromeos/dbus/dbus_thread_manager.h"
31 #include "components/keyed_service/content/browser_context_dependency_manager.h"
32 #include "components/policy/core/browser/browser_policy_connector.h"
33 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
34 #include "components/policy/core/common/cloud/device_management_service.h"
35 #include "components/user_manager/user.h"
36 #include "components/user_manager/user_manager.h"
37 #include "content/public/browser/browser_thread.h"
38 #include "net/url_request/url_request_context_getter.h"
39 #include "policy/policy_constants.h"
40
41 namespace policy {
42
43 namespace {
44
45 // Subdirectory in the user's profile for storing legacy user policies.
46 const base::FilePath::CharType kDeviceManagementDir[] =
47 FILE_PATH_LITERAL("Device Management");
48
49 // File in the above directory for storing legacy user policy dmtokens.
50 const base::FilePath::CharType kToken[] = FILE_PATH_LITERAL("Token");
51
52 // This constant is used to build two different paths. It can be a file inside
53 // kDeviceManagementDir where legacy user policy data is stored, and it can be
54 // a directory inside the profile directory where other resources are stored.
55 const base::FilePath::CharType kPolicy[] = FILE_PATH_LITERAL("Policy");
56
57 // Directory under kPolicy, in the user's profile dir, where policy for
58 // components is cached.
59 const base::FilePath::CharType kComponentsDir[] =
60 FILE_PATH_LITERAL("Components");
61
62 // Directory in which to store external policy data. This is specified relative
63 // to kPolicy.
64 const base::FilePath::CharType kPolicyExternalDataDir[] =
65 FILE_PATH_LITERAL("External Data");
66
67 // Timeout in seconds after which to abandon the initial policy fetch and start
68 // the session regardless.
69 const int kInitialPolicyFetchTimeoutSeconds = 10;
70
71 } // namespace
72
73 // static
74 UserCloudPolicyManagerFactoryChromeOS*
75 UserCloudPolicyManagerFactoryChromeOS::GetInstance() {
76 return Singleton<UserCloudPolicyManagerFactoryChromeOS>::get();
77 }
78
79 // static
80 UserCloudPolicyManagerChromeOS*
81 UserCloudPolicyManagerFactoryChromeOS::GetForProfile(
82 Profile* profile) {
83 return GetInstance()->GetManagerForProfile(profile);
84 }
85
86 // static
87 scoped_ptr<UserCloudPolicyManagerChromeOS>
88 UserCloudPolicyManagerFactoryChromeOS::CreateForProfile(
89 Profile* profile,
90 bool force_immediate_load,
91 scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
92 return GetInstance()->CreateManagerForProfile(
93 profile, force_immediate_load, background_task_runner);
94 }
95
96 UserCloudPolicyManagerFactoryChromeOS::UserCloudPolicyManagerFactoryChromeOS()
97 : BrowserContextKeyedBaseFactory(
98 "UserCloudPolicyManagerChromeOS",
99 BrowserContextDependencyManager::GetInstance()) {
100 DependsOn(SchemaRegistryServiceFactory::GetInstance());
101 }
102
103 UserCloudPolicyManagerFactoryChromeOS::
104 ~UserCloudPolicyManagerFactoryChromeOS() {}
105
106 UserCloudPolicyManagerChromeOS*
107 UserCloudPolicyManagerFactoryChromeOS::GetManagerForProfile(
108 Profile* profile) {
109 // Get the manager for the original profile, since the PolicyService is
110 // also shared between the incognito Profile and the original Profile.
111 ManagerMap::const_iterator it = managers_.find(profile->GetOriginalProfile());
112 return it != managers_.end() ? it->second : NULL;
113 }
114
115 scoped_ptr<UserCloudPolicyManagerChromeOS>
116 UserCloudPolicyManagerFactoryChromeOS::CreateManagerForProfile(
117 Profile* profile,
118 bool force_immediate_load,
119 scoped_refptr<base::SequencedTaskRunner> background_task_runner) {
120 const base::CommandLine* command_line =
121 base::CommandLine::ForCurrentProcess();
122 // Don't initialize cloud policy for the signin profile.
123 if (chromeos::ProfileHelper::IsSigninProfile(profile))
124 return scoped_ptr<UserCloudPolicyManagerChromeOS>();
125
126 // |user| should never be NULL except for the signin profile. This object is
127 // created as part of the Profile creation, which happens right after
128 // sign-in. The just-signed-in User is the active user during that time.
129 const user_manager::User* user =
130 chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
131 CHECK(user);
132
133 // User policy exists for enterprise accounts only:
134 // - For regular enterprise users (those who have a GAIA account), a
135 // |UserCloudPolicyManagerChromeOS| is created here.
136 // - For device-local accounts, policy is provided by
137 // |DeviceLocalAccountPolicyService|.
138 // All other user types do not have user policy.
139 const std::string& username = user->email();
140 if (!user->HasGaiaAccount() ||
141 user->IsSupervised() ||
142 BrowserPolicyConnector::IsNonEnterpriseUser(username)) {
143 return scoped_ptr<UserCloudPolicyManagerChromeOS>();
144 }
145
146 policy::BrowserPolicyConnectorChromeOS* connector =
147 g_browser_process->platform_part()->browser_policy_connector_chromeos();
148 UserAffiliation affiliation = connector->GetUserAffiliation(username);
149 const bool is_affiliated_user = affiliation == USER_AFFILIATION_MANAGED;
150 const bool is_browser_restart =
151 command_line->HasSwitch(chromeos::switches::kLoginUser);
152 // TODO(xiyuan): Update the code below after http://crbug.com/462036.
153 const bool wait_for_initial_policy =
154 !is_browser_restart &&
155 chromeos::UserSessionManager::GetInstance()->has_auth_cookies() &&
156 (user_manager::UserManager::Get()->IsCurrentUserNew() ||
157 is_affiliated_user);
158
159 const base::TimeDelta initial_policy_fetch_timeout =
160 user_manager::UserManager::Get()->IsCurrentUserNew()
161 ? base::TimeDelta::Max()
162 : base::TimeDelta::FromSeconds(kInitialPolicyFetchTimeoutSeconds);
163
164 DeviceManagementService* device_management_service =
165 connector->device_management_service();
166 if (wait_for_initial_policy)
167 device_management_service->ScheduleInitialization(0);
168
169 base::FilePath profile_dir = profile->GetPath();
170 const base::FilePath legacy_dir = profile_dir.Append(kDeviceManagementDir);
171 const base::FilePath policy_cache_file = legacy_dir.Append(kPolicy);
172 const base::FilePath token_cache_file = legacy_dir.Append(kToken);
173 const base::FilePath component_policy_cache_dir =
174 profile_dir.Append(kPolicy).Append(kComponentsDir);
175 const base::FilePath external_data_dir =
176 profile_dir.Append(kPolicy).Append(kPolicyExternalDataDir);
177 base::FilePath policy_key_dir;
178 CHECK(PathService::Get(chromeos::DIR_USER_POLICY_KEYS, &policy_key_dir));
179
180 scoped_ptr<UserCloudPolicyStoreChromeOS> store(
181 new UserCloudPolicyStoreChromeOS(
182 chromeos::DBusThreadManager::Get()->GetCryptohomeClient(),
183 chromeos::DBusThreadManager::Get()->GetSessionManagerClient(),
184 background_task_runner,
185 username, policy_key_dir, token_cache_file, policy_cache_file));
186
187 scoped_refptr<base::SequencedTaskRunner> backend_task_runner =
188 content::BrowserThread::GetBlockingPool()->GetSequencedTaskRunner(
189 content::BrowserThread::GetBlockingPool()->GetSequenceToken());
190 scoped_refptr<base::SequencedTaskRunner> io_task_runner =
191 content::BrowserThread::GetMessageLoopProxyForThread(
192 content::BrowserThread::IO);
193 scoped_ptr<CloudExternalDataManager> external_data_manager(
194 new UserCloudExternalDataManager(base::Bind(&GetChromePolicyDetails),
195 backend_task_runner,
196 io_task_runner,
197 external_data_dir,
198 store.get()));
199 if (force_immediate_load)
200 store->LoadImmediately();
201
202 scoped_refptr<base::SequencedTaskRunner> file_task_runner =
203 content::BrowserThread::GetMessageLoopProxyForThread(
204 content::BrowserThread::FILE);
205
206 scoped_ptr<UserCloudPolicyManagerChromeOS> manager(
207 new UserCloudPolicyManagerChromeOS(store.Pass(),
208 external_data_manager.Pass(),
209 component_policy_cache_dir,
210 wait_for_initial_policy,
211 initial_policy_fetch_timeout,
212 base::MessageLoopProxy::current(),
213 file_task_runner,
214 io_task_runner));
215
216 bool wildcard_match = false;
217 if (connector->IsEnterpriseManaged() &&
218 chromeos::CrosSettings::IsWhitelisted(username, &wildcard_match) &&
219 wildcard_match && !connector->IsNonEnterpriseUser(username)) {
220 manager->EnableWildcardLoginCheck(username);
221 }
222
223 manager->Init(
224 SchemaRegistryServiceFactory::GetForContext(profile)->registry());
225 manager->Connect(g_browser_process->local_state(),
226 device_management_service,
227 g_browser_process->system_request_context(),
228 affiliation);
229
230 DCHECK(managers_.find(profile) == managers_.end());
231 managers_[profile] = manager.get();
232 return manager.Pass();
233 }
234
235 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextShutdown(
236 content::BrowserContext* context) {
237 Profile* profile = static_cast<Profile*>(context);
238 if (profile->IsOffTheRecord())
239 return;
240 UserCloudPolicyManagerChromeOS* manager = GetManagerForProfile(profile);
241 if (manager)
242 manager->Shutdown();
243 }
244
245 void UserCloudPolicyManagerFactoryChromeOS::BrowserContextDestroyed(
246 content::BrowserContext* context) {
247 Profile* profile = static_cast<Profile*>(context);
248 managers_.erase(profile);
249 BrowserContextKeyedBaseFactory::BrowserContextDestroyed(context);
250 }
251
252 void UserCloudPolicyManagerFactoryChromeOS::SetEmptyTestingFactory(
253 content::BrowserContext* context) {}
254
255 bool UserCloudPolicyManagerFactoryChromeOS::HasTestingFactory(
256 content::BrowserContext* context) {
257 return false;
258 }
259
260 void UserCloudPolicyManagerFactoryChromeOS::CreateServiceNow(
261 content::BrowserContext* context) {}
262
263 } // namespace policy