Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / device_cloud_policy_manager_chromeos.cc
blob1e11160e992c5ae1cc8baffae1c06f33f3be5fb5
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
7 #include "base/bind.h"
8 #include "base/bind_helpers.h"
9 #include "base/callback.h"
10 #include "base/command_line.h"
11 #include "base/logging.h"
12 #include "base/prefs/pref_registry_simple.h"
13 #include "base/prefs/pref_service.h"
14 #include "base/strings/string_number_conversions.h"
15 #include "base/time/time.h"
16 #include "chrome/browser/browser_process.h"
17 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h"
18 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h"
19 #include "chrome/browser/chromeos/login/startup_utils.h"
20 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
21 #include "chrome/browser/chromeos/policy/device_status_collector.h"
22 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
23 #include "chrome/browser/chromeos/policy/heartbeat_scheduler.h"
24 #include "chrome/browser/chromeos/policy/remote_commands/device_commands_factory_chromeos.h"
25 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
26 #include "chrome/browser/chromeos/policy/status_uploader.h"
27 #include "chrome/browser/chromeos/policy/system_log_uploader.h"
28 #include "chrome/common/pref_names.h"
29 #include "chromeos/chromeos_constants.h"
30 #include "chromeos/chromeos_switches.h"
31 #include "chromeos/system/statistics_provider.h"
32 #include "components/policy/core/common/cloud/cloud_policy_core.h"
33 #include "components/policy/core/common/cloud/cloud_policy_service.h"
34 #include "components/policy/core/common/cloud/cloud_policy_store.h"
35 #include "components/policy/core/common/remote_commands/remote_commands_factory.h"
36 #include "content/public/browser/browser_thread.h"
37 #include "crypto/sha2.h"
38 #include "policy/proto/device_management_backend.pb.h"
39 #include "url/gurl.h"
41 using content::BrowserThread;
43 namespace em = enterprise_management;
45 namespace policy {
47 namespace {
49 const char kNoRequisition[] = "none";
50 const char kRemoraRequisition[] = "remora";
51 const char kSharkRequisition[] = "shark";
53 // These are the machine serial number keys that we check in order until we
54 // find a non-empty serial number. The VPD spec says the serial number should be
55 // in the "serial_number" key for v2+ VPDs. However, legacy devices used a
56 // different key to report their serial number, which we fall back to if
57 // "serial_number" is not present.
59 // Product_S/N is still special-cased due to inconsistencies with serial
60 // numbers on Lumpy devices: On these devices, serial_number is identical to
61 // Product_S/N with an appended checksum. Unfortunately, the sticker on the
62 // packaging doesn't include that checksum either (the sticker on the device
63 // does though!). The former sticker is the source of the serial number used by
64 // device management service, so we prefer Product_S/N over serial number to
65 // match the server.
67 // TODO(mnissler): Move serial_number back to the top once the server side uses
68 // the correct serial number.
69 const char* const kMachineInfoSerialNumberKeys[] = {
70 "Product_S/N", // Lumpy/Alex devices
71 "serial_number", // VPD v2+ devices
72 "Product_SN", // Mario
73 "sn", // old ZGB devices (more recent ones use serial_number)
76 // Fetches a machine statistic value from StatisticsProvider, returns an empty
77 // string on failure.
78 std::string GetMachineStatistic(const std::string& key) {
79 std::string value;
80 chromeos::system::StatisticsProvider* provider =
81 chromeos::system::StatisticsProvider::GetInstance();
82 if (!provider->GetMachineStatistic(key, &value))
83 return std::string();
85 return value;
88 // Gets a machine flag from StatisticsProvider, returns the given
89 // |default_value| if not present.
90 bool GetMachineFlag(const std::string& key, bool default_value) {
91 bool value = default_value;
92 chromeos::system::StatisticsProvider* provider =
93 chromeos::system::StatisticsProvider::GetInstance();
94 if (!provider->GetMachineFlag(key, &value))
95 return default_value;
97 return value;
100 // Checks whether forced re-enrollment is enabled.
101 bool ForcedReEnrollmentEnabled() {
102 return chromeos::AutoEnrollmentController::GetMode() ==
103 chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT;
106 } // namespace
108 DeviceCloudPolicyManagerChromeOS::DeviceCloudPolicyManagerChromeOS(
109 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store,
110 const scoped_refptr<base::SequencedTaskRunner>& task_runner,
111 ServerBackedStateKeysBroker* state_keys_broker)
112 : CloudPolicyManager(
113 dm_protocol::kChromeDevicePolicyType,
114 std::string(),
115 store.get(),
116 task_runner,
117 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::FILE),
118 BrowserThread::GetMessageLoopProxyForThread(BrowserThread::IO)),
119 device_store_(store.Pass()),
120 state_keys_broker_(state_keys_broker),
121 task_runner_(task_runner),
122 local_state_(nullptr) {
125 DeviceCloudPolicyManagerChromeOS::~DeviceCloudPolicyManagerChromeOS() {}
127 void DeviceCloudPolicyManagerChromeOS::Initialize(PrefService* local_state) {
128 CHECK(local_state);
130 local_state_ = local_state;
132 state_keys_update_subscription_ = state_keys_broker_->RegisterUpdateCallback(
133 base::Bind(&DeviceCloudPolicyManagerChromeOS::OnStateKeysUpdated,
134 base::Unretained(this)));
136 InitializeRequisition();
139 void DeviceCloudPolicyManagerChromeOS::AddDeviceCloudPolicyManagerObserver(
140 Observer* observer) {
141 observers_.AddObserver(observer);
144 void DeviceCloudPolicyManagerChromeOS::RemoveDeviceCloudPolicyManagerObserver(
145 Observer* observer) {
146 observers_.RemoveObserver(observer);
149 std::string DeviceCloudPolicyManagerChromeOS::GetDeviceRequisition() const {
150 std::string requisition;
151 const PrefService::Preference* pref = local_state_->FindPreference(
152 prefs::kDeviceEnrollmentRequisition);
153 if (!pref->IsDefaultValue())
154 pref->GetValue()->GetAsString(&requisition);
156 if (requisition == kNoRequisition)
157 requisition.clear();
159 return requisition;
162 void DeviceCloudPolicyManagerChromeOS::SetDeviceRequisition(
163 const std::string& requisition) {
164 VLOG(1) << "SetDeviceRequisition " << requisition;
165 if (local_state_) {
166 if (requisition.empty()) {
167 local_state_->ClearPref(prefs::kDeviceEnrollmentRequisition);
168 local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart);
169 local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit);
170 } else {
171 local_state_->SetString(prefs::kDeviceEnrollmentRequisition, requisition);
172 if (requisition == kNoRequisition) {
173 local_state_->ClearPref(prefs::kDeviceEnrollmentAutoStart);
174 local_state_->ClearPref(prefs::kDeviceEnrollmentCanExit);
175 } else {
176 local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
177 local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
183 bool DeviceCloudPolicyManagerChromeOS::IsRemoraRequisition() const {
184 return GetDeviceRequisition() == kRemoraRequisition;
187 bool DeviceCloudPolicyManagerChromeOS::IsSharkRequisition() const {
188 return GetDeviceRequisition() == kSharkRequisition;
191 void DeviceCloudPolicyManagerChromeOS::Shutdown() {
192 status_uploader_.reset();
193 syslog_uploader_.reset();
194 heartbeat_scheduler_.reset();
195 state_keys_update_subscription_.reset();
196 CloudPolicyManager::Shutdown();
199 // static
200 void DeviceCloudPolicyManagerChromeOS::RegisterPrefs(
201 PrefRegistrySimple* registry) {
202 registry->RegisterStringPref(prefs::kDeviceEnrollmentRequisition,
203 std::string());
204 registry->RegisterBooleanPref(prefs::kDeviceEnrollmentAutoStart, false);
205 registry->RegisterBooleanPref(prefs::kDeviceEnrollmentCanExit, true);
206 registry->RegisterDictionaryPref(prefs::kServerBackedDeviceState);
209 // static
210 std::string DeviceCloudPolicyManagerChromeOS::GetMachineID() {
211 std::string machine_id;
212 chromeos::system::StatisticsProvider* provider =
213 chromeos::system::StatisticsProvider::GetInstance();
214 for (size_t i = 0; i < arraysize(kMachineInfoSerialNumberKeys); i++) {
215 if (provider->GetMachineStatistic(kMachineInfoSerialNumberKeys[i],
216 &machine_id) &&
217 !machine_id.empty()) {
218 break;
222 if (machine_id.empty())
223 LOG(WARNING) << "Failed to get machine id.";
225 return machine_id;
228 // static
229 std::string DeviceCloudPolicyManagerChromeOS::GetMachineModel() {
230 return GetMachineStatistic(chromeos::system::kHardwareClassKey);
233 void DeviceCloudPolicyManagerChromeOS::StartConnection(
234 scoped_ptr<CloudPolicyClient> client_to_connect,
235 EnterpriseInstallAttributes* install_attributes) {
236 CHECK(!service());
238 // Set state keys here so the first policy fetch submits them to the server.
239 if (ForcedReEnrollmentEnabled())
240 client_to_connect->SetStateKeysToUpload(state_keys_broker_->state_keys());
242 core()->Connect(client_to_connect.Pass());
243 core()->StartRefreshScheduler();
244 core()->StartRemoteCommandsService(
245 scoped_ptr<RemoteCommandsFactory>(new DeviceCommandsFactoryChromeOS()));
246 core()->TrackRefreshDelayPref(local_state_,
247 prefs::kDevicePolicyRefreshRate);
248 attestation_policy_observer_.reset(
249 new chromeos::attestation::AttestationPolicyObserver(client()));
251 // Enable device reporting and status monitoring for enterprise enrolled
252 // devices. We want to create these objects for enrolled devices, even if
253 // monitoring is currently inactive, in case monitoring is turned back on in
254 // a future policy fetch - the classes themselves track the current state of
255 // the monitoring settings and only perform monitoring if it is active.
256 if (install_attributes->IsEnterpriseDevice()) {
257 CreateStatusUploader();
258 syslog_uploader_.reset(new SystemLogUploader(nullptr, task_runner_));
259 heartbeat_scheduler_.reset(new HeartbeatScheduler(
260 g_browser_process->gcm_driver(), client(),
261 install_attributes->GetDomain(), install_attributes->GetDeviceId(),
262 task_runner_));
265 NotifyConnected();
268 void DeviceCloudPolicyManagerChromeOS::Unregister(
269 const UnregisterCallback& callback) {
270 if (!service()) {
271 LOG(ERROR) << "Tried to unregister but DeviceCloudPolicyManagerChromeOS is "
272 << "not connected.";
273 callback.Run(false);
274 return;
277 service()->Unregister(callback);
280 void DeviceCloudPolicyManagerChromeOS::Disconnect() {
281 status_uploader_.reset();
282 syslog_uploader_.reset();
283 heartbeat_scheduler_.reset();
284 core()->Disconnect();
286 NotifyDisconnected();
289 void DeviceCloudPolicyManagerChromeOS::OnStateKeysUpdated() {
290 if (client() && ForcedReEnrollmentEnabled())
291 client()->SetStateKeysToUpload(state_keys_broker_->state_keys());
294 void DeviceCloudPolicyManagerChromeOS::InitializeRequisition() {
295 // OEM statistics are only loaded when OOBE is not completed.
296 if (chromeos::StartupUtils::IsOobeCompleted())
297 return;
299 const PrefService::Preference* pref = local_state_->FindPreference(
300 prefs::kDeviceEnrollmentRequisition);
301 if (pref->IsDefaultValue()) {
302 std::string requisition =
303 GetMachineStatistic(chromeos::system::kOemDeviceRequisitionKey);
305 if (!requisition.empty()) {
306 local_state_->SetString(prefs::kDeviceEnrollmentRequisition,
307 requisition);
308 if (requisition == kRemoraRequisition ||
309 requisition == kSharkRequisition) {
310 local_state_->SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
311 local_state_->SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
312 } else {
313 local_state_->SetBoolean(
314 prefs::kDeviceEnrollmentAutoStart,
315 GetMachineFlag(chromeos::system::kOemIsEnterpriseManagedKey,
316 false));
317 local_state_->SetBoolean(
318 prefs::kDeviceEnrollmentCanExit,
319 GetMachineFlag(chromeos::system::kOemCanExitEnterpriseEnrollmentKey,
320 false));
326 void DeviceCloudPolicyManagerChromeOS::NotifyConnected() {
327 FOR_EACH_OBSERVER(
328 Observer, observers_, OnDeviceCloudPolicyManagerConnected());
331 void DeviceCloudPolicyManagerChromeOS::NotifyDisconnected() {
332 FOR_EACH_OBSERVER(
333 Observer, observers_, OnDeviceCloudPolicyManagerDisconnected());
336 void DeviceCloudPolicyManagerChromeOS::CreateStatusUploader() {
337 status_uploader_.reset(new StatusUploader(
338 client(),
339 make_scoped_ptr(new DeviceStatusCollector(
340 local_state_, chromeos::system::StatisticsProvider::GetInstance(),
341 DeviceStatusCollector::LocationUpdateRequester(),
342 DeviceStatusCollector::VolumeInfoFetcher(),
343 DeviceStatusCollector::CPUStatisticsFetcher(),
344 DeviceStatusCollector::CPUTempFetcher())),
345 task_runner_));
348 } // namespace policy