Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / chromeos / policy / policy_cert_service_factory.cc
blob9b999a9a11bcad0e339afd062d5243cd8f0120a7
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/chromeos/policy/policy_cert_service_factory.h"
7 #include "base/memory/singleton.h"
8 #include "base/prefs/pref_registry_simple.h"
9 #include "base/prefs/pref_service.h"
10 #include "base/prefs/scoped_user_pref_update.h"
11 #include "chrome/browser/browser_process.h"
12 #include "chrome/browser/chromeos/policy/policy_cert_service.h"
13 #include "chrome/browser/chromeos/policy/policy_cert_verifier.h"
14 #include "chrome/browser/chromeos/policy/user_network_configuration_updater_factory.h"
15 #include "chrome/browser/chromeos/profiles/profile_helper.h"
16 #include "chrome/browser/lifetime/application_lifetime.h"
17 #include "chrome/browser/profiles/incognito_helpers.h"
18 #include "chrome/browser/profiles/profile.h"
19 #include "chrome/common/pref_names.h"
20 #include "components/keyed_service/content/browser_context_dependency_manager.h"
21 #include "components/pref_registry/pref_registry_syncable.h"
22 #include "components/user_manager/user_manager.h"
24 namespace policy {
26 // static
27 PolicyCertService* PolicyCertServiceFactory::GetForProfile(Profile* profile) {
28 return static_cast<PolicyCertService*>(
29 GetInstance()->GetServiceForBrowserContext(profile, false));
32 // static
33 scoped_ptr<PolicyCertVerifier> PolicyCertServiceFactory::CreateForProfile(
34 Profile* profile) {
35 DCHECK(!GetInstance()->GetServiceForBrowserContext(profile, false));
36 PolicyCertService* service = static_cast<PolicyCertService*>(
37 GetInstance()->GetServiceForBrowserContext(profile, true));
38 if (!service)
39 return scoped_ptr<PolicyCertVerifier>();
40 return service->CreatePolicyCertVerifier();
43 // static
44 PolicyCertServiceFactory* PolicyCertServiceFactory::GetInstance() {
45 return base::Singleton<PolicyCertServiceFactory>::get();
48 // static
49 void PolicyCertServiceFactory::SetUsedPolicyCertificates(
50 const std::string& user_id) {
51 if (UsedPolicyCertificates(user_id))
52 return;
53 ListPrefUpdate update(g_browser_process->local_state(),
54 prefs::kUsedPolicyCertificates);
55 update->AppendString(user_id);
58 // static
59 void PolicyCertServiceFactory::ClearUsedPolicyCertificates(
60 const std::string& user_id) {
61 ListPrefUpdate update(g_browser_process->local_state(),
62 prefs::kUsedPolicyCertificates);
63 update->Remove(base::StringValue(user_id), NULL);
66 // static
67 bool PolicyCertServiceFactory::UsedPolicyCertificates(
68 const std::string& user_id) {
69 base::StringValue value(user_id);
70 const base::ListValue* list =
71 g_browser_process->local_state()->GetList(prefs::kUsedPolicyCertificates);
72 if (!list) {
73 NOTREACHED();
74 return false;
76 return list->Find(value) != list->end();
79 // static
80 void PolicyCertServiceFactory::RegisterPrefs(PrefRegistrySimple* local_state) {
81 local_state->RegisterListPref(prefs::kUsedPolicyCertificates);
84 PolicyCertServiceFactory::PolicyCertServiceFactory()
85 : BrowserContextKeyedServiceFactory(
86 "PolicyCertService",
87 BrowserContextDependencyManager::GetInstance()) {
88 DependsOn(UserNetworkConfigurationUpdaterFactory::GetInstance());
91 PolicyCertServiceFactory::~PolicyCertServiceFactory() {}
93 KeyedService* PolicyCertServiceFactory::BuildServiceInstanceFor(
94 content::BrowserContext* context) const {
95 Profile* profile = static_cast<Profile*>(context);
97 user_manager::UserManager* user_manager = user_manager::UserManager::Get();
98 const user_manager::User* user =
99 chromeos::ProfileHelper::Get()->GetUserByProfile(
100 profile->GetOriginalProfile());
101 if (!user)
102 return NULL;
104 // Backwards compatibility: profiles that used policy-pushed certificates used
105 // to have this condition marked in their prefs. This signal has moved to
106 // local_state though, to support checking it before the profile is loaded.
107 // Check the profile here and update the local_state, if appropriate.
108 // TODO(joaodasilva): remove this, eventually.
109 PrefService* prefs = profile->GetOriginalProfile()->GetPrefs();
110 if (prefs->GetBoolean(prefs::kUsedPolicyCertificatesOnce)) {
111 SetUsedPolicyCertificates(user->email());
112 prefs->ClearPref(prefs::kUsedPolicyCertificatesOnce);
114 if (user_manager->GetLoggedInUsers().size() > 1u) {
115 // This login should not have been allowed. After rebooting, local_state
116 // will contain the updated list of users that used policy-pushed
117 // certificates and this won't happen again.
118 // Note that a user becomes logged in before his profile is created.
119 LOG(ERROR) << "Shutdown session because a tainted profile was added.";
120 g_browser_process->local_state()->CommitPendingWrite();
121 prefs->CommitPendingWrite();
122 chrome::AttemptUserExit();
126 UserNetworkConfigurationUpdater* net_conf_updater =
127 UserNetworkConfigurationUpdaterFactory::GetForProfile(profile);
128 if (!net_conf_updater)
129 return NULL;
131 return new PolicyCertService(user->email(), net_conf_updater, user_manager);
134 content::BrowserContext* PolicyCertServiceFactory::GetBrowserContextToUse(
135 content::BrowserContext* context) const {
136 return chrome::GetBrowserContextOwnInstanceInIncognito(context);
139 void PolicyCertServiceFactory::RegisterProfilePrefs(
140 user_prefs::PrefRegistrySyncable* registry) {
141 // TODO(joaodasilva): this is used for backwards compatibility.
142 // Remove once it's not necessary anymore.
143 registry->RegisterBooleanPref(prefs::kUsedPolicyCertificatesOnce, false);
146 bool PolicyCertServiceFactory::ServiceIsNULLWhileTesting() const {
147 return true;
150 } // namespace policy