Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / policy / profile_policy_connector.cc
blob945e774b8dac3ece5101f8445a2e657f2810abbf
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chrome/browser/policy/profile_policy_connector.h"
7 #include "base/bind.h"
8 #include "base/logging.h"
9 #include "base/values.h"
10 #include "chrome/browser/browser_process.h"
11 #include "components/policy/core/browser/browser_policy_connector.h"
12 #include "components/policy/core/common/cloud/cloud_policy_core.h"
13 #include "components/policy/core/common/cloud/cloud_policy_manager.h"
14 #include "components/policy/core/common/cloud/cloud_policy_store.h"
15 #include "components/policy/core/common/configuration_policy_provider.h"
16 #include "components/policy/core/common/policy_bundle.h"
17 #include "components/policy/core/common/policy_map.h"
18 #include "components/policy/core/common/policy_namespace.h"
19 #include "components/policy/core/common/policy_service_impl.h"
20 #include "components/policy/core/common/schema_registry_tracking_policy_provider.h"
21 #include "google_apis/gaia/gaia_auth_util.h"
23 #if defined(OS_CHROMEOS)
24 #include "chrome/browser/browser_process_platform_part.h"
25 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
26 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h"
27 #include "chrome/browser/chromeos/policy/device_local_account.h"
28 #include "chrome/browser/chromeos/policy/device_local_account_policy_provider.h"
29 #include "chrome/browser/chromeos/policy/login_profile_policy_provider.h"
30 #include "components/user_manager/user.h"
31 #include "components/user_manager/user_manager.h"
32 #endif
34 namespace policy {
36 namespace {
38 std::string GetCloudPolicyManagementDomain(
39 const CloudPolicyManager* cloud_policy_manager) {
40 const CloudPolicyStore* const store = cloud_policy_manager->core()->store();
41 if (store) {
42 CHECK(store->is_initialized())
43 << "Cloud policy management domain must be "
44 "requested only after the policy system is fully initialized";
45 if (store->is_managed() && store->policy()->has_username())
46 return gaia::ExtractDomainName(store->policy()->username());
48 return "";
51 } // namespace
53 ProfilePolicyConnector::ProfilePolicyConnector()
54 #if defined(OS_CHROMEOS)
55 : is_primary_user_(false),
56 user_cloud_policy_manager_(nullptr)
57 #else
58 : user_cloud_policy_manager_(nullptr)
59 #endif
63 ProfilePolicyConnector::~ProfilePolicyConnector() {}
65 void ProfilePolicyConnector::Init(
66 #if defined(OS_CHROMEOS)
67 const user_manager::User* user,
68 #endif
69 SchemaRegistry* schema_registry,
70 CloudPolicyManager* user_cloud_policy_manager) {
71 user_cloud_policy_manager_ = user_cloud_policy_manager;
73 #if defined(OS_CHROMEOS)
74 BrowserPolicyConnectorChromeOS* connector =
75 g_browser_process->platform_part()->browser_policy_connector_chromeos();
76 #else
77 BrowserPolicyConnector* connector =
78 g_browser_process->browser_policy_connector();
79 #endif
81 if (connector->GetPlatformProvider()) {
82 wrapped_platform_policy_provider_.reset(
83 new SchemaRegistryTrackingPolicyProvider(
84 connector->GetPlatformProvider()));
85 wrapped_platform_policy_provider_->Init(schema_registry);
86 policy_providers_.push_back(wrapped_platform_policy_provider_.get());
89 #if defined(OS_CHROMEOS)
90 if (connector->GetDeviceCloudPolicyManager())
91 policy_providers_.push_back(connector->GetDeviceCloudPolicyManager());
92 #endif
94 if (user_cloud_policy_manager)
95 policy_providers_.push_back(user_cloud_policy_manager);
97 #if defined(OS_CHROMEOS)
98 if (!user) {
99 DCHECK(schema_registry);
100 // This case occurs for the signin profile.
101 special_user_policy_provider_.reset(
102 new LoginProfilePolicyProvider(connector->GetPolicyService()));
103 } else {
104 // |user| should never be nullptr except for the signin profile.
105 is_primary_user_ =
106 user == user_manager::UserManager::Get()->GetPrimaryUser();
107 // Note that |DeviceLocalAccountPolicyProvider::Create| returns nullptr when
108 // the user supplied is not a device-local account user.
109 special_user_policy_provider_ = DeviceLocalAccountPolicyProvider::Create(
110 user->email(),
111 connector->GetDeviceLocalAccountPolicyService());
113 if (special_user_policy_provider_) {
114 special_user_policy_provider_->Init(schema_registry);
115 policy_providers_.push_back(special_user_policy_provider_.get());
117 #endif
119 policy_service_.reset(new PolicyServiceImpl(policy_providers_));
121 #if defined(OS_CHROMEOS)
122 if (is_primary_user_) {
123 if (user_cloud_policy_manager)
124 connector->SetUserPolicyDelegate(user_cloud_policy_manager);
125 else if (special_user_policy_provider_)
126 connector->SetUserPolicyDelegate(special_user_policy_provider_.get());
128 #endif
131 void ProfilePolicyConnector::InitForTesting(scoped_ptr<PolicyService> service) {
132 policy_service_ = service.Pass();
135 void ProfilePolicyConnector::OverrideIsManagedForTesting(bool is_managed) {
136 is_managed_override_.reset(new bool(is_managed));
139 void ProfilePolicyConnector::Shutdown() {
140 #if defined(OS_CHROMEOS)
141 if (is_primary_user_) {
142 BrowserPolicyConnectorChromeOS* connector =
143 g_browser_process->platform_part()->browser_policy_connector_chromeos();
144 connector->SetUserPolicyDelegate(nullptr);
146 if (special_user_policy_provider_)
147 special_user_policy_provider_->Shutdown();
148 #endif
149 if (wrapped_platform_policy_provider_)
150 wrapped_platform_policy_provider_->Shutdown();
153 bool ProfilePolicyConnector::IsManaged() const {
154 if (is_managed_override_)
155 return *is_managed_override_;
156 return !GetManagementDomain().empty();
159 std::string ProfilePolicyConnector::GetManagementDomain() const {
160 if (user_cloud_policy_manager_)
161 return GetCloudPolicyManagementDomain(user_cloud_policy_manager_);
162 #if defined(OS_CHROMEOS)
163 if (special_user_policy_provider_) {
164 // |special_user_policy_provider_| is non-null for device-local accounts and
165 // for the login profile.
166 // They receive policy iff the device itself is managed.
167 const DeviceCloudPolicyManagerChromeOS* const device_cloud_policy_manager =
168 g_browser_process->platform_part()
169 ->browser_policy_connector_chromeos()
170 ->GetDeviceCloudPolicyManager();
171 // The device_cloud_policy_manager can be a nullptr in unit tests.
172 if (device_cloud_policy_manager)
173 return GetCloudPolicyManagementDomain(device_cloud_policy_manager);
175 #endif
176 return "";
179 bool ProfilePolicyConnector::IsPolicyFromCloudPolicy(const char* name) const {
180 const ConfigurationPolicyProvider* const provider =
181 DeterminePolicyProviderForPolicy(name);
182 return provider == user_cloud_policy_manager_;
185 const ConfigurationPolicyProvider*
186 ProfilePolicyConnector::DeterminePolicyProviderForPolicy(
187 const char* name) const {
188 const PolicyNamespace chrome_ns(POLICY_DOMAIN_CHROME, "");
189 for (const ConfigurationPolicyProvider* provider : policy_providers_) {
190 if (provider->policies().Get(chrome_ns).Get(name))
191 return provider;
193 return nullptr;
196 } // namespace policy