Policy for the plugin is now governed by policies set for Chrome. This keeps the amount

of policies that admins need to set to a minimum, and it also really only makes sense to
set policy for Chrome as Chromium can be compiled (and modified) by anyone to ignore
policy as they like.

BUG=None
TEST=Set policy for Chrome. See if it applies.

Review URL: http://codereview.chromium.org/7847028

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100228 0039d316-1c4b-4281-b951-d872f2087c98

3 files changed, 11 insertions, 66 deletions

diff --git a/remoting/host/plugin/policy_hack/nat_policy_linux.cc b/remoting/host/plugin/policy_hack/nat_policy_linux.cc
index 8255660..ac1fcd9 100644
--- a/remoting/host/plugin/policy_hack/nat_policy_linux.cc
+++ b/remoting/host/plugin/policy_hack/nat_policy_linux.cc
@@ -32,13 +32,8 @@ namespace policy_hack {
 
 namespace {
 
-#if defined(GOOGLE_CHROME_BUILD)
 const FilePath::CharType kPolicyDir[] =
     FILE_PATH_LITERAL("/etc/opt/chrome/policies/managed");
-#else
-const FilePath::CharType kPolicyDir[] =
-    FILE_PATH_LITERAL("/etc/chromium/policies/managed");
-#endif
 
 // Amount of time we wait for the files on disk to settle before trying to load
 // them. This alleviates the problem of reading partially written files and
diff --git a/remoting/host/plugin/policy_hack/nat_policy_mac.mm b/remoting/host/plugin/policy_hack/nat_policy_mac.mm
index 61b62ed..9fde3f3 100644
--- a/remoting/host/plugin/policy_hack/nat_policy_mac.mm
+++ b/remoting/host/plugin/policy_hack/nat_policy_mac.mm
@@ -13,21 +13,10 @@
 #include "base/sys_string_conversions.h"
 #include "base/values.h"
 
-namespace {
-
-struct BundledAppPolicy {
-  Boolean is_valid;
-  Boolean is_allowed;
-  CFStringRef bundle_id;
-};
-
-}
-
 namespace remoting {
 namespace policy_hack {
 
-// The MacOS version does not watch files (because there is potentially 9
-// files to watch in three different locations) and because it is accepted
+// The MacOS version does not watch files because it is accepted
 // practice on the Mac that the user must logout/login for policies to be
 // applied. This will actually pick up policies every
 // |kFallbackReloadDelayMinutes| which is sufficient for right now.
@@ -50,51 +39,18 @@ class NatPolicyMac : public NatPolicy {
 
   virtual void Reload() OVERRIDE {
     DCHECK(OnPolicyThread());
-
-    // Since policy could be set for any of these browsers, assume the most
-    // restrictive.
-    BundledAppPolicy policies[3] = {
-      { false, true, CFSTR("com.google.Chrome") },
-      { false, true, CFSTR("com.chromium.Chromium") },
-      { false, true, CFSTR("com.google.Chrome.canary") }
-    };
     base::DictionaryValue policy;
-    base::mac::ScopedCFTypeRef<CFStringRef> policy_key(
-      base::SysUTF8ToCFStringRef(kNatPolicyName));
-    bool is_allowed = true;
-    bool is_valid = false;
-    CFStringRef bundle_setting_policy = NULL;
-    for (size_t i = 0; i < arraysize(policies); ++i) {
-      if (CFPreferencesAppSynchronize(policies[i].bundle_id)) {
-        policies[i].is_allowed = CFPreferencesGetAppBooleanValue(
-            policy_key,
-            policies[i].bundle_id,
-            &policies[i].is_valid);
-        if (policies[i].is_valid) {
-          is_allowed &= policies[i].is_allowed;
-          if (!is_allowed && bundle_setting_policy == NULL) {
-            bundle_setting_policy = policies[i].bundle_id;
-          }
-          is_valid = true;
-        }
-      }
-    }
-
-    // Only set policy if a valid policy was found.
-    if (is_valid) {
-      policy.SetBoolean(kNatPolicyName, is_allowed);
 
-      // Log if there is policy conflict.
-      for (size_t i = 0; i < arraysize(policies); ++i) {
-        if (policies[i].is_valid && policies[i].is_allowed != is_allowed) {
-          LOG(WARNING) << base::SysCFStringRefToUTF8(policies[i].bundle_id)
-                       << ":" << kNatPolicyName
-                       << "(" << (policies[i].is_allowed ? "true" : "false")
-                       << ") is being overridden by "
-                       << base::SysCFStringRefToUTF8(bundle_setting_policy)
-                       << ":" << kNatPolicyName
-                       << "(" << (is_allowed ? "true" : "false") << ")";
-        }
+    CFStringRef policy_bundle_id = CFSTR("com.google.Chrome");
+    if (CFPreferencesAppSynchronize(policy_bundle_id)) {
+      base::mac::ScopedCFTypeRef<CFStringRef> policy_key(
+          base::SysUTF8ToCFStringRef(kNatPolicyName));
+      Boolean valid = false;
+      bool allowed = CFPreferencesGetAppBooleanValue(policy_key,
+                                                     policy_bundle_id,
+                                                     &valid);
+      if (valid) {
+        policy.SetBoolean(kNatPolicyName, allowed);
       }
     }
 
diff --git a/remoting/host/plugin/policy_hack/nat_policy_win.cc b/remoting/host/plugin/policy_hack/nat_policy_win.cc
index 60630cd..ac1b789 100644
--- a/remoting/host/plugin/policy_hack/nat_policy_win.cc
+++ b/remoting/host/plugin/policy_hack/nat_policy_win.cc
@@ -34,13 +34,7 @@ namespace policy_hack {
 
 namespace {
 
-#if defined(OS_WIN)
-#if defined(GOOGLE_CHROME_BUILD)
 const wchar_t kRegistrySubKey[] = L"SOFTWARE\\Policies\\Google\\Chrome";
-#else
-const wchar_t kRegistrySubKey[] = L"SOFTWARE\\Policies\\Chromium";
-#endif
-#endif
 
 }  // namespace