1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_
#define CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_
#pragma once
#include <string>
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/policy/cloud_policy_data_store.h"
#include "chrome/browser/policy/configuration_policy_handler.h"
#include "chrome/browser/policy/enterprise_install_attributes.h"
#include "content/public/browser/notification_observer.h"
#include "content/public/browser/notification_registrar.h"
class PrefValueMap;
class TestingBrowserProcess;
class TokenService;
namespace policy {
class CloudPolicyProvider;
class CloudPolicySubsystem;
class ConfigurationPolicyProvider;
class NetworkConfigurationUpdater;
class PolicyErrorMap;
class PolicyMap;
class UserPolicyTokenCache;
// Manages the lifecycle of browser-global policy infrastructure, such as the
// platform policy providers, device- and the user-cloud policy infrastructure.
// TODO(gfeher,mnissler): Factor out device and user specific methods into their
// respective classes.
class BrowserPolicyConnector : public content::NotificationObserver {
public:
// Indicates the type of token passed to SetDeviceCredentials.
enum TokenType {
TOKEN_TYPE_GAIA, // A gaia service token.
TOKEN_TYPE_OAUTH, // An OAuth v2 access token.
};
static BrowserPolicyConnector* Create();
virtual ~BrowserPolicyConnector();
ConfigurationPolicyProvider* GetManagedPlatformProvider() const;
ConfigurationPolicyProvider* GetManagedCloudProvider() const;
ConfigurationPolicyProvider* GetRecommendedPlatformProvider() const;
ConfigurationPolicyProvider* GetRecommendedCloudProvider() const;
// Returns a weak pointer to the CloudPolicySubsystem corresponding to the
// device policy managed by this policy connector, or NULL if no such
// subsystem exists (i.e. when running outside ChromeOS).
CloudPolicySubsystem* device_cloud_policy_subsystem() {
#if defined(OS_CHROMEOS)
return device_cloud_policy_subsystem_.get();
#else
return NULL;
#endif
}
// Returns a weak pointer to the CloudPolicySubsystem corresponding to the
// user policy managed by this policy connector, or NULL if no such
// subsystem exists (i.e. when user cloud policy is not active due to
// unmanaged or not logged in).
CloudPolicySubsystem* user_cloud_policy_subsystem() {
return user_cloud_policy_subsystem_.get();
}
// Triggers registration for device policy.
void RegisterForDevicePolicy(const std::string& owner_email,
const std::string& token,
TokenType token_type);
// Returns true if this device is managed by an enterprise (as opposed to
// a local owner).
bool IsEnterpriseManaged();
// Locks the device to an enterprise domain.
EnterpriseInstallAttributes::LockResult LockDevice(const std::string& user);
// Returns the enterprise domain if device is managed.
std::string GetEnterpriseDomain();
// Reset the device policy machinery. This stops any automatic retry behavior
// and clears the error flags, so potential retries have a chance to succeed.
void ResetDevicePolicy();
// Initiates a policy fetch after a successful device registration.
void FetchDevicePolicy();
// Initiates a user policy fetch after a successful device registration. This
// is only safe to call when a user device token is available.
void FetchUserPolicy();
// Schedules initialization of the cloud policy backend services, if the
// services are already constructed.
void ScheduleServiceInitialization(int64 delay_milliseconds);
// Initializes the user cloud policy infrastructure.
void InitializeUserPolicy(const std::string& user_name);
// Installs a token service for user policy.
void SetUserPolicyTokenService(TokenService* token_service);
// Registers for user policy (if not already registered), using the passed
// OAuth V2 token for authentication.
void RegisterForUserPolicy(const std::string& oauth_token);
const CloudPolicyDataStore* GetDeviceCloudPolicyDataStore() const;
const CloudPolicyDataStore* GetUserCloudPolicyDataStore() const;
// Translates |policies| to their corresponding preferences in |prefs|.
// Any errors found while processing the policies are stored in |errors|.
// |prefs| or |errors| can be NULL, and won't be filled in that case.
void GetPoliciesAsPreferences(const PolicyMap& policies,
PrefValueMap* prefs,
PolicyErrorMap* errors);
private:
friend class ::TestingBrowserProcess;
BrowserPolicyConnector();
// Constructor for tests that allows tests to use fake platform and cloud
// policy providers instead of using the actual ones.
BrowserPolicyConnector(
ConfigurationPolicyProvider* managed_platform_provider,
ConfigurationPolicyProvider* recommended_platform_provider,
CloudPolicyProvider* managed_cloud_provider,
CloudPolicyProvider* recommended_cloud_provider);
// content::NotificationObserver method overrides:
virtual void Observe(int type,
const content::NotificationSource& source,
const content::NotificationDetails& details) OVERRIDE;
// Initializes the device cloud policy infrasturcture.
void InitializeDevicePolicy();
// Activates the device cloud policy subsystem. This will be posted as a task
// from InitializeDevicePolicy since it needs to wait for the message loops to
// be running.
void InitializeDevicePolicySubsystem();
// Works out the user affiliation by checking the given |user_name| against
// the installation attributes.
policy::CloudPolicyDataStore::UserAffiliation GetUserAffiliation(
const std::string& user_name);
static BrowserPolicyConnector* CreateForTests();
static ConfigurationPolicyProvider* CreateManagedPlatformProvider();
static ConfigurationPolicyProvider* CreateRecommendedPlatformProvider();
scoped_ptr<ConfigurationPolicyProvider> managed_platform_provider_;
scoped_ptr<ConfigurationPolicyProvider> recommended_platform_provider_;
scoped_ptr<CloudPolicyProvider> managed_cloud_provider_;
scoped_ptr<CloudPolicyProvider> recommended_cloud_provider_;
#if defined(OS_CHROMEOS)
scoped_ptr<CloudPolicyDataStore> device_data_store_;
scoped_ptr<CloudPolicySubsystem> device_cloud_policy_subsystem_;
scoped_ptr<EnterpriseInstallAttributes> install_attributes_;
scoped_ptr<NetworkConfigurationUpdater> network_configuration_updater_;
#endif
scoped_ptr<UserPolicyTokenCache> user_policy_token_cache_;
scoped_ptr<CloudPolicyDataStore> user_data_store_;
scoped_ptr<CloudPolicySubsystem> user_cloud_policy_subsystem_;
// Used to initialize the device policy subsystem once the message loops
// are spinning.
base::WeakPtrFactory<BrowserPolicyConnector> weak_ptr_factory_;
// Registers the provider for notification of successful Gaia logins.
content::NotificationRegistrar registrar_;
// Weak reference to the TokenService we are listening to for user cloud
// policy authentication tokens.
TokenService* token_service_;
// List of all available handlers derived from ConfigurationPolicyHandler.
scoped_ptr<ConfigurationPolicyHandler::HandlerList> policy_handlers_;
DISALLOW_COPY_AND_ASSIGN(BrowserPolicyConnector);
};
} // namespace policy
#endif // CHROME_BROWSER_POLICY_BROWSER_POLICY_CONNECTOR_H_
|
