1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_ 6 #define CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_ 7 8 #include <memory> 9 #include <string> 10 #include <vector> 11 12 #include "base/memory/weak_ptr.h" 13 #include "build/build_config.h" 14 15 namespace user_manager { 16 class User; 17 } 18 19 namespace policy { 20 #if defined(OS_CHROMEOS) 21 namespace internal { 22 class ProxiedPoliciesPropagatedWatcher; 23 } 24 #endif // defined(OS_CHROMEOS) 25 26 class CloudPolicyStore; 27 class ConfigurationPolicyProvider; 28 class PolicyMigrator; 29 class PolicyService; 30 class PolicyServiceImpl; 31 class SchemaRegistry; 32 class ChromeBrowserPolicyConnector; 33 34 // The ProfilePolicyConnector creates and manages the per-Profile policy 35 // components. Since the ProfilePolicyConnector instance is accessed from 36 // Profile, not from a KeyedServiceFactory anymore, the ProfilePolicyConnector 37 // no longer needs to be a KeyedService. 38 class ProfilePolicyConnector final { 39 public: 40 ProfilePolicyConnector(); 41 ProfilePolicyConnector(const ProfilePolicyConnector&) = delete; 42 ProfilePolicyConnector& operator=(const ProfilePolicyConnector&) = delete; 43 ~ProfilePolicyConnector(); 44 45 // |user| is only used in Chrome OS builds and should be set to nullptr 46 // otherwise. |configuration_policy_provider| and |policy_store| are nullptr 47 // for non-regular users. 48 // If |force_immediate_load| is true, DeviceLocalAccountPolicy is loaded 49 // synchronously. 50 void Init(const user_manager::User* user, 51 SchemaRegistry* schema_registry, 52 ConfigurationPolicyProvider* configuration_policy_provider, 53 const CloudPolicyStore* policy_store, 54 policy::ChromeBrowserPolicyConnector* browser_policy_connector, 55 bool force_immediate_load); 56 57 void InitForTesting(std::unique_ptr<PolicyService> service); 58 void OverrideIsManagedForTesting(bool is_managed); 59 void SetPlatformPolicyProviderForTesting( 60 ConfigurationPolicyProvider* platform_policy_provider_for_testing); 61 62 void Shutdown(); 63 64 // This is never NULL. policy_service()65 PolicyService* policy_service() const { return policy_service_.get(); } 66 67 // Returns true if this Profile is under any kind of policy management. You 68 // must call this method only when the policies system is fully initialized. 69 bool IsManaged() const; 70 71 72 // Returns true if the |policy_key| user policy is currently set via the 73 // |configuration_policy_provider_| and isn't being overridden by a 74 // higher-level provider. 75 bool IsProfilePolicy(const char* policy_key) const; 76 77 #if defined(OS_CHROMEOS) 78 // Triggers the time out handling of waiting for the proxied primary user 79 // policies to propagate. May be only called form tests. 80 void TriggerProxiedPoliciesWaitTimeoutForTesting(); 81 #endif // defined(OS_CHROMEOS) 82 83 private: 84 // Returns the policy store which is actually used. 85 const CloudPolicyStore* GetActualPolicyStore() const; 86 87 // Find the policy provider that provides the |policy_key| policy, if any. In 88 // case of multiple providers sharing the same policy, the one with the 89 // highest priority will be returned. 90 const ConfigurationPolicyProvider* DeterminePolicyProviderForPolicy( 91 const char* policy_key) const; 92 93 // Returns the platform policy provider, which will be used as the highest 94 // priority policy provider in PolicyService created by this 95 // ProfilePolicyConnector. 96 ConfigurationPolicyProvider* GetPlatformProvider( 97 policy::ChromeBrowserPolicyConnector* browser_policy_connector); 98 99 #if defined(OS_CHROMEOS) 100 // On Chrome OS, primary Profile user policies are forwarded to the 101 // device-global PolicyService[1] using a ProxyPolicyProvider. 102 // When that is done, signaling that |policy_service_| is initialized should 103 // be delayed until the policies provided by |user_policy_delegate| have 104 // propagated to the device-wide PolicyService[1]. This is done so that code 105 // that runs early on Profile initialization can rely on the device-wide 106 // PolicyService[1] and local state Preferences[2] respecting the proxied 107 // primary user policies. 108 // 109 // This function starts watching for the propagation to happen by creating a 110 // |ProxiedPoliciesPropagatedWatcher| and creates a PolicyService that 111 // only signals that it is initilalized when the 112 // |proxied_policies_propagated_watcher_| has fired. 113 // 114 // [1] i.e. g_browser_process->policy_service() 115 // [2] i.e. g_browser_process->local_state() 116 std::unique_ptr<PolicyService> CreatePolicyServiceWithInitializationThrottled( 117 const std::vector<ConfigurationPolicyProvider*>& policy_providers, 118 std::vector<std::unique_ptr<PolicyMigrator>> migrators, 119 ConfigurationPolicyProvider* user_policy_delegate); 120 121 // Called when primary user policies that are proxied to the device-wide 122 // PolicyService have propagated. 123 // |policy_service| is passed here because UnthrottleInitialization is 124 // implemented on PolicyServiceImpl, but the |policy_service_| class member is 125 // a PolicyService for testability. 126 void OnProxiedPoliciesPropagated(PolicyServiceImpl* policy_service); 127 128 // Some of the user policy configuration affects browser global state, and 129 // can only come from one Profile. |is_primary_user_| is true if this 130 // connector belongs to the first signed-in Profile, and in that case that 131 // Profile's policy is the one that affects global policy settings in 132 // local state. 133 bool is_primary_user_ = false; 134 135 std::unique_ptr<ConfigurationPolicyProvider> special_user_policy_provider_; 136 137 // If the user associated with the Profile for this ProfilePolicyConnector is 138 // the primary user, the user policies will be proxied into the device-wide 139 // PolicyService. This object allows calling a callback when that is finished 140 // so it is possible to delay signaling that |policy_service_| is initialized 141 // until the policies have been reflected in the device-wide PolicyService. 142 std::unique_ptr<internal::ProxiedPoliciesPropagatedWatcher> 143 proxied_policies_propagated_watcher_; 144 145 #endif // defined(OS_CHROMEOS) 146 147 std::unique_ptr<ConfigurationPolicyProvider> 148 wrapped_platform_policy_provider_; 149 const ConfigurationPolicyProvider* configuration_policy_provider_ = nullptr; 150 const CloudPolicyStore* policy_store_ = nullptr; 151 152 // If this is not nullptr, this provider will be used as (highest priority) 153 // platform policy provider. 154 ConfigurationPolicyProvider* platform_policy_provider_for_testing_ = nullptr; 155 156 // |policy_providers_| contains a list of the policy providers available for 157 // the PolicyService of this connector, in decreasing order of priority. 158 // 159 // Note: All the providers appended to this vector must eventually become 160 // initialized for every policy domain, otherwise some subsystems will never 161 // use the policies exposed by the PolicyService! 162 // The default ConfigurationPolicyProvider::IsInitializationComplete() 163 // result is true, so take care if a provider overrides that. 164 std::vector<ConfigurationPolicyProvider*> policy_providers_; 165 166 std::unique_ptr<PolicyService> policy_service_; 167 std::unique_ptr<bool> is_managed_override_; 168 }; 169 170 } // namespace policy 171 172 #endif // CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_ 173