1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_
6 #define CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_
7 
8 #include <memory>
9 #include <string>
10 #include <vector>
11 
12 #include "base/memory/weak_ptr.h"
13 #include "build/build_config.h"
14 
15 namespace user_manager {
16 class User;
17 }
18 
19 namespace policy {
20 #if defined(OS_CHROMEOS)
21 namespace internal {
22 class ProxiedPoliciesPropagatedWatcher;
23 }
24 #endif  // defined(OS_CHROMEOS)
25 
26 class CloudPolicyStore;
27 class ConfigurationPolicyProvider;
28 class PolicyMigrator;
29 class PolicyService;
30 class PolicyServiceImpl;
31 class SchemaRegistry;
32 class ChromeBrowserPolicyConnector;
33 
34 // The ProfilePolicyConnector creates and manages the per-Profile policy
35 // components. Since the ProfilePolicyConnector instance is accessed from
36 // Profile, not from a KeyedServiceFactory anymore, the ProfilePolicyConnector
37 // no longer needs to be a KeyedService.
38 class ProfilePolicyConnector final {
39  public:
40   ProfilePolicyConnector();
41   ProfilePolicyConnector(const ProfilePolicyConnector&) = delete;
42   ProfilePolicyConnector& operator=(const ProfilePolicyConnector&) = delete;
43   ~ProfilePolicyConnector();
44 
45   // |user| is only used in Chrome OS builds and should be set to nullptr
46   // otherwise.  |configuration_policy_provider| and |policy_store| are nullptr
47   // for non-regular users.
48   // If |force_immediate_load| is true, DeviceLocalAccountPolicy is loaded
49   // synchronously.
50   void Init(const user_manager::User* user,
51             SchemaRegistry* schema_registry,
52             ConfigurationPolicyProvider* configuration_policy_provider,
53             const CloudPolicyStore* policy_store,
54             policy::ChromeBrowserPolicyConnector* browser_policy_connector,
55             bool force_immediate_load);
56 
57   void InitForTesting(std::unique_ptr<PolicyService> service);
58   void OverrideIsManagedForTesting(bool is_managed);
59   void SetPlatformPolicyProviderForTesting(
60       ConfigurationPolicyProvider* platform_policy_provider_for_testing);
61 
62   void Shutdown();
63 
64   // This is never NULL.
policy_service()65   PolicyService* policy_service() const { return policy_service_.get(); }
66 
67   // Returns true if this Profile is under any kind of policy management. You
68   // must call this method only when the policies system is fully initialized.
69   bool IsManaged() const;
70 
71 
72   // Returns true if the |policy_key| user policy is currently set via the
73   // |configuration_policy_provider_| and isn't being overridden by a
74   // higher-level provider.
75   bool IsProfilePolicy(const char* policy_key) const;
76 
77 #if defined(OS_CHROMEOS)
78   // Triggers the time out handling of waiting for the proxied primary user
79   // policies to propagate. May be only called form tests.
80   void TriggerProxiedPoliciesWaitTimeoutForTesting();
81 #endif  // defined(OS_CHROMEOS)
82 
83  private:
84   // Returns the policy store which is actually used.
85   const CloudPolicyStore* GetActualPolicyStore() const;
86 
87   // Find the policy provider that provides the |policy_key| policy, if any. In
88   // case of multiple providers sharing the same policy, the one with the
89   // highest priority will be returned.
90   const ConfigurationPolicyProvider* DeterminePolicyProviderForPolicy(
91       const char* policy_key) const;
92 
93   // Returns the platform policy provider, which will be used as the highest
94   // priority policy provider in PolicyService created by this
95   // ProfilePolicyConnector.
96   ConfigurationPolicyProvider* GetPlatformProvider(
97       policy::ChromeBrowserPolicyConnector* browser_policy_connector);
98 
99 #if defined(OS_CHROMEOS)
100   // On Chrome OS, primary Profile user policies are forwarded to the
101   // device-global PolicyService[1] using a ProxyPolicyProvider.
102   // When that is done, signaling that |policy_service_| is initialized should
103   // be delayed until the policies provided by |user_policy_delegate| have
104   // propagated to the device-wide PolicyService[1]. This is done so that code
105   // that runs early on Profile initialization can rely on the device-wide
106   // PolicyService[1] and local state Preferences[2] respecting the proxied
107   // primary user policies.
108   //
109   // This function starts watching for the propagation to happen by creating a
110   // |ProxiedPoliciesPropagatedWatcher| and creates a PolicyService that
111   // only signals that it is initilalized when the
112   // |proxied_policies_propagated_watcher_| has fired.
113   //
114   // [1] i.e. g_browser_process->policy_service()
115   // [2] i.e. g_browser_process->local_state()
116   std::unique_ptr<PolicyService> CreatePolicyServiceWithInitializationThrottled(
117       const std::vector<ConfigurationPolicyProvider*>& policy_providers,
118       std::vector<std::unique_ptr<PolicyMigrator>> migrators,
119       ConfigurationPolicyProvider* user_policy_delegate);
120 
121   // Called when primary user policies that are proxied to the device-wide
122   // PolicyService have propagated.
123   // |policy_service| is passed here because UnthrottleInitialization is
124   // implemented on PolicyServiceImpl, but the |policy_service_| class member is
125   // a PolicyService for testability.
126   void OnProxiedPoliciesPropagated(PolicyServiceImpl* policy_service);
127 
128   // Some of the user policy configuration affects browser global state, and
129   // can only come from one Profile. |is_primary_user_| is true if this
130   // connector belongs to the first signed-in Profile, and in that case that
131   // Profile's policy is the one that affects global policy settings in
132   // local state.
133   bool is_primary_user_ = false;
134 
135   std::unique_ptr<ConfigurationPolicyProvider> special_user_policy_provider_;
136 
137   // If the user associated with the Profile for this ProfilePolicyConnector is
138   // the primary user, the user policies will be proxied into the device-wide
139   // PolicyService. This object allows calling a callback when that is finished
140   // so it is possible to delay signaling that |policy_service_| is initialized
141   // until the policies have been reflected in the device-wide PolicyService.
142   std::unique_ptr<internal::ProxiedPoliciesPropagatedWatcher>
143       proxied_policies_propagated_watcher_;
144 
145 #endif  // defined(OS_CHROMEOS)
146 
147   std::unique_ptr<ConfigurationPolicyProvider>
148       wrapped_platform_policy_provider_;
149   const ConfigurationPolicyProvider* configuration_policy_provider_ = nullptr;
150   const CloudPolicyStore* policy_store_ = nullptr;
151 
152   // If this is not nullptr, this provider will be used as (highest priority)
153   // platform policy provider.
154   ConfigurationPolicyProvider* platform_policy_provider_for_testing_ = nullptr;
155 
156   // |policy_providers_| contains a list of the policy providers available for
157   // the PolicyService of this connector, in decreasing order of priority.
158   //
159   // Note: All the providers appended to this vector must eventually become
160   // initialized for every policy domain, otherwise some subsystems will never
161   // use the policies exposed by the PolicyService!
162   // The default ConfigurationPolicyProvider::IsInitializationComplete()
163   // result is true, so take care if a provider overrides that.
164   std::vector<ConfigurationPolicyProvider*> policy_providers_;
165 
166   std::unique_ptr<PolicyService> policy_service_;
167   std::unique_ptr<bool> is_managed_override_;
168 };
169 
170 }  // namespace policy
171 
172 #endif  // CHROME_BROWSER_POLICY_PROFILE_POLICY_CONNECTOR_H_
173