1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef REMOTING_HOST_POLICY_WATCHER_H_
6 #define REMOTING_HOST_POLICY_WATCHER_H_
7 
8 #include <memory>
9 
10 #include "base/callback.h"
11 #include "base/macros.h"
12 #include "base/memory/ref_counted.h"
13 #include "base/sequence_checker.h"
14 #include "components/policy/core/common/policy_service.h"
15 
16 namespace base {
17 class DictionaryValue;
18 class SingleThreadTaskRunner;
19 }  // namespace base
20 
21 namespace policy {
22 class AsyncPolicyLoader;
23 class ConfigurationPolicyProvider;
24 class Schema;
25 class SchemaRegistry;
26 }  // namespace policy
27 
28 namespace remoting {
29 
30 // Watches for changes to the managed remote access host policies.
31 class PolicyWatcher : public policy::PolicyService::Observer {
32  public:
33   // Called first with all policies, and subsequently with any changed policies.
34   typedef base::RepeatingCallback<void(std::unique_ptr<base::DictionaryValue>)>
35       PolicyUpdatedCallback;
36 
37   // Called after detecting malformed policies.
38   typedef base::RepeatingCallback<void()> PolicyErrorCallback;
39 
40   ~PolicyWatcher() override;
41 
42   // This guarantees that the |policy_updated_callback| is called at least once
43   // with the current policies.  After that, |policy_updated_callback| will be
44   // called whenever a change to any policy is detected. It will then be called
45   // only with the changed policies.
46   //
47   // |policy_error_callback| will be called when malformed policies are detected
48   // (i.e. wrong type of policy value, or unparseable files under
49   // /etc/opt/chrome/policies/managed).
50   // When called, the |policy_error_callback| is responsible for mitigating the
51   // security risk of running with incorrectly formulated policies (by either
52   // shutting down or locking down the host).
53   // After calling |policy_error_callback| PolicyWatcher will continue watching
54   // for policy changes and will call |policy_updated_callback| when the error
55   // is recovered from and may call |policy_error_callback| when new errors are
56   // found.
57   virtual void StartWatching(
58       const PolicyUpdatedCallback& policy_updated_callback,
59       const PolicyErrorCallback& policy_error_callback);
60 
61   // Return the current policies. If the policies have not yet been read, or if
62   // an error occurred, the returned dictionary will be empty.
63   std::unique_ptr<base::DictionaryValue> GetCurrentPolicies();
64 
65   // Return the default policies.
66   static std::unique_ptr<base::DictionaryValue> GetDefaultPolicies();
67 
68   // Specify a |policy_service| to borrow (on Chrome OS, from the browser
69   // process). PolicyWatcher must be used on the thread on which it is created.
70   // |policy_service| is called on the same thread.
71   //
72   // When |policy_service| is specified then BrowserThread::UI is used for
73   // PolicyUpdatedCallback and PolicyErrorCallback.
74   static std::unique_ptr<PolicyWatcher> CreateWithPolicyService(
75       policy::PolicyService* policy_service);
76 
77   // Construct and a new PolicyService for non-ChromeOS platforms.
78   // PolicyWatcher must be used on the thread on which it is created.
79   //
80   // |file_task_runner| is used for reading the policy from files / registry /
81   // preferences (which are blocking operations). |file_task_runner| should be
82   // of TYPE_IO type.
83   static std::unique_ptr<PolicyWatcher> CreateWithTaskRunner(
84       const scoped_refptr<base::SingleThreadTaskRunner>& file_task_runner);
85 
86   // Creates a PolicyWatcher from the given loader instead of loading the policy
87   // from the default location.
88   //
89   // This can be used with FakeAsyncPolicyLoader to test policy handling of
90   // other components.
91   static std::unique_ptr<PolicyWatcher> CreateFromPolicyLoaderForTesting(
92       std::unique_ptr<policy::AsyncPolicyLoader> async_policy_loader);
93 
94  private:
95   friend class PolicyWatcherTest;
96 
97   // Gets Chromoting schema stored inside |owned_schema_registry_|.
98   const policy::Schema* GetPolicySchema() const;
99 
100   // Normalizes policies using Schema::Normalize and converts deprecated
101   // policies.
102   //
103   // - Returns false if |dict| is invalid (i.e. contains mistyped policy
104   // values).
105   // - Returns true if |dict| was valid or got normalized.
106   bool NormalizePolicies(base::DictionaryValue* dict);
107 
108   // Converts each deprecated policy to its replacement if and only if the
109   // replacement policy is not set, and removes deprecated policied from dict.
110   void HandleDeprecatedPolicies(base::DictionaryValue* dict);
111 
112   // Stores |new_policies| into |old_policies_|.  Returns dictionary with items
113   // from |new_policies| that are different from the old |old_policies_|.
114   std::unique_ptr<base::DictionaryValue> StoreNewAndReturnChangedPolicies(
115       std::unique_ptr<base::DictionaryValue> new_policies);
116 
117   // Signals policy error to the registered |PolicyErrorCallback|.
118   void SignalPolicyError();
119 
120   // |policy_service_task_runner| is the task runner where it is safe
121   // to call |policy_service_| methods and where we expect to get callbacks
122   // from |policy_service_|.
123   PolicyWatcher(policy::PolicyService* policy_service,
124                 std::unique_ptr<policy::PolicyService> owned_policy_service,
125                 std::unique_ptr<policy::ConfigurationPolicyProvider>
126                     owned_policy_provider,
127                 std::unique_ptr<policy::SchemaRegistry> owned_schema_registry);
128 
129   // Creates PolicyWatcher that wraps the owned |async_policy_loader| with an
130   // appropriate PolicySchema.
131   //
132   // |policy_service_task_runner| is passed through to the constructor of
133   // PolicyWatcher.
134   static std::unique_ptr<PolicyWatcher> CreateFromPolicyLoader(
135       std::unique_ptr<policy::AsyncPolicyLoader> async_policy_loader);
136 
137   // PolicyService::Observer interface.
138   void OnPolicyUpdated(const policy::PolicyNamespace& ns,
139                        const policy::PolicyMap& previous,
140                        const policy::PolicyMap& current) override;
141   void OnPolicyServiceInitialized(policy::PolicyDomain domain) override;
142 
143   PolicyUpdatedCallback policy_updated_callback_;
144   PolicyErrorCallback policy_error_callback_;
145 
146   std::unique_ptr<base::DictionaryValue> old_policies_;
147   std::unique_ptr<base::DictionaryValue> default_values_;
148 
149   policy::PolicyService* policy_service_;
150 
151   // Order of fields below is important to ensure destruction takes object
152   // dependencies into account:
153   // - |owned_policy_service_| uses |owned_policy_provider_|
154   // - |owned_policy_provider_| uses |owned_schema_registry_|
155   std::unique_ptr<policy::SchemaRegistry> owned_schema_registry_;
156   std::unique_ptr<policy::ConfigurationPolicyProvider> owned_policy_provider_;
157   std::unique_ptr<policy::PolicyService> owned_policy_service_;
158 
159   SEQUENCE_CHECKER(sequence_checker_);
160 
161   DISALLOW_COPY_AND_ASSIGN(PolicyWatcher);
162 };
163 
164 }  // namespace remoting
165 
166 #endif  // REMOTING_HOST_POLICY_WATCHER_H_
167