1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 7 8 #include <memory> 9 #include <string> 10 #include <vector> 11 12 #include "base/callback_forward.h" 13 #include "base/compiler_specific.h" 14 #include "base/macros.h" 15 #include "base/memory/ref_counted.h" 16 #include "base/observer_list.h" 17 #include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_scheduler.h" 18 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" 19 #include "components/policy/core/common/cloud/cloud_policy_client.h" 20 #include "components/policy/core/common/cloud/cloud_policy_manager.h" 21 22 namespace base { 23 class SequencedTaskRunner; 24 } 25 26 namespace chromeos { 27 28 class InstallAttributes; 29 30 namespace attestation { 31 32 class AttestationPolicyObserver; 33 class EnrollmentPolicyObserver; 34 class EnrollmentCertificateUploader; 35 class MachineCertificateUploader; 36 37 } // namespace attestation 38 } // namespace chromeos 39 40 class PrefRegistrySimple; 41 class PrefService; 42 43 namespace policy { 44 45 class DeviceCloudPolicyStoreChromeOS; 46 class ForwardingSchemaRegistry; 47 class HeartbeatScheduler; 48 class SchemaRegistry; 49 class StatusUploader; 50 class SystemLogUploader; 51 class LookupKeyUploader; 52 53 enum class ZeroTouchEnrollmentMode { DISABLED, ENABLED, FORCED, HANDS_OFF }; 54 55 // CloudPolicyManager specialization for device policy on Chrome OS. 56 class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager { 57 public: 58 class Observer { 59 public: 60 // Invoked when the device cloud policy manager connects. 61 virtual void OnDeviceCloudPolicyManagerConnected() = 0; 62 // Invoked when the device cloud policy manager disconnects. 63 virtual void OnDeviceCloudPolicyManagerDisconnected() = 0; 64 }; 65 66 using UnregisterCallback = base::Callback<void(bool)>; 67 68 // |task_runner| is the runner for policy refresh, heartbeat, and status 69 // upload tasks. 70 DeviceCloudPolicyManagerChromeOS( 71 std::unique_ptr<DeviceCloudPolicyStoreChromeOS> store, 72 std::unique_ptr<CloudExternalDataManager> external_data_manager, 73 const scoped_refptr<base::SequencedTaskRunner>& task_runner, 74 ServerBackedStateKeysBroker* state_keys_broker); 75 ~DeviceCloudPolicyManagerChromeOS() override; 76 77 // Initializes state keys. 78 void Initialize(PrefService* local_state); 79 80 void AddDeviceCloudPolicyManagerObserver(Observer* observer); 81 void RemoveDeviceCloudPolicyManagerObserver(Observer* observer); 82 83 // CloudPolicyManager: 84 void Shutdown() override; 85 86 // Pref registration helper. 87 static void RegisterPrefs(PrefRegistrySimple* registry); 88 89 // Returns the mode for using zero-touch enrollment. 90 static ZeroTouchEnrollmentMode GetZeroTouchEnrollmentMode(); 91 92 // Returns the robot 'email address' associated with the device robot 93 // account (sometimes called a service account) associated with this device 94 // during enterprise enrollment. 95 std::string GetRobotAccountId(); 96 97 // Starts the connection via |client_to_connect|. 98 void StartConnection(std::unique_ptr<CloudPolicyClient> client_to_connect, 99 chromeos::InstallAttributes* install_attributes); 100 101 // Sends the unregister request. |callback| is invoked with a boolean 102 // parameter indicating the result when done. 103 virtual void Unregister(const UnregisterCallback& callback); 104 105 // Disconnects the manager. 106 virtual void Disconnect(); 107 device_store()108 DeviceCloudPolicyStoreChromeOS* device_store() { 109 return device_store_.get(); 110 } 111 112 // Return the StatusUploader used to communicate device status to the 113 // policy server. GetStatusUploader()114 StatusUploader* GetStatusUploader() const { return status_uploader_.get(); } 115 116 // Return the SystemLogUploader used to upload device logs to the policy 117 // server. GetSystemLogUploader()118 SystemLogUploader* GetSystemLogUploader() const { 119 return syslog_uploader_.get(); 120 } 121 122 // Passes the pointer to the schema registry that corresponds to the signin 123 // profile. 124 // 125 // After this method is called, the component cloud policy manager becomes 126 // associated with this schema registry. 127 void SetSigninProfileSchemaRegistry(SchemaRegistry* schema_registry); 128 129 // Sets whether the component cloud policy should be disabled (by skipping 130 // the component cloud policy service creation). set_component_policy_disabled_for_testing(bool component_policy_disabled_for_testing)131 void set_component_policy_disabled_for_testing( 132 bool component_policy_disabled_for_testing) { 133 component_policy_disabled_for_testing_ = 134 component_policy_disabled_for_testing; 135 } 136 137 // Return a pointer to the enrollment certificate uploader. The callers do 138 // not take ownership of that pointer. 139 chromeos::attestation::EnrollmentCertificateUploader* GetEnrollmentCertificateUploader()140 GetEnrollmentCertificateUploader() { 141 return enrollment_certificate_uploader_.get(); 142 } 143 144 // Return a pointer to the machine certificate uploader. The callers do 145 // not take ownership of that pointer. 146 chromeos::attestation::MachineCertificateUploader* GetMachineCertificateUploader()147 GetMachineCertificateUploader() { 148 return machine_certificate_uploader_.get(); 149 } 150 151 private: 152 // Saves the state keys received from |session_manager_client_|. 153 void OnStateKeysUpdated(); 154 155 void NotifyConnected(); 156 void NotifyDisconnected(); 157 158 // Factory function to create the StatusUploader. 159 void CreateStatusUploader(); 160 161 // Points to the same object as the base CloudPolicyManager::store(), but with 162 // actual device policy specific type. 163 std::unique_ptr<DeviceCloudPolicyStoreChromeOS> device_store_; 164 165 // Manages external data referenced by device policies. 166 std::unique_ptr<CloudExternalDataManager> external_data_manager_; 167 168 ServerBackedStateKeysBroker* state_keys_broker_; 169 170 // Helper object that handles updating the server with our current device 171 // state. 172 std::unique_ptr<StatusUploader> status_uploader_; 173 174 // Helper object that handles uploading system logs to the server. 175 std::unique_ptr<SystemLogUploader> syslog_uploader_; 176 177 // Helper object that handles sending heartbeats over the GCM channel to 178 // the server, to monitor connectivity. 179 std::unique_ptr<HeartbeatScheduler> heartbeat_scheduler_; 180 181 // The TaskRunner used to do device status and log uploads. 182 scoped_refptr<base::SequencedTaskRunner> task_runner_; 183 184 ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_; 185 186 // PrefService instance to read the policy refresh rate from. 187 PrefService* local_state_; 188 189 std::unique_ptr<chromeos::attestation::EnrollmentCertificateUploader> 190 enrollment_certificate_uploader_; 191 std::unique_ptr<chromeos::attestation::EnrollmentPolicyObserver> 192 enrollment_policy_observer_; 193 std::unique_ptr<chromeos::attestation::MachineCertificateUploader> 194 machine_certificate_uploader_; 195 std::unique_ptr<chromeos::attestation::AttestationPolicyObserver> 196 attestation_policy_observer_; 197 198 // Uploader for remote server unlock related lookup keys. 199 std::unique_ptr<LookupKeyUploader> lookup_key_uploader_; 200 201 // Wrapper schema registry that will track the signin profile schema registry 202 // once it is passed to this class. 203 std::unique_ptr<ForwardingSchemaRegistry> 204 signin_profile_forwarding_schema_registry_; 205 206 // Whether the component cloud policy should be disabled (by skipping the 207 // component cloud policy service creation). 208 bool component_policy_disabled_for_testing_ = false; 209 210 base::ObserverList<Observer, true>::Unchecked observers_; 211 212 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOS); 213 }; 214 215 } // namespace policy 216 217 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 218