1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_STORE_CHROMEOS_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_STORE_CHROMEOS_H_ 7 8 #include <memory> 9 10 #include "base/compiler_specific.h" 11 #include "base/macros.h" 12 #include "base/memory/ref_counted.h" 13 #include "base/memory/weak_ptr.h" 14 #include "chrome/browser/chromeos/policy/device_cloud_policy_validator.h" 15 #include "chrome/browser/chromeos/settings/device_settings_service.h" 16 #include "components/policy/core/common/cloud/cloud_policy_store.h" 17 18 namespace base { 19 class SequencedTaskRunner; 20 } 21 22 namespace chromeos { 23 class InstallAttributes; 24 } 25 26 namespace enterprise_management { 27 class PolicyFetchResponse; 28 } 29 30 namespace policy { 31 32 // CloudPolicyStore implementation for device policy on Chrome OS. Policy is 33 // stored/loaded via D-Bus to/from session_manager. 34 // TODO(tnagel): Either drop "Cloud" from the name or refactor. 35 class DeviceCloudPolicyStoreChromeOS 36 : public CloudPolicyStore, 37 public chromeos::DeviceSettingsService::Observer { 38 public: 39 DeviceCloudPolicyStoreChromeOS( 40 chromeos::DeviceSettingsService* device_settings_service, 41 chromeos::InstallAttributes* install_attributes, 42 scoped_refptr<base::SequencedTaskRunner> background_task_runner); 43 ~DeviceCloudPolicyStoreChromeOS() override; 44 45 // CloudPolicyStore: 46 // Note that Store() must not be called before the store gets initialized (by 47 // means of either Load() or InstallInitialPolicy()). 48 void Store(const enterprise_management::PolicyFetchResponse& policy) override; 49 void Load() override; 50 51 // Installs initial policy. This is different from Store() in that it skips 52 // the signature validation step against already-installed policy. The checks 53 // against installation-time attributes are performed nevertheless. The result 54 // of the operation is reported through the OnStoreLoaded() or OnStoreError() 55 // observer callbacks. 56 void InstallInitialPolicy( 57 const enterprise_management::PolicyFetchResponse& policy); 58 59 // chromeos::DeviceSettingsService::Observer: 60 void DeviceSettingsUpdated() override; 61 void OnDeviceSettingsServiceShutdown() override; 62 63 private: 64 // Create a validator for |policy| with basic device policy configuration and 65 // OnPolicyStored() as the completion callback. 66 std::unique_ptr<DeviceCloudPolicyValidator> CreateValidator( 67 const enterprise_management::PolicyFetchResponse& policy); 68 69 // Called on completion on the policy validation prior to storing policy. 70 // Starts the actual store operation. 71 // |is_initial| is whether the policy store is for the initial installation. 72 void OnPolicyToStoreValidated(bool is_initial, 73 DeviceCloudPolicyValidator* validator); 74 75 // Handles store completion operations updates status. 76 void OnPolicyStored(); 77 78 // Re-syncs policy and status from |device_settings_service_|. 79 void UpdateFromService(); 80 81 // Set |status_| based on device_settings_service_->status(). 82 void UpdateStatusFromService(); 83 84 // For enterprise devices, once per session, validate internal consistency of 85 // enrollment state (DM token must be present on enrolled devices) and in case 86 // of failure set flag to indicate that recovery is required. 87 void CheckDMToken(); 88 89 // Whether DM token check has yet been done. 90 bool dm_token_checked_ = false; 91 92 chromeos::DeviceSettingsService* device_settings_service_; 93 chromeos::InstallAttributes* install_attributes_; 94 95 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; 96 97 base::WeakPtrFactory<DeviceCloudPolicyStoreChromeOS> weak_factory_{this}; 98 99 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyStoreChromeOS); 100 }; 101 102 } // namespace policy 103 104 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_STORE_CHROMEOS_H_ 105