Google Git
Sign in
chromium / chromium / src / b5e2e45ccac32440d413e8212e45c03bf6d56830 / . / chrome / browser / chromeos / settings / device_settings_service.cc
blob: 051f3abd9722d915b2c70c86f2731fc26a3c426a [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chromeos/settings/device_settings_service.h"
#include <utility>
#include "base/bind.h"
#include "base/location.h"
#include "base/logging.h"
#include "base/single_thread_task_runner.h"
#include "base/stl_util.h"
#include "base/threading/thread_task_runner_handle.h"
#include "base/time/time.h"
#include "chrome/browser/chromeos/policy/off_hours/device_off_hours_controller.h"
#include "chrome/browser/chromeos/policy/off_hours/off_hours_policy_applier.h"
#include "chrome/browser/chromeos/settings/session_manager_operation.h"
#include "components/ownership/owner_key_util.h"
#include "components/policy/core/common/cloud/cloud_policy_constants.h"
#include "components/policy/proto/chrome_device_policy.pb.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/notification_service.h"
#include "content/public/browser/notification_source.h"
#include "crypto/rsa_private_key.h"
namespace em = enterprise_management;
using ownership::OwnerKeyUtil;
using ownership::PublicKey;
namespace chromeos {
DeviceSettingsService::Observer::~Observer() {}
void DeviceSettingsService::Observer::OwnershipStatusChanged() {}
void DeviceSettingsService::Observer::DeviceSettingsUpdated() {}
void DeviceSettingsService::Observer::OnDeviceSettingsServiceShutdown() {}
static DeviceSettingsService* g_device_settings_service = NULL;
// static
void DeviceSettingsService::Initialize() {
CHECK(!g_device_settings_service);
g_device_settings_service = new DeviceSettingsService();
}
// static
bool DeviceSettingsService::IsInitialized() {
return g_device_settings_service;
}
// static
void DeviceSettingsService::Shutdown() {
DCHECK(g_device_settings_service);
delete g_device_settings_service;
g_device_settings_service = NULL;
}
// static
DeviceSettingsService* DeviceSettingsService::Get() {
CHECK(g_device_settings_service);
return g_device_settings_service;
}
DeviceSettingsService::DeviceSettingsService() {
device_off_hours_controller_ =
base::MakeUnique<policy::off_hours::DeviceOffHoursController>();
}
DeviceSettingsService::~DeviceSettingsService() {
DCHECK(pending_operations_.empty());
for (auto& observer : observers_)
observer.OnDeviceSettingsServiceShutdown();
}
void DeviceSettingsService::SetSessionManager(
SessionManagerClient* session_manager_client,
scoped_refptr<OwnerKeyUtil> owner_key_util) {
DCHECK(session_manager_client);
DCHECK(owner_key_util.get());
DCHECK(!session_manager_client_);
DCHECK(!owner_key_util_.get());
session_manager_client_ = session_manager_client;
owner_key_util_ = owner_key_util;
session_manager_client_->AddObserver(this);
StartNextOperation();
}
void DeviceSettingsService::UnsetSessionManager() {
pending_operations_.clear();
if (session_manager_client_)
session_manager_client_->RemoveObserver(this);
session_manager_client_ = NULL;
owner_key_util_ = NULL;
}
void DeviceSettingsService::SetDeviceMode(policy::DeviceMode device_mode) {
// Device mode can only change once.
DCHECK_EQ(policy::DEVICE_MODE_PENDING, device_mode_);
device_mode_ = device_mode;
if (GetOwnershipStatus() != OWNERSHIP_UNKNOWN) {
RunPendingOwnershipStatusCallbacks();
}
}
scoped_refptr<PublicKey> DeviceSettingsService::GetPublicKey() {
return public_key_;
}
void DeviceSettingsService::SetDeviceOffHoursControllerForTesting(
std::unique_ptr<policy::off_hours::DeviceOffHoursController> controller) {
device_off_hours_controller_ = std::move(controller);
}
void DeviceSettingsService::Load() {
EnqueueLoad(false);
}
void DeviceSettingsService::LoadImmediately() {
bool request_key_load = true;
bool cloud_validations = true;
if (device_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD) {
request_key_load = false;
cloud_validations = false;
}
std::unique_ptr<SessionManagerOperation> operation(new LoadSettingsOperation(
request_key_load, cloud_validations, true /*force_immediate_load*/,
base::Bind(&DeviceSettingsService::HandleCompletedOperation,
weak_factory_.GetWeakPtr(), base::Closure())));
operation->Start(session_manager_client_, owner_key_util_, public_key_);
}
void DeviceSettingsService::Store(
std::unique_ptr<em::PolicyFetchResponse> policy,
const base::Closure& callback) {
// On Active Directory managed devices policy is written only by authpolicyd.
CHECK(device_mode_ != policy::DEVICE_MODE_ENTERPRISE_AD);
Enqueue(linked_ptr<SessionManagerOperation>(new StoreSettingsOperation(
base::Bind(&DeviceSettingsService::HandleCompletedAsyncOperation,
weak_factory_.GetWeakPtr(), callback),
std::move(policy))));
}
DeviceSettingsService::OwnershipStatus
DeviceSettingsService::GetOwnershipStatus() {
if (public_key_.get())
return public_key_->is_loaded() ? OWNERSHIP_TAKEN : OWNERSHIP_NONE;
if (device_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD)
return OWNERSHIP_TAKEN;
return OWNERSHIP_UNKNOWN;
}
void DeviceSettingsService::GetOwnershipStatusAsync(
const OwnershipStatusCallback& callback) {
if (GetOwnershipStatus() != OWNERSHIP_UNKNOWN) {
// Report status immediately.
base::ThreadTaskRunnerHandle::Get()->PostTask(
FROM_HERE, base::Bind(callback, GetOwnershipStatus()));
} else {
// If the key hasn't been loaded yet, enqueue the callback to be fired when
// the next SessionManagerOperation completes. If no operation is pending,
// start a load operation to fetch the key and report the result.
pending_ownership_status_callbacks_.push_back(callback);
if (pending_operations_.empty())
EnqueueLoad(false);
}
}
bool DeviceSettingsService::HasPrivateOwnerKey() {
return owner_settings_service_ && owner_settings_service_->IsOwner();
}
void DeviceSettingsService::InitOwner(
const std::string& username,
const base::WeakPtr<ownership::OwnerSettingsService>&
owner_settings_service) {
// When InitOwner() is called twice with the same |username| it's
// worth to reload settings since owner key may become available.
if (!username_.empty() && username_ != username)
return;
username_ = username;
owner_settings_service_ = owner_settings_service;
// Reset the flag since consumer ownership should be established now.
will_establish_consumer_ownership_ = false;
EnsureReload(true);
}
const std::string& DeviceSettingsService::GetUsername() const {
return username_;
}
ownership::OwnerSettingsService*
DeviceSettingsService::GetOwnerSettingsService() const {
return owner_settings_service_.get();
}
void DeviceSettingsService::MarkWillEstablishConsumerOwnership() {
will_establish_consumer_ownership_ = true;
}
void DeviceSettingsService::AddObserver(Observer* observer) {
observers_.AddObserver(observer);
}
void DeviceSettingsService::RemoveObserver(Observer* observer) {
observers_.RemoveObserver(observer);
}
void DeviceSettingsService::OwnerKeySet(bool success) {
if (!success) {
LOG(ERROR) << "Owner key change failed.";
return;
}
public_key_ = NULL;
if (GetOwnershipStatus() == OWNERSHIP_TAKEN ||
!will_establish_consumer_ownership_) {
EnsureReload(true);
}
}
void DeviceSettingsService::PropertyChangeComplete(bool success) {
if (!success) {
LOG(ERROR) << "Policy update failed.";
return;
}
if (GetOwnershipStatus() == OWNERSHIP_TAKEN ||
!will_establish_consumer_ownership_) {
EnsureReload(false);
}
}
void DeviceSettingsService::Enqueue(
const linked_ptr<SessionManagerOperation>& operation) {
pending_operations_.push_back(operation);
if (pending_operations_.front().get() == operation.get())
StartNextOperation();
}
void DeviceSettingsService::EnqueueLoad(bool request_key_load) {
bool cloud_validations = true;
if (device_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD) {
request_key_load = false;
cloud_validations = false;
}
linked_ptr<SessionManagerOperation> operation(new LoadSettingsOperation(
request_key_load, cloud_validations, false /*force_immediate_load*/,
base::Bind(&DeviceSettingsService::HandleCompletedAsyncOperation,
weak_factory_.GetWeakPtr(), base::Closure())));
Enqueue(operation);
}
void DeviceSettingsService::EnsureReload(bool request_key_load) {
if (!pending_operations_.empty())
pending_operations_.front()->RestartLoad(request_key_load);
else
EnqueueLoad(request_key_load);
}
void DeviceSettingsService::StartNextOperation() {
if (!pending_operations_.empty() && session_manager_client_ &&
owner_key_util_.get()) {
pending_operations_.front()->Start(
session_manager_client_, owner_key_util_, public_key_);
}
}
void DeviceSettingsService::HandleCompletedAsyncOperation(
const base::Closure& callback,
SessionManagerOperation* operation,
Status status) {
DCHECK_EQ(operation, pending_operations_.front().get());
HandleCompletedOperation(callback, operation, status);
// Only remove the pending operation here, so new operations triggered by
// any of the callbacks above are queued up properly.
pending_operations_.pop_front();
StartNextOperation();
}
void DeviceSettingsService::HandleCompletedOperation(
const base::Closure& callback,
SessionManagerOperation* operation,
Status status) {
store_status_ = status;
if (status == STORE_SUCCESS) {
policy_data_ = std::move(operation->policy_data());
device_settings_ = std::move(operation->device_settings());
// Update "OffHours" policy state and apply "OffHours" policy to current
// proto only during "OffHours" mode. When "OffHours" mode begins and ends
// DeviceOffHoursController requests DeviceSettingsService to asynchronously
// reload device policies. (See |DeviceOffHoursController| class
// description)
device_off_hours_controller_->UpdateOffHoursPolicy(*device_settings_);
if (device_off_hours_controller_->is_off_hours_mode()) {
std::unique_ptr<em::ChromeDeviceSettingsProto> off_device_settings =
policy::off_hours::ApplyOffHoursPolicyToProto(*device_settings_);
if (off_device_settings)
device_settings_.swap(off_device_settings);
}
} else if (status != STORE_KEY_UNAVAILABLE) {
LOG(ERROR) << "Session manager operation failed: " << status;
}
public_key_ = scoped_refptr<PublicKey>(operation->public_key());
if (GetOwnershipStatus() != previous_ownership_status_) {
previous_ownership_status_ = GetOwnershipStatus();
NotifyOwnershipStatusChanged();
}
NotifyDeviceSettingsUpdated();
RunPendingOwnershipStatusCallbacks();
// The completion callback happens after the notification so clients can
// filter self-triggered updates.
if (!callback.is_null())
callback.Run();
}
void DeviceSettingsService::NotifyOwnershipStatusChanged() const {
for (auto& observer : observers_)
observer.OwnershipStatusChanged();
}
void DeviceSettingsService::NotifyDeviceSettingsUpdated() const {
for (auto& observer : observers_)
observer.DeviceSettingsUpdated();
}
void DeviceSettingsService::RunPendingOwnershipStatusCallbacks() {
std::vector<OwnershipStatusCallback> callbacks;
callbacks.swap(pending_ownership_status_callbacks_);
for (const auto& callback : callbacks) {
callback.Run(GetOwnershipStatus());
}
}
ScopedTestDeviceSettingsService::ScopedTestDeviceSettingsService() {
DeviceSettingsService::Initialize();
}
ScopedTestDeviceSettingsService::~ScopedTestDeviceSettingsService() {
// Clean pending operations.
DeviceSettingsService::Get()->UnsetSessionManager();
DeviceSettingsService::Shutdown();
}
} // namespace chromeos