1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 7 8 #include <bitset> 9 #include <string> 10 #include <vector> 11 12 #include "base/basictypes.h" 13 #include "base/callback.h" 14 #include "base/compiler_specific.h" 15 #include "base/memory/ref_counted.h" 16 #include "base/memory/scoped_ptr.h" 17 #include "chrome/browser/chromeos/policy/enrollment_status_chromeos.h" 18 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h" 19 #include "components/policy/core/common/cloud/cloud_policy_client.h" 20 #include "components/policy/core/common/cloud/cloud_policy_manager.h" 21 #include "components/policy/core/common/cloud/cloud_policy_store.h" 22 23 namespace base { 24 class SequencedTaskRunner; 25 } 26 27 namespace chromeos { 28 namespace attestation { 29 class AttestationPolicyObserver; 30 } 31 } 32 33 class PrefRegistrySimple; 34 class PrefService; 35 36 namespace policy { 37 38 class DeviceCloudPolicyStoreChromeOS; 39 class DeviceManagementService; 40 class EnrollmentHandlerChromeOS; 41 class EnterpriseInstallAttributes; 42 43 // CloudPolicyManager specialization for device policy on Chrome OS. The most 44 // significant addition is support for device enrollment. 45 class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager { 46 public: 47 typedef std::bitset<32> AllowedDeviceModes; 48 typedef base::Callback<void(EnrollmentStatus)> EnrollmentCallback; 49 50 // |task_runner| is the runner for policy refresh tasks. 51 // |background_task_runner| is used to execute long-running background tasks 52 // that may involve file I/O. 53 DeviceCloudPolicyManagerChromeOS( 54 scoped_ptr<DeviceCloudPolicyStoreChromeOS> store, 55 const scoped_refptr<base::SequencedTaskRunner>& task_runner, 56 const scoped_refptr<base::SequencedTaskRunner>& background_task_runner, 57 EnterpriseInstallAttributes* install_attributes, 58 ServerBackedStateKeysBroker* state_keys_broker); 59 virtual ~DeviceCloudPolicyManagerChromeOS(); 60 61 // Establishes the connection to the cloud, updating policy as necessary. 62 void Connect( 63 PrefService* local_state, 64 DeviceManagementService* device_management_service, 65 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider); 66 67 // Starts enrollment or re-enrollment. Once the enrollment process completes, 68 // |callback| is invoked and gets passed the status of the operation. 69 // |allowed_modes| specifies acceptable DEVICE_MODE_* constants for 70 // enrollment. 71 void StartEnrollment(const std::string& auth_token, 72 bool is_auto_enrollment, 73 const AllowedDeviceModes& allowed_modes, 74 const EnrollmentCallback& callback); 75 76 // Cancels a pending enrollment operation, if any. 77 void CancelEnrollment(); 78 79 // Gets/Sets the device requisition. 80 std::string GetDeviceRequisition() const; 81 void SetDeviceRequisition(const std::string& requisition); 82 83 // Checks whether enterprise enrollment should be a regular step during OOBE. 84 bool ShouldAutoStartEnrollment() const; 85 86 // Checks whether enterprise enrollment recovery is required. 87 bool ShouldRecoverEnrollment() const; 88 89 // Looks up the domain from |install_attributes_|. 90 std::string GetEnrollmentRecoveryDomain() const; 91 92 // Checks whether the user can cancel enrollment. 93 bool CanExitEnrollment() const; 94 95 // Gets the domain this device is supposed to be enrolled to. 96 std::string GetForcedEnrollmentDomain() const; 97 98 // CloudPolicyManager: 99 virtual void Shutdown() OVERRIDE; 100 101 // CloudPolicyStore::Observer: 102 virtual void OnStoreLoaded(CloudPolicyStore* store) OVERRIDE; 103 104 // Pref registration helper. 105 static void RegisterPrefs(PrefRegistrySimple* registry); 106 107 // Returns the device serial number, or an empty string if not available. 108 static std::string GetMachineID(); 109 110 // Returns the machine model, or an empty string if not available. 111 static std::string GetMachineModel(); 112 113 // Returns the robot 'email address' associated with the device robot 114 // account (sometimes called a service account) associated with this device 115 // during enterprise enrollment. 116 std::string GetRobotAccountId(); 117 118 private: 119 // Creates a new CloudPolicyClient. 120 scoped_ptr<CloudPolicyClient> CreateClient(); 121 122 // Starts policy refreshes if |store_| indicates a managed device and the 123 // necessary dependencies have been provided via Initialize(). 124 void StartIfManaged(); 125 126 // Handles completion signaled by |enrollment_handler_|. 127 void EnrollmentCompleted(const EnrollmentCallback& callback, 128 EnrollmentStatus status); 129 130 // Starts the connection via |client_to_connect|. 131 void StartConnection(scoped_ptr<CloudPolicyClient> client_to_connect); 132 133 // Saves the state keys received from |session_manager_client_|. 134 void OnStateKeysUpdated(); 135 136 // Initializes requisition settings at OOBE with values from VPD. 137 void InitializeRequisition(); 138 139 // Gets the device restore mode as stored in |local_state_|. 140 std::string GetRestoreMode() const; 141 142 // Points to the same object as the base CloudPolicyManager::store(), but with 143 // actual device policy specific type. 144 scoped_ptr<DeviceCloudPolicyStoreChromeOS> device_store_; 145 scoped_refptr<base::SequencedTaskRunner> background_task_runner_; 146 EnterpriseInstallAttributes* install_attributes_; 147 ServerBackedStateKeysBroker* state_keys_broker_; 148 149 ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_; 150 151 DeviceManagementService* device_management_service_; 152 scoped_ptr<CloudPolicyClient::StatusProvider> device_status_provider_; 153 154 // PrefService instance to read the policy refresh rate from. 155 PrefService* local_state_; 156 157 // Non-null if there is an enrollment operation pending. 158 scoped_ptr<EnrollmentHandlerChromeOS> enrollment_handler_; 159 160 scoped_ptr<chromeos::attestation::AttestationPolicyObserver> 161 attestation_policy_observer_; 162 163 DISALLOW_COPY_AND_ASSIGN(DeviceCloudPolicyManagerChromeOS); 164 }; 165 166 } // namespace policy 167 168 #endif // CHROME_BROWSER_CHROMEOS_POLICY_DEVICE_CLOUD_POLICY_MANAGER_CHROMEOS_H_ 169