• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_
6 #define CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_
7 
8 #include <map>
9 #include <string>
10 
11 #include "base/basictypes.h"
12 #include "base/callback.h"
13 #include "base/compiler_specific.h"
14 #include "base/files/file_path.h"
15 #include "base/gtest_prod_util.h"
16 #include "base/memory/weak_ptr.h"
17 #include "chromeos/dbus/cryptohome_client.h"
18 #include "chromeos/dbus/dbus_method_call_status.h"
19 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
20 
21 namespace policy {
22 
23 // Brokers access to the enterprise-related installation-time attributes on
24 // ChromeOS.
25 // TODO(zelidrag, mnissler): Rename + move this class - http://crbug.com/249513.
26 class EnterpriseInstallAttributes {
27  public:
28   // Return codes for LockDevice().
29   enum LockResult {
30     LOCK_SUCCESS,
31     LOCK_NOT_READY,
32     LOCK_BACKEND_ERROR,
33     LOCK_WRONG_USER,
34   };
35 
36   // A callback to handle responses of methods returning a LockResult value.
37   typedef base::Callback<void(LockResult lock_result)> LockResultCallback;
38 
39   // Return serialized InstallAttributes of an enterprise-owned configuration.
40   static std::string GetEnterpriseOwnedInstallAttributesBlobForTesting(
41       const std::string& user_name);
42 
43   explicit EnterpriseInstallAttributes(
44       chromeos::CryptohomeClient* cryptohome_client);
45   ~EnterpriseInstallAttributes();
46 
47   // Reads data from the cache file which is created early during the boot
48   // process.  The cache file is used to work around slow cryptohome startup,
49   // which takes a while to register its DBus interface.  See
50   // http://crosbug.com/37367 for background on this.
51   void ReadCacheFile(const base::FilePath& cache_file);
52 
53   // Makes sure the local caches for enterprise-related install attributes are
54   // up-to-date with what cryptohome has. This method checks the readiness of
55   // attributes and read them if ready. Actual read will be performed in
56   // ReadAttributesIfReady().
57   void ReadImmutableAttributes(const base::Closure& callback);
58 
59   // Locks the device to be an enterprise device registered by the given user.
60   // This can also be called after the lock has already been taken, in which
61   // case it checks that the passed user agrees with the locked attribute.
62   // |callback| must not be null and is called with the result.
63   void LockDevice(const std::string& user,
64                   DeviceMode device_mode,
65                   const std::string& device_id,
66                   const LockResultCallback& callback);
67 
68   // Checks whether this is an enterprise device.
69   bool IsEnterpriseDevice();
70 
71   // Checks whether this is a consumer kiosk enabled device.
72   bool IsConsumerKioskDeviceWithAutoLaunch();
73 
74   // Gets the domain this device belongs to or an empty string if the device is
75   // not an enterprise device.
76   std::string GetDomain();
77 
78   // Gets the user that registered the device. Returns an empty string if the
79   // device is not an enterprise device.
80   std::string GetRegistrationUser();
81 
82   // Gets the device id that was generated when the device was registered.
83   // Returns an empty string if the device is not an enterprise device or the
84   // device id was not stored in the lockbox (prior to R19).
85   std::string GetDeviceId();
86 
87   // Gets the mode the device was enrolled to. The return value for devices that
88   // are not locked yet will be DEVICE_MODE_UNKNOWN.
89   DeviceMode GetMode();
90 
91  protected:
92   bool device_locked_;
93   std::string registration_user_;
94   std::string registration_domain_;
95   std::string registration_device_id_;
96   DeviceMode registration_mode_;
97 
98  private:
99   FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest,
100                            DeviceLockedFromOlderVersion);
101   FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest,
102                            ReadCacheFile);
103   FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest,
104                            ReadCacheFileForConsumerKiosk);
105   FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest,
106                            VerifyFakeInstallAttributesCache);
107 
108   // Constants for the possible device modes that can be stored in the lockbox.
109   static const char kConsumerDeviceMode[];
110   static const char kEnterpriseDeviceMode[];
111   static const char kRetailKioskDeviceMode[];
112   static const char kConsumerKioskDeviceMode[];
113   static const char kUnknownDeviceMode[];
114 
115   // Field names in the lockbox.
116   static const char kAttrEnterpriseDeviceId[];
117   static const char kAttrEnterpriseDomain[];
118   static const char kAttrEnterpriseMode[];
119   static const char kAttrEnterpriseOwned[];
120   static const char kAttrEnterpriseUser[];
121   static const char kAttrConsumerKioskEnabled[];
122 
123   // Translates DeviceMode constants to strings used in the lockbox.
124   std::string GetDeviceModeString(DeviceMode mode);
125 
126   // Translates strings used in the lockbox to DeviceMode values.
127   DeviceMode GetDeviceModeFromString(const std::string& mode);
128 
129   // Decodes the install attributes provided in |attr_map|.
130   void DecodeInstallAttributes(
131       const std::map<std::string, std::string>& attr_map);
132 
133   // Helper for ReadImmutableAttributes.
134   void ReadAttributesIfReady(
135       const base::Closure& callback,
136       chromeos::DBusMethodCallStatus call_status,
137       bool result);
138 
139   // Helper for LockDevice(). Handles the result of InstallAttributesIsReady()
140   // and continue processing LockDevice if the result is true.
141   void LockDeviceIfAttributesIsReady(
142       const std::string& user,
143       DeviceMode device_mode,
144       const std::string& device_id,
145       const LockResultCallback& callback,
146       chromeos::DBusMethodCallStatus call_status,
147       bool result);
148 
149   // Confirms the registered user and invoke the callback.
150   void OnReadImmutableAttributes(const std::string& user,
151                                  const LockResultCallback& callback);
152 
153   chromeos::CryptohomeClient* cryptohome_client_;
154 
155   base::WeakPtrFactory<EnterpriseInstallAttributes> weak_ptr_factory_;
156 
157   DISALLOW_COPY_AND_ASSIGN(EnterpriseInstallAttributes);
158 };
159 
160 }  // namespace policy
161 
162 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_
163