• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef LIBBRILLO_POLICY_DEVICE_POLICY_H_
6 #define LIBBRILLO_POLICY_DEVICE_POLICY_H_
7 
8 #include <stdint.h>
9 
10 #include <set>
11 #include <string>
12 #include <vector>
13 
14 #include <base/macros.h>
15 
16 #pragma GCC visibility push(default)
17 
18 namespace policy {
19 
20 // This class holds device settings that are to be enforced across all users.
21 // It is also responsible for loading the policy blob from disk and verifying
22 // the signature against the owner's key.
23 //
24 // This class defines the interface for querying device policy on ChromeOS.
25 // The implementation is hidden in DevicePolicyImpl to prevent protobuf
26 // definition from leaking into the libraries using this interface.
27 class DevicePolicy {
28  public:
29   // Identifiers of a USB device or device family.
30   struct UsbDeviceId {
31     // USB Vendor Identifier (aka idVendor).
32     uint16_t vendor_id;
33 
34     // USB Product Identifier (aka idProduct).
35     uint16_t product_id;
36   };
37 
38   DevicePolicy();
39   virtual ~DevicePolicy();
40 
41   // Load the signed policy off of disk into |policy_|.
42   // Returns true unless there is a policy on disk and loading it fails.
43   virtual bool LoadPolicy() = 0;
44 
45   // Writes the value of the DevicePolicyRefreshRate policy in |rate|. Returns
46   // true on success.
47   virtual bool GetPolicyRefreshRate(int* rate) const = 0;
48 
49   // Writes the value of the UserWhitelist policy in |user_whitelist|. Returns
50   // true on success.
51   virtual bool GetUserWhitelist(
52       std::vector<std::string>* user_whitelist) const = 0;
53 
54   // Writes the value of the GuestModeEnabled policy in |guest_mode_enabled|.
55   // Returns true on success.
56   virtual bool GetGuestModeEnabled(bool* guest_mode_enabled) const = 0;
57 
58   // Writes the value of the CameraEnabled policy in |camera_enabled|. Returns
59   // true on success.
60   virtual bool GetCameraEnabled(bool* camera_enabled) const = 0;
61 
62   // Writes the value of the ShowUserNamesOnSignIn policy in |show_user_names|.
63   // Returns true on success.
64   virtual bool GetShowUserNames(bool* show_user_names) const = 0;
65 
66   // Writes the value of the DataRoamingEnabled policy in |data_roaming_enabled|
67   // Returns true on success.
68   virtual bool GetDataRoamingEnabled(bool* data_roaming_enabled) const = 0;
69 
70   // Writes the value of the AllowNewUsers policy in |allow_new_users|. Returns
71   // true on success.
72   virtual bool GetAllowNewUsers(bool* allow_new_users) const = 0;
73 
74   // Writes the value of MetricEnabled policy in |metrics_enabled|. Returns true
75   // on success.
76   virtual bool GetMetricsEnabled(bool* metrics_enabled) const = 0;
77 
78   // Writes the value of ReportVersionInfo policy in |report_version_info|.
79   // Returns true on success.
80   virtual bool GetReportVersionInfo(bool* report_version_info) const = 0;
81 
82   // Writes the value of ReportActivityTimes policy in |report_activity_times|.
83   // Returns true on success.
84   virtual bool GetReportActivityTimes(bool* report_activity_times) const = 0;
85 
86   // Writes the value of ReportBootMode policy in |report_boot_mode|. Returns
87   // true on success.
88   virtual bool GetReportBootMode(bool* report_boot_mode) const = 0;
89 
90   // Writes the value of the EphemeralUsersEnabled policy in
91   // |ephemeral_users_enabled|. Returns true on success.
92   virtual bool GetEphemeralUsersEnabled(
93       bool* ephemeral_users_enabled) const =  0;
94 
95   // Writes the value of the release channel policy in |release_channel|.
96   // Returns true on success.
97   virtual bool GetReleaseChannel(std::string* release_channel) const = 0;
98 
99   // Writes the value of the release_channel_delegated policy in
100   // |release_channel_delegated|. Returns true on success.
101   virtual bool GetReleaseChannelDelegated(
102       bool* release_channel_delegated) const = 0;
103 
104   // Writes the value of the update_disabled policy in |update_disabled|.
105   // Returns true on success.
106   virtual bool GetUpdateDisabled(bool* update_disabled) const = 0;
107 
108   // Writes the value of the target_version_prefix policy in
109   // |target_version_prefix|. Returns true on success.
110   virtual bool GetTargetVersionPrefix(
111       std::string* target_version_prefix) const = 0;
112 
113   // Writes the value of the scatter_factor_in_seconds policy in
114   // |scatter_factor_in_seconds|. Returns true on success.
115   virtual bool GetScatterFactorInSeconds(
116       int64_t* scatter_factor_in_seconds) const = 0;
117 
118   // Writes the connection types on which updates are allowed to
119   // |connection_types|. The identifiers returned are intended to be consistent
120   // with what the connection manager users: ethernet, wifi, wimax, bluetooth,
121   // cellular.
122   virtual bool GetAllowedConnectionTypesForUpdate(
123       std::set<std::string>* connection_types) const = 0;
124 
125   // Writes the value of the OpenNetworkConfiguration policy in
126   // |open_network_configuration|. Returns true on success.
127   virtual bool GetOpenNetworkConfiguration(
128       std::string* open_network_configuration) const = 0;
129 
130   // Writes the name of the device owner in |owner|. For enterprise enrolled
131   // devices, this will be an empty string.
132   // Returns true on success.
133   virtual bool GetOwner(std::string* owner) const = 0;
134 
135   // Write the value of http_downloads_enabled policy in
136   // |http_downloads_enabled|. Returns true on success.
137   virtual bool GetHttpDownloadsEnabled(bool* http_downloads_enabled) const = 0;
138 
139   // Writes the value of au_p2p_enabled policy in
140   // |au_p2p_enabled|. Returns true on success.
141   virtual bool GetAuP2PEnabled(bool* au_p2p_enabled) const = 0;
142 
143   // Writes the value of allow_kiosk_app_control_chrome_version policy in
144   // |allow_kiosk_app_control_chrome_version|. Returns true on success.
145   virtual bool GetAllowKioskAppControlChromeVersion(
146       bool* allow_kiosk_app_control_chrome_version) const = 0;
147 
148   // Writes the value of the UsbDetachableWhitelist policy in |usb_whitelist|.
149   // Returns true on success.
150   virtual bool GetUsbDetachableWhitelist(
151       std::vector<UsbDeviceId>* usb_whitelist) const = 0;
152 
153  private:
154   // Verifies that the policy files are owned by root and exist.
155   virtual bool VerifyPolicyFiles() = 0;
156 
157   // Verifies that the policy signature is correct.
158   virtual bool VerifyPolicySignature() = 0;
159 
160   DISALLOW_COPY_AND_ASSIGN(DevicePolicy);
161 };
162 }  // namespace policy
163 
164 #pragma GCC visibility pop
165 
166 #endif  // LIBBRILLO_POLICY_DEVICE_POLICY_H_
167