blob: a79c8deff00f4571bd526a5c4a9a23d0c57283cb [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <string>
#include <vector>
#include "base/callback_forward.h"
#include "base/compiler_specific.h"
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "base/observer_list.h"
#include "chrome/browser/chromeos/cert_provisioning/cert_provisioning_scheduler.h"
#include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
#include "components/policy/core/common/cloud/cloud_policy_client.h"
#include "components/policy/core/common/cloud/cloud_policy_manager.h"
namespace base {
class SequencedTaskRunner;
namespace chromeos {
class InstallAttributes;
namespace attestation {
class AttestationPolicyObserver;
class EnrollmentPolicyObserver;
class EnrollmentCertificateUploader;
class MachineCertificateUploader;
} // namespace attestation
} // namespace chromeos
class PrefRegistrySimple;
class PrefService;
namespace policy {
class DeviceCloudPolicyStoreChromeOS;
class ForwardingSchemaRegistry;
class HeartbeatScheduler;
class SchemaRegistry;
class StatusUploader;
class SystemLogUploader;
class LookupKeyUploader;
enum class ZeroTouchEnrollmentMode { DISABLED, ENABLED, FORCED, HANDS_OFF };
// CloudPolicyManager specialization for device policy on Chrome OS.
class DeviceCloudPolicyManagerChromeOS : public CloudPolicyManager {
class Observer {
// Invoked when the device cloud policy manager connects.
virtual void OnDeviceCloudPolicyManagerConnected() = 0;
// Invoked when the device cloud policy manager disconnects.
virtual void OnDeviceCloudPolicyManagerDisconnected() = 0;
using UnregisterCallback = base::Callback<void(bool)>;
// |task_runner| is the runner for policy refresh, heartbeat, and status
// upload tasks.
std::unique_ptr<DeviceCloudPolicyStoreChromeOS> store,
std::unique_ptr<CloudExternalDataManager> external_data_manager,
const scoped_refptr<base::SequencedTaskRunner>& task_runner,
ServerBackedStateKeysBroker* state_keys_broker);
~DeviceCloudPolicyManagerChromeOS() override;
// Initializes state keys.
void Initialize(PrefService* local_state);
void AddDeviceCloudPolicyManagerObserver(Observer* observer);
void RemoveDeviceCloudPolicyManagerObserver(Observer* observer);
// CloudPolicyManager:
void Shutdown() override;
// Pref registration helper.
static void RegisterPrefs(PrefRegistrySimple* registry);
// Returns the mode for using zero-touch enrollment.
static ZeroTouchEnrollmentMode GetZeroTouchEnrollmentMode();
// Returns the robot 'email address' associated with the device robot
// account (sometimes called a service account) associated with this device
// during enterprise enrollment.
std::string GetRobotAccountId();
// Starts the connection via |client_to_connect|.
void StartConnection(std::unique_ptr<CloudPolicyClient> client_to_connect,
chromeos::InstallAttributes* install_attributes);
// Sends the unregister request. |callback| is invoked with a boolean
// parameter indicating the result when done.
virtual void Unregister(const UnregisterCallback& callback);
// Disconnects the manager.
virtual void Disconnect();
DeviceCloudPolicyStoreChromeOS* device_store() {
return device_store_.get();
// Return the StatusUploader used to communicate device status to the
// policy server.
StatusUploader* GetStatusUploader() const { return status_uploader_.get(); }
// Return the SystemLogUploader used to upload device logs to the policy
// server.
SystemLogUploader* GetSystemLogUploader() const {
return syslog_uploader_.get();
// Passes the pointer to the schema registry that corresponds to the signin
// profile.
// After this method is called, the component cloud policy manager becomes
// associated with this schema registry.
void SetSigninProfileSchemaRegistry(SchemaRegistry* schema_registry);
// Sets whether the component cloud policy should be disabled (by skipping
// the component cloud policy service creation).
void set_component_policy_disabled_for_testing(
bool component_policy_disabled_for_testing) {
component_policy_disabled_for_testing_ =
// Return a pointer to the enrollment certificate uploader. The callers do
// not take ownership of that pointer.
GetEnrollmentCertificateUploader() {
return enrollment_certificate_uploader_.get();
// Return a pointer to the machine certificate uploader. The callers do
// not take ownership of that pointer.
GetMachineCertificateUploader() {
return machine_certificate_uploader_.get();
// Saves the state keys received from |session_manager_client_|.
void OnStateKeysUpdated();
void NotifyConnected();
void NotifyDisconnected();
// Factory function to create the StatusUploader.
void CreateStatusUploader();
// Points to the same object as the base CloudPolicyManager::store(), but with
// actual device policy specific type.
std::unique_ptr<DeviceCloudPolicyStoreChromeOS> device_store_;
// Manages external data referenced by device policies.
std::unique_ptr<CloudExternalDataManager> external_data_manager_;
ServerBackedStateKeysBroker* state_keys_broker_;
// Helper object that handles updating the server with our current device
// state.
std::unique_ptr<StatusUploader> status_uploader_;
// Helper object that handles uploading system logs to the server.
std::unique_ptr<SystemLogUploader> syslog_uploader_;
// Helper object that handles sending heartbeats over the GCM channel to
// the server, to monitor connectivity.
std::unique_ptr<HeartbeatScheduler> heartbeat_scheduler_;
// The TaskRunner used to do device status and log uploads.
scoped_refptr<base::SequencedTaskRunner> task_runner_;
ServerBackedStateKeysBroker::Subscription state_keys_update_subscription_;
// PrefService instance to read the policy refresh rate from.
PrefService* local_state_;
// Uploader for remote server unlock related lookup keys.
std::unique_ptr<LookupKeyUploader> lookup_key_uploader_;
// Wrapper schema registry that will track the signin profile schema registry
// once it is passed to this class.
// Whether the component cloud policy should be disabled (by skipping the
// component cloud policy service creation).
bool component_policy_disabled_for_testing_ = false;
base::ObserverList<Observer, true>::Unchecked observers_;
} // namespace policy