chrome/browser/chromeos/policy/component_active_directory_policy_service.h - chromium/src - Git at Google

 // Copyright 2018 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_COMPONENT_ACTIVE_DIRECTORY_POLICY_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_COMPONENT_ACTIVE_DIRECTORY_POLICY_SERVICE_H_

 #include <memory>
 #include <string>
 #include <vector>

 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/weak_ptr.h"
 #include "base/sequence_checker.h"
 #include "chrome/browser/chromeos/policy/component_active_directory_policy_retriever.h"
 #include "components/policy/core/common/policy_namespace.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/core/common/schema_registry.h"

 namespace policy {

 class PolicyBundle;

 // Manages Active Directory policy for components (currently used for policy for
 // extensions)
 class ComponentActiveDirectoryPolicyService : public SchemaRegistry::Observer {
  public:
   class Delegate {
    public:
     virtual ~Delegate();

     virtual void OnComponentActiveDirectoryPolicyUpdated() = 0;
   };

   // |scope| specifies whether the component policy is fetched along with user
   // or device policy.
   //
   // |domain| specifies the domain for which policy is loaded. Must be
   // POLICY_DOMAIN_EXTENSIONS or POLICY_DOMAIN_SIGNIN_EXTENSIONS.
   //
   // |account_type| and |account_id| specify the Session Manager store from
   // which policy is retrieved. |account_id| must be the user's cryptohome id
   // for ACCOUNT_TYPE_USER and empty for ACCOUNT_TYPE_DEVICE. Not suppored yet
   // are ACCOUNT_TYPE_SESSIONLESS_USER and ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT.
   //
   // Usually, |scope|, |domain|, |account_type| and |account_id| are coupled:
   // For user-level policy, use:
   //   POLICY_SCOPE_USER,
   //   POLICY_DOMAIN_EXTENSIONS,
   //   ACCOUNT_TYPE_USER,
   //   <user's cryptohome id>
   // For device-level policy, use:
   //   POLICY_SCOPE_DEVICE
   //   POLICY_DOMAIN_SIGNIN_EXTENSIONS
   //   ACCOUNT_TYPE_DEVICE
   //   <empty string>
   //
   // |delegate| is the object that gets notified when new policy is available.
   //
   // |schema_registry| contains the schemas used to validate extension policy.
   ComponentActiveDirectoryPolicyService(
       PolicyScope scope,
       PolicyDomain domain,
       login_manager::PolicyAccountType account_type,
       const std::string& account_id,
       Delegate* delegate,
       SchemaRegistry* schema_registry);
   ~ComponentActiveDirectoryPolicyService() override;

   // Retrieves policies from Session Manager, validates schemas and signals
   // OnComponentActiveDirectoryPolicyUpdated() in the |delegate_|. Does not
   // cancel in-flight retrieval request, but schedules a new retrieval request
   // when the current one finishes.
   void RetrievePolicies();

   // Returns the current policies for components or nullptr if the policies have
   // not been loaded yet.
   PolicyBundle* policy() const { return policy_.get(); }

  private:
   // SchemaRegistry::Observer implementation:
   void OnSchemaRegistryReady() override;
   void OnSchemaRegistryUpdated(bool has_new_schemas) override;

   // Called when the schema registry changed.
   void UpdateFromSchemaRegistry();

   // Called when policies have been retrieved from SessionManager. Parses the
   // JSON policy strings and calls FilterAndInstallPolicy().
   void OnPolicyRetrieved(
       std::vector<ComponentActiveDirectoryPolicyRetriever::RetrieveResult>
           results);

   // Does a schema validation of |policy| using |current_schema_map_|, then
   // sends the policy off to |delegate_|, where it's installed.
   void FilterAndInstallPolicy(std::unique_ptr<PolicyBundle> policy);

   // Constructor parameters.
   const PolicyScope scope_;
   const PolicyDomain domain_;
   const login_manager::PolicyAccountType account_type_;
   const std::string account_id_;
   Delegate* const delegate_;
   SchemaRegistry* const schema_registry_;

   // Schema map from the |schema_registry_|. Set as soon as the registry is
   // ready.
   scoped_refptr<SchemaMap> current_schema_map_;

   // Contains component policy for all namespaces in |domain_| that have a
   // registered schema. Set by RefreshPolicies() if the schema registry is
   // ready.
   std::unique_ptr<PolicyBundle> policy_;

   // Tracks policy retrieval requests to Session Manager.
   std::unique_ptr<ComponentActiveDirectoryPolicyRetriever> policy_retriever_;

   // If RetrievePolicies() is called while a requests is in-flight, the request
   // is deferred until the current one finishes. This flag keeps track of that.
   bool should_retrieve_again_ = false;

   SEQUENCE_CHECKER(sequence_checker_);

   base::WeakPtrFactory<ComponentActiveDirectoryPolicyService> weak_ptr_factory_;
   DISALLOW_COPY_AND_ASSIGN(ComponentActiveDirectoryPolicyService);
 };

 }  // namespace policy

 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_COMPONENT_ACTIVE_DIRECTORY_POLICY_SERVICE_H_
	// Copyright 2018 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_CHROMEOS_POLICY_COMPONENT_ACTIVE_DIRECTORY_POLICY_SERVICE_H_
	#define CHROME_BROWSER_CHROMEOS_POLICY_COMPONENT_ACTIVE_DIRECTORY_POLICY_SERVICE_H_

	#include <memory>
	#include <string>
	#include <vector>

	#include "base/macros.h"
	#include "base/memory/ref_counted.h"
	#include "base/memory/weak_ptr.h"
	#include "base/sequence_checker.h"
	#include "chrome/browser/chromeos/policy/component_active_directory_policy_retriever.h"
	#include "components/policy/core/common/policy_namespace.h"
	#include "components/policy/core/common/policy_types.h"
	#include "components/policy/core/common/schema_registry.h"

	namespace policy {

	class PolicyBundle;

	// Manages Active Directory policy for components (currently used for policy for
	// extensions)
	class ComponentActiveDirectoryPolicyService : public SchemaRegistry::Observer {
	public:
	class Delegate {
	public:
	virtual ~Delegate();

	virtual void OnComponentActiveDirectoryPolicyUpdated() = 0;
	};

	// \|scope\| specifies whether the component policy is fetched along with user
	// or device policy.
	//
	// \|domain\| specifies the domain for which policy is loaded. Must be
	// POLICY_DOMAIN_EXTENSIONS or POLICY_DOMAIN_SIGNIN_EXTENSIONS.
	//
	// \|account_type\| and \|account_id\| specify the Session Manager store from
	// which policy is retrieved. \|account_id\| must be the user's cryptohome id
	// for ACCOUNT_TYPE_USER and empty for ACCOUNT_TYPE_DEVICE. Not suppored yet
	// are ACCOUNT_TYPE_SESSIONLESS_USER and ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT.
	//
	// Usually, \|scope\|, \|domain\|, \|account_type\| and \|account_id\| are coupled:
	// For user-level policy, use:
	// POLICY_SCOPE_USER,
	// POLICY_DOMAIN_EXTENSIONS,
	// ACCOUNT_TYPE_USER,
	// <user's cryptohome id>
	// For device-level policy, use:
	// POLICY_SCOPE_DEVICE
	// POLICY_DOMAIN_SIGNIN_EXTENSIONS
	// ACCOUNT_TYPE_DEVICE
	// <empty string>
	//
	// \|delegate\| is the object that gets notified when new policy is available.
	//
	// \|schema_registry\| contains the schemas used to validate extension policy.
	ComponentActiveDirectoryPolicyService(
	PolicyScope scope,
	PolicyDomain domain,
	login_manager::PolicyAccountType account_type,
	const std::string& account_id,
	Delegate* delegate,
	SchemaRegistry* schema_registry);
	~ComponentActiveDirectoryPolicyService() override;

	// Retrieves policies from Session Manager, validates schemas and signals
	// OnComponentActiveDirectoryPolicyUpdated() in the \|delegate_\|. Does not
	// cancel in-flight retrieval request, but schedules a new retrieval request
	// when the current one finishes.
	void RetrievePolicies();

	// Returns the current policies for components or nullptr if the policies have
	// not been loaded yet.
	PolicyBundle* policy() const { return policy_.get(); }

	private:
	// SchemaRegistry::Observer implementation:
	void OnSchemaRegistryReady() override;
	void OnSchemaRegistryUpdated(bool has_new_schemas) override;

	// Called when the schema registry changed.
	void UpdateFromSchemaRegistry();

	// Called when policies have been retrieved from SessionManager. Parses the
	// JSON policy strings and calls FilterAndInstallPolicy().
	void OnPolicyRetrieved(
	std::vector<ComponentActiveDirectoryPolicyRetriever::RetrieveResult>
	results);

	// Does a schema validation of \|policy\| using \|current_schema_map_\|, then
	// sends the policy off to \|delegate_\|, where it's installed.
	void FilterAndInstallPolicy(std::unique_ptr<PolicyBundle> policy);

	// Constructor parameters.
	const PolicyScope scope_;
	const PolicyDomain domain_;
	const login_manager::PolicyAccountType account_type_;
	const std::string account_id_;
	Delegate* const delegate_;
	SchemaRegistry* const schema_registry_;

	// Schema map from the \|schema_registry_\|. Set as soon as the registry is
	// ready.
	scoped_refptr<SchemaMap> current_schema_map_;

	// Contains component policy for all namespaces in \|domain_\| that have a
	// registered schema. Set by RefreshPolicies() if the schema registry is
	// ready.
	std::unique_ptr<PolicyBundle> policy_;

	// Tracks policy retrieval requests to Session Manager.
	std::unique_ptr<ComponentActiveDirectoryPolicyRetriever> policy_retriever_;

	// If RetrievePolicies() is called while a requests is in-flight, the request
	// is deferred until the current one finishes. This flag keeps track of that.
	bool should_retrieve_again_ = false;

	SEQUENCE_CHECKER(sequence_checker_);

	base::WeakPtrFactory<ComponentActiveDirectoryPolicyService> weak_ptr_factory_;
	DISALLOW_COPY_AND_ASSIGN(ComponentActiveDirectoryPolicyService);
	};

	} // namespace policy

	#endif // CHROME_BROWSER_CHROMEOS_POLICY_COMPONENT_ACTIVE_DIRECTORY_POLICY_SERVICE_H_