// Copyright 2016 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <base/memory/ptr_util.h>
#include <brillo/daemons/dbus_daemon.h>
#include <brillo/syslog_logging.h>
#include <install_attributes/libinstallattributes.h>
#include "authpolicy/authpolicy.h"
#include "authpolicy/constants.h"
#include "authpolicy/path_service.h"
#include "authpolicy/platform_helper.h"
namespace {
const char kObjectServicePath[] = "/org/chromium/AuthPolicy/ObjectManager";
const char kAuthPolicydUser[] = "authpolicyd";
const char kAuthPolicydExecUser[] = "authpolicyd-exec";
const int kExitCodeStartupFailure = 175; // This number is hex AF.
} // namespace
namespace authpolicy {
class Daemon : public brillo::DBusServiceDaemon {
explicit Daemon(bool expect_config)
: DBusServiceDaemon(kAuthPolicyServiceName, kObjectServicePath),
expect_config_(expect_config) {}
// Cleans the authpolicy daemon state directory. Returns true if all files
// were cleared.
static bool CleanState() {
PathService path_service;
return AuthPolicy::CleanState(&path_service);
void RegisterDBusObjectsAsync(AsyncEventSequencer* sequencer) override {
sequencer->GetHandler("AuthPolicy.RegisterAsync() failed.", true));
ErrorType error = auth_policy_.Initialize(expect_config_);
if (error != ERROR_NONE) {
LOG(ERROR) << "SambaInterface failed to initialize with error code "
<< error;
void OnShutdown(int* return_code) override {
bool expect_config_;
// Keep this order! auth_policy_ must be last as it depends on the other two.
AuthPolicyMetrics metrics_;
PathService path_service_;
AuthPolicy auth_policy_{&metrics_, &path_service_};
} // namespace authpolicy
int main(int /* argc */, char* /* argv */ []) {
brillo::OpenLog("authpolicyd", true);
// Verify we're running as authpolicyd user.
uid_t authpolicyd_uid = authpolicy::GetUserId(kAuthPolicydUser);
if (authpolicyd_uid != authpolicy::GetEffectiveUserId()) {
LOG(ERROR) << "Failed to verify effective UID (must run as authpolicyd).";
// Make it possible to switch to authpolicyd-exec without caps and drop caps.
uid_t authpolicyd_exec_uid = authpolicy::GetUserId(kAuthPolicydExecUser);
if (!authpolicy::SetSavedUserAndDropCaps(authpolicyd_exec_uid)) {
LOG(ERROR) << "Failed to establish user ids and drop caps.";
// Safety check to ensure that authpolicyd cannot run after the device has
// been locked to a mode other than enterprise_ad. (The lifetime management
// of authpolicyd happens through upstart, this check only serves as a second
// line of defense.)
bool expect_config = false;
InstallAttributesReader install_attributes_reader;
if (install_attributes_reader.IsLocked()) {
const std::string& mode = install_attributes_reader.GetAttribute(
if (mode != InstallAttributesReader::kDeviceModeEnterpriseAD) {
LOG(ERROR) << "OOBE completed but device not in Active Directory "
"management mode. Cleaning state and exiting.";
} else {
LOG(INFO) << "Install attributes locked to Active Directory mode.";
// A configuration file should be present in this case.
expect_config = true;
} else {
LOG(INFO) << "No install attributes found. Cleaning state.";
// Run daemon.
LOG(INFO) << "authpolicyd starting";
authpolicy::Daemon daemon(expect_config);
int res = daemon.Run();
LOG(INFO) << "authpolicyd stopping with exit code " << res;
return res;