1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/ash/policy/remote_commands/screenshot_delegate.h"
#include <string>
#include "base/functional/bind.h"
#include "base/memory/ptr_util.h"
#include "base/syslog_logging.h"
#include "base/task/single_thread_task_runner.h"
#include "chrome/browser/ash/policy/core/browser_policy_connector_ash.h"
#include "chrome/browser/ash/policy/core/device_cloud_policy_manager_ash.h"
#include "chrome/browser/ash/policy/uploading/status_uploader.h"
#include "chrome/browser/ash/policy/uploading/upload_job_impl.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/browser_process_platform_part.h"
#include "chrome/browser/device_identity/device_oauth2_token_service.h"
#include "chrome/browser/device_identity/device_oauth2_token_service_factory.h"
#include "content/public/browser/browser_thread.h"
#include "services/network/public/cpp/shared_url_loader_factory.h"
namespace policy {
ScreenshotDelegate::ScreenshotDelegate() = default;
ScreenshotDelegate::~ScreenshotDelegate() = default;
bool ScreenshotDelegate::IsScreenshotAllowed() {
BrowserPolicyConnectorAsh* connector =
g_browser_process->platform_part()->browser_policy_connector_ash();
DeviceCloudPolicyManagerAsh* manager =
connector->GetDeviceCloudPolicyManager();
// DeviceCloudPolicyManagerAsh and StatusUploader can be null during
// shutdown (and unit tests) - don't allow screenshots unless we have a
// StatusUploader that can confirm that screenshots are allowed.
return manager && manager->GetStatusUploader() &&
manager->GetStatusUploader()->IsScreenshotAllowed();
}
void ScreenshotDelegate::TakeSnapshot(
gfx::NativeWindow window,
const gfx::Rect& source_rect,
OnScreenshotTakenCallback upload_callback) {
ui::GrabWindowSnapshotAsPNG(
window, source_rect,
base::BindOnce(&ScreenshotDelegate::OnScreenshotTaken,
weak_ptr_factory_.GetWeakPtr(),
std::move(upload_callback)));
}
std::unique_ptr<UploadJob> ScreenshotDelegate::CreateUploadJob(
const GURL& upload_url,
UploadJob::Delegate* delegate) {
DeviceOAuth2TokenService* device_oauth2_token_service =
DeviceOAuth2TokenServiceFactory::Get();
CoreAccountId robot_account_id =
device_oauth2_token_service->GetRobotAccountId();
SYSLOG(INFO) << "Creating upload job for screenshot";
net::NetworkTrafficAnnotationTag traffic_annotation =
net::DefineNetworkTrafficAnnotation("remote_command_screenshot", R"(
semantics {
sender: "Chrome OS Remote Commands"
description: "Admins of kiosks are able to request screenshots "
"of the current screen shown on the kiosk, which is uploaded to "
"the device management server."
trigger: "Admin requests remote screenshot on the Admin Console."
data: "Screenshot of the current screen shown on the kiosk."
destination: GOOGLE_OWNED_SERVICE
}
policy {
cookies_allowed: NO
setting: "This feature cannot be disabled in settings, however this "
"request will only happen on explicit admin request and when no "
"user interaction or media capture happened since last reboot."
policy_exception_justification: "Requires explicit admin action."
}
)");
return std::unique_ptr<UploadJob>(new UploadJobImpl(
upload_url, robot_account_id,
device_oauth2_token_service->GetAccessTokenManager(),
g_browser_process->shared_url_loader_factory(), delegate,
base::WrapUnique(new UploadJobImpl::RandomMimeBoundaryGenerator),
traffic_annotation, base::SingleThreadTaskRunner::GetCurrentDefault()));
}
void ScreenshotDelegate::OnScreenshotTaken(
OnScreenshotTakenCallback callback,
scoped_refptr<base::RefCountedMemory> png_data) {
std::move(callback).Run(png_data);
}
} // namespace policy
|
