1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
|
// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef COMPONENTS_POLICY_CORE_COMMON_MANAGEMENT_MANAGEMENT_SERVICE_H_
#define COMPONENTS_POLICY_CORE_COMMON_MANAGEMENT_MANAGEMENT_SERVICE_H_
#include <memory>
#include <optional>
#include <string>
#include <variant>
#include <vector>
#include "base/containers/flat_map.h"
#include "base/functional/callback.h"
#include "base/observer_list.h"
#include "base/sequence_checker.h"
#include "components/policy/policy_export.h"
#include "components/prefs/persistent_pref_store.h"
// For more imformation about this file please read
// //components/policy/core/common/management/management_service.md
class PrefService;
class PrefRegistrySimple;
namespace gfx {
class Image;
}
namespace ui {
class ImageModel;
}
namespace policy {
class ManagementService;
// These values are persisted to logs. Entries should not be renumbered and
// numeric values should never be reused.
//
// LINT.IfChange(ManagementAuthorityTrustworthiness)
enum class ManagementAuthorityTrustworthiness {
NONE = 0, // No management authority found
LOW = 1, // Local device management authority
TRUSTED = 2, // Non-local management authority
FULLY_TRUSTED = 3, // Cryptographically verifiable policy source e.g. CBCM,
// ChromeOS
kMaxValue = FULLY_TRUSTED
};
// LINT.ThenChange(//tools/metrics/histograms/enums.xml:ManagementAuthorityTrustworthiness)
enum EnterpriseManagementAuthority : int {
NONE = 0,
COMPUTER_LOCAL =
1 << 0, // local GPO or registry, /etc files, local root profile
DOMAIN_LOCAL = 1 << 1, // AD joined, puppet
CLOUD = 1 << 2, // MDM, GSuite user
CLOUD_DOMAIN = 1 << 3 // Azure AD, CBCM, CrosEnrolled
};
using CacheRefreshCallback =
base::OnceCallback<void(ManagementAuthorityTrustworthiness,
ManagementAuthorityTrustworthiness)>;
// Interface to provide management information from a single source on an entity
// to a ManagementService. All implmementations of this interface must be used
// by a ManagementService.
class POLICY_EXPORT ManagementStatusProvider {
public:
ManagementStatusProvider();
// `cache_pref_name` is an optional that is the name of the pref used to store
// the management authority from this provider. If this is empty, the provider
// always returns the up-to-date management authority, otherwise returns the
// value from the prefs.
explicit ManagementStatusProvider(const std::string& cache_pref_name);
virtual ~ManagementStatusProvider();
// Returns a valid authority if the service or component is managed.
// The returned value may be a cached value.
EnterpriseManagementAuthority GetAuthority();
// Returns a valid authority if the service or component is managed.
// This value is never ached and may required blocking I/O to get.
virtual EnterpriseManagementAuthority FetchAuthority() = 0;
bool RequiresCache() const;
void UpdateCache(EnterpriseManagementAuthority authority);
void UsePrefStoreAsCache(scoped_refptr<PersistentPrefStore> pref_store);
virtual void UsePrefServiceAsCache(PrefService* prefs);
protected:
const std::string& cache_pref_name() const { return cache_pref_name_; }
private:
std::variant<PrefService*, scoped_refptr<PersistentPrefStore>> cache_ =
nullptr;
const std::string cache_pref_name_;
};
// Interface to gives information related to an entity's management state.
// This class must be used on the main thread at all times.
class POLICY_EXPORT ManagementService {
public:
// Observers observing updates to the enterprise custom or default work label.
class POLICY_EXPORT Observer : public base::CheckedObserver {
public:
virtual void OnEnterpriseLabelUpdated() {}
virtual void OnEnterpriseLogoUpdatedForBrowser() {}
};
explicit ManagementService(
std::vector<std::unique_ptr<ManagementStatusProvider>> providers);
virtual ~ManagementService();
// Sets `prefs` as a read-write cache.
void UsePrefServiceAsCache(PrefService* prefs);
// Sets `pref_store` as a readonly cache.
// Use only if a PrefService is not yet available.
void UsePrefStoreAsCache(scoped_refptr<PersistentPrefStore> pref_store);
// Refreshes the cached values and call `callback` with the previous and new
// management authority trustworthiness. This function must only be called on
// on an instance of ManagementService that is certain to not be destroyed
// until `callback` is called.
virtual void RefreshCache(CacheRefreshCallback callback);
virtual ui::ImageModel* GetManagementIconForProfile();
virtual gfx::Image* GetManagementIconForBrowser();
// Returns true if `authority` is are actively managed.
bool HasManagementAuthority(EnterpriseManagementAuthority authority);
// Returns the highest trustworthiness of the active management authorities.
ManagementAuthorityTrustworthiness GetManagementAuthorityTrustworthiness();
// Returns whether there is any management authority at all.
bool IsManaged();
// Returns whether the profile is managed because the signed in account is a
// managed account.
bool IsAccountManaged();
// Returns whether the profile is managed because the whole browser is
// managed.
bool IsBrowserManaged();
const std::optional<int>& management_authorities_for_testing() {
return management_authorities_for_testing_;
}
// Add / remove observers.
void AddObserver(Observer* observer);
void RemoveObserver(Observer* observer);
void SetManagementAuthoritiesForTesting(int management_authorities);
void ClearManagementAuthoritiesForTesting();
void SetManagementStatusProviderForTesting(
std::vector<std::unique_ptr<ManagementStatusProvider>> providers);
virtual void TriggerPolicyStatusChangedForTesting() {}
virtual void SetBrowserManagementIconForTesting(
const gfx::Image& management_icon) {}
static void RegisterLocalStatePrefs(PrefRegistrySimple* registry);
protected:
// Sets the management status providers to be used by the service.
void SetManagementStatusProvider(
std::vector<std::unique_ptr<ManagementStatusProvider>> providers);
void AddManagementStatusProvider(
std::unique_ptr<ManagementStatusProvider> provider);
void NotifyEnterpriseLabelUpdated();
void NotifyEnterpriseLogoForBrowserUpdated();
const std::vector<std::unique_ptr<ManagementStatusProvider>>&
management_status_providers() {
return management_status_providers_;
}
private:
// Returns a bitset of with the active `EnterpriseManagementAuthority` on the
// managed entity.
int GetManagementAuthorities();
base::ObserverList<ManagementService::Observer> observers_;
std::optional<int> management_authorities_for_testing_;
std::vector<std::unique_ptr<ManagementStatusProvider>>
management_status_providers_;
SEQUENCE_CHECKER(sequence_checker_);
};
} // namespace policy
#endif // COMPONENTS_POLICY_CORE_COMMON_MANAGEMENT_MANAGEMENT_SERVICE_H_
|
