// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROMEOS_ASH_COMPONENTS_DBUS_SESSION_MANAGER_SESSION_MANAGER_CLIENT_H_
#define CHROMEOS_ASH_COMPONENTS_DBUS_SESSION_MANAGER_SESSION_MANAGER_CLIENT_H_
#include <map>
#include <optional>
#include <string>
#include <vector>
#include "base/component_export.h"
#include "base/functional/callback.h"
#include "base/observer_list.h"
#include "base/time/time.h"
#include "base/types/expected.h"
#include "chromeos/dbus/common/dbus_callback.h"
#include "components/policy/proto/device_management_backend.pb.h"
#include "third_party/cros_system_api/dbus/login_manager/dbus-constants.h"
namespace arc {
class StartArcMiniInstanceRequest;
class UpgradeArcContainerRequest;
} // namespace arc
namespace cryptohome {
class AccountIdentifier;
}
namespace dbus {
class Bus;
}
namespace enterprise_management {
class SignedData;
}
namespace login_manager {
class LoginScreenStorageMetadata;
class PolicyDescriptor;
} // namespace login_manager
namespace ash {
// SessionManagerClient is used to communicate with the session manager.
class COMPONENT_EXPORT(SESSION_MANAGER) SessionManagerClient {
public:
static constexpr base::ObserverListPolicy kObserverListPolicy =
base::ObserverListPolicy::EXISTING_ONLY;
// The result type received from session manager on request to retrieve the
// policy. Used to define the buckets for an enumerated UMA histogram.
// Hence,
// (a) existing enumerated constants should never be deleted or reordered.
// (b) new constants should be inserted immediately before COUNT.
enum class RetrievePolicyResponseType {
// Other type of error while retrieving policy data (e.g. D-Bus timeout).
OTHER_ERROR = 0,
// The policy was retrieved successfully.
SUCCESS = 1,
// Retrieve policy request issued before session started (deprecated, use
// GET_SERVICE_FAIL).
SESSION_DOES_NOT_EXIST_DEPRECATED = 2,
// Session manager failed to encode the policy data.
POLICY_ENCODE_ERROR = 3,
// Session manager failed to get the policy service, possibly because a user
// session hasn't started yet or the account id was invalid.
GET_SERVICE_FAIL = 4,
// Has to be the last value of enumeration. Used for UMA.
COUNT
};
enum class AdbSideloadResponseCode {
// ADB sideload operation has finished successfully.
SUCCESS = 1,
// ADB sideload operation has failed.
FAILED = 2,
// ADB sideload requires a powerwash to unblock (to define nvram).
NEED_POWERWASH = 3,
};
enum class RestartJobReason : uint32_t {
// Restart browser for Guest session.
kGuest = 0,
// Restart browser without user session for headless Chromium.
kUserless = 1,
};
// Error type encountered while retrieving state keys. These values are
// persisted to logs. Entries should not be renumbered and numeric values
// should never be reused.
enum class StateKeyErrorType {
kNoError = 0,
kInvalidResponse = 1,
kCommunicationError = 2,
kMissingIdentifiers = 3,
kMaxValue = kMissingIdentifiers
};
// Interface for observing changes from the session manager.
class Observer {
public:
virtual ~Observer() {}
// Called when the owner key is set.
virtual void OwnerKeySet(bool success) {}
// Called when the property change is complete.
virtual void PropertyChangeComplete(bool success) {}
// Called after EmitLoginPromptVisible is called.
virtual void EmitLoginPromptVisibleCalled() {}
// Called when the ARC instance is stopped after it had already started.
virtual void ArcInstanceStopped(
login_manager::ArcContainerStopReason reason) {}
// Called when screen lock state is updated.
virtual void ScreenLockedStateUpdated() {}
// Called when a powerwash is requested.
virtual void PowerwashRequested(bool admin_requested) {}
// Called when session stopping signal is received
virtual void SessionStopping() {}
};
// Interface for performing actions on behalf of the stub implementation.
class StubDelegate {
public:
virtual ~StubDelegate() {}
// Locks the screen. Invoked by the stub when RequestLockScreen() is called.
// In the real implementation of SessionManagerClient::RequestLockScreen(),
// a lock request is forwarded to the session manager; in the stub, this is
// short-circuited and the screen is locked immediately.
virtual void LockScreenForStub() = 0;
};
// Creates and initializes the global instance. |bus| must not be null.
static void Initialize(dbus::Bus* bus);
// Creates and initializes a fake global instance if not already created.
static void InitializeFake();
// Creates and initializes an InMemory fake global instance for testing.
static void InitializeFakeInMemory();
// Destroys the global instance which must have been initialized.
static void Shutdown();
// Returns the global instance if initialized. May return null.
static SessionManagerClient* Get();
SessionManagerClient(const SessionManagerClient&) = delete;
SessionManagerClient& operator=(const SessionManagerClient&) = delete;
// Sets the delegate used by the stub implementation. Ownership of |delegate|
// remains with the caller.
virtual void SetStubDelegate(StubDelegate* delegate) = 0;
// Adds or removes an observer.
virtual void AddObserver(Observer* observer) = 0;
virtual void RemoveObserver(Observer* observer) = 0;
virtual bool HasObserver(const Observer* observer) const = 0;
// Runs the callback as soon as the service becomes available.
virtual void WaitForServiceToBeAvailable(
chromeos::WaitForServiceToBeAvailableCallback callback) = 0;
// Returns the most recent screen-lock state received from session_manager.
// This method should only be called by low-level code that is unable to
// depend on UI code and get the lock state from it instead.
virtual bool IsScreenLocked() const = 0;
// Kicks off an attempt to emit the "login-prompt-visible" upstart signal.
virtual void EmitLoginPromptVisible() = 0;
// Kicks off an attempt to emit the "ash-initialized" upstart signal.
virtual void EmitAshInitialized() = 0;
// Restarts the browser job, passing |argv| as the updated command line.
// The session manager requires a RestartJob caller to open a socket pair and
// pass one end while holding the local end open for the duration of the call.
// The session manager uses this to determine whether the PID the restart
// request originates from belongs to the browser itself.
// This method duplicates |socket_fd| so it's OK to close the FD without
// waiting for the result.
// |reason| - restart job without user session (for headless chromium)
// or with user session (for guest sessions only).
virtual void RestartJob(int socket_fd,
const std::vector<std::string>& argv,
RestartJobReason reason,
chromeos::VoidDBusMethodCallback callback) = 0;
// Sends the user's password to the session manager.
virtual void SaveLoginPassword(const std::string& password) = 0;
// Used to report errors from |LoginScreenStorageStore()|. |error| should
// contain an error message if an error occurred.
using LoginScreenStorageStoreCallback =
chromeos::DBusMethodCallback<std::string /* error */>;
// Stores data to the login screen storage. login screen storage is a D-Bus
// API that is used by the custom login screen implementations to inject
// credentials into the session and store persistent data across the login
// screen restarts.
virtual void LoginScreenStorageStore(
const std::string& key,
const login_manager::LoginScreenStorageMetadata& metadata,
const std::string& data,
LoginScreenStorageStoreCallback callback) = 0;
// Used for |LoginScreenStorageRetrieve()| method. |data| argument is the data
// returned by the session manager. |error| contains an error message if an
// error occurred, otherwise empty.
using LoginScreenStorageRetrieveCallback =
base::OnceCallback<void(std::optional<std::string> /* data */,
std::optional<std::string> /* error */)>;
// Retrieve data stored earlier with the |LoginScreenStorageStore()| method.
virtual void LoginScreenStorageRetrieve(
const std::string& key,
LoginScreenStorageRetrieveCallback callback) = 0;
// Used for |LoginScreenStorageListKeys()| method. |keys| argument is the list
// of keys currently stored in the login screen storage. In case of error,
// |keys| is empty and |error| contains the error message.
using LoginScreenStorageListKeysCallback =
base::OnceCallback<void(std::vector<std::string> /* keys */,
std::optional<std::string> /* error */)>;
// List all keys currently stored in the login screen storage.
virtual void LoginScreenStorageListKeys(
LoginScreenStorageListKeysCallback callback) = 0;
// Delete a key and the value associated with it from the login screen
// storage.
virtual void LoginScreenStorageDelete(const std::string& key) = 0;
// Starts the session for the user.
virtual void StartSession(
const cryptohome::AccountIdentifier& cryptohome_id) = 0;
// Same as |StartSession|, but also tells session_manager whether Chrome will
// handle owner key generation or not (based on |chrome_side_key_generation|).
virtual void StartSessionEx(
const cryptohome::AccountIdentifier& cryptohome_id,
bool chrome_side_key_generation) = 0;
// Emits the "started-user-session" upstart signal to notify all the critical
// login tasks are completed.
virtual void EmitStartedUserSession(
const cryptohome::AccountIdentifier& cryptohome_id) = 0;
// Stops the current session. Don't call directly unless there's no user on
// the device. Use SessionTerminationManager::StopSession instead.
virtual void StopSession(login_manager::SessionStopReason reason) = 0;
// Triggers loading the shill profile for |cryptohome_id|.
virtual void LoadShillProfile(
const cryptohome::AccountIdentifier& cryptohome_id) = 0;
// Starts the factory reset.
virtual void StartDeviceWipe(chromeos::VoidDBusMethodCallback callback) = 0;
// Starts a remotely initiated factory reset, similar to |StartDeviceWipe|
// above, but also performs additional checks on Chrome OS side.
// session_manager validates |signed_command| against SHA256_RSA.
virtual void StartRemoteDeviceWipe(
const enterprise_management::SignedData& signed_command) = 0;
// Set the block_demode and check_enrollment flags to 0 in the VPD.
virtual void ClearForcedReEnrollmentVpd(
chromeos::VoidDBusMethodCallback callback) = 0;
virtual void UnblockDevModeForEnrollment(
chromeos::VoidDBusMethodCallback callback) = 0;
virtual void UnblockDevModeForInitialStateDetermination(
chromeos::VoidDBusMethodCallback callback) = 0;
virtual void UnblockDevModeForCarrierLock(
chromeos::VoidDBusMethodCallback callback) = 0;
// Triggers a TPM firmware update.
virtual void StartTPMFirmwareUpdate(const std::string& update_mode) = 0;
// Sends a request to lock the screen to session_manager. Locking occurs
// asynchronously.
virtual void RequestLockScreen() = 0;
// Notifies session_manager that Chrome has shown the lock screen.
virtual void NotifyLockScreenShown() = 0;
// Notifies session_manager that Chrome has hidden the lock screen.
virtual void NotifyLockScreenDismissed() = 0;
// Makes session_manager add some flags to carry out browser data migration
// upon next ash-chrome restart. The method returns true if the DBus call was
// successful. The callback is passed true if the DBus call is successful and
// false otherwise.
// This method is blocking. Do not use unless necessary.
virtual bool BlockingRequestBrowserDataMigration(
const cryptohome::AccountIdentifier& cryptohome_id,
const std::string& mode) = 0;
// Makes session_manager add some flags to carry out browser data backward
// migration upon next ash-chrome restart. The method returns true if the DBus
// call was successful. The callback is passed true if the DBus call is
// successful and false otherwise.
// This method is blocking. Do not use unless necessary.
virtual bool BlockingRequestBrowserDataBackwardMigration(
const cryptohome::AccountIdentifier& cryptohome_id) = 0;
// Map that is used to describe the set of active user sessions where |key|
// is cryptohome id and |value| is user_id_hash.
using ActiveSessionsMap = std::map<std::string, std::string>;
// The ActiveSessionsCallback is used for the RetrieveActiveSessions()
// method. It receives |sessions| argument where the keys are cryptohome_ids
// for all users that are currently active.
using ActiveSessionsCallback =
chromeos::DBusMethodCallback<ActiveSessionsMap /* sessions */>;
// Enumerates active user sessions. Usually Chrome naturally keeps track of
// active users when they are added into current session. When Chrome is
// restarted after crash by session_manager it only receives cryptohome id and
// user_id_hash for one user. This method is used to retrieve list of all
// active users.
virtual void RetrieveActiveSessions(ActiveSessionsCallback callback) = 0;
// TODO(crbug.com/41344863): Change the policy storage interface so that it
// has a single StorePolicy, RetrievePolicy, BlockingRetrivePolicy method that
// takes a PolicyDescriptor.
// Used for RetrieveDevicePolicy, RetrievePolicyForUser and
// RetrieveDeviceLocalAccountPolicy. Takes a serialized protocol buffer as
// string. Upon success, we will pass a protobuf and SUCCESS |response_type|
// to the callback. On failure, we will pass "" and the details of error type
// in |response_type|.
using RetrievePolicyCallback =
base::OnceCallback<void(RetrievePolicyResponseType response_type,
const std::string& protobuf)>;
// Fetches a policy blob stored by the session manager. Invokes |callback|
// upon completion.
virtual void RetrievePolicy(const login_manager::PolicyDescriptor& descriptor,
RetrievePolicyCallback callback) = 0;
// Same as RetrievePolicy() but blocks until a reply is
// received, and populates the policy synchronously. Returns SUCCESS when
// successful, or the corresponding error from enum in case of a failure.
// This may only be called in situations where blocking the UI thread is
// considered acceptable (e.g. restarting the browser after a crash or after
// a flag change).
// TODO(crbug.com/40296212): Get rid of blocking calls.
virtual RetrievePolicyResponseType BlockingRetrievePolicy(
const login_manager::PolicyDescriptor& descriptor,
std::string* policy_out) = 0;
// Attempts to asynchronously store |policy_blob| as device policy. Upon
// completion of the store attempt, we will call callback.
virtual void StoreDevicePolicy(const std::string& policy_blob,
chromeos::VoidDBusMethodCallback callback) = 0;
// Attempts to asynchronously store |policy_blob| as user policy for the
// given |cryptohome_id|. Upon completion of the store attempt, we will call
// callback.
virtual void StorePolicyForUser(
const cryptohome::AccountIdentifier& cryptohome_id,
const std::string& policy_blob,
chromeos::VoidDBusMethodCallback callback) = 0;
// Sends a request to store a policy blob for the specified device-local
// account. The result of the operation is reported through |callback|.
virtual void StoreDeviceLocalAccountPolicy(
const std::string& account_id,
const std::string& policy_blob,
chromeos::VoidDBusMethodCallback callback) = 0;
// Sends a request to store a |policy_blob| to Session Manager. The storage
// location is determined by |descriptor|. The result of the operation is
// reported through |callback|.
virtual void StorePolicy(const login_manager::PolicyDescriptor& descriptor,
const std::string& policy_blob,
chromeos::VoidDBusMethodCallback callback) = 0;
// Returns whether session manager can be used to restart Chrome in order to
// apply per-user session flags, or start guest session.
// This returns true for the real session manager client implementation, and
// false for the fake (unless explicitly set by a test).
virtual bool SupportsBrowserRestart() const = 0;
// Sets the flags to be applied next time by the session manager when Chrome
// is restarted inside an already started session for a particular user.
virtual void SetFlagsForUser(
const cryptohome::AccountIdentifier& cryptohome_id,
const std::vector<std::string>& flags) = 0;
// Sets feature flags to pass next time Chrome gets restarted by the session
// manager.
virtual void SetFeatureFlagsForUser(
const cryptohome::AccountIdentifier& cryptohome_id,
const std::vector<std::string>& feature_flags,
const std::map<std::string, std::string>& origin_list_flags) = 0;
using StateKeysCallback = base::OnceCallback<void(
const base::expected<std::vector<std::string>, StateKeyErrorType>&
state_keys)>;
// Get the currently valid server-backed state keys for the device.
// Server-backed state keys are opaque, device-unique, time-dependent,
// client-determined identifiers that are used for keying state in the cloud
// for the device to retrieve after a device factory reset.
//
// The state keys are returned asynchronously via |callback|. The callback
// is invoked with an empty state key vector in case of errors. If the time
// sync fails or there's no network, the callback is never invoked.
virtual void GetServerBackedStateKeys(StateKeysCallback callback) = 0;
using PsmDeviceActiveSecretCallback =
base::OnceCallback<void(const std::string& psm_device_active_secret)>;
// Get a derivative of the stable_device_secret_DO_NOT_SHARE vpd field.
// Derivative of this field is used to prevent privacy complications in the
// case of a Chrome data leak.
//
// The string is returned asynchronously via |callback|. The callback is
// invoked with an empty string in case of errors.
virtual void GetPsmDeviceActiveSecret(
PsmDeviceActiveSecretCallback callback) = 0;
// StartArcMiniContainer starts a container with only a handful of ARC
// processes for Chrome OS login screen.
virtual void StartArcMiniContainer(
const arc::StartArcMiniInstanceRequest& request,
chromeos::VoidDBusMethodCallback callback) = 0;
// UpgradeArcContainer upgrades a mini-container to a full ARC container. On
// upgrade failure, the container will be shutdown. The container shutdown
// will trigger the ArcInstanceStopped signal (as usual). There are no
// guarantees over whether this |callback| is invoked or the
// ArcInstanceStopped signal is received first.
virtual void UpgradeArcContainer(
const arc::UpgradeArcContainerRequest& request,
chromeos::VoidDBusMethodCallback callback) = 0;
// Asynchronously stops the ARC instance. When |should_backup_log| is set to
// true it also initiates ARC log back up operation on debugd for the given
// |account_id|. Upon completion, invokes |callback| with the result;
// true on success, false on failure (either session manager failed to
// stop an instance or session manager can not be reached).
virtual void StopArcInstance(const std::string& account_id,
bool should_backup_log,
chromeos::VoidDBusMethodCallback callback) = 0;
// Adjusts the amount of CPU the ARC instance is allowed to use. When
// |restriction_state| is CONTAINER_CPU_RESTRICTION_FOREGROUND the limit is
// adjusted so ARC can use all the system's CPU if needed. When it is
// CONTAINER_CPU_RESTRICTION_BACKGROUND, ARC can only use tightly restricted
// CPU resources. The ARC instance is started in a state that is more
// restricted than CONTAINER_CPU_RESTRICTION_BACKGROUND. When ARC is not
// supported, the function asynchronously runs the |callback| with false.
virtual void SetArcCpuRestriction(
login_manager::ContainerCpuRestrictionState restriction_state,
chromeos::VoidDBusMethodCallback callback) = 0;
// Emits the "arc-booted" upstart signal.
virtual void EmitArcBooted(const cryptohome::AccountIdentifier& cryptohome_id,
chromeos::VoidDBusMethodCallback callback) = 0;
// Asynchronously retrieves the timestamp which ARC instance is invoked.
// Returns nullopt if there is no ARC instance or ARC is not available.
virtual void GetArcStartTime(
chromeos::DBusMethodCallback<base::TimeTicks> callback) = 0;
using EnableAdbSideloadCallback =
base::OnceCallback<void(AdbSideloadResponseCode response_code)>;
// Asynchronously attempts to enable ARC APK Sideloading. Upon completion,
// invokes |callback| with the result; true on success, false on failure of
// any kind.
virtual void EnableAdbSideload(EnableAdbSideloadCallback callback) = 0;
using QueryAdbSideloadCallback =
base::OnceCallback<void(AdbSideloadResponseCode response_code,
bool is_allowed)>;
// Asynchronously queries for the current status of ARC APK Sideloading. Upon
// completion, invokes |callback| with |succeeded| indicating if the query
// could be completed. If |succeeded| is true, |is_allowed| contains the
// current status of whether ARC APK Sideloading is allowed on this device,
// based on previous explicit user opt-in.
virtual void QueryAdbSideload(QueryAdbSideloadCallback callback) = 0;
protected:
// Use Initialize/Shutdown instead.
SessionManagerClient();
virtual ~SessionManagerClient();
};
} // namespace ash
#endif // CHROMEOS_ASH_COMPONENTS_DBUS_SESSION_MANAGER_SESSION_MANAGER_CLIENT_H_