// Copyright 2012 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "components/policy/core/common/cloud/cloud_policy_client.h" #include <string> #include <utility> #include "base/containers/contains.h" #include "base/feature_list.h" #include "base/functional/bind.h" #include "base/json/json_reader.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" #include "base/notreached.h" #include "base/observer_list.h" #include "base/strings/stringprintf.h" #include "base/time/time.h" #include "base/uuid.h" #include "base/values.h" #include "build/build_config.h" #include "components/policy/core/common/cloud/client_data_delegate.h" #include "components/policy/core/common/cloud/cloud_policy_util.h" #include "components/policy/core/common/cloud/cloud_policy_validator.h" #include "components/policy/core/common/cloud/device_management_service.h" #include "components/policy/core/common/cloud/dm_auth.h" #include "components/policy/core/common/cloud/dmserver_job_configurations.h" #include "components/policy/core/common/cloud/realtime_reporting_job_configuration.h" #include "components/policy/core/common/cloud/signing_service.h" #include "components/policy/core/common/policy_logger.h" #include "components/policy/core/common/policy_types.h" #include "components/policy/proto/device_management_backend.pb.h" #include "google_apis/gaia/gaia_constants.h" #include "google_apis/gaia/gaia_urls.h" #include "services/network/public/cpp/shared_url_loader_factory.h" #include "third_party/abseil-cpp/absl/cleanup/cleanup.h" em; // An enum for PSM execution result values. PsmExecutionResult; namespace policy { BASE_FEATURE(…); namespace { #if BUILDFLAG(IS_WIN) BASE_FEATURE(kGetBrowserIdentifierAsync, "GetBrowserIdentifierAsync", base::FEATURE_ENABLED_BY_DEFAULT); #endif const char kDmServerCloudPolicyRequestHistogramBase[] = …; // Translates the DeviceRegisterResponse::DeviceMode |mode| to the enum used // internally to represent different device modes. DeviceMode TranslateProtobufDeviceMode( em::DeviceRegisterResponse::DeviceMode mode) { … } // Translates the DeviceRegisterResponse::ThirdPartyIdentityType |identity_type| // to the enum used internally to represent different third party identity // types. ThirdPartyIdentityType TranslateProtobufThirdPartyIdentityType( em::DeviceRegisterResponse::ThirdPartyIdentityType identity_type) { … } bool IsChromePolicy(const std::string& type) { … } em::DevicePolicyRequest::Reason TranslateFetchReason(PolicyFetchReason reason) { … } em::PolicyValidationReportRequest::ValidationResultType TranslatePolicyValidationResult(CloudPolicyValidatorBase::Status status) { … } em::PolicyValueValidationIssue::ValueValidationIssueSeverity TranslatePolicyValidationResultSeverity( ValueValidationIssue::Severity severity) { … } template <typename T> std::vector<T> ToVector( const google::protobuf::RepeatedPtrField<T>& proto_container) { … } std::tuple<DeviceManagementStatus, std::vector<em::SignedData>> DecodeRemoteCommands(DeviceManagementStatus status, const em::DeviceManagementResponse& response) { … } // Returns a separator-less string with MAC address to match the format of // reporting MAC addresses. std::string FormatMacAddress(const CloudPolicyClient::MacAddress& mac_address) { … } // Returns the histogram variant for the corresponding `type`. Returns nullopt // if there is no variant for the type. std::optional<std::string_view> HistogramVariantForType(std::string_view type) { … } } // namespace CloudPolicyClient::RegistrationParameters::RegistrationParameters( em::DeviceRegisterRequest::Type registration_type, em::DeviceRegisterRequest::Flavor flavor) : … { … } CloudPolicyClient::RegistrationParameters::~RegistrationParameters() = default; CloudPolicyClient::Observer::~Observer() = default; CloudPolicyClient::Result::Result(DeviceManagementStatus status) : … { … } CloudPolicyClient::Result::Result(NotRegistered) : … { … } bool CloudPolicyClient::Result::IsSuccess() const { … } bool CloudPolicyClient::Result::IsClientNotRegisteredError() const { … } bool CloudPolicyClient::Result::IsDMServerError() const { … } DeviceManagementStatus CloudPolicyClient::Result::GetDMServerError() const { … } CloudPolicyClient::CloudPolicyClient( std::string_view machine_id, std::string_view machine_model, std::string_view brand_code, std::string_view attested_device_id, std::optional<MacAddress> ethernet_mac_address, std::optional<MacAddress> dock_mac_address, std::string_view manufacture_date, DeviceManagementService* service, scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory, DeviceDMTokenCallback device_dm_token_callback) : … { … } CloudPolicyClient::CloudPolicyClient( const std::string& profile_id, DeviceManagementService* service, scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory, DeviceDMTokenCallback device_dm_token_callback) : … { … } CloudPolicyClient::CloudPolicyClient( DeviceManagementService* service, scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory, DeviceDMTokenCallback device_dm_token_callback) : … { … } CloudPolicyClient::CloudPolicyClient( DeviceManagementService* service, scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory) : … { … } CloudPolicyClient::~CloudPolicyClient() { … } void CloudPolicyClient::SetupRegistration( const std::string& dm_token, const std::string& client_id, const std::vector<std::string>& user_affiliation_ids) { … } // Sets the client ID or generate a new one. A new one is intentionally // generated on each new registration request in order to preserve privacy. // Reusing IDs would mean the server could track clients by their registration // attempts. void CloudPolicyClient::SetClientId(const std::string& client_id) { … } void CloudPolicyClient::Register(const RegistrationParameters& parameters, const std::string& client_id, const std::string& oauth_token) { … } void CloudPolicyClient::RegisterWithCertificate( const RegistrationParameters& parameters, const std::string& client_id, const std::string& pem_certificate_chain, const std::string& sub_organization, std::unique_ptr<SigningService> signing_service) { … } void CloudPolicyClient::RegisterBrowserOrPolicyAgentWithEnrollmentToken( const std::string& token, const std::string& client_id, const ClientDataDelegate& client_data_delegate, bool is_mandatory, DeviceManagementService::JobConfiguration::JobType type) { … } void CloudPolicyClient::RegisterBrowserWithEnrollmentToken( const std::string& token, const std::string& client_id, const ClientDataDelegate& client_data_delegate, bool is_mandatory) { … } void CloudPolicyClient::RegisterPolicyAgentWithEnrollmentToken( const std::string& token, const std::string& client_id, const ClientDataDelegate& client_data_delegate) { … } void CloudPolicyClient::RegisterDeviceWithEnrollmentToken( const RegistrationParameters& parameters, const std::string& client_id, DMAuth enrollment_token_auth) { … } void CloudPolicyClient::RegisterWithOidcResponse( const RegistrationParameters& parameters, const std::string& oauth_token, const std::string& oidc_id_token, const std::string& client_id, const base::TimeDelta& timeout_duration) { … } void CloudPolicyClient::OnRegisterWithCertificateRequestSigned( std::unique_ptr<SigningService> signing_service, bool success, em::SignedData signed_data) { … } void CloudPolicyClient::SetInvalidationInfo(int64_t version, const std::string& payload) { … } void CloudPolicyClient::SetOAuthTokenAsAdditionalAuth( const std::string& oauth_token) { … } em::PolicyFetchRequest::SignatureType CloudPolicyClient::GetPolicyFetchRequestSignatureType() { … } void CloudPolicyClient::FetchPolicy(PolicyFetchReason reason) { … } #if BUILDFLAG(IS_WIN) void CloudPolicyClient::SetBrowserDeviceIdentifier( em::PolicyFetchRequest* request, std::unique_ptr<DMServerJobConfiguration> config, std::unique_ptr<em::BrowserDeviceIdentifier> identifier) { request->set_allocated_browser_device_identifier( GetBrowserDeviceIdentifier().release()); unique_request_job_ = service_->CreateJob(std::move(config)); } #endif // BUILDFLAG(IS_WIN) void CloudPolicyClient::UploadPolicyValidationReport( CloudPolicyValidatorBase::Status status, const std::vector<ValueValidationIssue>& value_validation_issues, const std::string& policy_type, const std::string& policy_token) { … } void CloudPolicyClient::FetchRobotAuthCodes( DMAuth auth, enterprise_management::DeviceServiceApiAccessRequest::DeviceType device_type, const std::set<std::string>& oauth_scopes, RobotAuthCodeCallback callback) { … } void CloudPolicyClient::UploadEnterpriseMachineCertificate( const std::string& certificate_data, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadEnterpriseEnrollmentCertificate( const std::string& certificate_data, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadEnterpriseEnrollmentId( const std::string& enrollment_id, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadDeviceStatus( const em::DeviceStatusReportRequest* device_status, const em::SessionStatusReportRequest* session_status, const em::ChildStatusReportRequest* child_status, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadChromeDesktopReport( std::unique_ptr<em::ChromeDesktopReportRequest> chrome_desktop_report, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadChromeOsUserReport( std::unique_ptr<em::ChromeOsUserReportRequest> chrome_os_user_report, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadChromeProfileReport( std::unique_ptr<em::ChromeProfileReportRequest> chrome_profile_report, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::UploadSecurityEventReport( content::BrowserContext* context, bool include_device_info, base::Value::Dict report, ResultCallback callback) { … } void CloudPolicyClient::UploadAppInstallReport(base::Value::Dict report, ResultCallback callback) { … } void CloudPolicyClient::CancelAppInstallReportUpload() { … } void CloudPolicyClient::FetchRemoteCommands( std::unique_ptr<RemoteCommandJob::UniqueIDType> last_command_id, const std::vector<em::RemoteCommandResult>& command_results, em::PolicyFetchRequest::SignatureType signature_type, const std::string& request_type, RemoteCommandCallback callback) { … } DeviceManagementService::Job* CloudPolicyClient::CreateNewRealtimeReportingJob( base::Value::Dict report, const std::string& server_url, bool include_device_info, ResultCallback callback) { … } void CloudPolicyClient::GetDeviceAttributeUpdatePermission( DMAuth auth, CloudPolicyClient::StatusCallback callback) { … } void CloudPolicyClient::UpdateDeviceAttributes( DMAuth auth, const std::string& asset_id, const std::string& location, CloudPolicyClient::StatusCallback callback) { … } void CloudPolicyClient::UpdateGcmId( const std::string& gcm_id, CloudPolicyClient::StatusCallback callback) { … } void CloudPolicyClient::UploadEuiccInfo( std::unique_ptr<enterprise_management::UploadEuiccInfoRequest> request, CloudPolicyClient::StatusCallback callback) { … } void CloudPolicyClient::OnEuiccInfoUploaded(StatusCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::ClientCertProvisioningRequest( em::ClientCertificateProvisioningRequest request, ClientCertProvisioningRequestCallback callback) { … } void CloudPolicyClient::UploadFmRegistrationToken( enterprise_management::FmRegistrationTokenUploadRequest request, ResultCallback callback) { … } void CloudPolicyClient::OnUploadFmRegistrationTokenResponse( ResultCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::UpdateServiceAccount(const std::string& account_email) { … } void CloudPolicyClient::AddObserver(Observer* observer) { … } void CloudPolicyClient::RemoveObserver(Observer* observer) { … } void CloudPolicyClient::AddPolicyTypeToFetch( const std::string& policy_type, const std::string& settings_entity_id) { … } void CloudPolicyClient::RemovePolicyTypeToFetch( const std::string& policy_type, const std::string& settings_entity_id) { … } void CloudPolicyClient::SetStateKeysToUpload( const std::vector<std::string>& keys) { … } const em::PolicyFetchResponse* CloudPolicyClient::GetPolicyFor( const std::string& policy_type, const std::string& settings_entity_id) const { … } scoped_refptr<network::SharedURLLoaderFactory> CloudPolicyClient::GetURLLoaderFactory() { … } int CloudPolicyClient::GetActiveRequestCountForTest() const { … } void CloudPolicyClient::SetURLLoaderFactoryForTesting( scoped_refptr<network::SharedURLLoaderFactory> factory) { … } void CloudPolicyClient::UploadCertificate( const std::string& certificate_data, em::DeviceCertUploadRequest::CertificateType certificate_type, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::PrepareCertUploadRequest( DMServerJobConfiguration* config, const std::string& certificate_data, enterprise_management::DeviceCertUploadRequest::CertificateType certificate_type) { … } std::unique_ptr<DMServerJobConfiguration> CloudPolicyClient::CreateCertUploadJobConfiguration( CloudPolicyClient::ResultCallback callback) { … } std::unique_ptr<DMServerJobConfiguration> CloudPolicyClient::CreateReportUploadJobConfiguration( DeviceManagementService::JobConfiguration::JobType type, CloudPolicyClient::ResultCallback callback) { … } void CloudPolicyClient::ExecuteCertUploadJob( std::unique_ptr<DMServerJobConfiguration> config) { … } void CloudPolicyClient::OnRegisterCompleted(DMServerJobResult result) { … } void CloudPolicyClient::OnTokenBasedRegisterDeviceCompleted( DMServerJobResult result) { … } void CloudPolicyClient::ProcessDeviceRegisterResponse( const em::DeviceRegisterResponse& response, DeviceManagementStatus dm_status) { … } void CloudPolicyClient::OnFetchRobotAuthCodesCompleted( RobotAuthCodeCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::RecordFetchStatus(DeviceManagementStatus status) { … } void CloudPolicyClient::OnPolicyFetchCompleted(base::Time start_time, DMServerJobResult result) { … } void CloudPolicyClient::OnCertificateUploadCompleted( CloudPolicyClient::ResultCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::OnDeviceAttributeUpdatePermissionCompleted( CloudPolicyClient::StatusCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::OnDeviceAttributeUpdated( CloudPolicyClient::StatusCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::RemoveJob(const DeviceManagementService::Job* job) { … } void CloudPolicyClient::OnReportUploadCompleted(ResultCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::OnRealtimeReportUploadCompleted( ResultCallback callback, DeviceManagementService::Job* job, DeviceManagementStatus status, int reponse_code, std::optional<base::Value::Dict> response) { … } void CloudPolicyClient::OnRemoteCommandsFetched(RemoteCommandCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::OnGcmIdUpdated(StatusCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::OnClientCertProvisioningRequestResponse( ClientCertProvisioningRequestCallback callback, DMServerJobResult result) { … } void CloudPolicyClient::NotifyPolicyFetched() { … } void CloudPolicyClient::NotifyRegistrationStateChanged() { … } void CloudPolicyClient::NotifyClientError() { … } void CloudPolicyClient::NotifyServiceAccountSet( const std::string& account_email) { … } void CloudPolicyClient::CreateDeviceRegisterRequest( const RegistrationParameters& params, const std::string& client_id, em::DeviceRegisterRequest* request) { … } void CloudPolicyClient::CreateUniqueRequestJob( std::unique_ptr<RegistrationJobConfiguration> config) { … } } // namespace policy
Codebase Browser
chromium