chromium/chrome/browser/ash/policy/core/device_cloud_policy_store_ash.h

// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CHROME_BROWSER_ASH_POLICY_CORE_DEVICE_CLOUD_POLICY_STORE_ASH_H_
#define CHROME_BROWSER_ASH_POLICY_CORE_DEVICE_CLOUD_POLICY_STORE_ASH_H_

#include <memory>

#include "base/memory/raw_ptr.h"
#include "base/memory/ref_counted.h"
#include "base/memory/weak_ptr.h"
#include "chrome/browser/ash/policy/core/device_cloud_policy_validator.h"
#include "chrome/browser/ash/settings/device_settings_service.h"
#include "components/policy/core/common/cloud/cloud_policy_store.h"

namespace ash {
class InstallAttributes;
}

namespace base {
class SequencedTaskRunner;
}

namespace enterprise_management {
class PolicyFetchResponse;
}

namespace policy {

// CloudPolicyStore implementation for device policy on Ash. Policy is
// stored/loaded via D-Bus to/from session_manager.
// TODO(tnagel): Either drop "Cloud" from the name or refactor.
class DeviceCloudPolicyStoreAsh : public CloudPolicyStore,
                                  public ash::DeviceSettingsService::Observer {
 public:
  DeviceCloudPolicyStoreAsh(
      ash::DeviceSettingsService* device_settings_service,
      ash::InstallAttributes* install_attributes,
      scoped_refptr<base::SequencedTaskRunner> background_task_runner);

  DeviceCloudPolicyStoreAsh(const DeviceCloudPolicyStoreAsh&) = delete;
  DeviceCloudPolicyStoreAsh& operator=(const DeviceCloudPolicyStoreAsh&) =
      delete;

  ~DeviceCloudPolicyStoreAsh() override;

  // CloudPolicyStore:
  // Note that Store() must not be called before the store gets initialized (by
  // means of either Load() or InstallInitialPolicy()).
  void Store(const enterprise_management::PolicyFetchResponse& policy) override;
  void Load() override;

  // Installs initial policy. This is different from Store() in that it skips
  // the signature validation step against already-installed policy. The checks
  // against installation-time attributes are performed nevertheless. The result
  // of the operation is reported through the OnStoreLoaded() or OnStoreError()
  // observer callbacks.
  void InstallInitialPolicy(
      const enterprise_management::PolicyFetchResponse& policy);

  // ash::DeviceSettingsService::Observer:
  void DeviceSettingsUpdated() override;
  void OnDeviceSettingsServiceShutdown() override;

  // CloudPolicyStore:
  void UpdateFirstPoliciesLoaded() override;

 private:
  // Create a validator for |policy| with basic device policy configuration and
  // OnPolicyStored() as the completion callback.
  std::unique_ptr<DeviceCloudPolicyValidator> CreateValidator(
      const enterprise_management::PolicyFetchResponse& policy);

  // Called on completion on the policy validation prior to storing policy.
  // Starts the actual store operation.
  void OnPolicyToStoreValidated(DeviceCloudPolicyValidator* validator);

  // Handles store completion operations updates status.
  void OnPolicyStored();

  // Re-syncs policy and status from |device_settings_service_|.
  void UpdateFromService();

  // Set |status_| based on device_settings_service_->status().
  void UpdateStatusFromService();

  // For enterprise devices, once per session, validate internal consistency of
  // enrollment state (DM token must be present on enrolled devices) and in case
  // of failure set flag to indicate that recovery is required.
  void CheckDMToken();

  // Whether DM token check has yet been done.
  bool dm_token_checked_ = false;

  raw_ptr<ash::DeviceSettingsService> device_settings_service_;
  raw_ptr<ash::InstallAttributes> install_attributes_;

  scoped_refptr<base::SequencedTaskRunner> background_task_runner_;

  base::WeakPtrFactory<DeviceCloudPolicyStoreAsh> weak_factory_{this};
};

}  // namespace policy

#endif  // CHROME_BROWSER_ASH_POLICY_CORE_DEVICE_CLOUD_POLICY_STORE_ASH_H_