Codebase Browser
chromium
Go to App

chromium/chrome/browser/enterprise/signals/context_info_fetcher.cc 

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/40285824): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
#endif

#include "chrome/browser/enterprise/signals/context_info_fetcher.h"

#include <memory>

#include "base/command_line.h"
#include "base/files/file_util.h"
#include "base/ranges/algorithm.h"
#include "base/strings/string_split.h"
#include "base/task/thread_pool.h"
#include "base/threading/scoped_blocking_call.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/enterprise/connectors/connectors_service.h"
#include "chrome/browser/enterprise/identifiers/profile_id_service_factory.h"
#include "chrome/browser/enterprise/signals/signals_utils.h"
#include "chrome/browser/enterprise/util/affiliation.h"
#include "chrome/browser/policy/chrome_browser_policy_connector.h"
#include "chrome/browser/policy/profile_policy_connector.h"
#include "chrome/browser/profiles/profile.h"
#include "chrome/common/pref_names.h"
#include "components/component_updater/pref_names.h"
#include "components/enterprise/browser/identifiers/profile_id_service.h"
#include "components/policy/content/policy_blocklist_service.h"
#include "components/version_info/version_info.h"
#include "content/public/browser/site_isolation_policy.h"
#include "device_management_backend.pb.h"

#if BUILDFLAG(IS_POSIX)
#include "net/dns/public/resolv_reader.h"
#include "net/dns/public/scoped_res_state.h"
#endif

#if BUILDFLAG(IS_MAC)
#include <CoreFoundation/CoreFoundation.h>
#endif

#if BUILDFLAG(IS_WIN)
#include <windows.h>

#include <netfw.h>
#include <wrl/client.h>

#include "net/dns/public/win_dns_system_settings.h"
#endif

#if BUILDFLAG(IS_CHROMEOS_ASH)
#include "chromeos/dbus/constants/dbus_switches.h"
#endif

namespace enterprise_signals {

namespace {

std::optional<std::string> GetEnterpriseProfileId(Profile* profile) {}

#if BUILDFLAG(IS_LINUX)
const char** GetUfwConfigPath() {}

SettingValue GetUfwStatus() {}
#endif  // BUILDFLAG(IS_LINUX)

#if BUILDFLAG(IS_WIN)
SettingValue GetWinOSFirewall() {
  Microsoft::WRL::ComPtr<INetFwPolicy2> firewall_policy;
  HRESULT hr = CoCreateInstance(CLSID_NetFwPolicy2, nullptr, CLSCTX_ALL,
                                IID_PPV_ARGS(&firewall_policy));
  if (FAILED(hr)) {
    DLOG(ERROR) << logging::SystemErrorCodeToString(hr);
    return SettingValue::UNKNOWN;
  }

  long profile_types = 0;
  hr = firewall_policy->get_CurrentProfileTypes(&profile_types);
  if (FAILED(hr))
    return SettingValue::UNKNOWN;

  // The most restrictive active profile takes precedence.
  constexpr NET_FW_PROFILE_TYPE2 kProfileTypes[] = {
      NET_FW_PROFILE2_PUBLIC, NET_FW_PROFILE2_PRIVATE, NET_FW_PROFILE2_DOMAIN};
  for (size_t i = 0; i < std::size(kProfileTypes); ++i) {
    if ((profile_types & kProfileTypes[i]) != 0) {
      VARIANT_BOOL enabled = VARIANT_TRUE;
      hr = firewall_policy->get_FirewallEnabled(kProfileTypes[i], &enabled);
      if (FAILED(hr))
        return SettingValue::UNKNOWN;
      if (enabled == VARIANT_TRUE)
        return SettingValue::ENABLED;
      else if (enabled == VARIANT_FALSE)
        return SettingValue::DISABLED;
      else
        return SettingValue::UNKNOWN;
    }
  }
  return SettingValue::UNKNOWN;
}
#endif

#if BUILDFLAG(IS_MAC)
SettingValue GetMacOSFirewall() {
  // There is no official Apple documentation on how to obtain the enabled
  // status of the firewall (System Preferences> Security & Privacy> Firewall).
  // Reading globalstate from com.apple.alf is the closest way to get such an
  // API in Chrome without delegating to potentially unstable commands.
  // Values of "globalstate":
  //   0 = de-activated
  //   1 = on for specific services
  //   2 = on for essential services
  // You can get 2 by, e.g., enabling the "Block all incoming connections"
  // firewall functionality.

  Boolean key_exists_with_valid_format = false;
  CFIndex globalstate = CFPreferencesGetAppIntegerValue(
      CFSTR("globalstate"), CFSTR("com.apple.alf"),
      &key_exists_with_valid_format);

  if (!key_exists_with_valid_format)
    return SettingValue::UNKNOWN;

  switch (globalstate) {
    case 0:
      return SettingValue::DISABLED;
    case 1:
    case 2:
      return SettingValue::ENABLED;
    default:
      return SettingValue::UNKNOWN;
  }
}
#endif

#if BUILDFLAG(IS_CHROMEOS_ASH)
SettingValue GetChromeosFirewall() {
  // The firewall is always enabled and can only be disabled in dev mode on
  // ChromeOS. If the device isn't in dev mode, the firewall is guaranteed to be
  // enabled whereas if it's in dev mode, the firewall could be enabled or not.
  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
  return command_line->HasSwitch(chromeos::switches::kSystemDevMode)
             ? SettingValue::UNKNOWN
             : SettingValue::ENABLED;
}
#endif

}  // namespace

ContextInfo::ContextInfo() = default;
ContextInfo::ContextInfo(ContextInfo&&) = default;
ContextInfo::~ContextInfo() = default;

ContextInfoFetcher::ContextInfoFetcher(
    content::BrowserContext* browser_context,
    enterprise_connectors::ConnectorsService* connectors_service)
    :{}

ContextInfoFetcher::~ContextInfoFetcher() = default;

// static
std::unique_ptr<ContextInfoFetcher> ContextInfoFetcher::CreateInstance(
    content::BrowserContext* browser_context,
    enterprise_connectors::ConnectorsService* connectors_service) {}

ContextInfo ContextInfoFetcher::FetchAsyncSignals(ContextInfo info) {}

void ContextInfoFetcher::Fetch(ContextInfoCallback callback) {}

std::vector<std::string> ContextInfoFetcher::GetBrowserAffiliationIDs() {}

std::vector<std::string> ContextInfoFetcher::GetProfileAffiliationIDs() {}

std::vector<std::string> ContextInfoFetcher::GetAnalysisConnectorProviders(
    enterprise_connectors::AnalysisConnector connector) {}

enterprise_connectors::EnterpriseRealTimeUrlCheckMode
ContextInfoFetcher::GetRealtimeUrlCheckMode() {}

std::vector<std::string> ContextInfoFetcher::GetOnSecurityEventProviders() {}

SettingValue ContextInfoFetcher::GetOSFirewall() {}

#if BUILDFLAG(IS_LINUX)
ScopedUfwConfigPathForTesting::ScopedUfwConfigPathForTesting(const char* path)
    :{}

ScopedUfwConfigPathForTesting::~ScopedUfwConfigPathForTesting() {}
#endif  // BUILDFLAG(IS_LINUX)

std::vector<std::string> ContextInfoFetcher::GetDnsServers() {}

}  // namespace enterprise_signals