// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/google/google_update_policy_fetcher_win.h"
#include <ATLComTime.h>
#include <wrl/client.h>
#include <tuple>
#include <utility>
#include "base/check_op.h"
#include "base/functional/bind.h"
#include "base/numerics/safe_conversions.h"
#include "base/strings/string_split.h"
#include "base/strings/string_util_win.h"
#include "base/strings/utf_string_conversions.h"
#include "base/win/com_init_util.h"
#include "base/win/scoped_bstr.h"
#include "chrome/browser/component_updater/updater_state.h"
#include "chrome/browser/google/google_update_policy_fetcher_win_util.h"
#include "chrome/install_static/install_util.h"
#include "chrome/updater/app/server/win/updater_legacy_idl.h"
#include "components/policy/core/common/policy_map.h"
#include "components/policy/core/common/policy_types.h"
#include "components/policy/core/common/schema.h"
#include "components/strings/grit/components_strings.h"
namespace {
// TODO(crbug.com/40271852): Add unit tests for these GoogleUpdate policies.
constexpr char kAutoUpdateCheckPeriodMinutes[] = "AutoUpdateCheckPeriodMinutes";
constexpr char kDownloadPreference[] = "DownloadPreference";
constexpr char kForceInstallApps[] = "ForceInstallApps";
constexpr char kInstallPolicy[] = "InstallPolicy";
constexpr char kProxyMode[] = "ProxyMode";
constexpr char kProxyPacUrl[] = "ProxyPacUrl";
constexpr char kProxyServer[] = "ProxyServer";
constexpr char kRollbackToTargetVersion[] = "RollbackToTargetVersion";
constexpr char kTargetVersionPrefix[] = "TargetVersionPrefix";
constexpr char kTargetChannel[] = "TargetChannel";
constexpr char kUpdatePolicy[] = "UpdatePolicy";
constexpr char kUpdatesSuppressedDurationMin[] = "UpdatesSuppressedDurationMin";
constexpr char kUpdatesSuppressedStartHour[] = "UpdatesSuppressedStartHour";
constexpr char kUpdatesSuppressedStartMinute[] = "UpdatesSuppressedStartMinute";
constexpr char kCloudPolicyOverridesPlatformPolicy[] =
"CloudPolicyOverridesPlatformPolicy";
// Adds the policy |policy_name| extracted from |policy| into |policies|.
// |value_override_function| is an optional function that modifies and overrides
// the value of the policy that needs to be store in |policies|. This function
// may be used to convert the extracted value, that is always a string into
// other types or formats.
void AddPolicy(const char* policy_name,
IPolicyStatusValue* policy,
policy::PolicyMap& policies,
const PolicyValueOverrideFunction& value_override_function =
PolicyValueOverrideFunction()) {
auto policy_entry =
ConvertPolicyStatusValueToPolicyEntry(policy, value_override_function);
if (policy_entry)
policies.Set(policy_name, std::move(*policy_entry));
}
base::Time DateToTime(DATE date) {
::COleDateTime date_time(date);
base::Time time;
if (date_time.m_status == ::COleDateTime::valid) {
std::ignore = base::Time::FromLocalExploded(
{date_time.GetYear(), date_time.GetMonth(), date_time.GetDayOfWeek(),
date_time.GetDay(), date_time.GetHour(), date_time.GetMinute(),
date_time.GetSecond(), 0},
&time);
}
return time;
}
// Returns the policies from GoogleUpdate. Requires GoogleUpdate
// version 1.3.36.91 (released 07-02-2021) or newer.
std::unique_ptr<policy::PolicyMap> GetGoogleUpdatePolicies(
IPolicyStatus3* policy_status) {
DCHECK(policy_status);
policy_status->refreshPolicies();
auto policies = std::make_unique<policy::PolicyMap>();
base::win::ScopedBstr app_id(install_static::GetAppGuid());
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_lastCheckPeriodMinutes(&policy)))
AddPolicy(kAutoUpdateCheckPeriodMinutes, policy.Get(), *policies);
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_downloadPreferenceGroupPolicy(&policy)))
AddPolicy(kDownloadPreference, policy.Get(), *policies);
}
{
Microsoft::WRL::ComPtr<IPolicyStatus4> policy_status4;
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->QueryInterface(
install_static::IsSystemInstall() ? __uuidof(IPolicyStatus4System)
: __uuidof(IPolicyStatus4User),
IID_PPV_ARGS_Helper(&policy_status4))) &&
SUCCEEDED(
policy_status4->get_cloudPolicyOverridesPlatformPolicy(&policy))) {
AddPolicy(kCloudPolicyOverridesPlatformPolicy, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_forceInstallApps(
install_static::IsSystemInstall(), &policy))) {
AddPolicy(kForceInstallApps, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_effectivePolicyForAppInstalls(app_id.Get(),
&policy))) {
AddPolicy(kInstallPolicy, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_effectivePolicyForAppUpdates(app_id.Get(),
&policy))) {
AddPolicy(kUpdatePolicy, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
VARIANT_BOOL are_updates_suppressed = VARIANT_FALSE;
if (SUCCEEDED(policy_status->get_updatesSuppressedTimes(
&policy, &are_updates_suppressed))) {
// A function that extracts the |index|-th value from a comma-separated
// |initial_value|.
const auto extract_value = [](int index, BSTR initial_value) {
auto split = base::SplitString(
initial_value, L",", base::WhitespaceHandling::TRIM_WHITESPACE,
base::SplitResult::SPLIT_WANT_NONEMPTY);
return base::Value(
base::WideToUTF8(split.size() == 3 ? split[index] : L""));
};
AddPolicy(kUpdatesSuppressedStartHour, policy.Get(), *policies,
base::BindRepeating(extract_value, 0));
AddPolicy(kUpdatesSuppressedStartMinute, policy.Get(), *policies,
base::BindRepeating(extract_value, 1));
AddPolicy(kUpdatesSuppressedDurationMin, policy.Get(), *policies,
base::BindRepeating(extract_value, 2));
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_isRollbackToTargetVersionAllowed(
app_id.Get(), &policy))) {
AddPolicy(kRollbackToTargetVersion, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(
policy_status->get_targetVersionPrefix(app_id.Get(), &policy))) {
AddPolicy(kTargetVersionPrefix, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_targetChannel(app_id.Get(), &policy))) {
AddPolicy(kTargetChannel, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_proxyMode(&policy))) {
AddPolicy(kProxyMode, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_proxyPacUrl(&policy))) {
AddPolicy(kProxyPacUrl, policy.Get(), *policies);
}
}
{
Microsoft::WRL::ComPtr<IPolicyStatusValue> policy;
if (SUCCEEDED(policy_status->get_proxyServer(&policy))) {
AddPolicy(kProxyServer, policy.Get(), *policies);
}
}
return policies;
}
// Returns the state from GoogleUpdate. Requires GoogleUpdate version 1.3.36.91
// (released 07-02-2021) or newer.
std::unique_ptr<GoogleUpdateState> GetGoogleUpdateState(
IPolicyStatus3* policy_status) {
DCHECK(policy_status);
auto state = std::make_unique<GoogleUpdateState>();
base::win::ScopedBstr updater_version;
HRESULT last_com_res =
policy_status->get_updaterVersion(updater_version.Receive());
if (SUCCEEDED(last_com_res)) {
DCHECK(updater_version.Length());
state->version.assign(updater_version.Get(), updater_version.Length());
}
DATE last_checked_time;
last_com_res = policy_status->get_lastCheckedTime(&last_checked_time);
if (SUCCEEDED(last_com_res))
state->last_checked_time = DateToTime(last_checked_time);
return state;
}
} // namespace
GoogleUpdatePoliciesAndState::GoogleUpdatePoliciesAndState() = default;
GoogleUpdatePoliciesAndState::~GoogleUpdatePoliciesAndState() = default;
base::Value GetGoogleUpdatePolicyNames() {
base::Value::List names;
for (const auto& key_value : GetGoogleUpdatePolicySchemas())
names.Append(base::Value(key_value.first));
return base::Value(std::move(names));
}
policy::PolicyConversions::PolicyToSchemaMap GetGoogleUpdatePolicySchemas() {
// TODO(crbug.com/40722467): Use actual schemas.
return policy::PolicyConversions::PolicyToSchemaMap{{
{kAutoUpdateCheckPeriodMinutes, policy::Schema()},
{kDownloadPreference, policy::Schema()},
{kForceInstallApps, policy::Schema()},
{kInstallPolicy, policy::Schema()},
{kProxyMode, policy::Schema()},
{kProxyPacUrl, policy::Schema()},
{kProxyServer, policy::Schema()},
{kRollbackToTargetVersion, policy::Schema()},
{kTargetVersionPrefix, policy::Schema()},
{kTargetChannel, policy::Schema()},
{kUpdatePolicy, policy::Schema()},
{kUpdatesSuppressedDurationMin, policy::Schema()},
{kUpdatesSuppressedStartHour, policy::Schema()},
{kUpdatesSuppressedStartMinute, policy::Schema()},
{kCloudPolicyOverridesPlatformPolicy, policy::Schema()},
}};
}
std::unique_ptr<GoogleUpdatePoliciesAndState>
GetGoogleUpdatePoliciesAndState() {
base::win::AssertComInitialized();
Microsoft::WRL::ComPtr<IPolicyStatus3> policy_status3;
auto policies_and_state = std::make_unique<GoogleUpdatePoliciesAndState>();
const bool is_system_install = install_static::IsSystemInstall();
Microsoft::WRL::ComPtr<IUnknown> unknown;
if (FAILED(::CoCreateInstance(is_system_install
? CLSID_PolicyStatusSystemClass
: CLSID_PolicyStatusUserClass,
nullptr, CLSCTX_ALL, IID_PPV_ARGS(&unknown)))) {
return policies_and_state;
}
// Chrome queries for the SxS IIDs first, with a fallback to the legacy IID.
// Without this change, marshaling can load the typelib from the wrong hive
// (HKCU instead of HKLM, or vice-versa).
HRESULT hr = unknown.CopyTo(is_system_install ? __uuidof(IPolicyStatus3System)
: __uuidof(IPolicyStatus3User),
IID_PPV_ARGS_Helper(&policy_status3));
if (FAILED(hr)) {
hr = unknown.As(&policy_status3);
if (FAILED(hr)) {
return policies_and_state;
}
}
policies_and_state->policies = GetGoogleUpdatePolicies(policy_status3.Get());
policies_and_state->state = GetGoogleUpdateState(policy_status3.Get());
return policies_and_state;
}
Codebase Browser
chromium