headless/lib/browser/policy/headless_browser_policy_connector.cc - chromium/src - Git at Google

 // Copyright 2021 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "headless/lib/browser/policy/headless_browser_policy_connector.h"

 #include <memory>
 #include <string>
 #include <utility>

 #include "base/functional/bind.h"
 #include "base/functional/callback.h"
 #include "base/task/thread_pool.h"
 #include "build/branding_buildflags.h"
 #include "build/build_config.h"
 #include "components/headless/policy/headless_mode_policy_handler.h"
 #include "components/policy/core/browser/configuration_policy_handler.h"  // nogncheck http://crbug.com/1227148
 #include "components/policy/core/browser/url_blocklist_policy_handler.h"  // nogncheck http://crbug.com/1227148
 #include "components/policy/core/common/async_policy_provider.h"  // nogncheck http://crbug.com/1227148
 #include "components/policy/core/common/policy_logger.h"
 #include "components/policy/core/common/policy_pref_names.h"
 #include "components/policy/policy_constants.h"
 #include "headless/lib/browser/policy/headless_prefs.h"

 #if BUILDFLAG(IS_WIN)
 #include "base/win/registry.h"
 #include "components/policy/core/common/policy_loader_win.h"
 #elif BUILDFLAG(IS_MAC)
 #include <CoreFoundation/CoreFoundation.h>
 #include "base/apple/foundation_util.h"
 #include "base/strings/sys_string_conversions.h"
 #include "components/policy/core/common/policy_loader_mac.h"
 #include "components/policy/core/common/preferences_mac.h"
 #elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID)
 #include "components/policy/core/common/config_dir_policy_loader.h"  // nogncheck http://crbug.com/1227148
 #endif

 namespace policy {

 namespace {

 void PopulatePolicyHandlerParameters(PolicyHandlerParameters* parameters) {}

 std::unique_ptr<ConfigurationPolicyHandlerList> BuildHandlerList(
     const Schema& chrome_schema) {
   auto handlers = std::make_unique<ConfigurationPolicyHandlerList>(
       base::BindRepeating(&PopulatePolicyHandlerParameters),
       base::BindRepeating(&GetChromePolicyDetails),
       /*are_future_policies_allowed_by_default=*/false);

 // TODO(kvitekp): remove #ifdef when ChromeOS is supported by //headless.
 #if !BUILDFLAG(IS_CHROMEOS)
   handlers->AddHandler(std::make_unique<headless::HeadlessModePolicyHandler>());
 #endif

   handlers->AddHandler(
       std::make_unique<URLBlocklistPolicyHandler>(key::kURLBlocklist));
   handlers->AddHandler(std::make_unique<SimplePolicyHandler>(
       key::kURLAllowlist, policy_prefs::kUrlAllowlist,
       base::Value::Type::LIST));

   handlers->AddHandler(std::make_unique<SimplePolicyHandler>(
       key::kRemoteDebuggingAllowed,
       headless::prefs::kDevToolsRemoteDebuggingAllowed,
       base::Value::Type::BOOLEAN));

   return handlers;
 }

 }  // namespace

 HeadlessBrowserPolicyConnector::HeadlessBrowserPolicyConnector()
     : BrowserPolicyConnector(base::BindRepeating(&BuildHandlerList)) {}

 HeadlessBrowserPolicyConnector::~HeadlessBrowserPolicyConnector() = default;

 scoped_refptr<PrefStore> HeadlessBrowserPolicyConnector::CreatePrefStore(
     policy::PolicyLevel policy_level) {
   return base::MakeRefCounted<policy::ConfigurationPolicyPrefStore>(
       this, GetPolicyService(), GetHandlerList(), policy_level);
 }

 void HeadlessBrowserPolicyConnector::Init(
     PrefService* local_state,
     scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory) {
   if (PolicyLogger::GetInstance()->IsPolicyLoggingEnabled()) {
     PolicyLogger::GetInstance()->EnableLogDeletion();
   }
 }

 bool HeadlessBrowserPolicyConnector::IsDeviceEnterpriseManaged() const {
   return false;
 }

 bool HeadlessBrowserPolicyConnector::IsCommandLineSwitchSupported() const {
   return false;
 }

 bool HeadlessBrowserPolicyConnector::HasMachineLevelPolicies() {
   return ProviderHasPolicies(GetPlatformProvider());
 }

 ConfigurationPolicyProvider*
 HeadlessBrowserPolicyConnector::GetPlatformProvider() {
   ConfigurationPolicyProvider* provider =
       BrowserPolicyConnectorBase::GetPolicyProviderForTesting();
   return provider ? provider : platform_provider_.get();
 }

 std::vector<std::unique_ptr<policy::ConfigurationPolicyProvider>>
 HeadlessBrowserPolicyConnector::CreatePolicyProviders() {
   auto providers = BrowserPolicyConnector::CreatePolicyProviders();
   if (!BrowserPolicyConnectorBase::GetPolicyProviderForTesting()) {
     std::unique_ptr<ConfigurationPolicyProvider> platform_provider =
         CreatePlatformProvider();
     if (platform_provider) {
       platform_provider_ = platform_provider.get();
       // PlatformProvider should be before all other providers (highest
       // priority).
       providers.insert(providers.begin(), std::move(platform_provider));
     }
   }
   return providers;
 }

 std::unique_ptr<ConfigurationPolicyProvider>
 HeadlessBrowserPolicyConnector::CreatePlatformProvider() {
 #if BUILDFLAG(IS_WIN)
   std::unique_ptr<AsyncPolicyLoader> loader(PolicyLoaderWin::Create(
       base::ThreadPool::CreateSequencedTaskRunner(
           {base::MayBlock(), base::TaskPriority::BEST_EFFORT}),
       policy::PlatformManagementService::GetInstance(),
       kRegistryChromePolicyKey));
   return std::make_unique<AsyncPolicyProvider>(GetSchemaRegistry(),
                                                std::move(loader));
 #elif BUILDFLAG(IS_MAC)
 #if BUILDFLAG(GOOGLE_CHROME_BRANDING)
   // Explicitly watch the "com.google.Chrome" bundle ID, no matter what this
   // app's bundle ID actually is. All channels of Chrome should obey the same
   // policies.
   CFStringRef bundle_id = CFSTR("com.google.Chrome");
 #else
   base::ScopedCFTypeRef<CFStringRef> bundle_id(
       base::SysUTF8ToCFStringRef(base::apple::BaseBundleID()));
 #endif
   auto loader = std::make_unique<PolicyLoaderMac>(
       base::ThreadPool::CreateSequencedTaskRunner(
           {base::MayBlock(), base::TaskPriority::BEST_EFFORT}),
       policy::PolicyLoaderMac::GetManagedPolicyPath(bundle_id),
       new MacPreferences(), bundle_id);
   return std::make_unique<AsyncPolicyProvider>(GetSchemaRegistry(),
                                                std::move(loader));
 #elif BUILDFLAG(IS_POSIX)
   // The following should match chrome::DIR_POLICY_FILES definition in
   // chrome/common/chrome_paths.cc
 #if BUILDFLAG(GOOGLE_CHROME_BRANDING)
   base::FilePath config_dir_path(FILE_PATH_LITERAL("/etc/opt/chrome/policies"));
 #else
   base::FilePath config_dir_path(FILE_PATH_LITERAL("/etc/chromium/policies"));
 #endif
   std::unique_ptr<AsyncPolicyLoader> loader(new ConfigDirPolicyLoader(
       base::ThreadPool::CreateSequencedTaskRunner(
           {base::MayBlock(), base::TaskPriority::BEST_EFFORT}),
       config_dir_path, POLICY_SCOPE_MACHINE));
   return std::make_unique<AsyncPolicyProvider>(GetSchemaRegistry(),
                                                std::move(loader));
 #else
   return nullptr;
 #endif
 }

 }  // namespace policy
	// Copyright 2021 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "headless/lib/browser/policy/headless_browser_policy_connector.h"

	#include <memory>
	#include <string>
	#include <utility>

	#include "base/functional/bind.h"
	#include "base/functional/callback.h"
	#include "base/task/thread_pool.h"
	#include "build/branding_buildflags.h"
	#include "build/build_config.h"
	#include "components/headless/policy/headless_mode_policy_handler.h"
	#include "components/policy/core/browser/configuration_policy_handler.h" // nogncheck http://crbug.com/1227148
	#include "components/policy/core/browser/url_blocklist_policy_handler.h" // nogncheck http://crbug.com/1227148
	#include "components/policy/core/common/async_policy_provider.h" // nogncheck http://crbug.com/1227148
	#include "components/policy/core/common/policy_logger.h"
	#include "components/policy/core/common/policy_pref_names.h"
	#include "components/policy/policy_constants.h"
	#include "headless/lib/browser/policy/headless_prefs.h"

	#if BUILDFLAG(IS_WIN)
	#include "base/win/registry.h"
	#include "components/policy/core/common/policy_loader_win.h"
	#elif BUILDFLAG(IS_MAC)
	#include <CoreFoundation/CoreFoundation.h>
	#include "base/apple/foundation_util.h"
	#include "base/strings/sys_string_conversions.h"
	#include "components/policy/core/common/policy_loader_mac.h"
	#include "components/policy/core/common/preferences_mac.h"
	#elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID)
	#include "components/policy/core/common/config_dir_policy_loader.h" // nogncheck http://crbug.com/1227148
	#endif

	namespace policy {

	namespace {

	void PopulatePolicyHandlerParameters(PolicyHandlerParameters* parameters) {}

	std::unique_ptr<ConfigurationPolicyHandlerList> BuildHandlerList(
	const Schema& chrome_schema) {
	auto handlers = std::make_unique<ConfigurationPolicyHandlerList>(
	base::BindRepeating(&PopulatePolicyHandlerParameters),
	base::BindRepeating(&GetChromePolicyDetails),
	/are_future_policies_allowed_by_default=/false);

	// TODO(kvitekp): remove #ifdef when ChromeOS is supported by //headless.
	#if !BUILDFLAG(IS_CHROMEOS)
	handlers->AddHandler(std::make_unique<headless::HeadlessModePolicyHandler>());
	#endif

	handlers->AddHandler(
	std::make_unique<URLBlocklistPolicyHandler>(key::kURLBlocklist));
	handlers->AddHandler(std::make_unique<SimplePolicyHandler>(
	key::kURLAllowlist, policy_prefs::kUrlAllowlist,
	base::Value::Type::LIST));

	handlers->AddHandler(std::make_unique<SimplePolicyHandler>(
	key::kRemoteDebuggingAllowed,
	headless::prefs::kDevToolsRemoteDebuggingAllowed,
	base::Value::Type::BOOLEAN));

	return handlers;
	}

	} // namespace

	HeadlessBrowserPolicyConnector::HeadlessBrowserPolicyConnector()
	: BrowserPolicyConnector(base::BindRepeating(&BuildHandlerList)) {}

	HeadlessBrowserPolicyConnector::~HeadlessBrowserPolicyConnector() = default;

	scoped_refptr<PrefStore> HeadlessBrowserPolicyConnector::CreatePrefStore(
	policy::PolicyLevel policy_level) {
	return base::MakeRefCounted<policy::ConfigurationPolicyPrefStore>(
	this, GetPolicyService(), GetHandlerList(), policy_level);
	}

	void HeadlessBrowserPolicyConnector::Init(
	PrefService* local_state,
	scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory) {
	if (PolicyLogger::GetInstance()->IsPolicyLoggingEnabled()) {
	PolicyLogger::GetInstance()->EnableLogDeletion();
	}
	}

	bool HeadlessBrowserPolicyConnector::IsDeviceEnterpriseManaged() const {
	return false;
	}

	bool HeadlessBrowserPolicyConnector::IsCommandLineSwitchSupported() const {
	return false;
	}

	bool HeadlessBrowserPolicyConnector::HasMachineLevelPolicies() {
	return ProviderHasPolicies(GetPlatformProvider());
	}

	ConfigurationPolicyProvider*
	HeadlessBrowserPolicyConnector::GetPlatformProvider() {
	ConfigurationPolicyProvider* provider =
	BrowserPolicyConnectorBase::GetPolicyProviderForTesting();
	return provider ? provider : platform_provider_.get();
	}

	std::vector<std::unique_ptr<policy::ConfigurationPolicyProvider>>
	HeadlessBrowserPolicyConnector::CreatePolicyProviders() {
	auto providers = BrowserPolicyConnector::CreatePolicyProviders();
	if (!BrowserPolicyConnectorBase::GetPolicyProviderForTesting()) {
	std::unique_ptr<ConfigurationPolicyProvider> platform_provider =
	CreatePlatformProvider();
	if (platform_provider) {
	platform_provider_ = platform_provider.get();
	// PlatformProvider should be before all other providers (highest
	// priority).
	providers.insert(providers.begin(), std::move(platform_provider));
	}
	}
	return providers;
	}

	std::unique_ptr<ConfigurationPolicyProvider>
	HeadlessBrowserPolicyConnector::CreatePlatformProvider() {
	#if BUILDFLAG(IS_WIN)
	std::unique_ptr<AsyncPolicyLoader> loader(PolicyLoaderWin::Create(
	base::ThreadPool::CreateSequencedTaskRunner(
	{base::MayBlock(), base::TaskPriority::BEST_EFFORT}),
	policy::PlatformManagementService::GetInstance(),
	kRegistryChromePolicyKey));
	return std::make_unique<AsyncPolicyProvider>(GetSchemaRegistry(),
	std::move(loader));
	#elif BUILDFLAG(IS_MAC)
	#if BUILDFLAG(GOOGLE_CHROME_BRANDING)
	// Explicitly watch the "com.google.Chrome" bundle ID, no matter what this
	// app's bundle ID actually is. All channels of Chrome should obey the same
	// policies.
	CFStringRef bundle_id = CFSTR("com.google.Chrome");
	#else
	base::ScopedCFTypeRef<CFStringRef> bundle_id(
	base::SysUTF8ToCFStringRef(base::apple::BaseBundleID()));
	#endif
	auto loader = std::make_unique<PolicyLoaderMac>(
	base::ThreadPool::CreateSequencedTaskRunner(
	{base::MayBlock(), base::TaskPriority::BEST_EFFORT}),
	policy::PolicyLoaderMac::GetManagedPolicyPath(bundle_id),
	new MacPreferences(), bundle_id);
	return std::make_unique<AsyncPolicyProvider>(GetSchemaRegistry(),
	std::move(loader));
	#elif BUILDFLAG(IS_POSIX)
	// The following should match chrome::DIR_POLICY_FILES definition in
	// chrome/common/chrome_paths.cc
	#if BUILDFLAG(GOOGLE_CHROME_BRANDING)
	base::FilePath config_dir_path(FILE_PATH_LITERAL("/etc/opt/chrome/policies"));
	#else
	base::FilePath config_dir_path(FILE_PATH_LITERAL("/etc/chromium/policies"));
	#endif
	std::unique_ptr<AsyncPolicyLoader> loader(new ConfigDirPolicyLoader(
	base::ThreadPool::CreateSequencedTaskRunner(
	{base::MayBlock(), base::TaskPriority::BEST_EFFORT}),
	config_dir_path, POLICY_SCOPE_MACHINE));
	return std::make_unique<AsyncPolicyProvider>(GetSchemaRegistry(),
	std::move(loader));
	#else
	return nullptr;
	#endif
	}

	} // namespace policy