blob: b1c931f3b39cac0bb29909e049b6b08643038479 [file] [log] [blame]
[email protected]cce15bb2014-06-17 13:43:511// Copyright 2014 The Chromium Authors. All rights reserved.
[email protected]0850e842013-01-19 03:44:312// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]cce15bb2014-06-17 13:43:515#ifndef CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
6#define CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_
[email protected]0850e842013-01-19 03:44:317
avi664c07b2015-12-26 02:18:318#include <stddef.h>
9
treib950c6e82014-09-23 13:07:2910#include <map>
dchengf624e472016-04-12 08:33:1711#include <memory>
treib950c6e82014-09-23 13:07:2912#include <string>
[email protected]0850e842013-01-19 03:44:3113#include <vector>
14
[email protected]438f7e12013-08-07 06:59:0015#include "base/callback.h"
[email protected]076ebeda2014-06-06 21:47:2616#include "base/gtest_prod_util.h"
avi664c07b2015-12-26 02:18:3117#include "base/macros.h"
treibab0a39e2014-09-24 14:48:2818#include "base/observer_list.h"
[email protected]f2253ac2014-05-28 08:37:2119#include "base/scoped_observer.h"
[email protected]f9b294362013-06-10 20:22:3120#include "base/strings/string16.h"
avi664c07b2015-12-26 02:18:3121#include "build/build_config.h"
treibf38cc252016-04-07 14:44:1122#include "chrome/browser/net/file_downloader.h"
treib4edbded2014-09-05 08:43:5523#include "chrome/browser/supervised_user/experimental/supervised_user_blacklist.h"
[email protected]cce15bb2014-06-17 13:43:5124#include "chrome/browser/supervised_user/supervised_user_url_filter.h"
25#include "chrome/browser/supervised_user/supervised_users.h"
[email protected]514fcf22013-08-13 06:37:2426#include "chrome/browser/ui/browser_list_observer.h"
[email protected]12b7af32014-03-13 05:28:2027#include "components/keyed_service/core/keyed_service.h"
brettwb1fc1b82016-02-02 00:19:0828#include "components/prefs/pref_change_registrar.h"
maxbogue455a57e32016-08-14 00:08:3229#include "components/sync/driver/sync_type_preference_provider.h"
Scott Violetc8240b02018-03-08 22:03:5930#include "extensions/buildflags/buildflags.h"
[email protected]c14a6802014-07-11 21:51:1231
brettw00899e62016-11-12 02:10:1732#if BUILDFLAG(ENABLE_EXTENSIONS)
Evan Stade2fad9012019-10-09 18:47:5033#include "extensions/browser/extension_registry.h"
mamire9609642016-06-28 22:17:5434#include "extensions/browser/extension_registry_observer.h"
[email protected]301116c62013-11-26 10:37:4535#include "extensions/browser/management_policy.h"
[email protected]c14a6802014-07-11 21:51:1236#endif
[email protected]0850e842013-01-19 03:44:3137
[email protected]509ad1a92013-03-19 21:41:0638class Browser;
[email protected]4db65f952014-05-20 15:46:3039class PermissionRequestCreator;
[email protected]0850e842013-01-19 03:44:3140class Profile;
treibab0a39e2014-09-24 14:48:2841class SupervisedUserServiceObserver;
[email protected]cce15bb2014-06-17 13:43:5142class SupervisedUserSettingsService;
43class SupervisedUserSiteList;
44class SupervisedUserURLFilter;
bauerb4da36132014-12-26 19:53:1345class SupervisedUserWhitelistService;
[email protected]0850e842013-01-19 03:44:3146
treibdaece84f2014-09-05 12:58:1547namespace base {
48class FilePath;
treibf832a992015-03-24 18:09:2449class Version;
treibdaece84f2014-09-05 12:58:1550}
51
[email protected]443e9312013-05-06 06:17:3452namespace user_prefs {
53class PrefRegistrySyncable;
54}
55
[email protected]cce15bb2014-06-17 13:43:5156// This class handles all the information related to a given supervised profile
[email protected]0850e842013-01-19 03:44:3157// (e.g. the installed content packs, the default URL filtering behavior, or
58// manual whitelist/blacklist overrides).
[email protected]cce15bb2014-06-17 13:43:5159class SupervisedUserService : public KeyedService,
brettw00899e62016-11-12 02:10:1760#if BUILDFLAG(ENABLE_EXTENSIONS)
mamire9609642016-06-28 22:17:5461 public extensions::ExtensionRegistryObserver,
[email protected]cce15bb2014-06-17 13:43:5162 public extensions::ManagementPolicy::Provider,
[email protected]c14a6802014-07-11 21:51:1263#endif
maxbogue7e006db2016-10-03 19:48:2864 public syncer::SyncTypePreferenceProvider,
jam1c5a91492016-02-24 20:47:5365#if !defined(OS_ANDROID)
cm.sanchia0d6add2017-12-13 04:59:3366 public BrowserListObserver,
bauerb5f8cda92015-10-07 15:36:4467#endif
bauerbce9a1a82014-12-18 13:34:2468 public SupervisedUserURLFilter::Observer {
[email protected]0850e842013-01-19 03:44:3169 public:
Carlos IL6b784a62018-03-20 00:26:4970 using SuccessCallback = base::OnceCallback<void(bool)>;
[email protected]0850e842013-01-19 03:44:3171
[email protected]f085fdd52014-06-11 18:09:2072 class Delegate {
73 public:
74 virtual ~Delegate() {}
75 // Returns true to indicate that the delegate handled the (de)activation, or
[email protected]cce15bb2014-06-17 13:43:5176 // false to indicate that the SupervisedUserService itself should handle it.
[email protected]f085fdd52014-06-11 18:09:2077 virtual bool SetActive(bool active) = 0;
78 };
79
dchengc072fff2014-10-21 11:39:0580 ~SupervisedUserService() override;
[email protected]0850e842013-01-19 03:44:3181
[email protected]37ca3fe02013-07-05 15:32:4482 static void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry);
[email protected]0850e842013-01-19 03:44:3183
bauerb5f8cda92015-10-07 15:36:4484 // Initializes this object.
85 void Init();
86
[email protected]f085fdd52014-06-11 18:09:2087 void SetDelegate(Delegate* delegate);
88
mmenkedb2637ff2017-03-30 23:59:4289 // Returns the URL filter for filtering navigations and classifying sites in
90 // the history view. Both this method and the returned filter may only be used
91 // on the UI thread.
92 SupervisedUserURLFilter* GetURLFilter();
[email protected]0850e842013-01-19 03:44:3193
bauerb4da36132014-12-26 19:53:1394 // Returns the whitelist service.
95 SupervisedUserWhitelistService* GetWhitelistService();
96
atanasova9572aaf2016-02-26 18:08:2697 const std::vector<scoped_refptr<SupervisedUserSiteList>>& whitelists() const {
98 return whitelists_;
99 }
100
treib8ecc1eb52015-03-04 18:29:06101 // Whether the user can request to get access to blocked URLs or to new
102 // extensions.
[email protected]0369d6ab2013-08-09 01:52:59103 bool AccessRequestsEnabled();
104
treib8ecc1eb52015-03-04 18:29:06105 // Adds an access request for the given URL.
Carlos IL6b784a62018-03-20 00:26:49106 void AddURLAccessRequest(const GURL& url, SuccessCallback callback);
treib8ecc1eb52015-03-04 18:29:06107
mamire9609642016-06-28 22:17:54108 // Get the string used to identify an extension install or update request.
109 // Public for testing.
110 static std::string GetExtensionRequestId(const std::string& extension_id,
111 const base::Version& version);
treib40d3ad92015-10-20 18:15:42112
[email protected]a9c2d642013-05-31 14:37:14113 // Returns the email address of the custodian.
114 std::string GetCustodianEmailAddress() const;
115
Danan Sbef6ca22019-05-09 18:15:54116 // Returns the obfuscated GAIA id of the custodian.
117 std::string GetCustodianObfuscatedGaiaId() const;
118
[email protected]fae057a2013-06-21 22:46:08119 // Returns the name of the custodian, or the email address if the name is
120 // empty.
121 std::string GetCustodianName() const;
122
treib3e7ecf72014-10-24 16:44:07123 // Returns the email address of the second custodian, or the empty string
124 // if there is no second custodian.
125 std::string GetSecondCustodianEmailAddress() const;
126
Danan Sbef6ca22019-05-09 18:15:54127 // Returns the obfuscated GAIA id of the second custodian or the empty
128 // string if there is no second custodian.
129 std::string GetSecondCustodianObfuscatedGaiaId() const;
130
treib3e7ecf72014-10-24 16:44:07131 // Returns the name of the second custodian, or the email address if the name
Danan Sbef6ca22019-05-09 18:15:54132 // is empty, or the empty string if there is no second custodian.
treib3e7ecf72014-10-24 16:44:07133 std::string GetSecondCustodianName() const;
134
treib2170ea02015-10-13 14:55:12135 // Returns a message saying that extensions can only be modified by the
136 // custodian.
137 base::string16 GetExtensionsLockedMessage() const;
138
yilkal190d97c2019-09-06 23:50:03139 bool IsSupervisedUserIframeFilterEnabled() const;
140
jam1c5a91492016-02-24 20:47:53141#if !defined(OS_ANDROID)
[email protected]a243d644c2013-06-20 18:37:55142 // Initializes this profile for syncing, using the provided |refresh_token| to
143 // mint access tokens for Sync.
144 void InitSync(const std::string& refresh_token);
thestig1b76f1a2015-09-30 22:52:38145#endif
[email protected]acfcfbb2013-05-13 18:01:27146
treibab0a39e2014-09-24 14:48:28147 void AddObserver(SupervisedUserServiceObserver* observer);
148 void RemoveObserver(SupervisedUserServiceObserver* observer);
149
treib531fc7312014-12-09 12:49:20150 void AddPermissionRequestCreator(
dchengf624e472016-04-12 08:33:17151 std::unique_ptr<PermissionRequestCreator> creator);
bauerb646019b12014-10-16 16:23:09152
bauerb5f8cda92015-10-07 15:36:44153 // ProfileKeyedService override:
154 void Shutdown() override;
155
[email protected]3a276ff2014-08-12 14:22:09156 // SyncTypePreferenceProvider implementation:
Maksim Moskvitin35f598b2019-04-18 11:47:00157 syncer::UserSelectableTypeSet GetForcedTypes() const override;
Marc Treibb3bbf1d22019-03-27 15:45:39158 bool IsEncryptEverythingAllowed() const override;
[email protected]3a276ff2014-08-12 14:22:09159
jam1c5a91492016-02-24 20:47:53160#if !defined(OS_ANDROID)
cm.sanchia0d6add2017-12-13 04:59:33161 // BrowserListObserver implementation:
dchengc072fff2014-10-21 11:39:05162 void OnBrowserSetLastActive(Browser* browser) override;
jam1c5a91492016-02-24 20:47:53163#endif // !defined(OS_ANDROID)
[email protected]dfddd022013-07-10 17:29:48164
bauerbce9a1a82014-12-18 13:34:24165 // SupervisedUserURLFilter::Observer implementation:
166 void OnSiteListUpdated() override;
167
Danan Sc1945912019-06-27 02:56:30168#if !defined(OS_ANDROID)
169 bool signout_required_after_supervision_enabled() {
170 return signout_required_after_supervision_enabled_;
171 }
172 void set_signout_required_after_supervision_enabled() {
173 signout_required_after_supervision_enabled_ = true;
174 }
175#endif // !defined(OS_ANDROID)
176
yilkal921048bd2019-10-09 23:51:04177 void SetPrimaryPermissionCreatorForTest(
178 std::unique_ptr<PermissionRequestCreator> permission_creator);
179
[email protected]0850e842013-01-19 03:44:31180 private:
[email protected]cce15bb2014-06-17 13:43:51181 friend class SupervisedUserServiceExtensionTestBase;
182 friend class SupervisedUserServiceFactory;
mamire9609642016-06-28 22:17:54183 FRIEND_TEST_ALL_PREFIXES(
184 SupervisedUserServiceExtensionTest,
185 ExtensionManagementPolicyProviderWithoutSUInitiatedInstalls);
186 FRIEND_TEST_ALL_PREFIXES(
187 SupervisedUserServiceExtensionTest,
188 ExtensionManagementPolicyProviderWithSUInitiatedInstalls);
bauerb95a50682015-01-07 17:04:15189
treib8ecc1eb52015-03-04 18:29:06190 using CreatePermissionRequestCallback =
Carlos IL6b784a62018-03-20 00:26:49191 base::RepeatingCallback<void(PermissionRequestCreator*, SuccessCallback)>;
treib8ecc1eb52015-03-04 18:29:06192
[email protected]cce15bb2014-06-17 13:43:51193 // Use |SupervisedUserServiceFactory::GetForProfile(..)| to get
[email protected]3bf45d02013-07-10 00:03:41194 // an instance of this service.
[email protected]cce15bb2014-06-17 13:43:51195 explicit SupervisedUserService(Profile* profile);
[email protected]3bf45d02013-07-10 00:03:41196
[email protected]f085fdd52014-06-11 18:09:20197 void SetActive(bool active);
198
[email protected]cce15bb2014-06-17 13:43:51199 bool ProfileIsSupervised() const;
[email protected]e000daf2013-07-31 16:50:58200
treib3fce4e92014-09-26 16:06:25201 void OnCustodianInfoChanged();
202
brettw00899e62016-11-12 02:10:17203#if BUILDFLAG(ENABLE_EXTENSIONS)
treibbb9a1962015-02-25 13:40:59204 // extensions::ManagementPolicy::Provider implementation:
205 std::string GetDebugPolicyProviderName() const override;
206 bool UserMayLoad(const extensions::Extension* extension,
207 base::string16* error) const override;
treib755c12d2015-03-30 08:46:25208 bool UserMayModifySettings(const extensions::Extension* extension,
209 base::string16* error) const override;
treibbb9a1962015-02-25 13:40:59210 bool MustRemainInstalled(const extensions::Extension* extension,
211 base::string16* error) const override;
mamire9609642016-06-28 22:17:54212 bool MustRemainDisabled(const extensions::Extension* extension,
Minh X. Nguyen45479012017-08-18 21:35:36213 extensions::disable_reason::DisableReason* reason,
mamire9609642016-06-28 22:17:54214 base::string16* error) const override;
215
216 // extensions::ExtensionRegistryObserver overrides:
217 void OnExtensionInstalled(content::BrowserContext* browser_context,
218 const extensions::Extension* extension,
219 bool is_update) override;
[email protected]0850e842013-01-19 03:44:31220
mamir192d7882016-06-22 17:10:16221 // An extension can be in one of the following states:
222 //
223 // FORCED: if it is installed by the custodian.
mamire9609642016-06-28 22:17:54224 // REQUIRE_APPROVAL: if it is installed by the supervised user and
225 // hasn't been approved by the custodian yet.
mamir192d7882016-06-22 17:10:16226 // ALLOWED: Components, Themes, Default extensions ..etc
227 // are generally allowed. Extensions that have been approved by the
228 // custodian are also allowed.
229 // BLOCKED: if it is not ALLOWED or FORCED
230 // and supervised users initiated installs are disabled.
mamire9609642016-06-28 22:17:54231 enum class ExtensionState { FORCED, BLOCKED, ALLOWED, REQUIRE_APPROVAL };
mamir192d7882016-06-22 17:10:16232
mamire9609642016-06-28 22:17:54233 // Returns the state of an extension whether being FORCED, BLOCKED, ALLOWED or
234 // REQUIRE_APPROVAL from the Supervised User service's point of view.
mamir192d7882016-06-22 17:10:16235 ExtensionState GetExtensionState(
mamire9609642016-06-28 22:17:54236 const extensions::Extension& extension) const;
mamir192d7882016-06-22 17:10:16237
[email protected]c14a6802014-07-11 21:51:12238 // Extensions helper to SetActive().
239 void SetExtensionsActive();
mamire9609642016-06-28 22:17:54240
241 // Enables/Disables extensions upon change in approved version of the
242 // extension_id.
243 void ChangeExtensionStateIfNecessary(const std::string& extension_id);
244
245 // Updates the map of approved extensions when the corresponding preference
246 // is changed.
247 void UpdateApprovedExtensions();
[email protected]c14a6802014-07-11 21:51:12248#endif
249
[email protected]cce15bb2014-06-17 13:43:51250 SupervisedUserSettingsService* GetSettingsService();
[email protected]e861bba2013-06-17 15:20:54251
bauerbd3a36cc42014-10-01 13:05:49252 size_t FindEnabledPermissionRequestCreator(size_t start);
treib8ecc1eb52015-03-04 18:29:06253 void AddPermissionRequestInternal(
254 const CreatePermissionRequestCallback& create_request,
Carlos IL6b784a62018-03-20 00:26:49255 SuccessCallback callback,
treib8ecc1eb52015-03-04 18:29:06256 size_t index);
257 void OnPermissionRequestIssued(
258 const CreatePermissionRequestCallback& create_request,
Carlos IL6b784a62018-03-20 00:26:49259 SuccessCallback callback,
treib8ecc1eb52015-03-04 18:29:06260 size_t index,
261 bool success);
bauerbd3a36cc42014-10-01 13:05:49262
[email protected]cce15bb2014-06-17 13:43:51263 void OnSupervisedUserIdChanged();
[email protected]f085fdd52014-06-11 18:09:20264
[email protected]0850e842013-01-19 03:44:31265 void OnDefaultFilteringBehaviorChanged();
266
treib9cc1b112016-01-08 10:08:01267 void OnSafeSitesSettingChanged();
268
bauerb95a50682015-01-07 17:04:15269 void OnSiteListsChanged(
270 const std::vector<scoped_refptr<SupervisedUserSiteList>>& site_lists);
[email protected]0850e842013-01-19 03:44:31271
treib2fd187392015-04-16 17:19:38272 // Asynchronously loads a blacklist from a binary file at |path| and applies
273 // it to the URL filters. If no file exists at |path| yet, downloads a file
274 // from |url| and stores it at |path| first.
treibf136dfb2014-09-25 17:37:47275 void LoadBlacklist(const base::FilePath& path, const GURL& url);
276
treib2fd187392015-04-16 17:19:38277 void OnBlacklistFileChecked(const base::FilePath& path,
278 const GURL& url,
279 bool file_exists);
280
281 // Asynchronously loads a blacklist from a binary file at |path| and applies
282 // it to the URL filters.
treibf136dfb2014-09-25 17:37:47283 void LoadBlacklistFromFile(const base::FilePath& path);
284
treibf38cc252016-04-07 14:44:11285 void OnBlacklistDownloadDone(const base::FilePath& path,
286 FileDownloader::Result result);
treib4edbded2014-09-05 08:43:55287
bauerbce9a1a82014-12-18 13:34:24288 void OnBlacklistLoaded();
289
treib9cc1b112016-01-08 10:08:01290 void UpdateBlacklist();
291
[email protected]5e022292013-02-06 16:42:17292 // Updates the manual overrides for hosts in the URL filters when the
293 // corresponding preference is changed.
294 void UpdateManualHosts();
[email protected]0850e842013-01-19 03:44:31295
[email protected]5e022292013-02-06 16:42:17296 // Updates the manual overrides for URLs in the URL filters when the
297 // corresponding preference is changed.
298 void UpdateManualURLs();
[email protected]0850e842013-01-19 03:44:31299
[email protected]12b7af32014-03-13 05:28:20300 // Owns us via the KeyedService mechanism.
[email protected]0850e842013-01-19 03:44:31301 Profile* profile_;
302
[email protected]f085fdd52014-06-11 18:09:20303 bool active_;
304
305 Delegate* delegate_;
306
[email protected]0850e842013-01-19 03:44:31307 PrefChangeRegistrar pref_change_registrar_;
308
[email protected]dfddd022013-07-10 17:29:48309 bool is_profile_active_;
[email protected]a243d644c2013-06-20 18:37:55310
[email protected]3a276ff2014-08-12 14:22:09311 // True only when |Init()| method has been called.
312 bool did_init_;
313
[email protected]3bf45d02013-07-10 00:03:41314 // True only when |Shutdown()| method has been called.
315 bool did_shutdown_;
316
mmenkedb2637ff2017-03-30 23:59:42317 SupervisedUserURLFilter url_filter_;
treib9cc1b112016-01-08 10:08:01318
mamire9609642016-06-28 22:17:54319 // Stores a map from extension_id -> approved version by the custodian.
320 // It is only relevant for SU-initiated installs.
321 std::map<std::string, base::Version> approved_extensions_map_;
322
treib9cc1b112016-01-08 10:08:01323 enum class BlacklistLoadState {
324 NOT_LOADED,
325 LOAD_STARTED,
326 LOADED
327 } blacklist_state_;
328
329 SupervisedUserBlacklist blacklist_;
dchengf624e472016-04-12 08:33:17330 std::unique_ptr<FileDownloader> blacklist_downloader_;
[email protected]8052b242013-11-15 16:40:55331
dchengf624e472016-04-12 08:33:17332 std::unique_ptr<SupervisedUserWhitelistService> whitelist_service_;
bauerb4da36132014-12-26 19:53:13333
atanasova9572aaf2016-02-26 18:08:26334 std::vector<scoped_refptr<SupervisedUserSiteList>> whitelists_;
335
[email protected]4db65f952014-05-20 15:46:30336 // Used to create permission requests.
leon.han4ea301f2017-03-28 03:36:31337 std::vector<std::unique_ptr<PermissionRequestCreator>> permissions_creators_;
[email protected]4db65f952014-05-20 15:46:30338
brettw00899e62016-11-12 02:10:17339#if BUILDFLAG(ENABLE_EXTENSIONS)
mamire9609642016-06-28 22:17:54340 ScopedObserver<extensions::ExtensionRegistry,
341 extensions::ExtensionRegistryObserver>
Evan Stade2fad9012019-10-09 18:47:50342 registry_observer_{this};
mamire9609642016-06-28 22:17:54343#endif
344
Trent Apteda250ec3ab2018-08-19 08:52:19345 base::ObserverList<SupervisedUserServiceObserver>::Unchecked observer_list_;
treibab0a39e2014-09-24 14:48:28346
Danan Sc1945912019-06-27 02:56:30347#if !defined(OS_ANDROID)
348 bool signout_required_after_supervision_enabled_ = false;
349#endif
350
Jeremy Roman495db682019-07-12 16:03:24351 base::WeakPtrFactory<SupervisedUserService> weak_ptr_factory_{this};
leon.han4ea301f2017-03-28 03:36:31352
353 DISALLOW_COPY_AND_ASSIGN(SupervisedUserService);
[email protected]0850e842013-01-19 03:44:31354};
355
[email protected]cce15bb2014-06-17 13:43:51356#endif // CHROME_BROWSER_SUPERVISED_USER_SUPERVISED_USER_SERVICE_H_