blob: 1444d4734601b02cabdf94b667fd9eeadf75be65 [file] [log] [blame]
// Copyright 2012 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef LOGIN_MANAGER_POLICY_STORE_H_
#define LOGIN_MANAGER_POLICY_STORE_H_
#include <string>
#include <base/files/file_path.h>
#include "bindings/device_management_backend.pb.h"
namespace login_manager {
class PolicyKey;
// This class holds policy settings and takes care of reading from and writing
// it to a file on disk. The policy is represented as a PolicyFetchResponse
// protobuffer, which may contain per-device or per-user policy in its payload.
//
// If there is a policy on disk at creation time, we will load it along with its
// signature. A new policy and its attendant signature can be set at any time
// and persisted to disk on-demand.
//
// THIS CLASS DOES NO SIGNATURE VALIDATION.
// However, derived classes like `ResilientPolicyStore` might perform
// signature validation.
class PolicyStore {
public:
explicit PolicyStore(const base::FilePath& policy_path);
PolicyStore(const PolicyStore&) = delete;
PolicyStore& operator=(const PolicyStore&) = delete;
virtual ~PolicyStore();
// Call LoadOrCreate() if it hasn't been called already. Returns the
// (possibly cached) result from the LoadOrCreate() call.
virtual bool EnsureLoadedOrCreated();
virtual const enterprise_management::PolicyFetchResponse& Get() const;
// Persist |policy_| to disk at |policy_file_|.
// Returns false if there's an error while writing data.
virtual bool Persist();
// Clobber the stored policy with new data.
virtual void Set(const enterprise_management::PolicyFetchResponse& policy);
const base::FilePath policy_path() const { return policy_path_; }
bool resilient_for_testing() const { return is_resilient_store_; }
protected:
PolicyStore(const base::FilePath& policy_path, bool is_resilient);
// Load the signed policy off of disk into |policy_|. Returns true unless
// there is a policy on disk and loading it fails.
virtual bool LoadOrCreate();
// Persist |policy_| to disk at |policy_path|.
// Returns false if there's an error while writing data.
bool PersistToPath(const base::FilePath& policy_path);
// Whether the |policy_| object was explicitly changed for the purpose of
// being persisted, but not persisted yet. Currently this happens only when
// it is updated through Set() method.
bool explicit_update_persist_pending_ = false;
enterprise_management::PolicyFetchResponse policy_;
const base::FilePath policy_path_;
enum LoadResult { NOT_LOADED, LOAD_SUCCEEDED, LOAD_FAILED };
LoadResult load_result_ = NOT_LOADED;
private:
// Load the signed policy off of disk into |policy_| from |policy_path|.
// Returns true unless there is a policy on disk and loading it fails.
bool LoadOrCreateFromPath(const base::FilePath& policy_path);
// The type of policy store. If resilient, the latest policy data are stored
// in multiple files.
const bool is_resilient_store_;
};
} // namespace login_manager
#endif // LOGIN_MANAGER_POLICY_STORE_H_