Log enterprise policies for testing/diagnosis purpose.

Example output: ``` [11262:259:0221/102714.805734:VERBOSE1:service.cc(114)] Current effective policies: { LastCheckPeriod = 270 (default) "com.google.Chrome": { Install = 1 (default) Update = 1 (default) RollbackToTargetVersionAllowed = 0 (default) } "com.google.googleearthpro.intel": { Install = 1 (default) Update = 1 (default) TargetVersionPrefix = 7.3.6. (ManagedPreference) RollbackToTargetVersionAllowed = 1 (ManagedPreference) } "{8A69D345-D564-463C-AFF1-A69D9E530F96}": { Install = 1 (default) Update = 1 (default) RollbackToTargetVersionAllowed = 0 (default) } } ``` Bug: 1417343 Change-Id: I9793d11f1a639f001ed2e6bee617de9bdc3d6508 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4265862 Reviewed-by: S Ganesh <ganesh@chromium.org> Commit-Queue: Xiaoling Bao <xiaolingbao@chromium.org> Cr-Commit-Position: refs/heads/main@{#1107990}
chromium · Feb 21, 2023 · 333a43f · 333a43f
1 parent 7fea7e3
commit 333a43f
Show file tree

Hide file tree

Showing 12 changed files with 269 additions and 1 deletion.
diff --git a/chrome/updater/policy/dm_policy_manager.cc b/chrome/updater/policy/dm_policy_manager.cc
@@ -225,6 +225,28 @@ absl::optional<std::vector<std::string>> DMPolicyManager::GetForceInstallApps()
   return absl::nullopt;
 }
 
+absl::optional<std::vector<std::string>> DMPolicyManager::GetAppsWithPolicy()
+    const {
+  std::vector<std::string> apps_with_policy;
+
+  for (const auto& app_settings_proto :
+       omaha_settings_.application_settings()) {
+#if BUILDFLAG(IS_MAC)
+    // BundleIdentifier is preferred over AppGuid as product ID on Mac.
+    // If not found, fall back to AppGuid below.
+    if (app_settings_proto.has_bundle_identifier()) {
+      apps_with_policy.push_back(app_settings_proto.bundle_identifier());
+      continue;
+    }
+#endif  // BUILDFLAG(IS_MAC)
+    if (app_settings_proto.has_app_guid()) {
+      apps_with_policy.push_back(app_settings_proto.app_guid());
+    }
+  }
+
+  return apps_with_policy;
+}
+
 scoped_refptr<PolicyManagerInterface> CreateDMPolicyManager() {
   std::unique_ptr<
       ::wireless_android_enterprise_devicemanagement::OmahaSettingsClientProto>

diff --git a/chrome/updater/policy/dm_policy_manager.h b/chrome/updater/policy/dm_policy_manager.h
@@ -49,6 +49,7 @@ class DMPolicyManager : public PolicyManagerInterface {
   absl::optional<std::string> GetTargetChannel(
       const std::string& app_id) const override;
   absl::optional<std::vector<std::string>> GetForceInstallApps() const override;
+  absl::optional<std::vector<std::string>> GetAppsWithPolicy() const override;
 
  private:
   ~DMPolicyManager() override;

diff --git a/chrome/updater/policy/mac/managed_preference_policy_manager.mm b/chrome/updater/policy/mac/managed_preference_policy_manager.mm
@@ -16,6 +16,7 @@
 #include "chrome/updater/constants.h"
 #include "chrome/updater/policy/mac/managed_preference_policy_manager_impl.h"
 #include "chrome/updater/policy/manager.h"
+#include "third_party/abseil-cpp/absl/types/optional.h"
 
 namespace updater {
 
@@ -55,6 +56,7 @@
   absl::optional<std::string> GetTargetChannel(
       const std::string& app_id) const override;
   absl::optional<std::vector<std::string>> GetForceInstallApps() const override;
+  absl::optional<std::vector<std::string>> GetAppsWithPolicy() const override;
 
  private:
   ~ManagedPreferencePolicyManager() override;
@@ -180,6 +182,21 @@
   return absl::nullopt;
 }
 
+absl::optional<std::vector<std::string>>
+ManagedPreferencePolicyManager::GetAppsWithPolicy() const {
+  NSArray<NSString*>* apps_with_policy = [impl_ appsWithPolicy];
+  if (!apps_with_policy) {
+    return absl::nullopt;
+  }
+
+  std::vector<std::string> app_ids;
+  for (NSString* app in apps_with_policy) {
+    app_ids.push_back(base::SysNSStringToUTF8(app));
+  }
+
+  return app_ids;
+}
+
 NSDictionary* ReadManagedPreferencePolicyDictionary() {
   base::ScopedCFTypeRef<CFPropertyListRef> policies(CFPreferencesCopyAppValue(
       (__bridge CFStringRef)kManagedPreferencesUpdatePolicies,

diff --git a/chrome/updater/policy/mac/managed_preference_policy_manager_impl.h b/chrome/updater/policy/mac/managed_preference_policy_manager_impl.h
@@ -65,6 +65,8 @@ using CRUUpdatePolicyDictionary =
 - (nullable NSString*)targetVersionPrefix:(nonnull NSString*)appid;
 - (int)rollbackToTargetVersion:(nonnull NSString*)appid;
 
+- (nullable NSArray<NSString*>*)appsWithPolicy;
+
 // |policies| should be the dictionary value read from managed preferences
 // under the key "updatePolicies".
 - (nullable instancetype)initWithDictionary:

diff --git a/chrome/updater/policy/mac/managed_preference_policy_manager_impl.mm b/chrome/updater/policy/mac/managed_preference_policy_manager_impl.mm
@@ -301,4 +301,8 @@ - (int)rollbackToTargetVersion:(NSString*)appid {
   return [_appPolicies objectForKey:appid].rollbackToTargetVersion;
 }
 
+- (NSArray<NSString*>*)appsWithPolicy {
+  return [_appPolicies allKeys];
+}
+
 @end
diff --git a/chrome/updater/policy/manager.cc b/chrome/updater/policy/manager.cc
@@ -84,6 +84,7 @@ class DefaultValuesPolicyManager : public PolicyManagerInterface {
   absl::optional<std::string> GetTargetChannel(
       const std::string& app_id) const override;
   absl::optional<std::vector<std::string>> GetForceInstallApps() const override;
+  absl::optional<std::vector<std::string>> GetAppsWithPolicy() const override;
 
  private:
   ~DefaultValuesPolicyManager() override;
@@ -170,6 +171,11 @@ DefaultValuesPolicyManager::GetForceInstallApps() const {
   return absl::nullopt;
 }
 
+absl::optional<std::vector<std::string>>
+DefaultValuesPolicyManager::GetAppsWithPolicy() const {
+  return absl::nullopt;
+}
+
 scoped_refptr<PolicyManagerInterface> GetDefaultValuesPolicyManager() {
   return base::MakeRefCounted<DefaultValuesPolicyManager>();
 }

diff --git a/chrome/updater/policy/manager.h b/chrome/updater/policy/manager.h
@@ -115,6 +115,10 @@ class PolicyManagerInterface
   virtual absl::optional<std::vector<std::string>> GetForceInstallApps()
       const = 0;
 
+  // Returns all apps that have some policy set.
+  virtual absl::optional<std::vector<std::string>> GetAppsWithPolicy()
+      const = 0;
+
  protected:
   friend class base::RefCountedThreadSafe<PolicyManagerInterface>;
   virtual ~PolicyManagerInterface() = default;

diff --git a/chrome/updater/policy/policy_manager.cc b/chrome/updater/policy/policy_manager.cc
@@ -184,6 +184,26 @@ absl::optional<std::vector<std::string>> PolicyManager::GetForceInstallApps()
              : force_install_apps_;
 }
 
+absl::optional<std::vector<std::string>> PolicyManager::GetAppsWithPolicy()
+    const {
+  const char* kAppPolicyPrefixes[] = {
+      kInstallAppsDefault,     kInstallAppPrefix,    kUpdateAppsDefault,
+      kUpdateAppPrefix,        kTargetVersionPrefix, kTargetChannel,
+      kRollbackToTargetVersion};
+  std::vector<std::string> apps_with_policy;
+  base::ranges::for_each(policies_, [&](const auto& policy) {
+    const std::string policy_name = policy.first;
+    base::ranges::for_each(kAppPolicyPrefixes, [&](const auto& prefix) {
+      if (base::StartsWith(policy_name, prefix)) {
+        apps_with_policy.push_back(
+            policy_name.substr(base::StringPiece(prefix).length()));
+      }
+    });
+  });
+
+  return apps_with_policy;
+}
+
 absl::optional<std::string> PolicyManager::GetStringPolicy(
     const std::string& key) const {
   const std::string* policy = policies_.FindString(key);

diff --git a/chrome/updater/policy/policy_manager.h b/chrome/updater/policy/policy_manager.h
@@ -49,6 +49,7 @@ class PolicyManager : public PolicyManagerInterface {
   absl::optional<std::string> GetTargetChannel(
       const std::string& app_id) const override;
   absl::optional<std::vector<std::string>> GetForceInstallApps() const override;
+  absl::optional<std::vector<std::string>> GetAppsWithPolicy() const override;
 
  protected:
   ~PolicyManager() override;

diff --git a/chrome/updater/policy/service.cc b/chrome/updater/policy/service.cc
@@ -4,6 +4,7 @@
 
 #include "chrome/updater/policy/service.h"
 
+#include <set>
 #include <string>
 #include <utility>
 #include <vector>
@@ -17,6 +18,7 @@
 #include "base/ranges/algorithm.h"
 #include "base/sequence_checker.h"
 #include "base/strings/string_util.h"
+#include "base/strings/stringprintf.h"
 #include "base/task/thread_pool.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
@@ -108,7 +110,10 @@ PolicyService::PolicyService(
           external_constants,
           CreateDMPolicyManager()))),
       external_constants_(external_constants),
-      policy_fetcher_(base::MakeRefCounted<PolicyFetcher>(this)) {}
+      policy_fetcher_(base::MakeRefCounted<PolicyFetcher>(this)) {
+  VLOG(1) << "Current effective policies:" << std::endl
+          << GetAllPoliciesAsString();
+}
 
 PolicyService::~PolicyService() = default;
 
@@ -145,6 +150,8 @@ void PolicyService::FetchPoliciesDone(
              base::OnceCallback<void(int)> callback, int result,
              PolicyService::PolicyManagerVector managers) {
             self->policy_managers_ = SortManagers(std::move(managers));
+            VLOG(1) << "Policies after refresh:" << std::endl
+                    << self->GetAllPoliciesAsString();
             std::move(callback).Run(result);
           },
           base::WrapRefCounted(this), std::move(callback), result));
@@ -275,6 +282,133 @@ PolicyStatus<int> PolicyService::DeprecatedGetLastCheckPeriodMinutes() const {
           })));
 }
 
+std::set<std::string> PolicyService::GetAppsWithPolicy() const {
+  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+  std::set<std::string> apps_with_policy;
+
+  base::ranges::for_each(
+      policy_managers_.vector,
+      [&apps_with_policy](
+          const scoped_refptr<PolicyManagerInterface>& manager) {
+        auto apps = manager->GetAppsWithPolicy();
+        if (apps) {
+          apps_with_policy.insert(apps->begin(), apps->end());
+        }
+      });
+
+  return apps_with_policy;
+}
+
+std::string PolicyService::GetAllPoliciesAsString() const {
+  DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+  std::vector<std::string> policies;
+
+  PolicyStatus<base::TimeDelta> last_check_period = GetLastCheckPeriod();
+  if (last_check_period) {
+    policies.push_back(base::StringPrintf(
+        "LastCheckPeriod = %d (%s)", last_check_period.policy().InMinutes(),
+        last_check_period.effective_policy()->source.c_str()));
+  }
+
+  PolicyStatus<UpdatesSuppressedTimes> update_supressed_times =
+      GetUpdatesSuppressedTimes();
+  if (update_supressed_times) {
+    policies.push_back(base::StringPrintf(
+        "UpdatesSuppressed = {StartHour: %d, StartMinute: "
+        "%d, Duration: %d} (%s)",
+        update_supressed_times.policy().start_hour_,
+        update_supressed_times.policy().start_minute_,
+        update_supressed_times.policy().duration_minute_,
+        update_supressed_times.effective_policy()->source.c_str()));
+  }
+
+  PolicyStatus<std::string> download_preference =
+      GetDownloadPreferenceGroupPolicy();
+  if (download_preference) {
+    policies.push_back(base::StringPrintf(
+        "DownloadPreference = %s (%s)", download_preference.policy().c_str(),
+        download_preference.effective_policy()->source.c_str()));
+  }
+
+  PolicyStatus<int> cache_size_limit = GetPackageCacheSizeLimitMBytes();
+  if (cache_size_limit) {
+    policies.push_back(base::StringPrintf(
+        "CacheSizeLimit = %d MB (%s)", cache_size_limit.policy(),
+        cache_size_limit.effective_policy()->source.c_str()));
+  }
+
+  PolicyStatus<int> cache_expiration_time = GetPackageCacheExpirationTimeDays();
+  if (cache_expiration_time) {
+    policies.push_back(base::StringPrintf(
+        "CacheExpires = %d days (%s)", cache_expiration_time.policy(),
+        cache_expiration_time.effective_policy()->source.c_str()));
+  }
+
+  PolicyStatus<std::string> proxy_mode = GetProxyMode();
+  if (proxy_mode) {
+    policies.push_back(
+        base::StringPrintf("ProxyMode = %s (%s)", proxy_mode.policy().c_str(),
+                           proxy_mode.effective_policy()->source.c_str()));
+  }
+
+  PolicyStatus<std::string> proxy_pac_url = GetProxyPacUrl();
+  if (proxy_pac_url) {
+    policies.push_back(base::StringPrintf(
+        "ProxyPacURL = %s (%s)", proxy_pac_url.policy().c_str(),
+        proxy_pac_url.effective_policy()->source.c_str()));
+  }
+  PolicyStatus<std::string> proxy_server = GetProxyServer();
+  if (proxy_server) {
+    policies.push_back(base::StringPrintf(
+        "ProxyServer = %s (%s)", proxy_server.policy().c_str(),
+        proxy_server.effective_policy()->source.c_str()));
+  }
+
+  for (const std::string& app_id : GetAppsWithPolicy()) {
+    std::vector<std::string> app_policies;
+    PolicyStatus<int> app_install = GetPolicyForAppInstalls(app_id);
+    if (app_install) {
+      app_policies.push_back(
+          base::StringPrintf("Install = %d (%s)", app_install.policy(),
+                             app_install.effective_policy()->source.c_str()));
+    }
+
+    PolicyStatus<int> app_update = GetPolicyForAppUpdates(app_id);
+    if (app_update) {
+      app_policies.push_back(
+          base::StringPrintf("Update = %d (%s)", app_update.policy(),
+                             app_update.effective_policy()->source.c_str()));
+    }
+    PolicyStatus<std::string> target_channel = GetTargetChannel(app_id);
+    if (target_channel) {
+      app_policies.push_back(base::StringPrintf(
+          "TargetChannel = %s (%s)", target_channel.policy().c_str(),
+          target_channel.effective_policy()->source.c_str()));
+    }
+    PolicyStatus<std::string> target_version_prefix =
+        GetTargetVersionPrefix(app_id);
+    if (target_version_prefix) {
+      app_policies.push_back(base::StringPrintf(
+          "TargetVersionPrefix = %s (%s)",
+          target_version_prefix.policy().c_str(),
+          target_version_prefix.effective_policy()->source.c_str()));
+    }
+    PolicyStatus<bool> rollback_allowed =
+        IsRollbackToTargetVersionAllowed(app_id);
+    if (rollback_allowed) {
+      app_policies.push_back(base::StringPrintf(
+          "RollbackToTargetVersionAllowed = %d (%s)", rollback_allowed.policy(),
+          rollback_allowed.effective_policy()->source.c_str()));
+    }
+
+    policies.push_back(
+        base::StringPrintf("\"%s\": {\n    %s\n  }", app_id.c_str(),
+                           base::JoinString(app_policies, "\n    ").c_str()));
+  }
+  return base::StringPrintf("{\n  %s\n}\n",
+                            base::JoinString(policies, "\n  ").c_str());
+}
+
 template <typename T>
 PolicyStatus<T> PolicyService::QueryPolicy(
     const base::RepeatingCallback<absl::optional<T>(

diff --git a/chrome/updater/policy/service.h b/chrome/updater/policy/service.h
@@ -5,6 +5,7 @@
 #ifndef CHROME_UPDATER_POLICY_SERVICE_H_
 #define CHROME_UPDATER_POLICY_SERVICE_H_
 
+#include <set>
 #include <string>
 #include <vector>
 
@@ -126,6 +127,8 @@ class PolicyService : public base::RefCountedThreadSafe<PolicyService> {
   // in legacy interfaces where a PolicyStatus<int> is required.
   PolicyStatus<int> DeprecatedGetLastCheckPeriodMinutes() const;
 
+  std::string GetAllPoliciesAsString() const;
+
  protected:
   virtual ~PolicyService();
 
@@ -167,6 +170,8 @@ class PolicyService : public base::RefCountedThreadSafe<PolicyService> {
           absl::optional<T>(const PolicyManagerInterface*,
                             const std::string& app_id)>& policy_query_callback,
       const std::string& app_id) const;
+
+  std::set<std::string> GetAppsWithPolicy() const;
 };
 
 // Decouples the proxy configuration from `PolicyService`.