Switch from SignedSettings to DeviceSettingsService.

chrome/browser/chromeos/device_settings_provider.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/device_settings_provider.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/file_util.h"
 #include "base/logging.h"
 #include "base/string_util.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/values.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/cros/cros_library.h"
 #include "chrome/browser/chromeos/cros/network_library.h"
 #include "chrome/browser/chromeos/cros_settings.h"
 #include "chrome/browser/chromeos/cros_settings_names.h"
 #include "chrome/browser/chromeos/login/signed_settings_cache.h"
-#include "chrome/browser/chromeos/login/signed_settings_helper.h"
-#include "chrome/browser/chromeos/login/user_manager.h"
 #include "chrome/browser/policy/app_pack_updater.h"
 #include "chrome/browser/policy/browser_policy_connector.h"
 #include "chrome/browser/policy/cloud_policy_constants.h"
-#include "chrome/browser/policy/proto/chrome_device_policy.pb.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
 #include "chrome/browser/ui/options/options_util.h"
-#include "chrome/common/chrome_notification_types.h"
 #include "chrome/installer/util/google_update_settings.h"
-#include "content/public/browser/notification_service.h"
 
 using google::protobuf::RepeatedPtrField;
 
 namespace em = enterprise_management;
 
 namespace chromeos {
 
 namespace {
 
 // List of settings handled by the DeviceSettingsProvider.
@@ skipping 15 matching lines @@
   kReportDeviceLocation,
   kReportDeviceVersionInfo,
   kScreenSaverExtensionId,
   kScreenSaverTimeout,
   kSettingProxyEverywhere,
   kSignedDataRoamingEnabled,
   kStartUpUrls,
   kStatsReportingPref,
 };
 
-// Upper bound for number of retries to fetch a signed setting.
-static const int kNumRetriesLimit = 9;
-
 // Legacy policy file location. Used to detect migration from pre v12 ChromeOS.
 const char kLegacyPolicyFile[] = "/var/lib/whitelist/preferences";
 
 bool IsControlledSetting(const std::string& pref_path) {
   const char** end = kKnownSettings + arraysize(kKnownSettings);
   return std::find(kKnownSettings, end, pref_path) != end;
 }
 
 bool HasOldMetricsFile() {
   // TODO(pastarmovj): Remove this once migration is not needed anymore.
   // If the value is not set we should try to migrate legacy consent file.
   // Loading consent file state causes us to do blocking IO on UI thread.
   // Temporarily allow it until we fix http://crbug.com/62626
   base::ThreadRestrictions::ScopedAllowIO allow_io;
   return GoogleUpdateSettings::GetCollectStatsConsent();
 }
 
 }  // namespace
 
 DeviceSettingsProvider::DeviceSettingsProvider(
     const NotifyObserversCallback& notify_cb,
-    SignedSettingsHelper* signed_settings_helper)
+    DeviceSettingsService* device_settings_service)
     : CrosSettingsProvider(notify_cb),
-      signed_settings_helper_(signed_settings_helper),
-      ownership_status_(OwnershipService::GetSharedInstance()->GetStatus(true)),
+      device_settings_service_(device_settings_service),
       migration_helper_(new SignedSettingsMigrationHelper()),
-      retries_left_(kNumRetriesLimit),
-      trusted_status_(TEMPORARILY_UNTRUSTED) {
-  // Register for notification when ownership is taken so that we can update
-  // the |ownership_status_| and reload if needed.
-  registrar_.Add(this, chrome::NOTIFICATION_OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED,
-                 content::NotificationService::AllSources());
-  // Make sure we have at least the cache data immediately.
-  RetrieveCachedData();
-  // Start prefetching preferences.
-  Reload();
+      trusted_status_(TEMPORARILY_UNTRUSTED),
+      ownership_status_(device_settings_service_->GetOwnershipStatus(false)),

[pastarmovj, 2012/07/30 13:55:02]

Have you checked if kiosk mode is fine with the possibility that this call will
return UNKNOWN?

[Mattias Nissler (ping if slow), 2012/08/02 12:01:52]

KioskModeSettings has a proper PrepareTrustedValues guard, and I've checked in
the VM that it still works.

+      ALLOW_THIS_IN_INITIALIZER_LIST(store_callback_factory_(this)) {
+  device_settings_service_->AddObserver(this);
+
+  if (!UpdateFromService()) {
+    // Make sure we have at least the cache data immediately.
+    RetrieveCachedData();
+  }
 }
 
 DeviceSettingsProvider::~DeviceSettingsProvider() {
-}
-
-void DeviceSettingsProvider::Reload() {
-  // While fetching we can't trust the cache anymore.
-  trusted_status_ = TEMPORARILY_UNTRUSTED;
-  if (ownership_status_ == OwnershipService::OWNERSHIP_NONE) {
-    RetrieveCachedData();
-  } else {
-    // Retrieve the real data.
-    signed_settings_helper_->StartRetrievePolicyOp(
-        base::Bind(&DeviceSettingsProvider::OnRetrievePolicyCompleted,
-                   base::Unretained(this)));
-  }
+  device_settings_service_->RemoveObserver(this);
 }
 
 void DeviceSettingsProvider::DoSet(const std::string& path,
                                    const base::Value& in_value) {
-  if (!UserManager::Get()->IsCurrentUserOwner() &&
-      ownership_status_ != OwnershipService::OWNERSHIP_NONE) {
+  // Make sure that either the current user is the device owner or the
+  // device doesn't have an owner yet.
+  if (!(device_settings_service_->HasPrivateOwnerKey() ||
+        ownership_status_ == DeviceSettingsService::OWNERSHIP_NONE)) {
     LOG(WARNING) << "Changing settings from non-owner, setting=" << path;
 
     // Revert UI change.
     NotifyObservers(path);
     return;
   }
 
   if (IsControlledSetting(path)) {
     pending_changes_.push_back(PendingQueueElement(path, in_value.DeepCopy()));
-    if (pending_changes_.size() == 1)
+    if (!store_callback_factory_.HasWeakPtrs())
       SetInPolicy();
   } else {
     NOTREACHED() << "Try to set unhandled cros setting " << path;
   }
 }
 
-void DeviceSettingsProvider::Observe(
-    int type,
-    const content::NotificationSource& source,
-    const content::NotificationDetails& details) {
-  if (type == chrome::NOTIFICATION_OWNER_KEY_FETCH_ATTEMPT_SUCCEEDED) {
-    // Reload the policy blob once the owner key has been loaded or updated.
-    ownership_status_ = OwnershipService::OWNERSHIP_TAKEN;
-    Reload();
+void DeviceSettingsProvider::OwnershipStatusChanged() {
+  DeviceSettingsService::OwnershipStatus new_ownership_status =
+      device_settings_service_->GetOwnershipStatus(false);
+
+  // If the device just became owned, write the settings accumulated in the
+  // cache to device settings proper. It is important that writing only happens
+  // in this case, as during normal operation, the contents of the cache should
+  // never overwrite actual device settings.
+  if (new_ownership_status == DeviceSettingsService::OWNERSHIP_TAKEN &&
+      ownership_status_ == DeviceSettingsService::OWNERSHIP_NONE &&
+      device_settings_service_->HasPrivateOwnerKey()) {
+
+    // There shouldn't be any pending writes, since the cache writes are all
+    // immediate.
+    DCHECK(!store_callback_factory_.HasWeakPtrs());
+
+    // Kick off a fresh write.
+    StoreDeviceSettings();
   }
+
+  migration_helper_->MigrateValues();
+
+  ownership_status_ = new_ownership_status;
 }
 
-const em::PolicyData DeviceSettingsProvider::policy() const {
-  return policy_;
+void DeviceSettingsProvider::DeviceSettingsUpdated() {
+  if (!store_callback_factory_.HasWeakPtrs())
+    UpdateFromService();
 }
 
 void DeviceSettingsProvider::RetrieveCachedData() {
-  // If there is no owner yet, this function will pull the policy cache from the
-  // temp storage and use that instead.
-  em::PolicyData policy;
-  if (!signed_settings_cache::Retrieve(&policy,
-                                       g_browser_process->local_state())) {
-    VLOG(1) << "Can't retrieve temp store possibly not created yet.";
-    // Prepare empty data for the case we don't have temp cache yet.
-    policy.set_policy_type(kDevicePolicyType);
-    em::ChromeDeviceSettingsProto pol;
-    policy.set_policy_value(pol.SerializeAsString());
+  em::PolicyData policy_data;
+  em::ChromeDeviceSettingsProto device_settings;
+  if (!signed_settings_cache::Retrieve(&policy_data,
+                                       g_browser_process->local_state()) ||
+      !device_settings_.ParseFromString(policy_data.policy_value())) {
+    VLOG(1) << "Can't retrieve temp store, possibly not created yet.";
   }
 
-  policy_ = policy;
-  UpdateValuesCache();
+  UpdateValuesCache(policy_data, device_settings_);
 }
 
 void DeviceSettingsProvider::SetInPolicy() {
   if (pending_changes_.empty()) {
     NOTREACHED();
     return;
   }
 
-  const std::string& prop = pending_changes_[0].first;
-  base::Value* value = pending_changes_[0].second;
-  if (prop == kDeviceOwner) {
-    // Just store it in the memory cache without trusted checks or persisting.
-    std::string owner;
-    if (value->GetAsString(&owner)) {
-      policy_.set_username(owner);
-      // In this case the |value_cache_| takes the ownership of |value|.
-      values_cache_.SetValue(prop, value);
-      NotifyObservers(prop);
-      // We can't trust this value anymore until we reload the real username.
-      trusted_status_ = TEMPORARILY_UNTRUSTED;
-      pending_changes_.erase(pending_changes_.begin());
-      if (!pending_changes_.empty())
-        SetInPolicy();
-    } else {
-      NOTREACHED();
-    }
-    return;
-  }
+  std::string prop(pending_changes_.front().first);
+  scoped_ptr<base::Value> value(pending_changes_.front().second);
+  pending_changes_.pop_front();
 
-  if (RequestTrustedEntity() != TRUSTED) {
-    // Otherwise we should first reload and apply on top of that.
-    signed_settings_helper_->StartRetrievePolicyOp(
-        base::Bind(&DeviceSettingsProvider::FinishSetInPolicy,
-                   base::Unretained(this)));
-    return;
-  }
+  DCHECK_EQ(TRUSTED, RequestTrustedEntity());
 
   trusted_status_ = TEMPORARILY_UNTRUSTED;
-  em::PolicyData data = policy();
-  em::ChromeDeviceSettingsProto pol;
-  pol.ParseFromString(data.policy_value());
   if (prop == kAccountsPrefAllowNewUser) {
-    em::AllowNewUsersProto* allow = pol.mutable_allow_new_users();
+    em::AllowNewUsersProto* allow =
+        device_settings_.mutable_allow_new_users();
     bool allow_value;
     if (value->GetAsBoolean(&allow_value))
       allow->set_allow_new_users(allow_value);
     else
       NOTREACHED();
   } else if (prop == kAccountsPrefAllowGuest) {
-    em::GuestModeEnabledProto* guest = pol.mutable_guest_mode_enabled();
+    em::GuestModeEnabledProto* guest =
+        device_settings_.mutable_guest_mode_enabled();
     bool guest_value;
     if (value->GetAsBoolean(&guest_value))
       guest->set_guest_mode_enabled(guest_value);
     else
       NOTREACHED();
   } else if (prop == kAccountsPrefShowUserNamesOnSignIn) {
-    em::ShowUserNamesOnSigninProto* show = pol.mutable_show_user_names();
+    em::ShowUserNamesOnSigninProto* show =
+        device_settings_.mutable_show_user_names();
     bool show_value;
     if (value->GetAsBoolean(&show_value))
       show->set_show_user_names(show_value);
     else
       NOTREACHED();
   } else if (prop == kSignedDataRoamingEnabled) {
-    em::DataRoamingEnabledProto* roam = pol.mutable_data_roaming_enabled();
+    em::DataRoamingEnabledProto* roam =
+        device_settings_.mutable_data_roaming_enabled();
     bool roaming_value = false;
     if (value->GetAsBoolean(&roaming_value))
       roam->set_data_roaming_enabled(roaming_value);
     else
       NOTREACHED();
     ApplyRoamingSetting(roaming_value);
   } else if (prop == kSettingProxyEverywhere) {
     // TODO(cmasone): NOTIMPLEMENTED() once http://crosbug.com/13052 is fixed.
     std::string proxy_value;
     if (value->GetAsString(&proxy_value)) {
       bool success =
-          pol.mutable_device_proxy_settings()->ParseFromString(proxy_value);
+          device_settings_.mutable_device_proxy_settings()->ParseFromString(
+              proxy_value);
       DCHECK(success);
     } else {
       NOTREACHED();
     }
   } else if (prop == kReleaseChannel) {
-    em::ReleaseChannelProto* release_channel = pol.mutable_release_channel();
+    em::ReleaseChannelProto* release_channel =
+        device_settings_.mutable_release_channel();
     std::string channel_value;
     if (value->GetAsString(&channel_value))
       release_channel->set_release_channel(channel_value);
     else
       NOTREACHED();
   } else if (prop == kStatsReportingPref) {
-    em::MetricsEnabledProto* metrics = pol.mutable_metrics_enabled();
+    em::MetricsEnabledProto* metrics =
+        device_settings_.mutable_metrics_enabled();
     bool metrics_value = false;
     if (value->GetAsBoolean(&metrics_value))
       metrics->set_metrics_enabled(metrics_value);
     else
       NOTREACHED();
     ApplyMetricsSetting(false, metrics_value);
   } else if (prop == kAccountsPrefUsers) {
-    em::UserWhitelistProto* whitelist_proto = pol.mutable_user_whitelist();
+    em::UserWhitelistProto* whitelist_proto =
+        device_settings_.mutable_user_whitelist();
     whitelist_proto->clear_user_whitelist();
     base::ListValue& users = static_cast<base::ListValue&>(*value);
     for (base::ListValue::const_iterator i = users.begin();
          i != users.end(); ++i) {
       std::string email;
       if ((*i)->GetAsString(&email))
         whitelist_proto->add_user_whitelist(email.c_str());
     }
   } else if (prop == kAccountsPrefEphemeralUsersEnabled) {
     em::EphemeralUsersEnabledProto* ephemeral_users_enabled =
-        pol.mutable_ephemeral_users_enabled();
+        device_settings_.mutable_ephemeral_users_enabled();
     bool ephemeral_users_enabled_value = false;
-    if (value->GetAsBoolean(&ephemeral_users_enabled_value))
+    if (value->GetAsBoolean(&ephemeral_users_enabled_value)) {
       ephemeral_users_enabled->set_ephemeral_users_enabled(
           ephemeral_users_enabled_value);
-    else
+    } else {
       NOTREACHED();
+    }
   } else {
     // The remaining settings don't support Set(), since they are not
     // intended to be customizable by the user:
     //   kAppPack
+    //   kDeviceOwner
     //   kIdleLogoutTimeout
     //   kIdleLogoutWarningDuration
     //   kReleaseChannelDelegated
     //   kReportDeviceVersionInfo
     //   kReportDeviceActivityTimes
     //   kReportDeviceBootMode
     //   kReportDeviceLocation
     //   kScreenSaverExtensionId
     //   kScreenSaverTimeout
     //   kStartUpUrls
 
-    NOTREACHED();
+    LOG(FATAL) << "Device setting " << prop << " is read-only.";
   }
-  data.set_policy_value(pol.SerializeAsString());
+
+  em::PolicyData data;
+  data.set_username(device_settings_service_->GetUsername());
+  CHECK(device_settings_.SerializeToString(data.mutable_policy_value()));
+
   // Set the cache to the updated value.
-  policy_ = data;
-  UpdateValuesCache();
+  UpdateValuesCache(data, device_settings_);
 
   if (!signed_settings_cache::Store(data, g_browser_process->local_state()))
     LOG(ERROR) << "Couldn't store to the temp storage.";
 
-  if (ownership_status_ == OwnershipService::OWNERSHIP_TAKEN) {
-    em::PolicyFetchResponse policy_envelope;
-    policy_envelope.set_policy_data(policy_.SerializeAsString());
-    signed_settings_helper_->StartStorePolicyOp(
-        policy_envelope,
-        base::Bind(&DeviceSettingsProvider::OnStorePolicyCompleted,
-                   base::Unretained(this)));
+  if (ownership_status_ == DeviceSettingsService::OWNERSHIP_TAKEN) {
+    StoreDeviceSettings();
   } else {
     // OnStorePolicyCompleted won't get called in this case so proceed with any
     // pending operations immediately.
-    delete pending_changes_[0].second;
-    pending_changes_.erase(pending_changes_.begin());
     if (!pending_changes_.empty())
       SetInPolicy();
   }
 }
 
-void DeviceSettingsProvider::FinishSetInPolicy(
-    SignedSettings::ReturnCode code,
-    const em::PolicyFetchResponse& policy) {
-  if (code != SignedSettings::SUCCESS) {
-    LOG(ERROR) << "Can't serialize to policy error code: " << code;
-    Reload();
-    return;
-  }
-  // Update the internal caches and set the trusted flag to true so that we
-  // can pass the trustedness check in the second call to SetInPolicy.
-  OnRetrievePolicyCompleted(code, policy);
-
-  SetInPolicy();
-}
-
 void DeviceSettingsProvider::DecodeLoginPolicies(
     const em::ChromeDeviceSettingsProto& policy,
     PrefValueMap* new_values_cache) const {
   // For all our boolean settings the following is applicable:
   // true is default permissive value and false is safe prohibitive value.
   // Exceptions:
   //   kSignedDataRoamingEnabled has a default value of false.
   //   kAccountsPrefEphemeralUsersEnabled has a default value of false.
   if (policy.has_allow_new_users() &&
       policy.allow_new_users().has_allow_new_users() &&
@@ skipping 167 matching lines @@
                                 policy.release_channel().release_channel());
   }
 
   new_values_cache->SetBoolean(
       kReleaseChannelDelegated,
       policy.has_release_channel() &&
       policy.release_channel().has_release_channel_delegated() &&
       policy.release_channel().release_channel_delegated());
 }
 
-void DeviceSettingsProvider::UpdateValuesCache() {
-  const em::PolicyData data = policy();
+void DeviceSettingsProvider::UpdateValuesCache(
+    const em::PolicyData& policy_data,
+    const em::ChromeDeviceSettingsProto& settings) {
   PrefValueMap new_values_cache;
 
-  if (data.has_username() && !data.has_request_token())
-    new_values_cache.SetString(kDeviceOwner, data.username());
+  if (policy_data.has_username() && !policy_data.has_request_token())
+    new_values_cache.SetString(kDeviceOwner, policy_data.username());
 
-  em::ChromeDeviceSettingsProto pol;
-  pol.ParseFromString(data.policy_value());
-
-  DecodeLoginPolicies(pol, &new_values_cache);
-  DecodeKioskPolicies(pol, &new_values_cache);
-  DecodeNetworkPolicies(pol, &new_values_cache);
-  DecodeReportingPolicies(pol, &new_values_cache);
-  DecodeGenericPolicies(pol, &new_values_cache);
+  DecodeLoginPolicies(settings, &new_values_cache);
+  DecodeKioskPolicies(settings, &new_values_cache);
+  DecodeNetworkPolicies(settings, &new_values_cache);
+  DecodeReportingPolicies(settings, &new_values_cache);
+  DecodeGenericPolicies(settings, &new_values_cache);
 
   // Collect all notifications but send them only after we have swapped the
   // cache so that if somebody actually reads the cache will be already valid.
   std::vector<std::string> notifications;
   // Go through the new values and verify in the old ones.
   PrefValueMap::iterator iter = new_values_cache.begin();
   for (; iter != new_values_cache.end(); ++iter) {
     const base::Value* old_value;
     if (!values_cache_.GetValue(iter->first, &old_value) ||
         !old_value->Equals(iter->second)) {
@@ skipping 41 matching lines @@
     if (!device_value && cros->IsCellularAlwaysInRoaming()) {
       // If operator requires roaming always enabled, ignore supplied value
       // and set data roaming allowed in true always.
       cros->SetCellularDataRoamingAllowed(true);
     } else if (device_value != new_value) {
       cros->SetCellularDataRoamingAllowed(new_value);
     }
   }
 }
 
-void DeviceSettingsProvider::ApplySideEffects() const {
-  const em::PolicyData data = policy();
-  em::ChromeDeviceSettingsProto pol;
-  pol.ParseFromString(data.policy_value());
+void DeviceSettingsProvider::ApplySideEffects(
+    const em::ChromeDeviceSettingsProto& settings) const {
   // First migrate metrics settings as needed.
-  if (pol.has_metrics_enabled())
-    ApplyMetricsSetting(false, pol.metrics_enabled().metrics_enabled());
+  if (settings.has_metrics_enabled())
+    ApplyMetricsSetting(false, settings.metrics_enabled().metrics_enabled());
   else
     ApplyMetricsSetting(true, false);
+
   // Next set the roaming setting as needed.
-  ApplyRoamingSetting(pol.has_data_roaming_enabled() ?
-      pol.data_roaming_enabled().data_roaming_enabled() : false);
+  ApplyRoamingSetting(
+      settings.has_data_roaming_enabled() ?
+          settings.data_roaming_enabled().data_roaming_enabled() :
+          false);
 }
 
 bool DeviceSettingsProvider::MitigateMissingPolicy() {
   // First check if the device has been owned already and if not exit
   // immediately.
   if (g_browser_process->browser_policy_connector()->GetDeviceMode() !=
-      policy::DEVICE_MODE_CONSUMER) {
+          policy::DEVICE_MODE_CONSUMER) {
     return false;
   }
 
   // If we are here the policy file were corrupted or missing. This can happen
   // because we are migrating Pre R11 device to the new secure policies or there
   // was an attempt to circumvent policy system. In this case we should populate
   // the policy cache with "safe-mode" defaults which should allow the owner to
   // log in but lock the device for anyone else until the policy blob has been
   // recreated by the session manager.
   LOG(ERROR) << "Corruption of the policy data has been detected."
              << "Switching to \"safe-mode\" policies until the owner logs in "
              << "to regenerate the policy data.";
   values_cache_.SetBoolean(kAccountsPrefAllowNewUser, true);
   values_cache_.SetBoolean(kAccountsPrefAllowGuest, true);
   values_cache_.SetBoolean(kPolicyMissingMitigationMode, true);
   trusted_status_ = TRUSTED;
   // Make sure we will recreate the policy once the owner logs in.
   // Any value not in this list will be left to the default which is fine as
   // we repopulate the whitelist with the owner and all other existing users
   // every time the owner enables whitelist filtering on the UI.
-  migration_helper_->AddMigrationValue(
-      kAccountsPrefAllowNewUser, base::Value::CreateBooleanValue(true));
+  migration_helper_->AddMigrationValue(kAccountsPrefAllowNewUser,
+                                       base::Value::CreateBooleanValue(true));
   migration_helper_->MigrateValues();
   return true;
 }
 
 const base::Value* DeviceSettingsProvider::Get(const std::string& path) const {
   if (IsControlledSetting(path)) {
     const base::Value* value;
     if (values_cache_.GetValue(path, &value))
       return value;
   } else {
@@ skipping 10 matching lines @@
     callbacks_.push_back(cb);
   return status;
 }
 
 bool DeviceSettingsProvider::HandlesSetting(const std::string& path) const {
   return IsControlledSetting(path);
 }
 
 DeviceSettingsProvider::TrustedStatus
     DeviceSettingsProvider::RequestTrustedEntity() {
-  if (ownership_status_ == OwnershipService::OWNERSHIP_NONE)
+  if (ownership_status_ == DeviceSettingsService::OWNERSHIP_NONE)
     return TRUSTED;
   return trusted_status_;
 }
 
-void DeviceSettingsProvider::OnStorePolicyCompleted(
-    SignedSettings::ReturnCode code) {
-  // In any case reload the policy cache to now.
-  if (code != SignedSettings::SUCCESS)
-    Reload();
-  else
-    trusted_status_ = TRUSTED;
+void DeviceSettingsProvider::OnStorePolicyCompleted() {
+  // Re-sync the cache from the service.
+  UpdateFromService();
 
-  // Clear the finished task and proceed with any other stores that could be
-  // pending by now.
-  delete pending_changes_[0].second;
-  pending_changes_.erase(pending_changes_.begin());
-  if (!pending_changes_.empty())
-    SetInPolicy();
+  // If the backend is in healthy state, trigger the next change.
+  if (trusted_status_ == TRUSTED) {
+    if (!pending_changes_.empty())
+      SetInPolicy();
+  }
 }
 
-void DeviceSettingsProvider::OnRetrievePolicyCompleted(
-    SignedSettings::ReturnCode code,
-    const em::PolicyFetchResponse& policy_data) {
-  VLOG(1) << "OnRetrievePolicyCompleted. Error code: " << code
-          << ", trusted status : " << trusted_status_
-          << ", ownership status : " << ownership_status_;
-  switch (code) {
-    case SignedSettings::SUCCESS: {
-      DCHECK(policy_data.has_policy_data());
-      policy_.ParseFromString(policy_data.policy_data());
-      signed_settings_cache::Store(policy(),
-                                   g_browser_process->local_state());
-      UpdateValuesCache();
-      trusted_status_ = TRUSTED;
-      // TODO(pastarmovj): Make those side effects responsibility of the
-      // respective subsystems.
-      ApplySideEffects();
+bool DeviceSettingsProvider::UpdateFromService() {
+  bool settings_loaded = false;
+  switch (device_settings_service_->status()) {
+    case DeviceSettingsService::STORE_SUCCESS: {
+      const em::PolicyData* policy_data =
+          device_settings_service_->policy_data();
+      const em::ChromeDeviceSettingsProto* device_settings =
+          device_settings_service_->device_settings();
+      if (policy_data && device_settings) {
+        UpdateValuesCache(*policy_data, *device_settings);
+        trusted_status_ = TRUSTED;
+
+        // TODO(pastarmovj): Make those side effects responsibility of the
+        // respective subsystems.
+        ApplySideEffects(*device_settings);
+
+        settings_loaded = true;
+      } else {
+        // Initial policy load is still pending.
+        trusted_status_ = TEMPORARILY_UNTRUSTED;
+      }
       break;
     }
-    case SignedSettings::NOT_FOUND:
+    case DeviceSettingsService::STORE_NO_POLICY:
       if (MitigateMissingPolicy())
         break;
-    case SignedSettings::KEY_UNAVAILABLE: {
-      if (ownership_status_ != OwnershipService::OWNERSHIP_TAKEN)
-        NOTREACHED() << "No policies present yet, will use the temp storage.";
+      // fall through.
+    case DeviceSettingsService::STORE_KEY_UNAVAILABLE:
+      VLOG(1) << "No policies present yet, will use the temp storage.";
       trusted_status_ = PERMANENTLY_UNTRUSTED;
       break;
-    }
-    case SignedSettings::BAD_SIGNATURE:
-    case SignedSettings::OPERATION_FAILED: {
-      LOG(ERROR) << "Failed to retrieve cros policies. Reason:" << code;
-      if (retries_left_ > 0) {
-        trusted_status_ = TEMPORARILY_UNTRUSTED;
-        retries_left_ -= 1;
-        Reload();
-        return;
-      }
-      LOG(ERROR) << "No retries left";
+    case DeviceSettingsService::STORE_POLICY_ERROR:
+    case DeviceSettingsService::STORE_VALIDATION_ERROR:
+    case DeviceSettingsService::STORE_INVALID_POLICY:
+    case DeviceSettingsService::STORE_OPERATION_FAILED:
+      LOG(ERROR) << "Failed to retrieve cros policies. Reason:"
+                 << device_settings_service_->status();
       trusted_status_ = PERMANENTLY_UNTRUSTED;
       break;
-    }
   }
+
   // Notify the observers we are done.
   std::vector<base::Closure> callbacks;
   callbacks.swap(callbacks_);
   for (size_t i = 0; i < callbacks.size(); ++i)
     callbacks[i].Run();
+
+  return settings_loaded;
+}
+
+void DeviceSettingsProvider::StoreDeviceSettings() {
+  // Mute all previous callbacks to guarantee the |pending_changes_| queue is
+  // processed serially.
+  store_callback_factory_.InvalidateWeakPtrs();
+
+  device_settings_service_->SignAndStore(
+      scoped_ptr<em::ChromeDeviceSettingsProto>(
+          new em::ChromeDeviceSettingsProto(device_settings_)),
+      base::Bind(&DeviceSettingsProvider::OnStorePolicyCompleted,
+                 store_callback_factory_.GetWeakPtr()));
 }
 
 }  // namespace chromeos