Send policy blobs to session_manager

chrome/browser/policy/cloud_policy_cache_base.h

Index: chrome/browser/policy/cloud_policy_cache_base.h
diff --git a/chrome/browser/policy/cloud_policy_cache_base.h b/chrome/browser/policy/cloud_policy_cache_base.h
new file mode 100644
index 0000000000000000000000000000000000000000..294b1a99717e8d70ad7e390c124b44210d8509d4
--- /dev/null
+++ b/chrome/browser/policy/cloud_policy_cache_base.h
@@ -0,0 +1,111 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
+#define CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_
+
+#include "base/gtest_prod_util.h"
+#include "base/observer_list.h"
+#include "base/scoped_ptr.h"
+#include "base/threading/non_thread_safe.h"
+#include "base/time.h"
+#include "chrome/browser/policy/configuration_policy_provider.h"
+#include "chrome/browser/policy/policy_map.h"
+#include "chrome/browser/policy/proto/device_management_backend.pb.h"
+
+namespace policy {
+
+class PolicyMap;
+
+namespace em = enterprise_management;
+
+// Caches policy information, as set by calls to |SetPolicy()|, persists
+// it to disk or session_manager (depending on subclass implementation),
+// and makes it available via policy providers.
+class CloudPolicyCacheBase : public base::NonThreadSafe {
+ public:
+  // Used to distinguish mandatory from recommended policies.
+  enum PolicyLevel {
+    // Policy is forced upon the user and should always take effect.
+    POLICY_LEVEL_MANDATORY,
+    // The value is just a recommendation that the user may override.
+    POLICY_LEVEL_RECOMMENDED,
+  };
+
+  CloudPolicyCacheBase();
+  virtual ~CloudPolicyCacheBase();
+
+  // Loads persisted policy information.
+  virtual void Load() = 0;
+
+  // Resets the policy information.
+  virtual void SetPolicy(const em::PolicyFetchResponse& policy) = 0;
+
+  ConfigurationPolicyProvider* GetManagedPolicyProvider();
+  ConfigurationPolicyProvider* GetRecommendedPolicyProvider();
+
+  virtual void SetUnmanaged() = 0;

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

Why is the setter virtual and getter not? Should we maybe move the is_unmanaged_
into the subclasses?

[Jakob Kummerow, 2011/03/28 13:53:53]

Because what the setter needs to do depends on the subclass, whereas the
getter's behavior does not. I don't see an easy way around it. I managed to make
|is_unmanaged_| private, though.

+  bool is_unmanaged() const {
+    return is_unmanaged_;
+  }
+
+  // Returns the time at which the policy was last fetched.
+  base::Time last_policy_refresh_time() const {
+    return last_policy_refresh_time_;
+  }
+
+ protected:
+  // Decodes the given |policy| using |DecodePolicyResponse()|, applies the
+  // contents to |{mandatory,recommended}_policy_|, and notifies observers.
+  // Returns true upon success.
+  bool SetPolicyInternal(const em::PolicyFetchResponse& policy);
+
+  // Decodes |policy_data|, populating |mandatory| and |recommended| with
+  // the results.
+  virtual bool DecodePolicyData(const em::PolicyData& policy_data,
+                                PolicyMap* mandatory,
+                                PolicyMap* recommended) = 0;
+
+  // Decodes a PolicyFetchResponse into two PolicyMaps and a timestamp.
+  // Also performs verification, returns NULL if any check fails.
+  bool DecodePolicyResponse(
+      const em::PolicyFetchResponse& policy_response,
+      PolicyMap* mandatory,
+      PolicyMap* recommended,
+      base::Time* timestamp);
+
+  // Policy key-value information.
+  PolicyMap mandatory_policy_;
+  PolicyMap recommended_policy_;

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

Does this need to be protected?

[Jakob Kummerow, 2011/03/28 13:53:53]

Done -- managed to make it private.

+
+  // Whether initialization has been completed. This is the case when we have
+  // valid policy, learned that the device is unmanaged or ran into
+  // unrecoverable errors.
+  bool initialization_complete_;

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

Same question here?

[Jakob Kummerow, 2011/03/28 13:53:53]

UserPolicyCache needs to read it. I made the member private (style guide says
so) and provided a protected getter.

+
+  // Whether the the server has indicated this device is unmanaged.
+  bool is_unmanaged_;
+
+  // The time at which the policy was last refreshed.
+  base::Time last_policy_refresh_time_;

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

And here?

[Jakob Kummerow, 2011/03/28 13:53:53]

Currently, both when this field is set and to which value is dependent on the
subclass. I made the member private and provided a protected setter.

+
+  // Provider observers that are registered with this cache's providers.
+  ObserverList<ConfigurationPolicyProvider::Observer, true> observer_list_;

[Mattias Nissler (ping if slow), 2011/03/24 18:55:57]

And here?

[Jakob Kummerow, 2011/03/28 13:53:53]

Done -- managed to make it private.

+
+ private:
+  class CloudPolicyProvider;
+
+  friend class DevicePolicyCacheTest;
+  friend class UserPolicyCacheTest;
+
+  // Policy providers.
+  scoped_ptr<ConfigurationPolicyProvider> managed_policy_provider_;
+  scoped_ptr<ConfigurationPolicyProvider> recommended_policy_provider_;
+
+  DISALLOW_COPY_AND_ASSIGN(CloudPolicyCacheBase);
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_POLICY_CLOUD_POLICY_CACHE_BASE_H_