Add UMA for consistency between TPM and install attributes.

chrome/browser/chromeos/policy/enterprise_install_attributes.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_
 
 #include <map>
 #include <string>
 
 #include "base/basictypes.h"
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/files/file_path.h"
 #include "base/gtest_prod_util.h"
 #include "base/memory/weak_ptr.h"
 #include "chromeos/dbus/cryptohome_client.h"
 #include "chromeos/dbus/dbus_method_call_status.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 
 namespace policy {
 
 // Brokers access to the enterprise-related installation-time attributes on
 // ChromeOS.
 // TODO(zelidrag, mnissler): Rename + move this class - http://crbug.com/249513.
 class EnterpriseInstallAttributes {
  public:
+  enum LockState {
+    STATE_UNKNOWN = 0,     // A valid lock can't be confirmed.
+    STATE_NOT_LOCKED = 1,
+    STATE_LOCKING = 2,     // Lock attempt in process.
+    STATE_LOCKED = 3,      // Valid lock confirmed by attribute read.
+  };
+
   // EnterpriseInstallAttributes status codes.  Do not change the numeric ids or
   // the meaning of the existing codes to preserve the interpretability of old
   // logfiles.
   enum LockResult {
     LOCK_SUCCESS = 0,          // Success.
     LOCK_NOT_READY = 1,        // Backend/TPM still initializing.
     LOCK_TIMEOUT = 2,          // Backend/TPM timed out.
     LOCK_BACKEND_INVALID = 3,  // Backend failed to initialize.
     LOCK_ALREADY_LOCKED = 4,   // TPM has already been locked.
     LOCK_SET_ERROR = 5,        // Failed to set attributes.
     LOCK_FINALIZE_ERROR = 6,   // Backend failed to lock.
     LOCK_READBACK_ERROR = 7,   // Inconsistency reading back registration data.
     LOCK_WRONG_DOMAIN = 8,     // Device already registered to another domain.
     LOCK_WRONG_MODE = 9,       // Device already locked to a different mode.
   };
 
   // A callback to handle responses of methods returning a LockResult value.
   typedef base::Callback<void(LockResult lock_result)> LockResultCallback;
 
   // Return serialized InstallAttributes of an enterprise-owned configuration.
   static std::string GetEnterpriseOwnedInstallAttributesBlobForTesting(
       const std::string& user_name);
 
   explicit EnterpriseInstallAttributes(
       chromeos::CryptohomeClient* cryptohome_client);
   ~EnterpriseInstallAttributes();
 
-  // Reads data from the cache file which is created early during the boot
-  // process.  The cache file is used to work around slow cryptohome startup,
-  // which takes a while to register its DBus interface.  See
-  // http://crosbug.com/37367 for background on this.
+  // Tries to read install attributes from the cache file which is created early
+  // during the boot process to work around slow cryptohome startup, which takes

[Mattias Nissler (ping if slow), 2015/06/19 07:32:45]

nit: Your edit makes this sentence ambiguous. Now it sounds like the "early"
aspect of cache file creation works around slow cryptohome startup, whereas the
original meaning was that using a cache file in the first place is only
necessary to address the crypthome slowness.

[Thiemo Nagel, 2015/06/19 17:47:04]

Done.

+  // a while to register its DBus interface. (See http://crosbug.com/37367 for
+  // background on this.) May only be called once for initialization.
   void ReadCacheFile(const base::FilePath& cache_file);
 
   // Makes sure the local caches for enterprise-related install attributes are
   // up-to-date with what cryptohome has. This method checks the readiness of
   // attributes and read them if ready. Actual read will be performed in
   // ReadAttributesIfReady().
   void ReadImmutableAttributes(const base::Closure& callback);
 
   // Locks the device to be an enterprise device registered by the given user.
   // This can also be called after the lock has already been taken, in which
@@ skipping 20 matching lines @@
 
   // Gets the device id that was generated when the device was registered.
   // Returns an empty string if the device is not an enterprise device or the
   // device id was not stored in the lockbox (prior to R19).
   std::string GetDeviceId();
 
   // Gets the mode the device was enrolled to. The return value for devices that
   // are not locked yet will be DEVICE_MODE_UNKNOWN.
   DeviceMode GetMode();
 
+  void CheckConsistency();
+
  protected:
-  bool device_locked_;
+  LockState lock_state_;
   std::string registration_user_;
   std::string registration_domain_;
   std::string registration_device_id_;
   DeviceMode registration_mode_;
 
  private:
   FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest,
                            DeviceLockedFromOlderVersion);
   FRIEND_TEST_ALL_PREFIXES(EnterpriseInstallAttributesTest,
                            ReadCacheFile);
@@ skipping 40 matching lines @@
       DeviceMode device_mode,
       const std::string& device_id,
       const LockResultCallback& callback,
       chromeos::DBusMethodCallStatus call_status,
       bool result);
 
   // Confirms the registered user and invoke the callback.
   void OnReadImmutableAttributes(const std::string& user,
                                  const LockResultCallback& callback);
 
+  void CheckConsistencyAgainstTpmOwnershipState(
+      chromeos::DBusMethodCallStatus call_status,
+      bool result);
+
   chromeos::CryptohomeClient* cryptohome_client_;
 
   base::WeakPtrFactory<EnterpriseInstallAttributes> weak_ptr_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(EnterpriseInstallAttributes);
 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_ENTERPRISE_INSTALL_ATTRIBUTES_H_