kiosk: Fix kiosk session restart

chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/users/chrome_user_manager_impl.h"
 
 #include <stddef.h>
 #include <cstddef>
 #include <set>
 #include <utility>
@@ skipping 20 matching lines @@
 #include "chrome/browser/chromeos/login/signin/auth_sync_observer.h"
 #include "chrome/browser/chromeos/login/signin/auth_sync_observer_factory.h"
 #include "chrome/browser/chromeos/login/users/affiliation.h"
 #include "chrome/browser/chromeos/login/users/avatar/user_image_manager_impl.h"
 #include "chrome/browser/chromeos/login/users/chrome_user_manager_util.h"
 #include "chrome/browser/chromeos/login/users/default_user_image/default_user_images.h"
 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h"
 #include "chrome/browser/chromeos/login/users/supervised_user_manager_impl.h"
 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
-#include "chrome/browser/chromeos/policy/device_local_account.h"
 #include "chrome/browser/chromeos/profiles/multiprofiles_session_aborted_dialog.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/session_length_limiter.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/system/timezone_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/easy_unlock_service.h"
 #include "chrome/browser/supervised_user/chromeos/manager_password_service_factory.h"
 #include "chrome/browser/supervised_user/chromeos/supervised_user_password_service_factory.h"
 #include "chrome/common/chrome_constants.h"
@@ skipping 28 matching lines @@
 
 using content::BrowserThread;
 
 namespace chromeos {
 namespace {
 
 // A vector pref of the the regular users known on this device, arranged in LRU
 // order.
 const char kRegularUsers[] = "LoggedInUsers";
 
-// A vector pref of the public accounts defined on this device.
-const char kPublicAccounts[] = "PublicAccounts";
+// A vector pref of the device local accounts defined on this device.
+const char kDeviceLocalAccounts[] = "PublicAccounts";
 
 // Key for list of users that should be reported.
 const char kReportingUsers[] = "reporting_users";
 
 // A string pref that gets set when a public account is removed but a user is

[bartfab (slow), 2016/04/12 15:08:13]

Nit: s/public/device local/

[xiyuan, 2016/04/12 16:22:51]

Done.

 // currently logged into that account, requiring the account's data to be
 // removed after logout.
-const char kPublicAccountPendingDataRemoval[] =
+const char kDeviceLocalAccountPendingDataRemoval[] =
     "PublicAccountPendingDataRemoval";
 
 bool FakeOwnership() {
   return base::CommandLine::ForCurrentProcess()->HasSwitch(
       switches::kStubCrosSettings);
 }
 
 std::string FullyCanonicalize(const std::string& email) {
   return gaia::CanonicalizeEmail(gaia::SanitizeEmail(email));
 }
 
 // Callback that is called after user removal is complete.
 void OnRemoveUserComplete(const AccountId& account_id,
                           bool success,
                           cryptohome::MountError return_code) {
   // Log the error, but there's not much we can do.
   if (!success) {
     LOG(ERROR) << "Removal of cryptohome for " << account_id.Serialize()
                << " failed, return code: " << return_code;
   }
 }
 
 // Runs on SequencedWorkerPool thread. Passes resolved locale to UI thread.
 void ResolveLocale(const std::string& raw_locale,
                    std::string* resolved_locale) {
   ignore_result(l10n_util::CheckAndResolveLocale(raw_locale, resolved_locale));
 }
 
+bool IsDeviceLocalAccountUser(const user_manager::User* user) {

[bartfab (slow), 2016/04/12 15:08:13]

This should be a getter on User, where it can be implemented in
DeviceLocalAccountUserBase.

[xiyuan, 2016/04/12 16:22:51]

Done.

+  return user->GetType() == user_manager::USER_TYPE_PUBLIC_ACCOUNT ||
+         user->GetType() == user_manager::USER_TYPE_KIOSK_APP;
+}
+
 }  // namespace
 
 // static
 void ChromeUserManagerImpl::RegisterPrefs(PrefRegistrySimple* registry) {
   ChromeUserManager::RegisterPrefs(registry);
 
-  registry->RegisterListPref(kPublicAccounts);
-  registry->RegisterStringPref(kPublicAccountPendingDataRemoval, std::string());
+  registry->RegisterListPref(kDeviceLocalAccounts);
+  registry->RegisterStringPref(kDeviceLocalAccountPendingDataRemoval,
+                               std::string());
   registry->RegisterListPref(kReportingUsers);
 
   SupervisedUserManager::RegisterPrefs(registry);
   SessionLengthLimiter::RegisterPrefs(registry);
   BootstrapManager::RegisterPrefs(registry);
 }
 
 // static
 scoped_ptr<ChromeUserManager> ChromeUserManagerImpl::CreateChromeUserManager() {
   return scoped_ptr<ChromeUserManager>(new ChromeUserManagerImpl());
@@ skipping 412 matching lines @@
     user_manager::User::OAuthTokenStatus status) const {
   GetUserFlow(account_id)->HandleOAuthTokenStatusChange(status);
 }
 
 bool ChromeUserManagerImpl::IsEnterpriseManaged() const {
   policy::BrowserPolicyConnectorChromeOS* connector =
       g_browser_process->platform_part()->browser_policy_connector_chromeos();
   return connector->IsEnterpriseManaged();
 }
 
-void ChromeUserManagerImpl::LoadPublicAccounts(
-    std::set<AccountId>* public_sessions_set) {
-  const base::ListValue* prefs_public_sessions =
-      GetLocalState()->GetList(kPublicAccounts);
-  std::vector<AccountId> public_sessions;
-  ParseUserList(*prefs_public_sessions, std::set<AccountId>(), &public_sessions,
-                public_sessions_set);
-  for (const AccountId& account_id : public_sessions) {
-    users_.push_back(user_manager::User::CreatePublicAccountUser(account_id));
-    UpdatePublicAccountDisplayName(account_id.GetUserEmail());
+void ChromeUserManagerImpl::LoadDeviceLocalAccounts(
+    std::set<AccountId>* device_local_accounts_set) {
+  const base::ListValue* prefs_device_local_accounts =
+      GetLocalState()->GetList(kDeviceLocalAccounts);
+  std::vector<AccountId> device_local_accounts;
+  ParseUserList(*prefs_device_local_accounts, std::set<AccountId>(),
+                &device_local_accounts, device_local_accounts_set);
+  for (const AccountId& account_id : device_local_accounts) {
+    policy::DeviceLocalAccount::Type type;
+    if (!policy::IsDeviceLocalAccountUser(account_id.GetUserEmail(), &type)) {
+      NOTREACHED();
+      continue;
+    }
+
+    users_.push_back(CreateUserFromDeviceLocalAccount(account_id, type));
+    if (type == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION)
+      UpdatePublicAccountDisplayName(account_id.GetUserEmail());
   }
 }
 
 void ChromeUserManagerImpl::PerformPreUserListLoadingActions() {
   // Clean up user list first. All code down the path should be synchronous,
   // so that local state after transaction rollback is in consistent state.
   // This process also should not trigger EnsureUsersLoaded again.
   if (supervised_user_manager_->HasFailedUserCreationTransaction())
     supervised_user_manager_->RollbackUserCreationTransaction();
 
@@ skipping 14 matching lines @@
   // Initialize the session length limiter and start it only if
   // session limit is defined by the policy.
   session_length_limiter_.reset(
       new SessionLengthLimiter(NULL, browser_restart));
 }
 
 bool ChromeUserManagerImpl::IsDemoApp(const AccountId& account_id) const {
   return DemoAppLauncher::IsDemoAppSession(account_id);
 }
 
-bool ChromeUserManagerImpl::IsKioskApp(const AccountId& account_id) const {
-  policy::DeviceLocalAccount::Type device_local_account_type;
-  return policy::IsDeviceLocalAccountUser(account_id.GetUserEmail(),
-                                          &device_local_account_type) &&
-         device_local_account_type ==
-             policy::DeviceLocalAccount::TYPE_KIOSK_APP;
-}
-
 bool ChromeUserManagerImpl::IsPublicAccountMarkedForRemoval(
     const AccountId& account_id) const {
   return account_id == AccountId::FromUserEmail(GetLocalState()->GetString(
-                           kPublicAccountPendingDataRemoval));
+                           kDeviceLocalAccountPendingDataRemoval));
 }
 
 void ChromeUserManagerImpl::RetrieveTrustedDevicePolicies() {
   // Local state may not be initialized in unit_tests.
   if (!GetLocalState())
     return;
 
   SetEphemeralUsersEnabled(false);
   SetOwnerId(EmptyAccountId());
 
   // Schedule a callback if device policy has not yet been verified.
   if (CrosSettingsProvider::TRUSTED !=
       cros_settings_->PrepareTrustedValues(
           base::Bind(&ChromeUserManagerImpl::RetrieveTrustedDevicePolicies,
                      weak_factory_.GetWeakPtr()))) {
     return;
   }
 
   bool ephemeral_users_enabled = false;
   cros_settings_->GetBoolean(kAccountsPrefEphemeralUsersEnabled,
                              &ephemeral_users_enabled);
   SetEphemeralUsersEnabled(ephemeral_users_enabled);
 
   std::string owner_email;
   cros_settings_->GetString(kDeviceOwner, &owner_email);
   SetOwnerId(AccountId::FromUserEmail(owner_email));
 
   EnsureUsersLoaded();
 
-  bool changed = UpdateAndCleanUpPublicAccounts(
+  bool changed = UpdateAndCleanUpDeviceLocalAccounts(
       policy::GetDeviceLocalAccounts(cros_settings_));
 
   // If ephemeral users are enabled and we are on the login screen, take this
   // opportunity to clean up by removing all regular users except the owner.
   if (GetEphemeralUsersEnabled() && !IsUserLoggedIn()) {
     ListPrefUpdate prefs_users_update(GetLocalState(), kRegularUsers);
     prefs_users_update->Clear();
     for (user_manager::UserList::iterator it = users_.begin();
          it != users_.end();) {
       const AccountId account_id = (*it)->GetAccountId();
@@ skipping 115 matching lines @@
   SetIsCurrentUserNew(true);
   active_user_ = user;
 
   // The UserImageManager chooses a random avatar picture when a user logs in
   // for the first time. Tell the UserImageManager that this user is not new to
   // prevent the avatar from getting changed.
   GetUserImageManager(user->GetAccountId())->UserLoggedIn(false, true);
   WallpaperManager::Get()->EnsureLoggedInUserWallpaperLoaded();
 }
 
-void ChromeUserManagerImpl::KioskAppLoggedIn(
-    const AccountId& kiosk_app_account_id) {
+void ChromeUserManagerImpl::KioskAppLoggedIn(user_manager::User* user) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
-  policy::DeviceLocalAccount::Type device_local_account_type;
-  DCHECK(policy::IsDeviceLocalAccountUser(kiosk_app_account_id.GetUserEmail(),
-                                          &device_local_account_type));
-  DCHECK_EQ(policy::DeviceLocalAccount::TYPE_KIOSK_APP,
-            device_local_account_type);
 
-  active_user_ = user_manager::User::CreateKioskAppUser(kiosk_app_account_id);
+  active_user_ = user;
   active_user_->SetStubImage(
       user_manager::UserImage(
           *ResourceBundle::GetSharedInstance().GetImageSkiaNamed(
               IDR_PROFILE_PICTURE_LOADING)),
       user_manager::User::USER_IMAGE_INVALID,
       false);
 
+  const AccountId& kiosk_app_account_id = user->GetAccountId();
   WallpaperManager::Get()->SetUserWallpaperNow(kiosk_app_account_id);
 
   // TODO(bartfab): Add KioskAppUsers to the users_ list and keep metadata like
   // the kiosk_app_id in these objects, removing the need to re-parse the
   // device-local account list here to extract the kiosk_app_id.
   const std::vector<policy::DeviceLocalAccount> device_local_accounts =
       policy::GetDeviceLocalAccounts(cros_settings_);
   const policy::DeviceLocalAccount* account = NULL;
   for (std::vector<policy::DeviceLocalAccount>::const_iterator it =
            device_local_accounts.begin();
        it != device_local_accounts.end();
        ++it) {
     if (it->user_id == kiosk_app_account_id.GetUserEmail()) {
       account = &*it;
       break;
     }
   }
-  std::string kiosk_app_name;
+  std::string kiosk_app_id;
   if (account) {
-    kiosk_app_name = account->kiosk_app_id;
+    kiosk_app_id = account->kiosk_app_id;
   } else {
     LOG(ERROR) << "Logged into nonexistent kiosk-app account: "
                << kiosk_app_account_id.GetUserEmail();
     NOTREACHED();
   }
 
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
   command_line->AppendSwitch(::switches::kForceAppMode);
-  command_line->AppendSwitchASCII(::switches::kAppId, kiosk_app_name);
+  command_line->AppendSwitchASCII(::switches::kAppId, kiosk_app_id);
 
   // Disable window animation since kiosk app runs in a single full screen
   // window and window animation causes start-up janks.
   command_line->AppendSwitch(wm::switches::kWindowAnimationsDisabled);
 }
 
 void ChromeUserManagerImpl::DemoAccountLoggedIn() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   active_user_ = user_manager::User::CreateKioskAppUser(login::DemoAccountId());
   active_user_->SetStubImage(
@@ skipping 48 matching lines @@
   WallpaperManager::Get()->RemoveUserWallpaperInfo(account_id);
   GetUserImageManager(account_id)->DeleteUserImage();
 
   supervised_user_manager_->RemoveNonCryptohomeData(account_id.GetUserEmail());
 
   multi_profile_user_controller_->RemoveCachedValues(account_id.GetUserEmail());
 
   EasyUnlockService::ResetLocalStateForUser(account_id);
 }
 
-void
-ChromeUserManagerImpl::CleanUpPublicAccountNonCryptohomeDataPendingRemoval() {
+void ChromeUserManagerImpl::
+    CleanUpDeviceLocalAccountNonCryptohomeDataPendingRemoval() {
   PrefService* local_state = GetLocalState();
-  const std::string public_account_pending_data_removal =
-      local_state->GetString(kPublicAccountPendingDataRemoval);
-  if (public_account_pending_data_removal.empty() ||
+  const std::string device_local_account_pending_data_removal =
+      local_state->GetString(kDeviceLocalAccountPendingDataRemoval);
+  if (device_local_account_pending_data_removal.empty() ||
       (IsUserLoggedIn() &&
-       public_account_pending_data_removal == GetActiveUser()->email())) {
+       device_local_account_pending_data_removal == GetActiveUser()->email())) {
     return;
   }
 
   RemoveNonCryptohomeData(
-      AccountId::FromUserEmail(public_account_pending_data_removal));
-  local_state->ClearPref(kPublicAccountPendingDataRemoval);
+      AccountId::FromUserEmail(device_local_account_pending_data_removal));
+  local_state->ClearPref(kDeviceLocalAccountPendingDataRemoval);
 }
 
-void ChromeUserManagerImpl::CleanUpPublicAccountNonCryptohomeData(
+void ChromeUserManagerImpl::CleanUpDeviceLocalAccountNonCryptohomeData(
     const std::vector<std::string>& old_public_accounts) {
   std::set<std::string> users;
   for (user_manager::UserList::const_iterator it = users_.begin();
        it != users_.end();
        ++it)
     users.insert((*it)->email());
 
   // If the user is logged into a public account that has been removed from the

[bartfab (slow), 2016/04/12 15:08:13]

Nit: s/public/device local/

[xiyuan, 2016/04/12 16:22:51]

Done.

   // user list, mark the account's data as pending removal after logout.
   if (IsLoggedInAsPublicAccount()) {

[bartfab (slow), 2016/04/12 15:08:13]

This will need changing to catch all device-local accounts.

[xiyuan, 2016/04/12 16:22:51]

Done.

     const std::string active_user_id = GetActiveUser()->email();
     if (users.find(active_user_id) == users.end()) {
-      GetLocalState()->SetString(kPublicAccountPendingDataRemoval,
+      GetLocalState()->SetString(kDeviceLocalAccountPendingDataRemoval,
                                  active_user_id);
       users.insert(active_user_id);
     }
   }
 
   // Remove the data belonging to any other public accounts that are no longer
   // found on the user list.
   for (std::vector<std::string>::const_iterator it =
            old_public_accounts.begin();
        it != old_public_accounts.end();
        ++it) {
     if (users.find(*it) == users.end())
       RemoveNonCryptohomeData(AccountId::FromUserEmail(*it));
   }
 }
 
-bool ChromeUserManagerImpl::UpdateAndCleanUpPublicAccounts(
+bool ChromeUserManagerImpl::UpdateAndCleanUpDeviceLocalAccounts(
     const std::vector<policy::DeviceLocalAccount>& device_local_accounts) {
   // Try to remove any public account data marked as pending removal.

[bartfab (slow), 2016/04/12 15:08:13]

Nit: s/public/device local/

[xiyuan, 2016/04/12 16:22:51]

Done.

-  CleanUpPublicAccountNonCryptohomeDataPendingRemoval();
+  CleanUpDeviceLocalAccountNonCryptohomeDataPendingRemoval();
 
-  // Get the current list of public accounts.
-  std::vector<std::string> old_public_accounts;
-  for (user_manager::UserList::const_iterator it = users_.begin();
-       it != users_.end();
-       ++it) {
-    if ((*it)->GetType() == user_manager::USER_TYPE_PUBLIC_ACCOUNT)
-      old_public_accounts.push_back((*it)->email());
+  // Get the current list of device local accounts.
+  std::vector<std::string> old_accounts;
+  for (const auto& user : users_) {
+    if (IsDeviceLocalAccountUser(user))
+      old_accounts.push_back(user->email());
   }
 
-  // Get the new list of public accounts from policy.
-  std::vector<std::string> new_public_accounts;
-  for (std::vector<policy::DeviceLocalAccount>::const_iterator it =
-           device_local_accounts.begin();
-       it != device_local_accounts.end();
-       ++it) {
-    // TODO(mnissler, nkostylev, bartfab): Process Kiosk Apps within the
-    // standard login framework: http://crbug.com/234694
-    if (it->type == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION)
-      new_public_accounts.push_back(it->user_id);
-  }
-
-  // If the list of public accounts has not changed, return.
-  if (new_public_accounts.size() == old_public_accounts.size()) {
+  // If the list of device local accounts has not changed, return.
+  if (device_local_accounts.size() == old_accounts.size()) {
     bool changed = false;
-    for (size_t i = 0; i < new_public_accounts.size(); ++i) {
-      if (new_public_accounts[i] != old_public_accounts[i]) {
+    for (size_t i = 0; i < device_local_accounts.size(); ++i) {
+      if (device_local_accounts[i].user_id != old_accounts[i]) {
         changed = true;
         break;
       }
     }
     if (!changed)
       return false;
   }
 
-  // Persist the new list of public accounts in a pref.
-  ListPrefUpdate prefs_public_accounts_update(GetLocalState(), kPublicAccounts);
-  prefs_public_accounts_update->Clear();
-  for (std::vector<std::string>::const_iterator it =
-           new_public_accounts.begin();
-       it != new_public_accounts.end();
-       ++it) {
-    prefs_public_accounts_update->AppendString(*it);
-  }
+  // Persist the new list of device local accounts in a pref.
+  ListPrefUpdate prefs_device_local_accounts_update(GetLocalState(),
+                                                    kDeviceLocalAccounts);
+  prefs_device_local_accounts_update->Clear();
+  for (const auto& account : device_local_accounts)
+    prefs_device_local_accounts_update->AppendString(account.user_id);
 
-  // Remove the old public accounts from the user list.
+  // Remove the old device local accounts from the user list.
   for (user_manager::UserList::iterator it = users_.begin();
        it != users_.end();) {
-    if ((*it)->GetType() == user_manager::USER_TYPE_PUBLIC_ACCOUNT) {
+    if (IsDeviceLocalAccountUser(*it)) {
       if (*it != GetLoggedInUser())
         DeleteUser(*it);
       it = users_.erase(it);
     } else {
       ++it;
     }
   }
 
-  // Add the new public accounts to the front of the user list.
-  for (std::vector<std::string>::const_reverse_iterator it =
-           new_public_accounts.rbegin();
-       it != new_public_accounts.rend();
-       ++it) {
-    if (IsLoggedInAsPublicAccount() && *it == GetActiveUser()->email())
-      users_.insert(users_.begin(), GetLoggedInUser());
-    else
-      users_.insert(users_.begin(), user_manager::User::CreatePublicAccountUser(
-                                        AccountId::FromUserEmail(*it)));
-    UpdatePublicAccountDisplayName(*it);
+  // Add the new device local accounts to the front of the user list.
+  const bool is_device_local_account_session =
+      IsLoggedInAsPublicAccount() || IsLoggedInAsKioskApp();

[bartfab (slow), 2016/04/12 15:08:13]

It would be more future-proof to either create an
IsLoggedInAsDeviceLocalAccount() getter or use
IsDeviceLocalAccountUser(GetActiveUser()).

[xiyuan, 2016/04/12 16:22:51]

Done.

+  for (auto it = device_local_accounts.rbegin();
+       it != device_local_accounts.rend(); ++it) {
+    if (is_device_local_account_session &&
+        AccountId::FromUserEmail(it->user_id) ==
+            GetActiveUser()->GetAccountId()) {
+      users_.insert(users_.begin(), GetActiveUser());
+    } else {
+      users_.insert(users_.begin(),
+                    CreateUserFromDeviceLocalAccount(
+                        AccountId::FromUserEmail(it->user_id), it->type));
+    }
+    if (it->type == policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION) {
+      UpdatePublicAccountDisplayName(it->user_id);
+    }
   }
 
   for (user_manager::UserList::iterator
            ui = users_.begin(),
-           ue = users_.begin() + new_public_accounts.size();
-       ui != ue;
-       ++ui) {
+           ue = users_.begin() + device_local_accounts.size();
+       ui != ue; ++ui) {
     GetUserImageManager((*ui)->GetAccountId())->LoadUserImage();
   }
 
-  // Remove data belonging to public accounts that are no longer found on the
-  // user list.
-  CleanUpPublicAccountNonCryptohomeData(old_public_accounts);
+  // Remove data belonging to device local accounts that are no longer found on
+  // the user list.
+  CleanUpDeviceLocalAccountNonCryptohomeData(old_accounts);
 
   return true;
 }
 
 void ChromeUserManagerImpl::UpdatePublicAccountDisplayName(
     const std::string& user_id) {
   std::string display_name;
 
   if (device_local_account_policy_service_) {
     policy::DeviceLocalAccountPolicyBroker* broker =
@@ skipping 250 matching lines @@
       FROM_HERE,
       base::Bind(ResolveLocale, locale, base::Unretained(out_resolved_locale)),
       on_resolved_callback);
 }
 
 bool ChromeUserManagerImpl::IsValidDefaultUserImageId(int image_index) const {
   return image_index >= 0 &&
          image_index < chromeos::default_user_image::kDefaultImagesCount;
 }
 
+user_manager::User* ChromeUserManagerImpl::CreateUserFromDeviceLocalAccount(
+    const AccountId& account_id,
+    const policy::DeviceLocalAccount::Type type) const {
+  user_manager::User* user = nullptr;

[bartfab (slow), 2016/04/12 15:08:13]

Nit: Use a unique_ptr.

[xiyuan, 2016/04/12 16:22:51]

Done.

+  switch (type) {
+    case policy::DeviceLocalAccount::TYPE_PUBLIC_SESSION:
+      user = user_manager::User::CreatePublicAccountUser(account_id);
+      break;
+    case policy::DeviceLocalAccount::TYPE_KIOSK_APP:
+      user = user_manager::User::CreateKioskAppUser(account_id);
+      break;
+    default:
+      NOTREACHED();
+      break;
+  }
+
+  return user;
+}
+
 }  // namespace chromeos