Improve CloudPolicyClient doc.

components/policy/core/common/cloud/cloud_policy_client.h

Index: components/policy/core/common/cloud/cloud_policy_client.h
diff --git a/components/policy/core/common/cloud/cloud_policy_client.h b/components/policy/core/common/cloud/cloud_policy_client.h
index d2e3f8775256a9297ce8dfa6522cd9f0c9c77bf0..97bf89f89d26382de3b4542095454d29f0e6e788 100644
--- a/components/policy/core/common/cloud/cloud_policy_client.h
+++ b/components/policy/core/common/cloud/cloud_policy_client.h
@@ -80,11 +80,13 @@ class POLICY_EXPORT CloudPolicyClient {
     virtual void OnClientError(CloudPolicyClient* client) = 0;
   };
 
-  // |service| and |signing_service| are weak pointers and it's the caller's
-  // responsibility to keep them valid for the lifetime of CloudPolicyClient.
-  // |verification_key_hash| contains an identifier telling the DMServer which
-  // verification key to use. The |signing_service| is used to sign sensitive
-  // requests.
+  // |machine_id| and |machine_model| must only be provided for device
+  // policy. (Pass empty strings for user policy to prevent leaking machine
+  // details.) |service| and |signing_service| are weak pointers and it's the

[Mattias Nissler (ping if slow), 2016/09/27 13:48:45]

nit: This suggests that bad the code will not work if machine_id or
machine_model are passed for user policy, which is not true. Maybe soften to
something like this:

If non-empty, |machine_id| and |machine_model| are passed to the server
verbatimly. Note that these reveal machine identity to the server, so should
only be used where this is appropriate (i.e. device policy, but not user
policy).

+  // caller's responsibility to keep them valid for the lifetime of
+  // CloudPolicyClient.  |verification_key_hash| contains an identifier telling
+  // the DMServer which verification key to use. The |signing_service| is used
+  // to sign sensitive requests.
   CloudPolicyClient(
       const std::string& machine_id,
       const std::string& machine_model,