Add DeviceADPolicyManager to provide AD policy.

chrome/browser/chromeos/settings/device_settings_service.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
 #define CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_
 
 #include <deque>
 #include <memory>
 #include <string>
 #include <vector>
 
 #include "base/callback.h"
 #include "base/compiler_specific.h"
 #include "base/macros.h"
 #include "base/memory/linked_ptr.h"
 #include "base/memory/ref_counted.h"
 #include "base/observer_list.h"
 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "components/ownership/owner_settings_service.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "components/policy/core/common/cloud/cloud_policy_validator.h"
 #include "components/policy/proto/device_management_backend.pb.h"
 #include "crypto/scoped_nss_types.h"
 
 namespace crypto {
 class RSAPrivateKey;
 }
 
 namespace ownership {
 class OwnerKeyUtil;
 class PublicKey;
 }
 
 namespace chromeos {
 
 class SessionManagerOperation;
 
-// Deals with the low-level interface to Chromium OS device settings. Device
+// Deals with the low-level interface to Chrome OS device settings. Device
 // settings are stored in a protobuf that's protected by a cryptographic
 // signature generated by a key in the device owner's possession. Key and
 // settings are brokered by the session_manager daemon.
 //
 // The purpose of DeviceSettingsService is to keep track of the current key and
 // settings blob. For reading and writing device settings, use CrosSettings
 // instead, which provides a high-level interface that allows for manipulation
 // of individual settings.
 //
 // DeviceSettingsService generates notifications for key and policy update
@@ skipping 20 matching lines @@
     STORE_INVALID_POLICY,        // Invalid settings blob.
     STORE_VALIDATION_ERROR,      // Unrecoverable policy validation failure.
     STORE_TEMP_VALIDATION_ERROR, // Temporary policy validation failure.
   };
 
   // Observer interface.
   class Observer {
    public:
     virtual ~Observer();
 
-    // Indicates device ownership status changes.
+    // Indicates device ownership status changes.  Not called for the transition

[emaxx, 2016/11/11 15:25:09]

Is this special behavior for the AD case really necessary?
Can't there be a client code that would really want to observe status changes in
the AD case too?

[Thiemo Nagel, 2016/11/16 19:11:01]

I agree that this isn't pretty.  Fixed.

+    // to Active Directory management.
     virtual void OwnershipStatusChanged();
 
     // Gets call after updates to the device settings.
     virtual void DeviceSettingsUpdated();
 
     virtual void OnDeviceSettingsServiceShutdown();
   };
 
   // Manage singleton instance.
   static void Initialize();
   static bool IsInitialized();
   static void Shutdown();
   static DeviceSettingsService* Get();
 
   // Creates a device settings service instance. This is meant for unit tests,
   // production code uses the singleton returned by Get() above.
   DeviceSettingsService();
   ~DeviceSettingsService() override;
 
-  // To be called on startup once threads are initialized and DBus is ready.
+  // To be called on startup once threads are initialized and D-Bus is ready.
   void SetSessionManager(SessionManagerClient* session_manager_client,
                          scoped_refptr<ownership::OwnerKeyUtil> owner_key_util);
 
   // Prevents the service from making further calls to session_manager_client
   // and stops any pending operations.
   void UnsetSessionManager();
 
+  // Value must have been read and verified through InstallAttributes.
+  void SetDeviceMode(policy::DeviceMode device_mode);
+
   const enterprise_management::PolicyData* policy_data() {
     return policy_data_.get();
   }
 
   // Returns the currently active device settings. Returns nullptr if the device
   // settings have not been retrieved from session_manager yet.
   const enterprise_management::ChromeDeviceSettingsProto*
       device_settings() const {
     return device_settings_.get();
   }
 
   // Returns the currently used owner key.
   scoped_refptr<ownership::PublicKey> GetPublicKey();
 
   // Returns the status generated by the last operation.
-  Status status() {
-    return store_status_;
-  }
+  Status status() { return store_status_; }
 
   // Triggers an attempt to pull the public half of the owner key from disk and
   // load the device settings.
   void Load();
 
   // Stores a policy blob to session_manager. The result of the operation is
   // reported through |callback|. If successful, the updated device settings are
   // present in policy_data() and device_settings() when the callback runs.
   void Store(std::unique_ptr<enterprise_management::PolicyFetchResponse> policy,
              const base::Closure& callback);
@@ skipping 57 matching lines @@
 
   // Updates status, policy data and owner key from a finished operation.
   // Starts the next pending operation if available.
   void HandleCompletedOperation(const base::Closure& callback,
                                 SessionManagerOperation* operation,
                                 Status status);
 
   // Updates status and invokes the callback immediately.
   void HandleError(Status status, const base::Closure& callback);
 
+  void RunPendingOwnershipStatusCallbacks();
+
   SessionManagerClient* session_manager_client_;
   scoped_refptr<ownership::OwnerKeyUtil> owner_key_util_;
 
   Status store_status_;
 
   std::vector<OwnershipStatusCallback> pending_ownership_status_callbacks_;
 
   std::string username_;
   scoped_refptr<ownership::PublicKey> public_key_;
   base::WeakPtr<ownership::OwnerSettingsService> owner_settings_service_;
 
   std::unique_ptr<enterprise_management::PolicyData> policy_data_;
   std::unique_ptr<enterprise_management::ChromeDeviceSettingsProto>
       device_settings_;
 
+  policy::DeviceMode device_mode_;
+
   // The queue of pending operations. The first operation on the queue is
   // currently active; it gets removed and destroyed once it completes.
   std::deque<linked_ptr<SessionManagerOperation>> pending_operations_;
 
   base::ObserverList<Observer> observers_;
 
   // For recoverable load errors how many retries are left before we give up.
   int load_retries_left_;
 
   base::WeakPtrFactory<DeviceSettingsService> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(DeviceSettingsService);
 };
 
 // Helper class for tests. Initializes the DeviceSettingsService singleton on
 // construction and tears it down again on destruction.
 class ScopedTestDeviceSettingsService {
  public:
   ScopedTestDeviceSettingsService();
   ~ScopedTestDeviceSettingsService();
 
  private:
   DISALLOW_COPY_AND_ASSIGN(ScopedTestDeviceSettingsService);
 };
 
 }  // namespace chromeos
 
 #endif  // CHROME_BROWSER_CHROMEOS_SETTINGS_DEVICE_SETTINGS_SERVICE_H_