Expose signing key from cloud policy stores

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h
index 71f860eff9975daab85bb524a67aa619558afc64..6d17c8d3372977f2dede32b5dc7c95e1973b44aa 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h
@@ -101,9 +101,14 @@ class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase {
   const AccountId account_id_;
   base::FilePath user_policy_key_dir_;
 
-  bool policy_key_loaded_;
-  base::FilePath policy_key_path_;
-  std::string policy_key_;
+  // The current key used to verify signatures of policy. This value is loaded
+  // from the key cache file (which is owned and kept up to date by the Chrome
+  // OS session manager). This is, generally, different from
+  // |policy_signature_public_key_|, which always corresponds to the currently
+  // effective policy.
+  std::string cached_policy_key_;
+  bool cached_policy_key_loaded_ = false;
+  base::FilePath cached_policy_key_path_;
 
   base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_;