ash: Add SessionController/Client mojo interfaces

ash/public/interfaces/session_controller.mojom

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+module ash.mojom;
+
+import "skia/public/interfaces/bitmap.mojom";
+
+// Matches session_manager::SessionState.
+enum SessionState {
+  // Default value, when session state hasn't been initialized yet.
+  UNKNOWN,
+
+  // Running out of box UI.
+  OOBE,
+
+  // Running login UI (primary user) but user sign in hasn't completed yet.
+  LOGIN_PRIMARY,
+
+  // Running login UI (primary or secondary user), user sign in has been
+  // completed but login UI hasn't been hidden yet. This means that either
+  // some session initialization is happening or user has to go through some
+  // UI flow on the same login UI like select avatar, agree to terms of
+  // service etc.
+  LOGGED_IN_NOT_ACTIVE,
+
+  // A user(s) has logged in *and* login UI is hidden i.e. user session is
+  // not blocked.
+  ACTIVE,
+
+  // The session screen is locked.
+  LOCKED,
+
+  // Same as SESSION_STATE_LOGIN_PRIMARY but for multi-profiles sign in i.e.
+  // when there's at least one user already active in the session.
+  LOGIN_SECONDARY,
+};
+
+// Matches user_manager::UserType.
+enum UserType {
+  // Regular user, has a user name and password.
+  REGULAR,
+
+  // Guest user, logs in without authentication.
+  GUEST,
+
+  // Public account user, logs in without authentication. Available only if
+  // enabled through policy.
+  PUBLIC_ACCOUNT,
+
+  // Supervised user, logs in only with local authentication.
+  SUPERVISED,
+
+  // Kiosk app robot, logs in without authentication.
+  KIOSK,
+
+  // Child user, with supervised options.
+  CHILD,
+
+  // Android app in kiosk mode, logs in without authentication.
+  ARC_KIOSK,
+};
+
+// Info about a user session in ash.
+struct UserSession {
+  // A user session id for the user session. It is generated by session manager
+  // (chrome) when a user session starts and never changes during the lifetime
+  // of the session manager. The number starts at 1 for the first user session
+  // and incremented by one for each subsequent user session.
+  uint32 session_id;

[Tom Sepez, 2016/12/08 19:05:23]

Do we hand this out to less trustworthy clients than the browser?  If so, what
happens if they lie about this obviously guessable ID?

[xiyuan, 2016/12/08 19:26:20]

The info is passed from session manager code (chrome browser) to ash. Session
manager code does not take this from external sources as input. It generates the
it. Currently session manager code is not fully refactored and the id is
actually an index. But this can be changed later if needed.

Ash uses the id so that it can re-order the user session list when the active
user session is changed. Having a wrong id would cause that user session to be
skipped during the re-ordering, i.e. user will not be visible in user tray.

Did I answer your question?

+
+  UserType type;
+  string serialized_account_id;  // TODO(xiyuan): Use typemapping for AccountId.

[Tom Sepez, 2016/12/08 19:05:23]

same question here.

[xiyuan, 2016/12/08 19:26:20]

This is part of the user info inside a user session. It is passed from chrome to
ash. Ash uses it to switch to a user session (we probably can refactor to keep
only the session id.). Lying about it would cause ash unable to switch user
because the fake account id would not be recognized on session manager (chrome)
end, i.e. the user with fake account id will not be switched to.

+  string display_name;
+  string display_email;
+  skia.mojom.Bitmap avatar;
+};
+
+// Matches ash::AddUserSessionPolicy.
+enum AddUserSessionPolicy {
+  // Adding a user session is allowed.
+  ALLOWED,
+
+  // Disallowed due to primary user's policy.
+  ERROR_NOT_ALLOWED_PRIMARY_USER,
+
+  // Disallowed due to no eligible users.
+  ERROR_NO_ELIGIBLE_USERS,
+
+  // Disallowed due to reaching maximum supported user.
+  ERROR_MAXIMUM_USERS_REACHED,
+};
+
+// Info about an ash session.
+struct SessionInfo {
+  // Maximum possible number of logged in users in ash.
+  uint32 max_users;
+
+  // Whether the screen can be locked.
+  bool can_lock_screen;
+
+  // Whether the screen should be locked automatically before suspending.
+  bool should_lock_screen_automatically;
+
+  // Sets whether adding a user session to ash is allowed.
+  AddUserSessionPolicy add_user_session_policy;
+
+  // Current state of the ash session.
+  SessionState state;
+};
+
+// Interface for ash client (e.g. Chrome) to set session info for ash.
+interface SessionController {
+  // Sets the client interface.
+  SetClient(SessionControllerClient client);
+
+  // Sets the ash session info.
+  SetSessionInfo(SessionInfo info);
+
+  // Updates a user session. This is called when a user session is added or
+  // its meta data (e.g. name, avatar) is changed. There is no method to remove
+  // a user session because ash/chrome does not support that. All users are
+  // logged out at the same time.
+  UpdateUserSession(UserSession user_session);
+
+  // Sets the order of user sessions. The order is keyed by the session id.
+  // Currently, session manager set a LRU order with the first one being the
+  // active user session.
+  SetUserSessionOrder(array<uint32> user_session_ids);
+};
+
+// Interface for ash to request session service from its client (e.g. Chrome).
+interface SessionControllerClient {
+  // Requests to lock screen.
+  RequestLockScreen();
+
+  // Switch to the active user with |account_id| (if the user has already signed
+  // in).
+  SwitchActiveUser(string account_id);
+
+  // Switch the active user to the next or previous user.
+  CycleActiveUser(bool next_user);
+};