Setup Chromad user policy plumbing

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_
 
 #include <memory>
 #include <string>
 #include <vector>
@@ skipping 12 matching lines @@
 class SequencedTaskRunner;
 }
 
 namespace chromeos {
 class CryptohomeClient;
 class SessionManagerClient;
 }
 
 namespace policy {
 
-// Implements a cloud policy store backed by the Chrome OS' session_manager,
-// which takes care of persisting policy to disk and is accessed via DBus calls
+// Implements a policy store backed by the Chrome OS' session_manager, which
+// takes care of persisting policy to disk and is accessed via DBus calls
 // through SessionManagerClient.
+// TODO(tnagel): Rename class to reflect that it can store Active Directory
+// policy as well. Also think about whether it would make more sense to keep
+// cloud and AD policy stores separate and to extract the common functionality
+// somewhere else.
 class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase {
  public:
+  // Policy validation is relaxed when |is_active_directory| is set, most
+  // notably signature validation is disabled.  It is essential that this flag
+  // is only set when install attributes are locked into Active Directory mode.
   UserCloudPolicyStoreChromeOS(
       chromeos::CryptohomeClient* cryptohome_client,
       chromeos::SessionManagerClient* session_manager_client,
       scoped_refptr<base::SequencedTaskRunner> background_task_runner,
       const AccountId& account_id,
-      const base::FilePath& user_policy_key_dir);
+      const base::FilePath& user_policy_key_dir,
+      bool is_active_directory);
   ~UserCloudPolicyStoreChromeOS() override;
 
   // CloudPolicyStore:
   void Store(const enterprise_management::PolicyFetchResponse& policy) override;
   void Load() override;
 
   // Loads the policy synchronously on the current thread.
   void LoadImmediately();
 
  private:
@@ skipping 39 matching lines @@
                               chromeos::DBusMethodCallStatus call_status,
                               const std::string& sanitized_username);
 
   std::unique_ptr<UserCloudPolicyValidator> CreateValidatorForLoad(
       std::unique_ptr<enterprise_management::PolicyFetchResponse> policy);
 
   chromeos::CryptohomeClient* cryptohome_client_;
   chromeos::SessionManagerClient* session_manager_client_;
   const AccountId account_id_;
   base::FilePath user_policy_key_dir_;
+  bool is_active_directory_;
 
   // The current key used to verify signatures of policy. This value is loaded
   // from the key cache file (which is owned and kept up to date by the Chrome
   // OS session manager). This is, generally, different from
   // |policy_signature_public_key_|, which always corresponds to the currently
   // effective policy.
   std::string cached_policy_key_;
   bool cached_policy_key_loaded_ = false;
   base::FilePath cached_policy_key_path_;
 
   base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_;
 
   DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS);
 };
 
 }  // namespace policy
 
 #endif  // CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_