Update FWMP in TPM

chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h"
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/strings/string_number_conversions.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
 #include "chromeos/chromeos_switches.h"
+#include "chromeos/dbus/cryptohome/rpc.pb.h"
+#include "chromeos/dbus/cryptohome_client.h"
+#include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/system/statistics_provider.h"
 #include "components/policy/core/common/cloud/device_management_service.h"
 #include "net/url_request/url_request_context_getter.h"
 
 namespace chromeos {
 
 namespace {
 
 // Maximum time to wait before forcing a decision.  Note that download time for
 // state key buckets can be non-negligible, especially on 2G connections.
@@ skipping 101 matching lines @@
   } else if (command_line_mode == kForcedReEnrollmentNever) {
     return MODE_NONE;
   }
 
   LOG(FATAL) << "Unknown auto-enrollment mode " << command_line_mode;
   return MODE_NONE;
 }
 
 AutoEnrollmentController::AutoEnrollmentController()
     : state_(policy::AUTO_ENROLLMENT_STATE_IDLE),
-      safeguard_timer_(false, false),
-      client_start_weak_factory_(this) {}
+      safeguard_timer_(false, false) {}

[Thiemo Nagel, 2017/03/29 16:09:40]

Nit: For consistency, I'd suggest to move the other two initializations inside
the class definition as well.

[igorcov, 2017/03/29 16:35:03]

Done.

 
 AutoEnrollmentController::~AutoEnrollmentController() {}
 
 void AutoEnrollmentController::Start() {
   // This method is called at the point in the OOBE/login flow at which the
   // auto-enrollment check can start. This happens either after the EULA is
   // accepted, or right after a reboot if the EULA has already been accepted.
 
   // Skip if GAIA is disabled or modulus configuration is not present.
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
@@ skipping 22 matching lines @@
     return;
   }
 
   // If a client is being created or already existing, bail out.
   if (client_start_weak_factory_.HasWeakPtrs() || client_) {
     LOG(ERROR) << "Auto-enrollment client is already running.";
     return;
   }
 
   // Arm the belts-and-suspenders timer to avoid hangs.
-  safeguard_timer_.Start(
-      FROM_HERE, base::TimeDelta::FromSeconds(kSafeguardTimeoutSeconds),
-      base::Bind(&AutoEnrollmentController::Timeout, base::Unretained(this)));
+  safeguard_timer_.Start(FROM_HERE,
+                         base::TimeDelta::FromSeconds(kSafeguardTimeoutSeconds),
+                         base::Bind(&AutoEnrollmentController::Timeout,
+                                    weak_ptr_factory_.GetWeakPtr()));
 
   // Start by checking if the device has already been owned.
   UpdateState(policy::AUTO_ENROLLMENT_STATE_PENDING);
   DeviceSettingsService::Get()->GetOwnershipStatusAsync(
       base::Bind(&AutoEnrollmentController::OnOwnershipStatusCheckDone,
                  client_start_weak_factory_.GetWeakPtr()));
 }
 
 void AutoEnrollmentController::Cancel() {
   if (client_) {
@@ skipping 68 matching lines @@
   int power_initial = GetSanitizedArg(
       chromeos::switches::kEnterpriseEnrollmentInitialModulus);
   int power_limit = GetSanitizedArg(
       chromeos::switches::kEnterpriseEnrollmentModulusLimit);
   if (power_initial > power_limit) {
     LOG(ERROR) << "Initial auto-enrollment modulus is larger than the limit, "
                   "clamping to the limit.";
     power_initial = power_limit;
   }
 
-  client_.reset(new policy::AutoEnrollmentClient(
+  client_ = base::MakeUnique<policy::AutoEnrollmentClient>(
       base::Bind(&AutoEnrollmentController::UpdateState,
-                 base::Unretained(this)),
-      service,
-      g_browser_process->local_state(),
-      g_browser_process->system_request_context(),
-      state_keys.front(),
-      power_initial,
-      power_limit));
+                 weak_ptr_factory_.GetWeakPtr()),
+      service, g_browser_process->local_state(),
+      g_browser_process->system_request_context(), state_keys.front(),
+      power_initial, power_limit);
 
   VLOG(1) << "Starting auto-enrollment client.";
   client_->Start();
 }
 
 void AutoEnrollmentController::UpdateState(
     policy::AutoEnrollmentState new_state) {
   VLOG(1) << "New auto-enrollment state: " << new_state;
   state_ = new_state;
 
   // Stop the safeguard timer once a result comes in.
   switch (state_) {
     case policy::AUTO_ENROLLMENT_STATE_IDLE:
     case policy::AUTO_ENROLLMENT_STATE_PENDING:
       break;
     case policy::AUTO_ENROLLMENT_STATE_CONNECTION_ERROR:
     case policy::AUTO_ENROLLMENT_STATE_SERVER_ERROR:
     case policy::AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT:
     case policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT:
       safeguard_timer_.Stop();
       break;
   }
 
+  if (state_ == policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT) {
+    StartRemoveFirmwareManagementParameters();
+  } else {
+    progress_callbacks_.Notify(state_);
+  }
+}
+
+void AutoEnrollmentController::StartRemoveFirmwareManagementParameters() {
+  DCHECK_EQ(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT, state_);
+
+  cryptohome::RemoveFirmwareManagementParametersRequest request;
+  chromeos::DBusThreadManager::Get()
+      ->GetCryptohomeClient()
+      ->RemoveFirmwareManagementParametersFromTpm(
+          request,
+          base::Bind(
+              &AutoEnrollmentController::OnFirmwareManagementParametersRemoved,
+              weak_ptr_factory_.GetWeakPtr()));
+}
+
+void AutoEnrollmentController::OnFirmwareManagementParametersRemoved(
+    chromeos::DBusMethodCallStatus call_status,
+    bool result,
+    const cryptohome::BaseReply& reply) {
+  if (!result) {
+    LOG(ERROR) << "Failed to remove firmware management parameters, error: "
+               << reply.error();
+  }
+
   progress_callbacks_.Notify(state_);
 }
 
 void AutoEnrollmentController::Timeout() {
   // TODO(mnissler): Add UMA to track results of auto-enrollment checks.
   if (client_start_weak_factory_.HasWeakPtrs() &&
       fre_requirement_ != EXPLICITLY_REQUIRED) {
     // If the callbacks to check ownership status or state keys are still
     // pending, there's a bug in the code running on the device. No use in
     // retrying anything, need to fix that bug.
     LOG(ERROR) << "Failed to start auto-enrollment check, fix the code!";
     UpdateState(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT);
   } else {
     // This can actually happen in some cases, for example when state key
     // generation is waiting for time sync or the server just doesn't reply and
     // keeps the connection open.
     LOG(ERROR) << "AutoEnrollmentClient didn't complete within time limit.";
     UpdateState(policy::AUTO_ENROLLMENT_STATE_CONNECTION_ERROR);
   }
 
   // Reset state.
   Cancel();
 }
 
 }  // namespace chromeos