Cache force-installed apps/extensions in device-local accounts

chrome/browser/chromeos/policy/device_local_account.h

Index: chrome/browser/chromeos/policy/device_local_account.h
diff --git a/chrome/browser/chromeos/policy/device_local_account.h b/chrome/browser/chromeos/policy/device_local_account.h
index ff8346186361a1d74cddd4049c01cd0a9384bd2c..d10b2286a354478faf6eb1d65a08b575fe71622f 100644
--- a/chrome/browser/chromeos/policy/device_local_account.h
+++ b/chrome/browser/chromeos/policy/device_local_account.h
@@ -32,6 +32,22 @@ struct DeviceLocalAccount {
   ~DeviceLocalAccount();
 
   Type type;
+  // A device-local account has two identifiers:
+  // * The |account_id| is chosen by the entity that defines the device-local
+  //   account. The only constraints are that the |account_id| be unique and,
+  //   for legacy reasons, it contain an @ symbol.
+  // * The |user_id| is a synthesized identifier that is guaranteed to be
+  //   unique, contain an @ symbol, not collide with the |user_id| of any other
+  //   user on the device (such as regular users or supervised users) and be
+  //   identifiable as belonging to a device-local account by.
+  // The |account_id| is primarily used by policy code: If device policy defines
+  // a device-local account with a certain |account_id|, the user policy for
+  // that account has to be fetched by referencing the same |account_id|.
+  // The |user_id| is passed to the chromeos::UserManager where it becomes part
+  // of the global user list on the device. The |account_id| would not be safe
+  // to use here as it is a free-form identifier that could conflict with
+  // another |user_id| on the device and cannot be easily identified as
+  // belonging to a device-local account.
   std::string account_id;
   std::string user_id;
   std::string kiosk_app_id;