Force encryption migration if the device supports ARC.

chrome/browser/chromeos/login/existing_user_controller.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/login/existing_user_controller.h"
 
 #include <memory>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 40 matching lines @@
 #include "chrome/browser/ui/webui/chromeos/login/l10n_util.h"
 #include "chrome/common/channel_info.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/url_constants.h"
 #include "chrome/grit/generated_resources.h"
 #include "chromeos/chromeos_switches.h"
 #include "chromeos/dbus/dbus_thread_manager.h"
 #include "chromeos/dbus/power_manager_client.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "chromeos/settings/cros_settings_names.h"
+#include "components/arc/arc_util.h"
 #include "components/google/core/browser/google_util.h"
 #include "components/policy/core/common/cloud/cloud_policy_core.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_service.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/policy_constants.h"
 #include "components/prefs/pref_service.h"
 #include "components/session_manager/core/session_manager.h"
 #include "components/signin/core/account_id/account_id.h"
@@ skipping 99 matching lines @@
          base::CommandLine::ForCurrentProcess()->HasSwitch(
              chromeos::switches::kLoginManager) &&
          !session_manager::SessionManager::Get()->IsSessionStarted();
 }
 
 void RecordPasswordChangeFlow(LoginPasswordChangeFlow flow) {
   UMA_HISTOGRAM_ENUMERATION("Login.PasswordChangeFlow", flow,
                             LOGIN_PASSWORD_CHANGE_FLOW_COUNT);
 }
 
+bool ShouldForceDircrypto() {
+  return base::CommandLine::ForCurrentProcess()->HasSwitch(
+             chromeos::switches::kEnableEncryptionMigration) &&
+         arc::IsArcAvailable();
+}
+
 }  // namespace
 
 // static
 ExistingUserController* ExistingUserController::current_controller_ = nullptr;
 
 ////////////////////////////////////////////////////////////////////////////////
 // ExistingUserController, public:
 
 ExistingUserController::ExistingUserController(LoginDisplayHost* host)
     : host_(host),
@@ skipping 264 matching lines @@
     PerformLoginFinishedActions(false /* don't start auto login timer */);
     ShowError(IDS_LOGIN_ERROR_GOOGLE_ACCOUNT_NOT_ALLOWED,
               "Google accounts are not allowed on this device");
     return;
   }
 
   if (gaia::ExtractDomainName(user_context.GetAccountId().GetUserEmail()) ==
       user_manager::kSupervisedUserDomain) {
     login_performer_->LoginAsSupervisedUser(user_context);
   } else {
-    login_performer_->PerformLogin(user_context, auth_mode);
-    RecordPasswordLoginEvent(user_context);
+    // If a regular user log in to a device which supports ARC, we should make
+    // sure that the user's cryptohome is encrypted in ext4 dircrypto to run the
+    // latest Android runtime.
+    UserContext new_user_context = user_context;
+    new_user_context.SetIsForcingDircrypto(ShouldForceDircrypto());
+    login_performer_->PerformLogin(new_user_context, auth_mode);
+    RecordPasswordLoginEvent(new_user_context);
   }
   SendAccessibilityAlert(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNING_IN));
 }
 
 void ExistingUserController::MigrateUserData(const std::string& old_password) {
   // LoginPerformer instance has state of the user so it should exist.
   if (login_performer_.get()) {
     VLOG(1) << "Migrate the existing cryptohome to new password.";
     login_performer_->RecoverEncryptedData(old_password);
@@ skipping 124 matching lines @@
 
 void ExistingUserController::ShowEncryptionMigrationScreen(
     const UserContext& user_context) {
   host_->StartWizard(OobeScreen::SCREEN_ENCRYPTION_MIGRATION);
 
   EncryptionMigrationScreen* migration_screen =
       static_cast<EncryptionMigrationScreen*>(
           host_->GetWizardController()->current_screen());
   DCHECK(migration_screen);
   migration_screen->SetUserContext(user_context);
+  migration_screen->SetLoginPerformer(login_performer_.get());

[fukino, 2017/04/05 15:59:56]

I'm not sure if we can keep adding state to the migration screen...

If there is a better way for the migration screen to let the user perform login,
could you guide me?

[xiyuan, 2017/04/05 21:15:11]

I am fine with adding new state. But let's not passing |login_performer_| out
directly. Instead, wrap PerformLogin into a callback and pass that callback.

It might be better to add this to ExistingUserController so that LoginPerformer
does not need to worry about that. 

e.g.

void ExistingUserController::ContinuePerformLogin(const UserContext&
user_context, LoginPerformer::AuthorizationMode auth_mode) {
  login_performer_->PerformLogin(user_context, auth_mode);
}

and here we can do

  migration_screen->SetContinueLoginCallback(
    base::BindOnce(&ExistingUserController::ContinuePerformLogin,
                   weak_factory_.GetWeakPtr()));

And run this callback when we need to continue login.

[fukino, 2017/04/06 14:22:16]

Done.
I updated it to pass the callback to screen handler instead of LoginPerformer.

 }
 
 void ExistingUserController::ShowTPMError() {
   login_display_->SetUIEnabled(false);
   login_display_->ShowErrorScreen(LoginDisplay::TPM_ERROR);
 }
 
 void ExistingUserController::ShowPasswordChangedDialog() {
   RecordPasswordChangeFlow(LOGIN_PASSWORD_CHANGE_FLOW_PASSWORD_CHANGED);
 
@@ skipping 790 matching lines @@
   login_display_->ShowUnrecoverableCrypthomeErrorDialog();
 }
 
 void ExistingUserController::ClearRecordedNames() {
   display_email_.clear();
   display_name_.clear();
   given_name_.clear();
 }
 
 }  // namespace chromeos