Force encryption migration if the device supports ARC.

chrome/browser/chromeos/login/existing_user_controller.cc

Index: chrome/browser/chromeos/login/existing_user_controller.cc
diff --git a/chrome/browser/chromeos/login/existing_user_controller.cc b/chrome/browser/chromeos/login/existing_user_controller.cc
index d25f7964c364043a492513dda06be0e52c3dea2b..6710895f8a659136e1983628c08aa55ddaab12c1 100644
--- a/chrome/browser/chromeos/login/existing_user_controller.cc
+++ b/chrome/browser/chromeos/login/existing_user_controller.cc
@@ -58,6 +58,7 @@
 #include "chromeos/dbus/power_manager_client.h"
 #include "chromeos/dbus/session_manager_client.h"
 #include "chromeos/settings/cros_settings_names.h"
+#include "components/arc/arc_util.h"
 #include "components/google/core/browser/google_util.h"
 #include "components/policy/core/common/cloud/cloud_policy_core.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
@@ -177,6 +178,12 @@ void RecordPasswordChangeFlow(LoginPasswordChangeFlow flow) {
                             LOGIN_PASSWORD_CHANGE_FLOW_COUNT);
 }
 
+bool ShouldForceDircrypto() {
+  return base::CommandLine::ForCurrentProcess()->HasSwitch(
+             chromeos::switches::kEnableEncryptionMigration) &&
+         arc::IsArcAvailable();
+}
+
 }  // namespace
 
 // static
@@ -461,8 +468,13 @@ void ExistingUserController::PerformLogin(
       user_manager::kSupervisedUserDomain) {
     login_performer_->LoginAsSupervisedUser(user_context);
   } else {
-    login_performer_->PerformLogin(user_context, auth_mode);
-    RecordPasswordLoginEvent(user_context);
+    // If a regular user log in to a device which supports ARC, we should make
+    // sure that the user's cryptohome is encrypted in ext4 dircrypto to run the
+    // latest Android runtime.
+    UserContext new_user_context = user_context;
+    new_user_context.SetIsForcingDircrypto(ShouldForceDircrypto());
+    login_performer_->PerformLogin(new_user_context, auth_mode);
+    RecordPasswordLoginEvent(new_user_context);
   }
   SendAccessibilityAlert(
       l10n_util::GetStringUTF8(IDS_CHROMEOS_ACC_LOGIN_SIGNING_IN));
@@ -607,6 +619,7 @@ void ExistingUserController::ShowEncryptionMigrationScreen(
           host_->GetWizardController()->current_screen());
   DCHECK(migration_screen);
   migration_screen->SetUserContext(user_context);
+  migration_screen->SetLoginPerformer(login_performer_.get());

[fukino, 2017/04/05 15:59:56]

I'm not sure if we can keep adding state to the migration screen...

If there is a better way for the migration screen to let the user perform login,
could you guide me?

[xiyuan, 2017/04/05 21:15:11]

I am fine with adding new state. But let's not passing |login_performer_| out
directly. Instead, wrap PerformLogin into a callback and pass that callback.

It might be better to add this to ExistingUserController so that LoginPerformer
does not need to worry about that. 

e.g.

void ExistingUserController::ContinuePerformLogin(const UserContext&
user_context, LoginPerformer::AuthorizationMode auth_mode) {
  login_performer_->PerformLogin(user_context, auth_mode);
}

and here we can do

  migration_screen->SetContinueLoginCallback(
    base::BindOnce(&ExistingUserController::ContinuePerformLogin,
                   weak_factory_.GetWeakPtr()));

And run this callback when we need to continue login.

[fukino, 2017/04/06 14:22:16]

Done.
I updated it to pass the callback to screen handler instead of LoginPerformer.

 }
 
 void ExistingUserController::ShowTPMError() {