Abandon user sign in when policy is retrieved before session started

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h"
 
 #include <stddef.h>
 #include <utility>
 
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
 #include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/sequenced_task_runner.h"
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/chromeos/policy/user_policy_token_loader.h"
+#include "chrome/browser/lifetime/application_lifetime.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/cryptohome_client.h"
-#include "chromeos/dbus/session_manager_client.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "components/policy/proto/cloud_policy.pb.h"
 #include "components/policy/proto/device_management_local.pb.h"
 #include "google_apis/gaia/gaia_auth_util.h"
 
 namespace em = enterprise_management;
 
 namespace policy {
 
 namespace {
@@ skipping 67 matching lines @@
 
 void UserCloudPolicyStoreChromeOS::LoadImmediately() {
   // This blocking D-Bus call is in the startup path and will block the UI
   // thread. This only happens when the Profile is created synchronously, which
   // on Chrome OS happens whenever the browser is restarted into the same
   // session. That happens when the browser crashes, or right after signin if
   // the user has flags configured in about:flags.
   // However, on those paths we must load policy synchronously so that the
   // Profile initialization never sees unmanaged prefs, which would lead to
   // data loss. http://crbug.com/263061
-  std::string policy_blob =
+  std::string policy_blob;
+  RetrievePolicyResponseType response_type =
       session_manager_client_->BlockingRetrievePolicyForUser(
-          cryptohome::Identification(account_id_));
+          cryptohome::Identification(account_id_), &policy_blob);
+
+  if (response_type == RetrievePolicyResponseType::SESSION_DOES_NOT_EXIST) {
+    LOG(ERROR)
+        << "Session manager claims that session doesn't exist; signing out";
+    chrome::AttemptUserExit();
+    return;
+  }
+
   if (policy_blob.empty()) {
-    // The session manager doesn't have policy, or the call failed.
+    // The session manager doesn't have policy.

[emaxx, 2017/04/24 16:37:50]

nit: Please restore the original comment, given that the condition is now
changed back.

[igorcov, 2017/04/25 09:18:41]

Done.

     NotifyStoreLoaded();
     return;
   }
 
   std::unique_ptr<em::PolicyFetchResponse> policy(
       new em::PolicyFetchResponse());
   if (!policy->ParseFromString(policy_blob)) {
     status_ = STATUS_PARSE_ERROR;
     NotifyStoreError();
     return;
@@ skipping 80 matching lines @@
   } else {
     // Load the policy right after storing it, to make sure it was accepted by
     // the session manager. An additional validation is performed after the
     // load; reload the key for that validation too, in case it was rotated.
     ReloadPolicyKey(base::Bind(&UserCloudPolicyStoreChromeOS::Load,
                                weak_factory_.GetWeakPtr()));
   }
 }
 
 void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
-    const std::string& policy_blob) {
+    const std::string& policy_blob,
+    RetrievePolicyResponseType response_type) {
+  // Disallow the sign in when the Chrome OS user session has not started, which
+  // should always happen before the profile construction. An attempt to read
+  // the policy outside the session will always fail and return an empty policy
+  // blob.
+  if (response_type == RetrievePolicyResponseType::SESSION_DOES_NOT_EXIST) {
+    LOG(ERROR)
+        << "Session manager claims that session doesn't exist; signing out";
+    chrome::AttemptUserExit();
+    return;
+  }
+
   if (policy_blob.empty()) {
     // session_manager doesn't have policy. Adjust internal state and notify
     // the world about the policy update.
     policy_map_.Clear();
     policy_.reset();
     policy_signature_public_key_.clear();
     NotifyStoreLoaded();
     return;
   }
 
@@ skipping 147 matching lines @@
     validator->ValidateUsername(account_id_.GetUserEmail(), true);
     // The policy loaded from session manager need not be validated using the
     // verification key since it is secure, and since there may be legacy policy
     // data that was stored without a verification key.
     validator->ValidateSignature(cached_policy_key_);
   }
   return validator;
 }
 
 }  // namespace policy