Abandon user sign in when policy is retrieved before session started

chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc

Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
index f73ec0ceb7924b4cee34ba619a98db1525294b92..42a8b5f4e6d44f463472d3b20a4b5518209bb5e9 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc
@@ -19,9 +19,9 @@
 #include "base/stl_util.h"
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/chromeos/policy/user_policy_token_loader.h"
+#include "chrome/browser/lifetime/application_lifetime.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/cryptohome_client.h"
-#include "chromeos/dbus/session_manager_client.h"
 #include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "components/policy/proto/cloud_policy.pb.h"
 #include "components/policy/proto/device_management_local.pb.h"
@@ -109,10 +109,20 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() {
   // However, on those paths we must load policy synchronously so that the
   // Profile initialization never sees unmanaged prefs, which would lead to
   // data loss. http://crbug.com/263061
-  std::string policy_blob =
+  std::string policy_blob;
+  chromeos::SessionManagerClient::RetrievePolicyResponseType response_type =
       session_manager_client_->BlockingRetrievePolicyForUser(
-          cryptohome::Identification(account_id_));
-  if (policy_blob.empty()) {
+          cryptohome::Identification(account_id_), &policy_blob);
+
+  if (response_type == chromeos::SessionManagerClient::
+                           RetrievePolicyResponseType::SESSION_DOES_NOT_EXIST) {

[Daniel Erat, 2017/04/20 21:06:38]

if this is unexpected, can you at least do something like:

LOG(ERROR) << "Session manager claims that session doesn't exist; signing out";

here?

[igorcov, 2017/04/21 11:36:21]

Done.

+    chrome::AttemptUserExit();
+    return;
+  }
+
+  if (response_type ==
+          chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS &&
+      policy_blob.empty()) {
     // The session manager doesn't have policy, or the call failed.

[emaxx, 2017/04/21 00:01:52]

nit: Looks like the "or the call failed" part is not applicable anymore?

[igorcov, 2017/04/21 11:36:21]

Done.

     NotifyStoreLoaded();
     return;
@@ -120,7 +130,9 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() {
 
   std::unique_ptr<em::PolicyFetchResponse> policy(
       new em::PolicyFetchResponse());
-  if (!policy->ParseFromString(policy_blob)) {
+  if (response_type !=
+          chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS ||
+      !policy->ParseFromString(policy_blob)) {
     status_ = STATUS_PARSE_ERROR;

[emaxx, 2017/04/21 00:01:52]

The STATUS_PARSE_ERROR error is probably not the best match to the errors from
the session manager. I think STATUS_LOAD_ERROR would be more suitable (while
keeping STATUS_PARSE_ERROR only for ParseFromString failures).
(Same applies to OnPolicyRetrieved().)

[igorcov, 2017/04/21 11:36:21]

Done.

     NotifyStoreError();
     return;
@@ -214,8 +226,21 @@ void UserCloudPolicyStoreChromeOS::OnPolicyStored(bool success) {
 }
 
 void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
-    const std::string& policy_blob) {
-  if (policy_blob.empty()) {
+    const std::string& policy_blob,
+    chromeos::SessionManagerClient::RetrievePolicyResponseType response_type) {
+  // Disallow the sign in when the Chrome OS user session has not started, which
+  // should always happen before the profile construction. An attempt to read
+  // the policy outside the session will always fail and return an empty policy
+  // blob.
+  if (response_type == chromeos::SessionManagerClient::
+                           RetrievePolicyResponseType::SESSION_DOES_NOT_EXIST) {

[Daniel Erat, 2017/04/20 21:06:38]

same comment here about logging an error

[igorcov, 2017/04/21 11:36:21]

Done.

+    chrome::AttemptUserExit();
+    return;
+  }
+
+  if (policy_blob.empty() &&
+      response_type ==
+          chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS) {
     // session_manager doesn't have policy. Adjust internal state and notify
     // the world about the policy update.
     policy_map_.Clear();
@@ -227,7 +252,9 @@ void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved(
 
   std::unique_ptr<em::PolicyFetchResponse> policy(
       new em::PolicyFetchResponse());
-  if (!policy->ParseFromString(policy_blob)) {
+  if (response_type !=
+          chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS ||
+      !policy->ParseFromString(policy_blob)) {
     status_ = STATUS_PARSE_ERROR;
     NotifyStoreError();
     return;