Index: chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc |
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc |
index f73ec0ceb7924b4cee34ba619a98db1525294b92..42a8b5f4e6d44f463472d3b20a4b5518209bb5e9 100644 |
--- a/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc |
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.cc |
@@ -19,9 +19,9 @@ |
#include "base/stl_util.h" |
#include "base/strings/stringprintf.h" |
#include "chrome/browser/chromeos/policy/user_policy_token_loader.h" |
+#include "chrome/browser/lifetime/application_lifetime.h" |
#include "chromeos/cryptohome/cryptohome_parameters.h" |
#include "chromeos/dbus/cryptohome_client.h" |
-#include "chromeos/dbus/session_manager_client.h" |
#include "components/policy/core/common/cloud/cloud_policy_constants.h" |
#include "components/policy/proto/cloud_policy.pb.h" |
#include "components/policy/proto/device_management_local.pb.h" |
@@ -109,10 +109,20 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() { |
// However, on those paths we must load policy synchronously so that the |
// Profile initialization never sees unmanaged prefs, which would lead to |
// data loss. http://crbug.com/263061 |
- std::string policy_blob = |
+ std::string policy_blob; |
+ chromeos::SessionManagerClient::RetrievePolicyResponseType response_type = |
session_manager_client_->BlockingRetrievePolicyForUser( |
- cryptohome::Identification(account_id_)); |
- if (policy_blob.empty()) { |
+ cryptohome::Identification(account_id_), &policy_blob); |
+ |
+ if (response_type == chromeos::SessionManagerClient:: |
+ RetrievePolicyResponseType::SESSION_DOES_NOT_EXIST) { |
Daniel Erat
2017/04/20 21:06:38
if this is unexpected, can you at least do somethi
igorcov
2017/04/21 11:36:21
Done.
|
+ chrome::AttemptUserExit(); |
+ return; |
+ } |
+ |
+ if (response_type == |
+ chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS && |
+ policy_blob.empty()) { |
// The session manager doesn't have policy, or the call failed. |
emaxx
2017/04/21 00:01:52
nit: Looks like the "or the call failed" part is n
igorcov
2017/04/21 11:36:21
Done.
|
NotifyStoreLoaded(); |
return; |
@@ -120,7 +130,9 @@ void UserCloudPolicyStoreChromeOS::LoadImmediately() { |
std::unique_ptr<em::PolicyFetchResponse> policy( |
new em::PolicyFetchResponse()); |
- if (!policy->ParseFromString(policy_blob)) { |
+ if (response_type != |
+ chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS || |
+ !policy->ParseFromString(policy_blob)) { |
status_ = STATUS_PARSE_ERROR; |
emaxx
2017/04/21 00:01:52
The STATUS_PARSE_ERROR error is probably not the b
igorcov
2017/04/21 11:36:21
Done.
|
NotifyStoreError(); |
return; |
@@ -214,8 +226,21 @@ void UserCloudPolicyStoreChromeOS::OnPolicyStored(bool success) { |
} |
void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved( |
- const std::string& policy_blob) { |
- if (policy_blob.empty()) { |
+ const std::string& policy_blob, |
+ chromeos::SessionManagerClient::RetrievePolicyResponseType response_type) { |
+ // Disallow the sign in when the Chrome OS user session has not started, which |
+ // should always happen before the profile construction. An attempt to read |
+ // the policy outside the session will always fail and return an empty policy |
+ // blob. |
+ if (response_type == chromeos::SessionManagerClient:: |
+ RetrievePolicyResponseType::SESSION_DOES_NOT_EXIST) { |
Daniel Erat
2017/04/20 21:06:38
same comment here about logging an error
igorcov
2017/04/21 11:36:21
Done.
|
+ chrome::AttemptUserExit(); |
+ return; |
+ } |
+ |
+ if (policy_blob.empty() && |
+ response_type == |
+ chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS) { |
// session_manager doesn't have policy. Adjust internal state and notify |
// the world about the policy update. |
policy_map_.Clear(); |
@@ -227,7 +252,9 @@ void UserCloudPolicyStoreChromeOS::OnPolicyRetrieved( |
std::unique_ptr<em::PolicyFetchResponse> policy( |
new em::PolicyFetchResponse()); |
- if (!policy->ParseFromString(policy_blob)) { |
+ if (response_type != |
+ chromeos::SessionManagerClient::RetrievePolicyResponseType::SUCCESS || |
+ !policy->ParseFromString(policy_blob)) { |
status_ = STATUS_PARSE_ERROR; |
NotifyStoreError(); |
return; |