Policy implementation for encryptfs to ext4 migration strategy

chrome/browser/chromeos/arc/arc_util.cc

Index: chrome/browser/chromeos/arc/arc_util.cc
diff --git a/chrome/browser/chromeos/arc/arc_util.cc b/chrome/browser/chromeos/arc/arc_util.cc
index 151e460102347687ef2f92dbfa9b67848a15f2de..0dcfd5298f33c68b4e306e4a1479e69b7b630b4b 100644
--- a/chrome/browser/chromeos/arc/arc_util.cc
+++ b/chrome/browser/chromeos/arc/arc_util.cc
@@ -8,17 +8,22 @@
 #include <sys/statfs.h>
 
 #include "base/callback.h"
+#include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/sys_info.h"
 #include "base/task_scheduler/post_task.h"
 #include "base/threading/thread_restrictions.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 #include "chrome/browser/chromeos/login/user_flow.h"
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
+#include "chromeos/chromeos_switches.h"
 #include "components/arc/arc_util.h"
 #include "components/prefs/pref_service.h"
 #include "components/user_manager/known_user.h"
@@ -39,6 +44,13 @@ bool g_disallow_for_testing = false;
 // during test runs.
 bool g_arc_blocked_due_to_incomaptible_filesystem_for_testing = false;
 
+// This flag is set only in case the command line flag is set to mark the device
+// as requiring the migration. The value is set the first time the policy fetch
+// is done, and remains unchanged after that.
+// TODO(igorcov): Remove this after migration. crbug.com/725493
+ArcAvailabilityPolicyStatus g_arc_availability_policy_status =
+    ArcAvailabilityPolicyStatus::UNKNOWN;
+
 // Returns whether ARC can run on the filesystem mounted at |path|.
 // This function should run only on threads where IO operations are allowed.
 bool IsArcCompatibleFilesystem(const base::FilePath& path) {
@@ -72,6 +84,40 @@ FileSystemCompatibilityState GetFileSystemCompatibilityPref(
   return static_cast<FileSystemCompatibilityState>(pref_value);
 }
 
+// Returns if the migration from ecryptfs to ext4 is allowed. It is true if it
+// is known that the device is consumer owned, or if the device policy is
+// present and has the value |kAllowMigration|. The response is cached the first
+// time the function is used, and the policy update won't change the return
+// value after that.
+bool IsMigrationAllowed() {
+  if (g_arc_availability_policy_status ==

[hidehiko, 2017/06/07 12:22:20]

nit/optional: How about using base::Optional<bool> ? Something like;

namespace {

base::Optional<bool> g_is_arc_migration_allowed;

bool IsArcMigrationAllowedInternal() {
  if (... if not enterprise managed ...)
    return true;
  return pref->GetValue()->GetInt == ALLOW_MIGRATION;
}

}  // namespace

bool IsArcMigrationAllowed() {
  if (!g_is_arc_migration_allowed.has_value())
    g_is_arc_migration_allowed = IsArcMigrationAllowedInternal();
  return g_is_arc_migration_allowed.value();
}

[igorcov, 2017/06/08 10:42:25]

Done.

+      ArcAvailabilityPolicyStatus::UNKNOWN) {
+    // If the device is not managed, then the migration allowed.
+    if (!g_browser_process->platform_part()
+             ->browser_policy_connector_chromeos()
+             ->IsEnterpriseManaged()) {
+      g_arc_availability_policy_status = ArcAvailabilityPolicyStatus::AVAILABLE;
+      return true;
+    }
+
+    const PrefService* pref_service =
+        user_manager::UserManager::Get()->GetLocalState();
+    const PrefService::Preference* pref =
+        pref_service->FindPreference(prefs::kDeviceEcryptfsMigrationStrategy);
+
+    if (pref && pref->GetValue() &&
+        pref->GetValue()->GetInt() ==
+            enterprise_management::DeviceEcryptfsMigrationStrategyProto::
+                ALLOW_MIGRATION)
+      g_arc_availability_policy_status = ArcAvailabilityPolicyStatus::AVAILABLE;
+    else
+      g_arc_availability_policy_status = ArcAvailabilityPolicyStatus::DISABLED;
+  }
+
+  return g_arc_availability_policy_status ==
+         ArcAvailabilityPolicyStatus::AVAILABLE;
+}
+
 }  // namespace
 
 bool IsArcAllowedForProfile(const Profile* profile) {
@@ -121,6 +167,18 @@ bool IsArcAllowedForProfile(const Profile* profile) {
     return false;
   }
 
+  const auto* command_line = base::CommandLine::ForCurrentProcess();
+  // In the case the initial encryption was ecryptfs, the user data require
+  // migration to ext4 in order to have ARC available. The migration is
+  // forbidden if the device is managed and the policy is set to disable
+  // migration. This makes the ARC unavailable too.
+  // TODO(igorcov): Remove this after migration. crbug.com/725493
+  if (command_line->HasSwitch(chromeos::switches::kInitialEncryptionEcryptfs) &&

[hidehiko, 2017/06/07 12:22:20]

IIUC, This won't work as expected if;
- FS is currently ecryptfs, but
- ARC is still M.

right?
You'd need to check ARC version and/or FS encryption, too?

[igorcov, 2017/06/07 13:45:18]

Do you mean the case when user had ARC M, had ecryptfs and now is not allowed to
migrate? In this case according to design doc, ARC will disappear. We just need
to make sure the ARC data is not deleted. Or is it other case and I'm missing
something?

+      !IsMigrationAllowed()) {
+    VLOG(1) << "ARC requires migration, but is not allowed by the policy.";
+    return false;
+  }
+
   // Do not run ARC instance when supervised user is being created.
   // Otherwise noisy notification may be displayed.
   chromeos::UserFlow* user_flow =
@@ -261,4 +319,12 @@ void UpdateArcFileSystemCompatibilityPrefIfNeeded(
       base::Bind(&StoreCompatibilityCheckResult, account_id, callback));
 }
 
+ArcAvailabilityPolicyStatus GetArcAvailabilityPolicyStatus() {
+  return g_arc_availability_policy_status;
+}
+
+void ResetGlobalDataForTesting() {
+  g_arc_availability_policy_status = ArcAvailabilityPolicyStatus::UNKNOWN;
+}
+
 }  // namespace arc