Policy implementation for encryptfs to ext4 migration strategy

chrome/browser/chromeos/arc/arc_util.cc

Index: chrome/browser/chromeos/arc/arc_util.cc
diff --git a/chrome/browser/chromeos/arc/arc_util.cc b/chrome/browser/chromeos/arc/arc_util.cc
index 151e460102347687ef2f92dbfa9b67848a15f2de..d43c7e2c67decfbdcbe619338e853fc36520ff00 100644
--- a/chrome/browser/chromeos/arc/arc_util.cc
+++ b/chrome/browser/chromeos/arc/arc_util.cc
@@ -8,17 +8,22 @@
 #include <sys/statfs.h>
 
 #include "base/callback.h"
+#include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/sys_info.h"
 #include "base/task_scheduler/post_task.h"
 #include "base/threading/thread_restrictions.h"
+#include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 #include "chrome/browser/chromeos/login/user_flow.h"
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
+#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
+#include "chromeos/chromeos_switches.h"
 #include "components/arc/arc_util.h"
 #include "components/prefs/pref_service.h"
 #include "components/user_manager/known_user.h"
@@ -39,6 +44,12 @@ bool g_disallow_for_testing = false;
 // during test runs.
 bool g_arc_blocked_due_to_incomaptible_filesystem_for_testing = false;
 
+// This flag is set only in case the command line flag is set to mark the device
+// as requiring the migration. The value is set the first time the policy fetch
+// is done, and remains unchanged after that.
+// TODO(igorcov): Remove this after migration. crbug.com/725493
+base::Optional<bool> g_is_arc_migration_allowed;
+
 // Returns whether ARC can run on the filesystem mounted at |path|.
 // This function should run only on threads where IO operations are allowed.
 bool IsArcCompatibleFilesystem(const base::FilePath& path) {
@@ -72,6 +83,25 @@ FileSystemCompatibilityState GetFileSystemCompatibilityPref(
   return static_cast<FileSystemCompatibilityState>(pref_value);
 }
 
+bool IsArcMigrationAllowedInternal() {
+  // If the device is not managed, then the migration allowed.
+  if (!g_browser_process->platform_part()
+           ->browser_policy_connector_chromeos()
+           ->IsEnterpriseManaged()) {
+    return true;
+  }
+
+  const PrefService* pref_service =
+      user_manager::UserManager::Get()->GetLocalState();
+  const PrefService::Preference* pref =
+      pref_service->FindPreference(prefs::kDeviceEcryptfsMigrationStrategy);
+
+  return pref && pref->GetValue() &&
+         pref->GetValue()->GetInt() ==
+             enterprise_management::DeviceEcryptfsMigrationStrategyProto::
+                 ALLOW_MIGRATION;
+}
+
 }  // namespace
 
 bool IsArcAllowedForProfile(const Profile* profile) {
@@ -121,6 +151,19 @@ bool IsArcAllowedForProfile(const Profile* profile) {
     return false;
   }
 
+  const auto* command_line = base::CommandLine::ForCurrentProcess();
+  // In the case the initial encryption was ecryptfs, the user data require

[hidehiko, 2017/06/09 09:40:39]

This comment looks now stale.
Maybe;

If migration policy check is needed (specified by commandline flag), check the
policy, which should be already available here.
If policy says migration is not allowed, do not run ARC, regardless whether file
system migration is actually needed.
For example, even if file system is still ecryptfs and ARC version is M, or file
system is already migrated into ext4 crypt and ARC version is N or later, if
policy says migration is not allowed, ARC will never run.
Practically, in the former example case, --need-arc-migration-policy-check is
not set, so this check passes and user can use ARC.
In latter case, policy should say migration is allowed, so also user can use ARC
then.
TODO: ...

+  // migration to ext4 in order to have ARC available. The migration is
+  // forbidden if the device is managed and the policy is set to disable
+  // migration. This makes the ARC unavailable too.
+  // TODO(igorcov): Remove this after migration. crbug.com/725493
+  if (command_line->HasSwitch(
+          chromeos::switches::kNeedArcMigrationPolicyCheck) &&
+      !IsMigrationAllowed()) {
+    VLOG(1) << "ARC requires migration, but is not allowed by the policy.";
+    return false;
+  }
+
   // Do not run ARC instance when supervised user is being created.
   // Otherwise noisy notification may be displayed.
   chromeos::UserFlow* user_flow =
@@ -261,4 +304,14 @@ void UpdateArcFileSystemCompatibilityPrefIfNeeded(
       base::Bind(&StoreCompatibilityCheckResult, account_id, callback));
 }
 
+bool IsMigrationAllowed() {
+  if (!g_is_arc_migration_allowed.has_value())
+    g_is_arc_migration_allowed = IsArcMigrationAllowedInternal();
+  return g_is_arc_migration_allowed.value();
+}
+
+void ResetGlobalDataForTesting() {
+  g_is_arc_migration_allowed.reset();
+}
+
 }  // namespace arc