Policy implementation for encryptfs to ext4 migration strategy

components/policy/resources/policy_templates.json

Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 7082782f95f149ff63d605023ee6f645f4f67f1f..f02c35c012baac9390de4a9b546277d5729b692b 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -143,7 +143,7 @@
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 370
+#   For your editing convenience: highest ID currently used: 371
 #   And don't forget to also update the EnterprisePolicies enum of
 #   histograms.xml (run 'python tools/metrics/histograms/update_policies.py').
 #
@@ -9568,6 +9568,42 @@
       'tags': [],
       'desc': '''Setting this policy to false stops <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> from occasionally sending queries to a Google server to retrieve an accurate timestamp. These queries will be enabled if this policy is set to True or is not set.''',
     },
+    {
+      'name': 'DeviceEcryptfsMigrationStrategy',
+      'type': 'int-enum',
+      'schema': {
+        'type': 'integer',
+        'enum': [ 0, 1 ],

[bartfab (slow), 2017/06/12 12:49:04]

This does not match the actual policy values (0, 1, 2).

[igorcov, 2017/06/12 16:50:10]

Done.

+      },
+      'items': [
+        {
+          'name': 'DisallowArc',
+          'value': 0,
+          'caption': '''Disallow data migration and ARC''',
+        },
+        {
+          'name': 'AllowMigration',
+          'value': 1,
+          'caption': '''Allow data migration''',
+        },
+      ],
+      'supported_on': ['chrome_os:60-'],
+      'device_only': True,
+      'features': {
+        'dynamic_refresh': True,
+      },
+      'example_value': 1,
+      'id': 371,
+      'caption': '''Migration strategy for ecryptfs''',
+      'tags': [],
+      'desc': '''Specifies how a device should behave that shipped before <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> 60 and may have home directories using ecryptfs instead of ext4 encryption.

[bartfab (slow), 2017/06/12 12:49:04]

Some devices will stay on ecryptfs in M60 as well. This is tied to the switch to
ext4 encryption only, not to a specific CrOS version.

[igorcov, 2017/06/12 16:50:10]

Done.

+
+      If you set this policy to 'DisallowArc', Android apps will be disabled for all users on the device (including those that have ext4 encryption already) and no migration from ecryptfs to ext4 encryption will be offered to any users.
+
+      If you set this policy to 'AllowMigration', users with ecryptfs home directories will be offered to migrate these to ext4 encryption as necessary (currently when Android N becomes available on the device).
+
+      If this policy is left not set, the device will behave as if 'DisallowArc' was chosen.''',
+    },
   ],
   'messages': {
     # Messages that are not associated to any policies.