Chromium Code Reviews Chromium Code Reviews
Issue 2890843002:
Policy implementation for encryptfs to ext4 migration strategy (Closed)
| Index: chrome/browser/chromeos/arc/arc_util.cc |
| diff --git a/chrome/browser/chromeos/arc/arc_util.cc b/chrome/browser/chromeos/arc/arc_util.cc |
| index 2930f79effc8b36e4756eb71ed5ed2b961b3747a..17383d8a614b342e856e4564f508cb11137f3566 100644 |
| --- a/chrome/browser/chromeos/arc/arc_util.cc |
| +++ b/chrome/browser/chromeos/arc/arc_util.cc |
| @@ -9,18 +9,26 @@ |
| #include <set> |
| #include "base/callback.h" |
| +#include "base/command_line.h" |
| #include "base/files/file_path.h" |
| #include "base/lazy_instance.h" |
| #include "base/logging.h" |
| +#include "base/optional.h" |
| #include "base/sys_info.h" |
| #include "base/task_scheduler/post_task.h" |
| #include "base/threading/thread_restrictions.h" |
| +#include "base/values.h" |
| +#include "chrome/browser/browser_process.h" |
| +#include "chrome/browser/browser_process_platform_part.h" |
| #include "chrome/browser/chromeos/arc/arc_session_manager.h" |
| #include "chrome/browser/chromeos/login/user_flow.h" |
| #include "chrome/browser/chromeos/login/users/chrome_user_manager.h" |
| +#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| +#include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h" |
| #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "chrome/common/pref_names.h" |
| +#include "chromeos/chromeos_switches.h" |
| #include "components/arc/arc_util.h" |
| #include "components/prefs/pref_service.h" |
| #include "components/user_manager/known_user.h" |
| @@ -54,6 +62,11 @@ bool g_arc_blocked_due_to_incomaptible_filesystem_for_testing = false; |
| base::LazyInstance<std::set<AccountId>>::DestructorAtExit |
| g_known_compatible_users = LAZY_INSTANCE_INITIALIZER; |
| +// This flag is set the first time the check if migration to ext4 is allowed, |
| +// and remains unchanged after that. |
| +// TODO(igorcov): Remove this after migration. crbug.com/725493 |
| +base::Optional<bool> g_is_arc_migration_allowed; |
| + |
| // Returns whether ARC can run on the filesystem mounted at |path|. |
| // This function should run only on threads where IO operations are allowed. |
| bool IsArcCompatibleFilesystem(const base::FilePath& path) { |
| @@ -94,6 +107,33 @@ void StoreCompatibilityCheckResult(const AccountId& account_id, |
| callback.Run(); |
| } |
| +bool IsArcMigrationAllowedInternal() { |
| + // If the device is not managed, then the migration allowed. |
| + if (!g_browser_process->platform_part() |
| + ->browser_policy_connector_chromeos() |
| + ->IsEnterpriseManaged()) { |
| + return true; |
| + } |
| + |
| + const auto* const command_line = base::CommandLine::ForCurrentProcess(); |
| + // If the command line flag is missing, the migration for this type of |
| + // device is allowed regardless of the policy data. |
| + if (!command_line->HasSwitch( |
| + chromeos::switches::kNeedArcMigrationPolicyCheck)) { |
| + return true; |
| + } |
| + |
| + const PrefService* const pref_service = |
| + user_manager::UserManager::Get()->GetLocalState(); |
| + const PrefService::Preference* const pref = |
| + pref_service->FindPreference(prefs::kDeviceEcryptfsMigrationStrategy); |
| + |
| + return pref && pref->GetValue() && |
| + pref->GetValue()->GetInt() == |
| + enterprise_management::DeviceEcryptfsMigrationStrategyProto:: |
| + ALLOW_MIGRATION; |
| +} |
| + |
| } // namespace |
| bool IsArcAllowedForProfile(const Profile* profile) { |
| @@ -143,6 +183,22 @@ bool IsArcAllowedForProfile(const Profile* profile) { |
| return false; |
| } |
| + // If migration policy check is needed (specified by commandline flag), check |
| + // the policy, which should be already available here. If policy says |
| + // migration is not allowed, do not run ARC, regardless whether file system |
| + // migration is actually needed. For example, even if file system is still |
| + // ecryptfs and ARC version is M, or file system is already migrated into ext4 |
| + // crypt and ARC version is N or later, if policy says migration is not |
| + // allowed, ARC will never run. Practically, in the former example case, |
| + // --need-arc-migration-policy-check is not set, so this check passes and user |
| + // can use ARC. In latter case, policy should say migration is allowed, so |
| + // also user can use ARC then. |
| + // TODO(igorcov): Remove this after migration. crbug.com/725493 |
| + if (!IsArcMigrationAllowed()) { |
| + VLOG(1) << "ARC migration is not allowed by the policy."; |
|
bartfab (slow)
2017/06/13 09:56:01
Nit: s/the //
igorcov
2017/06/16 11:13:04
Done.
|
| + return false; |
| + } |
| + |
| // Do not run ARC instance when supervised user is being created. |
| // Otherwise noisy notification may be displayed. |
| chromeos::UserFlow* user_flow = |
| @@ -284,4 +340,14 @@ void UpdateArcFileSystemCompatibilityPrefIfNeeded( |
| base::Bind(&StoreCompatibilityCheckResult, account_id, callback)); |
| } |
| +bool IsArcMigrationAllowed() { |
| + if (!g_is_arc_migration_allowed.has_value()) |
| + g_is_arc_migration_allowed = IsArcMigrationAllowedInternal(); |
| + return g_is_arc_migration_allowed.value(); |
| +} |
| + |
| +void ResetArcMigrationAllowedForTesting() { |
| + g_is_arc_migration_allowed.reset(); |
| +} |
| + |
| } // namespace arc |
