Policy implementation for encryptfs to ext4 migration strategy

components/policy/resources/policy_templates.json

Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 7082782f95f149ff63d605023ee6f645f4f67f1f..a2c227880d3d8a9dee469f064462df1c30aa6dac 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -143,7 +143,7 @@
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 370
+#   For your editing convenience: highest ID currently used: 371
 #   And don't forget to also update the EnterprisePolicies enum of
 #   histograms.xml (run 'python tools/metrics/histograms/update_policies.py').
 #
@@ -9568,6 +9568,47 @@
       'tags': [],
       'desc': '''Setting this policy to false stops <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> from occasionally sending queries to a Google server to retrieve an accurate timestamp. These queries will be enabled if this policy is set to True or is not set.''',
     },
+    {
+      'name': 'DeviceEcryptfsMigrationStrategy',
+      'type': 'int-enum',
+      'schema': {
+        'type': 'integer',
+        'enum': [ 0, 1, 2 ],
+      },
+      'items': [
+        {
+          'name': 'Unset',
+          'value': 0,
+          'caption': '''Policy unset, disallow data migration and ARC''',
+        },
+        {
+          'name': 'DisallowArc',
+          'value': 1,
+          'caption': '''Disallow data migration and ARC''',
+        },
+        {
+          'name': 'AllowMigration',
+          'value': 2,
+          'caption': '''Allow data migration''',
+        },
+      ],
+      'supported_on': ['chrome_os:60-'],
+      'device_only': True,
+      'features': {
+        'dynamic_refresh': True,
+      },
+      'example_value': 1,
+      'id': 371,
+      'caption': '''Migration strategy for ecryptfs''',
+      'tags': [],
+      'desc': '''Specifies how a device should behave that shipped with ecryptfs encryption.

[bartfab (slow), 2017/06/13 09:56:02]

To be precise, this only affects the behavior of devices that transitioned from
ecryptfs to ext4 encryption. Devices that are keeping ecryptfs as the default
for now are not affected.

[igorcov, 2017/06/16 11:13:04]

Done.

+
+      If you set this policy to 'DisallowArc', Android apps will be disabled for all users on the device (including those that have ext4 encryption already) and no migration from ecryptfs to ext4 encryption will be offered to any users.
+
+      If you set this policy to 'AllowMigration', users with ecryptfs home directories will be offered to migrate these to ext4 encryption as necessary (currently when Android N becomes available on the device).
+
+      If this policy is left not set, the device will behave as if 'DisallowArc' was chosen.''',
+    },
   ],
   'messages': {
     # Messages that are not associated to any policies.