arc: Start ARC for Public Session users.

chrome/browser/chromeos/arc/arc_session_manager.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 
 #include <utility>
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
@@ skipping 257 matching lines @@
     // no double message can happen in production.
     LOG(WARNING) << "Provisioning result was already reported. Ignoring "
                  << "additional result " << static_cast<int>(result) << ".";
     return;
   }
   provisioning_reported_ = true;
   if (scoped_opt_in_tracker_ && result != ProvisioningResult::SUCCESS)
     scoped_opt_in_tracker_->TrackError();
 
   if (result == ProvisioningResult::CHROME_SERVER_COMMUNICATION_ERROR) {
-    if (IsArcKioskMode()) {
+    // TODO(poromov): Consider PublicSession offline mode.
+    if (IsArcKioskMode() || IsPublicSessionMode()) {
       VLOG(1) << "Robot account auth code fetching error";
       // Log out the user. All the cleanup will be done in Shutdown() method.
       // The callback is not called because auth code is empty.
       attempt_user_exit_callback_.Run();
       return;
     }
 
     // For backwards compatibility, use NETWORK_ERROR for
     // CHROME_SERVER_COMMUNICATION_ERROR case.
     UpdateOptInCancelUMA(OptInCancelReason::NETWORK_ERROR);
@@ skipping 21 matching lines @@
     if (profile_->GetPrefs()->GetBoolean(prefs::kArcSignedIn))
       return;
 
     profile_->GetPrefs()->SetBoolean(prefs::kArcSignedIn, true);
 
     // Launch Play Store app, except for the following cases:
     // * When Opt-in verification is disabled (for tests);
     // * In case ARC is enabled from OOBE.
     // * In ARC Kiosk mode, because the only one UI in kiosk mode must be the
     //   kiosk app and device is not needed for opt-in;
+    // * In Public Session mode, because Play Store will be hidden from users
+    //   and only apps configured by policy should be installed.
     // * When ARC is managed and all OptIn preferences are managed/unused, too,
     //   because the whole OptIn flow should happen as seamless as possible for
     //   the user.
+    // For Active Directory users we always show a page notifying them that they
+    // have to authenticate with their identity provider (through SAML) to make
+    // it less weird that a browser window pops up.
     const bool suppress_play_store_app =
         !IsPlayStoreAvailable() || IsArcOptInVerificationDisabled() ||
-        IsArcKioskMode() || oobe_start_ ||
+        IsArcKioskMode() || IsPublicSessionMode() || oobe_start_ ||
         (IsArcPlayStoreEnabledPreferenceManagedForProfile(profile_) &&
          AreArcAllOptInPreferencesIgnorableForProfile(profile_));
     if (!suppress_play_store_app) {
       playstore_launcher_ = base::MakeUnique<ArcAppLauncher>(
           profile_, kPlayStoreAppId,
           GetLaunchIntent(kPlayStorePackage, kPlayStoreActivity,
                           {kInitialStartParam}),
           true, false);
     }
 
@@ skipping 89 matching lines @@
   // Create the support host at initialization. Note that, practically,
   // ARC support Chrome app is rarely used (only opt-in and re-auth flow).
   // So, it may be better to initialize it lazily.
   // TODO(hidehiko): Revisit to think about lazy initialization.
   //
   // Don't show UI for ARC Kiosk because the only one UI in kiosk mode must
   // be the kiosk app. In case of error the UI will be useless as well, because
   // in typical use case there will be no one nearby the kiosk device, who can
   // do some action to solve the problem be means of UI.
   if (!g_disable_ui_for_testing && !IsArcOptInVerificationDisabled() &&
-      !IsArcKioskMode()) {
+      !IsArcKioskMode() && !IsPublicSessionMode()) {
     DCHECK(!support_host_);
     support_host_ = base::MakeUnique<ArcSupportHost>(profile_);
     support_host_->SetErrorDelegate(this);
   }
 
   context_ = base::MakeUnique<ArcAuthContext>(profile_);
 
   if (!g_disable_ui_for_testing ||
       g_enable_check_android_management_for_testing) {
     ArcAndroidManagementChecker::StartClient();
@@ skipping 174 matching lines @@
   }
 
   oobe_start_ = IsOobeOptInActive();
 
   PrefService* const prefs = profile_->GetPrefs();
 
   // If it is marked that sign in has been successfully done, if ARC has been
   // set up to always start, then directly start ARC.
   // For Kiosk mode, skip ToS because it is very likely that near the device
   // there will be no one who is eligible to accept them.
-  // If opt-in verification is disabled, skip negotiation, too. This is for
-  // testing purpose.
+  // In Public Session mode ARC should be started silently without user
+  // interaction. If opt-in verification is disabled, skip negotiation, too.
+  // This is for testing purpose.
   const bool start_arc_directly = prefs->GetBoolean(prefs::kArcSignedIn) ||
                                   ShouldArcAlwaysStart() || IsArcKioskMode() ||
+                                  IsPublicSessionMode() ||
                                   IsArcOptInVerificationDisabled();
 
   // When ARC is blocked because of filesystem compatibility, do not proceed
   // to starting ARC nor follow further state transitions.
   if (IsArcBlockedDueToIncompatibleFileSystem(profile_)) {
     // If the next step was the ToS negotiation, show a notification instead.
     // Otherwise, be silent now. Users are notified when clicking ARC app icons.
     if (!start_arc_directly && !g_disable_ui_for_testing)
       arc::ShowArcMigrationGuideNotification(profile_);
     return false;
@@ skipping 84 matching lines @@
     DCHECK(arc_session_runner_->IsStopped());
     MaybeStartArcDataRemoval();
   }
 }
 
 void ArcSessionManager::MaybeStartTermsOfServiceNegotiation() {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   DCHECK(profile_);
   DCHECK(arc_session_runner_->IsStopped());
   DCHECK(!terms_of_service_negotiator_);
-  // In Kiosk-mode, Terms of Service negotiation should be skipped.
-  // See also RequestEnableImpl().
+  // In Kiosk and PublicSession-mode, Terms of Service negotiation should be

[Luis Héctor Chávez, 2017/08/28 18:33:28]

nit: Public Session (for consistency)

[Sergey Poromov, 2017/08/28 18:47:24]

Done.

+  // skipped. See also RequestEnableImpl().
   DCHECK(!IsArcKioskMode());
+  DCHECK(!IsPublicSessionMode());
   // If opt-in verification is disabled, Terms of Service negotiation should
   // be skipped, too. See also RequestEnableImpl().
   DCHECK(!IsArcOptInVerificationDisabled());
 
   DCHECK_EQ(state_, State::STOPPED);
   state_ = State::NEGOTIATING_TERMS_OF_SERVICE;
 
   // TODO(hidehiko): In kArcSignedIn = true case, this method should never
   // be called. Remove the check.
   // Conceptually, this is starting ToS negotiation, rather than opt-in flow.
@@ skipping 142 matching lines @@
       break;
   }
 }
 
 void ArcSessionManager::StartBackgroundAndroidManagementCheck() {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   DCHECK_EQ(state_, State::ACTIVE);
   DCHECK(!android_management_checker_);
 
   // Skip Android management check for testing.
-  // We also skip if Android management check for Kiosk mode,
-  // because there are no managed human users for Kiosk exist.
+  // We also skip if Android management check for Kiosk and Public Session mode,
+  // because there are no managed human users for them exist.
   if (IsArcOptInVerificationDisabled() || IsArcKioskMode() ||
+      IsPublicSessionMode() ||
       (g_disable_ui_for_testing &&
        !g_enable_check_android_management_for_testing)) {
     return;
   }
 
   android_management_checker_ = base::MakeUnique<ArcAndroidManagementChecker>(
       profile_, context_->token_service(), context_->account_id(),
       true /* retry_on_error */);
   android_management_checker_->StartCheck(
       base::Bind(&ArcSessionManager::OnBackgroundAndroidManagementChecked,
@@ skipping 208 matching lines @@
 
 #undef MAP_STATE
 
   // Some compilers report an error even if all values of an enum-class are
   // covered exhaustively in a switch statement.
   NOTREACHED() << "Invalid value " << static_cast<int>(state);
   return os;
 }
 
 }  // namespace arc