Chromad: Prevent session from starting without policy

chrome/browser/chromeos/policy/active_directory_policy_manager.h

Index: chrome/browser/chromeos/policy/active_directory_policy_manager.h
diff --git a/chrome/browser/chromeos/policy/active_directory_policy_manager.h b/chrome/browser/chromeos/policy/active_directory_policy_manager.h
index 46cf742e3f35dd633174965ce6ff71098e0418d7..ad0f4da96f16e76eaa751feabce1ce10247e93d5 100644
--- a/chrome/browser/chromeos/policy/active_directory_policy_manager.h
+++ b/chrome/browser/chromeos/policy/active_directory_policy_manager.h
@@ -7,8 +7,11 @@
 
 #include <memory>
 
+#include "base/bind.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/time/time.h"
+#include "base/timer/timer.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/configuration_policy_provider.h"
 #include "components/policy/core/common/policy_scheduler.h"
@@ -33,6 +36,9 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
   // Create manager for |accound_id| user policy.
   static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForUserPolicy(
       const AccountId& account_id,
+      bool wait_for_policy_fetch,
+      base::TimeDelta initial_policy_fetch_timeout,
+      base::OnceClosure exit_session,
       std::unique_ptr<CloudPolicyStore> store);
 
   // ConfigurationPolicyProvider:
@@ -47,10 +53,20 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
 
   CloudPolicyStore* store() const { return store_.get(); }
 
+  // Helper function to force a policy fetch timeout.
+  void ForceTimeoutForTest();
+
  private:
-  // |account_id| specifies the user to manage policy for.  If |account_id| is
-  // empty, device policy is managed.
+  // |account_id| specifies the user to manage policy for. If |account_id| is
+  // empty, device policy is managed. If |wait_for_policy_fetch| is true,
+  // IsInitializationComplete() is forced to false until either there has been a
+  // successful policy fetch from the server or |initial_policy_fetch_timeout|
+  // has expired. (The timeout may be set to TimeDelta::Max() to block
+  // permanently.)
   ActiveDirectoryPolicyManager(const AccountId& account_id,
+                               bool wait_for_policy_fetch,
+                               base::TimeDelta initial_policy_fetch_timeout,
+                               base::OnceClosure exit_session,
                                std::unique_ptr<CloudPolicyStore> store);
 
   // Publish the policy that's currently cached in the store.
@@ -60,12 +76,45 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
   // |callback|.
   void DoFetch(PolicyScheduler::TaskCallback callback);
 
-  // Called by scheduler with result of policy fetch.
+  // Called by scheduler with result of policy fetch. This covers policy
+  // download, parsing and storing into session_manager. (To access and publish
+  // the policy, the store needs to be reloaded from session_manager.)
   void OnPolicyFetched(bool success);
 
+  // Called when |policy_fetch_timeout_| times out, to cancel the blocking wait

[emaxx, 2017/07/12 20:18:20]

nit: s/policy_fetch_timeout_/initial_policy_timeout_/

[Thiemo Nagel, 2017/07/14 12:18:55]

Done.

+  // for the initial policy fetch.
+  void OnBlockingFetchTimeout();
+
+  // Cancels waiting for the initial policy fetch and flags the
+  // ConfigurationPolicyProvider ready (assuming all other initialization tasks
+  // have completed). |success| denotes whether the policy fetch was successful.
+  void CancelWaitForPolicy(bool success);

[emaxx, 2017/07/12 20:18:20]

nit: Maybe add s/ForPolicy/ForInitialPolicy/ (or even ForInitialPolicyFetch),
for clarity?

[Thiemo Nagel, 2017/07/14 12:18:55]

Thanks. Done. I'm not adding Fetch because a Load can also be sufficient under
some circumstances.

+
   const AccountId account_id_;
-  std::unique_ptr<CloudPolicyStore> store_;
 
+  // Whether we're waiting for a policy fetch to complete before reporting
+  // IsInitializationComplete().
+  bool waiting_for_initial_policy_fetch_;
+
+  // Whether the user session is continued in case of failure of initial policy
+  // fetch.
+  bool initial_policy_fetch_may_fail_;
+
+  // Whether policy fetch has ever been reported as completed by authpolicyd.
+  bool fetch_ever_completed_ = false;
+
+  // Whether policy fetch has ever been reported as successful by authpolicyd.
+  bool fetch_ever_succeeded_ = false;
+
+  // A timer that puts a hard limit on the maximum time to wait for the initial
+  // policy fetch/load.
+  base::Timer initial_policy_timeout_{false /* retain_user_task */,

[emaxx, 2017/07/12 20:18:20]

nit: If you're not opposed to too long names, I'd prefer
"initial_policy_fetch_timeout_". This would clarify that it's not only about a
freshly created profile, but is about the first *fetch* in the current session.

[Thiemo Nagel, 2017/07/14 12:18:55]

Same as above, I think writing "fetch" hides the fact that "load" can be
sufficient.

+                                      false /* is_repeating */};
+
+  // Callback to exit the session.
+  base::OnceClosure exit_session_;
+
+  std::unique_ptr<CloudPolicyStore> store_;
   std::unique_ptr<PolicyScheduler> scheduler_;
 
   // Must be last member.