Chromad: Prevent session from starting without policy

chrome/browser/chromeos/policy/active_directory_policy_manager.h

Index: chrome/browser/chromeos/policy/active_directory_policy_manager.h
diff --git a/chrome/browser/chromeos/policy/active_directory_policy_manager.h b/chrome/browser/chromeos/policy/active_directory_policy_manager.h
index 46cf742e3f35dd633174965ce6ff71098e0418d7..d3020edef62c1c8783121cbcaa6e53c9237916a9 100644
--- a/chrome/browser/chromeos/policy/active_directory_policy_manager.h
+++ b/chrome/browser/chromeos/policy/active_directory_policy_manager.h
@@ -7,8 +7,11 @@
 
 #include <memory>
 
+#include "base/bind.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/time/time.h"
+#include "base/timer/timer.h"
 #include "components/policy/core/common/cloud/cloud_policy_store.h"
 #include "components/policy/core/common/configuration_policy_provider.h"
 #include "components/policy/core/common/policy_scheduler.h"
@@ -18,9 +21,11 @@ namespace policy {
 
 // ConfigurationPolicyProvider for device or user policy from Active Directory.
 // The choice of constructor determines whether device or user policy is
-// provided.  The policy is fetched from the Domain Controller by authpolicyd
-// which stores it in session manager and from where it is loaded by
-// ActiveDirectoryPolicyManager.
+// provided.
+// Data flow: Triggered by DoPolicyFetch(), policy is fetched by authpolicyd and
+// stored in session manager with completion indicated by OnPolicyFetched().
+// From there policy load from session manager is triggered, completion of which
+// is notified via OnStoreLoaded()/OnStoreError().
 class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
                                      public CloudPolicyStore::Observer {
  public:
@@ -33,6 +38,9 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
   // Create manager for |accound_id| user policy.
   static std::unique_ptr<ActiveDirectoryPolicyManager> CreateForUserPolicy(
       const AccountId& account_id,
+      bool wait_for_policy_fetch,
+      base::TimeDelta initial_policy_fetch_timeout,
+      base::OnceClosure exit_session,
       std::unique_ptr<CloudPolicyStore> store);
 
   // ConfigurationPolicyProvider:
@@ -47,10 +55,20 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
 
   CloudPolicyStore* store() const { return store_.get(); }
 
+  // Helper function to force a policy fetch timeout.
+  void ForceTimeoutForTest();
+
  private:
-  // |account_id| specifies the user to manage policy for.  If |account_id| is
-  // empty, device policy is managed.
+  // |account_id| specifies the user to manage policy for. If |account_id| is
+  // empty, device policy is managed. If |wait_for_policy_fetch| is true,
+  // IsInitializationComplete() is forced to false until either there has been a
+  // successful policy fetch from the server or |initial_policy_fetch_timeout|

[emaxx, 2017/07/14 13:56:40]

nit: The description seems to be a bit inaccurate: the initialization may happen
even after the failed fetch - in that case, the store load is awaited.

[Thiemo Nagel, 2017/07/17 09:29:35]

Thanks. I've added more text, hopefully it's clearer now.

+  // has expired. (The timeout may be set to TimeDelta::Max() to block
+  // permanently.)
   ActiveDirectoryPolicyManager(const AccountId& account_id,
+                               bool wait_for_policy_fetch,
+                               base::TimeDelta initial_policy_fetch_timeout,
+                               base::OnceClosure exit_session,
                                std::unique_ptr<CloudPolicyStore> store);
 
   // Publish the policy that's currently cached in the store.
@@ -58,14 +76,47 @@ class ActiveDirectoryPolicyManager : public ConfigurationPolicyProvider,
 
   // Calls into authpolicyd to fetch policy. Reports success or failure via
   // |callback|.
-  void DoFetch(PolicyScheduler::TaskCallback callback);
+  void DoPolicyFetch(PolicyScheduler::TaskCallback callback);
 
-  // Called by scheduler with result of policy fetch.
+  // Called by scheduler with result of policy fetch. This covers policy
+  // download, parsing and storing into session manager. (To access and publish
+  // the policy, the store needs to be reloaded from session manager.)
   void OnPolicyFetched(bool success);
 
+  // Called when |initial_policy_timeout_| times out, to cancel the blocking
+  // wait for the initial policy fetch.
+  void OnBlockingFetchTimeout();
+
+  // Cancels waiting for the initial policy fetch/load and flags the

[emaxx, 2017/07/14 13:56:40]

nit: Worth explaning that it doesn't do this unconditionally - in case of the
blocking fetch the error to obtain the policy will result in the |exit_session|
call.

[Thiemo Nagel, 2017/07/17 09:29:35]

Good point. Done.

+  // ConfigurationPolicyProvider ready (assuming all other initialization tasks
+  // have completed). |success| denotes whether the policy fetch was successful.
+  void CancelWaitForInitialPolicy(bool success);
+
   const AccountId account_id_;
-  std::unique_ptr<CloudPolicyStore> store_;
 
+  // Whether we're waiting for a policy fetch to complete before reporting
+  // IsInitializationComplete().
+  bool waiting_for_initial_policy_fetch_;
+
+  // Whether the user session is continued in case of failure of initial policy
+  // fetch.
+  bool initial_policy_fetch_may_fail_;
+
+  // Whether policy fetch has ever been reported as completed by authpolicyd.
+  bool fetch_ever_completed_ = false;
+
+  // Whether policy fetch has ever been reported as successful by authpolicyd.
+  bool fetch_ever_succeeded_ = false;
+
+  // A timer that puts a hard limit on the maximum time to wait for the initial
+  // policy fetch/load.
+  base::Timer initial_policy_timeout_{false /* retain_user_task */,
+                                      false /* is_repeating */};
+
+  // Callback to exit the session.
+  base::OnceClosure exit_session_;
+
+  std::unique_ptr<CloudPolicyStore> store_;
   std::unique_ptr<PolicyScheduler> scheduler_;
 
   // Must be last member.