Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2668)

Unified Diff: chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc

Issue 2954293002: Chromad: Prevent session from starting without policy (Closed)
Patch Set: Address nits Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc
diff --git a/chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc b/chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc
index 2edac9edb921ded3a4882f9eb4ed046bc06259fa..f8e89afe489970f52caab4ed4ac08670d8c7b278 100644
--- a/chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc
@@ -101,18 +101,20 @@ UserCloudPolicyManagerChromeOS::UserCloudPolicyManagerChromeOS(
store_(std::move(store)),
external_data_manager_(std::move(external_data_manager)),
component_policy_cache_path_(component_policy_cache_path),
- wait_for_policy_fetch_(wait_for_policy_fetch) {
+ waiting_for_initial_policy_fetch_(wait_for_policy_fetch) {
time_init_started_ = base::Time::Now();
// Caller must pass a non-zero policy_fetch_timeout iff
// |wait_for_policy_fetch| is true.
- DCHECK_NE(wait_for_policy_fetch_, initial_policy_fetch_timeout.is_zero());
- allow_failed_policy_fetches_ =
+ DCHECK_NE(waiting_for_initial_policy_fetch_,
+ initial_policy_fetch_timeout.is_zero());
+ initial_policy_fetch_may_fail_ =
base::CommandLine::ForCurrentProcess()->HasSwitch(
chromeos::switches::kAllowFailedPolicyFetchForTest) ||
!initial_policy_fetch_timeout.is_max();
// No need to set the timer when the timeout is infinite.
- if (wait_for_policy_fetch_ && !initial_policy_fetch_timeout.is_max()) {
+ if (waiting_for_initial_policy_fetch_ &&
+ !initial_policy_fetch_timeout.is_max()) {
policy_fetch_timeout_.Start(
FROM_HERE,
initial_policy_fetch_timeout,
@@ -174,10 +176,10 @@ void UserCloudPolicyManagerChromeOS::Connect(
// store has already been loaded and contains a valid policy - the
// registration setup in this case is performed by the CloudPolicyService
// that is instantiated inside the CloudPolicyCore::Connect() method call.
- // If that's the case and |wait_for_policy_fetch_| is true, then the policy
- // fetch needs to be issued (it happens otherwise after the client
- // registration is finished, in OnRegistrationStateChanged()).
- if (client()->is_registered() && wait_for_policy_fetch_) {
+ // If that's the case and |waiting_for_initial_policy_fetch_| is true, then
+ // the policy fetch needs to be issued (it happens otherwise after the
+ // client registration is finished, in OnRegistrationStateChanged()).
+ if (client()->is_registered() && waiting_for_initial_policy_fetch_) {
service()->RefreshPolicy(
base::Bind(&UserCloudPolicyManagerChromeOS::CancelWaitForPolicyFetch,
base::Unretained(this)));
@@ -230,7 +232,7 @@ bool UserCloudPolicyManagerChromeOS::IsInitializationComplete(
if (!CloudPolicyManager::IsInitializationComplete(domain))
return false;
if (domain == POLICY_DOMAIN_CHROME)
- return !wait_for_policy_fetch_;
+ return !waiting_for_initial_policy_fetch_;
return true;
}
@@ -246,25 +248,27 @@ void UserCloudPolicyManagerChromeOS::OnInitializationCompleted(
// If the CloudPolicyClient isn't registered at this stage then it needs an
// OAuth token for the initial registration.
//
- // If |wait_for_policy_fetch_| is true then Profile initialization is blocking
- // on the initial policy fetch, so the token must be fetched immediately.
- // In that case, the signin Profile is used to authenticate a Gaia request to
- // fetch a refresh token, and then the policy token is fetched.
+ // If |waiting_for_initial_policy_fetch_| is true then Profile initialization
+ // is blocking on the initial policy fetch, so the token must be fetched
+ // immediately. In that case, the signin Profile is used to authenticate a
+ // Gaia request to fetch a refresh token, and then the policy token is
+ // fetched.
//
- // If |wait_for_policy_fetch_| is false then the UserCloudPolicyTokenForwarder
- // service will eventually call OnAccessTokenAvailable() once an access token
- // is available. That call may have already happened while waiting for
- // initialization of the CloudPolicyService, so in that case check if an
- // access token is already available.
+ // If |waiting_for_initial_policy_fetch_| is false then the
+ // UserCloudPolicyTokenForwarder service will eventually call
+ // OnAccessTokenAvailable() once an access token is available. That call may
+ // have already happened while waiting for initialization of the
+ // CloudPolicyService, so in that case check if an access token is already
+ // available.
if (!client()->is_registered()) {
- if (wait_for_policy_fetch_) {
+ if (waiting_for_initial_policy_fetch_) {
FetchPolicyOAuthToken();
} else if (!access_token_.empty()) {
OnAccessTokenAvailable(access_token_);
}
}
- if (!wait_for_policy_fetch_) {
+ if (!waiting_for_initial_policy_fetch_) {
// If this isn't blocking on a policy fetch then
// CloudPolicyManager::OnStoreLoaded() already published the cached policy.
// Start the refresh scheduler now, which will eventually refresh the
@@ -285,7 +289,7 @@ void UserCloudPolicyManagerChromeOS::OnRegistrationStateChanged(
CloudPolicyClient* cloud_policy_client) {
DCHECK_EQ(client(), cloud_policy_client);
- if (wait_for_policy_fetch_) {
+ if (waiting_for_initial_policy_fetch_) {
time_client_registered_ = base::Time::Now();
if (!time_token_available_.is_null()) {
UMA_HISTOGRAM_MEDIUM_TIMES(
@@ -310,7 +314,7 @@ void UserCloudPolicyManagerChromeOS::OnRegistrationStateChanged(
void UserCloudPolicyManagerChromeOS::OnClientError(
CloudPolicyClient* cloud_policy_client) {
DCHECK_EQ(client(), cloud_policy_client);
- if (wait_for_policy_fetch_) {
+ if (waiting_for_initial_policy_fetch_) {
UMA_HISTOGRAM_SPARSE_SLOWLY(kUMAInitialFetchClientError,
cloud_policy_client->status());
}
@@ -404,7 +408,7 @@ void UserCloudPolicyManagerChromeOS::OnOAuth2PolicyTokenFetched(
const GoogleServiceAuthError& error) {
DCHECK(!client()->is_registered());
time_token_available_ = base::Time::Now();
- if (wait_for_policy_fetch_) {
+ if (waiting_for_initial_policy_fetch_) {
UMA_HISTOGRAM_MEDIUM_TIMES(kUMAInitialFetchDelayOAuth2Token,
time_token_available_ - time_init_completed_);
}
@@ -445,14 +449,14 @@ void UserCloudPolicyManagerChromeOS::OnInitialPolicyFetchComplete(
}
void UserCloudPolicyManagerChromeOS::OnBlockingFetchTimeout() {
- DCHECK(wait_for_policy_fetch_);
+ DCHECK(waiting_for_initial_policy_fetch_);
LOG(WARNING) << "Timed out while waiting for the policy fetch. "
<< "The session will start with the cached policy.";
CancelWaitForPolicyFetch(false);
}
void UserCloudPolicyManagerChromeOS::CancelWaitForPolicyFetch(bool success) {
- if (!wait_for_policy_fetch_)
+ if (!waiting_for_initial_policy_fetch_)
return;
policy_fetch_timeout_.Stop();
@@ -461,7 +465,7 @@ void UserCloudPolicyManagerChromeOS::CancelWaitForPolicyFetch(bool success) {
// to go forward after a failed policy fetch, then just return (profile
// initialization will not complete).
// TODO(atwilson): Add code to retry policy fetching.
- if (!success && !allow_failed_policy_fetches_) {
+ if (!success && !initial_policy_fetch_may_fail_) {
LOG(ERROR) << "Policy fetch failed for the user. "
"Aborting profile initialization";
// Need to exit the current user, because we've already started this user's
@@ -470,10 +474,11 @@ void UserCloudPolicyManagerChromeOS::CancelWaitForPolicyFetch(bool success) {
return;
}
- wait_for_policy_fetch_ = false;
+ waiting_for_initial_policy_fetch_ = false;
+
CheckAndPublishPolicy();
- // Now that |wait_for_policy_fetch_| is guaranteed to be false, the scheduler
- // can be started.
+ // Now that |waiting_for_initial_policy_fetch_| is guaranteed to be false, the
+ // scheduler can be started.
StartRefreshSchedulerIfReady();
}
@@ -481,7 +486,7 @@ void UserCloudPolicyManagerChromeOS::StartRefreshSchedulerIfReady() {
if (core()->refresh_scheduler())
return; // Already started.
- if (wait_for_policy_fetch_)
+ if (waiting_for_initial_policy_fetch_)
return; // Still waiting for the initial, blocking fetch.
if (!service() || !local_state_)

Powered by Google App Engine
This is Rietveld 408576698