Be more picky in triggering enrollment recovery.

chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/sequenced_task_runner.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "chrome/browser/chromeos/settings/owner_key_util.h"
 #include "policy/proto/device_management_backend.pb.h"
 
 namespace em = enterprise_management;
 
 namespace policy {
 
 DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS(
     chromeos::DeviceSettingsService* device_settings_service,
     EnterpriseInstallAttributes* install_attributes,
     scoped_refptr<base::SequencedTaskRunner> background_task_runner)
     : device_settings_service_(device_settings_service),
       install_attributes_(install_attributes),
       background_task_runner_(background_task_runner),
-      first_update_(true),
+      enrollment_validation_done_(false),
       weak_factory_(this) {
   device_settings_service_->AddObserver(this);
 }
 
 DeviceCloudPolicyStoreChromeOS::~DeviceCloudPolicyStoreChromeOS() {
   device_settings_service_->RemoveObserver(this);
 }
 
 void DeviceCloudPolicyStoreChromeOS::Store(
     const em::PolicyFetchResponse& policy) {
@@ skipping 91 matching lines @@
   UpdateFromService();
 }
 
 void DeviceCloudPolicyStoreChromeOS::UpdateFromService() {
   if (!install_attributes_->IsEnterpriseDevice()) {
     status_ = STATUS_BAD_STATE;
     NotifyStoreError();
     return;
   }
 
-  // Fill UMA histogram once per session.  Skip temp validation error because it
-  // is not a definitive result (policy load will be retried).
+  // Once per session, validate internal consistency of enrollment state (DM
+  // token must be present on enrolled devices) and in case of failure set flag
+  // to indicate that recovery is required.
   const chromeos::DeviceSettingsService::Status status =
       device_settings_service_->status();
-  if (first_update_ &&
-      status != chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR) {
-    first_update_ = false;
-    const bool has_dm_token =
-        status == chromeos::DeviceSettingsService::STORE_SUCCESS &&
-        device_settings_service_->policy_data() &&
-        device_settings_service_->policy_data()->has_request_token();
+  switch (status) {
+    case chromeos::DeviceSettingsService::STORE_SUCCESS:
+    case chromeos::DeviceSettingsService::STORE_KEY_UNAVAILABLE:
+    case chromeos::DeviceSettingsService::STORE_NO_POLICY:
+    case chromeos::DeviceSettingsService::STORE_INVALID_POLICY:
+    case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: {
+      if (!enrollment_validation_done_) {
+        enrollment_validation_done_ = true;
+        const bool has_dm_token =
+            status == chromeos::DeviceSettingsService::STORE_SUCCESS &&
+            device_settings_service_->policy_data() &&
+            device_settings_service_->policy_data()->has_request_token();
 
-    // At the time LoginDisplayHostImpl decides whether enrollment flow is to be
-    // started, policy hasn't been read yet, so LoginDisplayHostImpl is not in a
-    // position to decide whether recovery is required.  To work around this,
-    // upon policy load on machines requiring recovery, a flag is stored in
-    // prefs which is accessed by LoginDisplayHostImpl early during (next) boot.
-    if (!has_dm_token) {
-      LOG(ERROR) << "Policy read on enrolled device yields no DM token! "
-                 << "Status: " << status << ".";
-      chromeos::StartupUtils::MarkEnrollmentRecoveryRequired();
+        // At the time LoginDisplayHostImpl decides whether enrollment flow is
+        // to be started, policy hasn't been read yet.  To work around this,
+        // once the need for recovery is detected upon policy load, a flag is
+        // stored in prefs which is accessed by LoginDisplayHostImpl early
+        // during (next) boot.
+        if (!has_dm_token) {
+          LOG(ERROR) << "Device policy read on enrolled device yields "
+                     << "no DM token! Status: " << status << ".";
+          chromeos::StartupUtils::MarkEnrollmentRecoveryRequired();
+        }
+        UMA_HISTOGRAM_BOOLEAN("Enterprise.EnrolledPolicyHasDMToken",
+                              has_dm_token);
+      }
+      break;
     }
-    UMA_HISTOGRAM_BOOLEAN("Enterprise.EnrolledPolicyHasDMToken", has_dm_token);
+    case chromeos::DeviceSettingsService::STORE_POLICY_ERROR:
+    case chromeos::DeviceSettingsService::STORE_OPERATION_FAILED:
+    case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR:
+      // Do nothing for write errors or transient read errors.
+      break;
   }
 
-  switch (device_settings_service_->status()) {
+  switch (status) {
     case chromeos::DeviceSettingsService::STORE_SUCCESS: {
       status_ = STATUS_OK;
       policy_.reset(new em::PolicyData());
       if (device_settings_service_->policy_data())
         policy_->MergeFrom(*device_settings_service_->policy_data());
 
       PolicyMap new_policy_map;
       if (is_managed()) {
         DecodeDevicePolicy(*device_settings_service_->device_settings(),
                            &new_policy_map, install_attributes_);
@@ skipping 15 matching lines @@
     case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR:
     case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR:
       status_ = STATUS_LOAD_ERROR;
       break;
   }
 
   NotifyStoreError();
 }
 
 }  // namespace policy