[login_manager] Code to add the owner to the whitelist in a device policy

device_policy.h

 // Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef LOGIN_MANAGER_DEVICE_POLICY_H_
 #define LOGIN_MANAGER_DEVICE_POLICY_H_
 
+#include <glib.h>
 #include <string>
 
 #include <base/basictypes.h>
 #include <base/file_path.h>
 
 #include "login_manager/bindings/device_management_backend.pb.h"
 
 namespace login_manager {
+class OwnerKey;
 
 // This class holds device settings that are to be enforced across all users.
 //
 // If there is a policy on disk at creation time, we will load it
 // along with its signature.  A new policy and its attendant signature can
 // be set at any time and persisted to disk on-demand.
 //
 // THIS CLASS DOES NO SIGNATURE VALIDATION.
 class DevicePolicy {
  public:
   explicit DevicePolicy(const FilePath& policy_path);
   virtual ~DevicePolicy();
 
   // Load the signed policy off of disk into |policy_|.
   // Returns true unless there is a policy on disk and loading it fails.
   virtual bool LoadOrCreate();
 
-  virtual bool Get(std::string* output) const;
+  virtual const enterprise_management::PolicyFetchResponse& Get() const;

[gauravsh, 2011/04/08 04:58:49]

What does this do?

[Chris Masone, 2011/04/08 05:57:41]

It gets a const reference to the PolicyFetchResponse that lives in this
object...I felt like commenting this would be a "x = x + 1;  // Adds 1 to x."
situation.

 
   // Persist |policy_| to disk at |policy_file_|
   // Returns false if there's an error while writing data.
   virtual bool Persist();
 
+  virtual bool SerializeToString(std::string* output) const;

[gauravsh, 2011/04/08 04:58:49]

what does this do?

[Chris Masone, 2011/04/08 05:57:41]

Serializes the policy into the passed-in string object.  Kinda felt the same as
above.

[gauravsh, 2011/04/08 18:07:47]

Yeah, reading the full class definition provides the proper context.

+
   // Clobber the stored policy with new data.
   virtual void Set(const enterprise_management::PolicyFetchResponse& policy);
 
+  // Assuming the current user has access to the owner private key
+  // (read: is the owner), this call whitelists |current_user_| and sets a
+  // property indicating |current_user_| is the owner in the current policy
+  // and schedules a PersistPolicy().
+  // Returns false on failure, with |error| set appropriately.
+  // |error| can be NULL, should you wish to ignore the particulars.
+  bool StoreOwnerProperties(OwnerKey* key,
+                            const std::string& current_user,
+                            GError** error);
+
   static const char kDefaultPath[];
+  static const char kDevicePolicyType[];

[gauravsh, 2011/04/08 04:58:49]

Maybe this is documented elsewhere but what is the format of kDevicePolicyType?

[Chris Masone, 2011/04/08 05:57:41]

it is...I'll put a pointer to it here.

 
  private:
   enterprise_management::PolicyFetchResponse policy_;
   const FilePath policy_path_;
 
   DISALLOW_COPY_AND_ASSIGN(DevicePolicy);
 };
 }  // namespace login_manager
 
 #endif  // LOGIN_MANAGER_DEVICE_POLICY_H_