DeviceCloudPolicyStore should load consumer policies so that other classes may function normally.

chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
 
 #include "base/bind.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
 #include "base/sequenced_task_runner.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
 #include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
 #include "chrome/browser/chromeos/policy/enterprise_install_attributes.h"
 #include "chrome/browser/chromeos/policy/proto/chrome_device_policy.pb.h"
 #include "components/ownership/owner_key_util.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
 #include "policy/proto/device_management_backend.pb.h"
 
 namespace em = enterprise_management;
 
 namespace policy {
 
 DeviceCloudPolicyStoreChromeOS::DeviceCloudPolicyStoreChromeOS(
     chromeos::DeviceSettingsService* device_settings_service,
     EnterpriseInstallAttributes* install_attributes,
     scoped_refptr<base::SequencedTaskRunner> background_task_runner)
@@ skipping 103 matching lines @@
       validator->policy().Pass(),
       base::Bind(&DeviceCloudPolicyStoreChromeOS::OnPolicyStored,
                  weak_factory_.GetWeakPtr()));
 }
 
 void DeviceCloudPolicyStoreChromeOS::OnPolicyStored() {
   UpdateFromService();
 }
 
 void DeviceCloudPolicyStoreChromeOS::UpdateFromService() {
+  const em::PolicyData* policy_data = device_settings_service_->policy_data();
+  if (policy_data) {
+    const ManagementMode management_mode = GetManagementMode(*policy_data);
+    if (management_mode == MANAGEMENT_MODE_CONSUMER_MANAGED ||
+        (management_mode == MANAGEMENT_MODE_LOCAL_OWNER &&
+         policy() &&
+         GetManagementMode(*policy()) == MANAGEMENT_MODE_CONSUMER_MANAGED)) {
+      // For consumer-managed devices, or devices that were consumer-managed
+      // and are now unmanaged, we clear the policy data and set the status to
+      // success. The management mode is propagated so that the store knows if
+      // it is consumer-managed.
+      policy_.reset(new em::PolicyData());

[Mattias Nissler (ping if slow), 2014/12/05 12:28:37]

Why can't you just copy device_settings_service_->policy_data?

+      policy_->set_management_mode(policy_data->management_mode());
+      PolicyMap new_policy_map;
+      policy_map_.Swap(&new_policy_map);

[Mattias Nissler (ping if slow), 2014/12/05 12:28:37]

Instead of swapping in an empty map, you could just call policy_map_.Clear().

+      status_ = STATUS_OK;
+      NotifyStoreLoaded();
+      return;
+    }
+  }
+
   if (!install_attributes_->IsEnterpriseDevice()) {
     status_ = STATUS_BAD_STATE;
     NotifyStoreError();
     return;
   }
 
   // Once per session, validate internal consistency of enrollment state (DM
   // token must be present on enrolled devices) and in case of failure set flag
   // to indicate that recovery is required.
   const chromeos::DeviceSettingsService::Status status =
       device_settings_service_->status();
   switch (status) {
     case chromeos::DeviceSettingsService::STORE_SUCCESS:
     case chromeos::DeviceSettingsService::STORE_KEY_UNAVAILABLE:
     case chromeos::DeviceSettingsService::STORE_NO_POLICY:
     case chromeos::DeviceSettingsService::STORE_INVALID_POLICY:
     case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR: {
       if (!enrollment_validation_done_) {
         enrollment_validation_done_ = true;
         const bool has_dm_token =
             status == chromeos::DeviceSettingsService::STORE_SUCCESS &&
-            device_settings_service_->policy_data() &&
-            device_settings_service_->policy_data()->has_request_token();
+            policy_data &&
+            policy_data->has_request_token();
 
         // At the time LoginDisplayHostImpl decides whether enrollment flow is
         // to be started, policy hasn't been read yet.  To work around this,
         // once the need for recovery is detected upon policy load, a flag is
         // stored in prefs which is accessed by LoginDisplayHostImpl early
         // during (next) boot.
         if (!has_dm_token) {
           LOG(ERROR) << "Device policy read on enrolled device yields "
                      << "no DM token! Status: " << status << ".";
           chromeos::StartupUtils::MarkEnrollmentRecoveryRequired();
         }
         UMA_HISTOGRAM_BOOLEAN("Enterprise.EnrolledPolicyHasDMToken",
                               has_dm_token);
       }
       break;
     }
     case chromeos::DeviceSettingsService::STORE_POLICY_ERROR:
     case chromeos::DeviceSettingsService::STORE_OPERATION_FAILED:
     case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR:
       // Do nothing for write errors or transient read errors.
       break;
   }
 
   switch (status) {
     case chromeos::DeviceSettingsService::STORE_SUCCESS: {
       status_ = STATUS_OK;
       policy_.reset(new em::PolicyData());
-      if (device_settings_service_->policy_data())
-        policy_->MergeFrom(*device_settings_service_->policy_data());
+      if (policy_data)
+        policy_->MergeFrom(*policy_data);
 
       PolicyMap new_policy_map;
       if (is_managed()) {
         DecodeDevicePolicy(*device_settings_service_->device_settings(),
                            &new_policy_map, install_attributes_);
       }
       policy_map_.Swap(&new_policy_map);
 
       NotifyStoreLoaded();
       return;
@@ skipping 10 matching lines @@
     case chromeos::DeviceSettingsService::STORE_VALIDATION_ERROR:
     case chromeos::DeviceSettingsService::STORE_TEMP_VALIDATION_ERROR:
       status_ = STATUS_LOAD_ERROR;
       break;
   }
 
   NotifyStoreError();
 }
 
 }  // namespace policy