Fix up Owner settings on first load

chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc

Index: chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc
diff --git a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc
index 48a81cb418a7dca2df0e0da89efb161a3cb84440..9909e3f95bce20ff377c0ca164592248f03a4be6 100644
--- a/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc
+++ b/chrome/browser/chromeos/ownership/owner_settings_service_chromeos.cc
@@ -4,6 +4,7 @@
 
 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos.h"
 
+#include <algorithm>
 #include <string>
 
 #include "base/bind.h"
@@ -15,7 +16,6 @@
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/chromeos/ownership/owner_settings_service_chromeos_factory.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
-#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "chrome/browser/chromeos/settings/device_settings_provider.h"
 #include "chrome/browser/chromeos/settings/session_manager_operation.h"
@@ -174,7 +174,6 @@ bool CheckManagementModeTransition(policy::ManagementMode current_mode,
   NOTREACHED();
   return false;
 }
-
 }  // namespace
 
 OwnerSettingsServiceChromeOS::ManagementSettings::ManagementSettings() {
@@ -414,7 +413,7 @@ void OwnerSettingsServiceChromeOS::IsOwnerForSafeModeAsync(
 scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy(
     const std::string& user_id,
     const em::PolicyData* policy_data,
-    const em::ChromeDeviceSettingsProto* settings) {
+    em::ChromeDeviceSettingsProto* settings) {
   scoped_ptr<em::PolicyData> policy(new em::PolicyData());
   if (policy_data) {
     // Preserve management settings.
@@ -429,6 +428,14 @@ scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy(
     // setting is set. We set the management mode to LOCAL_OWNER initially.
     policy->set_management_mode(em::PolicyData::LOCAL_OWNER);
   }
+  // Perform fixups required to ensure sensical local-owner device policy:
+  //  1) The owner must be in the username field,
+  //  2) user whitelisting must be explicitly allowed or disallowed, and
+  //  3) the owner user must be on the whitelist, if it's enforced.
+  // We can enforce the first two here, but need to check the whitelist before
+  // modifying it, so that will be taken care of in a separate class.

[Mattias Nissler (ping if slow), 2015/03/18 08:36:42]

stale comment

[Chris Masone, 2015/03/24 20:53:36]

Done.

+  if (policy->management_mode() == em::PolicyData::LOCAL_OWNER)

[Mattias Nissler (ping if slow), 2015/03/18 08:36:41]

I think you want to do this both for LOCAL_OWNER and CONSUMER_MANAGED, as the
owner key is controlled by a local account in both cases.

[Chris Masone, 2015/03/24 20:53:36]

Done.

[Chris Masone, 2015/03/24 20:53:36]

Done.

+    FixupLocalOwnerPolicy(user_id, settings);
   policy->set_policy_type(policy::dm_protocol::kChromeDevicePolicyType);
   policy->set_timestamp(
       (base::Time::Now() - base::Time::UnixEpoch()).InMilliseconds());
@@ -440,6 +447,21 @@ scoped_ptr<em::PolicyData> OwnerSettingsServiceChromeOS::AssemblePolicy(
 }
 
 // static
+void OwnerSettingsServiceChromeOS::FixupLocalOwnerPolicy(
+    const std::string& user_id,
+    enterprise_management::ChromeDeviceSettingsProto* settings) {
+  if (!settings->has_allow_new_users())
+    settings->mutable_allow_new_users()->set_allow_new_users(true);
+
+  em::UserWhitelistProto* whitelist_proto = settings->mutable_user_whitelist();
+  if (whitelist_proto->user_whitelist().end() ==
+      std::find(whitelist_proto->user_whitelist().begin(),
+                whitelist_proto->user_whitelist().end(), user_id)) {
+    whitelist_proto->add_user_whitelist(user_id);
+  }
+}
+
+// static
 void OwnerSettingsServiceChromeOS::UpdateDeviceSettings(
     const std::string& path,
     const base::Value& value,