Only perform forced re-enrollment in official builds.

There is no reason chromium builds should hit Google servers by default. While at it, make the auto-enrollment mode decisions more explicit in the code. BUG=chromium:358585 Review URL: https://codereview.chromium.org/220933003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261525 0039d316-1c4b-4281-b951-d872f2087c98

Only perform forced re-enrollment in official builds.
There is no reason chromium builds should hit Google servers by default. While at it, make the auto-enrollment mode decisions more explicit in the code. BUG=chromium:358585 Review URL: https://codereview.chromium.org/220933003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@261525 0039d316-1c4b-4281-b951-d872f2087c98
48e24b0d · mnissler@chromium.org · 1164c20c · 48e24b0d · 48e24b0d · 48e24b0d
Commit 48e24b0d authored Apr 03, 2014 by mnissler@chromium.org
5 changed files
--- a/chrome/browser/chromeos/login/enrollment/auto_enrollment_check_step.cc
+++ b/chrome/browser/chromeos/login/enrollment/auto_enrollment_check_step.cc
@@ -29,8 +29,8 @@ AutoEnrollmentCheckStep::~AutoEnrollmentCheckStep() {
 }

 void AutoEnrollmentCheckStep::Start() {
-  if (!CommandLine::ForCurrentProcess()->HasSwitch(
-          chromeos::switches::kEnterpriseEnableForcedReEnrollment)) {
+  if (AutoEnrollmentController::GetMode() !=
+      AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT) {
    SignalCompletion();
    return;
  }

--- a/chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.cc
+++ b/chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.cc
@@ -49,6 +49,36 @@ int GetSanitizedArg(const std::string& switch_name) {

 }  // namespace

+const char AutoEnrollmentController::kForcedReEnrollmentAlways[] = "always";
+const char AutoEnrollmentController::kForcedReEnrollmentLegacy[] = "legacy";
+const char AutoEnrollmentController::kForcedReEnrollmentNever[] = "never";
+const char AutoEnrollmentController::kForcedReEnrollmentOfficialBuild[] =
+    "official";
+
+AutoEnrollmentController::Mode AutoEnrollmentController::GetMode() {
+  CommandLine* command_line = CommandLine::ForCurrentProcess();
+
+  if (!command_line->HasSwitch(switches::kEnterpriseEnableForcedReEnrollment))
+    return MODE_LEGACY_AUTO_ENROLLMENT;
+
+  std::string command_line_mode = command_line->GetSwitchValueASCII(
+      switches::kEnterpriseEnableForcedReEnrollment);
+  if (command_line_mode == kForcedReEnrollmentAlways) {
+    return MODE_FORCED_RE_ENROLLMENT;
+  } else if (command_line_mode.empty() ||
+             command_line_mode == kForcedReEnrollmentOfficialBuild) {
+#if defined(OFFICIAL_BUILD)
+    return MODE_FORCED_RE_ENROLLMENT;
+#else
+    return MODE_NONE;
+#endif
+  } else if (command_line_mode == kForcedReEnrollmentLegacy) {
+    return MODE_LEGACY_AUTO_ENROLLMENT;
+  }
+
+  return MODE_NONE;
+}
+
 AutoEnrollmentController::AutoEnrollmentController()
    : state_(policy::AUTO_ENROLLMENT_STATE_IDLE),
      weak_factory_(this) {}
@@ -63,12 +93,15 @@ void AutoEnrollmentController::Start() {
  // Do not communicate auto-enrollment data to the server if
  // 1. we are running integration or perf tests with telemetry.
  // 2. modulus configuration is not present.
+  // 3. Auto-enrollment is disabled via the command line.
+
  CommandLine* command_line = CommandLine::ForCurrentProcess();
  if (command_line->HasSwitch(chromeos::switches::kOobeSkipPostLogin) ||
      (!command_line->HasSwitch(
           chromeos::switches::kEnterpriseEnrollmentInitialModulus) &&
       !command_line->HasSwitch(
-           chromeos::switches::kEnterpriseEnrollmentModulusLimit))) {
+           chromeos::switches::kEnterpriseEnrollmentModulusLimit)) ||
+      GetMode() == MODE_NONE) {
    VLOG(1) << "Auto-enrollment disabled.";
    UpdateState(policy::AUTO_ENROLLMENT_STATE_NO_ENROLLMENT);
    return;
@@ -106,9 +139,8 @@ AutoEnrollmentController::RegisterProgressCallback(
 }

 bool AutoEnrollmentController::ShouldEnrollSilently() {
-  return !CommandLine::ForCurrentProcess()->HasSwitch(
-             chromeos::switches::kEnterpriseEnableForcedReEnrollment) &&
-         state_ == policy::AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT;
+  return state_ == policy::AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT &&
+         GetMode() == MODE_LEGACY_AUTO_ENROLLMENT;
 }

 void AutoEnrollmentController::OnOwnershipStatusCheckDone(
@@ -138,8 +170,7 @@ void AutoEnrollmentController::OnOwnershipStatusCheckDone(

  bool retrieve_device_state = false;
  std::string device_id;
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          chromeos::switches::kEnterpriseEnableForcedReEnrollment)) {
+  if (GetMode() == MODE_FORCED_RE_ENROLLMENT) {
    retrieve_device_state = true;
    device_id =
        policy::DeviceCloudPolicyManagerChromeOS::GetCurrentDeviceStateKey();

--- a/chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h
+++ b/chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h
@@ -21,6 +21,26 @@ class AutoEnrollmentController {
  typedef base::CallbackList<void(policy::AutoEnrollmentState)>
      ProgressCallbackList;

+  // Parameter values for the kEnterpriseEnableForcedReEnrollment flag.
+  static const char kForcedReEnrollmentAlways[];
+  static const char kForcedReEnrollmentLegacy[];
+  static const char kForcedReEnrollmentNever[];
+  static const char kForcedReEnrollmentOfficialBuild[];
+
+  // Auto-enrollment modes.
+  enum Mode {
+    // No automatic enrollment.
+    MODE_NONE,
+    // Legacy auto-enrollment.
+    MODE_LEGACY_AUTO_ENROLLMENT,
+    // Forced re-enrollment.
+    MODE_FORCED_RE_ENROLLMENT,
+  };
+
+  // Gets the auto-enrollment mode based on command-line flags and official
+  // build status.
+  static Mode GetMode();
+
  AutoEnrollmentController();
  ~AutoEnrollmentController();


--- a/chrome/browser/chromeos/login/wizard_controller_browsertest.cc
+++ b/chrome/browser/chromeos/login/wizard_controller_browsertest.cc
@@ -524,8 +524,9 @@ class WizardControllerEnrollmentFlowTest : public WizardControllerFlowTest {
  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
    WizardControllerFlowTest::SetUpCommandLine(command_line);

-    command_line->AppendSwitch(
-        switches::kEnterpriseEnableForcedReEnrollment);
+    command_line->AppendSwitchASCII(
+        switches::kEnterpriseEnableForcedReEnrollment,
+        chromeos::AutoEnrollmentController::kForcedReEnrollmentAlways);
    command_line->AppendSwitchASCII(
        switches::kEnterpriseEnrollmentInitialModulus, "1");
    command_line->AppendSwitchASCII(

--- a/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.cc
@@ -14,6 +14,7 @@
 #include "base/time/time.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chromeos/attestation/attestation_policy_observer.h"
+#include "chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
 #include "chrome/browser/chromeos/policy/enrollment_handler_chromeos.h"
@@ -305,8 +306,8 @@ scoped_ptr<CloudPolicyClient> DeviceCloudPolicyManagerChromeOS::CreateClient() {

  // Set state keys to upload immediately after creation so the first policy
  // fetch submits them to the server.
-  if (CommandLine::ForCurrentProcess()->HasSwitch(
-          chromeos::switches::kEnterpriseEnableForcedReEnrollment)) {
+  if (chromeos::AutoEnrollmentController::GetMode() ==
+      chromeos::AutoEnrollmentController::MODE_FORCED_RE_ENROLLMENT) {
    std::vector<std::string> state_keys;
    if (GetDeviceStateKeys(base::Time::Now(), &state_keys))
      client->SetStateKeysToUpload(state_keys);