Add a flag to control whether to use PSM or not

By default the absence of the flag means that the feature is disabled.
This is to protect code while in development.

Bug: chromium:1098854
Test: Manual
Change-Id: I20063bf28ea74d9aeaa1bb541809fc6ab7162c74
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2264577
Commit-Queue: Sergey Poromov <poromov@chromium.org>
Reviewed-by: Sergey Poromov <poromov@chromium.org>
Auto-Submit: Yves Arrouye <drcrash@chromium.org>
Cr-Commit-Position: refs/heads/master@{#782032}

chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.cc

@@ -325,6 +325,9 @@ const char AutoEnrollmentController::kInitialEnrollmentNever[] = "never";
 const char AutoEnrollmentController::kInitialEnrollmentOfficialBuild[] =
     "official";
 
+const char AutoEnrollmentController::kEnablePsmAlways[] = "always";
+const char AutoEnrollmentController::kEnablePsmNever[] = "never";
+
 // static
 bool AutoEnrollmentController::IsFREEnabled() {
   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
@@ -371,6 +374,26 @@ bool AutoEnrollmentController::IsInitialEnrollmentEnabled() {
   return false;
 }
 
+// static
+bool AutoEnrollmentController::IsPrivateSetMembershipEnabled() {
+  base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
+
+  if (!command_line->HasSwitch(switches::kEnterpriseEnablePrivateSetMembership))
+    return false;  // Disabled by default.
+
+  std::string command_line_mode = command_line->GetSwitchValueASCII(
+      switches::kEnterpriseEnablePrivateSetMembership);
+  if (command_line_mode.empty() || command_line_mode == kEnablePsmAlways)
+    return true;
+
+  if (command_line_mode == kEnablePsmNever) {
+    return false;
+  }
+
+  LOG(FATAL) << "Unknown PSM enablement mode: " << command_line_mode << ".";
+  return false;
+}
+
 // static
 bool AutoEnrollmentController::IsEnabled() {
   return IsFREEnabled() || IsInitialEnrollmentEnabled();

chrome/browser/chromeos/login/enrollment/auto_enrollment_controller.h

@@ -45,6 +45,10 @@ class AutoEnrollmentController {
   static const char kInitialEnrollmentNever[];
   static const char kInitialEnrollmentOfficialBuild[];
 
+  // Parameter values for the kEnterpriseEnablePrivateSetMembership flag.
+  static const char kEnablePsmAlways[];
+  static const char kEnablePsmNever[];
+
   // Requirement for forced re-enrollment check.
   enum class FRERequirement {
     // The device was setup (has kActivateDateKey) but doesn't have the
@@ -100,6 +104,10 @@ class AutoEnrollmentController {
   // Returns true if any either FRE or initial enrollment are enabled.
   static bool IsEnabled();
 
+  // Returns true if the use of private set membership is enabled based on
+  // command-line flags.
+  static bool IsPrivateSetMembershipEnabled();
+
   // Returns whether the FRE auto-enrollment check is required. When
   // kCheckEnrollmentKey VPD entry is present, it is explicitly stating whether
   // the forced re-enrollment is required or not. Otherwise, for backward

chromeos/constants/chromeos_switches.cc

@@ -302,6 +302,9 @@ const char kEnterpriseEnableForcedReEnrollment[] =
 const char kEnterpriseEnableInitialEnrollment[] =
     "enterprise-enable-initial-enrollment";
 
+// Whether to enable private set membership queries.
+const char kEnterpriseEnablePrivateSetMembership[] = "enterprise-enable-psm";
+
 // Enables the zero-touch enterprise enrollment flow.
 const char kEnterpriseEnableZeroTouchEnrollment[] =
     "enterprise-enable-zero-touch-enrollment";

chromeos/constants/chromeos_switches.h

@@ -128,6 +128,8 @@ extern const char kEnterpriseEnableForcedReEnrollment[];
 COMPONENT_EXPORT(CHROMEOS_CONSTANTS)
 extern const char kEnterpriseEnableInitialEnrollment[];
 COMPONENT_EXPORT(CHROMEOS_CONSTANTS)
+extern const char kEnterpriseEnablePrivateSetMembership[];
+COMPONENT_EXPORT(CHROMEOS_CONSTANTS)
 extern const char kEnterpriseEnableZeroTouchEnrollment[];
 COMPONENT_EXPORT(CHROMEOS_CONSTANTS)
 extern const char kEnterpriseEnrollmentInitialModulus[];