Default values for enterprise users are supported.

BUG=402800

Review URL: https://codereview.chromium.org/519643002

Cr-Commit-Position: refs/heads/master@{#293480}

chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc

@@ -280,25 +280,12 @@ void UserCloudPolicyManagerChromeOS::OnComponentCloudPolicyUpdated() {
 void UserCloudPolicyManagerChromeOS::GetChromePolicy(PolicyMap* policy_map) {
   CloudPolicyManager::GetChromePolicy(policy_map);
 
-  // Default multi-profile behavior for managed accounts to primary-only.
-  if (store()->has_policy() &&
-      !policy_map->Get(key::kChromeOsMultiProfileUserBehavior)) {
-    policy_map->Set(key::kChromeOsMultiProfileUserBehavior,
-                    POLICY_LEVEL_MANDATORY,
-                    POLICY_SCOPE_USER,
-                    new base::StringValue("primary-only"),
-                    NULL);
-  }
-
-  // Set EasyUnlockAllowed policy to false by default for managed accounts.
-  if (store()->has_policy() &&
-      !policy_map->Get(key::kEasyUnlockAllowed)) {
-    policy_map->Set(key::kEasyUnlockAllowed,
-                    POLICY_LEVEL_MANDATORY,
-                    POLICY_SCOPE_USER,
-                    new base::FundamentalValue(false),
-                    NULL);
-  }
+  // If the store has a verified policy blob received from the server then apply
+  // the defaults for policies that haven't been configured by the administrator
+  // given that this is an enterprise user.
+  if (!store()->has_policy())
+    return;
+  SetEnterpriseUsersDefaults(policy_map);
 }
 
 void UserCloudPolicyManagerChromeOS::FetchPolicyOAuthTokenUsingSigninProfile() {

chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.h

@@ -150,7 +150,7 @@ class UserCloudPolicyManagerChromeOS : public CloudPolicyManager,
   // IsInitializationComplete().
   bool wait_for_policy_fetch_;
 
-  // A timer that puts a hard limit on the maximum time to wait for the intial
+  // A timer that puts a hard limit on the maximum time to wait for the initial
   // policy fetch.
   base::Timer policy_fetch_timeout_;
 

components/policy/core/common/generate_policy_source_unittest.cc

@@ -173,4 +173,30 @@ TEST(GeneratePolicySource, PolicyDetails) {
   // than 0, once a type 'external' policy is added.
 }
 
+#if defined(OS_CHROMEOS)
+TEST(GeneratePolicySource, SetEnterpriseDefaults) {
+  PolicyMap policy_map;
+
+  // If policy not configured yet, set the enterprise default.
+  SetEnterpriseUsersDefaults(&policy_map);
+
+  const base::Value* multiprof_behavior =
+      policy_map.GetValue(key::kChromeOsMultiProfileUserBehavior);
+  base::StringValue expected("primary-only");
+  EXPECT_TRUE(expected.Equals(multiprof_behavior));
+
+  // If policy already configured, it's not changed to enterprise defaults.
+  policy_map.Set(key::kChromeOsMultiProfileUserBehavior,
+                 POLICY_LEVEL_MANDATORY,
+                 POLICY_SCOPE_USER,
+                 new base::StringValue("test_value"),
+                 NULL);
+  SetEnterpriseUsersDefaults(&policy_map);
+  multiprof_behavior =
+      policy_map.GetValue(key::kChromeOsMultiProfileUserBehavior);
+  expected = base::StringValue("test_value");
+  EXPECT_TRUE(expected.Equals(multiprof_behavior));
+}
+#endif
+
 }  // namespace policy

components/policy/resources/policy_templates.json

@@ -134,6 +134,10 @@
 #   that this policy is only supported as a device-level Cloud Policy.
 #   In that case no entry in the UserPolicy Protobuf is generated and
 #   it is assumed that it will be added to the DevicePolicy Protobuf manually.
+#
+# Enterprise defaults:
+#   An optional key 'default_for_enterprise_users' contains value that's set for
+#   enterprise users as a default.
 #
   'policy_definitions': [
     {
@@ -3143,6 +3147,7 @@
         'per_profile': True,
       },
       'example_value': 'unrestricted',
+      'default_for_enterprise_users': 'primary-only',
       'id': 244,
       'caption': '''Control the user behavior in a multiprofile session''',
       'desc': '''Control the user behavior in a multiprofile session on <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> devices.
@@ -6604,6 +6609,7 @@
         'per_profile': True,
       },
       'example_value': True,
+      'default_for_enterprise_users': False,
       'id': 272,
       'caption': '''Allows EasyUnlock to be used''',
       'desc': '''Allows EasyUnlock to be used on <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> devices.

components/policy/tools/generate_policy_source.py

@@ -57,6 +57,9 @@ class PolicyDetails:
     self.is_deprecated = policy.get('deprecated', False)
     self.is_device_only = policy.get('device_only', False)
     self.schema = policy.get('schema', {})
+    self.has_enterprise_default = 'default_for_enterprise_users' in policy
+    if self.has_enterprise_default:
+      self.enterprise_default = policy['default_for_enterprise_users']
 
     expected_platform = 'chrome_os' if is_chromium_os else os.lower()
     self.platforms = []
@@ -216,6 +219,7 @@ def _WritePolicyConstantHeader(policies, os, f):
           '#include "base/basictypes.h"\n'
           '#include "base/values.h"\n'
           '#include "components/policy/core/common/policy_details.h"\n'
+          '#include "components/policy/core/common/policy_map.h"\n'
           '\n'
           'namespace policy {\n'
           '\n'
@@ -228,7 +232,12 @@ def _WritePolicyConstantHeader(policies, os, f):
             'configuration resides.\n'
             'extern const wchar_t kRegistryChromePolicyKey[];\n')
 
-  f.write('// Returns the PolicyDetails for |policy| if |policy| is a known\n'
+  f.write('#if defined (OS_CHROMEOS)\n'
+          '// Sets default values for enterprise users.\n'
+          'void SetEnterpriseUsersDefaults(PolicyMap* policy_map);\n'
+          '#endif\n'
+          '\n'
+          '// Returns the PolicyDetails for |policy| if |policy| is a known\n'
           '// Chrome policy, otherwise returns NULL.\n'
           'const PolicyDetails* GetChromePolicyDetails('
               'const std::string& policy);\n'
@@ -630,6 +639,35 @@ def _WritePolicyConstantSource(policies, os, f):
           '  return &kChromeSchemaData;\n'
           '}\n\n')
 
+  f.write('#if defined (OS_CHROMEOS)\n'
+          'void SetEnterpriseUsersDefaults(PolicyMap* policy_map) {\n')
+
+  for policy in policies:
+    if policy.has_enterprise_default:
+      if policy.policy_type == 'TYPE_BOOLEAN':
+        creation_expression = 'new base::FundamentalValue(%s)' %\
+                              ('true' if policy.enterprise_default else 'false')
+      elif policy.policy_type == 'TYPE_INTEGER':
+        creation_expression = 'new base::FundamentalValue(%s)' %\
+                              policy.enterprise_default
+      elif policy.policy_type == 'TYPE_STRING':
+        creation_expression = 'new base::StringValue("%s")' %\
+                              policy.enterprise_default
+      else:
+        raise RuntimeError('Type %s of policy %s is not supported at '
+                           'enterprise defaults' % (policy.policy_type,
+                                                    policy.name))
+      f.write('  if (!policy_map->Get(key::k%s)) {\n'
+              '    policy_map->Set(key::k%s,\n'
+              '                    POLICY_LEVEL_MANDATORY,\n'
+              '                    POLICY_SCOPE_USER,\n'
+              '                    %s,\n'
+              '                    NULL);\n'
+              '  }\n' % (policy.name, policy.name, creation_expression))
+
+  f.write('}\n'
+          '#endif\n\n')
+
   f.write('const PolicyDetails* GetChromePolicyDetails('
               'const std::string& policy) {\n'
           '  // First index in kPropertyNodes of the Chrome policies.\n'