Refactor the session managers by using SessionManagerObserver

Use a new class 'UserSessionInitializer' to handle common initialization
logics in 'ChromeSessionManager' and 'UserSessionManager'. Whenever
profiles are loaded, corresponding methods in the observer will be
triggered.

Bug: 977489
Change-Id: Ida1c7cae0406a42edfe62ebf192dfd9bbcbe1301
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2085253Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Commit-Queue: Anqing Zhao <anqing@google.com>
Cr-Commit-Position: refs/heads/master@{#746469}

chrome/browser/chromeos/BUILD.gn

@@ -1531,6 +1531,8 @@ source_set("chromeos") {
     "login/security_token_pin_dialog_host_ash_impl.h",
     "login/session/chrome_session_manager.cc",
     "login/session/chrome_session_manager.h",
+    "login/session/user_session_initializer.cc",
+    "login/session/user_session_initializer.h",
     "login/session/user_session_manager.cc",
     "login/session/user_session_manager.h",
     "login/signin/auth_error_observer.cc",

chrome/browser/chromeos/login/session/chrome_session_manager.cc

@@ -28,6 +28,7 @@
 #include "chrome/browser/chromeos/login/login_wizard.h"
 #include "chrome/browser/chromeos/login/screens/arc_terms_of_service_screen.h"
 #include "chrome/browser/chromeos/login/screens/sync_consent_screen.h"
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
 #include "chrome/browser/chromeos/login/wizard_controller.h"
@@ -145,19 +146,8 @@ void StartUserSession(Profile* user_profile, const std::string& login_user_id) {
       return;
     }
 
-    user_session_mgr->InitRlz(user_profile);
-    user_session_mgr->InitializeCerts(user_profile);
-    user_session_mgr->InitializeCRLSetFetcher(user);
-    user_session_mgr->InitializeCertificateTransparencyComponents(user);
-
     ProfileHelper::Get()->ProfileStartup(user_profile);
 
-    user_session_mgr->InitializePrimaryProfileServices(user_profile, user);
-
-    if (user->GetType() == user_manager::USER_TYPE_CHILD) {
-      user_session_mgr->InitializeChildUserServices(user_profile);
-    }
-
     user_session_mgr->NotifyUserProfileLoaded(user_profile, user);
 
     // This call will set session state to SESSION_STATE_ACTIVE (same one).
@@ -196,8 +186,14 @@ void StartUserSession(Profile* user_profile, const std::string& login_user_id) {
 }  // namespace
 
 ChromeSessionManager::ChromeSessionManager()
-    : oobe_configuration_(std::make_unique<OobeConfiguration>()) {}
-ChromeSessionManager::~ChromeSessionManager() {}
+    : oobe_configuration_(std::make_unique<OobeConfiguration>()),
+      user_session_initializer_(std::make_unique<UserSessionInitializer>()) {
+  AddObserver(user_session_initializer_.get());
+}
+
+ChromeSessionManager::~ChromeSessionManager() {
+  RemoveObserver(user_session_initializer_.get());
+}
 
 void ChromeSessionManager::Initialize(
     const base::CommandLine& parsed_command_line,

chrome/browser/chromeos/login/session/chrome_session_manager.h

@@ -9,6 +9,7 @@
 
 #include "base/macros.h"
 #include "chrome/browser/chromeos/login/oobe_configuration.h"
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
 #include "components/session_manager/core/session_manager.h"
 
 namespace base {
@@ -43,6 +44,7 @@ class ChromeSessionManager : public session_manager::SessionManager {
 
  private:
   std::unique_ptr<chromeos::OobeConfiguration> oobe_configuration_;
+  std::unique_ptr<UserSessionInitializer> user_session_initializer_;
 
   DISALLOW_COPY_AND_ASSIGN(ChromeSessionManager);
 };

chrome/browser/chromeos/login/session/user_session_initializer.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
+
+#include "base/files/file_util.h"
+#include "base/path_service.h"
+#include "base/system/sys_info.h"
+#include "base/task/post_task.h"
+#include "base/task/task_traits.h"
+#include "base/task/thread_pool.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/browser_process_platform_part_chromeos.h"
+#include "chrome/browser/chromeos/arc/session/arc_service_launcher.h"
+#include "chrome/browser/chromeos/child_accounts/child_status_reporting_service_factory.h"
+#include "chrome/browser/chromeos/child_accounts/child_user_service_factory.h"
+#include "chrome/browser/chromeos/child_accounts/screen_time_controller_factory.h"
+#include "chrome/browser/chromeos/crostini/crostini_manager.h"
+#include "chrome/browser/chromeos/lock_screen_apps/state_controller.h"
+#include "chrome/browser/chromeos/login/startup_utils.h"
+#include "chrome/browser/chromeos/policy/app_install_event_log_manager_wrapper.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/component_updater/crl_set_component_installer.h"
+#include "chrome/browser/component_updater/sth_set_component_remover.h"
+#include "chrome/browser/google/google_brand_chromeos.h"
+#include "chrome/browser/net/nss_context.h"
+#include "chrome/common/pref_names.h"
+#include "chromeos/network/network_cert_loader.h"
+#include "chromeos/tpm/install_attributes.h"
+#include "components/prefs/pref_service.h"
+
+#if BUILDFLAG(ENABLE_RLZ)
+#include "chrome/browser/rlz/chrome_rlz_tracker_delegate.h"
+#include "components/rlz/rlz_tracker.h"
+#endif
+
+namespace chromeos {
+
+namespace {
+UserSessionInitializer* g_instance = nullptr;
+
+#if BUILDFLAG(ENABLE_RLZ)
+// Flag file that disables RLZ tracking, when present.
+const base::FilePath::CharType kRLZDisabledFlagName[] =
+    FILE_PATH_LITERAL(".rlz_disabled");
+
+base::FilePath GetRlzDisabledFlagPath() {
+  base::FilePath homedir;
+  base::PathService::Get(base::DIR_HOME, &homedir);
+  return homedir.Append(kRLZDisabledFlagName);
+}
+
+UserSessionInitializer::RlzInitParams CollectRlzParams() {
+  UserSessionInitializer::RlzInitParams params;
+  params.disabled = base::PathExists(GetRlzDisabledFlagPath());
+  params.time_since_oobe_completion =
+      chromeos::StartupUtils::GetTimeSinceOobeFlagFileCreation();
+  return params;
+}
+#endif
+
+// Callback to GetNSSCertDatabaseForProfile. It passes the user-specific NSS
+// database to NetworkCertLoader. It must be called for primary user only.
+void OnGetNSSCertDatabaseForUser(net::NSSCertDatabase* database) {
+  if (!NetworkCertLoader::IsInitialized())
+    return;
+
+  NetworkCertLoader::Get()->SetUserNSSDB(database);
+}
+
+}  // namespace
+
+UserSessionInitializer::UserSessionInitializer() {
+  DCHECK(!g_instance);
+  g_instance = this;
+}
+
+UserSessionInitializer::~UserSessionInitializer() {
+  DCHECK(g_instance);
+  g_instance = nullptr;
+}
+
+// static
+UserSessionInitializer* UserSessionInitializer::Get() {
+  return g_instance;
+}
+
+void UserSessionInitializer::OnUserProfileLoaded(const AccountId& account_id) {
+  Profile* profile = ProfileHelper::Get()->GetProfileByAccountId(account_id);
+  user_manager::User* user = ProfileHelper::Get()->GetUserByProfile(profile);
+
+  if (user_manager::UserManager::Get()->GetPrimaryUser() == user) {
+    InitRlz(profile);
+    InitializeCerts(profile);
+    InitializeCRLSetFetcher(user);
+    InitializeCertificateTransparencyComponents(user);
+    InitializePrimaryProfileServices(profile, user);
+  }
+
+  if (user->GetType() == user_manager::USER_TYPE_CHILD)
+    InitializeChildUserServices(profile);
+}
+
+void UserSessionInitializer::InitializeChildUserServices(Profile* profile) {
+  ChildStatusReportingServiceFactory::GetForBrowserContext(profile);
+  ChildUserServiceFactory::GetForBrowserContext(profile);
+  ScreenTimeControllerFactory::GetForBrowserContext(profile);
+}
+
+void UserSessionInitializer::InitRlz(Profile* profile) {
+#if BUILDFLAG(ENABLE_RLZ)
+  // Initialize the brand code in the local prefs if it does not exist yet or
+  // if it is empty.  The latter is to correct a problem in older builds where
+  // an empty brand code would be persisted if the first login after OOBE was
+  // a guest session.
+  if (!g_browser_process->local_state()->HasPrefPath(prefs::kRLZBrand) ||
+      g_browser_process->local_state()
+          ->Get(prefs::kRLZBrand)
+          ->GetString()
+          .empty()) {
+    // Read brand code asynchronously from an OEM data and repost ourselves.
+    google_brand::chromeos::InitBrand(base::Bind(
+        &UserSessionInitializer::InitRlz, weak_factory_.GetWeakPtr(), profile));
+    return;
+  }
+  base::PostTaskAndReplyWithResult(
+      FROM_HERE,
+      {base::ThreadPool(), base::MayBlock(), base::TaskPriority::BEST_EFFORT,
+       base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
+      base::BindOnce(&CollectRlzParams),
+      base::BindOnce(&UserSessionInitializer::InitRlzImpl,
+                     weak_factory_.GetWeakPtr(), profile));
+#endif
+}
+
+void UserSessionInitializer::InitializeCerts(Profile* profile) {
+  // Now that the user profile has been initialized
+  // |GetNSSCertDatabaseForProfile| is safe to be used.
+  if (NetworkCertLoader::IsInitialized() &&
+      base::SysInfo::IsRunningOnChromeOS()) {
+    GetNSSCertDatabaseForProfile(profile,
+                                 base::Bind(&OnGetNSSCertDatabaseForUser));
+  }
+}
+
+void UserSessionInitializer::InitializeCRLSetFetcher(
+    const user_manager::User* user) {
+  const std::string username_hash = user->username_hash();
+  if (!username_hash.empty()) {
+    base::FilePath path =
+        ProfileHelper::GetProfilePathByUserIdHash(username_hash);
+    component_updater::ComponentUpdateService* cus =
+        g_browser_process->component_updater();
+    if (cus)
+      component_updater::RegisterCRLSetComponent(cus, path);
+  }
+}
+
+void UserSessionInitializer::InitializeCertificateTransparencyComponents(
+    const user_manager::User* user) {
+  const std::string username_hash = user->username_hash();
+  if (!username_hash.empty()) {
+    base::FilePath path =
+        ProfileHelper::GetProfilePathByUserIdHash(username_hash);
+    component_updater::DeleteLegacySTHSet(path);
+  }
+}
+
+void UserSessionInitializer::InitializePrimaryProfileServices(
+    Profile* profile,
+    const user_manager::User* user) {
+  lock_screen_apps::StateController::Get()->SetPrimaryProfile(profile);
+
+  if (user->GetType() == user_manager::USER_TYPE_REGULAR) {
+    // App install logs are uploaded via the user's communication channel with
+    // the management server. This channel exists for regular users only.
+    // The |AppInstallEventLogManagerWrapper| manages its own lifetime and
+    // self-destructs on logout.
+    policy::AppInstallEventLogManagerWrapper::CreateForProfile(profile);
+  }
+  arc::ArcServiceLauncher::Get()->OnPrimaryUserProfilePrepared(profile);
+
+  crostini::CrostiniManager* crostini_manager =
+      crostini::CrostiniManager::GetForProfile(profile);
+  if (crostini_manager)
+    crostini_manager->MaybeUpgradeCrostini();
+
+  g_browser_process->platform_part()->InitializePrimaryProfileServices(profile);
+}
+
+void UserSessionInitializer::InitRlzImpl(Profile* profile,
+                                         const RlzInitParams& params) {
+#if BUILDFLAG(ENABLE_RLZ)
+  // If RLZ is disabled then clear the brand for the session.
+  //
+  // RLZ is disabled if disabled explicitly OR if the device's enrollment
+  // state is not yet known. The device's enrollment state is definitively
+  // known once the device is locked. Note that for enrolled devices, the
+  // enrollment login locks the device.
+  //
+  // There the following cases to consider when a session starts:
+  //
+  // 1) This is a regular session.
+  // 1a) The device is LOCKED. Thus, the enrollment state is KNOWN.
+  // 1b) The device is NOT LOCKED. This should only happen on the first
+  //     regular login (due to lock race condition with this code) if the
+  //     device is NOT enrolled; thus, the enrollment state is also KNOWN.
+  //
+  // 2) This is a guest session.
+  // 2a) The device is LOCKED. Thus, the enrollment state is KNOWN.
+  // 2b) The device is NOT locked. This should happen if ONLY Guest mode
+  //     sessions have ever been used on this device. This is the only
+  //     situation where the enrollment state is NOT KNOWN at this point.
+
+  PrefService* local_state = g_browser_process->local_state();
+  if (params.disabled || (profile->IsGuestSession() &&
+                          !InstallAttributes::Get()->IsDeviceLocked())) {
+    // Empty brand code means an organic install (no RLZ pings are sent).
+    google_brand::chromeos::ClearBrandForCurrentSession();
+  }
+  if (params.disabled != local_state->GetBoolean(prefs::kRLZDisabled)) {
+    // When switching to RLZ enabled/disabled state, clear all recorded events.
+    rlz::RLZTracker::ClearRlzState();
+    local_state->SetBoolean(prefs::kRLZDisabled, params.disabled);
+  }
+  // Init the RLZ library.
+  int ping_delay = profile->GetPrefs()->GetInteger(prefs::kRlzPingDelaySeconds);
+  // Negative ping delay means to send ping immediately after a first search is
+  // recorded.
+  bool send_ping_immediately = ping_delay < 0;
+  base::TimeDelta delay = base::TimeDelta::FromSeconds(abs(ping_delay)) -
+                          params.time_since_oobe_completion;
+  rlz::RLZTracker::SetRlzDelegate(
+      base::WrapUnique(new ChromeRLZTrackerDelegate));
+  rlz::RLZTracker::InitRlzDelayed(
+      user_manager::UserManager::Get()->IsCurrentUserNew(),
+      send_ping_immediately, delay,
+      ChromeRLZTrackerDelegate::IsGoogleDefaultSearch(profile),
+      ChromeRLZTrackerDelegate::IsGoogleHomepage(profile),
+      ChromeRLZTrackerDelegate::IsGoogleInStartpages(profile));
+#endif
+}
+
+}  // namespace chromeos

chrome/browser/chromeos/login/session/user_session_initializer.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SESSION_USER_SESSION_INITIALIZER_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_SESSION_USER_SESSION_INITIALIZER_H_
+
+#include "components/session_manager/core/session_manager_observer.h"
+#include "components/user_manager/user.h"
+
+class Profile;
+
+namespace user_manager {
+class User;
+}
+
+namespace chromeos {
+
+class UserSessionInitializer : public session_manager::SessionManagerObserver {
+ public:
+  // Parameters to use when initializing the RLZ library.  These fields need
+  // to be retrieved from a blocking task and this structure is used to pass
+  // the data.
+  struct RlzInitParams {
+    // Set to true if RLZ is disabled.
+    bool disabled;
+
+    // The elapsed time since the device went through the OOBE.  This can
+    // be a very long time.
+    base::TimeDelta time_since_oobe_completion;
+  };
+
+  UserSessionInitializer();
+  UserSessionInitializer(const UserSessionInitializer&) = delete;
+  UserSessionInitializer& operator=(const UserSessionInitializer&) = delete;
+  ~UserSessionInitializer() override;
+
+  // Returns UserSessionInitializer instance.
+  static UserSessionInitializer* Get();
+
+  // session_manager::SessionManagerObserver:
+  void OnUserProfileLoaded(const AccountId& account_id) override;
+
+  // Initialize child user profile services that depend on the policy.
+  void InitializeChildUserServices(Profile* profile);
+
+ private:
+  // Initialize RLZ.
+  void InitRlz(Profile* profile);
+
+  // Get the NSS cert database for the user represented with |profile|
+  // and start certificate loader with it.
+  void InitializeCerts(Profile* profile);
+
+  // Starts loading CRL set.
+  void InitializeCRLSetFetcher(const user_manager::User* user);
+
+  // Initializes Certificate Transparency-related components.
+  void InitializeCertificateTransparencyComponents(
+      const user_manager::User* user);
+
+  // Initialize all services that need the primary profile.
+  void InitializePrimaryProfileServices(Profile* profile,
+                                        const user_manager::User* user);
+
+  // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
+  void InitRlzImpl(Profile* profile, const RlzInitParams& params);
+
+  base::WeakPtrFactory<UserSessionInitializer> weak_factory_{this};
+};
+
+}  // namespace chromeos
+
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SESSION_USER_SESSION_INITIALIZER_H_

chrome/browser/chromeos/login/session/user_session_manager.h

@@ -132,18 +132,6 @@ class UserSessionManager
     kPolicyAndFlagsAndKioskControl
   };
 
-  // Parameters to use when initializing the RLZ library.  These fields need
-  // to be retrieved from a blocking task and this structure is used to pass
-  // the data.
-  struct RlzInitParams {
-    // Set to true if RLZ is disabled.
-    bool disabled;
-
-    // The elapsed time since the device went through the OOBE.  This can
-    // be a very long time.
-    base::TimeDelta time_since_oobe_completion;
-  };
-
   // To keep track of which systems need the login password to be stored in the
   // kernel keyring.
   enum class PasswordConsumingService {
@@ -219,27 +207,6 @@ class UserSessionManager
   // user sessions restoration is in progress.
   bool UserSessionsRestoreInProgress() const;
 
-  // Initialize RLZ.
-  void InitRlz(Profile* profile);
-
-  // Get the NSS cert database for the user represented with |profile|
-  // and start certificate loader with it.
-  void InitializeCerts(Profile* profile);
-
-  // Starts loading CRL set.
-  void InitializeCRLSetFetcher(const user_manager::User* user);
-
-  // Initializes Certificate Transparency-related components.
-  void InitializeCertificateTransparencyComponents(
-      const user_manager::User* user);
-
-  // Initialize child user profile services that depend on the policy.
-  void InitializeChildUserServices(Profile* profile);
-
-  // Initialize all services that need the primary profile.
-  void InitializePrimaryProfileServices(Profile* profile,
-                                        const user_manager::User* user);
-
   // Send the notification before creating the browser so additional objects
   // that need the profile (e.g. the launcher) can be created first.
   void NotifyUserProfileLoaded(Profile* profile,
@@ -481,9 +448,6 @@ class UserSessionManager
   // Restores GAIA auth cookies for the created user profile from OAuth2 token.
   void RestoreAuthSessionImpl(Profile* profile, bool restore_from_auth_cookies);
 
-  // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
-  void InitRlzImpl(Profile* profile, const RlzInitParams& params);
-
   // If |user| is not a kiosk app, sets session type as seen by extensions
   // feature system according to |user|'s type.
   // The value should eventually be set for kiosk users, too - that's done as