Refactor the session managers by using SessionManagerObserver

Use a new class 'UserSessionInitializer' to handle common initialization logics in 'ChromeSessionManager' and 'UserSessionManager'. Whenever profiles are loaded, corresponding methods in the observer will be triggered. Bug: 977489 Change-Id: Ida1c7cae0406a42edfe62ebf192dfd9bbcbe1301 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2085253Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Commit-Queue: Anqing Zhao <anqing@google.com> Cr-Commit-Position: refs/heads/master@{#746469}

Refactor the session managers by using SessionManagerObserver
Use a new class 'UserSessionInitializer' to handle common initialization logics in 'ChromeSessionManager' and 'UserSessionManager'. Whenever profiles are loaded, corresponding methods in the observer will be triggered. Bug: 977489 Change-Id: Ida1c7cae0406a42edfe62ebf192dfd9bbcbe1301 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2085253Reviewed-by: Xiyuan Xia <xiyuan@chromium.org> Commit-Queue: Anqing Zhao <anqing@google.com> Cr-Commit-Position: refs/heads/master@{#746469}
66e8be27 · Anqing Zhao · Commit Bot · 095a7a8e · 66e8be27 · 66e8be27
Commit 66e8be27 authored Mar 03, 2020 by Anqing Zhao Committed by Commit Bot Mar 03, 2020
7 changed files
--- a/chrome/browser/chromeos/BUILD.gn
+++ b/chrome/browser/chromeos/BUILD.gn
@@ -1531,6 +1531,8 @@ source_set("chromeos") {
    "login/security_token_pin_dialog_host_ash_impl.h",
    "login/session/chrome_session_manager.cc",
    "login/session/chrome_session_manager.h",
+    "login/session/user_session_initializer.cc",
+    "login/session/user_session_initializer.h",
    "login/session/user_session_manager.cc",
    "login/session/user_session_manager.h",
    "login/signin/auth_error_observer.cc",

--- a/chrome/browser/chromeos/login/session/chrome_session_manager.cc
+++ b/chrome/browser/chromeos/login/session/chrome_session_manager.cc
@@ -28,6 +28,7 @@
 #include "chrome/browser/chromeos/login/login_wizard.h"
 #include "chrome/browser/chromeos/login/screens/arc_terms_of_service_screen.h"
 #include "chrome/browser/chromeos/login/screens/sync_consent_screen.h"
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
 #include "chrome/browser/chromeos/login/wizard_controller.h"
@@ -145,19 +146,8 @@ void StartUserSession(Profile* user_profile, const std::string& login_user_id) {
      return;
    }
-    user_session_mgr->InitRlz(user_profile);
-    user_session_mgr->InitializeCerts(user_profile);
-    user_session_mgr->InitializeCRLSetFetcher(user);
-    user_session_mgr->InitializeCertificateTransparencyComponents(user);
    ProfileHelper::Get()->ProfileStartup(user_profile);
-    user_session_mgr->InitializePrimaryProfileServices(user_profile, user);
-    if (user->GetType() == user_manager::USER_TYPE_CHILD) {
-      user_session_mgr->InitializeChildUserServices(user_profile);
-    }
    user_session_mgr->NotifyUserProfileLoaded(user_profile, user);
    // This call will set session state to SESSION_STATE_ACTIVE (same one).
@@ -196,8 +186,14 @@ void StartUserSession(Profile* user_profile, const std::string& login_user_id) {
 }  // namespace
 ChromeSessionManager::ChromeSessionManager()
-    : oobe_configuration_(std::make_unique<OobeConfiguration>()) {}
+    : oobe_configuration_(std::make_unique<OobeConfiguration>()),
-ChromeSessionManager::~ChromeSessionManager() {}
+      user_session_initializer_(std::make_unique<UserSessionInitializer>()) {
+  AddObserver(user_session_initializer_.get());
+}
+ChromeSessionManager::~ChromeSessionManager() {
+  RemoveObserver(user_session_initializer_.get());
+}
 void ChromeSessionManager::Initialize(
    const base::CommandLine& parsed_command_line,

--- a/chrome/browser/chromeos/login/session/chrome_session_manager.h
+++ b/chrome/browser/chromeos/login/session/chrome_session_manager.h
@@ -9,6 +9,7 @@
 #include "base/macros.h"
 #include "chrome/browser/chromeos/login/oobe_configuration.h"
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
 #include "components/session_manager/core/session_manager.h"
 namespace base {
@@ -43,6 +44,7 @@ class ChromeSessionManager : public session_manager::SessionManager {
 private:
  std::unique_ptr<chromeos::OobeConfiguration> oobe_configuration_;
+  std::unique_ptr<UserSessionInitializer> user_session_initializer_;
  DISALLOW_COPY_AND_ASSIGN(ChromeSessionManager);
 };

--- a/chrome/browser/chromeos/login/session/user_session_initializer.cc
+++ b/chrome/browser/chromeos/login/session/user_session_initializer.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
+#include "base/files/file_util.h"
+#include "base/path_service.h"
+#include "base/system/sys_info.h"
+#include "base/task/post_task.h"
+#include "base/task/task_traits.h"
+#include "base/task/thread_pool.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/browser_process_platform_part_chromeos.h"
+#include "chrome/browser/chromeos/arc/session/arc_service_launcher.h"
+#include "chrome/browser/chromeos/child_accounts/child_status_reporting_service_factory.h"
+#include "chrome/browser/chromeos/child_accounts/child_user_service_factory.h"
+#include "chrome/browser/chromeos/child_accounts/screen_time_controller_factory.h"
+#include "chrome/browser/chromeos/crostini/crostini_manager.h"
+#include "chrome/browser/chromeos/lock_screen_apps/state_controller.h"
+#include "chrome/browser/chromeos/login/startup_utils.h"
+#include "chrome/browser/chromeos/policy/app_install_event_log_manager_wrapper.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/component_updater/crl_set_component_installer.h"
+#include "chrome/browser/component_updater/sth_set_component_remover.h"
+#include "chrome/browser/google/google_brand_chromeos.h"
+#include "chrome/browser/net/nss_context.h"
+#include "chrome/common/pref_names.h"
+#include "chromeos/network/network_cert_loader.h"
+#include "chromeos/tpm/install_attributes.h"
+#include "components/prefs/pref_service.h"
+#if BUILDFLAG(ENABLE_RLZ)
+#include "chrome/browser/rlz/chrome_rlz_tracker_delegate.h"
+#include "components/rlz/rlz_tracker.h"
+#endif
+namespace chromeos {
+namespace {
+UserSessionInitializer* g_instance = nullptr;
+#if BUILDFLAG(ENABLE_RLZ)
+// Flag file that disables RLZ tracking, when present.
+const base::FilePath::CharType kRLZDisabledFlagName[] =
+    FILE_PATH_LITERAL(".rlz_disabled");
+base::FilePath GetRlzDisabledFlagPath() {
+  base::FilePath homedir;
+  base::PathService::Get(base::DIR_HOME, &homedir);
+  return homedir.Append(kRLZDisabledFlagName);
+}
+UserSessionInitializer::RlzInitParams CollectRlzParams() {
+  UserSessionInitializer::RlzInitParams params;
+  params.disabled = base::PathExists(GetRlzDisabledFlagPath());
+  params.time_since_oobe_completion =
+      chromeos::StartupUtils::GetTimeSinceOobeFlagFileCreation();
+  return params;
+}
+#endif
+// Callback to GetNSSCertDatabaseForProfile. It passes the user-specific NSS
+// database to NetworkCertLoader. It must be called for primary user only.
+void OnGetNSSCertDatabaseForUser(net::NSSCertDatabase* database) {
+  if (!NetworkCertLoader::IsInitialized())
+    return;
+  NetworkCertLoader::Get()->SetUserNSSDB(database);
+}
+}  // namespace
+UserSessionInitializer::UserSessionInitializer() {
+  DCHECK(!g_instance);
+  g_instance = this;
+}
+UserSessionInitializer::~UserSessionInitializer() {
+  DCHECK(g_instance);
+  g_instance = nullptr;
+}
+// static
+UserSessionInitializer* UserSessionInitializer::Get() {
+  return g_instance;
+}
+void UserSessionInitializer::OnUserProfileLoaded(const AccountId& account_id) {
+  Profile* profile = ProfileHelper::Get()->GetProfileByAccountId(account_id);
+  user_manager::User* user = ProfileHelper::Get()->GetUserByProfile(profile);
+  if (user_manager::UserManager::Get()->GetPrimaryUser() == user) {
+    InitRlz(profile);
+    InitializeCerts(profile);
+    InitializeCRLSetFetcher(user);
+    InitializeCertificateTransparencyComponents(user);
+    InitializePrimaryProfileServices(profile, user);
+  }
+  if (user->GetType() == user_manager::USER_TYPE_CHILD)
+    InitializeChildUserServices(profile);
+}
+void UserSessionInitializer::InitializeChildUserServices(Profile* profile) {
+  ChildStatusReportingServiceFactory::GetForBrowserContext(profile);
+  ChildUserServiceFactory::GetForBrowserContext(profile);
+  ScreenTimeControllerFactory::GetForBrowserContext(profile);
+}
+void UserSessionInitializer::InitRlz(Profile* profile) {
+#if BUILDFLAG(ENABLE_RLZ)
+  // Initialize the brand code in the local prefs if it does not exist yet or
+  // if it is empty.  The latter is to correct a problem in older builds where
+  // an empty brand code would be persisted if the first login after OOBE was
+  // a guest session.
+  if (!g_browser_process->local_state()->HasPrefPath(prefs::kRLZBrand) ||
+      g_browser_process->local_state()
+          ->Get(prefs::kRLZBrand)
+          ->GetString()
+          .empty()) {
+    // Read brand code asynchronously from an OEM data and repost ourselves.
+    google_brand::chromeos::InitBrand(base::Bind(
+        &UserSessionInitializer::InitRlz, weak_factory_.GetWeakPtr(), profile));
+    return;
+  }
+  base::PostTaskAndReplyWithResult(
+      FROM_HERE,
+      {base::ThreadPool(), base::MayBlock(), base::TaskPriority::BEST_EFFORT,
+       base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
+      base::BindOnce(&CollectRlzParams),
+      base::BindOnce(&UserSessionInitializer::InitRlzImpl,
+                     weak_factory_.GetWeakPtr(), profile));
+#endif
+}
+void UserSessionInitializer::InitializeCerts(Profile* profile) {
+  // Now that the user profile has been initialized
+  // |GetNSSCertDatabaseForProfile| is safe to be used.
+  if (NetworkCertLoader::IsInitialized() &&
+      base::SysInfo::IsRunningOnChromeOS()) {
+    GetNSSCertDatabaseForProfile(profile,
+                                 base::Bind(&OnGetNSSCertDatabaseForUser));
+  }
+}
+void UserSessionInitializer::InitializeCRLSetFetcher(
+    const user_manager::User* user) {
+  const std::string username_hash = user->username_hash();
+  if (!username_hash.empty()) {
+    base::FilePath path =
+        ProfileHelper::GetProfilePathByUserIdHash(username_hash);
+    component_updater::ComponentUpdateService* cus =
+        g_browser_process->component_updater();
+    if (cus)
+      component_updater::RegisterCRLSetComponent(cus, path);
+  }
+}
+void UserSessionInitializer::InitializeCertificateTransparencyComponents(
+    const user_manager::User* user) {
+  const std::string username_hash = user->username_hash();
+  if (!username_hash.empty()) {
+    base::FilePath path =
+        ProfileHelper::GetProfilePathByUserIdHash(username_hash);
+    component_updater::DeleteLegacySTHSet(path);
+  }
+}
+void UserSessionInitializer::InitializePrimaryProfileServices(
+    Profile* profile,
+    const user_manager::User* user) {
+  lock_screen_apps::StateController::Get()->SetPrimaryProfile(profile);
+  if (user->GetType() == user_manager::USER_TYPE_REGULAR) {
+    // App install logs are uploaded via the user's communication channel with
+    // the management server. This channel exists for regular users only.
+    // The |AppInstallEventLogManagerWrapper| manages its own lifetime and
+    // self-destructs on logout.
+    policy::AppInstallEventLogManagerWrapper::CreateForProfile(profile);
+  }
+  arc::ArcServiceLauncher::Get()->OnPrimaryUserProfilePrepared(profile);
+  crostini::CrostiniManager* crostini_manager =
+      crostini::CrostiniManager::GetForProfile(profile);
+  if (crostini_manager)
+    crostini_manager->MaybeUpgradeCrostini();
+  g_browser_process->platform_part()->InitializePrimaryProfileServices(profile);
+}
+void UserSessionInitializer::InitRlzImpl(Profile* profile,
+                                         const RlzInitParams& params) {
+#if BUILDFLAG(ENABLE_RLZ)
+  // If RLZ is disabled then clear the brand for the session.
+  //
+  // RLZ is disabled if disabled explicitly OR if the device's enrollment
+  // state is not yet known. The device's enrollment state is definitively
+  // known once the device is locked. Note that for enrolled devices, the
+  // enrollment login locks the device.
+  //
+  // There the following cases to consider when a session starts:
+  //
+  // 1) This is a regular session.
+  // 1a) The device is LOCKED. Thus, the enrollment state is KNOWN.
+  // 1b) The device is NOT LOCKED. This should only happen on the first
+  //     regular login (due to lock race condition with this code) if the
+  //     device is NOT enrolled; thus, the enrollment state is also KNOWN.
+  //
+  // 2) This is a guest session.
+  // 2a) The device is LOCKED. Thus, the enrollment state is KNOWN.
+  // 2b) The device is NOT locked. This should happen if ONLY Guest mode
+  //     sessions have ever been used on this device. This is the only
+  //     situation where the enrollment state is NOT KNOWN at this point.
+  PrefService* local_state = g_browser_process->local_state();
+  if (params.disabled || (profile->IsGuestSession() &&
+                          !InstallAttributes::Get()->IsDeviceLocked())) {
+    // Empty brand code means an organic install (no RLZ pings are sent).
+    google_brand::chromeos::ClearBrandForCurrentSession();
+  }
+  if (params.disabled != local_state->GetBoolean(prefs::kRLZDisabled)) {
+    // When switching to RLZ enabled/disabled state, clear all recorded events.
+    rlz::RLZTracker::ClearRlzState();
+    local_state->SetBoolean(prefs::kRLZDisabled, params.disabled);
+  }
+  // Init the RLZ library.
+  int ping_delay = profile->GetPrefs()->GetInteger(prefs::kRlzPingDelaySeconds);
+  // Negative ping delay means to send ping immediately after a first search is
+  // recorded.
+  bool send_ping_immediately = ping_delay < 0;
+  base::TimeDelta delay = base::TimeDelta::FromSeconds(abs(ping_delay)) -
+                          params.time_since_oobe_completion;
+  rlz::RLZTracker::SetRlzDelegate(
+      base::WrapUnique(new ChromeRLZTrackerDelegate));
+  rlz::RLZTracker::InitRlzDelayed(
+      user_manager::UserManager::Get()->IsCurrentUserNew(),
+      send_ping_immediately, delay,
+      ChromeRLZTrackerDelegate::IsGoogleDefaultSearch(profile),
+      ChromeRLZTrackerDelegate::IsGoogleHomepage(profile),
+      ChromeRLZTrackerDelegate::IsGoogleInStartpages(profile));
+#endif
+}
+}  // namespace chromeos
--- a/chrome/browser/chromeos/login/session/user_session_initializer.h
+++ b/chrome/browser/chromeos/login/session/user_session_initializer.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef CHROME_BROWSER_CHROMEOS_LOGIN_SESSION_USER_SESSION_INITIALIZER_H_
+#define CHROME_BROWSER_CHROMEOS_LOGIN_SESSION_USER_SESSION_INITIALIZER_H_
+#include "components/session_manager/core/session_manager_observer.h"
+#include "components/user_manager/user.h"
+class Profile;
+namespace user_manager {
+class User;
+}
+namespace chromeos {
+class UserSessionInitializer : public session_manager::SessionManagerObserver {
+ public:
+  // Parameters to use when initializing the RLZ library.  These fields need
+  // to be retrieved from a blocking task and this structure is used to pass
+  // the data.
+  struct RlzInitParams {
+    // Set to true if RLZ is disabled.
+    bool disabled;
+    // The elapsed time since the device went through the OOBE.  This can
+    // be a very long time.
+    base::TimeDelta time_since_oobe_completion;
+  };
+  UserSessionInitializer();
+  UserSessionInitializer(const UserSessionInitializer&) = delete;
+  UserSessionInitializer& operator=(const UserSessionInitializer&) = delete;
+  ~UserSessionInitializer() override;
+  // Returns UserSessionInitializer instance.
+  static UserSessionInitializer* Get();
+  // session_manager::SessionManagerObserver:
+  void OnUserProfileLoaded(const AccountId& account_id) override;
+  // Initialize child user profile services that depend on the policy.
+  void InitializeChildUserServices(Profile* profile);
+ private:
+  // Initialize RLZ.
+  void InitRlz(Profile* profile);
+  // Get the NSS cert database for the user represented with |profile|
+  // and start certificate loader with it.
+  void InitializeCerts(Profile* profile);
+  // Starts loading CRL set.
+  void InitializeCRLSetFetcher(const user_manager::User* user);
+  // Initializes Certificate Transparency-related components.
+  void InitializeCertificateTransparencyComponents(
+      const user_manager::User* user);
+  // Initialize all services that need the primary profile.
+  void InitializePrimaryProfileServices(Profile* profile,
+                                        const user_manager::User* user);
+  // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
+  void InitRlzImpl(Profile* profile, const RlzInitParams& params);
+  base::WeakPtrFactory<UserSessionInitializer> weak_factory_{this};
+};
+}  // namespace chromeos
+#endif  // CHROME_BROWSER_CHROMEOS_LOGIN_SESSION_USER_SESSION_INITIALIZER_H_
--- a/chrome/browser/chromeos/login/session/user_session_manager.cc
+++ b/chrome/browser/chromeos/login/session/user_session_manager.cc
@@ -20,7 +20,6 @@
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/feature_list.h"
-#include "base/files/file_util.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
@@ -31,7 +30,6 @@
 #include "base/strings/string16.h"
 #include "base/system/sys_info.h"
 #include "base/task/post_task.h"
-#include "base/task/thread_pool.h"
 #include "base/threading/thread_task_runner_handle.h"
 #include "chrome/browser/about_flags.h"
 #include "chrome/browser/app_mode/app_mode_utils.h"
@@ -42,17 +40,11 @@
 #include "chrome/browser/chromeos/account_manager/account_manager_util.h"
 #include "chrome/browser/chromeos/arc/arc_migration_guide_notification.h"
 #include "chrome/browser/chromeos/arc/arc_util.h"
-#include "chrome/browser/chromeos/arc/session/arc_service_launcher.h"
 #include "chrome/browser/chromeos/base/locale_util.h"
 #include "chrome/browser/chromeos/boot_times_recorder.h"
 #include "chrome/browser/chromeos/child_accounts/child_policy_observer.h"
-#include "chrome/browser/chromeos/child_accounts/child_status_reporting_service_factory.h"
-#include "chrome/browser/chromeos/child_accounts/child_user_service_factory.h"
-#include "chrome/browser/chromeos/child_accounts/screen_time_controller_factory.h"
-#include "chrome/browser/chromeos/crostini/crostini_manager.h"
 #include "chrome/browser/chromeos/first_run/first_run.h"
 #include "chrome/browser/chromeos/first_run/goodies_displayer.h"
-#include "chrome/browser/chromeos/lock_screen_apps/state_controller.h"
 #include "chrome/browser/chromeos/logging.h"
 #include "chrome/browser/chromeos/login/auth/chrome_cryptohome_authenticator.h"
 #include "chrome/browser/chromeos/login/chrome_restart_request.h"
@@ -69,6 +61,7 @@
 #include "chrome/browser/chromeos/login/saml/saml_offline_signin_limiter_factory.h"
 #include "chrome/browser/chromeos/login/screens/arc_terms_of_service_screen.h"
 #include "chrome/browser/chromeos/login/screens/sync_consent_screen.h"
+#include "chrome/browser/chromeos/login/session/user_session_initializer.h"
 #include "chrome/browser/chromeos/login/signin/oauth2_login_manager_factory.h"
 #include "chrome/browser/chromeos/login/signin/token_handle_fetcher.h"
 #include "chrome/browser/chromeos/login/startup_utils.h"
@@ -78,7 +71,6 @@
 #include "chrome/browser/chromeos/login/users/chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/supervised_user_manager.h"
 #include "chrome/browser/chromeos/login/wizard_controller.h"
-#include "chrome/browser/chromeos/policy/app_install_event_log_manager_wrapper.h"
 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/policy/tpm_auto_update_mode_policy_handler.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
@@ -87,13 +79,9 @@
 #include "chrome/browser/chromeos/tether/tether_service.h"
 #include "chrome/browser/chromeos/tpm_firmware_update_notification.h"
 #include "chrome/browser/chromeos/u2f_notification.h"
-#include "chrome/browser/component_updater/crl_set_component_installer.h"
-#include "chrome/browser/component_updater/sth_set_component_remover.h"
 #include "chrome/browser/first_run/first_run.h"
-#include "chrome/browser/google/google_brand_chromeos.h"
 #include "chrome/browser/lifetime/application_lifetime.h"
 #include "chrome/browser/lifetime/browser_shutdown.h"
-#include "chrome/browser/net/nss_context.h"
 #include "chrome/browser/notifications/notification_display_service.h"
 #include "chrome/browser/password_manager/password_store_factory.h"
 #include "chrome/browser/prefs/session_startup_pref.h"
@@ -131,11 +119,9 @@
 #include "chromeos/login/auth/challenge_response/known_user_pref_utils.h"
 #include "chromeos/login/auth/stub_authenticator_builder.h"
 #include "chromeos/login/session/session_termination_manager.h"
-#include "chromeos/network/network_cert_loader.h"
 #include "chromeos/network/portal_detector/network_portal_detector.h"
 #include "chromeos/network/portal_detector/network_portal_detector_strategy.h"
 #include "chromeos/settings/cros_settings_names.h"
-#include "chromeos/tpm/install_attributes.h"
 #include "components/account_id/account_id.h"
 #include "components/component_updater/component_updater_service.h"
 #include "components/flags_ui/pref_service_flags_storage.h"
@@ -174,11 +160,6 @@
 #include "ui/message_center/public/cpp/notifier_id.h"
 #include "url/gurl.h"
-#if BUILDFLAG(ENABLE_RLZ)
-#include "chrome/browser/rlz/chrome_rlz_tracker_delegate.h"
-#include "components/rlz/rlz_tracker.h"
-#endif
 using signin::ConsentLevel;
 namespace chromeos {
@@ -298,27 +279,6 @@ void InitLocaleAndInputMethodsForNewUser(
  prefs->SetBoolean(prefs::kLanguageShouldMergeInputMethods, true);
 }
-#if BUILDFLAG(ENABLE_RLZ)
-// Flag file that disables RLZ tracking, when present.
-const base::FilePath::CharType kRLZDisabledFlagName[] =
-    FILE_PATH_LITERAL(".rlz_disabled");
-base::FilePath GetRlzDisabledFlagPath() {
-  base::FilePath homedir;
-  base::PathService::Get(base::DIR_HOME, &homedir);
-  return homedir.Append(kRLZDisabledFlagName);
-}
-#endif
-// Callback to GetNSSCertDatabaseForProfile. It passes the user-specific NSS
-// database to NetworkCertLoader. It must be called for primary user only.
-void OnGetNSSCertDatabaseForUser(net::NSSCertDatabase* database) {
-  if (!NetworkCertLoader::IsInitialized())
-    return;
-  NetworkCertLoader::Get()->SetUserNSSDB(database);
-}
 // Returns new CommandLine with per-user flags.
 base::CommandLine CreatePerSessionCommandLine(Profile* profile) {
  base::CommandLine user_flags(base::CommandLine::NO_PROGRAM);
@@ -402,16 +362,6 @@ bool IsRunningTest() {
             ::switches::kTestType);
 }
-#if BUILDFLAG(ENABLE_RLZ)
-UserSessionManager::RlzInitParams CollectRlzParams() {
-  UserSessionManager::RlzInitParams params;
-  params.disabled = base::PathExists(GetRlzDisabledFlagPath());
-  params.time_since_oobe_completion =
-      chromeos::StartupUtils::GetTimeSinceOobeFlagFileCreation();
-  return params;
-}
-#endif
 bool IsOnlineSignin(const UserContext& user_context) {
  return user_context.GetAuthFlow() == UserContext::AUTH_FLOW_GAIA_WITH_SAML ||
         user_context.GetAuthFlow() == UserContext::AUTH_FLOW_GAIA_WITHOUT_SAML;
@@ -695,31 +645,6 @@ bool UserSessionManager::UserSessionsRestoreInProgress() const {
  return user_sessions_restore_in_progress_;
 }
-void UserSessionManager::InitRlz(Profile* profile) {
-#if BUILDFLAG(ENABLE_RLZ)
-  // Initialize the brand code in the local prefs if it does not exist yet or
-  // if it is empty.  The latter is to correct a problem in older builds where
-  // an empty brand code would be persisted if the first login after OOBE was
-  // a guest session.
-  if (!g_browser_process->local_state()->HasPrefPath(prefs::kRLZBrand) ||
-      g_browser_process->local_state()
-          ->Get(prefs::kRLZBrand)
-          ->GetString()
-          .empty()) {
-    // Read brand code asynchronously from an OEM data and repost ourselves.
-    google_brand::chromeos::InitBrand(
-        base::Bind(&UserSessionManager::InitRlz, AsWeakPtr(), profile));
-    return;
-  }
-  base::ThreadPool::PostTaskAndReplyWithResult(
-      FROM_HERE,
-      {base::MayBlock(), base::TaskPriority::BEST_EFFORT,
-       base::TaskShutdownBehavior::CONTINUE_ON_SHUTDOWN},
-      base::BindOnce(&CollectRlzParams),
-      base::BindOnce(&UserSessionManager::InitRlzImpl, AsWeakPtr(), profile));
-#endif
-}
 void UserSessionManager::InitNonKioskExtensionFeaturesSessionType(
    const user_manager::User* user) {
  // Kiosk session should be set as part of kiosk user session initialization
@@ -1691,11 +1616,6 @@ void UserSessionManager::FinalizePrepareProfile(Profile* profile) {
  // Initialize various services only for primary user.
  if (user_manager->GetPrimaryUser() == user) {
-    InitRlz(profile);
-    InitializeCerts(profile);
-    InitializeCRLSetFetcher(user);
-    InitializeCertificateTransparencyComponents(user);
-    InitializePrimaryProfileServices(profile, user);
    StartTetherServiceIfPossible(profile);
    // PrefService is ready, check whether we need to force a VPN connection.
@@ -1741,7 +1661,6 @@ void UserSessionManager::FinalizePrepareProfile(Profile* profile) {
          kWaitForChildPolicyTimeout);
      return;
    }
-    InitializeChildUserServices(profile);
  }
  InitializeBrowser(profile);
@@ -1903,120 +1822,6 @@ void UserSessionManager::RestoreAuthSessionImpl(
                                user_context_.GetAccessToken());
 }
-void UserSessionManager::InitRlzImpl(Profile* profile,
-                                     const RlzInitParams& params) {
-#if BUILDFLAG(ENABLE_RLZ)
-  // If RLZ is disabled then clear the brand for the session.
-  //
-  // RLZ is disabled if disabled explicitly OR if the device's enrollment
-  // state is not yet known. The device's enrollment state is definitively
-  // known once the device is locked. Note that for enrolled devices, the
-  // enrollment login locks the device.
-  //
-  // There the following cases to consider when a session starts:
-  //
-  // 1) This is a regular session.
-  // 1a) The device is LOCKED. Thus, the enrollment state is KNOWN.
-  // 1b) The device is NOT LOCKED. This should only happen on the first
-  //     regular login (due to lock race condition with this code) if the
-  //     device is NOT enrolled; thus, the enrollment state is also KNOWN.
-  //
-  // 2) This is a guest session.
-  // 2a) The device is LOCKED. Thus, the enrollment state is KNOWN.
-  // 2b) The device is NOT locked. This should happen if ONLY Guest mode
-  //     sessions have ever been used on this device. This is the only
-  //     situation where the enrollment state is NOT KNOWN at this point.
-  PrefService* local_state = g_browser_process->local_state();
-  if (params.disabled || (profile->IsGuestSession() &&
-                          !InstallAttributes::Get()->IsDeviceLocked())) {
-    // Empty brand code means an organic install (no RLZ pings are sent).
-    google_brand::chromeos::ClearBrandForCurrentSession();
-  }
-  if (params.disabled != local_state->GetBoolean(prefs::kRLZDisabled)) {
-    // When switching to RLZ enabled/disabled state, clear all recorded events.
-    rlz::RLZTracker::ClearRlzState();
-    local_state->SetBoolean(prefs::kRLZDisabled, params.disabled);
-  }
-  // Init the RLZ library.
-  int ping_delay = profile->GetPrefs()->GetInteger(prefs::kRlzPingDelaySeconds);
-  // Negative ping delay means to send ping immediately after a first search is
-  // recorded.
-  bool send_ping_immediately = ping_delay < 0;
-  base::TimeDelta delay = base::TimeDelta::FromSeconds(abs(ping_delay)) -
-                          params.time_since_oobe_completion;
-  rlz::RLZTracker::SetRlzDelegate(
-      base::WrapUnique(new ChromeRLZTrackerDelegate));
-  rlz::RLZTracker::InitRlzDelayed(
-      user_manager::UserManager::Get()->IsCurrentUserNew(),
-      send_ping_immediately, delay,
-      ChromeRLZTrackerDelegate::IsGoogleDefaultSearch(profile),
-      ChromeRLZTrackerDelegate::IsGoogleHomepage(profile),
-      ChromeRLZTrackerDelegate::IsGoogleInStartpages(profile));
-#endif
-}
-void UserSessionManager::InitializeCerts(Profile* profile) {
-  // Now that the user profile has been initialized
-  // |GetNSSCertDatabaseForProfile| is safe to be used.
-  if (NetworkCertLoader::IsInitialized() &&
-      base::SysInfo::IsRunningOnChromeOS()) {
-    GetNSSCertDatabaseForProfile(profile,
-                                 base::Bind(&OnGetNSSCertDatabaseForUser));
-  }
-}
-void UserSessionManager::InitializeCRLSetFetcher(
-    const user_manager::User* user) {
-  const std::string username_hash = user->username_hash();
-  if (!username_hash.empty()) {
-    base::FilePath path =
-        ProfileHelper::GetProfilePathByUserIdHash(username_hash);
-    component_updater::ComponentUpdateService* cus =
-        g_browser_process->component_updater();
-    if (cus)
-      component_updater::RegisterCRLSetComponent(cus, path);
-  }
-}
-void UserSessionManager::InitializeCertificateTransparencyComponents(
-    const user_manager::User* user) {
-  const std::string username_hash = user->username_hash();
-  if (!username_hash.empty()) {
-    base::FilePath path =
-        ProfileHelper::GetProfilePathByUserIdHash(username_hash);
-    component_updater::DeleteLegacySTHSet(path);
-  }
-}
-void UserSessionManager::InitializeChildUserServices(Profile* profile) {
-  ChildStatusReportingServiceFactory::GetForBrowserContext(profile);
-  ChildUserServiceFactory::GetForBrowserContext(profile);
-  ScreenTimeControllerFactory::GetForBrowserContext(profile);
-}
-void UserSessionManager::InitializePrimaryProfileServices(
-    Profile* profile,
-    const user_manager::User* user) {
-  lock_screen_apps::StateController::Get()->SetPrimaryProfile(profile);
-  if (user->GetType() == user_manager::USER_TYPE_REGULAR) {
-    // App install logs are uploaded via the user's communication channel with
-    // the management server. This channel exists for regular users only.
-    // The |AppInstallEventLogManagerWrapper| manages its own lifetime and
-    // self-destructs on logout.
-    policy::AppInstallEventLogManagerWrapper::CreateForProfile(profile);
-  }
-  arc::ArcServiceLauncher::Get()->OnPrimaryUserProfilePrepared(profile);
-  crostini::CrostiniManager* crostini_manager =
-      crostini::CrostiniManager::GetForProfile(profile);
-  if (crostini_manager)
-    crostini_manager->MaybeUpgradeCrostini();
-  g_browser_process->platform_part()->InitializePrimaryProfileServices(profile);
-}
 void UserSessionManager::NotifyUserProfileLoaded(
    Profile* profile,
    const user_manager::User* user) {
@@ -2231,7 +2036,8 @@ void UserSessionManager::OnChildPolicyReady(
  child_policy_observer_.reset();
-  InitializeChildUserServices(profile);
+  UserSessionInitializer::Get()->InitializeChildUserServices(profile);
  InitializeBrowser(profile);
 }

--- a/chrome/browser/chromeos/login/session/user_session_manager.h
+++ b/chrome/browser/chromeos/login/session/user_session_manager.h
@@ -132,18 +132,6 @@ class UserSessionManager
    kPolicyAndFlagsAndKioskControl
  };
-  // Parameters to use when initializing the RLZ library.  These fields need
-  // to be retrieved from a blocking task and this structure is used to pass
-  // the data.
-  struct RlzInitParams {
-    // Set to true if RLZ is disabled.
-    bool disabled;
-    // The elapsed time since the device went through the OOBE.  This can
-    // be a very long time.
-    base::TimeDelta time_since_oobe_completion;
-  };
  // To keep track of which systems need the login password to be stored in the
  // kernel keyring.
  enum class PasswordConsumingService {
@@ -219,27 +207,6 @@ class UserSessionManager
  // user sessions restoration is in progress.
  bool UserSessionsRestoreInProgress() const;
-  // Initialize RLZ.
-  void InitRlz(Profile* profile);
-  // Get the NSS cert database for the user represented with |profile|
-  // and start certificate loader with it.
-  void InitializeCerts(Profile* profile);
-  // Starts loading CRL set.
-  void InitializeCRLSetFetcher(const user_manager::User* user);
-  // Initializes Certificate Transparency-related components.
-  void InitializeCertificateTransparencyComponents(
-      const user_manager::User* user);
-  // Initialize child user profile services that depend on the policy.
-  void InitializeChildUserServices(Profile* profile);
-  // Initialize all services that need the primary profile.
-  void InitializePrimaryProfileServices(Profile* profile,
-                                        const user_manager::User* user);
  // Send the notification before creating the browser so additional objects
  // that need the profile (e.g. the launcher) can be created first.
  void NotifyUserProfileLoaded(Profile* profile,
@@ -481,9 +448,6 @@ class UserSessionManager
  // Restores GAIA auth cookies for the created user profile from OAuth2 token.
  void RestoreAuthSessionImpl(Profile* profile, bool restore_from_auth_cookies);
-  // Initializes RLZ. If |disabled| is true, RLZ pings are disabled.
-  void InitRlzImpl(Profile* profile, const RlzInitParams& params);
  // If |user| is not a kiosk app, sets session type as seen by extensions
  // feature system according to |user|'s type.
  // The value should eventually be set for kiosk users, too - that's done as