Packaged license: Detect license on startup

Detect license existence and save it inside EnrollmentConfig for further use in wizard controller and OOBE screens. Test: unittested by these "*AutoEnrollmentClientImplTest*" tests. Bug: 871207 Change-Id: I52c644c80ec3175c3d1efb9ee13e696b9f500b51 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1782175 Commit-Queue: Roman Aleksandrov <raleksandrov@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Denis Kuznetsov <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#699690}

Packaged license: Detect license on startup
Detect license existence and save it inside EnrollmentConfig for further use in wizard controller and OOBE screens. Test: unittested by these "*AutoEnrollmentClientImplTest*" tests. Bug: 871207 Change-Id: I52c644c80ec3175c3d1efb9ee13e696b9f500b51 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1782175 Commit-Queue: Roman Aleksandrov <raleksandrov@google.com> Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Reviewed-by: Denis Kuznetsov <antrim@chromium.org> Cr-Commit-Position: refs/heads/master@{#699690}
85297c28 · Roman Aleksandrov · Commit Bot · 19397af3 · 85297c28 · 85297c28
Commit 85297c28 authored Sep 25, 2019 by Roman Aleksandrov Committed by Commit Bot Sep 25, 2019
6 changed files
--- a/chrome/browser/chromeos/policy/auto_enrollment_client_impl.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client_impl.cc
@@ -143,6 +143,14 @@ class AutoEnrollmentClientImpl::StateDownloadMessageProcessor {
 public:
  virtual ~StateDownloadMessageProcessor() {}
+  // Parsed fields of DeviceManagementResponse.
+  struct ParsedResponse {
+    std::string restore_mode;
+    base::Optional<std::string> management_domain;
+    base::Optional<std::string> disabled_message;
+    base::Optional<bool> is_license_packaged_with_device;
+  };
  // Returns the request job type. This must match the request filled in
  // |FillRequest|.
  virtual DeviceManagementService::JobConfiguration::JobType GetJobType()
@@ -152,14 +160,10 @@ class AutoEnrollmentClientImpl::StateDownloadMessageProcessor {
  virtual void FillRequest(
      enterprise_management::DeviceManagementRequest* request) = 0;
-  // Parses the |response|. If it is valid, extracts |restore_mode|,
+  // Parses the |response|. If it is valid, returns a ParsedResponse struct
-  // |management_domain| and |disabled_message| and returns true. Otherwise,
+  // instance. If it is invalid, returns nullopt.
-  // returns false.
+  virtual base::Optional<ParsedResponse> ParseResponse(
-  virtual bool ParseResponse(
+      const enterprise_management::DeviceManagementResponse& response) = 0;
-      const enterprise_management::DeviceManagementResponse& response,
-      std::string* restore_mode,
-      base::Optional<std::string>* management_domain,
-      base::Optional<std::string>* disabled_message) = 0;
 };
 namespace {
@@ -239,31 +243,32 @@ class StateDownloadMessageProcessorFRE
        ->set_server_backed_state_key(server_backed_state_key_);
  }
-  bool ParseResponse(const em::DeviceManagementResponse& response,
+  base::Optional<ParsedResponse> ParseResponse(
-                     std::string* restore_mode,
+      const em::DeviceManagementResponse& response) override {
-                     base::Optional<std::string>* management_domain,
+    StateDownloadMessageProcessorFRE::ParsedResponse parsed_response;
-                     base::Optional<std::string>* disabled_message) override {
    if (!response.has_device_state_retrieval_response()) {
      LOG(ERROR) << "Server failed to provide auto-enrollment response.";
-      return false;
+      return base::nullopt;
    }
    const em::DeviceStateRetrievalResponse& state_response =
        response.device_state_retrieval_response();
-    *restore_mode = ConvertRestoreMode(state_response.restore_mode());
+    parsed_response.restore_mode =
+        ConvertRestoreMode(state_response.restore_mode());
    if (state_response.has_management_domain())
-      *management_domain = state_response.management_domain();
+      parsed_response.management_domain = state_response.management_domain();
-    else
-      management_domain->reset();
-    if (state_response.has_disabled_state())
+    if (state_response.has_disabled_state()) {
-      *disabled_message = state_response.disabled_state().message();
+      parsed_response.disabled_message =
-    else
+          state_response.disabled_state().message();
-      disabled_message->reset();
+    }
+    // Package license is not available during the re-enrollment
+    parsed_response.is_license_packaged_with_device.reset();
    // Logging as "WARNING" to make sure it's preserved in the logs.
    LOG(WARNING) << "Received restore_mode=" << state_response.restore_mode();
-    return true;
+    return parsed_response;
  }
 private:
@@ -295,32 +300,34 @@ class StateDownloadMessageProcessorInitialEnrollment
    inner_request->set_serial_number(device_serial_number_);
  }
-  bool ParseResponse(const em::DeviceManagementResponse& response,
+  base::Optional<ParsedResponse> ParseResponse(
-                     std::string* restore_mode,
+      const em::DeviceManagementResponse& response) override {
-                     base::Optional<std::string>* management_domain,
+    StateDownloadMessageProcessorFRE::ParsedResponse parsed_response;
-                     base::Optional<std::string>* disabled_message) override {
    if (!response.has_device_initial_enrollment_state_response()) {
      LOG(ERROR) << "Server failed to provide initial enrollment response.";
-      return false;
+      return base::nullopt;
    }
    const em::DeviceInitialEnrollmentStateResponse& state_response =
        response.device_initial_enrollment_state_response();
    if (state_response.has_initial_enrollment_mode()) {
-      *restore_mode = ConvertInitialEnrollmentMode(
+      parsed_response.restore_mode = ConvertInitialEnrollmentMode(
          state_response.initial_enrollment_mode());
    } else {
      // Unknown initial enrollment mode - treat as no enrollment.
-      *restore_mode = std::string();
+      parsed_response.restore_mode.clear();
    }
    if (state_response.has_management_domain())
-      *management_domain = state_response.management_domain();
+      parsed_response.management_domain = state_response.management_domain();
-    else
-      management_domain->reset();
+    if (state_response.has_is_license_packaged_with_device()) {
+      parsed_response.is_license_packaged_with_device =
+          state_response.is_license_packaged_with_device();
+    }
    // Device disabling is not supported in initial forced enrollment.
-    disabled_message->reset();
+    parsed_response.disabled_message.reset();
    // Logging as "WARNING" to make sure it's preserved in the logs.
    LOG(WARNING) << "Received initial_enrollment_mode="
@@ -329,7 +336,7 @@ class StateDownloadMessageProcessorInitialEnrollment
                         ? "Device has a packaged license for management."
                         : "No packaged license.");
-    return true;
+    return parsed_response;
  }
 private:
@@ -728,29 +735,37 @@ bool AutoEnrollmentClientImpl::OnDeviceStateRequestCompletion(
    DeviceManagementStatus status,
    int net_error,
    const em::DeviceManagementResponse& response) {
-  std::string device_state_mode;
+  base::Optional<StateDownloadMessageProcessorFRE::ParsedResponse>
-  base::Optional<std::string> management_domain;
+      parsed_response_opt;
-  base::Optional<std::string> disabled_message;
-  bool progress = state_download_message_processor_->ParseResponse(
+  parsed_response_opt =
-      response, &device_state_mode, &management_domain, &disabled_message);
+      state_download_message_processor_->ParseResponse(response);
-  if (!progress)
+  if (!parsed_response_opt)
    return false;
+  StateDownloadMessageProcessorFRE::ParsedResponse parsed_response =
+      std::move(parsed_response_opt.value());
  {
    DictionaryPrefUpdate dict(local_state_, prefs::kServerBackedDeviceState);
    UpdateDict(dict.Get(), kDeviceStateManagementDomain,
-               management_domain.has_value(),
+               parsed_response.management_domain.has_value(),
               std::make_unique<base::Value>(
-                   management_domain.value_or(std::string())));
+                   parsed_response.management_domain.value_or(std::string())));
-    UpdateDict(dict.Get(), kDeviceStateMode, !device_state_mode.empty(),
+    UpdateDict(dict.Get(), kDeviceStateMode,
-               std::make_unique<base::Value>(device_state_mode));
+               !parsed_response.restore_mode.empty(),
+               std::make_unique<base::Value>(parsed_response.restore_mode));
    UpdateDict(dict.Get(), kDeviceStateDisabledMessage,
-               disabled_message.has_value(),
+               parsed_response.disabled_message.has_value(),
+               std::make_unique<base::Value>(
+                   parsed_response.disabled_message.value_or(std::string())));
+    UpdateDict(
+        dict.Get(), kDeviceStatePackagedLicense,
+        parsed_response.is_license_packaged_with_device.has_value(),
        std::make_unique<base::Value>(
-                   disabled_message.value_or(std::string())));
+            parsed_response.is_license_packaged_with_device.value_or(false)));
  }
  local_state_->CommitPendingWrite();
  device_state_available_ = true;

--- a/chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client_impl_unittest.cc
@@ -46,6 +46,9 @@ const char kInitialEnrollmentIdHash[] = "\x30\x18\xb7\x0f\x76\x09\xc5\xc7";
 const int kInitialEnrollmentIdHashLength = 8;
+const bool kNotWithLicense = false;
+const bool kWithLicense = true;
 // This is modulus power value used in initial enrollment to detect that the
 // server is outdated and does not support initial enrollment. See the
 // |DetectOutdatedServer| test case.
@@ -189,13 +192,14 @@ class AutoEnrollmentClientImplTest
  void ServerWillSendState(
      const std::string& management_domain,
      em::DeviceStateRetrievalResponse::RestoreMode restore_mode,
-      const std::string& device_disabled_message) {
+      const std::string& device_disabled_message,
+      bool is_license_packaged_with_device) {
    if (GetParam() == AutoEnrollmentProtocol::kFRE) {
      ServerWillSendFREState(management_domain, restore_mode,
                             device_disabled_message);
    } else {
      ServerWillSendInitialEnrollmentState(
-          management_domain,
+          management_domain, is_license_packaged_with_device,
          MapRestoreModeToInitialEnrollmentMode(restore_mode));
    }
  }
@@ -232,6 +236,7 @@ class AutoEnrollmentClientImplTest
  void ServerWillSendInitialEnrollmentState(
      const std::string& management_domain,
+      bool is_license_packaged_with_device,
      em::DeviceInitialEnrollmentStateResponse::InitialEnrollmentMode
          initial_enrollment_mode) {
    em::DeviceManagementResponse response;
@@ -239,6 +244,8 @@ class AutoEnrollmentClientImplTest
        response.mutable_device_initial_enrollment_state_response();
    state_response->set_initial_enrollment_mode(initial_enrollment_mode);
    state_response->set_management_domain(management_domain);
+    state_response->set_is_license_packaged_with_device(
+        is_license_packaged_with_device);
    EXPECT_CALL(*service_, StartJob(_))
        .WillOnce(
            DoAll(service_->CaptureJobType(&state_retrieval_job_type_),
@@ -281,7 +288,8 @@ class AutoEnrollmentClientImplTest
  void VerifyServerBackedState(const std::string& expected_management_domain,
                               const std::string& expected_restore_mode,
-                               const std::string& expected_disabled_message) {
+                               const std::string& expected_disabled_message,
+                               bool expected_is_license_packaged_with_device) {
    const base::Value* state =
        local_state_->GetUserPref(prefs::kServerBackedDeviceState);
    ASSERT_TRUE(state);
@@ -315,6 +323,17 @@ class AutoEnrollmentClientImplTest
      EXPECT_FALSE(state_dict->GetString(kDeviceStateDisabledMessage,
                                         &actual_disabled_message));
    }
+    if (GetParam() == AutoEnrollmentProtocol::kFRE) {
+      EXPECT_FALSE(state_dict->FindBoolPath(kDeviceStatePackagedLicense));
+    } else {
+      base::Optional<bool> actual_is_license_packaged_with_device;
+      actual_is_license_packaged_with_device =
+          state_dict->FindBoolPath(kDeviceStatePackagedLicense);
+      EXPECT_TRUE(actual_is_license_packaged_with_device.has_value());
+      EXPECT_EQ(expected_is_license_packaged_with_device,
+                actual_is_license_packaged_with_device.value());
+    }
  }
  const em::DeviceAutoEnrollmentRequest& auto_enrollment_request() {
@@ -432,7 +451,7 @@ TEST_P(AutoEnrollmentClientImplTest, AskForLess) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -442,7 +461,7 @@ TEST_P(AutoEnrollmentClientImplTest, AskForLess) {
  VerifyCachedResult(true, 8);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, AskForSame) {
@@ -452,7 +471,7 @@ TEST_P(AutoEnrollmentClientImplTest, AskForSame) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -462,7 +481,7 @@ TEST_P(AutoEnrollmentClientImplTest, AskForSame) {
  VerifyCachedResult(true, 8);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, AskForSameTwice) {
@@ -565,7 +584,7 @@ TEST_P(AutoEnrollmentClientImplTest, ForcedReEnrollment) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -575,7 +594,7 @@ TEST_P(AutoEnrollmentClientImplTest, ForcedReEnrollment) {
  VerifyCachedResult(true, 8);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
  // Network changes don't trigger retries after obtaining a response from
  // the server.
@@ -590,7 +609,7 @@ TEST_P(AutoEnrollmentClientImplTest, ForcedEnrollmentZeroTouch) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ZERO_TOUCH,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -600,7 +619,7 @@ TEST_P(AutoEnrollmentClientImplTest, ForcedEnrollmentZeroTouch) {
  VerifyCachedResult(true, 8);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentZeroTouch,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
  // Network changes don't trigger retries after obtaining a response from
  // the server.
@@ -620,7 +639,7 @@ TEST_P(AutoEnrollmentClientImplTest, RequestedReEnrollment) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_REQUESTED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -630,7 +649,7 @@ TEST_P(AutoEnrollmentClientImplTest, RequestedReEnrollment) {
  VerifyCachedResult(true, 8);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentRequested,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, DeviceDisabled) {
@@ -642,7 +661,7 @@ TEST_P(AutoEnrollmentClientImplTest, DeviceDisabled) {
  ServerWillReply(-1, true, true);
  ServerWillSendState("example.com",
                      em::DeviceStateRetrievalResponse::RESTORE_MODE_DISABLED,
-                      kDisabledMessage);
+                      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -651,7 +670,7 @@ TEST_P(AutoEnrollmentClientImplTest, DeviceDisabled) {
  EXPECT_EQ(AUTO_ENROLLMENT_STATE_DISABLED, state_);
  VerifyCachedResult(true, 8);
  VerifyServerBackedState("example.com", kDeviceStateRestoreModeDisabled,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, NoBitsUploaded) {
@@ -706,7 +725,7 @@ TEST_P(AutoEnrollmentClientImplTest, MoreThan32BitsUploaded) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -716,7 +735,7 @@ TEST_P(AutoEnrollmentClientImplTest, MoreThan32BitsUploaded) {
  VerifyCachedResult(true, 37);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, ReuseCachedDecision) {
@@ -733,7 +752,7 @@ TEST_P(AutoEnrollmentClientImplTest, ReuseCachedDecision) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
@@ -741,7 +760,7 @@ TEST_P(AutoEnrollmentClientImplTest, ReuseCachedDecision) {
  EXPECT_EQ(AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT, state_);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, RetryIfPowerLargerThanCached) {
@@ -756,7 +775,7 @@ TEST_P(AutoEnrollmentClientImplTest, RetryIfPowerLargerThanCached) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -765,7 +784,7 @@ TEST_P(AutoEnrollmentClientImplTest, RetryIfPowerLargerThanCached) {
  EXPECT_EQ(AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT, state_);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, NetworkChangeRetryAfterErrors) {
@@ -793,7 +812,7 @@ TEST_P(AutoEnrollmentClientImplTest, NetworkChangeRetryAfterErrors) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->OnConnectionChanged(
      network::mojom::ConnectionType::CONNECTION_ETHERNET);
  base::RunLoop().RunUntilIdle();
@@ -804,7 +823,7 @@ TEST_P(AutoEnrollmentClientImplTest, NetworkChangeRetryAfterErrors) {
  EXPECT_TRUE(HasCachedDecision());
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
  // Subsequent network changes don't trigger retries.
  client()->OnConnectionChanged(
@@ -817,7 +836,7 @@ TEST_P(AutoEnrollmentClientImplTest, NetworkChangeRetryAfterErrors) {
  EXPECT_TRUE(HasCachedDecision());
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
 }
 TEST_P(AutoEnrollmentClientImplTest, CancelAndDeleteSoonWithPendingRequest) {
@@ -887,7 +906,7 @@ TEST_P(AutoEnrollmentClientImplTest, CancelAndDeleteSoonAfterCompletion) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  client()->Start();
  base::RunLoop().RunUntilIdle();
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
@@ -896,7 +915,7 @@ TEST_P(AutoEnrollmentClientImplTest, CancelAndDeleteSoonAfterCompletion) {
  EXPECT_EQ(AUTO_ENROLLMENT_STATE_TRIGGER_ENROLLMENT, state_);
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
  // The client will delete itself immediately if there are no pending
  // requests.
@@ -947,7 +966,7 @@ TEST_P(AutoEnrollmentClientImplTest, NetworkFailureThenRequireUpdatedModulus) {
  ServerWillSendState(
      "example.com",
      em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED,
-      kDisabledMessage);
+      kDisabledMessage, kNotWithLicense);
  // Trigger a network change event.
  client()->OnConnectionChanged(
@@ -957,7 +976,7 @@ TEST_P(AutoEnrollmentClientImplTest, NetworkFailureThenRequireUpdatedModulus) {
  EXPECT_TRUE(HasCachedDecision());
  VerifyServerBackedState("example.com",
                          kDeviceStateRestoreModeReEnrollmentEnforced,
-                          kDisabledMessage);
+                          kDisabledMessage, kNotWithLicense);
  Mock::VerifyAndClearExpectations(service_.get());
  EXPECT_EQ(DeviceManagementService::JobConfiguration::TYPE_AUTO_ENROLLMENT,
            auto_enrollment_job_type_);

--- a/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
@@ -224,10 +224,21 @@ EnrollmentConfig DeviceCloudPolicyInitializer::GetPrescribedEnrollmentConfig()
      local_state_->GetDictionary(prefs::kServerBackedDeviceState);
  std::string device_state_mode;
  std::string device_state_management_domain;
+  base::Optional<bool> is_license_packaged_with_device;
  if (device_state) {
    device_state->GetString(kDeviceStateMode, &device_state_mode);
    device_state->GetString(kDeviceStateManagementDomain,
                            &device_state_management_domain);
+    is_license_packaged_with_device =
+        device_state->FindBoolPath(kDeviceStatePackagedLicense);
+  }
+  if (is_license_packaged_with_device) {
+    config.is_license_packaged_with_device =
+        is_license_packaged_with_device.value();
+  } else {
+    config.is_license_packaged_with_device = false;
  }
  const bool pref_enrollment_auto_start_present =

--- a/chrome/browser/chromeos/policy/enrollment_config.h
+++ b/chrome/browser/chromeos/policy/enrollment_config.h
@@ -159,6 +159,9 @@ struct EnrollmentConfig {
  // Enrollment token to use for authentication (for USB-enrollment).
  std::string enrollment_token;
+  // Is a license packaged with device or not.
+  bool is_license_packaged_with_device = false;
  // The authentication mechanism to use.
  // TODO(drcrash): Change to best available once ZTE is everywhere.
  AuthMechanism auth_mechanism = AUTH_MECHANISM_INTERACTIVE;

--- a/chrome/browser/chromeos/policy/server_backed_device_state.cc
+++ b/chrome/browser/chromeos/policy/server_backed_device_state.cc
@@ -18,6 +18,7 @@ namespace policy {
 const char kDeviceStateManagementDomain[] = "management_domain";
 const char kDeviceStateMode[] = "device_mode";
 const char kDeviceStateDisabledMessage[] = "disabled_message";
+const char kDeviceStatePackagedLicense[] = "packaged_license";
 const char kDeviceStateRestoreModeReEnrollmentRequested[] =
    "re-enrollment-requested";

--- a/chrome/browser/chromeos/policy/server_backed_device_state.h
+++ b/chrome/browser/chromeos/policy/server_backed_device_state.h
@@ -11,6 +11,7 @@ namespace policy {
 extern const char kDeviceStateManagementDomain[];
 extern const char kDeviceStateMode[];
 extern const char kDeviceStateDisabledMessage[];
+extern const char kDeviceStatePackagedLicense[];
 // String constants used to persist the restorative action in the
 // kDeviceStateMode dictionary entry.