cryptohome: Add support for LockToSingleUserMountUntilReboot

This will allow to implement the functionality of the policy that forces
the device to reboot on user sign out.

CQ-DEPEND=CL:1458577

Bug: b:77799573
Test: None
Change-Id: Ib01dd38a6db3608ba303ddbde44db5edfb26c629
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1477120
Commit-Queue: Igor <igorcov@chromium.org>
Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org>
Reviewed-by: Igor <igorcov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#638169}

chromeos/dbus/cryptohome_client.cc

@@ -1006,6 +1006,21 @@ class CryptohomeClientImpl : public CryptohomeClient {
                        weak_ptr_factory_.GetWeakPtr(), std::move(callback)));
   }
 
+  void LockToSingleUserMountUntilReboot(
+      const cryptohome::LockToSingleUserMountUntilRebootRequest& request,
+      DBusMethodCallback<cryptohome::BaseReply> callback) override {
+    const char* method_name =
+        cryptohome::kCryptohomeLockToSingleUserMountUntilReboot;
+    dbus::MethodCall method_call(cryptohome::kCryptohomeInterface, method_name);
+    dbus::MessageWriter writer(&method_call);
+    writer.AppendProtoAsArrayOfBytes(request);
+
+    proxy_->CallMethod(
+        &method_call, kTpmDBusTimeoutMs,
+        base::BindOnce(&CryptohomeClientImpl::OnBaseReplyMethod,
+                       weak_ptr_factory_.GetWeakPtr(), std::move(callback)));
+  }
+
  protected:
   void Init(dbus::Bus* bus) override {
     dbus::ObjectProxy* proxy = bus->GetObjectProxy(

chromeos/dbus/cryptohome_client.h

@@ -30,6 +30,7 @@ class GetBootAttributeRequest;
 class GetKeyDataRequest;
 class GetSupportedKeyPoliciesRequest;
 class GetTpmStatusRequest;
+class LockToSingleUserMountUntilRebootRequest;
 class MigrateKeyRequest;
 class MigrateToDircryptoRequest;
 class MountGuestRequest;
@@ -498,6 +499,13 @@ class COMPONENT_EXPORT(CHROMEOS_DBUS) CryptohomeClient : public DBusClient {
                        const cryptohome::MountRequest& request,
                        DBusMethodCallback<cryptohome::BaseReply> callback) = 0;
 
+  // Asynchronously calls DisableLoginUntilReboot method, locking the device
+  // into a state where only the user data for provided account_id from
+  // |request| can be accessed. After reboot all other user data are accessible.
+  virtual void LockToSingleUserMountUntilReboot(
+      const cryptohome::LockToSingleUserMountUntilRebootRequest& request,
+      DBusMethodCallback<cryptohome::BaseReply> callback) = 0;
+
   // Asynchronously calls AddKeyEx method. |callback| is called after method
   // call, and with reply protobuf.
   // AddKeyEx adds another key to the given key set. |request| also defines

chromeos/dbus/fake_cryptohome_client.cc

@@ -588,6 +588,12 @@ void FakeCryptohomeClient::MountEx(
   ReturnProtobufMethodCallback(reply, std::move(callback));
 }
 
+void FakeCryptohomeClient::LockToSingleUserMountUntilReboot(
+    const cryptohome::LockToSingleUserMountUntilRebootRequest& request,
+    DBusMethodCallback<cryptohome::BaseReply> callback) {
+  ReturnProtobufMethodCallback(cryptohome::BaseReply(), std::move(callback));
+}
+
 void FakeCryptohomeClient::AddKeyEx(
     const cryptohome::AccountIdentifier& cryptohome_id,
     const cryptohome::AuthorizationRequest& auth,

chromeos/dbus/fake_cryptohome_client.h

@@ -175,6 +175,9 @@ class COMPONENT_EXPORT(CHROMEOS_DBUS) FakeCryptohomeClient
                const cryptohome::AuthorizationRequest& auth,
                const cryptohome::MountRequest& request,
                DBusMethodCallback<cryptohome::BaseReply> callback) override;
+  void LockToSingleUserMountUntilReboot(
+      const cryptohome::LockToSingleUserMountUntilRebootRequest& request,
+      DBusMethodCallback<cryptohome::BaseReply> callback) override;
   void AddKeyEx(const cryptohome::AccountIdentifier& cryptohome_id,
                 const cryptohome::AuthorizationRequest& auth,
                 const cryptohome::AddKeyRequest& request,