Add RESTORE_MODE_DISABLED to RestoreMode

This CL changes the way that device disabling is expressed in the DeviceStateRetrievalResponse proto. Instead of being implied when the |device_state| field is present, it is now explictly set as a |restore_mode|. BUG=425574 TEST=Updated unit and browser tests Review URL: https://codereview.chromium.org/690643002 Cr-Commit-Position: refs/heads/master@{#302426}

Add RESTORE_MODE_DISABLED to RestoreMode
This CL changes the way that device disabling is expressed in the DeviceStateRetrievalResponse proto. Instead of being implied when the |device_state| field is present, it is now explictly set as a |restore_mode|. BUG=425574 TEST=Updated unit and browser tests Review URL: https://codereview.chromium.org/690643002 Cr-Commit-Position: refs/heads/master@{#302426}
ccb8c0f0 · bartfab · Commit bot · e7be940c · ccb8c0f0 · ccb8c0f0
Commit ccb8c0f0 authored Nov 03, 2014 by bartfab Committed by Commit bot Nov 03, 2014
10 changed files
--- a/chrome/browser/chromeos/login/screens/device_disabled_screen.cc
+++ b/chrome/browser/chromeos/login/screens/device_disabled_screen.cc
@@ -48,11 +48,7 @@ void DeviceDisabledScreen::Show() {
  if (!actor_ || showing_)
    return;
-  bool is_device_disabled = false;
+  if (policy::GetRestoreMode() != policy::RESTORE_MODE_DISABLED ||
-  g_browser_process->local_state()->GetDictionary(
-      prefs::kServerBackedDeviceState)->GetBoolean(policy::kDeviceStateDisabled,
-                                                   &is_device_disabled);
-  if (!is_device_disabled ||
      CommandLine::ForCurrentProcess()->HasSwitch(
          switches::kDisableDeviceDisabling)) {
    // Skip the screen if the device is not marked as disabled or device

--- a/chrome/browser/chromeos/login/screens/device_disabled_screen_unittest.cc
+++ b/chrome/browser/chromeos/login/screens/device_disabled_screen_unittest.cc
@@ -102,9 +102,13 @@ void DeviceDisabledScreenTest::HideErrorScreen(BaseScreen* parent_screen) {
 void DeviceDisabledScreenTest::SetDeviceDisabled(bool disabled) {
  DictionaryPrefUpdate dict(&local_state_, prefs::kServerBackedDeviceState);
-  dict->SetBoolean(policy::kDeviceStateDisabled, disabled);
+  if (disabled) {
-  if (disabled)
+    dict->SetString(policy::kDeviceStateRestoreMode,
-    dict->SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage);
+                    policy::kDeviceStateRestoreModeDisabled);
+  } else {
+    dict->Remove(policy::kDeviceStateRestoreMode, nullptr);
+  }
+  dict->SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage);
 }
 void DeviceDisabledScreenTest::SetDeviceMode(policy::DeviceMode device_mode) {

--- a/chrome/browser/chromeos/login/wizard_controller_browsertest.cc
+++ b/chrome/browser/chromeos/login/wizard_controller_browsertest.cc
@@ -884,7 +884,8 @@ IN_PROC_BROWSER_TEST_F(WizardControllerDeviceStateTest,
  EXPECT_EQ(GetErrorScreen(),
            WizardController::default_controller()->current_screen());
  base::DictionaryValue device_state;
-  device_state.SetBoolean(policy::kDeviceStateDisabled, true);
+  device_state.SetString(policy::kDeviceStateRestoreMode,
+                         policy::kDeviceStateRestoreModeDisabled);
  device_state.SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage);
  g_browser_process->local_state()->Set(prefs::kServerBackedDeviceState,
                                        device_state);

--- a/chrome/browser/chromeos/policy/auto_enrollment_client.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client.cc
@@ -74,6 +74,8 @@ std::string ConvertRestoreMode(
      return kDeviceStateRestoreModeReEnrollmentRequested;
    case em::DeviceStateRetrievalResponse::RESTORE_MODE_REENROLLMENT_ENFORCED:
      return kDeviceStateRestoreModeReEnrollmentEnforced;
+    case em::DeviceStateRetrievalResponse::RESTORE_MODE_DISABLED:
+      return kDeviceStateRestoreModeDisabled;
  }
  // Return is required to avoid compiler warning.
@@ -233,13 +235,10 @@ void AutoEnrollmentClient::NextStep() {
    // Protocol finished successfully, report result.
    bool trigger_enrollment = false;
    if (retrieve_device_state_) {
-      const base::DictionaryValue* device_state_dict =
+      const RestoreMode restore_mode = GetRestoreMode();
-          local_state_->GetDictionary(prefs::kServerBackedDeviceState);
-      std::string restore_mode;
-      device_state_dict->GetString(kDeviceStateRestoreMode, &restore_mode);
      trigger_enrollment =
-          (restore_mode == kDeviceStateRestoreModeReEnrollmentRequested ||
+          (restore_mode == RESTORE_MODE_REENROLLMENT_REQUESTED ||
-           restore_mode == kDeviceStateRestoreModeReEnrollmentEnforced);
+           restore_mode == RESTORE_MODE_REENROLLMENT_ENFORCED);
    } else {
      trigger_enrollment = has_server_state_;
    }
@@ -411,11 +410,6 @@ bool AutoEnrollmentClient::OnDeviceStateRequestCompletion(
                 !restore_mode.empty(),
                 new base::StringValue(restore_mode));
-      UpdateDict(dict.Get(),
-                 kDeviceStateDisabled,
-                 true /* set_or_clear */,
-                 new base::FundamentalValue(
-                     state_response.has_disabled_state()));
      UpdateDict(dict.Get(),
                 kDeviceStateDisabledMessage,
                 state_response.has_disabled_state(),

--- a/chrome/browser/chromeos/policy/auto_enrollment_client_unittest.cc
+++ b/chrome/browser/chromeos/policy/auto_enrollment_client_unittest.cc
--- a/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
@@ -135,9 +135,9 @@ void DeviceCloudPolicyInitializer::StartEnrollment(
 }
 bool DeviceCloudPolicyInitializer::ShouldAutoStartEnrollment() const {
-  std::string restore_mode = GetRestoreMode();
+  const RestoreMode restore_mode = GetRestoreMode();
-  if (restore_mode == kDeviceStateRestoreModeReEnrollmentRequested ||
+  if (restore_mode == RESTORE_MODE_REENROLLMENT_REQUESTED ||
-      restore_mode == kDeviceStateRestoreModeReEnrollmentEnforced) {
+      restore_mode == RESTORE_MODE_REENROLLMENT_ENFORCED) {
    return true;
  }
@@ -163,7 +163,7 @@ std::string DeviceCloudPolicyInitializer::GetEnrollmentRecoveryDomain() const {
 }
 bool DeviceCloudPolicyInitializer::CanExitEnrollment() const {
-  if (GetRestoreMode() == kDeviceStateRestoreModeReEnrollmentEnforced)
+  if (GetRestoreMode() == RESTORE_MODE_REENROLLMENT_ENFORCED)
    return false;
  if (local_state_->HasPrefPath(prefs::kDeviceEnrollmentCanExit))
@@ -254,12 +254,4 @@ void DeviceCloudPolicyInitializer::StartConnection(
  }
 }
-std::string DeviceCloudPolicyInitializer::GetRestoreMode() const {
-  const base::DictionaryValue* device_state_dict =
-      local_state_->GetDictionary(prefs::kServerBackedDeviceState);
-  std::string restore_mode;
-  device_state_dict->GetString(kDeviceStateRestoreMode, &restore_mode);
-  return restore_mode;
-}
 }  // namespace policy
--- a/chrome/browser/chromeos/policy/device_cloud_policy_initializer.h
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_initializer.h
@@ -110,9 +110,6 @@ class DeviceCloudPolicyInitializer : public CloudPolicyStore::Observer {
  void TryToCreateClient();
  void StartConnection(scoped_ptr<CloudPolicyClient> client);
-  // Gets the device restore mode as stored in |local_state_|.
-  std::string GetRestoreMode() const;
  PrefService* local_state_;
  DeviceManagementService* enterprise_service_;
  DeviceManagementService* consumer_service_;

--- a/chrome/browser/chromeos/policy/server_backed_device_state.cc
+++ b/chrome/browser/chromeos/policy/server_backed_device_state.cc
@@ -4,16 +4,43 @@
 #include "chrome/browser/chromeos/policy/server_backed_device_state.h"
+#include <string>
+#include "base/logging.h"
+#include "base/prefs/pref_service.h"
+#include "base/values.h"
+#include "chrome/browser/browser_process.h"
+#include "chrome/browser/browser_process_platform_part.h"
+#include "chrome/common/pref_names.h"
 namespace policy {
 const char kDeviceStateManagementDomain[] = "management_domain";
 const char kDeviceStateRestoreMode[] = "device_mode";
-const char kDeviceStateDisabled[] = "disabled";
 const char kDeviceStateDisabledMessage[] = "disabled_message";
 const char kDeviceStateRestoreModeReEnrollmentRequested[] =
    "re-enrollment-requested";
 const char kDeviceStateRestoreModeReEnrollmentEnforced[] =
    "re-enrollment-enforced";
+const char kDeviceStateRestoreModeDisabled[] = "disabled";
+RestoreMode GetRestoreMode() {
+  std::string restore_mode;
+  g_browser_process->local_state()->GetDictionary(
+      prefs::kServerBackedDeviceState)->GetString(kDeviceStateRestoreMode,
+                                                  &restore_mode);
+  if (restore_mode.empty())
+    return RESTORE_MODE_NONE;
+  if (restore_mode == kDeviceStateRestoreModeReEnrollmentRequested)
+    return RESTORE_MODE_REENROLLMENT_REQUESTED;
+  if (restore_mode == kDeviceStateRestoreModeReEnrollmentEnforced)
+    return RESTORE_MODE_REENROLLMENT_ENFORCED;
+  if (restore_mode == kDeviceStateRestoreModeDisabled)
+    return RESTORE_MODE_DISABLED;
+  NOTREACHED();
+  return RESTORE_MODE_NONE;
+}
 }  // namespace policy
--- a/chrome/browser/chromeos/policy/server_backed_device_state.h
+++ b/chrome/browser/chromeos/policy/server_backed_device_state.h
@@ -10,12 +10,30 @@ namespace policy {
 // Dictionary key constants for prefs::kServerBackedDeviceState.
 extern const char kDeviceStateManagementDomain[];
 extern const char kDeviceStateRestoreMode[];
-extern const char kDeviceStateDisabled[];
 extern const char kDeviceStateDisabledMessage[];
-// Values for kDeviceStateRestoreMode.
+// String constants used to persist the restorative action in the
-extern const char kDeviceStateRestoreModeReEnrollmentEnforced[];
+// kDeviceStateRestoreMode dictionary entry.
 extern const char kDeviceStateRestoreModeReEnrollmentRequested[];
+extern const char kDeviceStateRestoreModeReEnrollmentEnforced[];
+extern const char kDeviceStateRestoreModeDisabled[];
+// Restorative action to take after device reset.
+enum RestoreMode {
+  // No state restoration.
+  RESTORE_MODE_NONE = 0,
+  // Enterprise enrollment requested, but user may skip.
+  RESTORE_MODE_REENROLLMENT_REQUESTED = 1,
+  // Enterprise enrollment is enforced and cannot be skipped.
+  RESTORE_MODE_REENROLLMENT_ENFORCED = 2,
+  // The device has been disabled by its owner. The device will show a warning
+  // screen and prevent the user from proceeding further.
+  RESTORE_MODE_DISABLED = 3,
+};
+// Parses the contents of the kDeviceStateRestoreMode dictionary entry and
+// returns it as a RestoreMode.
+RestoreMode GetRestoreMode();
 }  // namespace policy

--- a/components/policy/proto/device_management_backend.proto
+++ b/components/policy/proto/device_management_backend.proto
@@ -619,6 +619,9 @@ message DeviceStateRetrievalResponse {
    RESTORE_MODE_REENROLLMENT_REQUESTED = 1;
    // Enterprise enrollment is enforced and cannot be skipped.
    RESTORE_MODE_REENROLLMENT_ENFORCED = 2;
+    // The device has been disabled by its owner. The device will show a warning
+    // screen and prevent the user from proceeding further.
+    RESTORE_MODE_DISABLED = 3;
  };
  // The server-indicated restore mode.
  optional RestoreMode restore_mode = 1 [default = RESTORE_MODE_NONE];
@@ -626,7 +629,8 @@ message DeviceStateRetrievalResponse {
  // Primary domain the device is associated with.
  optional string management_domain = 2;
-  // The device is disabled and no logins are possible when this is set.
+  // State that is relevant only when the |restore_mode| is
+  // |RESTORE_MODE_DISABLED|.
  optional DisabledState disabled_state = 3;
 }