Send brand code on enterprise enrollment

Sends the brand code in the DeviceRegisterRequest. The server may remove initial enrollment device state from its database when the device successfully enrolls. As initial enrollment device state is keyed by the serial number / brand code tuple, brand code is now also transferred on enrollment. Bug: 839353 Test: unit_tests --gtest_filter=CloudPolicyClientTest* Change-Id: I57205c2eb3b219ab7c2793a47e935e376216e703 Reviewed-on: https://chromium-review.googlesource.com/1057675Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Owen Min <zmin@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Commit-Queue: Pavol Marko <pmarko@chromium.org> Cr-Commit-Position: refs/heads/master@{#559439}

Send brand code on enterprise enrollment
Sends the brand code in the DeviceRegisterRequest. The server may remove initial enrollment device state from its database when the device successfully enrolls. As initial enrollment device state is keyed by the serial number / brand code tuple, brand code is now also transferred on enrollment. Bug: 839353 Test: unit_tests --gtest_filter=CloudPolicyClientTest* Change-Id: I57205c2eb3b219ab7c2793a47e935e376216e703 Reviewed-on: https://chromium-review.googlesource.com/1057675Reviewed-by: Achuith Bhandarkar <achuith@chromium.org> Reviewed-by: Owen Min <zmin@chromium.org> Reviewed-by: Lutz Justen <ljusten@chromium.org> Commit-Queue: Pavol Marko <pmarko@chromium.org> Cr-Commit-Position: refs/heads/master@{#559439}
f6523e08 · Pavol Marko · Commit Bot · f162fce4 · f6523e08 · f6523e08
Commit f6523e08 authored May 17, 2018 by Pavol Marko Committed by Commit Bot May 17, 2018
13 changed files
--- a/chrome/browser/chromeos/login/existing_user_controller.cc
+++ b/chrome/browser/chromeos/login/existing_user_controller.cc
@@ -1073,8 +1073,8 @@ void ExistingUserController::OnOldEncryptionDetected(
      ProfileHelper::GetSigninProfile()->GetRequestContext();
  auto cloud_policy_client = std::make_unique<policy::CloudPolicyClient>(
      std::string() /* machine_id */, std::string() /* machine_model */,
-      device_management_service, signin_profile_context,
+      std::string() /* brand_code */, device_management_service,
-      nullptr /* signing_service */,
+      signin_profile_context, nullptr /* signing_service */,
      chromeos::GetDeviceDMTokenForUserPolicyGetter(
          user_context.GetAccountId()));
  pre_signin_policy_fetcher_ = std::make_unique<policy::PreSigninPolicyFetcher>(

--- a/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
+++ b/chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc
@@ -289,10 +289,13 @@ std::unique_ptr<CloudPolicyClient> DeviceCloudPolicyInitializer::CreateClient(
  std::string machine_model;
  statistics_provider_->GetMachineStatistic(chromeos::system::kHardwareClassKey,
                                            &machine_model);
+  std::string brand_code;
+  statistics_provider_->GetMachineStatistic(chromeos::system::kRlzBrandCodeKey,
+                                            &brand_code);
  // DeviceDMToken callback is empty here because for device policies this
  // DMToken is already provided in the policy fetch requests.
  return std::make_unique<CloudPolicyClient>(
-      statistics_provider_->GetEnterpriseMachineID(), machine_model,
+      statistics_provider_->GetEnterpriseMachineID(), machine_model, brand_code,
      device_management_service, g_browser_process->system_request_context(),
      signing_service_.get(), CloudPolicyClient::DeviceDMTokenCallback());
 }

--- a/chrome/browser/chromeos/policy/device_local_account_policy_service.cc
+++ b/chrome/browser/chromeos/policy/device_local_account_policy_service.cc
@@ -76,8 +76,8 @@ std::unique_ptr<CloudPolicyClient> CreateClient(
  std::unique_ptr<CloudPolicyClient> client =
      std::make_unique<CloudPolicyClient>(
          std::string() /* machine_id */, std::string() /* machine_model */,
-          device_management_service, system_request_context,
+          std::string() /* brand_code */, device_management_service,
-          nullptr /* signing_service */,
+          system_request_context, nullptr /* signing_service */,
          base::BindRepeating(&GetDeviceDMToken, device_settings_service));
  std::vector<std::string> user_affiliation_ids(
      policy_data->user_affiliation_ids().begin(),

--- a/chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc
+++ b/chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc
@@ -154,8 +154,8 @@ void UserCloudPolicyManagerChromeOS::Connect(
  std::unique_ptr<CloudPolicyClient> cloud_policy_client =
      std::make_unique<CloudPolicyClient>(
          std::string() /* machine_id */, std::string() /* machine_model */,
-          device_management_service, system_request_context,
+          std::string() /* brand_code */, device_management_service,
-          nullptr /* signing_service */,
+          system_request_context, nullptr /* signing_service */,
          chromeos::GetDeviceDMTokenForUserPolicyGetter(account_id_));
  CreateComponentCloudPolicyService(
      dm_protocol::kChromeExtensionPolicyType, component_policy_cache_path_,

--- a/chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
+++ b/chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc
@@ -40,7 +40,8 @@ EnterpriseReportingPrivateUploadChromeDesktopReportFunction::
  if (device_management_service)
    device_management_service->ScheduleInitialization(0);
  cloud_policy_client_ = std::make_unique<policy::CloudPolicyClient>(
-      std::string(), std::string(), device_management_service,
+      std::string() /* machine_id */, std::string() /* machine_model */,
+      std::string() /* brand_code */, device_management_service,
      g_browser_process->system_request_context(), nullptr,
      policy::CloudPolicyClient::DeviceDMTokenCallback());
  dm_token_ = policy::BrowserDMTokenStorage::Get()->RetrieveDMToken();

--- a/chrome/browser/policy/cloud/machine_level_user_cloud_policy_helper.cc
+++ b/chrome/browser/policy/cloud/machine_level_user_cloud_policy_helper.cc
@@ -49,7 +49,8 @@ void MachineLevelUserCloudPolicyRegistrar::RegisterForPolicyWithEnrollmentToken(
  // reset.
  std::unique_ptr<CloudPolicyClient> policy_client =
      std::make_unique<CloudPolicyClient>(
-          std::string(), std::string(), device_management_service_,
+          std::string() /* machine_id */, std::string() /* machine_model */,
+          std::string() /* brand_code */, device_management_service_,
          system_request_context_, nullptr,
          CloudPolicyClient::DeviceDMTokenCallback());
@@ -86,7 +87,8 @@ MachineLevelUserCloudPolicyFetcher::MachineLevelUserCloudPolicyFetcher(
      system_request_context_(system_request_context) {
  std::unique_ptr<CloudPolicyClient> client =
      std::make_unique<CloudPolicyClient>(
-          std::string(), std::string(), device_management_service_,
+          std::string() /* machine_id */, std::string() /* machine_model */,
+          std::string() /* brand_code */, device_management_service_,
          system_request_context_, nullptr,
          CloudPolicyClient::DeviceDMTokenCallback());
  InitializeManager(std::move(client));

--- a/components/policy/core/common/cloud/cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client.cc
@@ -96,12 +96,14 @@ void CloudPolicyClient::Observer::OnRobotAuthCodesFetched(
 CloudPolicyClient::CloudPolicyClient(
    const std::string& machine_id,
    const std::string& machine_model,
+    const std::string& brand_code,
    DeviceManagementService* service,
    scoped_refptr<net::URLRequestContextGetter> request_context,
    SigningService* signing_service,
    DeviceDMTokenCallback device_dm_token_callback)
    : machine_id_(machine_id),
      machine_model_(machine_model),
+      brand_code_(brand_code),
      service_(service),  // Can be null for unit tests.
      signing_service_(signing_service),
      device_dm_token_callback_(device_dm_token_callback),
@@ -169,6 +171,8 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
    request->set_machine_id(machine_id_);
  if (!machine_model_.empty())
    request->set_machine_model(machine_model_);
+  if (!brand_code_.empty())
+    request->set_brand_code(brand_code_);
  if (!requisition.empty())
    request->set_requisition(requisition);
  if (!current_state_key.empty())
@@ -215,6 +219,8 @@ void CloudPolicyClient::RegisterWithCertificate(
    request->set_machine_id(machine_id_);
  if (!machine_model_.empty())
    request->set_machine_model(machine_model_);
+  if (!brand_code_.empty())
+    request->set_brand_code(brand_code_);
  if (!requisition.empty())
    request->set_requisition(requisition);
  if (!current_state_key.empty())

--- a/components/policy/core/common/cloud/cloud_policy_client.h
+++ b/components/policy/core/common/cloud/cloud_policy_client.h
@@ -94,17 +94,18 @@ class POLICY_EXPORT CloudPolicyClient {
    virtual void OnClientError(CloudPolicyClient* client) = 0;
  };
-  // If non-empty, |machine_id| and |machine_model| are passed to the server
+  // If non-empty, |machine_id|, |machine_model| and |brand_code| are passed
-  // verbatim. As these reveal machine identity, they must only be used where
+  // to the server verbatim. As these reveal machine identity, they must only
-  // this is appropriate (i.e. device policy, but not user policy). |service|
+  // be used where this is appropriate (i.e. device policy, but not user
-  // and |signing_service| are weak pointers and it's the caller's
+  // policy). |service| and |signing_service| are weak pointers and it's the
-  // responsibility to keep them valid for the lifetime of CloudPolicyClient.
+  // caller's responsibility to keep them valid for the lifetime of
-  // The |signing_service| is used to sign sensitive requests.
+  // CloudPolicyClient. The |signing_service| is used to sign sensitive
-  // |device_dm_token_callback| is used to retrieve device DMToken for
+  // requests. |device_dm_token_callback| is used to retrieve device DMToken for
  // affiliated users. Could be null if it's not possible to use
  // device DMToken for user policy fetches.
  CloudPolicyClient(const std::string& machine_id,
                    const std::string& machine_model,
+                    const std::string& brand_code,
                    DeviceManagementService* service,
                    scoped_refptr<net::URLRequestContextGetter> request_context,
                    SigningService* signing_service,
@@ -264,6 +265,7 @@ class POLICY_EXPORT CloudPolicyClient {
  const std::string& machine_id() const { return machine_id_; }
  const std::string& machine_model() const { return machine_model_; }
+  const std::string& brand_code() const { return brand_code_; }
  void set_last_policy_timestamp(const base::Time& timestamp) {
    last_policy_timestamp_ = timestamp;
@@ -452,6 +454,7 @@ class POLICY_EXPORT CloudPolicyClient {
  // Data necessary for constructing policy requests.
  const std::string machine_id_;
  const std::string machine_model_;
+  const std::string brand_code_;
  PolicyTypeSet types_to_fetch_;
  std::vector<std::string> state_keys_to_upload_;

--- a/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
+++ b/components/policy/core/common/cloud/cloud_policy_client_unittest.cc
@@ -44,6 +44,7 @@ namespace {
 const char kClientID[] = "fake-client-id";
 const char kMachineID[] = "fake-machine-id";
 const char kMachineModel[] = "fake-machine-model";
+const char kBrandCode[] = "fake-brand-code";
 const char kOAuthToken[] = "fake-oauth-token";
 const char kDMToken[] = "fake-dm-token";
 const char kDeviceDMToken[] = "fake-device-dm-token";
@@ -120,6 +121,7 @@ class CloudPolicyClientTest : public testing::Test {
    register_request->set_type(em::DeviceRegisterRequest::USER);
    register_request->set_machine_id(kMachineID);
    register_request->set_machine_model(kMachineModel);
+    register_request->set_brand_code(kBrandCode);
    register_request->set_lifetime(
        em::DeviceRegisterRequest::LIFETIME_INDEFINITE);
    register_request->set_flavor(
@@ -134,6 +136,7 @@ class CloudPolicyClientTest : public testing::Test {
    request->set_type(em::DeviceRegisterRequest::DEVICE);
    request->set_machine_id(kMachineID);
    request->set_machine_model(kMachineModel);
+    request->set_brand_code(kBrandCode);
    request->set_lifetime(em::DeviceRegisterRequest::LIFETIME_INDEFINITE);
    request->set_flavor(
        em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_ATTESTATION);
@@ -263,7 +266,7 @@ class CloudPolicyClientTest : public testing::Test {
    request_context_ =
        new net::TestURLRequestContextGetter(loop_.task_runner());
    client_ = std::make_unique<CloudPolicyClient>(
-        kMachineID, kMachineModel, &service_, request_context_,
+        kMachineID, kMachineModel, kBrandCode, &service_, request_context_,
        &fake_signing_service_,
        base::BindRepeating(
            &MockDeviceDMTokenCallbackObserver::OnDeviceDMTokenRequested,

--- a/components/policy/core/common/cloud/mock_cloud_policy_client.cc
+++ b/components/policy/core/common/cloud/mock_cloud_policy_client.cc
@@ -14,10 +14,11 @@ namespace em = enterprise_management;
 namespace policy {
 MockCloudPolicyClient::MockCloudPolicyClient()
-    : CloudPolicyClient(std::string(), /* machine_id */
+    : CloudPolicyClient(std::string() /* machine_id */,
-                        std::string(), /* machine_model */
+                        std::string() /* machine_model */,
-                        nullptr,       /* service */
+                        std::string() /* brand_code */,
-                        nullptr,       /* request_context */
+                        nullptr /* service */,
+                        nullptr /* request_context */,
                        nullptr /* signing_service */,
                        CloudPolicyClient::DeviceDMTokenCallback()) {}

--- a/components/policy/core/common/cloud/user_cloud_policy_manager.cc
+++ b/components/policy/core/common/cloud/user_cloud_policy_manager.cc
@@ -86,7 +86,8 @@ UserCloudPolicyManager::CreateCloudPolicyClient(
    scoped_refptr<net::URLRequestContextGetter> request_context) {
  return std::make_unique<CloudPolicyClient>(
      std::string() /* machine_id */, std::string() /* machine_model */,
-      device_management_service, request_context, nullptr /* signing_service */,
+      std::string() /* brand_code */, device_management_service,
+      request_context, nullptr /* signing_service */,
      CloudPolicyClient::DeviceDMTokenCallback());
 }

--- a/components/policy/core/common/remote_commands/remote_commands_service_unittest.cc
+++ b/components/policy/core/common/remote_commands/remote_commands_service_unittest.cc
@@ -83,10 +83,11 @@ class TestingCloudPolicyClientForRemoteCommands : public CloudPolicyClient {
 public:
  explicit TestingCloudPolicyClientForRemoteCommands(
      TestingRemoteCommandsServer* server)
-      : CloudPolicyClient(std::string(), /* machine_id */
+      : CloudPolicyClient(std::string() /* machine_id */,
-                          std::string(), /* machine_model */
+                          std::string() /* machine_model */,
-                          nullptr,       /* service */
+                          std::string() /* brand_code */,
-                          nullptr,       /* request_context */
+                          nullptr /* service */,
+                          nullptr /* request_context */,
                          nullptr /* signing_service */,
                          CloudPolicyClient::DeviceDMTokenCallback()),
        server_(server) {

--- a/components/policy/proto/device_management_backend.proto
+++ b/components/policy/proto/device_management_backend.proto
@@ -141,6 +141,9 @@ message DeviceRegisterRequest {
  // Indicates the expected lifetime of registration.
  optional Lifetime lifetime = 11 [default = LIFETIME_INDEFINITE];
+  // The 4-character brand code of the device.
+  optional string brand_code = 12;
 }
 // Response from server to device register request.