Send brand code on enterprise enrollment

Sends the brand code in the DeviceRegisterRequest.
The server may remove initial enrollment device state from its database
when the device successfully enrolls. As initial enrollment device state
is keyed by the serial number / brand code tuple, brand code is now also
transferred on enrollment.

Bug: 839353
Test: unit_tests --gtest_filter=CloudPolicyClientTest*
Change-Id: I57205c2eb3b219ab7c2793a47e935e376216e703
Reviewed-on: https://chromium-review.googlesource.com/1057675Reviewed-by: Achuith Bhandarkar <achuith@chromium.org>
Reviewed-by: Owen Min <zmin@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559439}

chrome/browser/chromeos/login/existing_user_controller.cc

@@ -1073,8 +1073,8 @@ void ExistingUserController::OnOldEncryptionDetected(
       ProfileHelper::GetSigninProfile()->GetRequestContext();
   auto cloud_policy_client = std::make_unique<policy::CloudPolicyClient>(
       std::string() /* machine_id */, std::string() /* machine_model */,
-      device_management_service, signin_profile_context,
-      nullptr /* signing_service */,
+      std::string() /* brand_code */, device_management_service,
+      signin_profile_context, nullptr /* signing_service */,
       chromeos::GetDeviceDMTokenForUserPolicyGetter(
           user_context.GetAccountId()));
   pre_signin_policy_fetcher_ = std::make_unique<policy::PreSigninPolicyFetcher>(

chrome/browser/chromeos/policy/device_cloud_policy_initializer.cc

@@ -289,10 +289,13 @@ std::unique_ptr<CloudPolicyClient> DeviceCloudPolicyInitializer::CreateClient(
   std::string machine_model;
   statistics_provider_->GetMachineStatistic(chromeos::system::kHardwareClassKey,
                                             &machine_model);
+  std::string brand_code;
+  statistics_provider_->GetMachineStatistic(chromeos::system::kRlzBrandCodeKey,
+                                            &brand_code);
   // DeviceDMToken callback is empty here because for device policies this
   // DMToken is already provided in the policy fetch requests.
   return std::make_unique<CloudPolicyClient>(
-      statistics_provider_->GetEnterpriseMachineID(), machine_model,
+      statistics_provider_->GetEnterpriseMachineID(), machine_model, brand_code,
       device_management_service, g_browser_process->system_request_context(),
       signing_service_.get(), CloudPolicyClient::DeviceDMTokenCallback());
 }

chrome/browser/chromeos/policy/device_local_account_policy_service.cc

@@ -76,8 +76,8 @@ std::unique_ptr<CloudPolicyClient> CreateClient(
   std::unique_ptr<CloudPolicyClient> client =
       std::make_unique<CloudPolicyClient>(
           std::string() /* machine_id */, std::string() /* machine_model */,
-          device_management_service, system_request_context,
-          nullptr /* signing_service */,
+          std::string() /* brand_code */, device_management_service,
+          system_request_context, nullptr /* signing_service */,
           base::BindRepeating(&GetDeviceDMToken, device_settings_service));
   std::vector<std::string> user_affiliation_ids(
       policy_data->user_affiliation_ids().begin(),

chrome/browser/chromeos/policy/user_cloud_policy_manager_chromeos.cc

@@ -154,8 +154,8 @@ void UserCloudPolicyManagerChromeOS::Connect(
   std::unique_ptr<CloudPolicyClient> cloud_policy_client =
       std::make_unique<CloudPolicyClient>(
           std::string() /* machine_id */, std::string() /* machine_model */,
-          device_management_service, system_request_context,
-          nullptr /* signing_service */,
+          std::string() /* brand_code */, device_management_service,
+          system_request_context, nullptr /* signing_service */,
           chromeos::GetDeviceDMTokenForUserPolicyGetter(account_id_));
   CreateComponentCloudPolicyService(
       dm_protocol::kChromeExtensionPolicyType, component_policy_cache_path_,

chrome/browser/extensions/api/enterprise_reporting_private/enterprise_reporting_private_api.cc

@@ -40,7 +40,8 @@ EnterpriseReportingPrivateUploadChromeDesktopReportFunction::
   if (device_management_service)
     device_management_service->ScheduleInitialization(0);
   cloud_policy_client_ = std::make_unique<policy::CloudPolicyClient>(
-      std::string(), std::string(), device_management_service,
+      std::string() /* machine_id */, std::string() /* machine_model */,
+      std::string() /* brand_code */, device_management_service,
       g_browser_process->system_request_context(), nullptr,
       policy::CloudPolicyClient::DeviceDMTokenCallback());
   dm_token_ = policy::BrowserDMTokenStorage::Get()->RetrieveDMToken();

chrome/browser/policy/cloud/machine_level_user_cloud_policy_helper.cc

@@ -49,7 +49,8 @@ void MachineLevelUserCloudPolicyRegistrar::RegisterForPolicyWithEnrollmentToken(
   // reset.
   std::unique_ptr<CloudPolicyClient> policy_client =
       std::make_unique<CloudPolicyClient>(
-          std::string(), std::string(), device_management_service_,
+          std::string() /* machine_id */, std::string() /* machine_model */,
+          std::string() /* brand_code */, device_management_service_,
           system_request_context_, nullptr,
           CloudPolicyClient::DeviceDMTokenCallback());
 
@@ -86,7 +87,8 @@ MachineLevelUserCloudPolicyFetcher::MachineLevelUserCloudPolicyFetcher(
       system_request_context_(system_request_context) {
   std::unique_ptr<CloudPolicyClient> client =
       std::make_unique<CloudPolicyClient>(
-          std::string(), std::string(), device_management_service_,
+          std::string() /* machine_id */, std::string() /* machine_model */,
+          std::string() /* brand_code */, device_management_service_,
           system_request_context_, nullptr,
           CloudPolicyClient::DeviceDMTokenCallback());
   InitializeManager(std::move(client));

components/policy/core/common/cloud/cloud_policy_client.cc

@@ -96,12 +96,14 @@ void CloudPolicyClient::Observer::OnRobotAuthCodesFetched(
 CloudPolicyClient::CloudPolicyClient(
     const std::string& machine_id,
     const std::string& machine_model,
+    const std::string& brand_code,
     DeviceManagementService* service,
     scoped_refptr<net::URLRequestContextGetter> request_context,
     SigningService* signing_service,
     DeviceDMTokenCallback device_dm_token_callback)
     : machine_id_(machine_id),
       machine_model_(machine_model),
+      brand_code_(brand_code),
       service_(service),  // Can be null for unit tests.
       signing_service_(signing_service),
       device_dm_token_callback_(device_dm_token_callback),
@@ -169,6 +171,8 @@ void CloudPolicyClient::Register(em::DeviceRegisterRequest::Type type,
     request->set_machine_id(machine_id_);
   if (!machine_model_.empty())
     request->set_machine_model(machine_model_);
+  if (!brand_code_.empty())
+    request->set_brand_code(brand_code_);
   if (!requisition.empty())
     request->set_requisition(requisition);
   if (!current_state_key.empty())
@@ -215,6 +219,8 @@ void CloudPolicyClient::RegisterWithCertificate(
     request->set_machine_id(machine_id_);
   if (!machine_model_.empty())
     request->set_machine_model(machine_model_);
+  if (!brand_code_.empty())
+    request->set_brand_code(brand_code_);
   if (!requisition.empty())
     request->set_requisition(requisition);
   if (!current_state_key.empty())

components/policy/core/common/cloud/cloud_policy_client.h

@@ -94,17 +94,18 @@ class POLICY_EXPORT CloudPolicyClient {
     virtual void OnClientError(CloudPolicyClient* client) = 0;
   };
 
-  // If non-empty, |machine_id| and |machine_model| are passed to the server
-  // verbatim. As these reveal machine identity, they must only be used where
-  // this is appropriate (i.e. device policy, but not user policy). |service|
-  // and |signing_service| are weak pointers and it's the caller's
-  // responsibility to keep them valid for the lifetime of CloudPolicyClient.
-  // The |signing_service| is used to sign sensitive requests.
-  // |device_dm_token_callback| is used to retrieve device DMToken for
+  // If non-empty, |machine_id|, |machine_model| and |brand_code| are passed
+  // to the server verbatim. As these reveal machine identity, they must only
+  // be used where this is appropriate (i.e. device policy, but not user
+  // policy). |service| and |signing_service| are weak pointers and it's the
+  // caller's responsibility to keep them valid for the lifetime of
+  // CloudPolicyClient. The |signing_service| is used to sign sensitive
+  // requests. |device_dm_token_callback| is used to retrieve device DMToken for
   // affiliated users. Could be null if it's not possible to use
   // device DMToken for user policy fetches.
   CloudPolicyClient(const std::string& machine_id,
                     const std::string& machine_model,
+                    const std::string& brand_code,
                     DeviceManagementService* service,
                     scoped_refptr<net::URLRequestContextGetter> request_context,
                     SigningService* signing_service,
@@ -264,6 +265,7 @@ class POLICY_EXPORT CloudPolicyClient {
 
   const std::string& machine_id() const { return machine_id_; }
   const std::string& machine_model() const { return machine_model_; }
+  const std::string& brand_code() const { return brand_code_; }
 
   void set_last_policy_timestamp(const base::Time& timestamp) {
     last_policy_timestamp_ = timestamp;
@@ -452,6 +454,7 @@ class POLICY_EXPORT CloudPolicyClient {
   // Data necessary for constructing policy requests.
   const std::string machine_id_;
   const std::string machine_model_;
+  const std::string brand_code_;
   PolicyTypeSet types_to_fetch_;
   std::vector<std::string> state_keys_to_upload_;
 

components/policy/core/common/cloud/cloud_policy_client_unittest.cc

@@ -44,6 +44,7 @@ namespace {
 const char kClientID[] = "fake-client-id";
 const char kMachineID[] = "fake-machine-id";
 const char kMachineModel[] = "fake-machine-model";
+const char kBrandCode[] = "fake-brand-code";
 const char kOAuthToken[] = "fake-oauth-token";
 const char kDMToken[] = "fake-dm-token";
 const char kDeviceDMToken[] = "fake-device-dm-token";
@@ -120,6 +121,7 @@ class CloudPolicyClientTest : public testing::Test {
     register_request->set_type(em::DeviceRegisterRequest::USER);
     register_request->set_machine_id(kMachineID);
     register_request->set_machine_model(kMachineModel);
+    register_request->set_brand_code(kBrandCode);
     register_request->set_lifetime(
         em::DeviceRegisterRequest::LIFETIME_INDEFINITE);
     register_request->set_flavor(
@@ -134,6 +136,7 @@ class CloudPolicyClientTest : public testing::Test {
     request->set_type(em::DeviceRegisterRequest::DEVICE);
     request->set_machine_id(kMachineID);
     request->set_machine_model(kMachineModel);
+    request->set_brand_code(kBrandCode);
     request->set_lifetime(em::DeviceRegisterRequest::LIFETIME_INDEFINITE);
     request->set_flavor(
         em::DeviceRegisterRequest::FLAVOR_ENROLLMENT_ATTESTATION);
@@ -263,7 +266,7 @@ class CloudPolicyClientTest : public testing::Test {
     request_context_ =
         new net::TestURLRequestContextGetter(loop_.task_runner());
     client_ = std::make_unique<CloudPolicyClient>(
-        kMachineID, kMachineModel, &service_, request_context_,
+        kMachineID, kMachineModel, kBrandCode, &service_, request_context_,
         &fake_signing_service_,
         base::BindRepeating(
             &MockDeviceDMTokenCallbackObserver::OnDeviceDMTokenRequested,

components/policy/core/common/cloud/mock_cloud_policy_client.cc

@@ -14,10 +14,11 @@ namespace em = enterprise_management;
 namespace policy {
 
 MockCloudPolicyClient::MockCloudPolicyClient()
-    : CloudPolicyClient(std::string(), /* machine_id */
-                        std::string(), /* machine_model */
-                        nullptr,       /* service */
-                        nullptr,       /* request_context */
+    : CloudPolicyClient(std::string() /* machine_id */,
+                        std::string() /* machine_model */,
+                        std::string() /* brand_code */,
+                        nullptr /* service */,
+                        nullptr /* request_context */,
                         nullptr /* signing_service */,
                         CloudPolicyClient::DeviceDMTokenCallback()) {}
 

components/policy/core/common/cloud/user_cloud_policy_manager.cc

@@ -86,7 +86,8 @@ UserCloudPolicyManager::CreateCloudPolicyClient(
     scoped_refptr<net::URLRequestContextGetter> request_context) {
   return std::make_unique<CloudPolicyClient>(
       std::string() /* machine_id */, std::string() /* machine_model */,
-      device_management_service, request_context, nullptr /* signing_service */,
+      std::string() /* brand_code */, device_management_service,
+      request_context, nullptr /* signing_service */,
       CloudPolicyClient::DeviceDMTokenCallback());
 }
 

components/policy/core/common/remote_commands/remote_commands_service_unittest.cc

@@ -83,10 +83,11 @@ class TestingCloudPolicyClientForRemoteCommands : public CloudPolicyClient {
  public:
   explicit TestingCloudPolicyClientForRemoteCommands(
       TestingRemoteCommandsServer* server)
-      : CloudPolicyClient(std::string(), /* machine_id */
-                          std::string(), /* machine_model */
-                          nullptr,       /* service */
-                          nullptr,       /* request_context */
+      : CloudPolicyClient(std::string() /* machine_id */,
+                          std::string() /* machine_model */,
+                          std::string() /* brand_code */,
+                          nullptr /* service */,
+                          nullptr /* request_context */,
                           nullptr /* signing_service */,
                           CloudPolicyClient::DeviceDMTokenCallback()),
         server_(server) {

components/policy/proto/device_management_backend.proto

@@ -141,6 +141,9 @@ message DeviceRegisterRequest {
 
   // Indicates the expected lifetime of registration.
   optional Lifetime lifetime = 11 [default = LIFETIME_INDEFINITE];
+
+  // The 4-character brand code of the device.
+  optional string brand_code = 12;
 }
 
 // Response from server to device register request.