Make sure the browser starts in the right mode if Cryptohome is not ready on start up.

The KioskModeSettings class will observe the device mode and make sure to
restart the session if the mode changes from UNKNOWN to KIOSK.

BUG=chromium-os:28586
TEST=Enroll in kiosk mode and reboot. Even if the device goes into normal mode first it should restart and change to kiosk almost immediately.

Review URL: https://chromiumcodereview.appspot.com/9982002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130724 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 58 insertions, 53 deletions

diff --git a/chrome/browser/policy/app_pack_updater.cc b/chrome/browser/policy/app_pack_updater.cc
index 63900de..2de085d 100644
--- a/chrome/browser/policy/app_pack_updater.cc
+++ b/chrome/browser/policy/app_pack_updater.cc
@@ -86,7 +86,8 @@ AppPackUpdater::AppPackUpdater(net::URLRequestContextGetter* request_context,
     BrowserThread::PostTask(BrowserThread::UI, FROM_HERE,
                             base::Bind(&AppPackUpdater::Init,
                                        weak_ptr_factory_.GetWeakPtr()));
-  } else if (connector->GetDeviceMode() == DEVICE_MODE_UNKNOWN &&
+  } else if ((connector->GetDeviceMode() == DEVICE_MODE_NOT_SET ||
+              connector->GetDeviceMode() == DEVICE_MODE_PENDING) &&
              connector->device_cloud_policy_subsystem()) {
     // Not enrolled yet, listen for enrollment.
     policy_registrar_.reset(new CloudPolicySubsystem::ObserverRegistrar(
diff --git a/chrome/browser/policy/browser_policy_connector.cc b/chrome/browser/policy/browser_policy_connector.cc
index de17f0d..905d810 100644
--- a/chrome/browser/policy/browser_policy_connector.cc
+++ b/chrome/browser/policy/browser_policy_connector.cc
@@ -251,7 +251,7 @@ DeviceMode BrowserPolicyConnector::GetDeviceMode() {
   if (install_attributes_.get())
     return install_attributes_->GetMode();
   else
-    return DEVICE_MODE_UNKNOWN;
+    return DEVICE_MODE_NOT_SET;
 #endif
 
   // We only have the notion of "enterprise" device on ChromeOS for now.
diff --git a/chrome/browser/policy/cloud_policy_constants.h b/chrome/browser/policy/cloud_policy_constants.h
index 9ab0b2b..fca7cf8 100644
--- a/chrome/browser/policy/cloud_policy_constants.h
+++ b/chrome/browser/policy/cloud_policy_constants.h
@@ -83,7 +83,8 @@ enum DeviceManagementStatus {
 
 // List of modes that the device can be locked into.
 enum DeviceMode {
-  DEVICE_MODE_UNKNOWN,     // The device is not yet enrolled or owned.
+  DEVICE_MODE_PENDING,     // The device mode is not yet available.
+  DEVICE_MODE_NOT_SET,     // The device is not yet enrolled or owned.
   DEVICE_MODE_CONSUMER,    // The device is locally owned as consumer device.
   DEVICE_MODE_ENTERPRISE,  // The device is enrolled as an enterprise device.
   DEVICE_MODE_KIOSK,       // The device is enrolled as kiosk/retail device.
diff --git a/chrome/browser/policy/cloud_policy_data_store.cc b/chrome/browser/policy/cloud_policy_data_store.cc
index 75fb83db..65ab531 100644
--- a/chrome/browser/policy/cloud_policy_data_store.cc
+++ b/chrome/browser/policy/cloud_policy_data_store.cc
@@ -34,7 +34,7 @@ CloudPolicyDataStore::CloudPolicyDataStore(
       policy_type_(policy_type),
       known_machine_id_(false),
       token_cache_loaded_(false),
-      device_mode_(DEVICE_MODE_UNKNOWN) {}
+      device_mode_(DEVICE_MODE_PENDING) {}
 
 void CloudPolicyDataStore::SetDeviceToken(const std::string& device_token,
                                           bool from_cache) {
diff --git a/chrome/browser/policy/device_token_fetcher.cc b/chrome/browser/policy/device_token_fetcher.cc
index 64eb204..09df87c 100644
--- a/chrome/browser/policy/device_token_fetcher.cc
+++ b/chrome/browser/policy/device_token_fetcher.cc
@@ -84,7 +84,7 @@ DeviceMode TranslateProtobufDeviceMode(
       return DEVICE_MODE_KIOSK;
   }
   LOG(ERROR) << "Unknown enrollment mode in registration response: " << mode;
-  return  DEVICE_MODE_UNKNOWN;
+  return  DEVICE_MODE_PENDING;
 }
 
 }  // namespace
@@ -211,7 +211,7 @@ void DeviceTokenFetcher::OnTokenFetchCompleted(
             mode = TranslateProtobufDeviceMode(
                 register_response.enrollment_type());
           }
-          if (mode == DEVICE_MODE_UNKNOWN) {
+          if (mode == DEVICE_MODE_PENDING) {
             LOG(ERROR) << "Enrollment mode missing or unknown!";
             SetState(STATE_BAD_ENROLLMENT_MODE);
             return;
diff --git a/chrome/browser/policy/device_token_fetcher_unittest.cc b/chrome/browser/policy/device_token_fetcher_unittest.cc
index 656185d..0ba417a 100644
--- a/chrome/browser/policy/device_token_fetcher_unittest.cc
+++ b/chrome/browser/policy/device_token_fetcher_unittest.cc
@@ -114,14 +114,14 @@ TEST_F(DeviceTokenFetcherTest, FetchToken) {
                              &notifier_);
   EXPECT_CALL(observer_, OnDeviceTokenChanged());
   EXPECT_EQ("", data_store_->device_token());
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN, data_store_->device_mode());
+  EXPECT_EQ(DEVICE_MODE_PENDING, data_store_->device_mode());
   FetchToken(&fetcher, data_store_.get());
   loop_.RunAllPending();
   Mock::VerifyAndClearExpectations(&observer_);
   std::string token = data_store_->device_token();
   EXPECT_NE("", token);
   // User policy registration should not set enrollment mode.
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN, data_store_->device_mode());
+  EXPECT_EQ(DEVICE_MODE_PENDING, data_store_->device_mode());
 
   // Calling FetchToken() again should result in a new token being fetched.
   successful_registration_response_.mutable_register_response()->
@@ -146,7 +146,7 @@ TEST_F(DeviceTokenFetcherTest, FetchDeviceToken) {
   DeviceTokenFetcher fetcher(&service_, cache_.get(), data_store.get(),
                              &notifier_);
   EXPECT_EQ("", data_store->device_token());
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN, data_store->device_mode());
+  EXPECT_EQ(DEVICE_MODE_PENDING, data_store->device_mode());
   FetchToken(&fetcher, data_store.get());
   loop_.RunAllPending();
   EXPECT_NE("", data_store->device_token());
@@ -164,7 +164,7 @@ TEST_F(DeviceTokenFetcherTest, FetchDeviceTokenMissingMode) {
   DeviceTokenFetcher fetcher(&service_, cache_.get(), data_store.get(),
                              &notifier_);
   EXPECT_EQ("", data_store->device_token());
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN, data_store->device_mode());
+  EXPECT_EQ(DEVICE_MODE_PENDING, data_store->device_mode());
   successful_registration_response_.mutable_register_response()->
       clear_enrollment_type();
   FetchToken(&fetcher, data_store.get());
diff --git a/chrome/browser/policy/enterprise_install_attributes.cc b/chrome/browser/policy/enterprise_install_attributes.cc
index 0cc7e87..bb6f9f2 100644
--- a/chrome/browser/policy/enterprise_install_attributes.cc
+++ b/chrome/browser/policy/enterprise_install_attributes.cc
@@ -42,7 +42,8 @@ std::string GetDeviceModeString(DeviceMode mode) {
       return kEnterpiseDeviceMode;
     case DEVICE_MODE_KIOSK:
       return kKioskDeviceMode;
-    case DEVICE_MODE_UNKNOWN:
+    case DEVICE_MODE_PENDING:
+    case DEVICE_MODE_NOT_SET:
       break;
   }
   NOTREACHED() << "Invalid device mode: " << mode;
@@ -59,7 +60,7 @@ DeviceMode GetDeviceModeFromString(
   else if (mode == kKioskDeviceMode)
     return DEVICE_MODE_KIOSK;
   NOTREACHED() << "Unknown device mode string: " << mode;
-  return DEVICE_MODE_UNKNOWN;
+  return DEVICE_MODE_NOT_SET;
 }
 
 }  // namespace
@@ -68,13 +69,14 @@ EnterpriseInstallAttributes::EnterpriseInstallAttributes(
     chromeos::CryptohomeLibrary* cryptohome)
     : cryptohome_(cryptohome),
       device_locked_(false),
-      registration_mode_(DEVICE_MODE_UNKNOWN) {}
+      registration_mode_(DEVICE_MODE_PENDING) {}
 
 EnterpriseInstallAttributes::LockResult EnterpriseInstallAttributes::LockDevice(
     const std::string& user,
     DeviceMode device_mode,
     const std::string& device_id) {
-  CHECK_NE(device_mode, DEVICE_MODE_UNKNOWN);
+  CHECK_NE(device_mode, DEVICE_MODE_PENDING);
+  CHECK_NE(device_mode, DEVICE_MODE_NOT_SET);
 
   // Check for existing lock first.
   if (device_locked_) {
@@ -161,43 +163,44 @@ void EnterpriseInstallAttributes::ReadImmutableAttributes() {
   if (device_locked_)
     return;
 
-  if (cryptohome_ &&
-      cryptohome_->InstallAttributesIsReady() &&
-      !cryptohome_->InstallAttributesIsInvalid() &&
-      !cryptohome_->InstallAttributesIsFirstInstall()) {
-    device_locked_ = true;
-    std::string enterprise_owned;
-    std::string enterprise_user;
-    if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned,
-                                          &enterprise_owned) &&
-        cryptohome_->InstallAttributesGet(kAttrEnterpriseUser,
-                                          &enterprise_user) &&
-        enterprise_owned == "true" &&
-        !enterprise_user.empty()) {
-      registration_user_ = enterprise_user;
-
-      // Initialize the mode to the legacy enterprise mode here and update below
-      // if more information is present.
-      registration_mode_ = DEVICE_MODE_ENTERPRISE;
-
-      // If we could extract basic setting we should try to extract the extended
-      // ones too. We try to set these to defaults as good as possible if not
-      // present, which could happen for device enrolled in pre-R19 revisions of
-      // the code, before these new attributes were added.
-      if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDomain,
-                                             &registration_domain_)) {
-        registration_domain_ = ExtractDomainName(registration_user_);
+  if (cryptohome_ && cryptohome_->InstallAttributesIsReady()) {
+    registration_mode_ = DEVICE_MODE_NOT_SET;
+    if (!cryptohome_->InstallAttributesIsInvalid() &&
+        !cryptohome_->InstallAttributesIsFirstInstall()) {
+      device_locked_ = true;
+      std::string enterprise_owned;
+      std::string enterprise_user;
+      if (cryptohome_->InstallAttributesGet(kAttrEnterpriseOwned,
+                                            &enterprise_owned) &&
+          cryptohome_->InstallAttributesGet(kAttrEnterpriseUser,
+                                            &enterprise_user) &&
+          enterprise_owned == "true" &&
+          !enterprise_user.empty()) {
+        registration_user_ = enterprise_user;
+
+        // Initialize the mode to the legacy enterprise mode here and update
+        // below if more information is present.
+        registration_mode_ = DEVICE_MODE_ENTERPRISE;
+
+        // If we could extract basic setting we should try to extract the
+        // extended ones too. We try to set these to defaults as good as
+        // as possible if present, which could happen for device enrolled in
+        // pre 19 revisions of the code, before these new attributes were added.
+        if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDomain,
+                                               &registration_domain_)) {
+          registration_domain_ = ExtractDomainName(registration_user_);
+        }
+        if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDeviceId,
+                                               &registration_device_id_)) {
+          registration_device_id_.clear();
+        }
+        std::string mode;
+        if (cryptohome_->InstallAttributesGet(kAttrEnterpriseMode, &mode))
+          registration_mode_ = GetDeviceModeFromString(mode);
+      } else if (enterprise_user.empty() && enterprise_owned != "true") {
+        // |registration_user_| is empty on consumer devices.
+        registration_mode_ = DEVICE_MODE_CONSUMER;
       }
-      if (!cryptohome_->InstallAttributesGet(kAttrEnterpriseDeviceId,
-                                             &registration_device_id_)) {
-        registration_device_id_.clear();
-      }
-      std::string mode;
-      if (cryptohome_->InstallAttributesGet(kAttrEnterpriseMode, &mode))
-        registration_mode_ = GetDeviceModeFromString(mode);
-    } else if (enterprise_user.empty() && enterprise_owned != "true") {
-      // |registration_user_| is empty on consumer devices.
-      registration_mode_ = DEVICE_MODE_CONSUMER;
     }
   }
 }
diff --git a/chrome/browser/policy/enterprise_install_attributes_unittest.cc b/chrome/browser/policy/enterprise_install_attributes_unittest.cc
index 6c54ac4..a8494a7 100644
--- a/chrome/browser/policy/enterprise_install_attributes_unittest.cc
+++ b/chrome/browser/policy/enterprise_install_attributes_unittest.cc
@@ -87,7 +87,7 @@ TEST_F(EnterpriseInstallAttributesTest, GetDeviceId) {
 }
 
 TEST_F(EnterpriseInstallAttributesTest, GetMode) {
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN,
+  EXPECT_EQ(DEVICE_MODE_NOT_SET,
             install_attributes_.GetMode());
   ASSERT_EQ(EnterpriseInstallAttributes::LOCK_SUCCESS,
             install_attributes_.LockDevice(
@@ -99,7 +99,7 @@ TEST_F(EnterpriseInstallAttributesTest, GetMode) {
 }
 
 TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) {
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN,
+  EXPECT_EQ(DEVICE_MODE_NOT_SET,
             install_attributes_.GetMode());
   // Lock the attributes empty.
   ASSERT_TRUE(cryptohome_->InstallAttributesFinalize());
@@ -109,7 +109,7 @@ TEST_F(EnterpriseInstallAttributesTest, ConsumerDevice) {
 }
 
 TEST_F(EnterpriseInstallAttributesTest, DeviceLockedFromOlderVersion) {
-  EXPECT_EQ(DEVICE_MODE_UNKNOWN,
+  EXPECT_EQ(DEVICE_MODE_NOT_SET,
             install_attributes_.GetMode());
   // Lock the attributes as if it was done from older Chrome version.
   ASSERT_TRUE(cryptohome_->InstallAttributesSet(kAttrEnterpriseOwned, "true"));