Revert "Drop "enterprise.owned" install attribute support."

This reverts commit ecf7a6f. Reason for revert: Chrome OS side CL (crrev/2043892) not landed yet. Original change's description: > Drop "enterprise.owned" install attribute support. > > |enterprise.owned| == true is the same as > |enterprise.mode| == "enterprise" || > |enterprise.mode| == "enterprise_ad" || > |enterprise.mode| == "demo_mode" from M19: > https://crrev.com/9403010 > > All such old devices (pre-2012) are EOL: > mario(56), alex(58), zgb(58), lumpy(65), stumpy(65), > snow(75), parrot(69), stout(69). > So we effectively can deprecate the field. > > See https://crrev.com/c/2043892 for Chrome OS change. > > TBR=antrim@chromium.org > > Bug: 725918 > Test: Unit tests updated. > Change-Id: I9c07991d09d1016b819015e5b8a3157de5d24e12 > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2043836 > Commit-Queue: Sergey Poromov <poromov@chromium.org> > Reviewed-by: Maksim Ivanov <emaxx@chromium.org> > Reviewed-by: Igor <igorcov@chromium.org> > Cr-Commit-Position: refs/heads/master@{#742162} TBR=antrim@chromium.org,emaxx@chromium.org,igorcov@chromium.org,poromov@chromium.org # Not skipping CQ checks because original CL landed > 1 day ago. Bug: 725918 Change-Id: Idd957178e2170afc59f55cb84086127ee227bf14 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2070164 Reviewed-by: Sergey Poromov <poromov@chromium.org> Commit-Queue: Sergey Poromov <poromov@chromium.org> Cr-Commit-Position: refs/heads/master@{#744065}
marcosholgado · Feb 24, 2020 · e290261 · e290261
1 parent 1928380
commit e290261
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 22 deletions.
diff --git a/chrome/browser/chromeos/login/test/device_state_mixin.cc b/chrome/browser/chromeos/login/test/device_state_mixin.cc
@@ -44,6 +44,8 @@ cryptohome::SerializedInstallAttributes BuildInstallAttributes(
   install_attrs_["enterprise.domain"] = domain;
   install_attrs_["enterprise.realm"] = realm;
   install_attrs_["enterprise.device_id"] = device_id;
+  if (!mode.empty())
+    install_attrs_["enterprise.owned"] = "true";
 
   cryptohome::SerializedInstallAttributes install_attrs;
   install_attrs.set_version(1);

diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc b/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc
@@ -121,6 +121,7 @@ class DeviceCloudPolicyStoreChromeOSTest
   void ResetToNonEnterprise() {
     store_->RemoveObserver(&observer_);
     store_.reset();
+    chromeos::tpm_util::InstallAttributesSet("enterprise.owned", std::string());
     install_attributes_.reset(
         new chromeos::InstallAttributes(chromeos::FakeCryptohomeClient::Get()));
     store_.reset(new DeviceCloudPolicyStoreChromeOS(

diff --git a/chromeos/tpm/install_attributes.cc b/chromeos/tpm/install_attributes.cc
@@ -191,9 +191,10 @@ void InstallAttributes::ReadAttributesIfReady(base::OnceClosure callback,
       device_locked_ = true;
 
       static const char* const kEnterpriseAttributes[] = {
-          kAttrEnterpriseDeviceId, kAttrEnterpriseDomain,
-          kAttrEnterpriseRealm,    kAttrEnterpriseMode,
-          kAttrEnterpriseUser,     kAttrConsumerKioskEnabled,
+          kAttrEnterpriseDeviceId,   kAttrEnterpriseDomain,
+          kAttrEnterpriseRealm,      kAttrEnterpriseMode,
+          kAttrEnterpriseOwned,      kAttrEnterpriseUser,
+          kAttrConsumerKioskEnabled,
       };
       std::map<std::string, std::string> attr_map;
       for (size_t i = 0; i < base::size(kEnterpriseAttributes); ++i) {
@@ -319,12 +320,16 @@ void InstallAttributes::LockDeviceIfAttributesIsReady(
   }
 
   // Set values in the InstallAttrs.
-  std::string kiosk_enabled;
-  if (device_mode == policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH)
+  std::string kiosk_enabled, enterprise_owned;
+  if (device_mode == policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH) {
     kiosk_enabled = "true";
+  } else {
+    enterprise_owned = "true";
+  }
   std::string mode = GetDeviceModeString(device_mode);
   if (!tpm_util::InstallAttributesSet(kAttrConsumerKioskEnabled,
                                       kiosk_enabled) ||
+      !tpm_util::InstallAttributesSet(kAttrEnterpriseOwned, enterprise_owned) ||
       !tpm_util::InstallAttributesSet(kAttrEnterpriseMode, mode) ||
       !tpm_util::InstallAttributesSet(kAttrEnterpriseDomain, domain) ||
       !tpm_util::InstallAttributesSet(kAttrEnterpriseRealm, realm) ||
@@ -456,6 +461,7 @@ const char InstallAttributes::kAttrEnterpriseDeviceId[] =
 const char InstallAttributes::kAttrEnterpriseDomain[] = "enterprise.domain";
 const char InstallAttributes::kAttrEnterpriseRealm[] = "enterprise.realm";
 const char InstallAttributes::kAttrEnterpriseMode[] = "enterprise.mode";
+const char InstallAttributes::kAttrEnterpriseOwned[] = "enterprise.owned";
 const char InstallAttributes::kAttrEnterpriseUser[] = "enterprise.user";
 const char InstallAttributes::kAttrConsumerKioskEnabled[] =
     "consumer.app_kiosk_enabled";
@@ -506,10 +512,7 @@ policy::DeviceMode InstallAttributes::GetDeviceModeFromString(
     return policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH;
   if (mode == InstallAttributes::kDemoDeviceMode)
     return policy::DEVICE_MODE_DEMO;
-  if (mode.empty())
-    return policy::DEVICE_MODE_NOT_SET;
-  NOTREACHED() << "Invalid device mode: " << mode;
-  return policy::DEVICE_MODE_ENTERPRISE;
+  return policy::DEVICE_MODE_NOT_SET;
 }
 
 void InstallAttributes::DecodeInstallAttributes(
@@ -520,6 +523,8 @@ void InstallAttributes::DecodeInstallAttributes(
   registration_realm_.clear();
   registration_device_id_.clear();
 
+  const std::string enterprise_owned =
+      ReadMapKey(attr_map, kAttrEnterpriseOwned);
   const std::string consumer_kiosk_enabled =
       ReadMapKey(attr_map, kAttrConsumerKioskEnabled);
   const std::string mode = ReadMapKey(attr_map, kAttrEnterpriseMode);
@@ -528,14 +533,21 @@ void InstallAttributes::DecodeInstallAttributes(
   const std::string device_id = ReadMapKey(attr_map, kAttrEnterpriseDeviceId);
   const std::string user_deprecated = ReadMapKey(attr_map, kAttrEnterpriseUser);
 
-  registration_mode_ = GetDeviceModeFromString(mode);
-
-  if (registration_mode_ == policy::DEVICE_MODE_ENTERPRISE ||
-      registration_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD ||
-      registration_mode_ == policy::DEVICE_MODE_DEMO) {
+  if (enterprise_owned == "true") {
     WarnIfNonempty(attr_map, kAttrConsumerKioskEnabled);
     registration_device_id_ = device_id;
 
+    // Set registration_mode_.
+    registration_mode_ = GetDeviceModeFromString(mode);
+    if (registration_mode_ != policy::DEVICE_MODE_ENTERPRISE &&
+        registration_mode_ != policy::DEVICE_MODE_ENTERPRISE_AD &&
+        registration_mode_ != policy::DEVICE_MODE_DEMO) {
+      if (!mode.empty()) {
+        LOG(WARNING) << "Bad " << kAttrEnterpriseMode << ": " << mode;
+      }
+      registration_mode_ = policy::DEVICE_MODE_ENTERPRISE;
+    }
+
     if (registration_mode_ == policy::DEVICE_MODE_ENTERPRISE ||
         registration_mode_ == policy::DEVICE_MODE_DEMO) {
       // Either set registration_domain_ ...
@@ -562,6 +574,7 @@ void InstallAttributes::DecodeInstallAttributes(
     return;
   }
 
+  WarnIfNonempty(attr_map, kAttrEnterpriseOwned);
   WarnIfNonempty(attr_map, kAttrEnterpriseDomain);
   WarnIfNonempty(attr_map, kAttrEnterpriseRealm);
   WarnIfNonempty(attr_map, kAttrEnterpriseDeviceId);

diff --git a/chromeos/tpm/install_attributes_unittest.cc b/chromeos/tpm/install_attributes_unittest.cc
@@ -264,9 +264,8 @@ TEST_F(InstallAttributesTest, DeviceLockedFromOlderVersion) {
   install_attributes_->Init(GetTempPath());
   EXPECT_EQ(policy::DEVICE_MODE_PENDING, install_attributes_->GetMode());
   // Lock the attributes as if it was done from older Chrome version.
-  ASSERT_TRUE(
-      tpm_util::InstallAttributesSet(InstallAttributes::kAttrEnterpriseMode,
-                                     InstallAttributes::kEnterpriseDeviceMode));
+  ASSERT_TRUE(tpm_util::InstallAttributesSet(
+      InstallAttributes::kAttrEnterpriseOwned, "true"));
   ASSERT_TRUE(tpm_util::InstallAttributesSet(
       InstallAttributes::kAttrEnterpriseUser, kTestUserDeprecated));
   ASSERT_TRUE(tpm_util::InstallAttributesFinalize());
@@ -283,8 +282,8 @@ TEST_F(InstallAttributesTest, DeviceLockedFromOlderVersion) {
 
 TEST_F(InstallAttributesTest, Init) {
   cryptohome::SerializedInstallAttributes install_attrs_proto;
-  SetAttribute(&install_attrs_proto, InstallAttributes::kAttrEnterpriseMode,
-               InstallAttributes::kEnterpriseDeviceMode);
+  SetAttribute(&install_attrs_proto, InstallAttributes::kAttrEnterpriseOwned,
+               "true");
   SetAttribute(&install_attrs_proto, InstallAttributes::kAttrEnterpriseUser,
                kTestUserDeprecated);
   const std::string blob(install_attrs_proto.SerializeAsString());
@@ -321,9 +320,8 @@ TEST_F(InstallAttributesTest, VerifyFakeInstallAttributesCache) {
   EXPECT_EQ(policy::DEVICE_MODE_PENDING, install_attributes_->GetMode());
 
   // Write test values.
-  ASSERT_TRUE(
-      tpm_util::InstallAttributesSet(InstallAttributes::kAttrEnterpriseMode,
-                                     InstallAttributes::kEnterpriseDeviceMode));
+  ASSERT_TRUE(tpm_util::InstallAttributesSet(
+      InstallAttributes::kAttrEnterpriseOwned, "true"));
   ASSERT_TRUE(tpm_util::InstallAttributesSet(
       InstallAttributes::kAttrEnterpriseUser, kTestUserDeprecated));
   ASSERT_TRUE(tpm_util::InstallAttributesFinalize());