diff --git a/chrome/browser/chromeos/login/test/device_state_mixin.cc b/chrome/browser/chromeos/login/test/device_state_mixin.cc index 19d2907765b4f2..a29630a8d54a42 100644 --- a/chrome/browser/chromeos/login/test/device_state_mixin.cc +++ b/chrome/browser/chromeos/login/test/device_state_mixin.cc @@ -44,6 +44,8 @@ cryptohome::SerializedInstallAttributes BuildInstallAttributes( install_attrs_["enterprise.domain"] = domain; install_attrs_["enterprise.realm"] = realm; install_attrs_["enterprise.device_id"] = device_id; + if (!mode.empty()) + install_attrs_["enterprise.owned"] = "true"; cryptohome::SerializedInstallAttributes install_attrs; install_attrs.set_version(1); diff --git a/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc b/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc index 7488fffa4fc782..0b1e964073d449 100644 --- a/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc +++ b/chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos_unittest.cc @@ -121,6 +121,7 @@ class DeviceCloudPolicyStoreChromeOSTest void ResetToNonEnterprise() { store_->RemoveObserver(&observer_); store_.reset(); + chromeos::tpm_util::InstallAttributesSet("enterprise.owned", std::string()); install_attributes_.reset( new chromeos::InstallAttributes(chromeos::FakeCryptohomeClient::Get())); store_.reset(new DeviceCloudPolicyStoreChromeOS( diff --git a/chromeos/tpm/install_attributes.cc b/chromeos/tpm/install_attributes.cc index 4378542847ffc5..8e11c27e14fd50 100644 --- a/chromeos/tpm/install_attributes.cc +++ b/chromeos/tpm/install_attributes.cc @@ -191,9 +191,10 @@ void InstallAttributes::ReadAttributesIfReady(base::OnceClosure callback, device_locked_ = true; static const char* const kEnterpriseAttributes[] = { - kAttrEnterpriseDeviceId, kAttrEnterpriseDomain, - kAttrEnterpriseRealm, kAttrEnterpriseMode, - kAttrEnterpriseUser, kAttrConsumerKioskEnabled, + kAttrEnterpriseDeviceId, kAttrEnterpriseDomain, + kAttrEnterpriseRealm, kAttrEnterpriseMode, + kAttrEnterpriseOwned, kAttrEnterpriseUser, + kAttrConsumerKioskEnabled, }; std::map attr_map; for (size_t i = 0; i < base::size(kEnterpriseAttributes); ++i) { @@ -319,12 +320,16 @@ void InstallAttributes::LockDeviceIfAttributesIsReady( } // Set values in the InstallAttrs. - std::string kiosk_enabled; - if (device_mode == policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH) + std::string kiosk_enabled, enterprise_owned; + if (device_mode == policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH) { kiosk_enabled = "true"; + } else { + enterprise_owned = "true"; + } std::string mode = GetDeviceModeString(device_mode); if (!tpm_util::InstallAttributesSet(kAttrConsumerKioskEnabled, kiosk_enabled) || + !tpm_util::InstallAttributesSet(kAttrEnterpriseOwned, enterprise_owned) || !tpm_util::InstallAttributesSet(kAttrEnterpriseMode, mode) || !tpm_util::InstallAttributesSet(kAttrEnterpriseDomain, domain) || !tpm_util::InstallAttributesSet(kAttrEnterpriseRealm, realm) || @@ -456,6 +461,7 @@ const char InstallAttributes::kAttrEnterpriseDeviceId[] = const char InstallAttributes::kAttrEnterpriseDomain[] = "enterprise.domain"; const char InstallAttributes::kAttrEnterpriseRealm[] = "enterprise.realm"; const char InstallAttributes::kAttrEnterpriseMode[] = "enterprise.mode"; +const char InstallAttributes::kAttrEnterpriseOwned[] = "enterprise.owned"; const char InstallAttributes::kAttrEnterpriseUser[] = "enterprise.user"; const char InstallAttributes::kAttrConsumerKioskEnabled[] = "consumer.app_kiosk_enabled"; @@ -506,10 +512,7 @@ policy::DeviceMode InstallAttributes::GetDeviceModeFromString( return policy::DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH; if (mode == InstallAttributes::kDemoDeviceMode) return policy::DEVICE_MODE_DEMO; - if (mode.empty()) - return policy::DEVICE_MODE_NOT_SET; - NOTREACHED() << "Invalid device mode: " << mode; - return policy::DEVICE_MODE_ENTERPRISE; + return policy::DEVICE_MODE_NOT_SET; } void InstallAttributes::DecodeInstallAttributes( @@ -520,6 +523,8 @@ void InstallAttributes::DecodeInstallAttributes( registration_realm_.clear(); registration_device_id_.clear(); + const std::string enterprise_owned = + ReadMapKey(attr_map, kAttrEnterpriseOwned); const std::string consumer_kiosk_enabled = ReadMapKey(attr_map, kAttrConsumerKioskEnabled); const std::string mode = ReadMapKey(attr_map, kAttrEnterpriseMode); @@ -528,14 +533,21 @@ void InstallAttributes::DecodeInstallAttributes( const std::string device_id = ReadMapKey(attr_map, kAttrEnterpriseDeviceId); const std::string user_deprecated = ReadMapKey(attr_map, kAttrEnterpriseUser); - registration_mode_ = GetDeviceModeFromString(mode); - - if (registration_mode_ == policy::DEVICE_MODE_ENTERPRISE || - registration_mode_ == policy::DEVICE_MODE_ENTERPRISE_AD || - registration_mode_ == policy::DEVICE_MODE_DEMO) { + if (enterprise_owned == "true") { WarnIfNonempty(attr_map, kAttrConsumerKioskEnabled); registration_device_id_ = device_id; + // Set registration_mode_. + registration_mode_ = GetDeviceModeFromString(mode); + if (registration_mode_ != policy::DEVICE_MODE_ENTERPRISE && + registration_mode_ != policy::DEVICE_MODE_ENTERPRISE_AD && + registration_mode_ != policy::DEVICE_MODE_DEMO) { + if (!mode.empty()) { + LOG(WARNING) << "Bad " << kAttrEnterpriseMode << ": " << mode; + } + registration_mode_ = policy::DEVICE_MODE_ENTERPRISE; + } + if (registration_mode_ == policy::DEVICE_MODE_ENTERPRISE || registration_mode_ == policy::DEVICE_MODE_DEMO) { // Either set registration_domain_ ... @@ -562,6 +574,7 @@ void InstallAttributes::DecodeInstallAttributes( return; } + WarnIfNonempty(attr_map, kAttrEnterpriseOwned); WarnIfNonempty(attr_map, kAttrEnterpriseDomain); WarnIfNonempty(attr_map, kAttrEnterpriseRealm); WarnIfNonempty(attr_map, kAttrEnterpriseDeviceId); diff --git a/chromeos/tpm/install_attributes_unittest.cc b/chromeos/tpm/install_attributes_unittest.cc index 26527239c714a0..86819bf8a292c3 100644 --- a/chromeos/tpm/install_attributes_unittest.cc +++ b/chromeos/tpm/install_attributes_unittest.cc @@ -264,9 +264,8 @@ TEST_F(InstallAttributesTest, DeviceLockedFromOlderVersion) { install_attributes_->Init(GetTempPath()); EXPECT_EQ(policy::DEVICE_MODE_PENDING, install_attributes_->GetMode()); // Lock the attributes as if it was done from older Chrome version. - ASSERT_TRUE( - tpm_util::InstallAttributesSet(InstallAttributes::kAttrEnterpriseMode, - InstallAttributes::kEnterpriseDeviceMode)); + ASSERT_TRUE(tpm_util::InstallAttributesSet( + InstallAttributes::kAttrEnterpriseOwned, "true")); ASSERT_TRUE(tpm_util::InstallAttributesSet( InstallAttributes::kAttrEnterpriseUser, kTestUserDeprecated)); ASSERT_TRUE(tpm_util::InstallAttributesFinalize()); @@ -283,8 +282,8 @@ TEST_F(InstallAttributesTest, DeviceLockedFromOlderVersion) { TEST_F(InstallAttributesTest, Init) { cryptohome::SerializedInstallAttributes install_attrs_proto; - SetAttribute(&install_attrs_proto, InstallAttributes::kAttrEnterpriseMode, - InstallAttributes::kEnterpriseDeviceMode); + SetAttribute(&install_attrs_proto, InstallAttributes::kAttrEnterpriseOwned, + "true"); SetAttribute(&install_attrs_proto, InstallAttributes::kAttrEnterpriseUser, kTestUserDeprecated); const std::string blob(install_attrs_proto.SerializeAsString()); @@ -321,9 +320,8 @@ TEST_F(InstallAttributesTest, VerifyFakeInstallAttributesCache) { EXPECT_EQ(policy::DEVICE_MODE_PENDING, install_attributes_->GetMode()); // Write test values. - ASSERT_TRUE( - tpm_util::InstallAttributesSet(InstallAttributes::kAttrEnterpriseMode, - InstallAttributes::kEnterpriseDeviceMode)); + ASSERT_TRUE(tpm_util::InstallAttributesSet( + InstallAttributes::kAttrEnterpriseOwned, "true")); ASSERT_TRUE(tpm_util::InstallAttributesSet( InstallAttributes::kAttrEnterpriseUser, kTestUserDeprecated)); ASSERT_TRUE(tpm_util::InstallAttributesFinalize());