[Merge 102]Ensure sensitive policy filtering works without having to …

…refresh policies (cherry picked from commit 6ec825f) Bug: 1316052 Change-Id: I929a5d9e5caa1eeb0fcf3bcc3445ffa829527d66 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3587029 Auto-Submit: Yann Dago <ydago@chromium.org> Reviewed-by: Owen Min <zmin@chromium.org> Commit-Queue: Yann Dago <ydago@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#995892} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3611464 Commit-Queue: Owen Min <zmin@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/5005@{#208} Cr-Branched-From: 5b4d945-refs/heads/main@{#992738}
chromium · Apr 27, 2022 · 11e1b23 · 11e1b23
1 parent 623874b
commit 11e1b23
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 3 deletions.
diff --git a/components/policy/core/common/async_policy_loader.cc b/components/policy/core/common/async_policy_loader.cc
@@ -104,9 +104,9 @@ void AsyncPolicyLoader::Reload(bool force) {
 
 bool AsyncPolicyLoader::ShouldFilterSensitivePolicies() {
 #if BUILDFLAG(IS_WIN)
-  DCHECK(management_service_);
-  return platform_management_trustworthiness_.value_or(
-             ManagementAuthorityTrustworthiness::NONE) <
+  DCHECK(platform_management_trustworthiness_);
+
+  return *platform_management_trustworthiness_ <
          ManagementAuthorityTrustworthiness::TRUSTED;
 #else
   return false;
@@ -127,7 +127,13 @@ std::unique_ptr<PolicyBundle> AsyncPolicyLoader::InitialLoad(
   // installing the watches can be detected.
   last_modification_time_ = LastModificationTime();
   schema_map_ = schema_map;
+  if (management_service_) {
+    DCHECK_EQ(management_service_, PlatformManagementService::GetInstance());
+    platform_management_trustworthiness_ =
+        management_service_->GetManagementAuthorityTrustworthiness();
+  }
   std::unique_ptr<PolicyBundle> bundle(Load());
+  platform_management_trustworthiness_.reset();
   // Filter out mismatching policies.
   schema_map_->FilterBundle(bundle.get(),
                             /*drop_invalid_component_policies=*/true);

diff --git a/components/policy/core/common/async_policy_loader.h b/components/policy/core/common/async_policy_loader.h
@@ -101,6 +101,8 @@ class POLICY_EXPORT AsyncPolicyLoader {
   typedef base::RepeatingCallback<void(std::unique_ptr<PolicyBundle>)>
       UpdateCallback;
 
+  void ReloadInternal(bool force);
+
   // Used by the AsyncPolicyProvider to install the |update_callback_|.
   // Invoked on the background thread.
   void Init(scoped_refptr<base::SequencedTaskRunner> ui_thread_task_runner,