1 files changed, 78 insertions, 0 deletions

diff --git a/chromium/components/policy/core/common/cloud/user_cloud_policy_store_base.cc b/chromium/components/policy/core/common/cloud/user_cloud_policy_store_base.cc
new file mode 100644
index 00000000000..16e9c72d899
--- /dev/null
+++ b/chromium/components/policy/core/common/cloud/user_cloud_policy_store_base.cc
@@ -0,0 +1,78 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "components/policy/core/common/cloud/user_cloud_policy_store_base.h"
+
+#include <utility>
+
+#include "base/task/sequenced_task_runner.h"
+#include "build/chromeos_buildflags.h"
+#include "components/policy/core/common/cloud/cloud_external_data_manager.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
+#include "components/policy/core/common/policy_map.h"
+#include "components/policy/core/common/policy_proto_decoders.h"
+#include "components/policy/proto/cloud_policy.pb.h"
+#include "components/policy/proto/device_management_backend.pb.h"
+
+namespace policy {
+
+UserCloudPolicyStoreBase::UserCloudPolicyStoreBase(
+    scoped_refptr<base::SequencedTaskRunner> background_task_runner,
+    PolicyScope policy_scope)
+    : background_task_runner_(background_task_runner),
+      policy_scope_(policy_scope) {}
+
+UserCloudPolicyStoreBase::~UserCloudPolicyStoreBase() {}
+
+std::unique_ptr<UserCloudPolicyValidator>
+UserCloudPolicyStoreBase::CreateValidator(
+    std::unique_ptr<enterprise_management::PolicyFetchResponse>
+        policy_fetch_response,
+    CloudPolicyValidatorBase::ValidateTimestampOption timestamp_option) {
+  // Configure the validator.
+  auto validator = std::make_unique<UserCloudPolicyValidator>(
+      std::move(policy_fetch_response), background_task_runner_);
+  validator->ValidatePolicyType(dm_protocol::kChromeUserPolicyType);
+  validator->ValidateAgainstCurrentPolicy(
+      policy(), timestamp_option, CloudPolicyValidatorBase::DM_TOKEN_REQUIRED,
+      CloudPolicyValidatorBase::DEVICE_ID_REQUIRED);
+  validator->ValidatePayload();
+  return validator;
+}
+
+void UserCloudPolicyStoreBase::InstallPolicy(
+    std::unique_ptr<enterprise_management::PolicyFetchResponse>
+        policy_fetch_response,
+    std::unique_ptr<enterprise_management::PolicyData> policy_data,
+    std::unique_ptr<enterprise_management::CloudPolicySettings> payload,
+    const std::string& policy_signature_public_key) {
+  // Decode the payload.
+  policy_map_.Clear();
+#if BUILDFLAG(IS_CHROMEOS_LACROS)
+  // From the policies that Lacros fetched from the cloud, it should only
+  // respect the ones with per_profile=True. Session-wide policies
+  // (per_profile=False) are be provided by ash and installed by
+  // PolicyLoaderLacros.
+  PolicyPerProfileFilter filter = PolicyPerProfileFilter::kTrue;
+#else
+  PolicyPerProfileFilter filter = PolicyPerProfileFilter::kAny;
+#endif
+  DecodeProtoFields(*payload, external_data_manager(), POLICY_SOURCE_CLOUD,
+                    policy_scope_, &policy_map_, filter);
+
+  if (policy_data->user_affiliation_ids_size() > 0) {
+    policy_map_.SetUserAffiliationIds(
+        {policy_data->user_affiliation_ids().begin(),
+         policy_data->user_affiliation_ids().end()});
+  }
+  if (policy_data->device_affiliation_ids_size() > 0) {
+    policy_map_.SetDeviceAffiliationIds(
+        {policy_data->device_affiliation_ids().begin(),
+         policy_data->device_affiliation_ids().end()});
+  }
+  SetPolicy(std::move(policy_fetch_response), std::move(policy_data));
+  policy_signature_public_key_ = policy_signature_public_key;
+}
+
+}  // namespace policy