Added policy manager to virtual
BUG=b/73012579
TEST=Presubmit test
RELEASE_NOTE=None
Change-Id: Ic3bcde47fa22d039444ef078df5a732af01a1306
Reviewed-on: https://cos-review.googlesource.com/c/cos/overlays/board-overlays/+/21430
Reviewed-by: Rayan Dasoriya <dasoriya@google.com>
Tested-by: Rayan Dasoriya <dasoriya@google.com>
diff --git a/project-lakitu/profiles/base/package.accept_keywords b/project-lakitu/profiles/base/package.accept_keywords
new file mode 100644
index 0000000..c620459
--- /dev/null
+++ b/project-lakitu/profiles/base/package.accept_keywords
@@ -0,0 +1 @@
+sys-apps/policymanager
diff --git a/project-lakitu/sys-apps/policymanager/files/device_policy_manager.service b/project-lakitu/sys-apps/policymanager/files/device_policy_manager.service
new file mode 100644
index 0000000..d7358ae
--- /dev/null
+++ b/project-lakitu/sys-apps/policymanager/files/device_policy_manager.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=COS Device Policy Service
+Requires=init-device-policy.service
+After=init-device-policy.service
+
+[Service]
+EnvironmentFile=-/etc/default/device_policy_manager
+ExecStart=/usr/sbin/device_policy_manager $GLOBAL_ARGS monitor $MONITOR_ARGS
+LimitNOFILE=20
+LimitNPROC=5
+Restart=on-failure
+RestartSec=5
+Slice=system-sysdaemons.slice
+
+[Install]
+WantedBy=multi-user.target
diff --git a/project-lakitu/sys-apps/policymanager/files/init-device-policy.service b/project-lakitu/sys-apps/policymanager/files/init-device-policy.service
new file mode 100644
index 0000000..fb7cf3b
--- /dev/null
+++ b/project-lakitu/sys-apps/policymanager/files/init-device-policy.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=Initialize device policy
+Requires=network-online.target
+After=network-online.target
+Before=update-engine.service metrics-daemon.service crash-reporter.service
+
+[Service]
+Type=oneshot
+EnvironmentFile=-/etc/default/device_policy_manager
+ExecStart=/usr/sbin/device_policy_manager $GLOBAL_ARGS init_device_policy
+LimitNOFILE=20
+LimitNPROC=5
+Slice=system-sysdaemons.slice
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/project-lakitu/sys-apps/policymanager/files/install_attributes.proto b/project-lakitu/sys-apps/policymanager/files/install_attributes.proto
new file mode 100644
index 0000000..a1f0368
--- /dev/null
+++ b/project-lakitu/sys-apps/policymanager/files/install_attributes.proto
@@ -0,0 +1,20 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package cryptohome;
+
+message SerializedInstallAttributes {
+ message Attribute {
+ required string name = 1;
+ required bytes value = 2;
+ }
+ // Specifies the version of the install attributes used to write the file.
+ // Should be incremented when fallback behavior is needed.
+ optional uint32 version = 1 [default = 1];
+ repeated Attribute attributes = 2;
+}
diff --git a/project-lakitu/sys-apps/policymanager/files/install_attributes.textproto b/project-lakitu/sys-apps/policymanager/files/install_attributes.textproto
new file mode 100644
index 0000000..9247e73
--- /dev/null
+++ b/project-lakitu/sys-apps/policymanager/files/install_attributes.textproto
@@ -0,0 +1,4 @@
+attributes {
+ name: "enterprise.mode"
+ value: "enterprise"
+}
diff --git a/project-lakitu/sys-apps/policymanager/files/setup-install-attributes.service b/project-lakitu/sys-apps/policymanager/files/setup-install-attributes.service
new file mode 100644
index 0000000..2d28d6b
--- /dev/null
+++ b/project-lakitu/sys-apps/policymanager/files/setup-install-attributes.service
@@ -0,0 +1,18 @@
+# Copyright 2019 The Chromium OS Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+#
+# Installs a serialized install_attributes.pb protobuf into /run/lockbox.
+# We do this to make ChromeOS services believe that we are enterprise
+# enrolled, which allows users to control in-place update behavior.
+
+[Unit]
+Description=Setup install_attributes.pb
+DefaultDependencies=no
+Before=sysinit.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStartPre=/bin/mkdir -p /run/lockbox
+ExecStart=/bin/cp /usr/share/cloud/install_attributes.pb /run/lockbox/
diff --git a/project-lakitu/sys-apps/policymanager/policymanager-9999.ebuild b/project-lakitu/sys-apps/policymanager/policymanager-9999.ebuild
new file mode 100644
index 0000000..438d2a9
--- /dev/null
+++ b/project-lakitu/sys-apps/policymanager/policymanager-9999.ebuild
@@ -0,0 +1,120 @@
+#
+# Copyright 2021 Google LLC
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# version 2 as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+
+EAPI=7
+
+inherit cros-constants
+
+CROS_WORKON_REPO="https://cos.googlesource.com"
+CROS_WORKON_PROJECT="cos/policymanager"
+CROS_WORKON_LOCALNAME="policymanager"
+CROS_WORKON_DESTDIR="${S}"
+
+inherit cros-workon cros-go systemd
+
+DESCRIPTION="Policy Manager Client for managing Lakitu updates"
+LICENSE="Apache-2.0"
+SLOT="0"
+
+KEYWORDS="~*"
+
+IUSE="stackdriver_alpha"
+RDEPEND="chromeos-base/update_engine
+ !chromeos-base/chromeos-login"
+DEPEND="${RDEPEND}
+ dev-go/dbus
+ dev-go/glog
+ dev-go/mock
+ dev-go/net
+ dev-go/oauth2
+ dev-go/protobuf"
+
+src_compile() {
+ ebegin "Building Policy Manager ${CROS_WORKON_COMMIT}"
+
+ # Enables/disables IUSE controlled feature flags.
+ BUILDTAGS=()
+ if use stackdriver_alpha; then
+ BUILDTAGS+=("stackdriver_alpha")
+ fi
+ if [ ${#BUILDTAGS[@]} -ne 0 ]; then
+ BUILD_FLAGS=("-tags" "${BUILDTAGS[@]}")
+ fi
+
+ # Compile protobuf definitions.
+ pushd ${CROS_WORKON_DESTDIR}/src
+ ./gen_proto.sh
+ popd
+
+ cros_go build -v -o device_policy_manager "${BUILD_FLAGS[@]}" "policy_manager"
+
+ # Compile install_attributes proto for "enterprise enrollment"
+ protoc -I "${FILESDIR}" \
+ --encode=cryptohome.SerializedInstallAttributes \
+ "${FILESDIR}/install_attributes.proto" \
+ < "${FILESDIR}/install_attributes.textproto" \
+ > install_attributes.pb
+
+ eend ${?}
+}
+
+# Unit tests for Policy Manager.
+# The tests are run as part of the build process.
+src_test() {
+ ebegin "Running Policy Manager unit tests"
+
+ # Enables/disables IUSE controlled feature flags.
+ BUILDTAGS=()
+ if use stackdriver_alpha; then
+ BUILDTAGS+=("stackdriver_alpha")
+ fi
+ if [ ${#BUILDTAGS[@]} -ne 0 ]; then
+ BUILD_FLAGS=("-tags" "${BUILDTAGS[@]}")
+ fi
+
+ # Generate interface mocks.
+ pushd ${CROS_WORKON_DESTDIR}/src
+ GOPATH="$(cros-go_gopath)" ./gen_mock.sh
+ popd
+
+ # Recursively test all packages in Policy Manager.
+ cros_go test -v "${BUILD_FLAGS[@]}" policy_manager/...
+
+ if [ $? -ne 0 ]
+ then
+ die "Policy Manager unit tests failed :("
+ fi
+
+ eend ${?}
+}
+
+src_install() {
+ ebegin "Installing Policy Manager"
+
+ dosbin device_policy_manager
+
+ systemd_dounit "${FILESDIR}"/device_policy_manager.service
+ systemd_enable_service multi-user.target device_policy_manager.service
+ systemd_dounit "${FILESDIR}"/init-device-policy.service
+ systemd_enable_service multi-user.target init-device-policy.service
+ systemd_dounit "${FILESDIR}"/setup-install-attributes.service
+ systemd_enable_service sysinit.target setup-install-attributes.service
+
+ insinto /etc/dbus-1/system.d
+ doins src/policy_manager/dbus/SessionManager.conf
+
+ insinto /usr/share/cloud
+ doins install_attributes.pb
+
+ eend ${?}
+}
diff --git a/project-lakitu/virtual/target-gcp/target-gcp-1.5-r2.ebuild b/project-lakitu/virtual/target-gcp/target-gcp-1.5-r3.ebuild
similarity index 100%
rename from project-lakitu/virtual/target-gcp/target-gcp-1.5-r2.ebuild
rename to project-lakitu/virtual/target-gcp/target-gcp-1.5-r3.ebuild
diff --git a/project-lakitu/virtual/target-gcp/target-gcp-1.5.ebuild b/project-lakitu/virtual/target-gcp/target-gcp-1.5.ebuild
index e0c3321..650cdcf 100644
--- a/project-lakitu/virtual/target-gcp/target-gcp-1.5.ebuild
+++ b/project-lakitu/virtual/target-gcp/target-gcp-1.5.ebuild
@@ -27,6 +27,7 @@
app-admin/google-osconfig-agent
app-admin/oslogin
app-emulation/konlet
+ sys-apps/policymanager
"
DEPEND="${RDEPEND}"
