commit b988bd788fc188c83074d177874e1623a7ab8903
author Miriam Polzer <mpolzer@google.com> Tue Aug 10 10:45:38 2021 +0200
committer Commit Bot <commit-bot@chromium.org> Wed Aug 18 17:18:25 2021 +0000
tree b961783591ed194ae3a751deaad38182999625e0
parent ac3bd11bad832061fbb8fb988fe757509f0a4238

login: Rename /var/lib/whitelist

Replace /var/lib/whitelist with /var/lib/devicesettings. Currently,
/var/lib/devicesettings is just a bind mount pointing to
/var/lib/whitelist. That means any saved policy/owner key still ends up
in /var/lib/whitelist and it can be read from both folders. This is to
make migration easier.

Once all code is updated to only use /var/lib/devicesettings, we will
remove the bind mount and move content to devicesettings to finish the
migration.

BUG=b:187793661
TEST=1) FEATURES=test emerge-volteer chromeos-base/chromeos-login
     2) Deploy on device, enroll and visit chrome://policy.

Change-Id: I03bac2fc95e2c3fa488fab9d5a19d44209c27ac4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/3084881
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>
Reviewed-by: Igor <igorcov@chromium.org>
Commit-Queue: Miriam Polzer <mpolzer@google.com>
Tested-by: Miriam Polzer <mpolzer@google.com>

login_manager/chrome_setup.cc

diff --git a/login_manager/chrome_setup.cc b/login_manager/chrome_setup.cc
index ae5e9bd..455c1c5 100644
--- a/login_manager/chrome_setup.cc
+++ b/login_manager/chrome_setup.cc
@@ -349,6 +349,8 @@
   // content of known files inside the directory. The policy-readers group is
   // composed of the chronos user and other daemon accessing the device policies
   // but not anything else.
+  // TODO(b/187793661) Change to /var/lib/devicesettings once it's a folder
+  // and not a bind mount anymore.
   gid_t policy_readers_gid;
   CHECK(brillo::userdb::GetGroupInfo("policy-readers", &policy_readers_gid));
   CHECK(EnsureDirectoryExists(base::FilePath("/var/lib/whitelist"), kRootUid,

login_manager/device_policy_service.cc

diff --git a/login_manager/device_policy_service.cc b/login_manager/device_policy_service.cc
index 5a9975e..79ebdcf 100644
--- a/login_manager/device_policy_service.cc
+++ b/login_manager/device_policy_service.cc
@@ -81,7 +81,7 @@
 // files. Any change in format or location of those files that is not backwards
 // compatible might break rollback.
 // static
-const char DevicePolicyService::kPolicyDir[] = "/var/lib/whitelist";
+const char DevicePolicyService::kPolicyDir[] = "/var/lib/devicesettings";
 // static
 const char DevicePolicyService::kDevicePolicyType[] = "google/chromeos/device";
 // static

login_manager/nss_util.cc

diff --git a/login_manager/nss_util.cc b/login_manager/nss_util.cc
index e262c45..5672bde 100644
--- a/login_manager/nss_util.cc
+++ b/login_manager/nss_util.cc
@@ -41,7 +41,7 @@
 namespace {
 // This should match the same constant in Chrome tree:
 // chromeos/dbus/constants/dbus_paths.cc
-const char kOwnerKeyFile[] = "/var/lib/whitelist/owner.key";
+const char kOwnerKeyFile[] = "/var/lib/devicesettings/owner.key";
 
 // TODO(hidehiko): Move this to scoped_nss_types.h.
 struct CERTSubjectPublicKeyInfoDeleter {