ARC Policy - HackMD

# ARC Policy Taking a look at ARC policy handling codes. To grasp the big picture, let's walk through the related codes randomly. ## Bridge [ArcPolicyBridge](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/policy/arc_policy_bridge.h;l=55;drc=8f57934dc9dd175acdc5fc56e2e6b7c3cb8e3b95) bridges the policy settings between Chromium and ARC side. It implements [PolicyHost](https://source.chromium.org/chromium/chromium/src/+/main:ash/components/arc/mojom/policy.mojom;l=64;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7) mojo interface. For example [GetPolicy](https://source.chromium.org/chromium/chromium/src/+/main:ash/components/arc/mojom/policy.mojom;l=68;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7) mojo API is used to access the policy from ChromeOS. When ARC certificats has been installed, it calls [OnArcCertsInstalled](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/enterprise/cert_store/cert_store_service.cc;l=617;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7) to update the policy on ArcPolicyBridge side via [OnPolicyUpdated](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/policy/arc_policy_bridge.cc;l=630;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7). The policy update will be set to ChromeOS side by [OnPolicyUpdated](https://source.chromium.org/chromium/chromium/src/+/main:ash/components/arc/mojom/policy.mojom;l=91;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7) mojo API. ## Cert Store [CertStoreService](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/enterprise/cert_store/cert_store_service.h;l=29;drc=8f57934dc9dd175acdc5fc56e2e6b7c3cb8e3b95) is for ARC apps to access the corporate usage keys. This is made as KeyedService singleton. [ArcCertInstaller](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/enterprise/cert_store/arc_cert_installer.h;l=61;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7) manages the ARC certificates and keeps track of the certificates. [InstallArcCerts](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/enterprise/cert_store/arc_cert_installer.cc;l=67;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7) kicks the installation of the certificate and accumulates the map of certificates. ## Testing on ARC [ash/components/arc/test](https://source.chromium.org/chromium/chromium/src/+/main:ash/components/arc/test/) contains fake instances of ARC which can be testable only inside Chromium. [FakePolicyInstance](https://source.chromium.org/chromium/chromium/src/+/main:ash/components/arc/test/fake_policy_instance.h;l=16;drc=3a215d1e60a3b32928a50d00ea07ae52ea491a16) is the example of such instance. It inherits mojo::PolicyInstance and implements the fake APIs. You can creates the object in each test like [`policy_instance_`](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/arc/policy/arc_policy_bridge_unittest.cc;l=258;drc=70cf6fbc2b4cc83b1571ef4e7f55a725924054c7).