Use client-side defaults when a safe VariationsSeeds is corrupt.
In the status quo code, if Chrome should run in variations safe mode
and a safe seed cannot be loaded, then Chrome applies the most recent
seed. However, this is not ideal. If the most recent seed is
associated with crashes or failed seed fetches (and this is the case if
Chrome is attempting to load a safe seed), then the most recent seed
should not be applied.
This change makes Chrome fall back to client-side defaults instead of
the most recent seed when Chrome cannot load a safe seed due to
corruption or an invalid signature. Note that Chrome will continue to
apply the most recent seed if the safe seed is empty.
The change also revives some safe-seed-related histograms.
Bug: 1216953
Change-Id: I0ab7127a266ca2ec8b7746afed9520f414752875
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2943558
Commit-Queue: Caitlin Fischer <[email protected]>
Reviewed-by: Steven Holte <[email protected]>
Cr-Commit-Position: refs/heads/master@{#896756}
diff --git a/components/variations/variations_seed_store.h b/components/variations/variations_seed_store.h
index 62b55da06..12ecffd 100644
--- a/components/variations/variations_seed_store.h
+++ b/components/variations/variations_seed_store.h
@@ -74,17 +74,21 @@
bool is_gzip_compressed,
VariationsSeed* parsed_seed) WARN_UNUSED_RESULT;
- // Loads the safe variations seed data from local state into |seed| and
- // updates any relevant fields in |client_state| and stores the
- // |seed_fetch_time|. Returns true iff the safe seed was read successfully
+ // Loads the safe variations seed data from local state into |seed|, updates
+ // any relevant fields in |client_state| and sets the |seed_fetch_time|.
+ // Returns LoadSeedResult::SUCCESS iff the safe seed was read successfully
// from prefs. If the safe seed could not be loaded, it is guaranteed that no
- // fields in |client_state| are modified.
- // Side-effect: Upon any failure to read or validate the safe seed, clears all
- // of the safe seed pref values. This occurs iff the method returns false.
+ // fields in |client_state| are modified and that |seed_fetch_time| is not
+ // set.
+ //
+ // Side effect: Upon failing to read or validate the safe seed, clears all
+ // of the safe seed pref values.
+ //
// Virtual for testing.
- virtual bool LoadSafeSeed(VariationsSeed* seed,
- ClientFilterableState* client_state,
- base::Time* seed_fetch_time) WARN_UNUSED_RESULT;
+ virtual LoadSeedResult LoadSafeSeed(VariationsSeed* seed,
+ ClientFilterableState* client_state,
+ base::Time* seed_fetch_time)
+ WARN_UNUSED_RESULT;
// Stores the given |seed_data| (a serialized protobuf) to local state as a
// safe seed, along with a base64-encoded digital signature for seed and any
