Why do you need a new interface? The existing interfaces take a PolicyFetchResponse. Can't you just continue using this, but just not include the signature fields?

I need to lock it down to be only accessible by authpolicyd.  Is there a better way to do it?  Also I figured that making it as explicit as possible would reduce the risk of accidental misuse.

Good point about access control, I had missed that in my original reply. Adding a separate interface seems the best way then. Please make sure that the session_manager code paths not only rely on the separate interface, but also bail out if the install attributes aren't indicating enterprisead mode.

> Please make sure that the session_manager code paths not only rely on the
> separate interface, but also bail out if the install attributes aren't 
> indicating enterprisead mode.

Absolutely.  Waiting for libinstallattributes is the only reason I didn't work on this earlier.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bcaed0241304da08b99a318240edc60fc40ca6fc

commit bcaed0241304da08b99a318240edc60fc40ca6fc
Author: Thiemo Nagel <tnagel@chromium.org>
Date: Fri Nov 04 13:47:15 2016

login: Add D-Bus methods to store unsigned policy.

Only accessible by authpolicy user and locked down in install attributes
to enterprise_ad device mode.

BUG= chromium:660721 
TEST=added unittests

Change-Id: I6e78406e41298b0a9f4018299fee14a052da6ead
Reviewed-on: https://chromium-review.googlesource.com/397318
Commit-Ready: Thiemo Nagel <tnagel@chromium.org>
Tested-by: Thiemo Nagel <tnagel@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/login_manager.gyp
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.cc
[add] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_install_attributes_reader.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/SessionManager.conf
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_bindings/org.chromium.SessionManagerInterface.xml
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_local_account_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/bcaed0241304da08b99a318240edc60fc40ca6fc

commit bcaed0241304da08b99a318240edc60fc40ca6fc
Author: Thiemo Nagel <tnagel@chromium.org>
Date: Fri Nov 04 13:47:15 2016

login: Add D-Bus methods to store unsigned policy.

Only accessible by authpolicy user and locked down in install attributes
to enterprise_ad device mode.

BUG= chromium:660721 
TEST=added unittests

Change-Id: I6e78406e41298b0a9f4018299fee14a052da6ead
Reviewed-on: https://chromium-review.googlesource.com/397318
Commit-Ready: Thiemo Nagel <tnagel@chromium.org>
Tested-by: Thiemo Nagel <tnagel@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/login_manager.gyp
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_error_types.cc
[add] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/mock_install_attributes_reader.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/SessionManager.conf
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.h
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service_unittest.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/dbus_bindings/org.chromium.SessionManagerInterface.xml
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/device_local_account_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_impl.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/user_policy_service.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_dbus_adaptor.cc
[modify] https://crrev.com/bcaed0241304da08b99a318240edc60fc40ca6fc/login_manager/session_manager_service.cc

bulk Verify of older or not-user-facing Chromad bugs