Turn off future-timestamp cloud policy checks on desktop

chrome/browser/policy/cloud/cloud_policy_validator.h

Index: chrome/browser/policy/cloud/cloud_policy_validator.h
diff --git a/chrome/browser/policy/cloud/cloud_policy_validator.h b/chrome/browser/policy/cloud/cloud_policy_validator.h
index d53a0c6f91327664d10a157818a61085a7a542e0..2635e4a29ac90241ba66ecae5cc3670aaffe20ff 100644
--- a/chrome/browser/policy/cloud/cloud_policy_validator.h
+++ b/chrome/browser/policy/cloud/cloud_policy_validator.h
@@ -79,9 +79,16 @@ class CloudPolicyValidatorBase {
   };
 
   enum ValidateTimestampOption {
-    // The policy must have a timestamp field.
+    // The policy must have a timestamp field and it should be checked against
+    // both the start and end times.
     TIMESTAMP_REQUIRED,
 
+    // The timestamp should only be compared vs the |not_before| value (this
+    // is appropriate for platforms with unreliable system times, where we want
+    // to ensure that fresh policy is newer than existing policy, but we can't
+    // do any other validation).
+    TIMESTAMP_NOT_BEFORE,
+
     // No timestamp field is required.
     TIMESTAMP_NOT_REQUIRED,
   };
@@ -102,11 +109,11 @@ class CloudPolicyValidatorBase {
   }
 
   // Instructs the validator to check that the policy timestamp is not before
-  // |not_before| and not after |now| + grace interval. If
+  // |not_before| and not after |not_after| + grace interval. If
   // |timestamp_option| is set to TIMESTAMP_REQUIRED, then the policy will fail
   // validation if it does not have a timestamp field.
   void ValidateTimestamp(base::Time not_before,
-                         base::Time now,
+                         base::Time not_after,
                          ValidateTimestampOption timestamp_option);
 
   // Validates the username in the policy blob matches |expected_user|.