Change PolicyLoaderWin to load PReg files if possible.

chrome/browser/policy/policy_loader_win_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/policy/policy_loader_win.h"
 
+#include <userenv.h>
 #include <windows.h>
 
+#include <cstring>
+
+#include "base/file_util.h"
+#include "base/files/file_path.h"
 #include "base/json/json_writer.h"
+#include "base/path_service.h"
 #include "base/process.h"
 #include "base/string16.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/utf_string_conversions.h"
 #include "base/win/registry.h"
 #include "chrome/browser/policy/async_policy_provider.h"
 #include "chrome/browser/policy/configuration_policy_provider_test.h"
 #include "chrome/browser/policy/policy_bundle.h"
 #include "chrome/browser/policy/policy_map.h"
+#include "chrome/common/chrome_paths.h"
 #include "chrome/common/json_schema/json_schema_constants.h"
 #include "policy/policy_constants.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace schema = json_schema_constants;
 
 using base::win::RegKey;
-using namespace policy::registry_constants;
 
 namespace policy {
 
 namespace {
 
+// Constants for registry key names.
+const wchar_t kPathSep[] = L"\\";
+const wchar_t kThirdParty[] = L"3rdparty";
+const wchar_t kMandatory[] = L"policy";
+const wchar_t kRecommended[] = L"recommended";
+const wchar_t kSchema[] = L"schema";
+
 // Installs |value| in the given registry |path| and |hive|, under the key
 // |name|. Returns false on errors.
 // Some of the possible Value types are stored after a conversion (e.g. doubles
 // are stored as strings), and can only be retrieved if a corresponding schema
 // is written.
 bool InstallValue(const base::Value& value,
                   HKEY hive,
                   const string16& path,
                   const string16& name) {
   // KEY_ALL_ACCESS causes the ctor to create the key if it does not exist yet.
@@ skipping 168 matching lines @@
   std::wstring key_name_;
 
   // Keys are created for the lifetime of a test to contain
   // the sandboxed HKCU and HKLM hives, respectively.
   RegKey temp_hkcu_hive_key_;
   RegKey temp_hklm_hive_key_;
 
   DISALLOW_COPY_AND_ASSIGN(ScopedGroupPolicyRegistrySandbox);
 };
 
-class TestHarness : public PolicyProviderTestHarness {
+class TestHarness : public PolicyProviderTestHarness,
+                    public AppliedGPOListProvider {
  public:
   explicit TestHarness(HKEY hive, PolicyScope scope);
   virtual ~TestHarness();
 
   virtual void SetUp() OVERRIDE;
 
+  // PolicyProviderTestHarness:
   virtual ConfigurationPolicyProvider* CreateProvider(
       const PolicyDefinitionList* policy_definition_list) OVERRIDE;
 
   virtual void InstallEmptyPolicy() OVERRIDE;
   virtual void InstallStringPolicy(const std::string& policy_name,
                                    const std::string& policy_value) OVERRIDE;
   virtual void InstallIntegerPolicy(const std::string& policy_name,
                                     int policy_value) OVERRIDE;
   virtual void InstallBooleanPolicy(const std::string& policy_name,
                                     bool policy_value) OVERRIDE;
   virtual void InstallStringListPolicy(
       const std::string& policy_name,
       const base::ListValue* policy_value) OVERRIDE;
   virtual void InstallDictionaryPolicy(
       const std::string& policy_name,
       const base::DictionaryValue* policy_value) OVERRIDE;
   virtual void Install3rdPartyPolicy(
       const base::DictionaryValue* policies) OVERRIDE;
 
+  // AppliedGPOListProvider:
+  virtual DWORD GetAppliedGPOList(DWORD flags,
+                                  LPCTSTR machine_name,
+                                  PSID sid_user,
+                                  GUID* extension_guid,
+                                  PGROUP_POLICY_OBJECT* gpo_list) OVERRIDE;
+  virtual BOOL FreeGPOList(PGROUP_POLICY_OBJECT gpo_list) OVERRIDE;
+
   // Creates a harness instance that will install policy in HKCU or HKLM,
   // respectively.
   static PolicyProviderTestHarness* CreateHKCU();
   static PolicyProviderTestHarness* CreateHKLM();
 
  private:
   HKEY hive_;
 
   ScopedGroupPolicyRegistrySandbox registry_sandbox_;
 
@@ skipping 45 matching lines @@
   key.DeleteKey(L"");
 }
 
 TestHarness::TestHarness(HKEY hive, PolicyScope scope)
     : PolicyProviderTestHarness(POLICY_LEVEL_MANDATORY, scope), hive_(hive) {}
 
 TestHarness::~TestHarness() {}
 
 void TestHarness::SetUp() {}
 
+DWORD TestHarness::GetAppliedGPOList(DWORD flags,
+                                     LPCTSTR machine_name,
+                                     PSID sid_user,
+                                     GUID* extension_guid,
+                                     PGROUP_POLICY_OBJECT* gpo_list) {
+  *gpo_list = NULL;
+  return ERROR_ACCESS_DENIED;
+}
+
+BOOL TestHarness::FreeGPOList(PGROUP_POLICY_OBJECT gpo_list) {
+  return TRUE;
+}
+
 ConfigurationPolicyProvider* TestHarness::CreateProvider(
     const PolicyDefinitionList* policy_list) {
-  scoped_ptr<AsyncPolicyLoader> loader(new PolicyLoaderWin(policy_list));
+  scoped_ptr<AsyncPolicyLoader> loader(
+      new PolicyLoaderWin(policy_list, kRegistryChromePolicyKey, this));
   return new AsyncPolicyProvider(loader.Pass());
 }
 
 void TestHarness::InstallEmptyPolicy() {}
 
 void TestHarness::InstallStringPolicy(const std::string& policy_name,
                                       const std::string& policy_value) {
-  RegKey key(hive_, kRegistryMandatorySubKey, KEY_ALL_ACCESS);
+  RegKey key(hive_, kRegistryChromePolicyKey, KEY_ALL_ACCESS);
   ASSERT_TRUE(key.Valid());
   ASSERT_HRESULT_SUCCEEDED(key.WriteValue(UTF8ToUTF16(policy_name).c_str(),
                                           UTF8ToUTF16(policy_value).c_str()));
 }
 
 void TestHarness::InstallIntegerPolicy(const std::string& policy_name,
                                        int policy_value) {
-  RegKey key(hive_, kRegistryMandatorySubKey, KEY_ALL_ACCESS);
+  RegKey key(hive_, kRegistryChromePolicyKey, KEY_ALL_ACCESS);
   ASSERT_TRUE(key.Valid());
   key.WriteValue(UTF8ToUTF16(policy_name).c_str(),
                  static_cast<DWORD>(policy_value));
 }
 
 void TestHarness::InstallBooleanPolicy(const std::string& policy_name,
                                        bool policy_value) {
-  RegKey key(hive_, kRegistryMandatorySubKey, KEY_ALL_ACCESS);
+  RegKey key(hive_, kRegistryChromePolicyKey, KEY_ALL_ACCESS);
   ASSERT_TRUE(key.Valid());
   key.WriteValue(UTF8ToUTF16(policy_name).c_str(),
                  static_cast<DWORD>(policy_value));
 }
 
 void TestHarness::InstallStringListPolicy(const std::string& policy_name,
                                           const base::ListValue* policy_value) {
   RegKey key(hive_,
-             (string16(kRegistryMandatorySubKey) + ASCIIToUTF16("\\") +
+             (string16(kRegistryChromePolicyKey) + ASCIIToUTF16("\\") +
               UTF8ToUTF16(policy_name)).c_str(),
              KEY_ALL_ACCESS);
   ASSERT_TRUE(key.Valid());
   int index = 1;
   for (base::ListValue::const_iterator element(policy_value->begin());
        element != policy_value->end();
        ++element) {
     std::string element_value;
     if (!(*element)->GetAsString(&element_value))
       continue;
     std::string name(base::IntToString(index++));
     key.WriteValue(UTF8ToUTF16(name).c_str(),
                    UTF8ToUTF16(element_value).c_str());
   }
 }
 
 void TestHarness::InstallDictionaryPolicy(
     const std::string& policy_name,
     const base::DictionaryValue* policy_value) {
   std::string json;
   base::JSONWriter::Write(policy_value, &json);
-  RegKey key(hive_, kRegistryMandatorySubKey, KEY_ALL_ACCESS);
+  RegKey key(hive_, kRegistryChromePolicyKey, KEY_ALL_ACCESS);
   ASSERT_TRUE(key.Valid());
   key.WriteValue(UTF8ToUTF16(policy_name).c_str(),
                  UTF8ToUTF16(json).c_str());
 }
 
 void TestHarness::Install3rdPartyPolicy(const base::DictionaryValue* policies) {
   // The first level entries are domains, and the second level entries map
   // components to their policy.
-  const string16 kPathPrefix = string16(kRegistryMandatorySubKey) + kPathSep +
+  const string16 kPathPrefix = string16(kRegistryChromePolicyKey) + kPathSep +
                                kThirdParty + kPathSep;
   for (base::DictionaryValue::Iterator domain(*policies);
        !domain.IsAtEnd(); domain.Advance()) {
     const base::DictionaryValue* components = NULL;
     if (!domain.value().GetAsDictionary(&components)) {
       ADD_FAILURE();
       continue;
     }
     for (base::DictionaryValue::Iterator component(*components);
          !component.IsAtEnd(); component.Advance()) {
-      const string16 path = string16(kRegistryMandatorySubKey) + kPathSep +
+      const string16 path = string16(kRegistryChromePolicyKey) + kPathSep +
                             kThirdParty + kPathSep +
                             UTF8ToUTF16(domain.key()) + kPathSep +
                             UTF8ToUTF16(component.key());
       InstallValue(component.value(), hive_, path, kMandatory);
       EXPECT_TRUE(InstallSchema(component.value(), hive_, path, kSchema));
     }
   }
 }
 
 // static
@@ skipping 14 matching lines @@
     ConfigurationPolicyProviderTest,
     testing::Values(TestHarness::CreateHKCU, TestHarness::CreateHKLM));
 
 // Instantiate abstract test case for 3rd party policy reading tests.
 INSTANTIATE_TEST_CASE_P(
     ThirdPartyPolicyProviderWinTest,
     Configuration3rdPartyPolicyProviderTest,
     testing::Values(TestHarness::CreateHKCU, TestHarness::CreateHKLM));
 
 // Test cases for windows policy provider specific functionality.
-class PolicyLoaderWinTest : public PolicyTestBase {
+class PolicyLoaderWinTest : public PolicyTestBase,
+                            public AppliedGPOListProvider {
  protected:
-  PolicyLoaderWinTest() {}
+  // The policy key this tests places data under. This must match the data
+  // files in chrome/test/data/policy/gpo.
+  static const char16 kTestPolicyKey[];
+
+  PolicyLoaderWinTest()
+      : gpo_list_(NULL),
+        gpo_list_status_(ERROR_ACCESS_DENIED) {}
   virtual ~PolicyLoaderWinTest() {}
 
+  virtual void SetUp() OVERRIDE {
+    ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir_));
+    test_data_dir_ = test_data_dir_.AppendASCII("policy").AppendASCII("gpo");
+  }
+
+  // AppliedGPOListProvider:
+  virtual DWORD GetAppliedGPOList(DWORD flags,
+                                  LPCTSTR machine_name,
+                                  PSID sid_user,
+                                  GUID* extension_guid,
+                                  PGROUP_POLICY_OBJECT* gpo_list) OVERRIDE {
+    *gpo_list = gpo_list_;
+    return gpo_list_status_;
+  }
+  virtual BOOL FreeGPOList(PGROUP_POLICY_OBJECT gpo_list) OVERRIDE {
+    return TRUE;
+  }
+
+  void InitGPO(GROUP_POLICY_OBJECT* gpo,
+               DWORD options,
+               const base::FilePath& path,
+               GROUP_POLICY_OBJECT* next,
+               GROUP_POLICY_OBJECT* prev) {
+    memset(gpo, 0, sizeof(GROUP_POLICY_OBJECT));
+    gpo->dwOptions = options;
+    gpo->lpFileSysPath = const_cast<wchar_t*>(path.value().c_str());
+    gpo->pNext = next;
+    gpo->pPrev = prev;
+  }
+
   bool Matches(const PolicyBundle& expected) {
-    PolicyLoaderWin loader(&test_policy_definitions::kList);
+    PolicyLoaderWin loader(&test_policy_definitions::kList, kTestPolicyKey,
+                           this);
     scoped_ptr<PolicyBundle> loaded(loader.Load());
     return loaded->Equals(expected);
   }
 
+  void InstallRegistrySentinel() {
+    RegKey hklm_key(HKEY_CURRENT_USER, kTestPolicyKey, KEY_ALL_ACCESS);
+    ASSERT_TRUE(hklm_key.Valid());
+    hklm_key.WriteValue(
+        UTF8ToUTF16(test_policy_definitions::kKeyString).c_str(),
+        UTF8ToUTF16("registry").c_str());
+  }
+
+  bool MatchesRegistrySentinel() {
+    base::DictionaryValue expected_policy;
+    expected_policy.SetString(test_policy_definitions::kKeyString, "registry");
+    PolicyBundle expected;
+    expected.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
+        .LoadFrom(&expected_policy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER);
+    return Matches(expected);
+  }
+
+  bool MatchesTestBundle() {
+    base::DictionaryValue expected_policy;
+    expected_policy.SetBoolean(test_policy_definitions::kKeyBoolean, true);
+    expected_policy.SetString(test_policy_definitions::kKeyString, "GPO");
+    expected_policy.SetInteger(test_policy_definitions::kKeyInteger, 42);
+    scoped_ptr<base::ListValue> list(new base::ListValue());
+    list->AppendString("GPO 1");
+    list->AppendString("GPO 2");
+    expected_policy.Set(test_policy_definitions::kKeyStringList,
+                        list.release());
+    PolicyBundle expected;
+    expected.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
+        .LoadFrom(&expected_policy, POLICY_LEVEL_MANDATORY,
+                  POLICY_SCOPE_MACHINE);
+    return Matches(expected);
+  }
+
   ScopedGroupPolicyRegistrySandbox registry_sandbox_;
+  PGROUP_POLICY_OBJECT gpo_list_;
+  DWORD gpo_list_status_;
+  base::FilePath test_data_dir_;
 };
 
+const char16 PolicyLoaderWinTest::kTestPolicyKey[] =
+    L"SOFTWARE\\Policies\\Chromium";
+
 TEST_F(PolicyLoaderWinTest, HKLMOverHKCU) {
-  RegKey hklm_key(HKEY_LOCAL_MACHINE, kRegistryMandatorySubKey, KEY_ALL_ACCESS);
+  RegKey hklm_key(HKEY_LOCAL_MACHINE, kTestPolicyKey, KEY_ALL_ACCESS);
   ASSERT_TRUE(hklm_key.Valid());
   hklm_key.WriteValue(UTF8ToUTF16(test_policy_definitions::kKeyString).c_str(),
                       UTF8ToUTF16("hklm").c_str());
-  RegKey hkcu_key(HKEY_CURRENT_USER, kRegistryMandatorySubKey, KEY_ALL_ACCESS);
+  RegKey hkcu_key(HKEY_CURRENT_USER, kTestPolicyKey, KEY_ALL_ACCESS);
   ASSERT_TRUE(hkcu_key.Valid());
   hkcu_key.WriteValue(UTF8ToUTF16(test_policy_definitions::kKeyString).c_str(),
                       UTF8ToUTF16("hkcu").c_str());
 
   PolicyBundle expected;
   expected.Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
       .Set(test_policy_definitions::kKeyString,
            POLICY_LEVEL_MANDATORY,
            POLICY_SCOPE_MACHINE,
            base::Value::CreateStringValue("hklm"));
   EXPECT_TRUE(Matches(expected));
 }
 
 TEST_F(PolicyLoaderWinTest, Load3rdPartyWithoutSchema) {
   base::DictionaryValue dict;
   dict.SetString("str", "string value");
   dict.SetInteger("int", 123);
   dict.Set("subdict", dict.DeepCopy());
   dict.Set("subsubdict", dict.DeepCopy());
   dict.Set("subsubsubdict", dict.DeepCopy());
 
   base::DictionaryValue policy_dict;
   policy_dict.Set("extensions.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.policy",
                   dict.DeepCopy());
   policy_dict.Set("extensions.bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb.policy",
                   dict.DeepCopy());
   EXPECT_TRUE(InstallValue(policy_dict, HKEY_LOCAL_MACHINE,
-                           kRegistryMandatorySubKey, kThirdParty));
+                           kTestPolicyKey, kThirdParty));
 
   PolicyBundle expected;
   expected.Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS,
                                "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"))
       .LoadFrom(&dict, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE);
   expected.Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS,
                                "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"))
       .LoadFrom(&dict, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE);
   EXPECT_TRUE(Matches(expected));
 }
 
 TEST_F(PolicyLoaderWinTest, Merge3rdPartyPolicies) {
   // Policy for the same extension will be provided at the 4 level/scope
   // combinations, to verify that they overlap as expected.
 
   const string16 kPathSuffix =
-      kRegistryMandatorySubKey + ASCIIToUTF16("\\3rdparty\\extensions\\merge");
+      kTestPolicyKey + ASCIIToUTF16("\\3rdparty\\extensions\\merge");
 
   const char kUserMandatory[] = "user-mandatory";
   const char kUserRecommended[] = "user-recommended";
   const char kMachineMandatory[] = "machine-mandatory";
   const char kMachineRecommended[] = "machine-recommended";
 
   base::DictionaryValue policy;
   policy.SetString("a", kMachineMandatory);
   EXPECT_TRUE(InstallValue(policy, HKEY_LOCAL_MACHINE,
                            kPathSuffix, kMandatory));
@@ skipping 51 matching lines @@
   ASSERT_FALSE(encoded_list.empty());
   base::DictionaryValue encoded_policy;
   encoded_policy.SetString("null", "");
   encoded_policy.SetString("bool", "1");
   encoded_policy.SetString("int", "-123");
   encoded_policy.SetString("double", "456.78e9");
   encoded_policy.SetString("list", encoded_list);
   encoded_policy.SetString("dict", encoded_dict);
 
   const string16 kPathSuffix =
-      kRegistryMandatorySubKey + ASCIIToUTF16("\\3rdparty\\extensions\\string");
+      kTestPolicyKey + ASCIIToUTF16("\\3rdparty\\extensions\\string");
   EXPECT_TRUE(InstallSchema(policy, HKEY_CURRENT_USER, kPathSuffix, kSchema));
   EXPECT_TRUE(
       InstallValue(encoded_policy, HKEY_CURRENT_USER, kPathSuffix, kMandatory));
 
   PolicyBundle expected;
   expected.Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, "string"))
       .LoadFrom(&policy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER);
   EXPECT_TRUE(Matches(expected));
 }
 
 TEST_F(PolicyLoaderWinTest, LoadIntegerEncodedValues) {
   base::DictionaryValue policy;
   policy.SetBoolean("bool", true);
   policy.SetInteger("int", 123);
   policy.SetDouble("double", 456.0);
 
   base::DictionaryValue encoded_policy;
   encoded_policy.SetInteger("bool", 1);
   encoded_policy.SetInteger("int", 123);
   encoded_policy.SetInteger("double", 456);
 
   const string16 kPathSuffix =
-      kRegistryMandatorySubKey + ASCIIToUTF16("\\3rdparty\\extensions\\int");
+      kTestPolicyKey + ASCIIToUTF16("\\3rdparty\\extensions\\int");
   EXPECT_TRUE(InstallSchema(policy, HKEY_CURRENT_USER, kPathSuffix, kSchema));
   EXPECT_TRUE(
       InstallValue(encoded_policy, HKEY_CURRENT_USER, kPathSuffix, kMandatory));
 
   PolicyBundle expected;
   expected.Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, "int"))
       .LoadFrom(&policy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER);
   EXPECT_TRUE(Matches(expected));
 }
 
 TEST_F(PolicyLoaderWinTest, DefaultPropertySchemaType) {
   // Build a schema for an "object" with a default schema for its properties.
   base::DictionaryValue default_schema;
   default_schema.SetString(schema::kType, "number");
   base::DictionaryValue integer_schema;
   integer_schema.SetString(schema::kType, "integer");
   base::DictionaryValue properties;
   properties.Set("special-int1", integer_schema.DeepCopy());
   properties.Set("special-int2", integer_schema.DeepCopy());
   base::DictionaryValue schema;
   schema.SetString(schema::kType, "object");
   schema.Set(schema::kProperties, properties.DeepCopy());
   schema.Set(schema::kAdditionalProperties, default_schema.DeepCopy());
 
   const string16 kPathSuffix =
-      kRegistryMandatorySubKey + ASCIIToUTF16("\\3rdparty\\extensions\\test");
+      kTestPolicyKey + ASCIIToUTF16("\\3rdparty\\extensions\\test");
   EXPECT_TRUE(WriteSchema(schema, HKEY_CURRENT_USER, kPathSuffix, kSchema));
 
   // Write some test values.
   base::DictionaryValue policy;
   // These special values have a specific schema for them.
   policy.SetInteger("special-int1", 123);
   policy.SetString("special-int2", "-456");
   // Other values default to be loaded as doubles.
   policy.SetInteger("double1", 789.0);
   policy.SetString("double2", "123.456e7");
   policy.SetString("invalid", "omg");
   EXPECT_TRUE(InstallValue(policy, HKEY_CURRENT_USER, kPathSuffix, kMandatory));
 
   base::DictionaryValue expected_policy;
   expected_policy.SetInteger("special-int1", 123);
   expected_policy.SetInteger("special-int2", -456);
   expected_policy.SetDouble("double1", 789.0);
   expected_policy.SetDouble("double2", 123.456e7);
+  expected_policy.Set("invalid", base::Value::CreateNullValue());
   PolicyBundle expected;
   expected.Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, "test"))
       .LoadFrom(&expected_policy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER);
   EXPECT_TRUE(Matches(expected));
 }
 
+TEST_F(PolicyLoaderWinTest, AppliedPolicyNotPresent) {
+  InstallRegistrySentinel();
+  gpo_list_ = NULL;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  PolicyBundle empty;
+  EXPECT_TRUE(Matches(empty));
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyEmpty) {
+  InstallRegistrySentinel();
+  base::FilePath gpo_dir(test_data_dir_.AppendASCII("empty"));
+  GROUP_POLICY_OBJECT gpo;
+  InitGPO(&gpo, 0, gpo_dir, NULL, NULL);
+  gpo_list_ = &gpo;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  PolicyBundle empty;
+  EXPECT_TRUE(Matches(empty));
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyNonExistingFile) {
+  InstallRegistrySentinel();
+  GROUP_POLICY_OBJECT gpo;
+  InitGPO(&gpo, 0, test_data_dir_, NULL, NULL);
+  gpo_list_ = &gpo;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesRegistrySentinel());
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyBadPath) {
+  InstallRegistrySentinel();
+  base::FilePath gpo_dir(test_data_dir_.AppendASCII("bad"));
+  GROUP_POLICY_OBJECT gpo;
+  InitGPO(&gpo, 0, gpo_dir, NULL, NULL);
+  gpo_list_ = &gpo;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesRegistrySentinel());
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyPresent) {
+  InstallRegistrySentinel();
+  base::FilePath gpo_dir(test_data_dir_.AppendASCII("test1"));
+  GROUP_POLICY_OBJECT gpo;
+  InitGPO(&gpo, 0, gpo_dir, NULL, NULL);
+  gpo_list_ = &gpo;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesTestBundle());
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyMerged) {
+  InstallRegistrySentinel();
+  base::FilePath gpo1_dir(test_data_dir_.AppendASCII("test2"));
+  base::FilePath gpo2_dir(test_data_dir_.AppendASCII("test1"));
+  GROUP_POLICY_OBJECT gpo1;
+  GROUP_POLICY_OBJECT gpo2;
+  InitGPO(&gpo1, 0, gpo1_dir, &gpo2, NULL);
+  InitGPO(&gpo2, 0, gpo2_dir, NULL, &gpo1);
+  gpo_list_ = &gpo1;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesTestBundle());
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyDisabled) {
+  InstallRegistrySentinel();
+  base::FilePath gpo1_dir(test_data_dir_.AppendASCII("test1"));
+  base::FilePath gpo2_dir(test_data_dir_.AppendASCII("test2"));
+  GROUP_POLICY_OBJECT gpo1;
+  GROUP_POLICY_OBJECT gpo2;
+  InitGPO(&gpo1, 0, gpo1_dir, &gpo2, NULL);
+  InitGPO(&gpo2, GPO_FLAG_DISABLE, gpo2_dir, NULL, &gpo1);
+  gpo_list_ = &gpo1;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesTestBundle());
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyForcedPolicy) {
+  InstallRegistrySentinel();
+  base::FilePath gpo1_dir(test_data_dir_.AppendASCII("test1"));
+  base::FilePath gpo2_dir(test_data_dir_.AppendASCII("test2"));
+  GROUP_POLICY_OBJECT gpo1;
+  GROUP_POLICY_OBJECT gpo2;
+  InitGPO(&gpo1, GPO_FLAG_FORCE, gpo1_dir, &gpo2, NULL);
+  InitGPO(&gpo2, 0, gpo2_dir, NULL, &gpo1);
+  gpo_list_ = &gpo1;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesTestBundle());
+}
+
+TEST_F(PolicyLoaderWinTest, AppliedPolicyUNCPath) {
+  InstallRegistrySentinel();
+  base::FilePath gpo_dir(test_data_dir_.AppendASCII("test1"));
+  base::FilePath unc_path(L"\\\\some_share\\GPO");
+  GROUP_POLICY_OBJECT gpo1;
+  GROUP_POLICY_OBJECT gpo2;
+  InitGPO(&gpo1, 0, gpo_dir, &gpo2, NULL);
+  InitGPO(&gpo2, 0, unc_path, NULL, &gpo1);
+  gpo_list_ = &gpo1;
+  gpo_list_status_ = ERROR_SUCCESS;
+
+  EXPECT_TRUE(MatchesRegistrySentinel());
+}
+
 }  // namespace policy