cros: Ensure quick unlock is disabled by default for enterprise policy.

components/policy/tools/generate_policy_source.py

 #!/usr/bin/env python
 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 '''python %prog [options] platform chromium_os_flag template
 
 platform specifies which platform source is being generated for
   and can be one of (win, mac, linux)
 chromium_os_flag should be 1 if this is a Chromium OS build
@@ skipping 728 matching lines @@
     if policy.has_enterprise_default:
       if policy.policy_type == 'Type::BOOLEAN':
         creation_expression = 'new base::FundamentalValue(%s)' %\
                               ('true' if policy.enterprise_default else 'false')
       elif policy.policy_type == 'Type::INTEGER':
         creation_expression = 'new base::FundamentalValue(%s)' %\
                               policy.enterprise_default
       elif policy.policy_type == 'Type::STRING':
         creation_expression = 'new base::StringValue("%s")' %\
                               policy.enterprise_default
+      elif (policy.policy_type == 'Type::LIST' and

[pastarmovj, 2017/01/23 23:38:12]

If I get this right this code will only work for empty lists right? Any other
case is not handled. Since you are adding this case I would appreciate if it
covers non-empty lists too. 

I know it will be more involved than the other cases above but I think we should
strive for correctness here.

Also in the spirit of the results of the last Googlegeist I shall ask you to
write some tests for this code especially since your case will be more complex
than the trivial ones above. :)

[Thiemo Nagel, 2017/01/24 10:27:35]

+1 to that.

[jdufault, 2017/01/25 01:32:43]

I've extended the logic, but I don't see a relatively reasonable way to test
this. The existing tests just load up existing policy (generated via the normal
compile cycle) and check if the default value is set (ie, e2e test). I don't see
any support for explicitly invoking this python file and giving it arbitrary
input.

While testing would be nice, it looks like a much bigger task than what this CL
should encompass.

[pastarmovj, 2017/01/25 15:28:05]

I think the easiest (and complete) way to test this is to write a python test
file similar to the PRESUBMIT_test.py in src/ that will invoke this script pass
it a minimal json file and verify the output matches the expected result.

I think it is indeed a good idea to do this in a separate CL (optimally tracked
by a separate bug). However I will appreciate it if you would bootstrap this
effort now that you have spent some time with this code. 

+            policy.enterprise_default == []):
+        creation_expression = 'new base::ListValue()'
       else:
         raise RuntimeError('Type %s of policy %s is not supported at '
                            'enterprise defaults' % (policy.policy_type,
                                                     policy.name))
       f.write('  if (!policy_map->Get(key::k%s)) {\n'
               '    policy_map->Set(key::k%s,\n'
               '                    POLICY_LEVEL_MANDATORY,\n'
               '                    POLICY_SCOPE_USER,\n'
               '                    POLICY_SOURCE_ENTERPRISE_DEFAULT,\n'
               '                    base::WrapUnique(%s),\n'
@@ skipping 413 matching lines @@
   f.write('<restrictions xmlns:android="'
           'http://schemas.android.com/apk/res/android">\n\n')
   for policy in policies:
     if (policy.is_supported and policy.restriction_type != 'invalid' and
          not policy.is_deprecated and not policy.is_future):
       WriteAppRestriction(policy)
   f.write('</restrictions>')
 
 if __name__ == '__main__':
   sys.exit(main())