Chromium Code Reviews Chromium Code Reviews
Issue 2890843002:
Policy implementation for encryptfs to ext4 migration strategy (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/arc/arc_util.h" | 5 #include "chrome/browser/chromeos/arc/arc_util.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "base/sys_info.h" | 12 #include "base/sys_info.h" |
| 13 #include "base/test/scoped_command_line.h" | 13 #include "base/test/scoped_command_line.h" |
| 14 #include "base/values.h" | 14 #include "base/values.h" |
| 15 #include "chrome/browser/chromeos/arc/arc_session_manager.h" | 15 #include "chrome/browser/chromeos/arc/arc_session_manager.h" |
| 16 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_flow .h" | 16 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_flow .h" |
| 17 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h" | 17 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h" |
| 18 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" | 18 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" |
| 19 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h" | 19 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h" |
| 20 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
| 20 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 21 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 22 #include "chrome/browser/chromeos/settings/install_attributes.h" | |
| 21 #include "chrome/browser/profiles/profile.h" | 23 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chrome/common/pref_names.h" | 24 #include "chrome/common/pref_names.h" |
| 23 #include "chrome/test/base/testing_profile.h" | 25 #include "chrome/test/base/testing_profile.h" |
| 26 #include "components/prefs/pref_registry_simple.h" | |
| 24 #include "components/prefs/pref_service.h" | 27 #include "components/prefs/pref_service.h" |
| 28 #include "components/prefs/pref_service_factory.h" | |
| 25 #include "components/prefs/testing_pref_service.h" | 29 #include "components/prefs/testing_pref_service.h" |
| 30 #include "components/prefs/testing_pref_store.h" | |
| 26 #include "components/signin/core/account_id/account_id.h" | 31 #include "components/signin/core/account_id/account_id.h" |
| 27 #include "components/sync_preferences/testing_pref_service_syncable.h" | 32 #include "components/sync_preferences/testing_pref_service_syncable.h" |
| 28 #include "components/user_manager/known_user.h" | 33 #include "components/user_manager/known_user.h" |
| 29 #include "components/user_manager/user_manager.h" | 34 #include "components/user_manager/user_manager.h" |
| 30 #include "components/user_manager/user_names.h" | 35 #include "components/user_manager/user_names.h" |
| 31 #include "content/public/test/test_browser_thread_bundle.h" | 36 #include "content/public/test/test_browser_thread_bundle.h" |
| 32 #include "testing/gtest/include/gtest/gtest.h" | 37 #include "testing/gtest/include/gtest/gtest.h" |
| 33 | 38 |
| 34 namespace arc { | 39 namespace arc { |
| 35 namespace util { | 40 namespace util { |
| 36 | 41 |
| 37 namespace { | 42 namespace { |
| 38 | 43 |
| 39 constexpr char kTestProfileName[] = "user@gmail.com"; | 44 constexpr char kTestProfileName[] = "user@gmail.com"; |
| 40 constexpr char kTestGaiaId[] = "1234567890"; | 45 constexpr char kTestGaiaId[] = "1234567890"; |
| 41 | 46 |
| 47 // The constants matching the values from DeviceEcryptfsMigrationStrategy | |
| 48 // policy. | |
| 49 constexpr int kMigrationAllowedPolicyUnset = 0; | |
| 50 constexpr int kMigrationAllowedPolicyDisabled = 1; | |
| 51 constexpr int kMigrationAllowedPolicyEnabled = 2; | |
| 52 | |
| 42 class ScopedLogIn { | 53 class ScopedLogIn { |
| 43 public: | 54 public: |
| 44 ScopedLogIn( | 55 ScopedLogIn( |
| 45 chromeos::FakeChromeUserManager* fake_user_manager, | 56 chromeos::FakeChromeUserManager* fake_user_manager, |
| 46 const AccountId& account_id, | 57 const AccountId& account_id, |
| 47 user_manager::UserType user_type = user_manager::USER_TYPE_REGULAR) | 58 user_manager::UserType user_type = user_manager::USER_TYPE_REGULAR) |
| 48 : fake_user_manager_(fake_user_manager), account_id_(account_id) { | 59 : fake_user_manager_(fake_user_manager), account_id_(account_id) { |
| 49 switch (user_type) { | 60 switch (user_type) { |
| 50 case user_manager::USER_TYPE_REGULAR: // fallthrough | 61 case user_manager::USER_TYPE_REGULAR: // fallthrough |
| 51 case user_manager::USER_TYPE_ACTIVE_DIRECTORY: | 62 case user_manager::USER_TYPE_ACTIVE_DIRECTORY: |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 81 } | 92 } |
| 82 | 93 |
| 83 void LogOut() { fake_user_manager_->RemoveUserFromList(account_id_); } | 94 void LogOut() { fake_user_manager_->RemoveUserFromList(account_id_); } |
| 84 | 95 |
| 85 chromeos::FakeChromeUserManager* fake_user_manager_; | 96 chromeos::FakeChromeUserManager* fake_user_manager_; |
| 86 const AccountId account_id_; | 97 const AccountId account_id_; |
| 87 | 98 |
| 88 DISALLOW_COPY_AND_ASSIGN(ScopedLogIn); | 99 DISALLOW_COPY_AND_ASSIGN(ScopedLogIn); |
| 89 }; | 100 }; |
| 90 | 101 |
| 102 class FakeInstallAttributesManaged : public chromeos::InstallAttributes { | |
| 103 public: | |
| 104 FakeInstallAttributesManaged() : chromeos::InstallAttributes(nullptr) { | |
| 105 device_locked_ = true; | |
| 106 registration_mode_ = policy::DEVICE_MODE_ENTERPRISE; | |
| 107 } | |
| 108 | |
| 109 ~FakeInstallAttributesManaged() { | |
| 110 policy::BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting(); | |
| 111 } | |
| 112 }; | |
| 113 | |
| 91 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager { | 114 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager { |
| 92 public: | 115 public: |
| 93 FakeUserManagerWithLocalState() | 116 FakeUserManagerWithLocalState() |
| 94 : test_local_state_(base::MakeUnique<TestingPrefServiceSimple>()) { | 117 : test_local_state_(base::MakeUnique<TestingPrefServiceSimple>()) { |
| 95 RegisterPrefs(test_local_state_->registry()); | 118 RegisterPrefs(test_local_state_->registry()); |
| 96 } | 119 } |
| 97 | 120 |
| 98 PrefService* GetLocalState() const override { | 121 PrefService* GetLocalState() const override { |
| 99 return test_local_state_.get(); | 122 if (pref_service_) |
| 123 return pref_service_; | |
| 124 else | |
| 125 return test_local_state_.get(); | |
| 126 } | |
| 127 | |
| 128 void SetLocalState(PrefService* pref_service) { | |
| 129 pref_service_ = pref_service; | |
| 100 } | 130 } |
| 101 | 131 |
| 102 private: | 132 private: |
| 103 std::unique_ptr<TestingPrefServiceSimple> test_local_state_; | 133 std::unique_ptr<TestingPrefServiceSimple> test_local_state_; |
| 134 PrefService* pref_service_ = nullptr; | |
| 104 | 135 |
| 105 DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState); | 136 DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState); |
| 106 }; | 137 }; |
| 107 | 138 |
| 108 } // namespace | 139 } // namespace |
| 109 | 140 |
| 110 class ChromeArcUtilTest : public testing::Test { | 141 class ChromeArcUtilTest : public testing::Test { |
| 111 public: | 142 public: |
| 112 ChromeArcUtilTest() = default; | 143 ChromeArcUtilTest() = default; |
| 113 ~ChromeArcUtilTest() override = default; | 144 ~ChromeArcUtilTest() override = default; |
| (...skipping 16 matching lines...) Expand all Loading... | |
| 130 command_line_.reset(); | 161 command_line_.reset(); |
| 131 } | 162 } |
| 132 | 163 |
| 133 TestingProfile* profile() { return profile_.get(); } | 164 TestingProfile* profile() { return profile_.get(); } |
| 134 | 165 |
| 135 chromeos::FakeChromeUserManager* GetFakeUserManager() const { | 166 chromeos::FakeChromeUserManager* GetFakeUserManager() const { |
| 136 return static_cast<chromeos::FakeChromeUserManager*>( | 167 return static_cast<chromeos::FakeChromeUserManager*>( |
| 137 user_manager::UserManager::Get()); | 168 user_manager::UserManager::Get()); |
| 138 } | 169 } |
| 139 | 170 |
| 171 FakeUserManagerWithLocalState* GetFakeUserManagerWithLocalState() const { | |
| 172 return static_cast<FakeUserManagerWithLocalState*>( | |
| 173 user_manager::UserManager::Get()); | |
| 174 } | |
| 175 | |
| 176 void SetDeviceIsEnterpriseManaged() { | |
| 177 // Set up fake install attributes. | |
| 178 std::unique_ptr<FakeInstallAttributesManaged> attributes = | |
| 179 base::MakeUnique<FakeInstallAttributesManaged>(); | |
| 180 policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting( | |
| 181 attributes.release()); | |
| 182 } | |
| 183 | |
| 140 void LogIn() { | 184 void LogIn() { |
| 141 const auto account_id = AccountId::FromUserEmailGaiaId( | 185 const auto account_id = AccountId::FromUserEmailGaiaId( |
| 142 profile()->GetProfileUserName(), kTestGaiaId); | 186 profile()->GetProfileUserName(), kTestGaiaId); |
| 143 GetFakeUserManager()->AddUser(account_id); | 187 GetFakeUserManager()->AddUser(account_id); |
| 144 GetFakeUserManager()->LoginUser(account_id); | 188 GetFakeUserManager()->LoginUser(account_id); |
| 145 } | 189 } |
| 146 | 190 |
| 147 private: | 191 private: |
| 148 std::unique_ptr<base::test::ScopedCommandLine> command_line_; | 192 std::unique_ptr<base::test::ScopedCommandLine> command_line_; |
| 149 content::TestBrowserThreadBundle thread_bundle_; | 193 content::TestBrowserThreadBundle thread_bundle_; |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 467 profile()->GetTestingPrefService()->SetManagedPref( | 511 profile()->GetTestingPrefService()->SetManagedPref( |
| 468 prefs::kArcLocationServiceEnabled, base::MakeUnique<base::Value>(false)); | 512 prefs::kArcLocationServiceEnabled, base::MakeUnique<base::Value>(false)); |
| 469 EXPECT_FALSE(AreArcAllOptInPreferencesManagedForProfile(profile())); | 513 EXPECT_FALSE(AreArcAllOptInPreferencesManagedForProfile(profile())); |
| 470 | 514 |
| 471 // Both OptIn prefs are set to managed values, and the function returns true. | 515 // Both OptIn prefs are set to managed values, and the function returns true. |
| 472 profile()->GetTestingPrefService()->SetManagedPref( | 516 profile()->GetTestingPrefService()->SetManagedPref( |
| 473 prefs::kArcBackupRestoreEnabled, base::MakeUnique<base::Value>(false)); | 517 prefs::kArcBackupRestoreEnabled, base::MakeUnique<base::Value>(false)); |
| 474 EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile())); | 518 EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile())); |
| 475 } | 519 } |
| 476 | 520 |
| 521 TEST_F(ChromeArcUtilTest, IsMigrationAllowedDeviceOwned) { | |
|
hidehiko
2017/06/07 12:22:21
Nice test coverage!
igorcov
2017/06/08 10:42:25
Thanks.
| |
| 522 ResetGlobalDataForTesting(); | |
| 523 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 524 command_line->InitFromArgv({"", "--initial-encryption-ecryptfs", | |
| 525 "--arc-availability=officially-supported"}); | |
| 526 ScopedLogIn login(GetFakeUserManager(), | |
| 527 AccountId::FromUserEmailGaiaId( | |
| 528 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 529 EXPECT_TRUE(IsArcAllowedForProfile(profile())); | |
| 530 } | |
| 531 | |
| 532 TEST_F(ChromeArcUtilTest, IsMigrationAllowedNoPolicy) { | |
| 533 ResetGlobalDataForTesting(); | |
| 534 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 535 command_line->InitFromArgv({"", "--initial-encryption-ecryptfs", | |
| 536 "--arc-availability=officially-supported"}); | |
| 537 SetDeviceIsEnterpriseManaged(); | |
| 538 | |
| 539 ScopedLogIn login(GetFakeUserManager(), | |
| 540 AccountId::FromUserEmailGaiaId( | |
| 541 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 542 EXPECT_FALSE(IsArcAllowedForProfile(profile())); | |
| 543 } | |
| 544 | |
| 545 TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyAllowed) { | |
| 546 ResetGlobalDataForTesting(); | |
| 547 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 548 command_line->InitFromArgv({"", "--initial-encryption-ecryptfs", | |
| 549 "--arc-availability=officially-supported"}); | |
| 550 | |
| 551 SetDeviceIsEnterpriseManaged(); | |
| 552 | |
| 553 FakeUserManagerWithLocalState* fake_user_manager = | |
| 554 GetFakeUserManagerWithLocalState(); | |
| 555 | |
| 556 PrefServiceFactory pref_service_factory; | |
| 557 scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore); | |
|
hidehiko
2017/06/07 12:22:20
nit/style: Please use "new T()", instead of "new T
igorcov
2017/06/08 10:42:26
Done.
| |
| 558 scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore); | |
| 559 managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 560 kMigrationAllowedPolicyEnabled); | |
| 561 pref_service_factory.set_managed_prefs(managed_pref_store.get()); | |
| 562 pref_service_factory.set_user_prefs(user_pref_store.get()); | |
| 563 scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple); | |
| 564 registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 565 kMigrationAllowedPolicyUnset); | |
| 566 std::unique_ptr<PrefService> pref_service( | |
| 567 pref_service_factory.Create(registry.get())); | |
| 568 pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 569 kMigrationAllowedPolicyEnabled); | |
| 570 | |
| 571 fake_user_manager->SetLocalState(pref_service.get()); | |
| 572 | |
| 573 ScopedLogIn login(fake_user_manager, | |
| 574 AccountId::FromUserEmailGaiaId( | |
| 575 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 576 | |
| 577 EXPECT_TRUE(IsArcAllowedForProfile(profile())); | |
| 578 } | |
| 579 | |
| 580 TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyDisabled) { | |
| 581 ResetGlobalDataForTesting(); | |
| 582 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 583 command_line->InitFromArgv({"", "--initial-encryption-ecryptfs", | |
| 584 "--arc-availability=officially-supported"}); | |
| 585 | |
| 586 SetDeviceIsEnterpriseManaged(); | |
| 587 | |
| 588 FakeUserManagerWithLocalState* fake_user_manager = | |
| 589 GetFakeUserManagerWithLocalState(); | |
| 590 | |
| 591 PrefServiceFactory pref_service_factory; | |
| 592 scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore); | |
| 593 scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore); | |
| 594 managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 595 kMigrationAllowedPolicyDisabled); | |
| 596 pref_service_factory.set_managed_prefs(managed_pref_store.get()); | |
| 597 pref_service_factory.set_user_prefs(user_pref_store.get()); | |
| 598 scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple); | |
| 599 registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 600 kMigrationAllowedPolicyUnset); | |
| 601 std::unique_ptr<PrefService> pref_service( | |
| 602 pref_service_factory.Create(registry.get())); | |
| 603 pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 604 kMigrationAllowedPolicyDisabled); | |
| 605 | |
| 606 fake_user_manager->SetLocalState(pref_service.get()); | |
| 607 | |
| 608 ScopedLogIn login(fake_user_manager, | |
| 609 AccountId::FromUserEmailGaiaId( | |
| 610 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 611 | |
| 612 EXPECT_FALSE(IsArcAllowedForProfile(profile())); | |
| 613 } | |
| 614 | |
| 477 } // namespace util | 615 } // namespace util |
| 478 } // namespace arc | 616 } // namespace arc |
| OLD | NEW |
