Policy implementation for encryptfs to ext4 migration strategy

chrome/browser/chromeos/arc/arc_util_unittest.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_util.h"
 
 #include <memory>
 
 #include "base/command_line.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/sys_info.h"
 #include "base/test/scoped_command_line.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_flow.h"
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/chromeos/settings/install_attributes.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/testing_profile.h"
+#include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
+#include "components/prefs/pref_service_factory.h"
 #include "components/prefs/testing_pref_service.h"
+#include "components/prefs/testing_pref_store.h"
 #include "components/signin/core/account_id/account_id.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user_manager.h"
 #include "components/user_manager/user_names.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace arc {
 namespace util {
 
 namespace {
 
 constexpr char kTestProfileName[] = "user@gmail.com";
 constexpr char kTestGaiaId[] = "1234567890";
 
+// The constants matching the values from DeviceEcryptfsMigrationStrategy
+// policy.
+constexpr int kMigrationAllowedPolicyUnset = 0;
+constexpr int kMigrationAllowedPolicyDisabled = 1;
+constexpr int kMigrationAllowedPolicyEnabled = 2;
+
 class ScopedLogIn {
  public:
   ScopedLogIn(
       chromeos::FakeChromeUserManager* fake_user_manager,
       const AccountId& account_id,
       user_manager::UserType user_type = user_manager::USER_TYPE_REGULAR)
       : fake_user_manager_(fake_user_manager), account_id_(account_id) {
     switch (user_type) {
       case user_manager::USER_TYPE_REGULAR:  // fallthrough
       case user_manager::USER_TYPE_ACTIVE_DIRECTORY:
@@ skipping 29 matching lines @@
   }
 
   void LogOut() { fake_user_manager_->RemoveUserFromList(account_id_); }
 
   chromeos::FakeChromeUserManager* fake_user_manager_;
   const AccountId account_id_;
 
   DISALLOW_COPY_AND_ASSIGN(ScopedLogIn);
 };
 
+class FakeInstallAttributesManaged : public chromeos::InstallAttributes {
+ public:
+  FakeInstallAttributesManaged() : chromeos::InstallAttributes(nullptr) {
+    device_locked_ = true;
+  }
+
+  ~FakeInstallAttributesManaged() {
+    policy::BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting();
+  }
+
+  void SetIsManaged(bool is_managed) {
+    if (is_managed)

[hidehiko, 2017/06/09 09:40:39]

nit/style/optional: I'd recommend ?: for this case to avoid |registration_mode_|
twice.

[igorcov, 2017/06/09 12:55:12]

Done.

+      registration_mode_ = policy::DEVICE_MODE_ENTERPRISE;
+    else
+      registration_mode_ = policy::DEVICE_MODE_CONSUMER;
+  }
+};
+
 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager {
  public:
   FakeUserManagerWithLocalState()
       : test_local_state_(base::MakeUnique<TestingPrefServiceSimple>()) {
     RegisterPrefs(test_local_state_->registry());
   }
 
   PrefService* GetLocalState() const override {
-    return test_local_state_.get();
+    if (pref_service_)

[hidehiko, 2017/06/09 09:40:39]

style:
if (pref_service_)
  return pref_service_;
return test_local_state_.get();

https://chromium.googlesource.com/chromium/src/+/master/styleguide/c++/c++.md...

[igorcov, 2017/06/09 12:55:12]

Done.

+      return pref_service_;
+    else
+      return test_local_state_.get();
+  }
+
+  void SetLocalState(PrefService* pref_service) {
+    pref_service_ = pref_service;
   }
 
  private:
   std::unique_ptr<TestingPrefServiceSimple> test_local_state_;
+  PrefService* pref_service_ = nullptr;
 
   DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState);
 };
 
 }  // namespace
 
 class ChromeArcUtilTest : public testing::Test {
  public:
-  ChromeArcUtilTest() = default;
+  ChromeArcUtilTest() {
+    std::unique_ptr<FakeInstallAttributesManaged> attributes =

[hidehiko, 2017/06/09 09:40:39]

nit/optional: auto may help you to avoid the longer type twice.

auto attirbutes = base::MakeUnique<FakeInstallAttributesManaged>();

[igorcov, 2017/06/09 12:55:12]

Done.

+        base::MakeUnique<FakeInstallAttributesManaged>();
+    attributes_ = attributes.get();
+    policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
+        attributes.release());
+  }
+
   ~ChromeArcUtilTest() override = default;
 
   void SetUp() override {
     command_line_ = base::MakeUnique<base::test::ScopedCommandLine>();
 
     user_manager_enabler_ =
         base::MakeUnique<chromeos::ScopedUserManagerEnabler>(
             new FakeUserManagerWithLocalState());
     chromeos::WallpaperManager::Initialize();
     profile_ = base::MakeUnique<TestingProfile>();
     profile_->set_profile_name(kTestProfileName);
   }
 
   void TearDown() override {
     profile_.reset();
     chromeos::WallpaperManager::Shutdown();
     user_manager_enabler_.reset();
     command_line_.reset();
   }
 
   TestingProfile* profile() { return profile_.get(); }
 
   chromeos::FakeChromeUserManager* GetFakeUserManager() const {
     return static_cast<chromeos::FakeChromeUserManager*>(
         user_manager::UserManager::Get());
   }
 
+  FakeUserManagerWithLocalState* GetFakeUserManagerWithLocalState() const {
+    return static_cast<FakeUserManagerWithLocalState*>(
+        user_manager::UserManager::Get());
+  }
+
+  void SetDeviceIsEnterpriseManaged(bool is_managed) {
+    attributes_->SetIsManaged(is_managed);
+  }
+
   void LogIn() {
     const auto account_id = AccountId::FromUserEmailGaiaId(
         profile()->GetProfileUserName(), kTestGaiaId);
     GetFakeUserManager()->AddUser(account_id);
     GetFakeUserManager()->LoginUser(account_id);
   }
 
  private:
   std::unique_ptr<base::test::ScopedCommandLine> command_line_;
   content::TestBrowserThreadBundle thread_bundle_;
   std::unique_ptr<chromeos::ScopedUserManagerEnabler> user_manager_enabler_;
   std::unique_ptr<TestingProfile> profile_;
+  FakeInstallAttributesManaged* attributes_;
 
   DISALLOW_COPY_AND_ASSIGN(ChromeArcUtilTest);
 };
 
 TEST_F(ChromeArcUtilTest, IsArcAllowedForProfile) {
   base::CommandLine::ForCurrentProcess()->InitFromArgv(
       {"", "--arc-availability=officially-supported"});
   ScopedLogIn login(GetFakeUserManager(),
                     AccountId::FromUserEmailGaiaId(
                         profile()->GetProfileUserName(), kTestGaiaId));
@@ skipping 305 matching lines @@
   profile()->GetTestingPrefService()->SetManagedPref(
       prefs::kArcLocationServiceEnabled, base::MakeUnique<base::Value>(false));
   EXPECT_FALSE(AreArcAllOptInPreferencesManagedForProfile(profile()));
 
   // Both OptIn prefs are set to managed values, and the function returns true.
   profile()->GetTestingPrefService()->SetManagedPref(
       prefs::kArcBackupRestoreEnabled, base::MakeUnique<base::Value>(false));
   EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile()));
 }
 
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedDeviceOwned) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged(false);
+  ScopedLogIn login(GetFakeUserManager(),
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+  EXPECT_TRUE(IsArcAllowedForProfile(profile()));
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedNoPolicy) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged(true);
+  ScopedLogIn login(GetFakeUserManager(),
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+
+  EXPECT_FALSE(IsArcAllowedForProfile(profile()));
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyAllowed) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged(true);
+  FakeUserManagerWithLocalState* fake_user_manager =
+      GetFakeUserManagerWithLocalState();
+  PrefServiceFactory pref_service_factory;
+  scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore());
+  scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore());
+  managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                                 kMigrationAllowedPolicyEnabled);
+  pref_service_factory.set_managed_prefs(managed_pref_store.get());
+  pref_service_factory.set_user_prefs(user_pref_store.get());
+  scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple());
+  registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy,
+                                kMigrationAllowedPolicyUnset);
+  std::unique_ptr<PrefService> pref_service(
+      pref_service_factory.Create(registry.get()));
+  pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                           kMigrationAllowedPolicyEnabled);
+  fake_user_manager->SetLocalState(pref_service.get());
+  ScopedLogIn login(fake_user_manager,
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+
+  EXPECT_TRUE(IsArcAllowedForProfile(profile()));
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyDisabled) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged(true);
+  FakeUserManagerWithLocalState* fake_user_manager =
+      GetFakeUserManagerWithLocalState();
+  PrefServiceFactory pref_service_factory;
+  scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore());
+  scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore());
+  managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                                 kMigrationAllowedPolicyDisabled);
+  pref_service_factory.set_managed_prefs(managed_pref_store.get());
+  pref_service_factory.set_user_prefs(user_pref_store.get());
+  scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple());
+  registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy,
+                                kMigrationAllowedPolicyUnset);
+  std::unique_ptr<PrefService> pref_service(
+      pref_service_factory.Create(registry.get()));
+  pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                           kMigrationAllowedPolicyDisabled);
+  fake_user_manager->SetLocalState(pref_service.get());
+  ScopedLogIn login(fake_user_manager,
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+
+  EXPECT_FALSE(IsArcAllowedForProfile(profile()));
+}
+
 }  // namespace util
 }  // namespace arc