Chromium Code Reviews Chromium Code Reviews
Issue 2890843002:
Policy implementation for encryptfs to ext4 migration strategy (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/arc/arc_util.h" | 5 #include "chrome/browser/chromeos/arc/arc_util.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/macros.h" | 10 #include "base/macros.h" |
| 11 #include "base/memory/ptr_util.h" | 11 #include "base/memory/ptr_util.h" |
| 12 #include "base/sys_info.h" | 12 #include "base/sys_info.h" |
| 13 #include "base/test/scoped_command_line.h" | 13 #include "base/test/scoped_command_line.h" |
| 14 #include "base/values.h" | 14 #include "base/values.h" |
| 15 #include "chrome/browser/chromeos/arc/arc_session_manager.h" | 15 #include "chrome/browser/chromeos/arc/arc_session_manager.h" |
| 16 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_flow .h" | 16 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_flow .h" |
| 17 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h" | 17 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h" |
| 18 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" | 18 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h" |
| 19 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h" | 19 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h" |
| 20 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | |
| 20 #include "chrome/browser/chromeos/profiles/profile_helper.h" | 21 #include "chrome/browser/chromeos/profiles/profile_helper.h" |
| 22 #include "chrome/browser/chromeos/settings/install_attributes.h" | |
| 21 #include "chrome/browser/profiles/profile.h" | 23 #include "chrome/browser/profiles/profile.h" |
| 22 #include "chrome/common/pref_names.h" | 24 #include "chrome/common/pref_names.h" |
| 23 #include "chrome/test/base/testing_profile.h" | 25 #include "chrome/test/base/testing_profile.h" |
| 26 #include "components/prefs/pref_registry_simple.h" | |
| 24 #include "components/prefs/pref_service.h" | 27 #include "components/prefs/pref_service.h" |
| 28 #include "components/prefs/pref_service_factory.h" | |
| 25 #include "components/prefs/testing_pref_service.h" | 29 #include "components/prefs/testing_pref_service.h" |
| 30 #include "components/prefs/testing_pref_store.h" | |
| 26 #include "components/signin/core/account_id/account_id.h" | 31 #include "components/signin/core/account_id/account_id.h" |
| 27 #include "components/sync_preferences/testing_pref_service_syncable.h" | 32 #include "components/sync_preferences/testing_pref_service_syncable.h" |
| 28 #include "components/user_manager/known_user.h" | 33 #include "components/user_manager/known_user.h" |
| 29 #include "components/user_manager/user_manager.h" | 34 #include "components/user_manager/user_manager.h" |
| 30 #include "components/user_manager/user_names.h" | 35 #include "components/user_manager/user_names.h" |
| 31 #include "content/public/test/test_browser_thread_bundle.h" | 36 #include "content/public/test/test_browser_thread_bundle.h" |
| 32 #include "testing/gtest/include/gtest/gtest.h" | 37 #include "testing/gtest/include/gtest/gtest.h" |
| 33 | 38 |
| 34 namespace arc { | 39 namespace arc { |
| 35 namespace util { | 40 namespace util { |
| 36 | 41 |
| 37 namespace { | 42 namespace { |
| 38 | 43 |
| 39 constexpr char kTestProfileName[] = "user@gmail.com"; | 44 constexpr char kTestProfileName[] = "user@gmail.com"; |
| 40 constexpr char kTestGaiaId[] = "1234567890"; | 45 constexpr char kTestGaiaId[] = "1234567890"; |
| 41 | 46 |
| 47 // The constants matching the values from DeviceEcryptfsMigrationStrategy | |
| 48 // policy. | |
| 49 constexpr int kMigrationAllowedPolicyUnset = 0; | |
| 50 constexpr int kMigrationAllowedPolicyDisabled = 1; | |
| 51 constexpr int kMigrationAllowedPolicyEnabled = 2; | |
| 52 | |
| 42 class ScopedLogIn { | 53 class ScopedLogIn { |
| 43 public: | 54 public: |
| 44 ScopedLogIn( | 55 ScopedLogIn( |
| 45 chromeos::FakeChromeUserManager* fake_user_manager, | 56 chromeos::FakeChromeUserManager* fake_user_manager, |
| 46 const AccountId& account_id, | 57 const AccountId& account_id, |
| 47 user_manager::UserType user_type = user_manager::USER_TYPE_REGULAR) | 58 user_manager::UserType user_type = user_manager::USER_TYPE_REGULAR) |
| 48 : fake_user_manager_(fake_user_manager), account_id_(account_id) { | 59 : fake_user_manager_(fake_user_manager), account_id_(account_id) { |
| 49 switch (user_type) { | 60 switch (user_type) { |
| 50 case user_manager::USER_TYPE_REGULAR: // fallthrough | 61 case user_manager::USER_TYPE_REGULAR: // fallthrough |
| 51 case user_manager::USER_TYPE_ACTIVE_DIRECTORY: | 62 case user_manager::USER_TYPE_ACTIVE_DIRECTORY: |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 81 } | 92 } |
| 82 | 93 |
| 83 void LogOut() { fake_user_manager_->RemoveUserFromList(account_id_); } | 94 void LogOut() { fake_user_manager_->RemoveUserFromList(account_id_); } |
| 84 | 95 |
| 85 chromeos::FakeChromeUserManager* fake_user_manager_; | 96 chromeos::FakeChromeUserManager* fake_user_manager_; |
| 86 const AccountId account_id_; | 97 const AccountId account_id_; |
| 87 | 98 |
| 88 DISALLOW_COPY_AND_ASSIGN(ScopedLogIn); | 99 DISALLOW_COPY_AND_ASSIGN(ScopedLogIn); |
| 89 }; | 100 }; |
| 90 | 101 |
| 102 class FakeInstallAttributesManaged : public chromeos::InstallAttributes { | |
| 103 public: | |
| 104 FakeInstallAttributesManaged() : chromeos::InstallAttributes(nullptr) { | |
| 105 device_locked_ = true; | |
| 106 } | |
| 107 | |
| 108 ~FakeInstallAttributesManaged() { | |
| 109 policy::BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting(); | |
| 110 } | |
| 111 | |
| 112 void SetIsManaged(bool is_managed) { | |
| 113 registration_mode_ = is_managed ? policy::DEVICE_MODE_ENTERPRISE | |
|
bartfab (slow)
2017/06/12 12:49:04
Nit: #include "components/policy/core/common/cloud
igorcov
2017/06/12 16:50:10
Done.
| |
| 114 : policy::DEVICE_MODE_CONSUMER; | |
| 115 } | |
| 116 }; | |
| 117 | |
| 91 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager { | 118 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager { |
| 92 public: | 119 public: |
| 93 FakeUserManagerWithLocalState() | 120 FakeUserManagerWithLocalState() |
| 94 : test_local_state_(base::MakeUnique<TestingPrefServiceSimple>()) { | 121 : test_local_state_(base::MakeUnique<TestingPrefServiceSimple>()) { |
| 95 RegisterPrefs(test_local_state_->registry()); | 122 RegisterPrefs(test_local_state_->registry()); |
| 96 } | 123 } |
| 97 | 124 |
| 98 PrefService* GetLocalState() const override { | 125 PrefService* GetLocalState() const override { |
| 126 if (pref_service_) | |
| 127 return pref_service_; | |
| 99 return test_local_state_.get(); | 128 return test_local_state_.get(); |
| 100 } | 129 } |
| 101 | 130 |
| 131 void SetLocalState(PrefService* pref_service) { | |
| 132 pref_service_ = pref_service; | |
| 133 } | |
| 134 | |
| 102 private: | 135 private: |
| 103 std::unique_ptr<TestingPrefServiceSimple> test_local_state_; | 136 std::unique_ptr<TestingPrefServiceSimple> test_local_state_; |
| 137 PrefService* pref_service_ = nullptr; | |
|
bartfab (slow)
2017/06/12 12:49:04
How about calling this |local_state_| instead so t
igorcov
2017/06/12 16:50:10
Done.
| |
| 104 | 138 |
| 105 DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState); | 139 DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState); |
| 106 }; | 140 }; |
| 107 | 141 |
| 108 } // namespace | 142 } // namespace |
| 109 | 143 |
| 110 class ChromeArcUtilTest : public testing::Test { | 144 class ChromeArcUtilTest : public testing::Test { |
| 111 public: | 145 public: |
| 112 ChromeArcUtilTest() = default; | 146 ChromeArcUtilTest() { |
| 147 auto attributes = base::MakeUnique<FakeInstallAttributesManaged>(); | |
| 148 attributes_ = attributes.get(); | |
| 149 policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting( | |
| 150 attributes.release()); | |
| 151 } | |
| 152 | |
| 113 ~ChromeArcUtilTest() override = default; | 153 ~ChromeArcUtilTest() override = default; |
| 114 | 154 |
| 115 void SetUp() override { | 155 void SetUp() override { |
| 116 command_line_ = base::MakeUnique<base::test::ScopedCommandLine>(); | 156 command_line_ = base::MakeUnique<base::test::ScopedCommandLine>(); |
| 117 | 157 |
| 118 user_manager_enabler_ = | 158 user_manager_enabler_ = |
| 119 base::MakeUnique<chromeos::ScopedUserManagerEnabler>( | 159 base::MakeUnique<chromeos::ScopedUserManagerEnabler>( |
| 120 new FakeUserManagerWithLocalState()); | 160 new FakeUserManagerWithLocalState()); |
| 121 chromeos::WallpaperManager::Initialize(); | 161 chromeos::WallpaperManager::Initialize(); |
| 122 profile_ = base::MakeUnique<TestingProfile>(); | 162 profile_ = base::MakeUnique<TestingProfile>(); |
| 123 profile_->set_profile_name(kTestProfileName); | 163 profile_->set_profile_name(kTestProfileName); |
| 124 } | 164 } |
| 125 | 165 |
| 126 void TearDown() override { | 166 void TearDown() override { |
| 127 profile_.reset(); | 167 profile_.reset(); |
| 128 chromeos::WallpaperManager::Shutdown(); | 168 chromeos::WallpaperManager::Shutdown(); |
| 129 user_manager_enabler_.reset(); | 169 user_manager_enabler_.reset(); |
| 130 command_line_.reset(); | 170 command_line_.reset(); |
| 131 } | 171 } |
| 132 | 172 |
| 133 TestingProfile* profile() { return profile_.get(); } | 173 TestingProfile* profile() { return profile_.get(); } |
| 134 | 174 |
| 135 chromeos::FakeChromeUserManager* GetFakeUserManager() const { | 175 chromeos::FakeChromeUserManager* GetFakeUserManager() const { |
| 136 return static_cast<chromeos::FakeChromeUserManager*>( | 176 return static_cast<chromeos::FakeChromeUserManager*>( |
| 137 user_manager::UserManager::Get()); | 177 user_manager::UserManager::Get()); |
| 138 } | 178 } |
| 139 | 179 |
| 180 FakeUserManagerWithLocalState* GetFakeUserManagerWithLocalState() const { | |
| 181 return static_cast<FakeUserManagerWithLocalState*>( | |
| 182 user_manager::UserManager::Get()); | |
| 183 } | |
| 184 | |
| 185 void SetDeviceIsEnterpriseManaged(bool is_managed) { | |
| 186 attributes_->SetIsManaged(is_managed); | |
| 187 } | |
| 188 | |
| 140 void LogIn() { | 189 void LogIn() { |
| 141 const auto account_id = AccountId::FromUserEmailGaiaId( | 190 const auto account_id = AccountId::FromUserEmailGaiaId( |
| 142 profile()->GetProfileUserName(), kTestGaiaId); | 191 profile()->GetProfileUserName(), kTestGaiaId); |
| 143 GetFakeUserManager()->AddUser(account_id); | 192 GetFakeUserManager()->AddUser(account_id); |
| 144 GetFakeUserManager()->LoginUser(account_id); | 193 GetFakeUserManager()->LoginUser(account_id); |
| 145 } | 194 } |
| 146 | 195 |
| 147 private: | 196 private: |
| 148 std::unique_ptr<base::test::ScopedCommandLine> command_line_; | 197 std::unique_ptr<base::test::ScopedCommandLine> command_line_; |
| 149 content::TestBrowserThreadBundle thread_bundle_; | 198 content::TestBrowserThreadBundle thread_bundle_; |
| 150 std::unique_ptr<chromeos::ScopedUserManagerEnabler> user_manager_enabler_; | 199 std::unique_ptr<chromeos::ScopedUserManagerEnabler> user_manager_enabler_; |
| 151 std::unique_ptr<TestingProfile> profile_; | 200 std::unique_ptr<TestingProfile> profile_; |
| 201 FakeInstallAttributesManaged* attributes_; | |
| 152 | 202 |
| 153 DISALLOW_COPY_AND_ASSIGN(ChromeArcUtilTest); | 203 DISALLOW_COPY_AND_ASSIGN(ChromeArcUtilTest); |
| 154 }; | 204 }; |
| 155 | 205 |
| 156 TEST_F(ChromeArcUtilTest, IsArcAllowedForProfile) { | 206 TEST_F(ChromeArcUtilTest, IsArcAllowedForProfile) { |
| 157 base::CommandLine::ForCurrentProcess()->InitFromArgv( | 207 base::CommandLine::ForCurrentProcess()->InitFromArgv( |
| 158 {"", "--arc-availability=officially-supported"}); | 208 {"", "--arc-availability=officially-supported"}); |
| 159 ScopedLogIn login(GetFakeUserManager(), | 209 ScopedLogIn login(GetFakeUserManager(), |
| 160 AccountId::FromUserEmailGaiaId( | 210 AccountId::FromUserEmailGaiaId( |
| 161 profile()->GetProfileUserName(), kTestGaiaId)); | 211 profile()->GetProfileUserName(), kTestGaiaId)); |
| (...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 467 profile()->GetTestingPrefService()->SetManagedPref( | 517 profile()->GetTestingPrefService()->SetManagedPref( |
| 468 prefs::kArcLocationServiceEnabled, base::MakeUnique<base::Value>(false)); | 518 prefs::kArcLocationServiceEnabled, base::MakeUnique<base::Value>(false)); |
| 469 EXPECT_FALSE(AreArcAllOptInPreferencesManagedForProfile(profile())); | 519 EXPECT_FALSE(AreArcAllOptInPreferencesManagedForProfile(profile())); |
| 470 | 520 |
| 471 // Both OptIn prefs are set to managed values, and the function returns true. | 521 // Both OptIn prefs are set to managed values, and the function returns true. |
| 472 profile()->GetTestingPrefService()->SetManagedPref( | 522 profile()->GetTestingPrefService()->SetManagedPref( |
| 473 prefs::kArcBackupRestoreEnabled, base::MakeUnique<base::Value>(false)); | 523 prefs::kArcBackupRestoreEnabled, base::MakeUnique<base::Value>(false)); |
| 474 EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile())); | 524 EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile())); |
| 475 } | 525 } |
| 476 | 526 |
| 527 TEST_F(ChromeArcUtilTest, IsMigrationAllowedDeviceOwned) { | |
|
bartfab (slow)
2017/06/12 12:49:04
Nit: What do you mean by "DeviceOwned"? Should thi
igorcov
2017/06/12 16:50:10
Done.
| |
| 528 ResetArcMigrationAllowedForTesting(); | |
| 529 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
|
bartfab (slow)
2017/06/12 12:49:04
Nit: const pointer.
igorcov
2017/06/12 16:50:10
const not accepted by the compiler here.
bartfab (slow)
2017/06/13 09:56:01
Are you sure you were trying to make it a const po
igorcov
2017/06/16 11:13:03
I'm sorry, I guess C++ syntax is not that intuitiv
| |
| 530 command_line->InitFromArgv({"", "--need-arc-migration-policy-check", | |
| 531 "--arc-availability=officially-supported"}); | |
| 532 SetDeviceIsEnterpriseManaged(false); | |
| 533 ScopedLogIn login(GetFakeUserManager(), | |
| 534 AccountId::FromUserEmailGaiaId( | |
| 535 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 536 EXPECT_TRUE(IsArcAllowedForProfile(profile())); | |
| 537 } | |
| 538 | |
| 539 TEST_F(ChromeArcUtilTest, IsMigrationAllowedNoPolicy) { | |
| 540 ResetArcMigrationAllowedForTesting(); | |
| 541 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 542 command_line->InitFromArgv({"", "--need-arc-migration-policy-check", | |
| 543 "--arc-availability=officially-supported"}); | |
| 544 SetDeviceIsEnterpriseManaged(true); | |
| 545 ScopedLogIn login(GetFakeUserManager(), | |
| 546 AccountId::FromUserEmailGaiaId( | |
| 547 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 548 | |
| 549 EXPECT_FALSE(IsArcAllowedForProfile(profile())); | |
| 550 } | |
| 551 | |
| 552 TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyAllowed) { | |
| 553 ResetArcMigrationAllowedForTesting(); | |
| 554 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 555 command_line->InitFromArgv({"", "--need-arc-migration-policy-check", | |
| 556 "--arc-availability=officially-supported"}); | |
| 557 SetDeviceIsEnterpriseManaged(true); | |
| 558 FakeUserManagerWithLocalState* fake_user_manager = | |
|
bartfab (slow)
2017/06/12 12:49:04
Nit: const pointer
igorcov
2017/06/12 16:50:10
Compiler complains.
igorcov
2017/06/16 11:13:03
Const-ed this too.
| |
| 559 GetFakeUserManagerWithLocalState(); | |
| 560 PrefServiceFactory pref_service_factory; | |
| 561 scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore()); | |
| 562 scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore()); | |
| 563 managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 564 kMigrationAllowedPolicyEnabled); | |
| 565 pref_service_factory.set_managed_prefs(managed_pref_store.get()); | |
| 566 pref_service_factory.set_user_prefs(user_pref_store.get()); | |
| 567 scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple()); | |
| 568 registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 569 kMigrationAllowedPolicyUnset); | |
| 570 std::unique_ptr<PrefService> pref_service( | |
| 571 pref_service_factory.Create(registry.get())); | |
| 572 pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 573 kMigrationAllowedPolicyEnabled); | |
| 574 fake_user_manager->SetLocalState(pref_service.get()); | |
| 575 ScopedLogIn login(fake_user_manager, | |
| 576 AccountId::FromUserEmailGaiaId( | |
| 577 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 578 | |
| 579 EXPECT_TRUE(IsArcAllowedForProfile(profile())); | |
| 580 } | |
| 581 | |
| 582 TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyDisabled) { | |
|
bartfab (slow)
2017/06/12 12:49:04
Nit: There is a lot of copy & paste between these
igorcov
2017/06/12 16:50:10
Done.
| |
| 583 ResetArcMigrationAllowedForTesting(); | |
| 584 auto* command_line = base::CommandLine::ForCurrentProcess(); | |
| 585 command_line->InitFromArgv({"", "--need-arc-migration-policy-check", | |
| 586 "--arc-availability=officially-supported"}); | |
| 587 SetDeviceIsEnterpriseManaged(true); | |
| 588 FakeUserManagerWithLocalState* fake_user_manager = | |
| 589 GetFakeUserManagerWithLocalState(); | |
| 590 PrefServiceFactory pref_service_factory; | |
| 591 scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore()); | |
| 592 scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore()); | |
| 593 managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 594 kMigrationAllowedPolicyDisabled); | |
| 595 pref_service_factory.set_managed_prefs(managed_pref_store.get()); | |
| 596 pref_service_factory.set_user_prefs(user_pref_store.get()); | |
| 597 scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple()); | |
| 598 registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 599 kMigrationAllowedPolicyUnset); | |
| 600 std::unique_ptr<PrefService> pref_service( | |
| 601 pref_service_factory.Create(registry.get())); | |
| 602 pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy, | |
| 603 kMigrationAllowedPolicyDisabled); | |
| 604 fake_user_manager->SetLocalState(pref_service.get()); | |
| 605 ScopedLogIn login(fake_user_manager, | |
| 606 AccountId::FromUserEmailGaiaId( | |
| 607 profile()->GetProfileUserName(), kTestGaiaId)); | |
| 608 | |
| 609 EXPECT_FALSE(IsArcAllowedForProfile(profile())); | |
| 610 } | |
| 611 | |
| 477 } // namespace util | 612 } // namespace util |
| 478 } // namespace arc | 613 } // namespace arc |
| OLD | NEW |
