Policy implementation for encryptfs to ext4 migration strategy

chrome/browser/chromeos/arc/arc_util_unittest.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/chromeos/arc/arc_util.h"
 
 #include <memory>
 
 #include "base/command_line.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/sys_info.h"
 #include "base/test/scoped_command_line.h"
 #include "base/values.h"
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 #include "chrome/browser/chromeos/login/supervised/supervised_user_creation_flow.h"
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/chromeos/settings/install_attributes.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/testing_profile.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
+#include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
+#include "components/prefs/pref_service_factory.h"
 #include "components/prefs/testing_pref_service.h"
+#include "components/prefs/testing_pref_store.h"
 #include "components/signin/core/account_id/account_id.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "components/user_manager/known_user.h"
 #include "components/user_manager/user_manager.h"
 #include "components/user_manager/user_names.h"
 #include "content/public/test/test_browser_thread_bundle.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace arc {
 namespace util {
 
 namespace {
 
 constexpr char kTestProfileName[] = "user@gmail.com";
 constexpr char kTestGaiaId[] = "1234567890";
 
+// The constants matching the values from DeviceEcryptfsMigrationStrategy
+// policy.
+constexpr int kMigrationAllowedPolicyUnset = 0;
+constexpr int kMigrationAllowedPolicyDisabled = 1;
+constexpr int kMigrationAllowedPolicyEnabled = 2;
+
 class ScopedLogIn {
  public:
   ScopedLogIn(
       chromeos::FakeChromeUserManager* fake_user_manager,
       const AccountId& account_id,
       user_manager::UserType user_type = user_manager::USER_TYPE_REGULAR)
       : fake_user_manager_(fake_user_manager), account_id_(account_id) {
     switch (user_type) {
       case user_manager::USER_TYPE_REGULAR:  // fallthrough
       case user_manager::USER_TYPE_ACTIVE_DIRECTORY:
@@ skipping 29 matching lines @@
   }
 
   void LogOut() { fake_user_manager_->RemoveUserFromList(account_id_); }
 
   chromeos::FakeChromeUserManager* fake_user_manager_;
   const AccountId account_id_;
 
   DISALLOW_COPY_AND_ASSIGN(ScopedLogIn);
 };
 
+class FakeInstallAttributesManaged : public chromeos::InstallAttributes {
+ public:
+  FakeInstallAttributesManaged() : chromeos::InstallAttributes(nullptr) {
+    device_locked_ = true;
+  }
+
+  ~FakeInstallAttributesManaged() {
+    policy::BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting();
+  }
+
+  void SetIsManaged(bool is_managed) {
+    registration_mode_ = is_managed ? policy::DEVICE_MODE_ENTERPRISE
+                                    : policy::DEVICE_MODE_CONSUMER;
+  }
+};
+
 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager {
  public:
   FakeUserManagerWithLocalState()
       : test_local_state_(base::MakeUnique<TestingPrefServiceSimple>()) {
     RegisterPrefs(test_local_state_->registry());
   }
 
   PrefService* GetLocalState() const override {
+    if (local_state_)
+      return local_state_;
     return test_local_state_.get();
   }
 
+  void SetLocalState(PrefService* local_state) { local_state_ = local_state; }
+
  private:
   std::unique_ptr<TestingPrefServiceSimple> test_local_state_;
+  PrefService* local_state_ = nullptr;
 
   DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState);
 };
 
 }  // namespace
 
 class ChromeArcUtilTest : public testing::Test {
  public:
-  ChromeArcUtilTest() = default;
+  ChromeArcUtilTest() {
+    auto attributes = base::MakeUnique<FakeInstallAttributesManaged>();
+    attributes_ = attributes.get();
+    policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
+        attributes.release());
+  }
+
   ~ChromeArcUtilTest() override = default;
 
   void SetUp() override {
     command_line_ = base::MakeUnique<base::test::ScopedCommandLine>();
 
     user_manager_enabler_ =
         base::MakeUnique<chromeos::ScopedUserManagerEnabler>(
             new FakeUserManagerWithLocalState());
     chromeos::WallpaperManager::Initialize();
     profile_ = base::MakeUnique<TestingProfile>();
     profile_->set_profile_name(kTestProfileName);
   }
 
   void TearDown() override {
     profile_.reset();
     chromeos::WallpaperManager::Shutdown();
     user_manager_enabler_.reset();
     command_line_.reset();
   }
 
   TestingProfile* profile() { return profile_.get(); }
 
   chromeos::FakeChromeUserManager* GetFakeUserManager() const {
     return static_cast<chromeos::FakeChromeUserManager*>(
         user_manager::UserManager::Get());
   }
 
+  FakeUserManagerWithLocalState* GetFakeUserManagerWithLocalState() const {
+    return static_cast<FakeUserManagerWithLocalState*>(
+        user_manager::UserManager::Get());
+  }
+
+  void SetDeviceIsEnterpriseManaged(bool is_managed) {
+    attributes_->SetIsManaged(is_managed);
+  }
+
   void LogIn() {
     const auto account_id = AccountId::FromUserEmailGaiaId(
         profile()->GetProfileUserName(), kTestGaiaId);
     GetFakeUserManager()->AddUser(account_id);
     GetFakeUserManager()->LoginUser(account_id);
   }
 
+  void SetMigrationPolicy(bool migration_allowed) {
+    int pref_value = migration_allowed ? kMigrationAllowedPolicyEnabled

[bartfab (slow), 2017/06/13 09:56:02]

Nit: const

[igorcov, 2017/06/16 11:13:04]

Done.

+                                       : kMigrationAllowedPolicyDisabled;
+    auto* command_line = base::CommandLine::ForCurrentProcess();

[bartfab (slow), 2017/06/13 09:56:02]

Nit: const pointer

[igorcov, 2017/06/16 11:13:04]

Done.

+    command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                                "--arc-availability=officially-supported"});
+    SetDeviceIsEnterpriseManaged(true);
+    FakeUserManagerWithLocalState* fake_user_manager =
+        GetFakeUserManagerWithLocalState();
+    PrefServiceFactory pref_service_factory;
+    managed_pref_store_ =
+        scoped_refptr<TestingPrefStore>(new TestingPrefStore());
+    user_pref_store_ = scoped_refptr<TestingPrefStore>(new TestingPrefStore());
+    managed_pref_store_->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                                    pref_value);
+    pref_service_factory.set_managed_prefs(managed_pref_store_.get());
+    pref_service_factory.set_user_prefs(user_pref_store_.get());
+    scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple());
+    registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy,
+                                  kMigrationAllowedPolicyUnset);
+    pref_service_ = std::unique_ptr<PrefService>(
+        pref_service_factory.Create(registry.get()));
+    pref_service_->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                              pref_value);
+    fake_user_manager->SetLocalState(pref_service_.get());
+  }
+
  private:
   std::unique_ptr<base::test::ScopedCommandLine> command_line_;
   content::TestBrowserThreadBundle thread_bundle_;
   std::unique_ptr<chromeos::ScopedUserManagerEnabler> user_manager_enabler_;
   std::unique_ptr<TestingProfile> profile_;
+  FakeInstallAttributesManaged* attributes_;
+  scoped_refptr<TestingPrefStore> managed_pref_store_;
+  scoped_refptr<TestingPrefStore> user_pref_store_;
+  std::unique_ptr<PrefService> pref_service_;
 
   DISALLOW_COPY_AND_ASSIGN(ChromeArcUtilTest);
 };
 
 TEST_F(ChromeArcUtilTest, IsArcAllowedForProfile) {
   base::CommandLine::ForCurrentProcess()->InitFromArgv(
       {"", "--arc-availability=officially-supported"});
   ScopedLogIn login(GetFakeUserManager(),
                     AccountId::FromUserEmailGaiaId(
                         profile()->GetProfileUserName(), kTestGaiaId));
@@ skipping 305 matching lines @@
   profile()->GetTestingPrefService()->SetManagedPref(
       prefs::kArcLocationServiceEnabled, base::MakeUnique<base::Value>(false));
   EXPECT_FALSE(AreArcAllOptInPreferencesManagedForProfile(profile()));
 
   // Both OptIn prefs are set to managed values, and the function returns true.
   profile()->GetTestingPrefService()->SetManagedPref(
       prefs::kArcBackupRestoreEnabled, base::MakeUnique<base::Value>(false));
   EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile()));
 }
 
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedConsumerOwned) {
+  ResetArcMigrationAllowedForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged(false);
+  EXPECT_TRUE(IsArcMigrationAllowed());
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedNoPolicy) {
+  ResetArcMigrationAllowedForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--need-arc-migration-policy-check",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged(true);
+
+  EXPECT_FALSE(IsArcMigrationAllowed());
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyAllowed) {
+  ResetArcMigrationAllowedForTesting();
+  SetMigrationPolicy(true);
+
+  EXPECT_TRUE(IsArcMigrationAllowed());
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyDisabled) {
+  ResetArcMigrationAllowedForTesting();
+  SetMigrationPolicy(false);
+
+  EXPECT_FALSE(IsArcMigrationAllowed());
+}
+
 }  // namespace util
 }  // namespace arc