Policy implementation for encryptfs to ext4 migration strategy

chrome/browser/chromeos/arc/arc_util_unittest.cc

Index: chrome/browser/chromeos/arc/arc_util_unittest.cc
diff --git a/chrome/browser/chromeos/arc/arc_util_unittest.cc b/chrome/browser/chromeos/arc/arc_util_unittest.cc
index 92daee101c29c72f2f400ee6dac39c9d3462f048..0e1a8ee9028be102118c624925417a5be78977fe 100644
--- a/chrome/browser/chromeos/arc/arc_util_unittest.cc
+++ b/chrome/browser/chromeos/arc/arc_util_unittest.cc
@@ -17,12 +17,17 @@
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
 #include "chrome/browser/chromeos/login/users/scoped_user_manager_enabler.h"
 #include "chrome/browser/chromeos/login/users/wallpaper/wallpaper_manager.h"
+#include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/chromeos/settings/install_attributes.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/common/pref_names.h"
 #include "chrome/test/base/testing_profile.h"
+#include "components/prefs/pref_registry_simple.h"
 #include "components/prefs/pref_service.h"
+#include "components/prefs/pref_service_factory.h"
 #include "components/prefs/testing_pref_service.h"
+#include "components/prefs/testing_pref_store.h"
 #include "components/signin/core/account_id/account_id.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "components/user_manager/known_user.h"
@@ -39,6 +44,12 @@ namespace {
 constexpr char kTestProfileName[] = "user@gmail.com";
 constexpr char kTestGaiaId[] = "1234567890";
 
+// The constants matching the values from DeviceEcryptfsMigrationStrategy
+// policy.
+constexpr int kMigrationAllowedPolicyUnset = 0;
+constexpr int kMigrationAllowedPolicyDisabled = 1;
+constexpr int kMigrationAllowedPolicyEnabled = 2;
+
 class ScopedLogIn {
  public:
   ScopedLogIn(
@@ -88,6 +99,18 @@ class ScopedLogIn {
   DISALLOW_COPY_AND_ASSIGN(ScopedLogIn);
 };
 
+class FakeInstallAttributesManaged : public chromeos::InstallAttributes {
+ public:
+  FakeInstallAttributesManaged() : chromeos::InstallAttributes(nullptr) {
+    device_locked_ = true;
+    registration_mode_ = policy::DEVICE_MODE_ENTERPRISE;
+  }
+
+  ~FakeInstallAttributesManaged() {
+    policy::BrowserPolicyConnectorChromeOS::RemoveInstallAttributesForTesting();
+  }
+};
+
 class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager {
  public:
   FakeUserManagerWithLocalState()
@@ -96,11 +119,19 @@ class FakeUserManagerWithLocalState : public chromeos::FakeChromeUserManager {
   }
 
   PrefService* GetLocalState() const override {
-    return test_local_state_.get();
+    if (pref_service_)
+      return pref_service_;
+    else
+      return test_local_state_.get();
+  }
+
+  void SetLocalState(PrefService* pref_service) {
+    pref_service_ = pref_service;
   }
 
  private:
   std::unique_ptr<TestingPrefServiceSimple> test_local_state_;
+  PrefService* pref_service_ = nullptr;
 
   DISALLOW_COPY_AND_ASSIGN(FakeUserManagerWithLocalState);
 };
@@ -137,6 +168,19 @@ class ChromeArcUtilTest : public testing::Test {
         user_manager::UserManager::Get());
   }
 
+  FakeUserManagerWithLocalState* GetFakeUserManagerWithLocalState() const {
+    return static_cast<FakeUserManagerWithLocalState*>(
+        user_manager::UserManager::Get());
+  }
+
+  void SetDeviceIsEnterpriseManaged() {
+    // Set up fake install attributes.
+    std::unique_ptr<FakeInstallAttributesManaged> attributes =
+        base::MakeUnique<FakeInstallAttributesManaged>();
+    policy::BrowserPolicyConnectorChromeOS::SetInstallAttributesForTesting(
+        attributes.release());
+  }
+
   void LogIn() {
     const auto account_id = AccountId::FromUserEmailGaiaId(
         profile()->GetProfileUserName(), kTestGaiaId);
@@ -474,5 +518,99 @@ TEST_F(ChromeArcUtilTest, AreArcAllOptInPreferencesManagedForProfile) {
   EXPECT_TRUE(AreArcAllOptInPreferencesManagedForProfile(profile()));
 }
 
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedDeviceOwned) {

[hidehiko, 2017/06/07 12:22:21]

Nice test coverage!

[igorcov, 2017/06/08 10:42:25]

Thanks.

+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--initial-encryption-ecryptfs",
+                              "--arc-availability=officially-supported"});
+  ScopedLogIn login(GetFakeUserManager(),
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+  EXPECT_TRUE(IsArcAllowedForProfile(profile()));
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedNoPolicy) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--initial-encryption-ecryptfs",
+                              "--arc-availability=officially-supported"});
+  SetDeviceIsEnterpriseManaged();
+
+  ScopedLogIn login(GetFakeUserManager(),
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+  EXPECT_FALSE(IsArcAllowedForProfile(profile()));
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyAllowed) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--initial-encryption-ecryptfs",
+                              "--arc-availability=officially-supported"});
+
+  SetDeviceIsEnterpriseManaged();
+
+  FakeUserManagerWithLocalState* fake_user_manager =
+      GetFakeUserManagerWithLocalState();
+
+  PrefServiceFactory pref_service_factory;
+  scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore);

[hidehiko, 2017/06/07 12:22:20]

nit/style: Please use "new T()", instead of "new T".
cf) 2. of
https://www.chromium.org/developers/coding-style/cpp-dos-and-donts#TOC-Prefer...

[igorcov, 2017/06/08 10:42:26]

Done.

+  scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore);
+  managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                                 kMigrationAllowedPolicyEnabled);
+  pref_service_factory.set_managed_prefs(managed_pref_store.get());
+  pref_service_factory.set_user_prefs(user_pref_store.get());
+  scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple);
+  registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy,
+                                kMigrationAllowedPolicyUnset);
+  std::unique_ptr<PrefService> pref_service(
+      pref_service_factory.Create(registry.get()));
+  pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                           kMigrationAllowedPolicyEnabled);
+
+  fake_user_manager->SetLocalState(pref_service.get());
+
+  ScopedLogIn login(fake_user_manager,
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+
+  EXPECT_TRUE(IsArcAllowedForProfile(profile()));
+}
+
+TEST_F(ChromeArcUtilTest, IsMigrationAllowedPolicyDisabled) {
+  ResetGlobalDataForTesting();
+  auto* command_line = base::CommandLine::ForCurrentProcess();
+  command_line->InitFromArgv({"", "--initial-encryption-ecryptfs",
+                              "--arc-availability=officially-supported"});
+
+  SetDeviceIsEnterpriseManaged();
+
+  FakeUserManagerWithLocalState* fake_user_manager =
+      GetFakeUserManagerWithLocalState();
+
+  PrefServiceFactory pref_service_factory;
+  scoped_refptr<TestingPrefStore> managed_pref_store(new TestingPrefStore);
+  scoped_refptr<TestingPrefStore> user_pref_store(new TestingPrefStore);
+  managed_pref_store->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                                 kMigrationAllowedPolicyDisabled);
+  pref_service_factory.set_managed_prefs(managed_pref_store.get());
+  pref_service_factory.set_user_prefs(user_pref_store.get());
+  scoped_refptr<PrefRegistrySimple> registry(new PrefRegistrySimple);
+  registry->RegisterIntegerPref(prefs::kDeviceEcryptfsMigrationStrategy,
+                                kMigrationAllowedPolicyUnset);
+  std::unique_ptr<PrefService> pref_service(
+      pref_service_factory.Create(registry.get()));
+  pref_service->SetInteger(prefs::kDeviceEcryptfsMigrationStrategy,
+                           kMigrationAllowedPolicyDisabled);
+
+  fake_user_manager->SetLocalState(pref_service.get());
+
+  ScopedLogIn login(fake_user_manager,
+                    AccountId::FromUserEmailGaiaId(
+                        profile()->GetProfileUserName(), kTestGaiaId));
+
+  EXPECT_FALSE(IsArcAllowedForProfile(profile()));
+}
+
 }  // namespace util
 }  // namespace arc