Move preference MACs to the protected preference stores.

chrome/browser/prefs/profile_pref_store_manager_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/prefs/profile_pref_store_manager.h"
 
 #include <vector>
 
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
 #include "base/files/file_enumerator.h"
 #include "base/files/scoped_temp_dir.h"
 #include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/prefs/json_pref_store.h"
 #include "base/prefs/persistent_pref_store.h"
 #include "base/prefs/pref_service.h"
 #include "base/prefs/pref_service_factory.h"
 #include "base/prefs/pref_store.h"
 #include "base/prefs/testing_pref_service.h"
 #include "base/run_loop.h"
 #include "base/strings/string_util.h"
 #include "base/values.h"
 #include "chrome/browser/prefs/mock_validation_delegate.h"
 #include "chrome/browser/prefs/pref_hash_filter.h"
+#include "chrome/browser/prefs/tracked/pref_service_hash_store_contents.h"
 #include "chrome/common/pref_names.h"
 #include "components/pref_registry/pref_registry_syncable.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace {
 
 class FirstEqualsPredicate {
  public:
   explicit FirstEqualsPredicate(const std::string& expected)
       : expected_(expected) {}
@@ skipping 107 matching lines @@
   bool WasResetRecorded() {
     base::PrefServiceFactory pref_service_factory;
     pref_service_factory.set_user_prefs(pref_store_);
 
     scoped_ptr<PrefService> pref_service(
         pref_service_factory.Create(profile_pref_registry_));
 
     return !ProfilePrefStoreManager::GetResetTime(pref_service.get()).is_null();
   }
 
+  void ClearResetRecorded() {
+    base::PrefServiceFactory pref_service_factory;
+    pref_service_factory.set_user_prefs(pref_store_);
+
+    scoped_ptr<PrefService> pref_service(
+        pref_service_factory.Create(profile_pref_registry_));
+
+    ProfilePrefStoreManager::ClearResetTime(pref_service.get());
+  }
+
   void InitializePrefs() {
     // According to the implementation of ProfilePrefStoreManager, this is
     // actually a SegregatedPrefStore backed by two underlying pref stores.
     scoped_refptr<PersistentPrefStore> pref_store =
         manager_->CreateProfilePrefStore(
             main_message_loop_.message_loop_proxy(),
             &mock_validation_delegate_);
     InitializePrefStore(pref_store);
     pref_store = NULL;
     base::RunLoop().RunUntilIdle();
   }
 
   void DestroyPrefStore() {
     if (pref_store_) {
+      ClearResetRecorded();
       // Force everything to be written to disk, triggering the PrefHashFilter
       // while our RegistryVerifier is watching.
       pref_store_->CommitPendingWrite();
       base::RunLoop().RunUntilIdle();
 
       pref_store_->RemoveObserver(&registry_verifier_);
       pref_store_ = NULL;
       // Nothing should have to happen on the background threads, but just in
       // case...
       base::RunLoop().RunUntilIdle();
@@ skipping 122 matching lines @@
   EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
             WasResetRecorded());
 
   ExpectValidationObserved(kTrackedAtomic);
   ExpectValidationObserved(kProtectedAtomic);
 }
 
 TEST_F(ProfilePrefStoreManagerTest, MigrateFromOneFile) {
   InitializeDeprecatedCombinedProfilePrefStore();
 
+  // The deprecated model stores hashes in local state.
+  ASSERT_TRUE(local_state_.GetUserPrefValue(

[gab, 2014/06/17 22:08:22]

Tests appear to be choking on this; as if there was an issue with the
legacy_hash_store_contents logic, but I don't see anything obvious.

[erikwright (departed), 2014/06/18 15:10:46]

Done.

+      PrefServiceHashStoreContents::kProfilePreferenceHashes));
+
   LoadExistingPrefs();
 
+  // After a first migration, the hashes were copied to the two user preference
+  // files but were not cleaned.
+  ASSERT_TRUE(local_state_.GetUserPrefValue(
+      PrefServiceHashStoreContents::kProfilePreferenceHashes));
+
+  ExpectStringValueEquals(kTrackedAtomic, kFoobar);
+  ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
+  EXPECT_FALSE(WasResetRecorded());
+
+  LoadExistingPrefs();
+
+  // In a subsequent launch, the local state hash store would be reset.
+  ASSERT_FALSE(local_state_.GetUserPrefValue(
+      PrefServiceHashStoreContents::kProfilePreferenceHashes));
+
   ExpectStringValueEquals(kTrackedAtomic, kFoobar);
   ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
   EXPECT_FALSE(WasResetRecorded());
 }
 
+TEST_F(ProfilePrefStoreManagerTest, MigrateWithTampering) {
+  InitializeDeprecatedCombinedProfilePrefStore();
+
+  ReplaceStringInPrefs(kFoobar, kBarfoo);
+  ReplaceStringInPrefs(kHelloWorld, kGoodbyeWorld);
+
+  // The deprecated model stores hashes in local state.
+  ASSERT_TRUE(local_state_.GetUserPrefValue(
+      PrefServiceHashStoreContents::kProfilePreferenceHashes));
+
+  LoadExistingPrefs();
+
+  // After a first migration, the hashes were copied to the two user preference
+  // files but were not cleaned.
+  ASSERT_TRUE(local_state_.GetUserPrefValue(
+      PrefServiceHashStoreContents::kProfilePreferenceHashes));
+
+  // kTrackedAtomic is unprotected and thus will be loaded as it appears on
+  // disk.
+  ExpectStringValueEquals(kTrackedAtomic, kBarfoo);
+
+  // If preference tracking is supported, the tampered value of kProtectedAtomic
+  // will be discarded at load time, leaving this preference undefined.
+  EXPECT_NE(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
+            pref_store_->GetValue(kProtectedAtomic, NULL));
+  EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
+            WasResetRecorded());
+
+  LoadExistingPrefs();
+
+  // In a subsequent launch, the local state hash store would be reset.
+  ASSERT_FALSE(local_state_.GetUserPrefValue(
+      PrefServiceHashStoreContents::kProfilePreferenceHashes));
+
+  ExpectStringValueEquals(kTrackedAtomic, kBarfoo);
+  EXPECT_FALSE(WasResetRecorded());
+}
+
 TEST_F(ProfilePrefStoreManagerTest, InitializePrefsFromMasterPrefs) {
   base::DictionaryValue master_prefs;
   master_prefs.Set(kTrackedAtomic, new base::StringValue(kFoobar));
   master_prefs.Set(kProtectedAtomic, new base::StringValue(kHelloWorld));
   EXPECT_TRUE(manager_->InitializePrefsFromMasterPrefs(master_prefs));
 
   LoadExistingPrefs();
 
   // Verify that InitializePrefsFromMasterPrefs correctly applied the MACs
   // necessary to authenticate these values.
@@ skipping 41 matching lines @@
   // It's protected now, so (if the platform supports it) any tampering should
   // lead to a reset.
   ReplaceStringInPrefs(kBarfoo, kFoobar);
   LoadExistingPrefs();
   EXPECT_NE(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
             pref_store_->GetValue(kUnprotectedPref, NULL));
   EXPECT_EQ(ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking,
             WasResetRecorded());
 }
 
+TEST_F(ProfilePrefStoreManagerTest, NewPrefWhenFirstProtecting) {
+  std::vector<PrefHashFilter::TrackedPreferenceMetadata>
+      original_configuration = configuration_;
+  for (std::vector<PrefHashFilter::TrackedPreferenceMetadata>::iterator it =
+           configuration_.begin();
+       it != configuration_.end();
+       ++it) {
+    it->enforcement_level = PrefHashFilter::NO_ENFORCEMENT;
+  }
+  ReloadConfiguration();
+
+  InitializePrefs();
+
+  ExpectValidationObserved(kTrackedAtomic);
+  ExpectValidationObserved(kProtectedAtomic);
+
+  LoadExistingPrefs();
+  ExpectStringValueEquals(kUnprotectedPref, kFoobar);
+
+  // Ensure everything is written out to disk.
+  DestroyPrefStore();
+
+  // Now introduce protection, including the never-before tracked "new_pref".
+  configuration_ = original_configuration;
+  PrefHashFilter::TrackedPreferenceMetadata new_protected = {
+      kExtraReportingId, kUnprotectedPref, PrefHashFilter::ENFORCE_ON_LOAD,
+      PrefHashFilter::TRACKING_STRATEGY_ATOMIC};
+  configuration_.push_back(new_protected);
+  ReloadConfiguration();
+
+  // And try loading with the new configuration.
+  LoadExistingPrefs();
+
+  // Since there was a valid super MAC we were able to extend the existing trust
+  // to the newly tracked & protected preference.
+  ExpectStringValueEquals(kUnprotectedPref, kFoobar);
+  EXPECT_FALSE(WasResetRecorded());
+}
+
 TEST_F(ProfilePrefStoreManagerTest, UnprotectedToProtectedWithoutTrust) {
   InitializePrefs();
 
   ExpectValidationObserved(kTrackedAtomic);
   ExpectValidationObserved(kProtectedAtomic);
 
   // Now update the configuration to protect it.
   PrefHashFilter::TrackedPreferenceMetadata new_protected = {
       kExtraReportingId, kUnprotectedPref, PrefHashFilter::ENFORCE_ON_LOAD,
       PrefHashFilter::TRACKING_STRATEGY_ATOMIC};
@@ skipping 47 matching lines @@
   LoadExistingPrefs();
   ExpectStringValueEquals(kProtectedAtomic, kHelloWorld);
 
   // Trigger the logic that migrates it back to the unprotected preferences
   // file.
   pref_store_->SetValue(kProtectedAtomic, new base::StringValue(kGoodbyeWorld));
   LoadExistingPrefs();
   ExpectStringValueEquals(kProtectedAtomic, kGoodbyeWorld);
   EXPECT_FALSE(WasResetRecorded());
 }