Chromium Code Reviews Chromium Code Reviews
Issue 374853002:
Providing more information on why certain users can't be added to multi-profile (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" | 5 #include "chrome/browser/chromeos/login/users/multi_profile_user_controller.h" |
| 6 | 6 |
| 7 #include "base/memory/scoped_ptr.h" | 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "base/run_loop.h" | 8 #include "base/run_loop.h" |
| 9 #include "base/strings/utf_string_conversions.h" | 9 #include "base/strings/utf_string_conversions.h" |
| 10 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" | 10 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" |
| (...skipping 17 matching lines...) Expand all Loading... | |
| 28 namespace chromeos { | 28 namespace chromeos { |
| 29 | 29 |
| 30 namespace { | 30 namespace { |
| 31 | 31 |
| 32 const char* kUsers[] = {"a@gmail.com", "b@gmail.com" }; | 32 const char* kUsers[] = {"a@gmail.com", "b@gmail.com" }; |
| 33 | 33 |
| 34 struct BehaviorTestCase { | 34 struct BehaviorTestCase { |
| 35 const char* primary; | 35 const char* primary; |
| 36 const char* secondary; | 36 const char* secondary; |
| 37 MultiProfileUserController::UserAllowedInSessionReason expected_allowed; | 37 MultiProfileUserController::UserAllowedInSessionReason expected_allowed; |
| 38 MultiProfileUserController::UserAllowedInSessionReason | |
|
James Cook
2014/08/12 20:08:30
I would reorder these two member variables. Then t
Roman Sorokin (ftl)
2014/08/13 09:11:52
Done.
| |
| 39 expected_primary_policy; | |
| 38 }; | 40 }; |
| 39 | 41 |
| 40 const BehaviorTestCase kBehaviorTestCases[] = { | 42 const BehaviorTestCase kBehaviorTestCases[] = { |
| 41 { | 43 { |
| 42 MultiProfileUserController::kBehaviorUnrestricted, | 44 MultiProfileUserController::kBehaviorUnrestricted, |
|
James Cook
2014/08/12 20:08:29
Is this the indentation "git cl format" uses? It l
Roman Sorokin (ftl)
2014/08/13 09:11:52
Yes, it is auto-formatter
On 2014/08/12 20:08:29,
| |
| 43 MultiProfileUserController::kBehaviorUnrestricted, | 45 MultiProfileUserController::kBehaviorUnrestricted, |
| 44 MultiProfileUserController::ALLOWED, | 46 MultiProfileUserController::ALLOWED, MultiProfileUserController::ALLOWED, |
| 45 }, | 47 }, |
| 46 { | 48 { |
| 47 MultiProfileUserController::kBehaviorUnrestricted, | 49 MultiProfileUserController::kBehaviorUnrestricted, |
| 48 MultiProfileUserController::kBehaviorPrimaryOnly, | 50 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 49 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, | 51 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, |
| 50 }, | 52 MultiProfileUserController::ALLOWED, |
| 51 { | 53 }, |
| 52 MultiProfileUserController::kBehaviorUnrestricted, | 54 { |
| 53 MultiProfileUserController::kBehaviorNotAllowed, | 55 MultiProfileUserController::kBehaviorUnrestricted, |
| 54 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, | 56 MultiProfileUserController::kBehaviorNotAllowed, |
| 55 }, | 57 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, |
| 56 { | 58 MultiProfileUserController::ALLOWED, |
| 57 MultiProfileUserController::kBehaviorPrimaryOnly, | 59 }, |
| 58 MultiProfileUserController::kBehaviorUnrestricted, | 60 { |
| 59 MultiProfileUserController::ALLOWED, | 61 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 60 }, | 62 MultiProfileUserController::kBehaviorUnrestricted, |
| 61 { | 63 MultiProfileUserController::ALLOWED, MultiProfileUserController::ALLOWED, |
| 62 MultiProfileUserController::kBehaviorPrimaryOnly, | 64 }, |
| 63 MultiProfileUserController::kBehaviorPrimaryOnly, | 65 { |
| 64 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, | 66 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 65 }, | 67 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 66 { | 68 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, |
| 67 MultiProfileUserController::kBehaviorPrimaryOnly, | 69 MultiProfileUserController::ALLOWED, |
| 68 MultiProfileUserController::kBehaviorNotAllowed, | 70 }, |
| 69 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, | 71 { |
| 70 }, | 72 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 71 { | 73 MultiProfileUserController::kBehaviorNotAllowed, |
| 72 MultiProfileUserController::kBehaviorNotAllowed, | 74 MultiProfileUserController::NOT_ALLOWED_POLICY_FORBIDS, |
| 73 MultiProfileUserController::kBehaviorUnrestricted, | 75 MultiProfileUserController::ALLOWED, |
| 74 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, | 76 }, |
| 75 }, | 77 { |
| 76 { | 78 MultiProfileUserController::kBehaviorNotAllowed, |
| 77 MultiProfileUserController::kBehaviorNotAllowed, | 79 MultiProfileUserController::kBehaviorUnrestricted, |
| 78 MultiProfileUserController::kBehaviorPrimaryOnly, | 80 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, |
| 79 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, | 81 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, |
| 80 }, | 82 }, |
| 81 { | 83 { |
| 82 MultiProfileUserController::kBehaviorNotAllowed, | 84 MultiProfileUserController::kBehaviorNotAllowed, |
| 83 MultiProfileUserController::kBehaviorNotAllowed, | 85 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 84 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, | 86 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, |
| 85 }, | 87 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, |
| 88 }, | |
| 89 { | |
| 90 MultiProfileUserController::kBehaviorNotAllowed, | |
| 91 MultiProfileUserController::kBehaviorNotAllowed, | |
| 92 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, | |
| 93 MultiProfileUserController::NOT_ALLOWED_PRIMARY_USER_POLICY_FORBIDS, | |
| 94 }, | |
| 86 }; | 95 }; |
| 87 | 96 |
| 88 // Weak ptr to PolicyCertVerifier - object is freed in test destructor once | 97 // Weak ptr to PolicyCertVerifier - object is freed in test destructor once |
| 89 // we've ensured the profile has been shut down. | 98 // we've ensured the profile has been shut down. |
| 90 policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL; | 99 policy::PolicyCertVerifier* g_policy_cert_verifier_for_factory = NULL; |
| 91 | 100 |
| 92 KeyedService* TestPolicyCertServiceFactory(content::BrowserContext* context) { | 101 KeyedService* TestPolicyCertServiceFactory(content::BrowserContext* context) { |
| 93 return policy::PolicyCertService::CreateForTesting( | 102 return policy::PolicyCertService::CreateForTesting( |
| 94 kUsers[0], g_policy_cert_verifier_for_factory, UserManager::Get()) | 103 kUsers[0], g_policy_cert_verifier_for_factory, UserManager::Get()) |
| 95 .release(); | 104 .release(); |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 209 MultiProfileUserController::kBehaviorUnrestricted, | 218 MultiProfileUserController::kBehaviorUnrestricted, |
| 210 MultiProfileUserController::kBehaviorPrimaryOnly, | 219 MultiProfileUserController::kBehaviorPrimaryOnly, |
| 211 MultiProfileUserController::kBehaviorNotAllowed, | 220 MultiProfileUserController::kBehaviorNotAllowed, |
| 212 }; | 221 }; |
| 213 for (size_t i = 0; i < arraysize(kTestCases); ++i) { | 222 for (size_t i = 0; i < arraysize(kTestCases); ++i) { |
| 214 SetCachedBehavior(0, kTestCases[i]); | 223 SetCachedBehavior(0, kTestCases[i]); |
| 215 MultiProfileUserController::UserAllowedInSessionReason reason; | 224 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 216 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)) | 225 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)) |
| 217 << "Case " << i; | 226 << "Case " << i; |
| 218 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason) << "Case " << i; | 227 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason) << "Case " << i; |
| 228 EXPECT_EQ(MultiProfileUserController::ALLOWED, | |
|
James Cook
2014/08/12 20:08:29
Likewise I would reorder all these, so you first t
Roman Sorokin (ftl)
2014/08/13 09:11:52
Done.
| |
| 229 MultiProfileUserController::GetPrimaryUserPolicy()) | |
| 230 << "Case " << i; | |
| 219 } | 231 } |
| 220 } | 232 } |
| 221 | 233 |
| 222 // Tests that invalid cache value would become the default "unrestricted". | 234 // Tests that invalid cache value would become the default "unrestricted". |
| 223 TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) { | 235 TEST_F(MultiProfileUserControllerTest, InvalidCacheBecomesDefault) { |
| 224 const char kBad[] = "some invalid value"; | 236 const char kBad[] = "some invalid value"; |
| 225 SetCachedBehavior(0, kBad); | 237 SetCachedBehavior(0, kBad); |
| 226 EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, | 238 EXPECT_EQ(MultiProfileUserController::kBehaviorUnrestricted, |
| 227 GetCachedBehavior(0)); | 239 GetCachedBehavior(0)); |
| 228 } | 240 } |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 268 // Tests cases before the second user login. | 280 // Tests cases before the second user login. |
| 269 TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) { | 281 TEST_F(MultiProfileUserControllerTest, IsSecondaryAllowed) { |
| 270 LoginUser(0); | 282 LoginUser(0); |
| 271 | 283 |
| 272 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { | 284 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { |
| 273 SetPrefBehavior(0, kBehaviorTestCases[i].primary); | 285 SetPrefBehavior(0, kBehaviorTestCases[i].primary); |
| 274 SetCachedBehavior(1, kBehaviorTestCases[i].secondary); | 286 SetCachedBehavior(1, kBehaviorTestCases[i].secondary); |
| 275 MultiProfileUserController::UserAllowedInSessionReason reason; | 287 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 276 controller()->IsUserAllowedInSession(kUsers[1], &reason); | 288 controller()->IsUserAllowedInSession(kUsers[1], &reason); |
| 277 EXPECT_EQ(kBehaviorTestCases[i].expected_allowed, reason) << "Case " << i; | 289 EXPECT_EQ(kBehaviorTestCases[i].expected_allowed, reason) << "Case " << i; |
| 290 EXPECT_EQ(kBehaviorTestCases[i].expected_primary_policy, | |
| 291 MultiProfileUserController::GetPrimaryUserPolicy()) | |
| 292 << "Case " << i; | |
| 278 } | 293 } |
| 279 } | 294 } |
| 280 | 295 |
| 281 // Tests user behavior changes within a two-user session. | 296 // Tests user behavior changes within a two-user session. |
| 282 TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) { | 297 TEST_F(MultiProfileUserControllerTest, PrimaryBehaviorChange) { |
| 283 LoginUser(0); | 298 LoginUser(0); |
| 284 LoginUser(1); | 299 LoginUser(1); |
| 285 | 300 |
| 286 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { | 301 for (size_t i = 0; i < arraysize(kBehaviorTestCases); ++i) { |
| 287 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); | 302 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); |
| (...skipping 29 matching lines...) Expand all Loading... | |
| 317 TEST_F(MultiProfileUserControllerTest, | 332 TEST_F(MultiProfileUserControllerTest, |
| 318 UsedPolicyCertificatesAllowedForPrimary) { | 333 UsedPolicyCertificatesAllowedForPrimary) { |
| 319 // Verifies that any user can sign-in as the primary user, regardless of the | 334 // Verifies that any user can sign-in as the primary user, regardless of the |
| 320 // tainted state. | 335 // tainted state. |
| 321 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); | 336 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[0]); |
| 322 MultiProfileUserController::UserAllowedInSessionReason reason; | 337 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 323 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); | 338 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[0], &reason)); |
| 324 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); | 339 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 325 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); | 340 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 326 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); | 341 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 342 EXPECT_EQ(MultiProfileUserController::ALLOWED, | |
| 343 MultiProfileUserController::GetPrimaryUserPolicy()); | |
| 327 } | 344 } |
| 328 | 345 |
| 329 TEST_F(MultiProfileUserControllerTest, | 346 TEST_F(MultiProfileUserControllerTest, |
| 330 UsedPolicyCertificatesDisallowedForSecondary) { | 347 UsedPolicyCertificatesDisallowedForSecondary) { |
| 331 // Verifies that if a regular user is signed-in then other regular users can | 348 // Verifies that if a regular user is signed-in then other regular users can |
| 332 // be added but tainted users can't. | 349 // be added but tainted users can't. |
| 333 LoginUser(1); | 350 LoginUser(1); |
| 334 | 351 |
| 335 // TODO(xiyuan): Remove the following SetPrefBehavor when default is | 352 // TODO(xiyuan): Remove the following SetPrefBehavor when default is |
| 336 // changed back to enabled. | 353 // changed back to enabled. |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 356 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); | 373 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); |
| 357 g_policy_cert_verifier_for_factory = cert_verifier_.get(); | 374 g_policy_cert_verifier_for_factory = cert_verifier_.get(); |
| 358 ASSERT_TRUE( | 375 ASSERT_TRUE( |
| 359 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( | 376 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( |
| 360 profile(0), TestPolicyCertServiceFactory)); | 377 profile(0), TestPolicyCertServiceFactory)); |
| 361 | 378 |
| 362 MultiProfileUserController::UserAllowedInSessionReason reason; | 379 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 363 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); | 380 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 364 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | 381 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, |
| 365 reason); | 382 reason); |
| 383 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | |
| 384 MultiProfileUserController::GetPrimaryUserPolicy()); | |
| 366 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]); | 385 policy::PolicyCertServiceFactory::SetUsedPolicyCertificates(kUsers[1]); |
| 367 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); | 386 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 368 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, | 387 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_POLICY_CERT_TAINTED, |
| 369 reason); | 388 reason); |
| 389 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | |
| 390 MultiProfileUserController::GetPrimaryUserPolicy()); | |
| 370 | 391 |
| 371 // Flush tasks posted to IO. | 392 // Flush tasks posted to IO. |
| 372 base::RunLoop().RunUntilIdle(); | 393 base::RunLoop().RunUntilIdle(); |
| 373 } | 394 } |
| 374 | 395 |
| 375 TEST_F(MultiProfileUserControllerTest, | 396 TEST_F(MultiProfileUserControllerTest, |
| 376 PolicyCertificatesInMemoryDisallowsSecondaries) { | 397 PolicyCertificatesInMemoryDisallowsSecondaries) { |
| 377 // Verifies that if a user is signed-in and has policy certificates installed | 398 // Verifies that if a user is signed-in and has policy certificates installed |
| 378 // then no other users can be added. | 399 // then no other users can be added. |
| 379 LoginUser(0); | 400 LoginUser(0); |
| 380 | 401 |
| 381 // TODO(xiyuan): Remove the following SetPrefBehavor when default is | 402 // TODO(xiyuan): Remove the following SetPrefBehavor when default is |
| 382 // changed back to enabled. | 403 // changed back to enabled. |
| 383 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); | 404 SetPrefBehavior(0, MultiProfileUserController::kBehaviorUnrestricted); |
| 384 | 405 |
| 385 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); | 406 cert_verifier_.reset(new policy::PolicyCertVerifier(base::Closure())); |
| 386 g_policy_cert_verifier_for_factory = cert_verifier_.get(); | 407 g_policy_cert_verifier_for_factory = cert_verifier_.get(); |
| 387 ASSERT_TRUE( | 408 ASSERT_TRUE( |
| 388 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( | 409 policy::PolicyCertServiceFactory::GetInstance()->SetTestingFactoryAndUse( |
| 389 profile(0), TestPolicyCertServiceFactory)); | 410 profile(0), TestPolicyCertServiceFactory)); |
| 390 policy::PolicyCertService* service = | 411 policy::PolicyCertService* service = |
| 391 policy::PolicyCertServiceFactory::GetForProfile(profile(0)); | 412 policy::PolicyCertServiceFactory::GetForProfile(profile(0)); |
| 392 ASSERT_TRUE(service); | 413 ASSERT_TRUE(service); |
| 393 | 414 |
| 394 EXPECT_FALSE(service->has_policy_certificates()); | 415 EXPECT_FALSE(service->has_policy_certificates()); |
| 395 MultiProfileUserController::UserAllowedInSessionReason reason; | 416 MultiProfileUserController::UserAllowedInSessionReason reason; |
| 396 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); | 417 EXPECT_TRUE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 397 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); | 418 EXPECT_EQ(MultiProfileUserController::ALLOWED, reason); |
| 419 EXPECT_EQ(MultiProfileUserController::ALLOWED, | |
| 420 MultiProfileUserController::GetPrimaryUserPolicy()); | |
| 398 | 421 |
| 399 net::CertificateList certificates; | 422 net::CertificateList certificates; |
| 400 certificates.push_back(new net::X509Certificate( | 423 certificates.push_back(new net::X509Certificate( |
| 401 "subject", "issuer", base::Time(), base::Time())); | 424 "subject", "issuer", base::Time(), base::Time())); |
| 402 service->OnTrustAnchorsChanged(certificates); | 425 service->OnTrustAnchorsChanged(certificates); |
| 403 EXPECT_TRUE(service->has_policy_certificates()); | 426 EXPECT_TRUE(service->has_policy_certificates()); |
| 404 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); | 427 EXPECT_FALSE(controller()->IsUserAllowedInSession(kUsers[1], &reason)); |
| 405 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | 428 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, |
| 406 reason); | 429 reason); |
| 430 EXPECT_EQ(MultiProfileUserController::NOT_ALLOWED_PRIMARY_POLICY_CERT_TAINTED, | |
| 431 MultiProfileUserController::GetPrimaryUserPolicy()); | |
| 407 | 432 |
| 408 // Flush tasks posted to IO. | 433 // Flush tasks posted to IO. |
| 409 base::RunLoop().RunUntilIdle(); | 434 base::RunLoop().RunUntilIdle(); |
| 410 } | 435 } |
| 411 | 436 |
| 412 } // namespace chromeos | 437 } // namespace chromeos |
| OLD | NEW |
