Chromium Code Reviews Chromium Code Reviews
Issue 711433002:
Enable device disabling during normal operation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@f_4_425574_add_device_disabling_manager| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/chromeos/system/device_disabling_manager.h" | 5 #include "chrome/browser/chromeos/system/device_disabling_manager.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/ref_counted.h" |
| 11 #include "base/prefs/scoped_user_pref_update.h" | 11 #include "base/prefs/scoped_user_pref_update.h" |
| 12 #include "base/prefs/testing_pref_service.h" | 12 #include "base/prefs/testing_pref_service.h" |
| 13 #include "base/run_loop.h" | 13 #include "base/run_loop.h" |
| 14 #include "chrome/browser/browser_process_platform_part.h" | 14 #include "chrome/browser/browser_process_platform_part.h" |
| 15 #include "chrome/browser/chromeos/login/users/fake_user_manager.h" | |
| 15 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" | 16 #include "chrome/browser/chromeos/policy/browser_policy_connector_chromeos.h" |
| 16 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" | 17 #include "chrome/browser/chromeos/policy/device_cloud_policy_manager_chromeos.h" |
| 18 #include "chrome/browser/chromeos/policy/device_policy_builder.h" | |
| 17 #include "chrome/browser/chromeos/policy/server_backed_device_state.h" | 19 #include "chrome/browser/chromeos/policy/server_backed_device_state.h" |
| 18 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" | 20 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h" |
| 21 #include "chrome/browser/chromeos/settings/device_settings_service.h" | |
| 22 #include "chrome/browser/chromeos/settings/device_settings_test_helper.h" | |
| 19 #include "chrome/common/pref_names.h" | 23 #include "chrome/common/pref_names.h" |
| 20 #include "chrome/test/base/testing_browser_process.h" | 24 #include "chrome/test/base/testing_browser_process.h" |
| 21 #include "chromeos/chromeos_switches.h" | 25 #include "chromeos/chromeos_switches.h" |
| 26 #include "components/ownership/mock_owner_key_util.h" | |
| 22 #include "components/policy/core/common/cloud/cloud_policy_constants.h" | 27 #include "components/policy/core/common/cloud/cloud_policy_constants.h" |
| 28 #include "content/public/test/test_browser_thread_bundle.h" | |
| 29 #include "policy/proto/device_management_backend.pb.h" | |
| 30 #include "testing/gmock/include/gmock/gmock.h" | |
| 23 #include "testing/gtest/include/gtest/gtest.h" | 31 #include "testing/gtest/include/gtest/gtest.h" |
| 24 | 32 |
| 33 using testing::_; | |
| 34 using testing::Mock; | |
| 35 | |
| 25 namespace chromeos { | 36 namespace chromeos { |
| 26 namespace system { | 37 namespace system { |
| 27 | 38 |
| 28 namespace { | 39 namespace { |
| 29 | 40 |
| 30 const char kDisabledMessage[] = "Device disabled."; | 41 const char kTestUser[] = "user@example.com"; |
| 42 const char kDisabledMessage1[] = "Device disabled 1."; | |
| 43 const char kDisabledMessage2[] = "Device disabled 2."; | |
| 31 | 44 |
| 32 } | 45 } |
| 33 | 46 |
| 34 class DeviceDisablingManagerTest : public testing::Test { | 47 class DeviceDisablingManagerTestBase : public testing::Test, |
| 48 public DeviceDisablingManager::Delegate { | |
| 35 public: | 49 public: |
| 36 DeviceDisablingManagerTest(); | 50 DeviceDisablingManagerTestBase(); |
| 37 | 51 |
| 38 // testing::Test: | 52 // testing::Test: |
| 53 void TearDown() override; | |
| 54 | |
| 55 virtual void CreateDeviceDisablingManager(); | |
| 56 virtual void DestroyDeviceDisablingManager(); | |
| 57 | |
| 58 void SetRegistrationUser(const std::string& registration_user); | |
| 59 void SetDeviceMode(policy::DeviceMode device_mode); | |
| 60 void LogIn(); | |
| 61 | |
| 62 // DeviceDisablingManager::Delegate: | |
| 63 MOCK_METHOD0(RestartToLoginScreen, void()); | |
| 64 MOCK_METHOD0(ShowDeviceDisabledScreen, void()); | |
| 65 | |
| 66 const std::string& GetDisabledMessage() const; | |
|
achuithb
2014/11/07 00:15:17
Why special case this since you're providing acces
bartfab (slow)
2014/11/07 10:11:37
Removed.
| |
| 67 | |
| 68 protected: | |
| 69 scoped_ptr<DeviceDisablingManager> device_disabling_manager_; | |
|
achuithb
2014/11/07 00:15:17
Might be nicer to provide a pointer to subclasses
bartfab (slow)
2014/11/07 10:11:37
Done.
| |
| 70 | |
| 71 private: | |
| 72 policy::ScopedStubEnterpriseInstallAttributes install_attributes_; | |
| 73 chromeos::ScopedTestDeviceSettingsService test_device_settings_service_; | |
| 74 chromeos::ScopedTestCrosSettings test_cros_settings_; | |
| 75 FakeUserManager fake_user_manager_; | |
| 76 | |
| 77 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTestBase); | |
| 78 }; | |
| 79 | |
| 80 DeviceDisablingManagerTestBase::DeviceDisablingManagerTestBase() | |
| 81 : install_attributes_("", "", "", policy::DEVICE_MODE_NOT_SET) { | |
| 82 } | |
| 83 | |
| 84 void DeviceDisablingManagerTestBase::TearDown() { | |
| 85 DestroyDeviceDisablingManager(); | |
| 86 } | |
| 87 | |
| 88 void DeviceDisablingManagerTestBase::CreateDeviceDisablingManager() { | |
| 89 device_disabling_manager_.reset(new DeviceDisablingManager( | |
| 90 this, | |
| 91 CrosSettings::Get(), | |
| 92 &fake_user_manager_)); | |
| 93 } | |
| 94 | |
| 95 void DeviceDisablingManagerTestBase::DestroyDeviceDisablingManager() { | |
| 96 device_disabling_manager_.reset(); | |
| 97 } | |
| 98 | |
| 99 void DeviceDisablingManagerTestBase::SetRegistrationUser( | |
| 100 const std::string& registration_user) { | |
| 101 reinterpret_cast<policy::StubEnterpriseInstallAttributes*>( | |
| 102 TestingBrowserProcess::GetGlobal()->platform_part()-> | |
| 103 browser_policy_connector_chromeos()->GetInstallAttributes())-> | |
| 104 SetRegistrationUser(registration_user); | |
| 105 } | |
| 106 | |
| 107 void DeviceDisablingManagerTestBase::SetDeviceMode( | |
| 108 policy::DeviceMode device_mode) { | |
| 109 reinterpret_cast<policy::StubEnterpriseInstallAttributes*>( | |
| 110 TestingBrowserProcess::GetGlobal()->platform_part()-> | |
| 111 browser_policy_connector_chromeos()->GetInstallAttributes())-> | |
| 112 SetMode(device_mode); | |
| 113 } | |
| 114 | |
| 115 void DeviceDisablingManagerTestBase::LogIn() { | |
| 116 fake_user_manager_.AddUser(kTestUser); | |
| 117 } | |
| 118 | |
| 119 const std::string& DeviceDisablingManagerTestBase::GetDisabledMessage() const { | |
| 120 return device_disabling_manager_->disabled_message(); | |
| 121 } | |
| 122 | |
| 123 // Base class for tests that verify device disabling behavior during OOBE, when | |
| 124 // the device is not owned yet. | |
| 125 class DeviceDisablingManagerOOBETest : public DeviceDisablingManagerTestBase { | |
| 126 public: | |
| 127 DeviceDisablingManagerOOBETest(); | |
| 128 | |
| 129 // DeviceDisablingManagerTestBase: | |
| 39 void SetUp() override; | 130 void SetUp() override; |
| 40 void TearDown() override; | 131 void TearDown() override; |
| 41 | 132 |
| 42 bool device_disabled() const { return device_disabled_; } | 133 bool device_disabled() const { return device_disabled_; } |
| 43 const std::string& GetDisabledMessage() const; | |
| 44 | 134 |
| 45 void CheckWhetherDeviceDisabledDuringOOBE(); | 135 void CheckWhetherDeviceDisabledDuringOOBE(); |
| 46 | 136 |
| 47 void SetDeviceDisabled(bool disabled); | 137 void SetDeviceDisabled(bool disabled); |
| 48 void SetDeviceMode(policy::DeviceMode device_mode); | |
| 49 | 138 |
| 50 private: | 139 private: |
| 51 void OnDeviceDisabledChecked(bool device_disabled); | 140 void OnDeviceDisabledChecked(bool device_disabled); |
| 52 | 141 |
| 53 policy::ScopedStubEnterpriseInstallAttributes install_attributes_; | |
| 54 TestingPrefServiceSimple local_state_; | 142 TestingPrefServiceSimple local_state_; |
| 55 | 143 |
| 56 scoped_ptr<DeviceDisablingManager> device_disabling_manager_; | |
| 57 | |
| 58 base::RunLoop run_loop_; | 144 base::RunLoop run_loop_; |
| 59 bool device_disabled_; | 145 bool device_disabled_; |
| 60 | 146 |
| 61 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTest); | 147 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerOOBETest); |
| 62 }; | 148 }; |
| 63 | 149 |
| 64 DeviceDisablingManagerTest::DeviceDisablingManagerTest() | 150 DeviceDisablingManagerOOBETest::DeviceDisablingManagerOOBETest() |
| 65 : install_attributes_("", "", "", policy::DEVICE_MODE_NOT_SET), | 151 : device_disabled_(false) { |
| 66 device_disabled_(false) { | 152 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); |
| 153 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 67 } | 154 } |
| 68 | 155 |
| 69 void DeviceDisablingManagerTest::SetUp() { | 156 void DeviceDisablingManagerOOBETest::SetUp() { |
| 70 TestingBrowserProcess::GetGlobal()->SetLocalState(&local_state_); | 157 TestingBrowserProcess::GetGlobal()->SetLocalState(&local_state_); |
| 71 policy::DeviceCloudPolicyManagerChromeOS::RegisterPrefs( | 158 policy::DeviceCloudPolicyManagerChromeOS::RegisterPrefs( |
| 72 local_state_.registry()); | 159 local_state_.registry()); |
| 73 | 160 CreateDeviceDisablingManager(); |
| 74 device_disabling_manager_.reset(new DeviceDisablingManager( | |
| 75 TestingBrowserProcess::GetGlobal()->platform_part()-> | |
| 76 browser_policy_connector_chromeos())); | |
| 77 } | 161 } |
| 78 | 162 |
| 79 void DeviceDisablingManagerTest::TearDown() { | 163 void DeviceDisablingManagerOOBETest::TearDown() { |
| 164 DeviceDisablingManagerTestBase::TearDown(); | |
| 80 TestingBrowserProcess::GetGlobal()->SetLocalState(nullptr); | 165 TestingBrowserProcess::GetGlobal()->SetLocalState(nullptr); |
| 81 } | 166 } |
| 82 | 167 |
| 83 const std::string& DeviceDisablingManagerTest::GetDisabledMessage() const { | 168 void DeviceDisablingManagerOOBETest::CheckWhetherDeviceDisabledDuringOOBE() { |
| 84 return device_disabling_manager_->disabled_message(); | |
| 85 | |
| 86 } | |
| 87 | |
| 88 void DeviceDisablingManagerTest::CheckWhetherDeviceDisabledDuringOOBE() { | |
| 89 device_disabling_manager_->CheckWhetherDeviceDisabledDuringOOBE( | 169 device_disabling_manager_->CheckWhetherDeviceDisabledDuringOOBE( |
| 90 base::Bind(&DeviceDisablingManagerTest::OnDeviceDisabledChecked, | 170 base::Bind(&DeviceDisablingManagerOOBETest::OnDeviceDisabledChecked, |
| 91 base::Unretained(this))); | 171 base::Unretained(this))); |
| 92 run_loop_.Run(); | 172 run_loop_.Run(); |
| 93 } | 173 } |
| 94 | 174 |
| 95 void DeviceDisablingManagerTest::SetDeviceDisabled(bool disabled) { | 175 void DeviceDisablingManagerOOBETest::SetDeviceDisabled(bool disabled) { |
| 96 DictionaryPrefUpdate dict(&local_state_, prefs::kServerBackedDeviceState); | 176 DictionaryPrefUpdate dict(&local_state_, prefs::kServerBackedDeviceState); |
| 97 if (disabled) { | 177 if (disabled) { |
| 98 dict->SetString(policy::kDeviceStateRestoreMode, | 178 dict->SetString(policy::kDeviceStateRestoreMode, |
| 99 policy::kDeviceStateRestoreModeDisabled); | 179 policy::kDeviceStateRestoreModeDisabled); |
| 100 } else { | 180 } else { |
| 101 dict->Remove(policy::kDeviceStateRestoreMode, nullptr); | 181 dict->Remove(policy::kDeviceStateRestoreMode, nullptr); |
| 102 } | 182 } |
| 103 dict->SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage); | 183 dict->SetString(policy::kDeviceStateDisabledMessage, kDisabledMessage1); |
| 104 } | 184 } |
| 105 | 185 |
| 106 void DeviceDisablingManagerTest::SetDeviceMode(policy::DeviceMode device_mode) { | 186 void DeviceDisablingManagerOOBETest::OnDeviceDisabledChecked( |
| 107 reinterpret_cast<policy::StubEnterpriseInstallAttributes*>( | 187 bool device_disabled) { |
| 108 TestingBrowserProcess::GetGlobal()->platform_part()-> | |
| 109 browser_policy_connector_chromeos()->GetInstallAttributes())-> | |
| 110 SetMode(device_mode); | |
| 111 } | |
| 112 | |
| 113 void DeviceDisablingManagerTest::OnDeviceDisabledChecked(bool device_disabled) { | |
| 114 device_disabled_ = device_disabled; | 188 device_disabled_ = device_disabled; |
| 115 run_loop_.Quit(); | 189 run_loop_.Quit(); |
| 116 } | 190 } |
| 117 | 191 |
| 118 // Verifies that the device is not considered disabled during OOBE by default. | 192 // Verifies that the device is not considered disabled during OOBE by default. |
| 119 TEST_F(DeviceDisablingManagerTest, NotDisabledByDefault) { | 193 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledByDefault) { |
| 120 CheckWhetherDeviceDisabledDuringOOBE(); | 194 CheckWhetherDeviceDisabledDuringOOBE(); |
| 121 EXPECT_FALSE(device_disabled()); | 195 EXPECT_FALSE(device_disabled()); |
| 122 } | 196 } |
| 123 | 197 |
| 124 // Verifies that the device is not considered disabled during OOBE when it is | 198 // Verifies that the device is not considered disabled during OOBE when it is |
| 125 // explicitly marked as not disabled. | 199 // explicitly marked as not disabled. |
| 126 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenExplicitlyNotDisabled) { | 200 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenExplicitlyNotDisabled) { |
| 127 SetDeviceDisabled(false); | 201 SetDeviceDisabled(false); |
| 128 CheckWhetherDeviceDisabledDuringOOBE(); | 202 CheckWhetherDeviceDisabledDuringOOBE(); |
| 129 EXPECT_FALSE(device_disabled()); | 203 EXPECT_FALSE(device_disabled()); |
| 130 } | 204 } |
| 131 | 205 |
| 132 // Verifies that the device is not considered disabled during OOBE when device | 206 // Verifies that the device is not considered disabled during OOBE when device |
| 133 // disabling is turned off by flag, even if the device is marked as disabled. | 207 // disabling is turned off by flag, even if the device is marked as disabled. |
| 134 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenTurnedOffByFlag) { | 208 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenTurnedOffByFlag) { |
| 135 CommandLine::ForCurrentProcess()->AppendSwitch( | 209 CommandLine::ForCurrentProcess()->AppendSwitch( |
| 136 switches::kDisableDeviceDisabling); | 210 switches::kDisableDeviceDisabling); |
| 137 SetDeviceDisabled(true); | 211 SetDeviceDisabled(true); |
| 138 CheckWhetherDeviceDisabledDuringOOBE(); | 212 CheckWhetherDeviceDisabledDuringOOBE(); |
| 139 EXPECT_FALSE(device_disabled()); | 213 EXPECT_FALSE(device_disabled()); |
| 140 } | 214 } |
| 141 | 215 |
| 142 // Verifies that the device is not considered disabled during OOBE when it is | 216 // Verifies that the device is not considered disabled during OOBE when it is |
| 143 // already enrolled, even if the device is marked as disabled. | 217 // already enrolled, even if the device is marked as disabled. |
| 144 TEST_F(DeviceDisablingManagerTest, DoNotShowWhenEnterpriseOwned) { | 218 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenEnterpriseOwned) { |
| 145 SetDeviceMode(policy::DEVICE_MODE_ENTERPRISE); | 219 SetDeviceMode(policy::DEVICE_MODE_ENTERPRISE); |
| 146 SetDeviceDisabled(true); | 220 SetDeviceDisabled(true); |
| 147 CheckWhetherDeviceDisabledDuringOOBE(); | 221 CheckWhetherDeviceDisabledDuringOOBE(); |
| 148 EXPECT_FALSE(device_disabled()); | 222 EXPECT_FALSE(device_disabled()); |
| 149 } | 223 } |
| 150 | 224 |
| 151 // Verifies that the device is not considered disabled during OOBE when it is | 225 // Verifies that the device is not considered disabled during OOBE when it is |
| 152 // already owned by a consumer, even if the device is marked as disabled. | 226 // already owned by a consumer, even if the device is marked as disabled. |
| 153 TEST_F(DeviceDisablingManagerTest, DoNotShowWhenConsumerOwned) { | 227 TEST_F(DeviceDisablingManagerOOBETest, NotDisabledWhenConsumerOwned) { |
| 154 SetDeviceMode(policy::DEVICE_MODE_CONSUMER); | 228 SetDeviceMode(policy::DEVICE_MODE_CONSUMER); |
| 155 SetDeviceDisabled(true); | 229 SetDeviceDisabled(true); |
| 156 CheckWhetherDeviceDisabledDuringOOBE(); | 230 CheckWhetherDeviceDisabledDuringOOBE(); |
| 157 EXPECT_FALSE(device_disabled()); | 231 EXPECT_FALSE(device_disabled()); |
| 158 } | 232 } |
| 159 | 233 |
| 160 // Verifies that the device is considered disabled during OOBE when it is marked | 234 // Verifies that the device is considered disabled during OOBE when it is marked |
| 161 // as disabled, device disabling is not turned off by flag and the device is not | 235 // as disabled, device disabling is not turned off by flag and the device is not |
| 162 // owned yet. | 236 // owned yet. |
| 163 TEST_F(DeviceDisablingManagerTest, ShowWhenDisabledAndNotOwned) { | 237 TEST_F(DeviceDisablingManagerOOBETest, ShowWhenDisabledAndNotOwned) { |
| 164 SetDeviceDisabled(true); | 238 SetDeviceDisabled(true); |
| 165 CheckWhetherDeviceDisabledDuringOOBE(); | 239 CheckWhetherDeviceDisabledDuringOOBE(); |
| 166 EXPECT_TRUE(device_disabled()); | 240 EXPECT_TRUE(device_disabled()); |
| 167 EXPECT_EQ(kDisabledMessage, GetDisabledMessage()); | 241 EXPECT_EQ(kDisabledMessage1, GetDisabledMessage()); |
| 242 } | |
| 243 | |
| 244 // Base class for tests that verify device disabling behavior once the device is | |
| 245 // owned. | |
| 246 class DeviceDisablingManagerTest : public DeviceDisablingManagerTestBase, | |
| 247 public DeviceDisablingManager::Observer { | |
| 248 public: | |
| 249 DeviceDisablingManagerTest(); | |
| 250 | |
| 251 // DeviceDisablingManagerTestBase: | |
| 252 void TearDown() override; | |
| 253 void CreateDeviceDisablingManager() override; | |
| 254 void DestroyDeviceDisablingManager() override; | |
| 255 | |
| 256 //DeviceDisablingManager::Observer: | |
| 257 MOCK_METHOD1(OnDisabledMessageChanged, void(const std::string&)); | |
| 258 | |
| 259 void SetUnowned(); | |
| 260 void SetEnterpriseOwned(); | |
| 261 void SetConsumerOwned(); | |
| 262 void MakeCrosSettingsTrusted(); | |
| 263 | |
| 264 void SetDeviceDisabled(bool disabled); | |
| 265 void SetDisabledMessage(const std::string& disabled_message); | |
| 266 | |
| 267 private: | |
| 268 void SimulatePolicyFetch(); | |
| 269 | |
| 270 content::TestBrowserThreadBundle thread_bundle_; | |
| 271 chromeos::DeviceSettingsTestHelper device_settings_test_helper_; | |
| 272 policy::DevicePolicyBuilder device_policy_; | |
| 273 | |
| 274 DISALLOW_COPY_AND_ASSIGN(DeviceDisablingManagerTest); | |
| 275 }; | |
| 276 | |
| 277 DeviceDisablingManagerTest::DeviceDisablingManagerTest() { | |
| 278 } | |
| 279 | |
| 280 void DeviceDisablingManagerTest::TearDown() { | |
| 281 chromeos::DeviceSettingsService::Get()->UnsetSessionManager(); | |
| 282 DeviceDisablingManagerTestBase::TearDown(); | |
| 283 } | |
| 284 | |
| 285 void DeviceDisablingManagerTest::CreateDeviceDisablingManager() { | |
| 286 DeviceDisablingManagerTestBase::CreateDeviceDisablingManager(); | |
| 287 device_disabling_manager_->AddObserver(this); | |
| 288 } | |
| 289 | |
| 290 void DeviceDisablingManagerTest::DestroyDeviceDisablingManager() { | |
| 291 if (device_disabling_manager_) | |
| 292 device_disabling_manager_->RemoveObserver(this); | |
| 293 DeviceDisablingManagerTestBase::DestroyDeviceDisablingManager(); | |
| 294 } | |
| 295 | |
| 296 void DeviceDisablingManagerTest::SetUnowned() { | |
| 297 SetRegistrationUser(std::string()); | |
| 298 SetDeviceMode(policy::DEVICE_MODE_NOT_SET); | |
| 299 } | |
| 300 | |
| 301 void DeviceDisablingManagerTest::SetEnterpriseOwned() { | |
| 302 SetRegistrationUser(kTestUser); | |
| 303 SetDeviceMode(policy::DEVICE_MODE_ENTERPRISE); | |
| 304 } | |
| 305 | |
| 306 void DeviceDisablingManagerTest::SetConsumerOwned() { | |
| 307 SetDeviceMode(policy::DEVICE_MODE_CONSUMER); | |
| 308 } | |
| 309 | |
| 310 void DeviceDisablingManagerTest::MakeCrosSettingsTrusted() { | |
| 311 scoped_refptr<ownership::MockOwnerKeyUtil> owner_key_util( | |
| 312 new ownership::MockOwnerKeyUtil); | |
| 313 owner_key_util->SetPublicKeyFromPrivateKey(*device_policy_.GetSigningKey()); | |
| 314 chromeos::DeviceSettingsService::Get()->SetSessionManager( | |
| 315 &device_settings_test_helper_, | |
| 316 owner_key_util); | |
| 317 SimulatePolicyFetch(); | |
| 318 } | |
| 319 | |
| 320 void DeviceDisablingManagerTest::SetDeviceDisabled(bool disabled) { | |
| 321 if (disabled) { | |
| 322 device_policy_.policy_data().mutable_device_state()->set_device_mode( | |
| 323 enterprise_management::DeviceState::DEVICE_MODE_DISABLED); | |
| 324 } else { | |
| 325 device_policy_.policy_data().mutable_device_state()->clear_device_mode(); | |
| 326 } | |
| 327 SimulatePolicyFetch(); | |
| 328 } | |
| 329 | |
| 330 void DeviceDisablingManagerTest::SetDisabledMessage( | |
| 331 const std::string& disabled_message) { | |
| 332 device_policy_.policy_data().mutable_device_state()-> | |
| 333 mutable_disabled_state()->set_message(disabled_message); | |
| 334 SimulatePolicyFetch(); | |
| 335 } | |
| 336 | |
| 337 void DeviceDisablingManagerTest::SimulatePolicyFetch() { | |
| 338 device_policy_.Build(); | |
| 339 device_settings_test_helper_.set_policy_blob(device_policy_.GetBlob()); | |
| 340 chromeos::DeviceSettingsService::Get()->OwnerKeySet(true); | |
| 341 device_settings_test_helper_.Flush(); | |
| 342 } | |
| 343 | |
| 344 // Verifies that the device is not considered disabled by default when it is | |
| 345 // enrolled for enterprise management. | |
| 346 TEST_F(DeviceDisablingManagerTest, NotDisabledByDefault) { | |
| 347 SetEnterpriseOwned(); | |
| 348 MakeCrosSettingsTrusted(); | |
| 349 | |
| 350 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 351 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 352 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 353 CreateDeviceDisablingManager(); | |
| 354 } | |
| 355 | |
| 356 // Verifies that the device is not considered disabled when it is explicitly | |
| 357 // marked as not disabled. | |
| 358 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenExplicitlyNotDisabled) { | |
| 359 SetEnterpriseOwned(); | |
| 360 MakeCrosSettingsTrusted(); | |
| 361 SetDeviceDisabled(false); | |
| 362 | |
| 363 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 364 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 365 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 366 CreateDeviceDisablingManager(); | |
| 367 } | |
| 368 | |
| 369 // Verifies that the device is not considered disabled when device disabling is | |
| 370 // turned off by flag, even if the device is marked as disabled. | |
| 371 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenTurnedOffByFlag) { | |
| 372 CommandLine::ForCurrentProcess()->AppendSwitch( | |
| 373 switches::kDisableDeviceDisabling); | |
| 374 SetEnterpriseOwned(); | |
| 375 MakeCrosSettingsTrusted(); | |
| 376 SetDeviceDisabled(true); | |
| 377 | |
| 378 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 379 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 380 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 381 CreateDeviceDisablingManager(); | |
| 382 } | |
| 383 | |
| 384 // Verifies that the device is not considered disabled when it is owned by a | |
| 385 // consumer, even if the device is marked as disabled. | |
| 386 TEST_F(DeviceDisablingManagerTest, NotDisabledWhenConsumerOwned) { | |
| 387 SetConsumerOwned(); | |
| 388 MakeCrosSettingsTrusted(); | |
| 389 SetDeviceDisabled(true); | |
| 390 | |
| 391 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 392 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 393 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 394 CreateDeviceDisablingManager(); | |
| 395 } | |
| 396 | |
| 397 // Verifies that the device disabled screen is shown immediately when the device | |
| 398 // is already marked as disabled on start-up. | |
| 399 TEST_F(DeviceDisablingManagerTest, DisabledOnLoginScreen) { | |
| 400 SetEnterpriseOwned(); | |
| 401 MakeCrosSettingsTrusted(); | |
| 402 SetDisabledMessage(kDisabledMessage1); | |
| 403 SetDeviceDisabled(true); | |
| 404 | |
| 405 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 406 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(1); | |
| 407 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 408 CreateDeviceDisablingManager(); | |
| 409 EXPECT_EQ(kDisabledMessage1, GetDisabledMessage()); | |
| 410 } | |
| 411 | |
| 412 // Verifies that the device disabled screen is shown immediately when the device | |
| 413 // becomes disabled while the login screen is showing. Also verifies that Chrome | |
| 414 // restarts when the device becomes enabled again. | |
| 415 TEST_F(DeviceDisablingManagerTest, DisableAndReEnableOnLoginScreen) { | |
| 416 SetEnterpriseOwned(); | |
| 417 MakeCrosSettingsTrusted(); | |
| 418 SetDisabledMessage(kDisabledMessage1); | |
| 419 | |
| 420 // Verify that initially, the disabled screen is not shown and Chrome does not | |
| 421 // restart. | |
| 422 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 423 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 424 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 425 CreateDeviceDisablingManager(); | |
| 426 Mock::VerifyAndClearExpectations(this); | |
| 427 | |
| 428 // Mark the device as disabled. Verify that the device disabled screen is | |
| 429 // shown. | |
| 430 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 431 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(1); | |
| 432 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 433 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage1)).Times(1); | |
| 434 SetDeviceDisabled(true); | |
| 435 Mock::VerifyAndClearExpectations(this); | |
| 436 EXPECT_EQ(kDisabledMessage1, GetDisabledMessage()); | |
| 437 | |
| 438 // Update the disabled message. Verify that the device disabled screen is | |
| 439 // updated. | |
| 440 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 441 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 442 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 443 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage2)).Times(1); | |
| 444 SetDisabledMessage(kDisabledMessage2); | |
| 445 Mock::VerifyAndClearExpectations(this); | |
| 446 EXPECT_EQ(kDisabledMessage2, GetDisabledMessage()); | |
| 447 | |
| 448 // Mark the device as enabled again. Verify that Chrome restarts. | |
| 449 EXPECT_CALL(*this, RestartToLoginScreen()).Times(1); | |
| 450 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 451 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 452 SetDeviceDisabled(false); | |
| 453 } | |
| 454 | |
| 455 // Verifies that Chrome restarts when the device becomes disabled while a | |
| 456 // session is in progress. | |
| 457 TEST_F(DeviceDisablingManagerTest, DisableDuringSession) { | |
| 458 SetEnterpriseOwned(); | |
| 459 MakeCrosSettingsTrusted(); | |
| 460 SetDisabledMessage(kDisabledMessage1); | |
| 461 LogIn(); | |
| 462 | |
| 463 // Verify that initially, the disabled screen is not shown and Chrome does not | |
| 464 // restart. | |
| 465 EXPECT_CALL(*this, RestartToLoginScreen()).Times(0); | |
| 466 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 467 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 468 CreateDeviceDisablingManager(); | |
| 469 Mock::VerifyAndClearExpectations(this); | |
| 470 | |
| 471 // Mark the device as disabled. Verify that Chrome restarts. | |
| 472 EXPECT_CALL(*this, RestartToLoginScreen()).Times(1); | |
| 473 EXPECT_CALL(*this, ShowDeviceDisabledScreen()).Times(0); | |
| 474 EXPECT_CALL(*this, OnDisabledMessageChanged(_)).Times(0); | |
| 475 EXPECT_CALL(*this, OnDisabledMessageChanged(kDisabledMessage1)).Times(1); | |
| 476 SetDeviceDisabled(true); | |
| 477 } | |
| 478 | |
| 479 // Verifies that the HonorDeviceDisablingDuringNormalOperation() method returns | |
| 480 // true iff the device is enterprise enrolled and device disabling is not turned | |
| 481 // off by flag. | |
| 482 TEST_F(DeviceDisablingManagerTest, HonorDeviceDisablingDuringNormalOperation) { | |
| 483 // Not enterprise owned, not disabled by flag. | |
| 484 EXPECT_FALSE( | |
| 485 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation()); | |
| 486 | |
| 487 // Enterprise owned, not disabled by flag. | |
| 488 SetEnterpriseOwned(); | |
| 489 EXPECT_TRUE( | |
| 490 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation()); | |
| 491 | |
| 492 // Enterprise owned, disabled by flag. | |
| 493 CommandLine::ForCurrentProcess()->AppendSwitch( | |
| 494 switches::kDisableDeviceDisabling); | |
| 495 EXPECT_FALSE( | |
| 496 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation()); | |
| 497 | |
| 498 // Not enterprise owned, disabled by flag. | |
| 499 SetUnowned(); | |
| 500 EXPECT_FALSE( | |
| 501 DeviceDisablingManager::HonorDeviceDisablingDuringNormalOperation()); | |
| 168 } | 502 } |
| 169 | 503 |
| 170 } // namespace system | 504 } // namespace system |
| 171 } // namespace chromeos | 505 } // namespace chromeos |
| OLD | NEW |
