1# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. 2# Use of this source code is governed by a BSD-style license that can be 3# found in the LICENSE file. 4 5import dbus, os 6from dbus.mainloop.glib import DBusGMainLoop 7 8from autotest_lib.client.bin import test, utils 9from autotest_lib.client.common_lib import error 10from autotest_lib.client.common_lib.cros import policy, session_manager 11from autotest_lib.client.cros import cryptohome, ownership 12 13 14class login_MultiUserPolicy(test.test): 15 """Verifies that storing and retrieving user policy works with 16 multiple profiles signed-in. 17 """ 18 19 version = 1 20 21 _user1 = 'user1@somewhere.com' 22 _user2 = 'user2@somewhere.com' 23 24 def setup(self): 25 os.chdir(self.srcdir) 26 utils.make('OUT_DIR=.') 27 28 29 def initialize(self): 30 super(login_MultiUserPolicy, self).initialize() 31 self._bus_loop = DBusGMainLoop(set_as_default=True) 32 33 # Clear the user's vault, to make sure the test starts without any 34 # policy or key lingering around. At this stage the session isn't 35 # started and there's no user signed in. 36 ownership.restart_ui_to_clear_ownership_files() 37 cryptohome_proxy = cryptohome.CryptohomeProxy(self._bus_loop) 38 cryptohome_proxy.ensure_clean_cryptohome_for(self._user1) 39 cryptohome_proxy.ensure_clean_cryptohome_for(self._user2) 40 41 42 def run_once(self): 43 sm = session_manager.connect(self._bus_loop) 44 45 # Start a session for the first user, and verify that no policy exists 46 # for that user yet. 47 sm.StartSession(self._user1, '') 48 policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True) 49 if policy_blob: 50 raise error.TestError('session_manager already has user policy!') 51 52 # Now store a policy. This is building a device policy protobuf, but 53 # that's fine as far as the session_manager is concerned; it's the 54 # outer PolicyFetchResponse that contains the public_key. 55 public_key = ownership.known_pubkey() 56 private_key = ownership.known_privkey() 57 policy_data = policy.build_policy_data(self.srcdir) 58 policy_response = policy.generate_policy(self.srcdir, 59 private_key, 60 public_key, 61 policy_data) 62 try: 63 sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response)) 64 except dbus.exceptions.DBusException as e: 65 raise error.TestFail('Call to StorePolicyForUser failed', e) 66 67 # Storing policy for the second user fails before his session starts. 68 try: 69 sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) 70 except dbus.exceptions.DBusException: 71 pass 72 else: 73 raise error.TestFail('Storing policy should fail before the ' 74 'session is started') 75 76 77 # Now start the second user's session, and verify that he has no 78 # policy stored yet. 79 sm.StartSession(self._user2, '') 80 policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) 81 if policy_blob: 82 raise error.TestError('session_manager already has user policy!') 83 84 # Storing works now. 85 try: 86 sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) 87 except dbus.exceptions.DBusException as e: 88 raise error.TestFail('Call to StorePolicyForUser failed', e) 89 90 # Verify that retrieving policy works too. 91 policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) 92 if not policy_blob: 93 raise error.TestError('Failed to retrieve stored policy') 94