1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "policy/libpolicy.h"
6
7 #include <openssl/err.h>
8 #include <openssl/ssl.h>
9
10 #include <base/files/file_path.h>
11 #include <base/logging.h>
12 #include <gtest/gtest.h>
13
14 #include "policy/device_policy_impl.h"
15
16 namespace policy {
17
18 static const char kPolicyFileAllSet[] = "policy/tests/whitelist/policy_all";
19 static const char kPolicyFileNoneSet[] = "policy/tests/whitelist/policy_none";
20 static const char kKeyFile[] = "policy/tests/whitelist/owner.key";
21
22 // Creates the DevicePolicyImpl with given parameters for test.
CreateDevicePolicyImpl(std::unique_ptr<InstallAttributesReader> install_attributes_reader,const base::FilePath & policy_path,const base::FilePath & keyfile_path,bool verify_files)23 std::unique_ptr<DevicePolicyImpl> CreateDevicePolicyImpl(
24 std::unique_ptr<InstallAttributesReader> install_attributes_reader,
25 const base::FilePath& policy_path,
26 const base::FilePath& keyfile_path,
27 bool verify_files) {
28 std::unique_ptr<DevicePolicyImpl> device_policy(new DevicePolicyImpl());
29 device_policy->set_install_attributes_for_testing(
30 std::move(install_attributes_reader));
31 device_policy->set_policy_path_for_testing(policy_path);
32 device_policy->set_key_file_path_for_testing(keyfile_path);
33 device_policy->set_verify_root_ownership_for_testing(verify_files);
34
35 return device_policy;
36 }
37
38 // Test that a policy file can be verified and parsed correctly. The file
39 // contains all possible fields, so reading should succeed for all.
TEST(PolicyTest,DevicePolicyAllSetTest)40 TEST(PolicyTest, DevicePolicyAllSetTest) {
41 base::FilePath policy_file(kPolicyFileAllSet);
42 base::FilePath key_file(kKeyFile);
43 PolicyProvider provider(
44 CreateDevicePolicyImpl(std::make_unique<MockInstallAttributesReader>(
45 cryptohome::SerializedInstallAttributes()),
46 policy_file, key_file, false));
47 provider.Reload();
48
49 // Ensure we successfully loaded the device policy file.
50 ASSERT_TRUE(provider.device_policy_is_loaded());
51
52 const DevicePolicy& policy = provider.GetDevicePolicy();
53
54 // Check that we can read out all fields of the sample protobuf.
55 int int_value = -1;
56 ASSERT_TRUE(policy.GetPolicyRefreshRate(&int_value));
57 ASSERT_EQ(100, int_value);
58
59 std::vector<std::string> list_value;
60 ASSERT_TRUE(policy.GetUserWhitelist(&list_value));
61 ASSERT_EQ(3, list_value.size());
62 ASSERT_EQ("me@here.com", list_value[0]);
63 ASSERT_EQ("you@there.com", list_value[1]);
64 ASSERT_EQ("*@monsters.com", list_value[2]);
65
66 bool bool_value = true;
67 ASSERT_TRUE(policy.GetGuestModeEnabled(&bool_value));
68 ASSERT_FALSE(bool_value);
69
70 bool_value = true;
71 ASSERT_TRUE(policy.GetCameraEnabled(&bool_value));
72 ASSERT_FALSE(bool_value);
73
74 bool_value = true;
75 ASSERT_TRUE(policy.GetShowUserNames(&bool_value));
76 ASSERT_FALSE(bool_value);
77
78 bool_value = true;
79 ASSERT_TRUE(policy.GetDataRoamingEnabled(&bool_value));
80 ASSERT_FALSE(bool_value);
81
82 bool_value = true;
83 ASSERT_TRUE(policy.GetAllowNewUsers(&bool_value));
84 ASSERT_FALSE(bool_value);
85
86 bool_value = true;
87 ASSERT_TRUE(policy.GetMetricsEnabled(&bool_value));
88 ASSERT_FALSE(bool_value);
89
90 bool_value = true;
91 ASSERT_TRUE(policy.GetReportVersionInfo(&bool_value));
92 ASSERT_FALSE(bool_value);
93
94 bool_value = true;
95 ASSERT_TRUE(policy.GetReportActivityTimes(&bool_value));
96 ASSERT_FALSE(bool_value);
97
98 bool_value = true;
99 ASSERT_TRUE(policy.GetReportBootMode(&bool_value));
100 ASSERT_FALSE(bool_value);
101
102 bool_value = true;
103 ASSERT_TRUE(policy.GetEphemeralUsersEnabled(&bool_value));
104 ASSERT_FALSE(bool_value);
105
106 std::string string_value;
107 ASSERT_TRUE(policy.GetReleaseChannel(&string_value));
108 ASSERT_EQ("stable-channel", string_value);
109
110 bool_value = false;
111 ASSERT_TRUE(policy.GetReleaseChannelDelegated(&bool_value));
112 ASSERT_TRUE(bool_value);
113
114 bool_value = true;
115 ASSERT_TRUE(policy.GetUpdateDisabled(&bool_value));
116 ASSERT_FALSE(bool_value);
117
118 int64_t int64_value = -1LL;
119 ASSERT_TRUE(policy.GetScatterFactorInSeconds(&int64_value));
120 ASSERT_EQ(17LL, int64_value);
121
122 ASSERT_TRUE(policy.GetTargetVersionPrefix(&string_value));
123 ASSERT_EQ("42.0.", string_value);
124
125 std::set<std::string> types;
126 ASSERT_TRUE(policy.GetAllowedConnectionTypesForUpdate(&types));
127 ASSERT_TRUE(types.end() != types.find("ethernet"));
128 ASSERT_TRUE(types.end() != types.find("wifi"));
129 ASSERT_EQ(2, types.size());
130
131 ASSERT_TRUE(policy.GetOpenNetworkConfiguration(&string_value));
132 ASSERT_EQ("{}", string_value);
133
134 ASSERT_TRUE(policy.GetOwner(&string_value));
135 ASSERT_EQ("", string_value);
136
137 bool_value = true;
138 ASSERT_TRUE(policy.GetHttpDownloadsEnabled(&bool_value));
139 ASSERT_FALSE(bool_value);
140
141 bool_value = true;
142 ASSERT_TRUE(policy.GetAuP2PEnabled(&bool_value));
143 ASSERT_FALSE(bool_value);
144
145 bool_value = true;
146 ASSERT_TRUE(policy.GetAllowKioskAppControlChromeVersion(&bool_value));
147 ASSERT_FALSE(bool_value);
148
149 std::vector<DevicePolicy::UsbDeviceId> list_device;
150 ASSERT_TRUE(policy.GetUsbDetachableWhitelist(&list_device));
151 ASSERT_EQ(2, list_device.size());
152 ASSERT_EQ(0x413c, list_device[0].vendor_id);
153 ASSERT_EQ(0x2105, list_device[0].product_id);
154 ASSERT_EQ(0x0403, list_device[1].vendor_id);
155 ASSERT_EQ(0x6001, list_device[1].product_id);
156
157 ASSERT_TRUE(policy.GetAutoLaunchedKioskAppId(&string_value));
158 ASSERT_EQ("my_kiosk_app", string_value);
159
160 // Reloading the protobuf should succeed.
161 ASSERT_TRUE(provider.Reload());
162 }
163
164 // Test that a policy file can be verified and parsed correctly. The file
165 // contains none of the possible fields, so reading should fail for all.
TEST(PolicyTest,DevicePolicyNoneSetTest)166 TEST(PolicyTest, DevicePolicyNoneSetTest) {
167 base::FilePath policy_file(kPolicyFileNoneSet);
168 base::FilePath key_file(kKeyFile);
169
170 PolicyProvider provider(
171 CreateDevicePolicyImpl(std::make_unique<MockInstallAttributesReader>(
172 cryptohome::SerializedInstallAttributes()),
173 policy_file, key_file, false));
174 provider.Reload();
175
176 // Ensure we successfully loaded the device policy file.
177 ASSERT_TRUE(provider.device_policy_is_loaded());
178
179 const DevicePolicy& policy = provider.GetDevicePolicy();
180
181 // Check that we cannot read any fields out of the sample protobuf.
182 int int_value;
183 int64_t int64_value;
184 std::vector<std::string> list_value;
185 bool bool_value;
186 std::string string_value;
187 std::vector<DevicePolicy::UsbDeviceId> list_device;
188
189 ASSERT_FALSE(policy.GetPolicyRefreshRate(&int_value));
190 ASSERT_FALSE(policy.GetUserWhitelist(&list_value));
191 ASSERT_FALSE(policy.GetGuestModeEnabled(&bool_value));
192 ASSERT_FALSE(policy.GetCameraEnabled(&bool_value));
193 ASSERT_FALSE(policy.GetShowUserNames(&bool_value));
194 ASSERT_FALSE(policy.GetDataRoamingEnabled(&bool_value));
195 ASSERT_FALSE(policy.GetAllowNewUsers(&bool_value));
196 ASSERT_FALSE(policy.GetMetricsEnabled(&bool_value));
197 ASSERT_FALSE(policy.GetReportVersionInfo(&bool_value));
198 ASSERT_FALSE(policy.GetReportActivityTimes(&bool_value));
199 ASSERT_FALSE(policy.GetReportBootMode(&bool_value));
200 ASSERT_FALSE(policy.GetEphemeralUsersEnabled(&bool_value));
201 ASSERT_FALSE(policy.GetReleaseChannel(&string_value));
202 ASSERT_FALSE(policy.GetUpdateDisabled(&bool_value));
203 ASSERT_FALSE(policy.GetTargetVersionPrefix(&string_value));
204 ASSERT_FALSE(policy.GetScatterFactorInSeconds(&int64_value));
205 ASSERT_FALSE(policy.GetOpenNetworkConfiguration(&string_value));
206 ASSERT_FALSE(policy.GetHttpDownloadsEnabled(&bool_value));
207 ASSERT_FALSE(policy.GetAuP2PEnabled(&bool_value));
208 ASSERT_FALSE(policy.GetAllowKioskAppControlChromeVersion(&bool_value));
209 ASSERT_FALSE(policy.GetUsbDetachableWhitelist(&list_device));
210 }
211
212 // Verify that the library will correctly recognize and signal missing files.
TEST(PolicyTest,DevicePolicyFailure)213 TEST(PolicyTest, DevicePolicyFailure) {
214 LOG(INFO) << "Errors expected.";
215 // Try loading non-existing protobuf should fail.
216 base::FilePath non_existing("this_file_is_doof");
217 PolicyProvider provider(
218 CreateDevicePolicyImpl(std::make_unique<MockInstallAttributesReader>(
219 cryptohome::SerializedInstallAttributes()),
220 non_existing,
221 non_existing,
222 true));
223
224 // Even after reload the policy should still be not loaded.
225 ASSERT_FALSE(provider.Reload());
226 ASSERT_FALSE(provider.device_policy_is_loaded());
227 }
228
229 } // namespace policy
230
main(int argc,char * argv[])231 int main(int argc, char* argv[]) {
232 ::testing::InitGoogleTest(&argc, argv);
233 return RUN_ALL_TESTS();
234 }
235