1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "policy/libpolicy.h"
6
7 #include <openssl/err.h>
8 #include <openssl/ssl.h>
9
10 #include <base/files/file_path.h>
11 #include <base/logging.h>
12 #include <gtest/gtest.h>
13
14 #include "policy/device_policy_impl.h"
15
16 namespace policy {
17
18 static const char kPolicyFileAllSet[] =
19 "policy/tests/whitelist/policy_all";
20 static const char kPolicyFileNoneSet[] =
21 "policy/tests/whitelist/policy_none";
22 static const char kKeyFile[] = "policy/tests/whitelist/owner.key";
23
24 // This class mocks only the minimally needed functionionality to run tests
25 // that would otherwise fail because of hard restrictions like root file
26 // ownership. Otherwise, it preserves all the functionallity of the original
27 // class.
28 class MockDevicePolicyImpl : public DevicePolicyImpl {
29 public:
MockDevicePolicyImpl(const base::FilePath & policy_path,const base::FilePath & keyfile_path,bool verify_files)30 MockDevicePolicyImpl(const base::FilePath& policy_path,
31 const base::FilePath& keyfile_path,
32 bool verify_files)
33 : verify_files_(verify_files) {
34 policy_path_ = policy_path;
35 keyfile_path_ = keyfile_path;
36 }
37
38 private:
39 // We don't care if files are owned by root for most tests.
VerifyPolicyFiles()40 virtual bool VerifyPolicyFiles() {
41 return !verify_files_ || DevicePolicyImpl::VerifyPolicyFiles();
42 }
43
44 bool verify_files_;
45 };
46
47 // Test that a policy file can be verified and parsed correctly. The file
48 // contains all possible fields, so reading should succeed for all.
TEST(PolicyTest,DevicePolicyAllSetTest)49 TEST(PolicyTest, DevicePolicyAllSetTest) {
50 base::FilePath policy_file(kPolicyFileAllSet);
51 base::FilePath key_file(kKeyFile);
52 MockDevicePolicyImpl* device_policy =
53 new MockDevicePolicyImpl(policy_file, key_file, false);
54 PolicyProvider provider(device_policy);
55 provider.Reload();
56
57 // Ensure we successfully loaded the device policy file.
58 ASSERT_TRUE(provider.device_policy_is_loaded());
59
60 const DevicePolicy& policy = provider.GetDevicePolicy();
61
62 // Check that we can read out all fields of the sample protobuf.
63 int int_value = -1;
64 ASSERT_TRUE(policy.GetPolicyRefreshRate(&int_value));
65 ASSERT_EQ(100, int_value);
66
67 std::vector<std::string> list_value;
68 ASSERT_TRUE(policy.GetUserWhitelist(&list_value));
69 ASSERT_EQ(3, list_value.size());
70 ASSERT_EQ("me@here.com", list_value[0]);
71 ASSERT_EQ("you@there.com", list_value[1]);
72 ASSERT_EQ("*@monsters.com", list_value[2]);
73
74 bool bool_value = true;
75 ASSERT_TRUE(policy.GetGuestModeEnabled(&bool_value));
76 ASSERT_FALSE(bool_value);
77
78 bool_value = true;
79 ASSERT_TRUE(policy.GetCameraEnabled(&bool_value));
80 ASSERT_FALSE(bool_value);
81
82 bool_value = true;
83 ASSERT_TRUE(policy.GetShowUserNames(&bool_value));
84 ASSERT_FALSE(bool_value);
85
86 bool_value = true;
87 ASSERT_TRUE(policy.GetDataRoamingEnabled(&bool_value));
88 ASSERT_FALSE(bool_value);
89
90 bool_value = true;
91 ASSERT_TRUE(policy.GetAllowNewUsers(&bool_value));
92 ASSERT_FALSE(bool_value);
93
94 bool_value = true;
95 ASSERT_TRUE(policy.GetMetricsEnabled(&bool_value));
96 ASSERT_FALSE(bool_value);
97
98 bool_value = true;
99 ASSERT_TRUE(policy.GetReportVersionInfo(&bool_value));
100 ASSERT_FALSE(bool_value);
101
102 bool_value = true;
103 ASSERT_TRUE(policy.GetReportActivityTimes(&bool_value));
104 ASSERT_FALSE(bool_value);
105
106 bool_value = true;
107 ASSERT_TRUE(policy.GetReportBootMode(&bool_value));
108 ASSERT_FALSE(bool_value);
109
110 bool_value = true;
111 ASSERT_TRUE(policy.GetEphemeralUsersEnabled(&bool_value));
112 ASSERT_FALSE(bool_value);
113
114 std::string string_value;
115 ASSERT_TRUE(policy.GetReleaseChannel(&string_value));
116 ASSERT_EQ("stable-channel", string_value);
117
118 bool_value = false;
119 ASSERT_TRUE(policy.GetReleaseChannelDelegated(&bool_value));
120 ASSERT_TRUE(bool_value);
121
122 bool_value = true;
123 ASSERT_TRUE(policy.GetUpdateDisabled(&bool_value));
124 ASSERT_FALSE(bool_value);
125
126 int64_t int64_value = -1LL;
127 ASSERT_TRUE(policy.GetScatterFactorInSeconds(&int64_value));
128 ASSERT_EQ(17LL, int64_value);
129
130 ASSERT_TRUE(policy.GetTargetVersionPrefix(&string_value));
131 ASSERT_EQ("42.0.", string_value);
132
133 std::set<std::string> types;
134 ASSERT_TRUE(policy.GetAllowedConnectionTypesForUpdate(&types));
135 ASSERT_TRUE(types.end() != types.find("ethernet"));
136 ASSERT_TRUE(types.end() != types.find("wifi"));
137 ASSERT_EQ(2, types.size());
138
139 ASSERT_TRUE(policy.GetOpenNetworkConfiguration(&string_value));
140 ASSERT_EQ("{}", string_value);
141
142 ASSERT_TRUE(policy.GetOwner(&string_value));
143 ASSERT_EQ("", string_value);
144
145 bool_value = true;
146 ASSERT_TRUE(policy.GetHttpDownloadsEnabled(&bool_value));
147 ASSERT_FALSE(bool_value);
148
149 bool_value = true;
150 ASSERT_TRUE(policy.GetAuP2PEnabled(&bool_value));
151 ASSERT_FALSE(bool_value);
152
153 // Reloading the protobuf should succeed.
154 ASSERT_TRUE(provider.Reload());
155 }
156
157 // Test that a policy file can be verified and parsed correctly. The file
158 // contains none of the possible fields, so reading should fail for all.
TEST(PolicyTest,DevicePolicyNoneSetTest)159 TEST(PolicyTest, DevicePolicyNoneSetTest) {
160 base::FilePath policy_file(kPolicyFileNoneSet);
161 base::FilePath key_file(kKeyFile);
162 MockDevicePolicyImpl* device_policy =
163 new MockDevicePolicyImpl(policy_file, key_file, false);
164 PolicyProvider provider(device_policy);
165 provider.Reload();
166
167 // Ensure we successfully loaded the device policy file.
168 ASSERT_TRUE(provider.device_policy_is_loaded());
169
170 const DevicePolicy& policy = provider.GetDevicePolicy();
171
172 // Check that we cannot read any fields out of the sample protobuf.
173 int int_value;
174 int64_t int64_value;
175 std::vector<std::string> list_value;
176 bool bool_value;
177 std::string string_value;
178
179 ASSERT_FALSE(policy.GetPolicyRefreshRate(&int_value));
180 ASSERT_FALSE(policy.GetUserWhitelist(&list_value));
181 ASSERT_FALSE(policy.GetGuestModeEnabled(&bool_value));
182 ASSERT_FALSE(policy.GetCameraEnabled(&bool_value));
183 ASSERT_FALSE(policy.GetShowUserNames(&bool_value));
184 ASSERT_FALSE(policy.GetDataRoamingEnabled(&bool_value));
185 ASSERT_FALSE(policy.GetAllowNewUsers(&bool_value));
186 ASSERT_FALSE(policy.GetMetricsEnabled(&bool_value));
187 ASSERT_FALSE(policy.GetReportVersionInfo(&bool_value));
188 ASSERT_FALSE(policy.GetReportActivityTimes(&bool_value));
189 ASSERT_FALSE(policy.GetReportBootMode(&bool_value));
190 ASSERT_FALSE(policy.GetEphemeralUsersEnabled(&bool_value));
191 ASSERT_FALSE(policy.GetReleaseChannel(&string_value));
192 ASSERT_FALSE(policy.GetUpdateDisabled(&bool_value));
193 ASSERT_FALSE(policy.GetTargetVersionPrefix(&string_value));
194 ASSERT_FALSE(policy.GetScatterFactorInSeconds(&int64_value));
195 ASSERT_FALSE(policy.GetOpenNetworkConfiguration(&string_value));
196 ASSERT_FALSE(policy.GetHttpDownloadsEnabled(&bool_value));
197 ASSERT_FALSE(policy.GetAuP2PEnabled(&bool_value));
198 }
199
200 // Verify that the library will correctly recognize and signal missing files.
TEST(PolicyTest,DevicePolicyFailure)201 TEST(PolicyTest, DevicePolicyFailure) {
202 LOG(INFO) << "Errors expected.";
203 // Try loading non-existing protobuf should fail.
204 base::FilePath non_existing("this_file_is_doof");
205 MockDevicePolicyImpl* device_policy =
206 new MockDevicePolicyImpl(non_existing, non_existing, true);
207 PolicyProvider provider(device_policy);
208 // Even after reload the policy should still be not loaded.
209 ASSERT_FALSE(provider.Reload());
210 ASSERT_FALSE(provider.device_policy_is_loaded());
211 }
212
213 } // namespace policy
214
main(int argc,char * argv[])215 int main(int argc, char* argv[]) {
216 ::testing::InitGoogleTest(&argc, argv);
217 return RUN_ALL_TESTS();
218 }
219