1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "policy/libpolicy.h"
6
7 #include <openssl/err.h>
8 #include <openssl/ssl.h>
9
10 #include <base/files/file_path.h>
11 #include <base/logging.h>
12 #include <gtest/gtest.h>
13
14 #include "policy/device_policy_impl.h"
15
16 namespace policy {
17
18 static const char kPolicyFileAllSet[] =
19 "policy/tests/whitelist/policy_all";
20 static const char kPolicyFileNoneSet[] =
21 "policy/tests/whitelist/policy_none";
22 static const char kKeyFile[] = "policy/tests/whitelist/owner.key";
23
24 // This class mocks only the minimally needed functionionality to run tests
25 // that would otherwise fail because of hard restrictions like root file
26 // ownership. Otherwise, it preserves all the functionallity of the original
27 // class.
28 class MockDevicePolicyImpl : public DevicePolicyImpl {
29 public:
MockDevicePolicyImpl(const base::FilePath & policy_path,const base::FilePath & keyfile_path,bool verify_files)30 MockDevicePolicyImpl(const base::FilePath& policy_path,
31 const base::FilePath& keyfile_path,
32 bool verify_files)
33 : verify_files_(verify_files) {
34 policy_path_ = policy_path;
35 keyfile_path_ = keyfile_path;
36 }
37
38 private:
39 // We don't care if files are owned by root for most tests.
VerifyPolicyFiles()40 virtual bool VerifyPolicyFiles() {
41 return !verify_files_ || DevicePolicyImpl::VerifyPolicyFiles();
42 }
43
44 bool verify_files_;
45 };
46
47 // Test that a policy file can be verified and parsed correctly. The file
48 // contains all possible fields, so reading should succeed for all.
TEST(PolicyTest,DevicePolicyAllSetTest)49 TEST(PolicyTest, DevicePolicyAllSetTest) {
50 base::FilePath policy_file(kPolicyFileAllSet);
51 base::FilePath key_file(kKeyFile);
52 MockDevicePolicyImpl* device_policy =
53 new MockDevicePolicyImpl(policy_file, key_file, false);
54 PolicyProvider provider(device_policy);
55 provider.Reload();
56
57 // Ensure we successfully loaded the device policy file.
58 ASSERT_TRUE(provider.device_policy_is_loaded());
59
60 const DevicePolicy& policy = provider.GetDevicePolicy();
61
62 // Check that we can read out all fields of the sample protobuf.
63 int int_value = -1;
64 ASSERT_TRUE(policy.GetPolicyRefreshRate(&int_value));
65 ASSERT_EQ(100, int_value);
66
67 std::vector<std::string> list_value;
68 ASSERT_TRUE(policy.GetUserWhitelist(&list_value));
69 ASSERT_EQ(3, list_value.size());
70 ASSERT_EQ("me@here.com", list_value[0]);
71 ASSERT_EQ("you@there.com", list_value[1]);
72 ASSERT_EQ("*@monsters.com", list_value[2]);
73
74 bool bool_value = true;
75 ASSERT_TRUE(policy.GetGuestModeEnabled(&bool_value));
76 ASSERT_FALSE(bool_value);
77
78 bool_value = true;
79 ASSERT_TRUE(policy.GetCameraEnabled(&bool_value));
80 ASSERT_FALSE(bool_value);
81
82 bool_value = true;
83 ASSERT_TRUE(policy.GetShowUserNames(&bool_value));
84 ASSERT_FALSE(bool_value);
85
86 bool_value = true;
87 ASSERT_TRUE(policy.GetDataRoamingEnabled(&bool_value));
88 ASSERT_FALSE(bool_value);
89
90 bool_value = true;
91 ASSERT_TRUE(policy.GetAllowNewUsers(&bool_value));
92 ASSERT_FALSE(bool_value);
93
94 bool_value = true;
95 ASSERT_TRUE(policy.GetMetricsEnabled(&bool_value));
96 ASSERT_FALSE(bool_value);
97
98 bool_value = true;
99 ASSERT_TRUE(policy.GetReportVersionInfo(&bool_value));
100 ASSERT_FALSE(bool_value);
101
102 bool_value = true;
103 ASSERT_TRUE(policy.GetReportActivityTimes(&bool_value));
104 ASSERT_FALSE(bool_value);
105
106 bool_value = true;
107 ASSERT_TRUE(policy.GetReportBootMode(&bool_value));
108 ASSERT_FALSE(bool_value);
109
110 bool_value = true;
111 ASSERT_TRUE(policy.GetEphemeralUsersEnabled(&bool_value));
112 ASSERT_FALSE(bool_value);
113
114 std::string string_value;
115 ASSERT_TRUE(policy.GetReleaseChannel(&string_value));
116 ASSERT_EQ("stable-channel", string_value);
117
118 bool_value = false;
119 ASSERT_TRUE(policy.GetReleaseChannelDelegated(&bool_value));
120 ASSERT_TRUE(bool_value);
121
122 bool_value = true;
123 ASSERT_TRUE(policy.GetUpdateDisabled(&bool_value));
124 ASSERT_FALSE(bool_value);
125
126 int64_t int64_value = -1LL;
127 ASSERT_TRUE(policy.GetScatterFactorInSeconds(&int64_value));
128 ASSERT_EQ(17LL, int64_value);
129
130 ASSERT_TRUE(policy.GetTargetVersionPrefix(&string_value));
131 ASSERT_EQ("42.0.", string_value);
132
133 std::set<std::string> types;
134 ASSERT_TRUE(policy.GetAllowedConnectionTypesForUpdate(&types));
135 ASSERT_TRUE(types.end() != types.find("ethernet"));
136 ASSERT_TRUE(types.end() != types.find("wifi"));
137 ASSERT_EQ(2, types.size());
138
139 ASSERT_TRUE(policy.GetOpenNetworkConfiguration(&string_value));
140 ASSERT_EQ("{}", string_value);
141
142 ASSERT_TRUE(policy.GetOwner(&string_value));
143 ASSERT_EQ("", string_value);
144
145 bool_value = true;
146 ASSERT_TRUE(policy.GetHttpDownloadsEnabled(&bool_value));
147 ASSERT_FALSE(bool_value);
148
149 bool_value = true;
150 ASSERT_TRUE(policy.GetAuP2PEnabled(&bool_value));
151 ASSERT_FALSE(bool_value);
152
153 bool_value = true;
154 ASSERT_TRUE(policy.GetAllowKioskAppControlChromeVersion(&bool_value));
155 ASSERT_FALSE(bool_value);
156
157 std::vector<DevicePolicy::UsbDeviceId> list_device;
158 ASSERT_TRUE(policy.GetUsbDetachableWhitelist(&list_device));
159 ASSERT_EQ(2, list_device.size());
160 ASSERT_EQ(0x413c, list_device[0].vendor_id);
161 ASSERT_EQ(0x2105, list_device[0].product_id);
162 ASSERT_EQ(0x0403, list_device[1].vendor_id);
163 ASSERT_EQ(0x6001, list_device[1].product_id);
164
165 // Reloading the protobuf should succeed.
166 ASSERT_TRUE(provider.Reload());
167 }
168
169 // Test that a policy file can be verified and parsed correctly. The file
170 // contains none of the possible fields, so reading should fail for all.
TEST(PolicyTest,DevicePolicyNoneSetTest)171 TEST(PolicyTest, DevicePolicyNoneSetTest) {
172 base::FilePath policy_file(kPolicyFileNoneSet);
173 base::FilePath key_file(kKeyFile);
174 MockDevicePolicyImpl* device_policy =
175 new MockDevicePolicyImpl(policy_file, key_file, false);
176 PolicyProvider provider(device_policy);
177 provider.Reload();
178
179 // Ensure we successfully loaded the device policy file.
180 ASSERT_TRUE(provider.device_policy_is_loaded());
181
182 const DevicePolicy& policy = provider.GetDevicePolicy();
183
184 // Check that we cannot read any fields out of the sample protobuf.
185 int int_value;
186 int64_t int64_value;
187 std::vector<std::string> list_value;
188 bool bool_value;
189 std::string string_value;
190 std::vector<DevicePolicy::UsbDeviceId> list_device;
191
192 ASSERT_FALSE(policy.GetPolicyRefreshRate(&int_value));
193 ASSERT_FALSE(policy.GetUserWhitelist(&list_value));
194 ASSERT_FALSE(policy.GetGuestModeEnabled(&bool_value));
195 ASSERT_FALSE(policy.GetCameraEnabled(&bool_value));
196 ASSERT_FALSE(policy.GetShowUserNames(&bool_value));
197 ASSERT_FALSE(policy.GetDataRoamingEnabled(&bool_value));
198 ASSERT_FALSE(policy.GetAllowNewUsers(&bool_value));
199 ASSERT_FALSE(policy.GetMetricsEnabled(&bool_value));
200 ASSERT_FALSE(policy.GetReportVersionInfo(&bool_value));
201 ASSERT_FALSE(policy.GetReportActivityTimes(&bool_value));
202 ASSERT_FALSE(policy.GetReportBootMode(&bool_value));
203 ASSERT_FALSE(policy.GetEphemeralUsersEnabled(&bool_value));
204 ASSERT_FALSE(policy.GetReleaseChannel(&string_value));
205 ASSERT_FALSE(policy.GetUpdateDisabled(&bool_value));
206 ASSERT_FALSE(policy.GetTargetVersionPrefix(&string_value));
207 ASSERT_FALSE(policy.GetScatterFactorInSeconds(&int64_value));
208 ASSERT_FALSE(policy.GetOpenNetworkConfiguration(&string_value));
209 ASSERT_FALSE(policy.GetHttpDownloadsEnabled(&bool_value));
210 ASSERT_FALSE(policy.GetAuP2PEnabled(&bool_value));
211 ASSERT_FALSE(policy.GetAllowKioskAppControlChromeVersion(&bool_value));
212 ASSERT_FALSE(policy.GetUsbDetachableWhitelist(&list_device));
213 }
214
215 // Verify that the library will correctly recognize and signal missing files.
TEST(PolicyTest,DevicePolicyFailure)216 TEST(PolicyTest, DevicePolicyFailure) {
217 LOG(INFO) << "Errors expected.";
218 // Try loading non-existing protobuf should fail.
219 base::FilePath non_existing("this_file_is_doof");
220 MockDevicePolicyImpl* device_policy =
221 new MockDevicePolicyImpl(non_existing, non_existing, true);
222 PolicyProvider provider(device_policy);
223 // Even after reload the policy should still be not loaded.
224 ASSERT_FALSE(provider.Reload());
225 ASSERT_FALSE(provider.device_policy_is_loaded());
226 }
227
228 } // namespace policy
229
main(int argc,char * argv[])230 int main(int argc, char* argv[]) {
231 ::testing::InitGoogleTest(&argc, argv);
232 return RUN_ALL_TESTS();
233 }
234