Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/factory-dedede-13683.B / . / libbrillo / policy / tests / device_policy_impl_test.cc
blob: bee46b84ace56b0c1a984dedc0557a6fed156018 [file] [log] [blame]
// Copyright 2017 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include "policy/device_policy_impl.h"
#include "bindings/chrome_device_policy.pb.h"
#include "install_attributes/mock_install_attributes_reader.h"
namespace em = enterprise_management;
using testing::ElementsAre;
namespace policy {
class DevicePolicyImplTest : public testing::Test, public DevicePolicyImpl {
protected:
void InitializePolicy(const char* device_mode,
const em::ChromeDeviceSettingsProto& proto) {
device_policy_.set_policy_for_testing(proto);
device_policy_.set_install_attributes_for_testing(
std::make_unique<MockInstallAttributesReader>(device_mode,
true /* initialized */));
}
DevicePolicyImpl device_policy_;
};
// Enterprise managed.
TEST_F(DevicePolicyImplTest, GetOwner_Managed) {
em::PolicyData policy_data;
policy_data.set_username("user@example.com");
policy_data.set_management_mode(em::PolicyData::ENTERPRISE_MANAGED);
device_policy_.set_policy_data_for_testing(policy_data);
std::string owner("something");
EXPECT_TRUE(device_policy_.GetOwner(&owner));
EXPECT_TRUE(owner.empty());
}
// Consumer owned.
TEST_F(DevicePolicyImplTest, GetOwner_Consumer) {
em::PolicyData policy_data;
policy_data.set_username("user@example.com");
policy_data.set_management_mode(em::PolicyData::LOCAL_OWNER);
policy_data.set_request_token("codepath-must-ignore-dmtoken");
device_policy_.set_policy_data_for_testing(policy_data);
std::string owner;
EXPECT_TRUE(device_policy_.GetOwner(&owner));
EXPECT_EQ("user@example.com", owner);
}
// Consumer owned, username is missing.
TEST_F(DevicePolicyImplTest, GetOwner_ConsumerMissingUsername) {
em::PolicyData policy_data;
device_policy_.set_policy_data_for_testing(policy_data);
std::string owner("something");
EXPECT_FALSE(device_policy_.GetOwner(&owner));
EXPECT_EQ("something", owner);
}
// Enterprise managed, denoted by management_mode.
TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_ManagementModeManaged) {
em::PolicyData policy_data;
policy_data.set_management_mode(em::PolicyData::ENTERPRISE_MANAGED);
device_policy_.set_policy_data_for_testing(policy_data);
EXPECT_TRUE(device_policy_.IsEnterpriseManaged());
}
// Enterprise managed, fallback to DM token.
TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_DMTokenManaged) {
em::PolicyData policy_data;
policy_data.set_request_token("abc");
device_policy_.set_policy_data_for_testing(policy_data);
EXPECT_TRUE(device_policy_.IsEnterpriseManaged());
}
// Consumer owned, denoted by management_mode.
TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_ManagementModeConsumer) {
em::PolicyData policy_data;
policy_data.set_management_mode(em::PolicyData::LOCAL_OWNER);
policy_data.set_request_token("codepath-must-ignore-dmtoken");
device_policy_.set_policy_data_for_testing(policy_data);
EXPECT_FALSE(device_policy_.IsEnterpriseManaged());
}
// Consumer owned, fallback to interpreting absence of DM token.
TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_DMTokenConsumer) {
em::PolicyData policy_data;
device_policy_.set_policy_data_for_testing(policy_data);
EXPECT_FALSE(device_policy_.IsEnterpriseManaged());
}
// RollbackAllowedMilestones is not set.
TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_NotSet) {
device_policy_.set_install_attributes_for_testing(
std::make_unique<MockInstallAttributesReader>(
InstallAttributesReader::kDeviceModeEnterprise, true));
int value = -1;
ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
EXPECT_EQ(4, value);
}
// RollbackAllowedMilestones is set to a valid value.
TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_Set) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_rollback_allowed_milestones(3);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
int value = -1;
ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
EXPECT_EQ(3, value);
}
// RollbackAllowedMilestones is set to a valid value, using AD.
TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetAD) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_rollback_allowed_milestones(3);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterpriseAD,
device_policy_proto);
int value = -1;
ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
EXPECT_EQ(3, value);
}
// RollbackAllowedMilestones is set to a valid value, but it's not an enterprise
// device.
TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetConsumer) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_rollback_allowed_milestones(3);
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
int value = -1;
ASSERT_FALSE(device_policy_.GetRollbackAllowedMilestones(&value));
}
// RollbackAllowedMilestones is set to an invalid value.
TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetTooLarge) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_rollback_allowed_milestones(10);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
int value = -1;
ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
EXPECT_EQ(4, value);
}
// RollbackAllowedMilestones is set to an invalid value.
TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetTooSmall) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_rollback_allowed_milestones(-1);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
int value = -1;
ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
EXPECT_EQ(0, value);
}
// Update staging schedule has no values
TEST_F(DevicePolicyImplTest, GetDeviceUpdateStagingSchedule_NoValues) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_staging_schedule("[]");
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
std::vector<DayPercentagePair> staging_schedule;
ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
EXPECT_EQ(0, staging_schedule.size());
}
// Update staging schedule has valid values
TEST_F(DevicePolicyImplTest, GetDeviceUpdateStagingSchedule_Valid) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_staging_schedule(
"[{\"days\": 4, \"percentage\": 40}, {\"days\": 10, \"percentage\": "
"100}]");
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
std::vector<DayPercentagePair> staging_schedule;
ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
EXPECT_THAT(staging_schedule, ElementsAre(DayPercentagePair{4, 40},
DayPercentagePair{10, 100}));
}
// Update staging schedule has valid values, set using AD.
TEST_F(DevicePolicyImplTest, GetDeviceUpdateStagingSchedule_Valid_AD) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_staging_schedule(
"[{\"days\": 4, \"percentage\": 40}, {\"days\": 10, \"percentage\": "
"100}]");
InitializePolicy(InstallAttributesReader::kDeviceModeEnterpriseAD,
device_policy_proto);
std::vector<DayPercentagePair> staging_schedule;
ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
EXPECT_THAT(staging_schedule, ElementsAre(DayPercentagePair{4, 40},
DayPercentagePair{10, 100}));
}
// Update staging schedule has values with values set larger than the max
// allowed days/percentage and smaller than the min allowed days/percentage.
TEST_F(DevicePolicyImplTest,
GetDeviceUpdateStagingSchedule_SetOutsideAllowable) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_staging_schedule(
"[{\"days\": -1, \"percentage\": -10}, {\"days\": 30, \"percentage\": "
"110}]");
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
std::vector<DayPercentagePair> staging_schedule;
ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
EXPECT_THAT(staging_schedule,
ElementsAre(DayPercentagePair{1, 0}, DayPercentagePair{28, 100}));
}
// Updates should only be disabled for enterprise managed devices.
TEST_F(DevicePolicyImplTest, GetUpdateDisabled_SetConsumer) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_update_disabled(true);
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
bool value;
ASSERT_FALSE(device_policy_.GetUpdateDisabled(&value));
}
// Updates should only be pinned on enterprise managed devices.
TEST_F(DevicePolicyImplTest, GetTargetVersionPrefix_SetConsumer) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_target_version_prefix("hello");
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
std::string value = "";
ASSERT_FALSE(device_policy_.GetTargetVersionPrefix(&value));
}
// The allowed connection types should only be changed in enterprise devices.
TEST_F(DevicePolicyImplTest, GetAllowedConnectionTypesForUpdate_SetConsumer) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->add_allowed_connection_types(
em::AutoUpdateSettingsProto::CONNECTION_TYPE_ETHERNET);
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
std::set<std::string> value;
ASSERT_FALSE(device_policy_.GetAllowedConnectionTypesForUpdate(&value));
}
// Update time restrictions should only be used in enterprise devices.
TEST_F(DevicePolicyImplTest, GetDisallowedTimeIntervals_SetConsumer) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_disallowed_time_intervals(
"[{\"start\": {\"day_of_week\": \"Monday\", \"hours\": 10, \"minutes\": "
"0}, \"end\": {\"day_of_week\": \"Monday\", \"hours\": 10, \"minutes\": "
"0}}]");
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
std::vector<WeeklyTimeInterval> value;
ASSERT_FALSE(device_policy_.GetDisallowedTimeIntervals(&value));
}
// |DeviceQuickFixBuildToken| is set when device is enterprise enrolled.
TEST_F(DevicePolicyImplTest, GetDeviceQuickFixBuildToken_Set) {
const char kToken[] = "some_token";
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_device_quick_fix_build_token(kToken);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
std::string value;
EXPECT_TRUE(device_policy_.GetDeviceQuickFixBuildToken(&value));
EXPECT_EQ(value, kToken);
}
// If the device is not enterprise-enrolled, |GetDeviceQuickFixBuildToken|
// does not provide a token even if it is present in local device settings.
TEST_F(DevicePolicyImplTest, GetDeviceQuickFixBuildToken_NotSet) {
const char kToken[] = "some_token";
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_device_quick_fix_build_token(kToken);
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
std::string value;
EXPECT_FALSE(device_policy_.GetDeviceQuickFixBuildToken(&value));
EXPECT_TRUE(value.empty());
}
// Should only write a value and return true if the ID is present.
TEST_F(DevicePolicyImplTest, GetDeviceDirectoryApiId_Set) {
constexpr char kDummyDeviceId[] = "aa-bb-cc-dd";
em::PolicyData policy_data;
policy_data.set_directory_api_id(kDummyDeviceId);
device_policy_.set_policy_data_for_testing(policy_data);
std::string id;
EXPECT_TRUE(device_policy_.GetDeviceDirectoryApiId(&id));
EXPECT_EQ(kDummyDeviceId, id);
}
TEST_F(DevicePolicyImplTest, GetDeviceDirectoryApiId_NotSet) {
em::PolicyData policy_data;
device_policy_.set_policy_data_for_testing(policy_data);
std::string id;
EXPECT_FALSE(device_policy_.GetDeviceDirectoryApiId(&id));
EXPECT_TRUE(id.empty());
}
// Should only write a value and return true as the ID should be present.
TEST_F(DevicePolicyImplTest, GetCustomerId_Set) {
constexpr char kDummyCustomerId[] = "customerId";
em::PolicyData policy_data;
policy_data.set_obfuscated_customer_id(kDummyCustomerId);
device_policy_.set_policy_data_for_testing(policy_data);
std::string id;
EXPECT_TRUE(device_policy_.GetCustomerId(&id));
EXPECT_EQ(kDummyCustomerId, id);
}
TEST_F(DevicePolicyImplTest, GetCustomerId_NotSet) {
em::PolicyData policy_data;
device_policy_.set_policy_data_for_testing(policy_data);
std::string id;
EXPECT_FALSE(device_policy_.GetCustomerId(&id));
EXPECT_TRUE(id.empty());
}
TEST_F(DevicePolicyImplTest, GetReleaseLtsTagSet) {
const char kLtsTag[] = "abc";
em::ChromeDeviceSettingsProto device_policy_proto;
auto* release_channel = device_policy_proto.mutable_release_channel();
release_channel->set_release_lts_tag(kLtsTag);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
std::string lts_tag;
EXPECT_TRUE(device_policy_.GetReleaseLtsTag(&lts_tag));
EXPECT_EQ(lts_tag, kLtsTag);
}
TEST_F(DevicePolicyImplTest, GetReleaseLtsTagNotSet) {
const char kChannel[] = "stable-channel";
em::ChromeDeviceSettingsProto device_policy_proto;
std::string lts_tag;
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
EXPECT_FALSE(device_policy_.GetReleaseLtsTag(&lts_tag));
EXPECT_TRUE(lts_tag.empty());
// Add release_channel without lts_tag to the proto by setting an unrelated
// field.
auto* release_channel = device_policy_proto.mutable_release_channel();
release_channel->set_release_channel(kChannel);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
EXPECT_FALSE(device_policy_.GetReleaseLtsTag(&lts_tag));
EXPECT_TRUE(lts_tag.empty());
}
TEST_F(DevicePolicyImplTest, GetChannelDowngradeBehaviorSet) {
em::ChromeDeviceSettingsProto device_policy_proto;
em::AutoUpdateSettingsProto* auto_update_settings =
device_policy_proto.mutable_auto_update_settings();
auto_update_settings->set_channel_downgrade_behavior(
em::AutoUpdateSettingsProto::ChannelDowngradeBehavior
::AutoUpdateSettingsProto_ChannelDowngradeBehavior_ROLLBACK);
InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
device_policy_proto);
int value = -1;
EXPECT_TRUE(device_policy_.GetChannelDowngradeBehavior(&value));
EXPECT_EQ(static_cast<int>(
em::AutoUpdateSettingsProto::ChannelDowngradeBehavior
::AutoUpdateSettingsProto_ChannelDowngradeBehavior_ROLLBACK), value);
}
TEST_F(DevicePolicyImplTest, GetChannelDowngradeBehaviorNotSet) {
em::PolicyData policy_data;
device_policy_.set_policy_data_for_testing(policy_data);
int value = -1;
EXPECT_FALSE(device_policy_.GetChannelDowngradeBehavior(&value));
}
// Device minimum required version should only be used in enterprise devices.
TEST_F(DevicePolicyImplTest, GetHighestDeviceMinimumVersion_SetConsumer) {
em::ChromeDeviceSettingsProto device_policy_proto;
device_policy_proto.mutable_device_minimum_version()->set_value(
"{\"requirements\" : [{\"chromeos_version\" : \"12215\", "
"\"warning_period\" : 7, \"aue_warning_period\" : 14}, "
"{\"chromeos_version\" : \"13315.60.12\", \"warning_period\" : 5, "
"\"aue_warning_period\" : 13}], \"unmanaged_user_restricted\" : true}");
InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
device_policy_proto);
base::Version version;
ASSERT_FALSE(device_policy_.GetHighestDeviceMinimumVersion(&version));
}
} // namespace policy