Home | History | Annotate | Download | only in functional 
      1 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
      2 # Use of this source code is governed by a BSD-style license that can be
      3 # found in the LICENSE file.
      4 
      5 import logging
      6 import os
      7 import sys
      8 
      9 import pyauto_functional  # Must come before pyauto (and thus, policy_base).
     10 import policy_base
     11 
     12 sys.path.append('/usr/local')  # Required to import autotest libs.
     13 from autotest.cros import constants
     14 from autotest.cros import cryptohome
     15 
     16 
     17 class ChromeosEphemeral(policy_base.PolicyTestBase):
     18   """Tests a policy that makes users ephemeral.
     19 
     20   When this policy is enabled, no persistent information in the form of
     21   cryptohome shadow directories or local state prefs should be created for
     22   users. Additionally, any persistent information previously accumulated should
     23   be cleared when a user first logs in after enabling the policy."""
     24 
     25   _usernames = ('alice (at] example.com', 'bob (at] example.com')
     26 
     27   def _SetEphemeralUsersEnabled(self, enabled):
     28     """Sets the ephemeral users device policy.
     29 
     30     The show_user_names policy is set to False to ensure that even if the local
     31     state is not being automatically cleared, the login screen never shows user
     32     pods. This is required by the Login browser automation call.
     33     """
     34     self.SetDevicePolicy({'ephemeral_users_enabled': enabled,
     35                           'show_user_names': False})
     36 
     37   def _DoesVaultDirectoryExist(self, user_index):
     38     user_hash = cryptohome.get_user_hash(self._usernames[user_index])
     39     return os.path.exists(os.path.join(constants.SHADOW_ROOT, user_hash))
     40 
     41   def _AssertLocalStatePrefsSet(self, user_indexes):
     42     expected = sorted([self._usernames[index] for index in user_indexes])
     43     # The OAuthTokenStatus pref is populated asynchronously. Checking whether it
     44     # is set would lead to an ugly race.
     45     for pref in ['LoggedInUsers', 'UserImages', 'UserDisplayEmail', ]:
     46       actual = sorted(self.GetLocalStatePrefsInfo().Prefs(pref))
     47       self.assertEqual(actual, expected,
     48                        msg='Expected to find prefs in local state for users.')
     49 
     50   def _AssertLocalStatePrefsEmpty(self):
     51     for pref in ['LoggedInUsers',
     52                  'UserImages',
     53                  'UserDisplayEmail',
     54                  'OAuthTokenStatus']:
     55       self.assertFalse(self.GetLocalStatePrefsInfo().Prefs(pref),
     56           msg='Expected to not find prefs in local state for any user.')
     57 
     58   def _AssertVaultDirectoryExists(self, user_index):
     59     self.assertTrue(self._DoesVaultDirectoryExist(user_index=user_index),
     60                     msg='Expected vault shadow directory to exist.')
     61 
     62   def _AssertVaultDirectoryDoesNotExist(self, user_index):
     63     self.assertFalse(self._DoesVaultDirectoryExist(user_index=user_index),
     64                      msg='Expected vault shadow directory to not exist.')
     65 
     66   def _AssertVaultMounted(self, user_index, ephemeral):
     67     if ephemeral:
     68       device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_EPHEMERAL
     69       fs_regex = constants.CRYPTOHOME_FS_REGEX_TMPFS
     70     else:
     71       device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_SHADOW
     72       fs_regex = constants.CRYPTOHOME_FS_REGEX_ANY
     73     self.assertTrue(
     74         cryptohome.is_vault_mounted(device_regex=device_regex,
     75                                     fs_regex=fs_regex,
     76                                     user=self._usernames[user_index],
     77                                     allow_fail=True),
     78         msg='Expected vault backed by %s to be mounted.' %
     79             'tmpfs' if ephemeral else 'shadow directory')
     80 
     81   def _AssertNoVaultMounted(self):
     82     self.assertFalse(cryptohome.is_vault_mounted(allow_fail=True),
     83                      msg='Did not expect any vault to be mounted.')
     84 
     85   def Login(self, user_index):
     86     """Convenience method to login to the usr at the given index."""
     87     self.assertFalse(self.GetLoginInfo()['is_logged_in'],
     88                      msg='Expected to be logged out.')
     89     policy_base.PolicyTestBase.Login(self,
     90                                      self._usernames[user_index],
     91                                      'dummy_password')
     92     self.assertTrue(self.GetLoginInfo()['is_logged_in'],
     93                     msg='Expected to be logged in.')
     94 
     95   def testEnablingBeforeSession(self):
     96     """Checks that a new session can be made ephemeral."""
     97     self.PrepareToWaitForLoginFormReload()
     98     self._SetEphemeralUsersEnabled(True)
     99     self.WaitForLoginFormReload()
    100 
    101     self.Login(user_index=0)
    102     self._AssertLocalStatePrefsEmpty()
    103     self._AssertVaultMounted(user_index=0, ephemeral=True)
    104     self.Logout()
    105 
    106     self._AssertLocalStatePrefsEmpty()
    107     self._AssertNoVaultMounted()
    108     self._AssertVaultDirectoryDoesNotExist(user_index=0)
    109 
    110   def testEnablingDuringSession(self):
    111     """Checks that an existing non-ephemeral session is not made ephemeral."""
    112     self.PrepareToWaitForLoginFormReload()
    113     self._SetEphemeralUsersEnabled(False)
    114     self.WaitForLoginFormReload()
    115 
    116     self.Login(user_index=0)
    117     self._AssertLocalStatePrefsSet(user_indexes=[0])
    118     self._AssertVaultMounted(user_index=0, ephemeral=False)
    119     self._SetEphemeralUsersEnabled(True)
    120     self._AssertLocalStatePrefsSet(user_indexes=[0])
    121     self._AssertVaultMounted(user_index=0, ephemeral=False)
    122     self.Logout()
    123 
    124     self._AssertLocalStatePrefsEmpty()
    125     self._AssertNoVaultMounted()
    126     self._AssertVaultDirectoryDoesNotExist(user_index=0)
    127 
    128   def testDisablingDuringSession(self):
    129     """Checks that an existing ephemeral session is not made non-ephemeral."""
    130     self.PrepareToWaitForLoginFormReload()
    131     self._SetEphemeralUsersEnabled(True)
    132     self.WaitForLoginFormReload()
    133 
    134     self.Login(user_index=0)
    135     self._AssertVaultMounted(user_index=0, ephemeral=True)
    136     self._SetEphemeralUsersEnabled(False)
    137     self._AssertVaultMounted(user_index=0, ephemeral=True)
    138     self.Logout()
    139 
    140     self._AssertLocalStatePrefsEmpty()
    141     self._AssertNoVaultMounted()
    142     self._AssertVaultDirectoryDoesNotExist(user_index=0)
    143 
    144   def testEnablingEphemeralUsersCleansUp(self):
    145     """Checks that persistent information is cleared."""
    146     self.PrepareToWaitForLoginFormReload()
    147     self._SetEphemeralUsersEnabled(False)
    148     self.WaitForLoginFormReload()
    149 
    150     self.Login(user_index=0)
    151     self.Logout()
    152     self._AssertLocalStatePrefsSet(user_indexes=[0])
    153 
    154     self.Login(user_index=1)
    155     self.Logout()
    156     self._AssertLocalStatePrefsSet(user_indexes=[0, 1])
    157 
    158     self._AssertVaultDirectoryExists(user_index=0)
    159     self._AssertVaultDirectoryExists(user_index=1)
    160 
    161     self._SetEphemeralUsersEnabled(True)
    162 
    163     self.Login(user_index=0)
    164     self._AssertVaultMounted(user_index=0, ephemeral=True)
    165     self.Logout()
    166 
    167     self._AssertVaultDirectoryDoesNotExist(user_index=0)
    168     self._AssertVaultDirectoryDoesNotExist(user_index=1)
    169 
    170 
    171 if __name__ == '__main__':
    172   pyauto_functional.Main()
    173