1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "policy/libpolicy.h" 6 7 #include <openssl/err.h> 8 #include <openssl/ssl.h> 9 10 #include <base/files/file_path.h> 11 #include <base/logging.h> 12 #include <gtest/gtest.h> 13 14 #include "policy/device_policy_impl.h" 15 16 namespace policy { 17 18 static const char kPolicyFileAllSet[] = 19 "policy/tests/whitelist/policy_all"; 20 static const char kPolicyFileNoneSet[] = 21 "policy/tests/whitelist/policy_none"; 22 static const char kKeyFile[] = "policy/tests/whitelist/owner.key"; 23 24 // This class mocks only the minimally needed functionionality to run tests 25 // that would otherwise fail because of hard restrictions like root file 26 // ownership. Otherwise, it preserves all the functionallity of the original 27 // class. 28 class MockDevicePolicyImpl : public DevicePolicyImpl { 29 public: 30 MockDevicePolicyImpl(const base::FilePath& policy_path, 31 const base::FilePath& keyfile_path, 32 bool verify_files) 33 : verify_files_(verify_files) { 34 policy_path_ = policy_path; 35 keyfile_path_ = keyfile_path; 36 } 37 38 private: 39 // We don't care if files are owned by root for most tests. 40 virtual bool VerifyPolicyFiles() { 41 return !verify_files_ || DevicePolicyImpl::VerifyPolicyFiles(); 42 } 43 44 bool verify_files_; 45 }; 46 47 // Test that a policy file can be verified and parsed correctly. The file 48 // contains all possible fields, so reading should succeed for all. 49 TEST(PolicyTest, DevicePolicyAllSetTest) { 50 base::FilePath policy_file(kPolicyFileAllSet); 51 base::FilePath key_file(kKeyFile); 52 MockDevicePolicyImpl* device_policy = 53 new MockDevicePolicyImpl(policy_file, key_file, false); 54 PolicyProvider provider(device_policy); 55 provider.Reload(); 56 57 // Ensure we successfully loaded the device policy file. 58 ASSERT_TRUE(provider.device_policy_is_loaded()); 59 60 const DevicePolicy& policy = provider.GetDevicePolicy(); 61 62 // Check that we can read out all fields of the sample protobuf. 63 int int_value = -1; 64 ASSERT_TRUE(policy.GetPolicyRefreshRate(&int_value)); 65 ASSERT_EQ(100, int_value); 66 67 std::vector<std::string> list_value; 68 ASSERT_TRUE(policy.GetUserWhitelist(&list_value)); 69 ASSERT_EQ(3, list_value.size()); 70 ASSERT_EQ("me (at) here.com", list_value[0]); 71 ASSERT_EQ("you (at) there.com", list_value[1]); 72 ASSERT_EQ("*@monsters.com", list_value[2]); 73 74 bool bool_value = true; 75 ASSERT_TRUE(policy.GetGuestModeEnabled(&bool_value)); 76 ASSERT_FALSE(bool_value); 77 78 bool_value = true; 79 ASSERT_TRUE(policy.GetCameraEnabled(&bool_value)); 80 ASSERT_FALSE(bool_value); 81 82 bool_value = true; 83 ASSERT_TRUE(policy.GetShowUserNames(&bool_value)); 84 ASSERT_FALSE(bool_value); 85 86 bool_value = true; 87 ASSERT_TRUE(policy.GetDataRoamingEnabled(&bool_value)); 88 ASSERT_FALSE(bool_value); 89 90 bool_value = true; 91 ASSERT_TRUE(policy.GetAllowNewUsers(&bool_value)); 92 ASSERT_FALSE(bool_value); 93 94 bool_value = true; 95 ASSERT_TRUE(policy.GetMetricsEnabled(&bool_value)); 96 ASSERT_FALSE(bool_value); 97 98 bool_value = true; 99 ASSERT_TRUE(policy.GetReportVersionInfo(&bool_value)); 100 ASSERT_FALSE(bool_value); 101 102 bool_value = true; 103 ASSERT_TRUE(policy.GetReportActivityTimes(&bool_value)); 104 ASSERT_FALSE(bool_value); 105 106 bool_value = true; 107 ASSERT_TRUE(policy.GetReportBootMode(&bool_value)); 108 ASSERT_FALSE(bool_value); 109 110 bool_value = true; 111 ASSERT_TRUE(policy.GetEphemeralUsersEnabled(&bool_value)); 112 ASSERT_FALSE(bool_value); 113 114 std::string string_value; 115 ASSERT_TRUE(policy.GetReleaseChannel(&string_value)); 116 ASSERT_EQ("stable-channel", string_value); 117 118 bool_value = false; 119 ASSERT_TRUE(policy.GetReleaseChannelDelegated(&bool_value)); 120 ASSERT_TRUE(bool_value); 121 122 bool_value = true; 123 ASSERT_TRUE(policy.GetUpdateDisabled(&bool_value)); 124 ASSERT_FALSE(bool_value); 125 126 int64_t int64_value = -1LL; 127 ASSERT_TRUE(policy.GetScatterFactorInSeconds(&int64_value)); 128 ASSERT_EQ(17LL, int64_value); 129 130 ASSERT_TRUE(policy.GetTargetVersionPrefix(&string_value)); 131 ASSERT_EQ("42.0.", string_value); 132 133 std::set<std::string> types; 134 ASSERT_TRUE(policy.GetAllowedConnectionTypesForUpdate(&types)); 135 ASSERT_TRUE(types.end() != types.find("ethernet")); 136 ASSERT_TRUE(types.end() != types.find("wifi")); 137 ASSERT_EQ(2, types.size()); 138 139 ASSERT_TRUE(policy.GetOpenNetworkConfiguration(&string_value)); 140 ASSERT_EQ("{}", string_value); 141 142 ASSERT_TRUE(policy.GetOwner(&string_value)); 143 ASSERT_EQ("", string_value); 144 145 bool_value = true; 146 ASSERT_TRUE(policy.GetHttpDownloadsEnabled(&bool_value)); 147 ASSERT_FALSE(bool_value); 148 149 bool_value = true; 150 ASSERT_TRUE(policy.GetAuP2PEnabled(&bool_value)); 151 ASSERT_FALSE(bool_value); 152 153 // Reloading the protobuf should succeed. 154 ASSERT_TRUE(provider.Reload()); 155 } 156 157 // Test that a policy file can be verified and parsed correctly. The file 158 // contains none of the possible fields, so reading should fail for all. 159 TEST(PolicyTest, DevicePolicyNoneSetTest) { 160 base::FilePath policy_file(kPolicyFileNoneSet); 161 base::FilePath key_file(kKeyFile); 162 MockDevicePolicyImpl* device_policy = 163 new MockDevicePolicyImpl(policy_file, key_file, false); 164 PolicyProvider provider(device_policy); 165 provider.Reload(); 166 167 // Ensure we successfully loaded the device policy file. 168 ASSERT_TRUE(provider.device_policy_is_loaded()); 169 170 const DevicePolicy& policy = provider.GetDevicePolicy(); 171 172 // Check that we cannot read any fields out of the sample protobuf. 173 int int_value; 174 int64_t int64_value; 175 std::vector<std::string> list_value; 176 bool bool_value; 177 std::string string_value; 178 179 ASSERT_FALSE(policy.GetPolicyRefreshRate(&int_value)); 180 ASSERT_FALSE(policy.GetUserWhitelist(&list_value)); 181 ASSERT_FALSE(policy.GetGuestModeEnabled(&bool_value)); 182 ASSERT_FALSE(policy.GetCameraEnabled(&bool_value)); 183 ASSERT_FALSE(policy.GetShowUserNames(&bool_value)); 184 ASSERT_FALSE(policy.GetDataRoamingEnabled(&bool_value)); 185 ASSERT_FALSE(policy.GetAllowNewUsers(&bool_value)); 186 ASSERT_FALSE(policy.GetMetricsEnabled(&bool_value)); 187 ASSERT_FALSE(policy.GetReportVersionInfo(&bool_value)); 188 ASSERT_FALSE(policy.GetReportActivityTimes(&bool_value)); 189 ASSERT_FALSE(policy.GetReportBootMode(&bool_value)); 190 ASSERT_FALSE(policy.GetEphemeralUsersEnabled(&bool_value)); 191 ASSERT_FALSE(policy.GetReleaseChannel(&string_value)); 192 ASSERT_FALSE(policy.GetUpdateDisabled(&bool_value)); 193 ASSERT_FALSE(policy.GetTargetVersionPrefix(&string_value)); 194 ASSERT_FALSE(policy.GetScatterFactorInSeconds(&int64_value)); 195 ASSERT_FALSE(policy.GetOpenNetworkConfiguration(&string_value)); 196 ASSERT_FALSE(policy.GetHttpDownloadsEnabled(&bool_value)); 197 ASSERT_FALSE(policy.GetAuP2PEnabled(&bool_value)); 198 } 199 200 // Verify that the library will correctly recognize and signal missing files. 201 TEST(PolicyTest, DevicePolicyFailure) { 202 LOG(INFO) << "Errors expected."; 203 // Try loading non-existing protobuf should fail. 204 base::FilePath non_existing("this_file_is_doof"); 205 MockDevicePolicyImpl* device_policy = 206 new MockDevicePolicyImpl(non_existing, non_existing, true); 207 PolicyProvider provider(device_policy); 208 // Even after reload the policy should still be not loaded. 209 ASSERT_FALSE(provider.Reload()); 210 ASSERT_FALSE(provider.device_policy_is_loaded()); 211 } 212 213 } // namespace policy 214 215 int main(int argc, char* argv[]) { 216 ::testing::InitGoogleTest(&argc, argv); 217 return RUN_ALL_TESTS(); 218 } 219
