1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "update_engine/update_manager/chromeos_policy.h" 18 19 #include <memory> 20 #include <set> 21 22 #include "update_engine/update_manager/next_update_check_policy_impl.h" 23 #include "update_engine/update_manager/policy_test_utils.h" 24 25 using base::Time; 26 using base::TimeDelta; 27 using chromeos_update_engine::ConnectionTethering; 28 using chromeos_update_engine::ConnectionType; 29 using chromeos_update_engine::ErrorCode; 30 using std::set; 31 using std::string; 32 33 namespace chromeos_update_manager { 34 35 class UmChromeOSPolicyTest : public UmPolicyTestBase { 36 protected: 37 UmChromeOSPolicyTest() : UmPolicyTestBase() { 38 policy_ = std::make_unique<ChromeOSPolicy>(); 39 } 40 41 void SetUp() override { 42 UmPolicyTestBase::SetUp(); 43 SetUpDefaultDevicePolicy(); 44 } 45 46 void SetUpDefaultState() override { 47 UmPolicyTestBase::SetUpDefaultState(); 48 49 // OOBE is enabled by default. 50 fake_state_.config_provider()->var_is_oobe_enabled()->reset( 51 new bool(true)); 52 53 // For the purpose of the tests, this is an official build and OOBE was 54 // completed. 55 fake_state_.system_provider()->var_is_official_build()->reset( 56 new bool(true)); 57 fake_state_.system_provider()->var_is_oobe_complete()->reset( 58 new bool(true)); 59 // NOLINTNEXTLINE(readability/casting) 60 fake_state_.system_provider()->var_num_slots()->reset(new unsigned int(2)); 61 62 // Connection is wifi, untethered. 63 fake_state_.shill_provider()->var_conn_type()-> 64 reset(new ConnectionType(ConnectionType::kWifi)); 65 fake_state_.shill_provider()->var_conn_tethering()-> 66 reset(new ConnectionTethering(ConnectionTethering::kNotDetected)); 67 } 68 69 // Sets up a default device policy that does not impose any restrictions 70 // (HTTP) nor enables any features (P2P). 71 void SetUpDefaultDevicePolicy() { 72 fake_state_.device_policy_provider()->var_device_policy_is_loaded()->reset( 73 new bool(true)); 74 fake_state_.device_policy_provider()->var_update_disabled()->reset( 75 new bool(false)); 76 fake_state_.device_policy_provider()-> 77 var_allowed_connection_types_for_update()->reset(nullptr); 78 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 79 new TimeDelta()); 80 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 81 new bool(true)); 82 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 83 new bool(false)); 84 fake_state_.device_policy_provider()->var_release_channel_delegated()-> 85 reset(new bool(true)); 86 } 87 88 // Configures the policy to return a desired value from UpdateCheckAllowed by 89 // faking the current wall clock time as needed. Restores the default state. 90 // This is used when testing policies that depend on this one. 91 // 92 // Note that the default implementation relies on NextUpdateCheckPolicyImpl to 93 // set the FakeClock to the appropriate time. 94 virtual void SetUpdateCheckAllowed(bool allow_check) { 95 Time next_update_check; 96 CallMethodWithContext(&NextUpdateCheckTimePolicyImpl::NextUpdateCheckTime, 97 &next_update_check, 98 ChromeOSPolicy::kNextUpdateCheckPolicyConstants); 99 SetUpDefaultState(); 100 SetUpDefaultDevicePolicy(); 101 Time curr_time = next_update_check; 102 if (allow_check) 103 curr_time += TimeDelta::FromSeconds(1); 104 else 105 curr_time -= TimeDelta::FromSeconds(1); 106 fake_clock_.SetWallclockTime(curr_time); 107 } 108 }; 109 110 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedWaitsForTheTimeout) { 111 // We get the next update_check timestamp from the policy's private method 112 // and then we check the public method respects that value on the normal 113 // case. 114 Time next_update_check; 115 Time last_checked_time = 116 fake_clock_.GetWallclockTime() + TimeDelta::FromMinutes(1234); 117 118 fake_state_.updater_provider()->var_last_checked_time()->reset( 119 new Time(last_checked_time)); 120 CallMethodWithContext(&NextUpdateCheckTimePolicyImpl::NextUpdateCheckTime, 121 &next_update_check, 122 ChromeOSPolicy::kNextUpdateCheckPolicyConstants); 123 124 UpdateCheckParams result; 125 126 // Check that the policy blocks until the next_update_check is reached. 127 SetUpDefaultClock(); 128 SetUpDefaultState(); 129 fake_state_.updater_provider()->var_last_checked_time()->reset( 130 new Time(last_checked_time)); 131 fake_clock_.SetWallclockTime(next_update_check - TimeDelta::FromSeconds(1)); 132 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 133 &Policy::UpdateCheckAllowed, &result); 134 135 SetUpDefaultClock(); 136 SetUpDefaultState(); 137 fake_state_.updater_provider()->var_last_checked_time()->reset( 138 new Time(last_checked_time)); 139 fake_clock_.SetWallclockTime(next_update_check + TimeDelta::FromSeconds(1)); 140 ExpectPolicyStatus(EvalStatus::kSucceeded, 141 &Policy::UpdateCheckAllowed, &result); 142 EXPECT_TRUE(result.updates_enabled); 143 EXPECT_FALSE(result.is_interactive); 144 } 145 146 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedWaitsForOOBE) { 147 // Update checks are deferred until OOBE is completed. 148 149 // Ensure that update is not allowed even if wait period is satisfied. 150 Time next_update_check; 151 Time last_checked_time = 152 fake_clock_.GetWallclockTime() + TimeDelta::FromMinutes(1234); 153 154 fake_state_.updater_provider()->var_last_checked_time()->reset( 155 new Time(last_checked_time)); 156 CallMethodWithContext(&NextUpdateCheckTimePolicyImpl::NextUpdateCheckTime, 157 &next_update_check, 158 ChromeOSPolicy::kNextUpdateCheckPolicyConstants); 159 160 SetUpDefaultClock(); 161 SetUpDefaultState(); 162 fake_state_.updater_provider()->var_last_checked_time()->reset( 163 new Time(last_checked_time)); 164 fake_clock_.SetWallclockTime(next_update_check + TimeDelta::FromSeconds(1)); 165 fake_state_.system_provider()->var_is_oobe_complete()->reset( 166 new bool(false)); 167 168 UpdateCheckParams result; 169 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 170 &Policy::UpdateCheckAllowed, &result); 171 172 // Now check that it is allowed if OOBE is completed. 173 SetUpDefaultClock(); 174 SetUpDefaultState(); 175 fake_state_.updater_provider()->var_last_checked_time()->reset( 176 new Time(last_checked_time)); 177 fake_clock_.SetWallclockTime(next_update_check + TimeDelta::FromSeconds(1)); 178 ExpectPolicyStatus(EvalStatus::kSucceeded, 179 &Policy::UpdateCheckAllowed, &result); 180 EXPECT_TRUE(result.updates_enabled); 181 EXPECT_FALSE(result.is_interactive); 182 } 183 184 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedWithAttributes) { 185 // Update check is allowed, response includes attributes for use in the 186 // request. 187 SetUpdateCheckAllowed(true); 188 189 // Override specific device policy attributes. 190 fake_state_.device_policy_provider()->var_target_version_prefix()-> 191 reset(new string("1.2")); 192 fake_state_.device_policy_provider()->var_release_channel_delegated()-> 193 reset(new bool(false)); 194 fake_state_.device_policy_provider()->var_release_channel()-> 195 reset(new string("foo-channel")); 196 197 UpdateCheckParams result; 198 ExpectPolicyStatus(EvalStatus::kSucceeded, 199 &Policy::UpdateCheckAllowed, &result); 200 EXPECT_TRUE(result.updates_enabled); 201 EXPECT_EQ("1.2", result.target_version_prefix); 202 EXPECT_EQ("foo-channel", result.target_channel); 203 EXPECT_FALSE(result.is_interactive); 204 } 205 206 TEST_F(UmChromeOSPolicyTest, 207 UpdateCheckAllowedUpdatesDisabledForUnofficialBuilds) { 208 // UpdateCheckAllowed should return kAskMeAgainLater if this is an unofficial 209 // build; we don't want periodic update checks on developer images. 210 211 fake_state_.system_provider()->var_is_official_build()->reset( 212 new bool(false)); 213 214 UpdateCheckParams result; 215 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 216 &Policy::UpdateCheckAllowed, &result); 217 } 218 219 TEST_F(UmChromeOSPolicyTest, 220 UpdateCheckAllowedUpdatesDisabledWhenNotEnoughSlotsAbUpdates) { 221 // UpdateCheckAllowed should return false (kSucceeded) if the image booted 222 // without enough slots to do A/B updates. 223 224 // NOLINTNEXTLINE(readability/casting) 225 fake_state_.system_provider()->var_num_slots()->reset(new unsigned int(1)); 226 227 UpdateCheckParams result; 228 ExpectPolicyStatus(EvalStatus::kSucceeded, 229 &Policy::UpdateCheckAllowed, &result); 230 EXPECT_FALSE(result.updates_enabled); 231 } 232 233 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedUpdatesDisabledByPolicy) { 234 // UpdateCheckAllowed should return kAskMeAgainLater because a device policy 235 // is loaded and prohibits updates. 236 237 SetUpdateCheckAllowed(false); 238 fake_state_.device_policy_provider()->var_update_disabled()->reset( 239 new bool(true)); 240 241 UpdateCheckParams result; 242 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 243 &Policy::UpdateCheckAllowed, &result); 244 } 245 246 TEST_F(UmChromeOSPolicyTest, 247 UpdateCheckAllowedForcedUpdateRequestedInteractive) { 248 // UpdateCheckAllowed should return true because a forced update request was 249 // signaled for an interactive update. 250 251 SetUpdateCheckAllowed(true); 252 fake_state_.updater_provider()->var_forced_update_requested()->reset( 253 new UpdateRequestStatus(UpdateRequestStatus::kInteractive)); 254 255 UpdateCheckParams result; 256 ExpectPolicyStatus(EvalStatus::kSucceeded, 257 &Policy::UpdateCheckAllowed, &result); 258 EXPECT_TRUE(result.updates_enabled); 259 EXPECT_TRUE(result.is_interactive); 260 } 261 262 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedForcedUpdateRequestedPeriodic) { 263 // UpdateCheckAllowed should return true because a forced update request was 264 // signaled for a periodic check. 265 266 SetUpdateCheckAllowed(true); 267 fake_state_.updater_provider()->var_forced_update_requested()->reset( 268 new UpdateRequestStatus(UpdateRequestStatus::kPeriodic)); 269 270 UpdateCheckParams result; 271 ExpectPolicyStatus(EvalStatus::kSucceeded, 272 &Policy::UpdateCheckAllowed, &result); 273 EXPECT_TRUE(result.updates_enabled); 274 EXPECT_FALSE(result.is_interactive); 275 } 276 277 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedKioskPin) { 278 // Update check is allowed. 279 SetUpdateCheckAllowed(true); 280 281 // A typical setup for kiosk pin policy: AU disabled, allow kiosk to pin 282 // and there is a kiosk required platform version. 283 fake_state_.device_policy_provider()->var_update_disabled()->reset( 284 new bool(true)); 285 fake_state_.device_policy_provider() 286 ->var_allow_kiosk_app_control_chrome_version() 287 ->reset(new bool(true)); 288 fake_state_.system_provider()->var_kiosk_required_platform_version()->reset( 289 new string("1234.0.0")); 290 291 UpdateCheckParams result; 292 ExpectPolicyStatus(EvalStatus::kSucceeded, 293 &Policy::UpdateCheckAllowed, &result); 294 EXPECT_TRUE(result.updates_enabled); 295 EXPECT_EQ("1234.0.0", result.target_version_prefix); 296 EXPECT_FALSE(result.is_interactive); 297 } 298 299 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedDisabledWhenNoKioskPin) { 300 // Update check is allowed. 301 SetUpdateCheckAllowed(true); 302 303 // Disable AU policy is set but kiosk pin policy is set to false. Update is 304 // disabled in such case. 305 fake_state_.device_policy_provider()->var_update_disabled()->reset( 306 new bool(true)); 307 fake_state_.device_policy_provider() 308 ->var_allow_kiosk_app_control_chrome_version() 309 ->reset(new bool(false)); 310 311 UpdateCheckParams result; 312 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 313 &Policy::UpdateCheckAllowed, &result); 314 } 315 316 TEST_F(UmChromeOSPolicyTest, UpdateCheckAllowedKioskPinWithNoRequiredVersion) { 317 // Update check is allowed. 318 SetUpdateCheckAllowed(true); 319 320 // AU disabled, allow kiosk to pin but there is no kiosk required platform 321 // version (i.e. app does not provide the info). Update to latest in such 322 // case. 323 fake_state_.device_policy_provider()->var_update_disabled()->reset( 324 new bool(true)); 325 fake_state_.device_policy_provider() 326 ->var_allow_kiosk_app_control_chrome_version() 327 ->reset(new bool(true)); 328 fake_state_.system_provider()->var_kiosk_required_platform_version()->reset( 329 new string()); 330 331 UpdateCheckParams result; 332 ExpectPolicyStatus(EvalStatus::kSucceeded, 333 &Policy::UpdateCheckAllowed, &result); 334 EXPECT_TRUE(result.updates_enabled); 335 EXPECT_TRUE(result.target_version_prefix.empty()); 336 EXPECT_FALSE(result.is_interactive); 337 } 338 339 TEST_F(UmChromeOSPolicyTest, 340 UpdateCheckAllowedKioskPinWithFailedGetRequiredVersionCall) { 341 // AU disabled, allow kiosk to pin but D-Bus call to get required platform 342 // version failed. Defer update check in this case. 343 fake_state_.device_policy_provider()->var_update_disabled()->reset( 344 new bool(true)); 345 fake_state_.device_policy_provider() 346 ->var_allow_kiosk_app_control_chrome_version() 347 ->reset(new bool(true)); 348 fake_state_.system_provider()->var_kiosk_required_platform_version()->reset( 349 nullptr); 350 351 UpdateCheckParams result; 352 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 353 &Policy::UpdateCheckAllowed, &result); 354 } 355 356 TEST_F(UmChromeOSPolicyTest, UpdateCanStartFailsCheckAllowedError) { 357 // The UpdateCanStart policy fails, not being able to query 358 // UpdateCheckAllowed. 359 360 // Configure the UpdateCheckAllowed policy to fail. 361 fake_state_.updater_provider()->var_updater_started_time()->reset(nullptr); 362 363 // Check that the UpdateCanStart fails. 364 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 365 UpdateDownloadParams result; 366 ExpectPolicyStatus(EvalStatus::kFailed, 367 &Policy::UpdateCanStart, &result, update_state); 368 } 369 370 TEST_F(UmChromeOSPolicyTest, UpdateCanStartNotAllowedCheckDue) { 371 // The UpdateCanStart policy returns false because we are due for another 372 // update check. Ensure that download related values are still returned. 373 374 SetUpdateCheckAllowed(true); 375 376 // Check that the UpdateCanStart returns false. 377 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 378 UpdateDownloadParams result; 379 ExpectPolicyStatus(EvalStatus::kSucceeded, 380 &Policy::UpdateCanStart, &result, update_state); 381 EXPECT_FALSE(result.update_can_start); 382 EXPECT_EQ(UpdateCannotStartReason::kCheckDue, result.cannot_start_reason); 383 EXPECT_EQ(0, result.download_url_idx); 384 EXPECT_EQ(0, result.download_url_num_errors); 385 } 386 387 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedNoDevicePolicy) { 388 // The UpdateCanStart policy returns true; no device policy is loaded. 389 390 SetUpdateCheckAllowed(false); 391 fake_state_.device_policy_provider()->var_device_policy_is_loaded()->reset( 392 new bool(false)); 393 394 // Check that the UpdateCanStart returns true with no further attributes. 395 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 396 UpdateDownloadParams result; 397 ExpectPolicyStatus(EvalStatus::kSucceeded, 398 &Policy::UpdateCanStart, &result, update_state); 399 EXPECT_TRUE(result.update_can_start); 400 EXPECT_FALSE(result.p2p_downloading_allowed); 401 EXPECT_FALSE(result.p2p_sharing_allowed); 402 EXPECT_EQ(0, result.download_url_idx); 403 EXPECT_TRUE(result.download_url_allowed); 404 EXPECT_EQ(0, result.download_url_num_errors); 405 EXPECT_FALSE(result.do_increment_failures); 406 } 407 408 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedBlankPolicy) { 409 // The UpdateCanStart policy returns true; device policy is loaded but imposes 410 // no restrictions on updating. 411 412 SetUpdateCheckAllowed(false); 413 414 // Check that the UpdateCanStart returns true. 415 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 416 UpdateDownloadParams result; 417 ExpectPolicyStatus(EvalStatus::kSucceeded, 418 &Policy::UpdateCanStart, &result, update_state); 419 EXPECT_TRUE(result.update_can_start); 420 EXPECT_FALSE(result.p2p_downloading_allowed); 421 EXPECT_FALSE(result.p2p_sharing_allowed); 422 EXPECT_EQ(0, result.download_url_idx); 423 EXPECT_TRUE(result.download_url_allowed); 424 EXPECT_EQ(0, result.download_url_num_errors); 425 EXPECT_FALSE(result.do_increment_failures); 426 } 427 428 TEST_F(UmChromeOSPolicyTest, 429 UpdateCanStartNotAllowedBackoffNewWaitPeriodApplies) { 430 // The UpdateCanStart policy returns false; failures are reported and a new 431 // backoff period is enacted. 432 433 SetUpdateCheckAllowed(false); 434 435 const Time curr_time = fake_clock_.GetWallclockTime(); 436 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 437 update_state.download_errors_max = 1; 438 update_state.download_errors.emplace_back( 439 0, ErrorCode::kDownloadTransferError, 440 curr_time - TimeDelta::FromSeconds(8)); 441 update_state.download_errors.emplace_back( 442 0, ErrorCode::kDownloadTransferError, 443 curr_time - TimeDelta::FromSeconds(2)); 444 445 // Check that UpdateCanStart returns false and a new backoff expiry is 446 // generated. 447 UpdateDownloadParams result; 448 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 449 update_state); 450 EXPECT_FALSE(result.update_can_start); 451 EXPECT_EQ(UpdateCannotStartReason::kBackoff, result.cannot_start_reason); 452 EXPECT_TRUE(result.do_increment_failures); 453 EXPECT_LT(curr_time, result.backoff_expiry); 454 } 455 456 TEST_F(UmChromeOSPolicyTest, 457 UpdateCanStartNotAllowedBackoffPrevWaitPeriodStillApplies) { 458 // The UpdateCanStart policy returns false; a previously enacted backoff 459 // period still applies. 460 461 SetUpdateCheckAllowed(false); 462 463 const Time curr_time = fake_clock_.GetWallclockTime(); 464 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 465 update_state.download_errors_max = 1; 466 update_state.download_errors.emplace_back( 467 0, ErrorCode::kDownloadTransferError, 468 curr_time - TimeDelta::FromSeconds(8)); 469 update_state.download_errors.emplace_back( 470 0, ErrorCode::kDownloadTransferError, 471 curr_time - TimeDelta::FromSeconds(2)); 472 update_state.failures_last_updated = curr_time; 473 update_state.backoff_expiry = curr_time + TimeDelta::FromMinutes(3); 474 475 // Check that UpdateCanStart returns false and a new backoff expiry is 476 // generated. 477 UpdateDownloadParams result; 478 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, &Policy::UpdateCanStart, 479 &result, update_state); 480 EXPECT_FALSE(result.update_can_start); 481 EXPECT_EQ(UpdateCannotStartReason::kBackoff, result.cannot_start_reason); 482 EXPECT_FALSE(result.do_increment_failures); 483 EXPECT_LT(curr_time, result.backoff_expiry); 484 } 485 486 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedBackoffSatisfied) { 487 // The UpdateCanStart policy returns true; a previously enacted backoff period 488 // has elapsed, we're good to go. 489 490 SetUpdateCheckAllowed(false); 491 492 const Time curr_time = fake_clock_.GetWallclockTime(); 493 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 494 update_state.download_errors_max = 1; 495 update_state.download_errors.emplace_back( 496 0, ErrorCode::kDownloadTransferError, 497 curr_time - TimeDelta::FromSeconds(8)); 498 update_state.download_errors.emplace_back( 499 0, ErrorCode::kDownloadTransferError, 500 curr_time - TimeDelta::FromSeconds(2)); 501 update_state.failures_last_updated = curr_time - TimeDelta::FromSeconds(1); 502 update_state.backoff_expiry = curr_time - TimeDelta::FromSeconds(1); 503 504 // Check that UpdateCanStart returns false and a new backoff expiry is 505 // generated. 506 UpdateDownloadParams result; 507 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, 508 &result, update_state); 509 EXPECT_TRUE(result.update_can_start); 510 EXPECT_EQ(UpdateCannotStartReason::kUndefined, result.cannot_start_reason); 511 EXPECT_EQ(0, result.download_url_idx); 512 EXPECT_TRUE(result.download_url_allowed); 513 EXPECT_EQ(0, result.download_url_num_errors); 514 EXPECT_FALSE(result.do_increment_failures); 515 EXPECT_EQ(Time(), result.backoff_expiry); 516 } 517 518 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedBackoffDisabled) { 519 // The UpdateCanStart policy returns false; failures are reported but backoff 520 // is disabled. 521 522 SetUpdateCheckAllowed(false); 523 524 const Time curr_time = fake_clock_.GetWallclockTime(); 525 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 526 update_state.download_errors_max = 1; 527 update_state.download_errors.emplace_back( 528 0, ErrorCode::kDownloadTransferError, 529 curr_time - TimeDelta::FromSeconds(8)); 530 update_state.download_errors.emplace_back( 531 0, ErrorCode::kDownloadTransferError, 532 curr_time - TimeDelta::FromSeconds(2)); 533 update_state.is_backoff_disabled = true; 534 535 // Check that UpdateCanStart returns false and a new backoff expiry is 536 // generated. 537 UpdateDownloadParams result; 538 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 539 update_state); 540 EXPECT_TRUE(result.update_can_start); 541 EXPECT_EQ(UpdateCannotStartReason::kUndefined, result.cannot_start_reason); 542 EXPECT_EQ(0, result.download_url_idx); 543 EXPECT_TRUE(result.download_url_allowed); 544 EXPECT_EQ(0, result.download_url_num_errors); 545 EXPECT_TRUE(result.do_increment_failures); 546 EXPECT_EQ(Time(), result.backoff_expiry); 547 } 548 549 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedNoBackoffInteractive) { 550 // The UpdateCanStart policy returns false; failures are reported but this is 551 // an interactive update check. 552 553 SetUpdateCheckAllowed(false); 554 555 const Time curr_time = fake_clock_.GetWallclockTime(); 556 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 557 update_state.download_errors_max = 1; 558 update_state.download_errors.emplace_back( 559 0, ErrorCode::kDownloadTransferError, 560 curr_time - TimeDelta::FromSeconds(8)); 561 update_state.download_errors.emplace_back( 562 0, ErrorCode::kDownloadTransferError, 563 curr_time - TimeDelta::FromSeconds(2)); 564 update_state.is_interactive = true; 565 566 // Check that UpdateCanStart returns false and a new backoff expiry is 567 // generated. 568 UpdateDownloadParams result; 569 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 570 update_state); 571 EXPECT_TRUE(result.update_can_start); 572 EXPECT_EQ(UpdateCannotStartReason::kUndefined, result.cannot_start_reason); 573 EXPECT_EQ(0, result.download_url_idx); 574 EXPECT_TRUE(result.download_url_allowed); 575 EXPECT_EQ(0, result.download_url_num_errors); 576 EXPECT_TRUE(result.do_increment_failures); 577 EXPECT_EQ(Time(), result.backoff_expiry); 578 } 579 580 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedNoBackoffDelta) { 581 // The UpdateCanStart policy returns false; failures are reported but this is 582 // a delta payload. 583 584 SetUpdateCheckAllowed(false); 585 586 const Time curr_time = fake_clock_.GetWallclockTime(); 587 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 588 update_state.download_errors_max = 1; 589 update_state.download_errors.emplace_back( 590 0, ErrorCode::kDownloadTransferError, 591 curr_time - TimeDelta::FromSeconds(8)); 592 update_state.download_errors.emplace_back( 593 0, ErrorCode::kDownloadTransferError, 594 curr_time - TimeDelta::FromSeconds(2)); 595 update_state.is_delta_payload = true; 596 597 // Check that UpdateCanStart returns false and a new backoff expiry is 598 // generated. 599 UpdateDownloadParams result; 600 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 601 update_state); 602 EXPECT_TRUE(result.update_can_start); 603 EXPECT_EQ(UpdateCannotStartReason::kUndefined, result.cannot_start_reason); 604 EXPECT_EQ(0, result.download_url_idx); 605 EXPECT_TRUE(result.download_url_allowed); 606 EXPECT_EQ(0, result.download_url_num_errors); 607 EXPECT_TRUE(result.do_increment_failures); 608 EXPECT_EQ(Time(), result.backoff_expiry); 609 } 610 611 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedNoBackoffUnofficialBuild) { 612 // The UpdateCanStart policy returns false; failures are reported but this is 613 // an unofficial build. 614 615 SetUpdateCheckAllowed(false); 616 617 const Time curr_time = fake_clock_.GetWallclockTime(); 618 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 619 update_state.download_errors_max = 1; 620 update_state.download_errors.emplace_back( 621 0, ErrorCode::kDownloadTransferError, 622 curr_time - TimeDelta::FromSeconds(8)); 623 update_state.download_errors.emplace_back( 624 0, ErrorCode::kDownloadTransferError, 625 curr_time - TimeDelta::FromSeconds(2)); 626 627 fake_state_.system_provider()->var_is_official_build()-> 628 reset(new bool(false)); 629 630 // Check that UpdateCanStart returns false and a new backoff expiry is 631 // generated. 632 UpdateDownloadParams result; 633 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 634 update_state); 635 EXPECT_TRUE(result.update_can_start); 636 EXPECT_EQ(UpdateCannotStartReason::kUndefined, result.cannot_start_reason); 637 EXPECT_EQ(0, result.download_url_idx); 638 EXPECT_TRUE(result.download_url_allowed); 639 EXPECT_EQ(0, result.download_url_num_errors); 640 EXPECT_TRUE(result.do_increment_failures); 641 EXPECT_EQ(Time(), result.backoff_expiry); 642 } 643 644 TEST_F(UmChromeOSPolicyTest, UpdateCanStartFailsScatteringFailed) { 645 // The UpdateCanStart policy fails because the UpdateScattering policy it 646 // depends on fails (unset variable). 647 648 SetUpdateCheckAllowed(false); 649 650 // Override the default seed variable with a null value so that the policy 651 // request would fail. 652 // TODO(garnold) This failure may or may not fail a number 653 // sub-policies/decisions, like scattering and backoff. We'll need a more 654 // deliberate setup to ensure that we're failing what we want to be failing. 655 fake_state_.random_provider()->var_seed()->reset(nullptr); 656 657 // Check that the UpdateCanStart fails. 658 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 659 UpdateDownloadParams result; 660 ExpectPolicyStatus(EvalStatus::kFailed, 661 &Policy::UpdateCanStart, &result, update_state); 662 } 663 664 TEST_F(UmChromeOSPolicyTest, 665 UpdateCanStartNotAllowedScatteringNewWaitPeriodApplies) { 666 // The UpdateCanStart policy returns false; device policy is loaded and 667 // scattering applies due to an unsatisfied wait period, which was newly 668 // generated. 669 670 SetUpdateCheckAllowed(false); 671 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 672 new TimeDelta(TimeDelta::FromMinutes(2))); 673 674 675 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 676 677 // Check that the UpdateCanStart returns false and a new wait period 678 // generated. 679 UpdateDownloadParams result; 680 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 681 update_state); 682 EXPECT_FALSE(result.update_can_start); 683 EXPECT_EQ(UpdateCannotStartReason::kScattering, result.cannot_start_reason); 684 EXPECT_LT(TimeDelta(), result.scatter_wait_period); 685 EXPECT_EQ(0, result.scatter_check_threshold); 686 } 687 688 TEST_F(UmChromeOSPolicyTest, 689 UpdateCanStartNotAllowedScatteringPrevWaitPeriodStillApplies) { 690 // The UpdateCanStart policy returns false w/ kAskMeAgainLater; device policy 691 // is loaded and a previously generated scattering period still applies, none 692 // of the scattering values has changed. 693 694 SetUpdateCheckAllowed(false); 695 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 696 new TimeDelta(TimeDelta::FromMinutes(2))); 697 698 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 699 update_state.scatter_wait_period = TimeDelta::FromSeconds(35); 700 701 // Check that the UpdateCanStart returns false and a new wait period 702 // generated. 703 UpdateDownloadParams result; 704 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, &Policy::UpdateCanStart, 705 &result, update_state); 706 EXPECT_FALSE(result.update_can_start); 707 EXPECT_EQ(UpdateCannotStartReason::kScattering, result.cannot_start_reason); 708 EXPECT_EQ(TimeDelta::FromSeconds(35), result.scatter_wait_period); 709 EXPECT_EQ(0, result.scatter_check_threshold); 710 } 711 712 TEST_F(UmChromeOSPolicyTest, 713 UpdateCanStartNotAllowedScatteringNewCountThresholdApplies) { 714 // The UpdateCanStart policy returns false; device policy is loaded and 715 // scattering applies due to an unsatisfied update check count threshold. 716 // 717 // This ensures a non-zero check threshold, which may or may not be combined 718 // with a non-zero wait period (for which we cannot reliably control). 719 720 SetUpdateCheckAllowed(false); 721 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 722 new TimeDelta(TimeDelta::FromSeconds(1))); 723 724 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 725 update_state.scatter_check_threshold_min = 2; 726 update_state.scatter_check_threshold_max = 5; 727 728 // Check that the UpdateCanStart returns false. 729 UpdateDownloadParams result; 730 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 731 update_state); 732 EXPECT_FALSE(result.update_can_start); 733 EXPECT_EQ(UpdateCannotStartReason::kScattering, result.cannot_start_reason); 734 EXPECT_LE(2, result.scatter_check_threshold); 735 EXPECT_GE(5, result.scatter_check_threshold); 736 } 737 738 TEST_F(UmChromeOSPolicyTest, 739 UpdateCanStartNotAllowedScatteringPrevCountThresholdStillApplies) { 740 // The UpdateCanStart policy returns false; device policy is loaded and 741 // scattering due to a previously generated count threshold still applies. 742 743 SetUpdateCheckAllowed(false); 744 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 745 new TimeDelta(TimeDelta::FromSeconds(1))); 746 747 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 748 update_state.scatter_check_threshold = 3; 749 update_state.scatter_check_threshold_min = 2; 750 update_state.scatter_check_threshold_max = 5; 751 752 // Check that the UpdateCanStart returns false. 753 UpdateDownloadParams result; 754 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 755 update_state); 756 EXPECT_FALSE(result.update_can_start); 757 EXPECT_EQ(UpdateCannotStartReason::kScattering, result.cannot_start_reason); 758 EXPECT_EQ(3, result.scatter_check_threshold); 759 } 760 761 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedScatteringSatisfied) { 762 // The UpdateCanStart policy returns true; device policy is loaded and 763 // scattering is enabled, but both wait period and check threshold are 764 // satisfied. 765 766 SetUpdateCheckAllowed(false); 767 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 768 new TimeDelta(TimeDelta::FromSeconds(120))); 769 770 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(75)); 771 update_state.num_checks = 4; 772 update_state.scatter_wait_period = TimeDelta::FromSeconds(60); 773 update_state.scatter_check_threshold = 3; 774 update_state.scatter_check_threshold_min = 2; 775 update_state.scatter_check_threshold_max = 5; 776 777 // Check that the UpdateCanStart returns true. 778 UpdateDownloadParams result; 779 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 780 update_state); 781 EXPECT_TRUE(result.update_can_start); 782 EXPECT_EQ(TimeDelta(), result.scatter_wait_period); 783 EXPECT_EQ(0, result.scatter_check_threshold); 784 EXPECT_EQ(0, result.download_url_idx); 785 EXPECT_TRUE(result.download_url_allowed); 786 EXPECT_EQ(0, result.download_url_num_errors); 787 EXPECT_FALSE(result.do_increment_failures); 788 } 789 790 TEST_F(UmChromeOSPolicyTest, 791 UpdateCanStartAllowedInteractivePreventsScattering) { 792 // The UpdateCanStart policy returns true; device policy is loaded and 793 // scattering would have applied, except that the update check is interactive 794 // and so it is suppressed. 795 796 SetUpdateCheckAllowed(false); 797 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 798 new TimeDelta(TimeDelta::FromSeconds(1))); 799 800 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 801 update_state.is_interactive = true; 802 update_state.scatter_check_threshold = 0; 803 update_state.scatter_check_threshold_min = 2; 804 update_state.scatter_check_threshold_max = 5; 805 806 // Check that the UpdateCanStart returns true. 807 UpdateDownloadParams result; 808 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 809 update_state); 810 EXPECT_TRUE(result.update_can_start); 811 EXPECT_EQ(TimeDelta(), result.scatter_wait_period); 812 EXPECT_EQ(0, result.scatter_check_threshold); 813 EXPECT_EQ(0, result.download_url_idx); 814 EXPECT_TRUE(result.download_url_allowed); 815 EXPECT_EQ(0, result.download_url_num_errors); 816 EXPECT_FALSE(result.do_increment_failures); 817 } 818 819 TEST_F(UmChromeOSPolicyTest, 820 UpdateCanStartAllowedOobePreventsScattering) { 821 // The UpdateCanStart policy returns true; device policy is loaded and 822 // scattering would have applied, except that OOBE was not completed and so it 823 // is suppressed. 824 825 SetUpdateCheckAllowed(false); 826 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 827 new TimeDelta(TimeDelta::FromSeconds(1))); 828 fake_state_.system_provider()->var_is_oobe_complete()->reset(new bool(false)); 829 830 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 831 update_state.is_interactive = true; 832 update_state.scatter_check_threshold = 0; 833 update_state.scatter_check_threshold_min = 2; 834 update_state.scatter_check_threshold_max = 5; 835 836 // Check that the UpdateCanStart returns true. 837 UpdateDownloadParams result; 838 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 839 update_state); 840 EXPECT_TRUE(result.update_can_start); 841 EXPECT_EQ(TimeDelta(), result.scatter_wait_period); 842 EXPECT_EQ(0, result.scatter_check_threshold); 843 EXPECT_EQ(0, result.download_url_idx); 844 EXPECT_TRUE(result.download_url_allowed); 845 EXPECT_EQ(0, result.download_url_num_errors); 846 EXPECT_FALSE(result.do_increment_failures); 847 } 848 849 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedWithAttributes) { 850 // The UpdateCanStart policy returns true; device policy permits both HTTP and 851 // P2P updates, as well as a non-empty target channel string. 852 853 SetUpdateCheckAllowed(false); 854 855 // Override specific device policy attributes. 856 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 857 new bool(true)); 858 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 859 new bool(true)); 860 861 // Check that the UpdateCanStart returns true. 862 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 863 UpdateDownloadParams result; 864 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 865 update_state); 866 EXPECT_TRUE(result.update_can_start); 867 EXPECT_TRUE(result.p2p_downloading_allowed); 868 EXPECT_TRUE(result.p2p_sharing_allowed); 869 EXPECT_EQ(0, result.download_url_idx); 870 EXPECT_TRUE(result.download_url_allowed); 871 EXPECT_EQ(0, result.download_url_num_errors); 872 EXPECT_FALSE(result.do_increment_failures); 873 } 874 875 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedWithP2PFromUpdater) { 876 // The UpdateCanStart policy returns true; device policy forbids both HTTP and 877 // P2P updates, but the updater is configured to allow P2P and overrules the 878 // setting. 879 880 SetUpdateCheckAllowed(false); 881 882 // Override specific device policy attributes. 883 fake_state_.updater_provider()->var_p2p_enabled()->reset(new bool(true)); 884 885 // Check that the UpdateCanStart returns true. 886 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 887 UpdateDownloadParams result; 888 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 889 update_state); 890 EXPECT_TRUE(result.update_can_start); 891 EXPECT_TRUE(result.p2p_downloading_allowed); 892 EXPECT_TRUE(result.p2p_sharing_allowed); 893 EXPECT_EQ(0, result.download_url_idx); 894 EXPECT_TRUE(result.download_url_allowed); 895 EXPECT_EQ(0, result.download_url_num_errors); 896 EXPECT_FALSE(result.do_increment_failures); 897 } 898 899 TEST_F(UmChromeOSPolicyTest, 900 UpdateCanStartAllowedP2PDownloadingBlockedDueToOmaha) { 901 // The UpdateCanStart policy returns true; device policy permits HTTP, but 902 // policy blocks P2P downloading because Omaha forbids it. P2P sharing is 903 // still permitted. 904 905 SetUpdateCheckAllowed(false); 906 907 // Override specific device policy attributes. 908 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 909 new bool(true)); 910 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 911 new bool(true)); 912 913 // Check that the UpdateCanStart returns true. 914 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 915 update_state.p2p_downloading_disabled = true; 916 UpdateDownloadParams result; 917 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 918 update_state); 919 EXPECT_TRUE(result.update_can_start); 920 EXPECT_FALSE(result.p2p_downloading_allowed); 921 EXPECT_TRUE(result.p2p_sharing_allowed); 922 } 923 924 TEST_F(UmChromeOSPolicyTest, 925 UpdateCanStartAllowedP2PSharingBlockedDueToOmaha) { 926 // The UpdateCanStart policy returns true; device policy permits HTTP, but 927 // policy blocks P2P sharing because Omaha forbids it. P2P downloading is 928 // still permitted. 929 930 SetUpdateCheckAllowed(false); 931 932 // Override specific device policy attributes. 933 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 934 new bool(true)); 935 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 936 new bool(true)); 937 938 // Check that the UpdateCanStart returns true. 939 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 940 update_state.p2p_sharing_disabled = true; 941 UpdateDownloadParams result; 942 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 943 update_state); 944 EXPECT_TRUE(result.update_can_start); 945 EXPECT_TRUE(result.p2p_downloading_allowed); 946 EXPECT_FALSE(result.p2p_sharing_allowed); 947 } 948 949 TEST_F(UmChromeOSPolicyTest, 950 UpdateCanStartAllowedP2PDownloadingBlockedDueToNumAttempts) { 951 // The UpdateCanStart policy returns true; device policy permits HTTP but 952 // blocks P2P download, because the max number of P2P downloads have been 953 // attempted. P2P sharing is still permitted. 954 955 SetUpdateCheckAllowed(false); 956 957 // Override specific device policy attributes. 958 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 959 new bool(true)); 960 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 961 new bool(true)); 962 963 // Check that the UpdateCanStart returns true. 964 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 965 update_state.p2p_num_attempts = ChromeOSPolicy::kMaxP2PAttempts; 966 UpdateDownloadParams result; 967 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 968 update_state); 969 EXPECT_TRUE(result.update_can_start); 970 EXPECT_FALSE(result.p2p_downloading_allowed); 971 EXPECT_TRUE(result.p2p_sharing_allowed); 972 } 973 974 TEST_F(UmChromeOSPolicyTest, 975 UpdateCanStartAllowedP2PDownloadingBlockedDueToAttemptsPeriod) { 976 // The UpdateCanStart policy returns true; device policy permits HTTP but 977 // blocks P2P download, because the max period for attempt to download via P2P 978 // has elapsed. P2P sharing is still permitted. 979 980 SetUpdateCheckAllowed(false); 981 982 // Override specific device policy attributes. 983 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 984 new bool(true)); 985 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 986 new bool(true)); 987 988 // Check that the UpdateCanStart returns true. 989 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 990 update_state.p2p_num_attempts = 1; 991 update_state.p2p_first_attempted = 992 fake_clock_.GetWallclockTime() - 993 TimeDelta::FromSeconds( 994 ChromeOSPolicy::kMaxP2PAttemptsPeriodInSeconds + 1); 995 UpdateDownloadParams result; 996 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 997 update_state); 998 EXPECT_TRUE(result.update_can_start); 999 EXPECT_FALSE(result.p2p_downloading_allowed); 1000 EXPECT_TRUE(result.p2p_sharing_allowed); 1001 } 1002 1003 TEST_F(UmChromeOSPolicyTest, 1004 UpdateCanStartAllowedWithHttpUrlForUnofficialBuild) { 1005 // The UpdateCanStart policy returns true; device policy forbids both HTTP and 1006 // P2P updates, but marking this an unofficial build overrules the HTTP 1007 // setting. 1008 1009 SetUpdateCheckAllowed(false); 1010 1011 // Override specific device policy attributes. 1012 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 1013 new bool(false)); 1014 fake_state_.system_provider()->var_is_official_build()-> 1015 reset(new bool(false)); 1016 1017 // Check that the UpdateCanStart returns true. 1018 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1019 UpdateDownloadParams result; 1020 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1021 update_state); 1022 EXPECT_TRUE(result.update_can_start); 1023 EXPECT_EQ(0, result.download_url_idx); 1024 EXPECT_TRUE(result.download_url_allowed); 1025 EXPECT_EQ(0, result.download_url_num_errors); 1026 EXPECT_FALSE(result.do_increment_failures); 1027 } 1028 1029 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedWithHttpsUrl) { 1030 // The UpdateCanStart policy returns true; device policy forbids both HTTP and 1031 // P2P updates, but an HTTPS URL is provided and selected for download. 1032 1033 SetUpdateCheckAllowed(false); 1034 1035 // Override specific device policy attributes. 1036 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 1037 new bool(false)); 1038 1039 // Add an HTTPS URL. 1040 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1041 update_state.download_urls.emplace_back("https://secure/url/"); 1042 1043 // Check that the UpdateCanStart returns true. 1044 UpdateDownloadParams result; 1045 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1046 update_state); 1047 EXPECT_TRUE(result.update_can_start); 1048 EXPECT_EQ(1, result.download_url_idx); 1049 EXPECT_TRUE(result.download_url_allowed); 1050 EXPECT_EQ(0, result.download_url_num_errors); 1051 EXPECT_FALSE(result.do_increment_failures); 1052 } 1053 1054 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedMaxErrorsNotExceeded) { 1055 // The UpdateCanStart policy returns true; the first URL has download errors 1056 // but does not exceed the maximum allowed number of failures, so it is stilli 1057 // usable. 1058 1059 SetUpdateCheckAllowed(false); 1060 1061 // Add a second URL; update with this URL attempted and failed enough times to 1062 // disqualify the current (first) URL. 1063 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1064 update_state.num_checks = 5; 1065 update_state.download_urls.emplace_back("http://another/fake/url/"); 1066 Time t = fake_clock_.GetWallclockTime() - TimeDelta::FromSeconds(12); 1067 for (int i = 0; i < 5; i++) { 1068 update_state.download_errors.emplace_back( 1069 0, ErrorCode::kDownloadTransferError, t); 1070 t += TimeDelta::FromSeconds(1); 1071 } 1072 1073 // Check that the UpdateCanStart returns true. 1074 UpdateDownloadParams result; 1075 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1076 update_state); 1077 EXPECT_TRUE(result.update_can_start); 1078 EXPECT_EQ(0, result.download_url_idx); 1079 EXPECT_TRUE(result.download_url_allowed); 1080 EXPECT_EQ(5, result.download_url_num_errors); 1081 EXPECT_FALSE(result.do_increment_failures); 1082 } 1083 1084 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedWithSecondUrlMaxExceeded) { 1085 // The UpdateCanStart policy returns true; the first URL exceeded the maximum 1086 // allowed number of failures, but a second URL is available. 1087 1088 SetUpdateCheckAllowed(false); 1089 1090 // Add a second URL; update with this URL attempted and failed enough times to 1091 // disqualify the current (first) URL. 1092 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1093 update_state.num_checks = 10; 1094 update_state.download_urls.emplace_back("http://another/fake/url/"); 1095 Time t = fake_clock_.GetWallclockTime() - TimeDelta::FromSeconds(12); 1096 for (int i = 0; i < 11; i++) { 1097 update_state.download_errors.emplace_back( 1098 0, ErrorCode::kDownloadTransferError, t); 1099 t += TimeDelta::FromSeconds(1); 1100 } 1101 1102 // Check that the UpdateCanStart returns true. 1103 UpdateDownloadParams result; 1104 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1105 update_state); 1106 EXPECT_TRUE(result.update_can_start); 1107 EXPECT_EQ(1, result.download_url_idx); 1108 EXPECT_TRUE(result.download_url_allowed); 1109 EXPECT_EQ(0, result.download_url_num_errors); 1110 EXPECT_FALSE(result.do_increment_failures); 1111 } 1112 1113 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedWithSecondUrlHardError) { 1114 // The UpdateCanStart policy returns true; the first URL fails with a hard 1115 // error, but a second URL is available. 1116 1117 SetUpdateCheckAllowed(false); 1118 1119 // Add a second URL; update with this URL attempted and failed in a way that 1120 // causes it to switch directly to the next URL. 1121 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1122 update_state.num_checks = 10; 1123 update_state.download_urls.emplace_back("http://another/fake/url/"); 1124 update_state.download_errors.emplace_back( 1125 0, ErrorCode::kPayloadHashMismatchError, 1126 fake_clock_.GetWallclockTime() - TimeDelta::FromSeconds(1)); 1127 1128 // Check that the UpdateCanStart returns true. 1129 UpdateDownloadParams result; 1130 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1131 update_state); 1132 EXPECT_TRUE(result.update_can_start); 1133 EXPECT_EQ(1, result.download_url_idx); 1134 EXPECT_TRUE(result.download_url_allowed); 1135 EXPECT_EQ(0, result.download_url_num_errors); 1136 EXPECT_FALSE(result.do_increment_failures); 1137 } 1138 1139 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedUrlWrapsAround) { 1140 // The UpdateCanStart policy returns true; URL search properly wraps around 1141 // the last one on the list. 1142 1143 SetUpdateCheckAllowed(false); 1144 1145 // Add a second URL; update with this URL attempted and failed in a way that 1146 // causes it to switch directly to the next URL. We must disable backoff in 1147 // order for it not to interfere. 1148 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1149 update_state.num_checks = 1; 1150 update_state.is_backoff_disabled = true; 1151 update_state.download_urls.emplace_back("http://another/fake/url/"); 1152 update_state.download_errors.emplace_back( 1153 1, ErrorCode::kPayloadHashMismatchError, 1154 fake_clock_.GetWallclockTime() - TimeDelta::FromSeconds(1)); 1155 1156 // Check that the UpdateCanStart returns true. 1157 UpdateDownloadParams result; 1158 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1159 update_state); 1160 EXPECT_TRUE(result.update_can_start); 1161 EXPECT_EQ(0, result.download_url_idx); 1162 EXPECT_TRUE(result.download_url_allowed); 1163 EXPECT_EQ(0, result.download_url_num_errors); 1164 EXPECT_TRUE(result.do_increment_failures); 1165 } 1166 1167 TEST_F(UmChromeOSPolicyTest, UpdateCanStartNotAllowedNoUsableUrls) { 1168 // The UpdateCanStart policy returns false; there's a single HTTP URL but its 1169 // use is forbidden by policy. 1170 // 1171 // Note: In the case where no usable URLs are found, the policy should not 1172 // increment the number of failed attempts! Doing so would result in a 1173 // non-idempotent semantics, and does not fall within the intended purpose of 1174 // the backoff mechanism anyway. 1175 1176 SetUpdateCheckAllowed(false); 1177 1178 // Override specific device policy attributes. 1179 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 1180 new bool(false)); 1181 1182 // Check that the UpdateCanStart returns false. 1183 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1184 UpdateDownloadParams result; 1185 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1186 update_state); 1187 EXPECT_FALSE(result.update_can_start); 1188 EXPECT_EQ(UpdateCannotStartReason::kCannotDownload, 1189 result.cannot_start_reason); 1190 EXPECT_FALSE(result.do_increment_failures); 1191 } 1192 1193 TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedNoUsableUrlsButP2PEnabled) { 1194 // The UpdateCanStart policy returns true; there's a single HTTP URL but its 1195 // use is forbidden by policy, however P2P is enabled. The result indicates 1196 // that no URL can be used. 1197 // 1198 // Note: The number of failed attempts should not increase in this case (see 1199 // above test). 1200 1201 SetUpdateCheckAllowed(false); 1202 1203 // Override specific device policy attributes. 1204 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 1205 new bool(true)); 1206 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 1207 new bool(false)); 1208 1209 // Check that the UpdateCanStart returns true. 1210 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1211 UpdateDownloadParams result; 1212 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1213 update_state); 1214 EXPECT_TRUE(result.update_can_start); 1215 EXPECT_TRUE(result.p2p_downloading_allowed); 1216 EXPECT_TRUE(result.p2p_sharing_allowed); 1217 EXPECT_GT(0, result.download_url_idx); 1218 EXPECT_TRUE(result.download_url_allowed); 1219 EXPECT_EQ(0, result.download_url_num_errors); 1220 EXPECT_FALSE(result.do_increment_failures); 1221 } 1222 1223 TEST_F(UmChromeOSPolicyTest, 1224 UpdateCanStartAllowedNoUsableUrlsButEnterpriseEnrolled) { 1225 // The UpdateCanStart policy returns true; there's a single HTTP URL but its 1226 // use is forbidden by policy, and P2P is unset on the policy, however the 1227 // device is enterprise-enrolled so P2P is allowed. The result indicates that 1228 // no URL can be used. 1229 // 1230 // Note: The number of failed attempts should not increase in this case (see 1231 // above test). 1232 1233 SetUpdateCheckAllowed(false); 1234 1235 // Override specific device policy attributes. 1236 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset(nullptr); 1237 fake_state_.device_policy_provider()->var_owner()->reset(nullptr); 1238 fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( 1239 new bool(false)); 1240 1241 // Check that the UpdateCanStart returns true. 1242 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); 1243 UpdateDownloadParams result; 1244 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1245 update_state); 1246 EXPECT_TRUE(result.update_can_start); 1247 EXPECT_TRUE(result.p2p_downloading_allowed); 1248 EXPECT_TRUE(result.p2p_sharing_allowed); 1249 EXPECT_GT(0, result.download_url_idx); 1250 EXPECT_TRUE(result.download_url_allowed); 1251 EXPECT_EQ(0, result.download_url_num_errors); 1252 EXPECT_FALSE(result.do_increment_failures); 1253 } 1254 1255 TEST_F(UmChromeOSPolicyTest, UpdateDownloadAllowedEthernetDefault) { 1256 // Ethernet is always allowed. 1257 1258 fake_state_.shill_provider()->var_conn_type()-> 1259 reset(new ConnectionType(ConnectionType::kEthernet)); 1260 1261 bool result; 1262 ExpectPolicyStatus(EvalStatus::kSucceeded, 1263 &Policy::UpdateDownloadAllowed, &result); 1264 EXPECT_TRUE(result); 1265 } 1266 1267 TEST_F(UmChromeOSPolicyTest, UpdateDownloadAllowedWifiDefault) { 1268 // Wifi is allowed if not tethered. 1269 1270 fake_state_.shill_provider()->var_conn_type()-> 1271 reset(new ConnectionType(ConnectionType::kWifi)); 1272 1273 bool result; 1274 ExpectPolicyStatus(EvalStatus::kSucceeded, 1275 &Policy::UpdateDownloadAllowed, &result); 1276 EXPECT_TRUE(result); 1277 } 1278 1279 TEST_F(UmChromeOSPolicyTest, 1280 UpdateCurrentConnectionNotAllowedWifiTetheredDefault) { 1281 // Tethered wifi is not allowed by default. 1282 1283 fake_state_.shill_provider()->var_conn_type()-> 1284 reset(new ConnectionType(ConnectionType::kWifi)); 1285 fake_state_.shill_provider()->var_conn_tethering()-> 1286 reset(new ConnectionTethering(ConnectionTethering::kConfirmed)); 1287 1288 bool result; 1289 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 1290 &Policy::UpdateDownloadAllowed, &result); 1291 } 1292 1293 TEST_F(UmChromeOSPolicyTest, 1294 UpdateDownloadAllowedWifiTetheredPolicyOverride) { 1295 // Tethered wifi can be allowed by policy. 1296 1297 fake_state_.shill_provider()->var_conn_type()-> 1298 reset(new ConnectionType(ConnectionType::kWifi)); 1299 fake_state_.shill_provider()->var_conn_tethering()-> 1300 reset(new ConnectionTethering(ConnectionTethering::kConfirmed)); 1301 set<ConnectionType> allowed_connections; 1302 allowed_connections.insert(ConnectionType::kCellular); 1303 fake_state_.device_policy_provider()-> 1304 var_allowed_connection_types_for_update()-> 1305 reset(new set<ConnectionType>(allowed_connections)); 1306 1307 bool result; 1308 ExpectPolicyStatus(EvalStatus::kSucceeded, 1309 &Policy::UpdateDownloadAllowed, &result); 1310 EXPECT_TRUE(result); 1311 } 1312 1313 TEST_F(UmChromeOSPolicyTest, UpdateDownloadAllowedWimaxDefault) { 1314 // Wimax is always allowed. 1315 1316 fake_state_.shill_provider()->var_conn_type()-> 1317 reset(new ConnectionType(ConnectionType::kWifi)); 1318 1319 bool result; 1320 ExpectPolicyStatus(EvalStatus::kSucceeded, 1321 &Policy::UpdateDownloadAllowed, &result); 1322 EXPECT_TRUE(result); 1323 } 1324 1325 TEST_F(UmChromeOSPolicyTest, 1326 UpdateCurrentConnectionNotAllowedBluetoothDefault) { 1327 // Bluetooth is never allowed. 1328 1329 fake_state_.shill_provider()->var_conn_type()-> 1330 reset(new ConnectionType(ConnectionType::kBluetooth)); 1331 1332 bool result; 1333 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 1334 &Policy::UpdateDownloadAllowed, &result); 1335 } 1336 1337 TEST_F(UmChromeOSPolicyTest, 1338 UpdateCurrentConnectionNotAllowedBluetoothPolicyCannotOverride) { 1339 // Bluetooth cannot be allowed even by policy. 1340 1341 fake_state_.shill_provider()->var_conn_type()-> 1342 reset(new ConnectionType(ConnectionType::kBluetooth)); 1343 set<ConnectionType> allowed_connections; 1344 allowed_connections.insert(ConnectionType::kBluetooth); 1345 fake_state_.device_policy_provider()-> 1346 var_allowed_connection_types_for_update()-> 1347 reset(new set<ConnectionType>(allowed_connections)); 1348 1349 bool result; 1350 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 1351 &Policy::UpdateDownloadAllowed, &result); 1352 } 1353 1354 TEST_F(UmChromeOSPolicyTest, UpdateCurrentConnectionNotAllowedCellularDefault) { 1355 // Cellular is not allowed by default. 1356 1357 fake_state_.shill_provider()->var_conn_type()-> 1358 reset(new ConnectionType(ConnectionType::kCellular)); 1359 1360 bool result; 1361 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, 1362 &Policy::UpdateDownloadAllowed, &result); 1363 } 1364 1365 TEST_F(UmChromeOSPolicyTest, 1366 UpdateDownloadAllowedCellularPolicyOverride) { 1367 // Update over cellular can be enabled by policy. 1368 1369 fake_state_.shill_provider()->var_conn_type()-> 1370 reset(new ConnectionType(ConnectionType::kCellular)); 1371 set<ConnectionType> allowed_connections; 1372 allowed_connections.insert(ConnectionType::kCellular); 1373 fake_state_.device_policy_provider()-> 1374 var_allowed_connection_types_for_update()-> 1375 reset(new set<ConnectionType>(allowed_connections)); 1376 1377 bool result; 1378 ExpectPolicyStatus(EvalStatus::kSucceeded, 1379 &Policy::UpdateDownloadAllowed, &result); 1380 EXPECT_TRUE(result); 1381 } 1382 1383 TEST_F(UmChromeOSPolicyTest, 1384 UpdateDownloadAllowedCellularUserOverride) { 1385 // Update over cellular can be enabled by user settings, but only if policy 1386 // is present and does not determine allowed connections. 1387 1388 fake_state_.shill_provider()->var_conn_type()-> 1389 reset(new ConnectionType(ConnectionType::kCellular)); 1390 set<ConnectionType> allowed_connections; 1391 allowed_connections.insert(ConnectionType::kCellular); 1392 fake_state_.updater_provider()->var_cellular_enabled()-> 1393 reset(new bool(true)); 1394 1395 bool result; 1396 ExpectPolicyStatus(EvalStatus::kSucceeded, 1397 &Policy::UpdateDownloadAllowed, &result); 1398 EXPECT_TRUE(result); 1399 } 1400 1401 TEST_F(UmChromeOSPolicyTest, 1402 UpdateCanStartAllowedScatteringSupressedDueToP2P) { 1403 // The UpdateCanStart policy returns true; scattering should have applied, but 1404 // P2P download is allowed. Scattering values are nonetheless returned, and so 1405 // are download URL values, albeit the latter are not allowed to be used. 1406 1407 SetUpdateCheckAllowed(false); 1408 fake_state_.device_policy_provider()->var_scatter_factor()->reset( 1409 new TimeDelta(TimeDelta::FromMinutes(2))); 1410 fake_state_.updater_provider()->var_p2p_enabled()->reset(new bool(true)); 1411 1412 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(1)); 1413 update_state.scatter_wait_period = TimeDelta::FromSeconds(35); 1414 1415 UpdateDownloadParams result; 1416 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, 1417 &result, update_state); 1418 EXPECT_TRUE(result.update_can_start); 1419 EXPECT_EQ(0, result.download_url_idx); 1420 EXPECT_FALSE(result.download_url_allowed); 1421 EXPECT_EQ(0, result.download_url_num_errors); 1422 EXPECT_TRUE(result.p2p_downloading_allowed); 1423 EXPECT_TRUE(result.p2p_sharing_allowed); 1424 EXPECT_FALSE(result.do_increment_failures); 1425 EXPECT_EQ(TimeDelta::FromSeconds(35), result.scatter_wait_period); 1426 EXPECT_EQ(0, result.scatter_check_threshold); 1427 } 1428 1429 TEST_F(UmChromeOSPolicyTest, 1430 UpdateCanStartAllowedBackoffSupressedDueToP2P) { 1431 // The UpdateCanStart policy returns true; backoff should have applied, but 1432 // P2P download is allowed. Backoff values are nonetheless returned, and so 1433 // are download URL values, albeit the latter are not allowed to be used. 1434 1435 SetUpdateCheckAllowed(false); 1436 1437 const Time curr_time = fake_clock_.GetWallclockTime(); 1438 UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromSeconds(10)); 1439 update_state.download_errors_max = 1; 1440 update_state.download_errors.emplace_back( 1441 0, ErrorCode::kDownloadTransferError, 1442 curr_time - TimeDelta::FromSeconds(8)); 1443 update_state.download_errors.emplace_back( 1444 0, ErrorCode::kDownloadTransferError, 1445 curr_time - TimeDelta::FromSeconds(2)); 1446 fake_state_.updater_provider()->var_p2p_enabled()->reset(new bool(true)); 1447 1448 UpdateDownloadParams result; 1449 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, 1450 update_state); 1451 EXPECT_TRUE(result.update_can_start); 1452 EXPECT_EQ(0, result.download_url_idx); 1453 EXPECT_FALSE(result.download_url_allowed); 1454 EXPECT_EQ(0, result.download_url_num_errors); 1455 EXPECT_TRUE(result.p2p_downloading_allowed); 1456 EXPECT_TRUE(result.p2p_sharing_allowed); 1457 EXPECT_TRUE(result.do_increment_failures); 1458 EXPECT_LT(curr_time, result.backoff_expiry); 1459 } 1460 1461 TEST_F(UmChromeOSPolicyTest, P2PEnabledNotAllowed) { 1462 bool result; 1463 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::P2PEnabled, &result); 1464 EXPECT_FALSE(result); 1465 } 1466 1467 TEST_F(UmChromeOSPolicyTest, P2PEnabledAllowedByDevicePolicy) { 1468 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset( 1469 new bool(true)); 1470 1471 bool result; 1472 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::P2PEnabled, &result); 1473 EXPECT_TRUE(result); 1474 } 1475 1476 TEST_F(UmChromeOSPolicyTest, P2PEnabledAllowedByUpdater) { 1477 fake_state_.updater_provider()->var_p2p_enabled()->reset(new bool(true)); 1478 1479 bool result; 1480 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::P2PEnabled, &result); 1481 EXPECT_TRUE(result); 1482 } 1483 1484 TEST_F(UmChromeOSPolicyTest, P2PEnabledAllowedDeviceEnterpriseEnrolled) { 1485 fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset(nullptr); 1486 fake_state_.device_policy_provider()->var_owner()->reset(nullptr); 1487 1488 bool result; 1489 ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::P2PEnabled, &result); 1490 EXPECT_TRUE(result); 1491 } 1492 1493 TEST_F(UmChromeOSPolicyTest, P2PEnabledChangedBlocks) { 1494 bool result; 1495 ExpectPolicyStatus(EvalStatus::kAskMeAgainLater, &Policy::P2PEnabledChanged, 1496 &result, false); 1497 } 1498 1499 } // namespace chromeos_update_manager 1500
