1 // Copyright 2017 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <gmock/gmock.h>
6 #include <gtest/gtest.h>
7
8 #include "policy/device_policy_impl.h"
9
10 #include "bindings/chrome_device_policy.pb.h"
11 #include "install_attributes/mock_install_attributes_reader.h"
12
13 namespace em = enterprise_management;
14
15 using testing::ElementsAre;
16
17 namespace policy {
18
19 class DevicePolicyImplTest : public testing::Test, public DevicePolicyImpl {
20 protected:
InitializePolicy(const char * device_mode,const em::ChromeDeviceSettingsProto & proto)21 void InitializePolicy(const char* device_mode,
22 const em::ChromeDeviceSettingsProto& proto) {
23 device_policy_.set_policy_for_testing(proto);
24 device_policy_.set_install_attributes_for_testing(
25 std::make_unique<MockInstallAttributesReader>(device_mode,
26 true /* initialized */));
27 }
28
29 DevicePolicyImpl device_policy_;
30 };
31
32 // Enterprise managed.
TEST_F(DevicePolicyImplTest,GetOwner_Managed)33 TEST_F(DevicePolicyImplTest, GetOwner_Managed) {
34 em::PolicyData policy_data;
35 policy_data.set_username("[email protected]");
36 policy_data.set_management_mode(em::PolicyData::ENTERPRISE_MANAGED);
37 device_policy_.set_policy_data_for_testing(policy_data);
38
39 std::string owner("something");
40 EXPECT_TRUE(device_policy_.GetOwner(&owner));
41 EXPECT_TRUE(owner.empty());
42 }
43
44 // Consumer owned.
TEST_F(DevicePolicyImplTest,GetOwner_Consumer)45 TEST_F(DevicePolicyImplTest, GetOwner_Consumer) {
46 em::PolicyData policy_data;
47 policy_data.set_username("[email protected]");
48 policy_data.set_management_mode(em::PolicyData::LOCAL_OWNER);
49 policy_data.set_request_token("codepath-must-ignore-dmtoken");
50 device_policy_.set_policy_data_for_testing(policy_data);
51
52 std::string owner;
53 EXPECT_TRUE(device_policy_.GetOwner(&owner));
54 EXPECT_EQ("[email protected]", owner);
55 }
56
57 // Consumer owned, username is missing.
TEST_F(DevicePolicyImplTest,GetOwner_ConsumerMissingUsername)58 TEST_F(DevicePolicyImplTest, GetOwner_ConsumerMissingUsername) {
59 em::PolicyData policy_data;
60 device_policy_.set_policy_data_for_testing(policy_data);
61
62 std::string owner("something");
63 EXPECT_FALSE(device_policy_.GetOwner(&owner));
64 EXPECT_EQ("something", owner);
65 }
66
67 // Enterprise managed, denoted by management_mode.
TEST_F(DevicePolicyImplTest,IsEnterpriseManaged_ManagementModeManaged)68 TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_ManagementModeManaged) {
69 em::PolicyData policy_data;
70 policy_data.set_management_mode(em::PolicyData::ENTERPRISE_MANAGED);
71 device_policy_.set_policy_data_for_testing(policy_data);
72
73 EXPECT_TRUE(device_policy_.IsEnterpriseManaged());
74 }
75
76 // Enterprise managed, fallback to DM token.
TEST_F(DevicePolicyImplTest,IsEnterpriseManaged_DMTokenManaged)77 TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_DMTokenManaged) {
78 em::PolicyData policy_data;
79 policy_data.set_request_token("abc");
80 device_policy_.set_policy_data_for_testing(policy_data);
81
82 EXPECT_TRUE(device_policy_.IsEnterpriseManaged());
83 }
84
85 // Consumer owned, denoted by management_mode.
TEST_F(DevicePolicyImplTest,IsEnterpriseManaged_ManagementModeConsumer)86 TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_ManagementModeConsumer) {
87 em::PolicyData policy_data;
88 policy_data.set_management_mode(em::PolicyData::LOCAL_OWNER);
89 policy_data.set_request_token("codepath-must-ignore-dmtoken");
90 device_policy_.set_policy_data_for_testing(policy_data);
91
92 EXPECT_FALSE(device_policy_.IsEnterpriseManaged());
93 }
94
95 // Consumer owned, fallback to interpreting absence of DM token.
TEST_F(DevicePolicyImplTest,IsEnterpriseManaged_DMTokenConsumer)96 TEST_F(DevicePolicyImplTest, IsEnterpriseManaged_DMTokenConsumer) {
97 em::PolicyData policy_data;
98 device_policy_.set_policy_data_for_testing(policy_data);
99
100 EXPECT_FALSE(device_policy_.IsEnterpriseManaged());
101 }
102
103 // RollbackAllowedMilestones is not set.
TEST_F(DevicePolicyImplTest,GetRollbackAllowedMilestones_NotSet)104 TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_NotSet) {
105 device_policy_.set_install_attributes_for_testing(
106 std::make_unique<MockInstallAttributesReader>(
107 InstallAttributesReader::kDeviceModeEnterprise, true));
108
109 int value = -1;
110 ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
111 EXPECT_EQ(4, value);
112 }
113
114 // RollbackAllowedMilestones is set to a valid value.
TEST_F(DevicePolicyImplTest,GetRollbackAllowedMilestones_Set)115 TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_Set) {
116 em::ChromeDeviceSettingsProto device_policy_proto;
117 em::AutoUpdateSettingsProto* auto_update_settings =
118 device_policy_proto.mutable_auto_update_settings();
119 auto_update_settings->set_rollback_allowed_milestones(3);
120 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
121 device_policy_proto);
122
123 int value = -1;
124 ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
125 EXPECT_EQ(3, value);
126 }
127
128 // RollbackAllowedMilestones is set to a valid value, using AD.
TEST_F(DevicePolicyImplTest,GetRollbackAllowedMilestones_SetAD)129 TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetAD) {
130 em::ChromeDeviceSettingsProto device_policy_proto;
131 em::AutoUpdateSettingsProto* auto_update_settings =
132 device_policy_proto.mutable_auto_update_settings();
133 auto_update_settings->set_rollback_allowed_milestones(3);
134 InitializePolicy(InstallAttributesReader::kDeviceModeEnterpriseAD,
135 device_policy_proto);
136 int value = -1;
137 ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
138 EXPECT_EQ(3, value);
139 }
140
141 // RollbackAllowedMilestones is set to a valid value, but it's not an enterprise
142 // device.
TEST_F(DevicePolicyImplTest,GetRollbackAllowedMilestones_SetConsumer)143 TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetConsumer) {
144 em::ChromeDeviceSettingsProto device_policy_proto;
145 em::AutoUpdateSettingsProto* auto_update_settings =
146 device_policy_proto.mutable_auto_update_settings();
147 auto_update_settings->set_rollback_allowed_milestones(3);
148 InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
149 device_policy_proto);
150
151 int value = -1;
152 ASSERT_FALSE(device_policy_.GetRollbackAllowedMilestones(&value));
153 }
154
155 // RollbackAllowedMilestones is set to an invalid value.
TEST_F(DevicePolicyImplTest,GetRollbackAllowedMilestones_SetTooLarge)156 TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetTooLarge) {
157 em::ChromeDeviceSettingsProto device_policy_proto;
158 em::AutoUpdateSettingsProto* auto_update_settings =
159 device_policy_proto.mutable_auto_update_settings();
160 auto_update_settings->set_rollback_allowed_milestones(10);
161 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
162 device_policy_proto);
163
164 int value = -1;
165 ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
166 EXPECT_EQ(4, value);
167 }
168
169 // RollbackAllowedMilestones is set to an invalid value.
TEST_F(DevicePolicyImplTest,GetRollbackAllowedMilestones_SetTooSmall)170 TEST_F(DevicePolicyImplTest, GetRollbackAllowedMilestones_SetTooSmall) {
171 em::ChromeDeviceSettingsProto device_policy_proto;
172 em::AutoUpdateSettingsProto* auto_update_settings =
173 device_policy_proto.mutable_auto_update_settings();
174 auto_update_settings->set_rollback_allowed_milestones(-1);
175 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
176 device_policy_proto);
177
178 int value = -1;
179 ASSERT_TRUE(device_policy_.GetRollbackAllowedMilestones(&value));
180 EXPECT_EQ(0, value);
181 }
182
183 // Update staging schedule has no values
TEST_F(DevicePolicyImplTest,GetDeviceUpdateStagingSchedule_NoValues)184 TEST_F(DevicePolicyImplTest, GetDeviceUpdateStagingSchedule_NoValues) {
185 em::ChromeDeviceSettingsProto device_policy_proto;
186 em::AutoUpdateSettingsProto* auto_update_settings =
187 device_policy_proto.mutable_auto_update_settings();
188 auto_update_settings->set_staging_schedule("[]");
189 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
190 device_policy_proto);
191
192 std::vector<DayPercentagePair> staging_schedule;
193 ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
194 EXPECT_EQ(0, staging_schedule.size());
195 }
196
197 // Update staging schedule has valid values
TEST_F(DevicePolicyImplTest,GetDeviceUpdateStagingSchedule_Valid)198 TEST_F(DevicePolicyImplTest, GetDeviceUpdateStagingSchedule_Valid) {
199 em::ChromeDeviceSettingsProto device_policy_proto;
200 em::AutoUpdateSettingsProto* auto_update_settings =
201 device_policy_proto.mutable_auto_update_settings();
202 auto_update_settings->set_staging_schedule(
203 "[{\"days\": 4, \"percentage\": 40}, {\"days\": 10, \"percentage\": "
204 "100}]");
205 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
206 device_policy_proto);
207
208 std::vector<DayPercentagePair> staging_schedule;
209 ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
210 EXPECT_THAT(staging_schedule, ElementsAre(DayPercentagePair{4, 40},
211 DayPercentagePair{10, 100}));
212 }
213
214 // Update staging schedule has valid values, set using AD.
TEST_F(DevicePolicyImplTest,GetDeviceUpdateStagingSchedule_Valid_AD)215 TEST_F(DevicePolicyImplTest, GetDeviceUpdateStagingSchedule_Valid_AD) {
216 em::ChromeDeviceSettingsProto device_policy_proto;
217 em::AutoUpdateSettingsProto* auto_update_settings =
218 device_policy_proto.mutable_auto_update_settings();
219 auto_update_settings->set_staging_schedule(
220 "[{\"days\": 4, \"percentage\": 40}, {\"days\": 10, \"percentage\": "
221 "100}]");
222 InitializePolicy(InstallAttributesReader::kDeviceModeEnterpriseAD,
223 device_policy_proto);
224
225 std::vector<DayPercentagePair> staging_schedule;
226 ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
227 EXPECT_THAT(staging_schedule, ElementsAre(DayPercentagePair{4, 40},
228 DayPercentagePair{10, 100}));
229 }
230
231 // Update staging schedule has values with values set larger than the max
232 // allowed days/percentage and smaller than the min allowed days/percentage.
TEST_F(DevicePolicyImplTest,GetDeviceUpdateStagingSchedule_SetOutsideAllowable)233 TEST_F(DevicePolicyImplTest,
234 GetDeviceUpdateStagingSchedule_SetOutsideAllowable) {
235 em::ChromeDeviceSettingsProto device_policy_proto;
236 em::AutoUpdateSettingsProto* auto_update_settings =
237 device_policy_proto.mutable_auto_update_settings();
238 auto_update_settings->set_staging_schedule(
239 "[{\"days\": -1, \"percentage\": -10}, {\"days\": 30, \"percentage\": "
240 "110}]");
241 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
242 device_policy_proto);
243
244 std::vector<DayPercentagePair> staging_schedule;
245 ASSERT_TRUE(device_policy_.GetDeviceUpdateStagingSchedule(&staging_schedule));
246 EXPECT_THAT(staging_schedule,
247 ElementsAre(DayPercentagePair{1, 0}, DayPercentagePair{28, 100}));
248 }
249
250 // Updates should only be disabled for enterprise managed devices.
TEST_F(DevicePolicyImplTest,GetUpdateDisabled_SetConsumer)251 TEST_F(DevicePolicyImplTest, GetUpdateDisabled_SetConsumer) {
252 em::ChromeDeviceSettingsProto device_policy_proto;
253 em::AutoUpdateSettingsProto* auto_update_settings =
254 device_policy_proto.mutable_auto_update_settings();
255 auto_update_settings->set_update_disabled(true);
256 InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
257 device_policy_proto);
258
259 bool value;
260 ASSERT_FALSE(device_policy_.GetUpdateDisabled(&value));
261 }
262
263 // Updates should only be pinned on enterprise managed devices.
TEST_F(DevicePolicyImplTest,GetTargetVersionPrefix_SetConsumer)264 TEST_F(DevicePolicyImplTest, GetTargetVersionPrefix_SetConsumer) {
265 em::ChromeDeviceSettingsProto device_policy_proto;
266 em::AutoUpdateSettingsProto* auto_update_settings =
267 device_policy_proto.mutable_auto_update_settings();
268 auto_update_settings->set_target_version_prefix("hello");
269 InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
270 device_policy_proto);
271
272 std::string value = "";
273 ASSERT_FALSE(device_policy_.GetTargetVersionPrefix(&value));
274 }
275
276 // The allowed connection types should only be changed in enterprise devices.
TEST_F(DevicePolicyImplTest,GetAllowedConnectionTypesForUpdate_SetConsumer)277 TEST_F(DevicePolicyImplTest, GetAllowedConnectionTypesForUpdate_SetConsumer) {
278 em::ChromeDeviceSettingsProto device_policy_proto;
279 em::AutoUpdateSettingsProto* auto_update_settings =
280 device_policy_proto.mutable_auto_update_settings();
281 auto_update_settings->add_allowed_connection_types(
282 em::AutoUpdateSettingsProto::CONNECTION_TYPE_ETHERNET);
283 InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
284 device_policy_proto);
285
286 std::set<std::string> value;
287 ASSERT_FALSE(device_policy_.GetAllowedConnectionTypesForUpdate(&value));
288 }
289
290 // Update time restrictions should only be used in enterprise devices.
TEST_F(DevicePolicyImplTest,GetDisallowedTimeIntervals_SetConsumer)291 TEST_F(DevicePolicyImplTest, GetDisallowedTimeIntervals_SetConsumer) {
292 em::ChromeDeviceSettingsProto device_policy_proto;
293 em::AutoUpdateSettingsProto* auto_update_settings =
294 device_policy_proto.mutable_auto_update_settings();
295 auto_update_settings->set_disallowed_time_intervals(
296 "[{\"start\": {\"day_of_week\": \"Monday\", \"hours\": 10, \"minutes\": "
297 "0}, \"end\": {\"day_of_week\": \"Monday\", \"hours\": 10, \"minutes\": "
298 "0}}]");
299 InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
300 device_policy_proto);
301
302 std::vector<WeeklyTimeInterval> value;
303 ASSERT_FALSE(device_policy_.GetDisallowedTimeIntervals(&value));
304 }
305
306 // |DeviceQuickFixBuildToken| is set when device is enterprise enrolled.
TEST_F(DevicePolicyImplTest,GetDeviceQuickFixBuildToken_Set)307 TEST_F(DevicePolicyImplTest, GetDeviceQuickFixBuildToken_Set) {
308 const char kToken[] = "some_token";
309
310 em::ChromeDeviceSettingsProto device_policy_proto;
311 em::AutoUpdateSettingsProto* auto_update_settings =
312 device_policy_proto.mutable_auto_update_settings();
313 auto_update_settings->set_device_quick_fix_build_token(kToken);
314 InitializePolicy(InstallAttributesReader::kDeviceModeEnterprise,
315 device_policy_proto);
316 std::string value;
317 EXPECT_TRUE(device_policy_.GetDeviceQuickFixBuildToken(&value));
318 EXPECT_EQ(value, kToken);
319 }
320
321 // If the device is not enterprise-enrolled, |GetDeviceQuickFixBuildToken|
322 // does not provide a token even if it is present in local device settings.
TEST_F(DevicePolicyImplTest,GetDeviceQuickFixBuildToken_NotSet)323 TEST_F(DevicePolicyImplTest, GetDeviceQuickFixBuildToken_NotSet) {
324 const char kToken[] = "some_token";
325
326 em::ChromeDeviceSettingsProto device_policy_proto;
327 em::AutoUpdateSettingsProto* auto_update_settings =
328 device_policy_proto.mutable_auto_update_settings();
329 auto_update_settings->set_device_quick_fix_build_token(kToken);
330 InitializePolicy(InstallAttributesReader::kDeviceModeConsumer,
331 device_policy_proto);
332 std::string value;
333 EXPECT_FALSE(device_policy_.GetDeviceQuickFixBuildToken(&value));
334 EXPECT_TRUE(value.empty());
335 }
336
337 // Should only write a value and return true if the ID is present.
TEST_F(DevicePolicyImplTest,GetDeviceDirectoryApiId_Set)338 TEST_F(DevicePolicyImplTest, GetDeviceDirectoryApiId_Set) {
339 constexpr char kDummyDeviceId[] = "aa-bb-cc-dd";
340
341 em::PolicyData policy_data;
342 policy_data.set_directory_api_id(kDummyDeviceId);
343
344 device_policy_.set_policy_data_for_testing(policy_data);
345
346 std::string id;
347 EXPECT_TRUE(device_policy_.GetDeviceDirectoryApiId(&id));
348 EXPECT_EQ(kDummyDeviceId, id);
349 }
350
TEST_F(DevicePolicyImplTest,GetDeviceDirectoryApiId_NotSet)351 TEST_F(DevicePolicyImplTest, GetDeviceDirectoryApiId_NotSet) {
352 em::PolicyData policy_data;
353 device_policy_.set_policy_data_for_testing(policy_data);
354
355 std::string id;
356 EXPECT_FALSE(device_policy_.GetDeviceDirectoryApiId(&id));
357 EXPECT_TRUE(id.empty());
358 }
359
360 } // namespace policy
361