user_cloud_policy_store_chromeos_unittest.cc revision 7dbb3d5cf0c15f500944d211057644d6a2f37371
1// Copyright (c) 2012 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "chrome/browser/chromeos/policy/user_cloud_policy_store_chromeos.h" 6 7#include <vector> 8 9#include "base/basictypes.h" 10#include "base/bind.h" 11#include "base/file_util.h" 12#include "base/files/scoped_temp_dir.h" 13#include "base/memory/scoped_ptr.h" 14#include "base/message_loop.h" 15#include "base/threading/sequenced_worker_pool.h" 16#include "chrome/browser/policy/cloud/cloud_policy_constants.h" 17#include "chrome/browser/policy/cloud/mock_cloud_policy_store.h" 18#include "chrome/browser/policy/cloud/policy_builder.h" 19#include "chrome/browser/policy/proto/cloud/device_management_local.pb.h" 20#include "chromeos/dbus/mock_cryptohome_client.h" 21#include "chromeos/dbus/mock_session_manager_client.h" 22#include "content/public/test/test_browser_thread.h" 23#include "policy/policy_constants.h" 24#include "policy/proto/cloud_policy.pb.h" 25#include "testing/gmock/include/gmock/gmock.h" 26#include "testing/gtest/include/gtest/gtest.h" 27 28namespace em = enterprise_management; 29 30using testing::AllOf; 31using testing::AnyNumber; 32using testing::Eq; 33using testing::Mock; 34using testing::Property; 35using testing::SaveArg; 36using testing::_; 37 38namespace policy { 39 40namespace { 41 42const char kLegacyDeviceId[] = "legacy-device-id"; 43const char kLegacyToken[] = "legacy-token"; 44const char kSanitizedUsername[] = "0123456789ABCDEF0123456789ABCDEF012345678"; 45const char kDefaultHomepage[] = "http://chromium.org"; 46 47ACTION_P2(SendSanitizedUsername, call_status, sanitized_username) { 48 base::MessageLoop::current()->PostTask( 49 FROM_HERE, base::Bind(arg1, call_status, sanitized_username)); 50} 51 52class UserCloudPolicyStoreChromeOSTest : public testing::Test { 53 protected: 54 UserCloudPolicyStoreChromeOSTest() 55 : loop_(base::MessageLoop::TYPE_UI), 56 ui_thread_(content::BrowserThread::UI, &loop_), 57 file_thread_(content::BrowserThread::FILE, &loop_) {} 58 59 virtual void SetUp() OVERRIDE { 60 EXPECT_CALL(cryptohome_client_, 61 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) 62 .Times(AnyNumber()) 63 .WillRepeatedly( 64 SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_SUCCESS, 65 kSanitizedUsername)); 66 67 ASSERT_TRUE(tmp_dir_.CreateUniqueTempDir()); 68 store_.reset(new UserCloudPolicyStoreChromeOS(&cryptohome_client_, 69 &session_manager_client_, 70 PolicyBuilder::kFakeUsername, 71 user_policy_dir(), 72 token_file(), 73 policy_file())); 74 store_->AddObserver(&observer_); 75 76 // Install the initial public key, so that by default the validation of 77 // the stored/loaded policy blob succeeds. 78 std::vector<uint8> public_key; 79 ASSERT_TRUE(policy_.signing_key()->ExportPublicKey(&public_key)); 80 StoreUserPolicyKey(public_key); 81 82 policy_.payload().mutable_homepagelocation()->set_value(kDefaultHomepage); 83 policy_.Build(); 84 } 85 86 virtual void TearDown() OVERRIDE { 87 store_->RemoveObserver(&observer_); 88 store_.reset(); 89 RunUntilIdle(); 90 } 91 92 // Install an expectation on |observer_| for an error code. 93 void ExpectError(CloudPolicyStore::Status error) { 94 EXPECT_CALL(observer_, 95 OnStoreError(AllOf(Eq(store_.get()), 96 Property(&CloudPolicyStore::status, 97 Eq(error))))); 98 } 99 100 // Triggers a store_->Load() operation, handles the expected call to 101 // |session_manager_client_| and sends |response|. 102 void PerformPolicyLoad(const std::string& response) { 103 // Issue a load command. 104 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; 105 EXPECT_CALL(session_manager_client_, 106 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _)) 107 .WillOnce(SaveArg<1>(&retrieve_callback)); 108 store_->Load(); 109 RunUntilIdle(); 110 Mock::VerifyAndClearExpectations(&session_manager_client_); 111 ASSERT_FALSE(retrieve_callback.is_null()); 112 113 // Run the callback. 114 retrieve_callback.Run(response); 115 RunUntilIdle(); 116 } 117 118 // Verifies that store_->policy_map() has the HomepageLocation entry with 119 // the |expected_value|. 120 void VerifyPolicyMap(const char* expected_value) { 121 EXPECT_EQ(1U, store_->policy_map().size()); 122 const PolicyMap::Entry* entry = 123 store_->policy_map().Get(key::kHomepageLocation); 124 ASSERT_TRUE(entry); 125 EXPECT_TRUE(base::StringValue(expected_value).Equals(entry->value)); 126 } 127 128 void StoreUserPolicyKey(const std::vector<uint8>& public_key) { 129 ASSERT_TRUE(file_util::CreateDirectory(user_policy_key_file().DirName())); 130 ASSERT_TRUE( 131 file_util::WriteFile(user_policy_key_file(), 132 reinterpret_cast<const char*>(public_key.data()), 133 public_key.size())); 134 } 135 136 // Stores the current |policy_| and verifies that it is published. 137 // If |new_public_key| is set then it will be persisted after storing but 138 // before loading the policy, so that the signature validation can succeed. 139 // If |previous_value| is set then a previously existing policy with that 140 // value will be expected; otherwise no previous policy is expected. 141 // If |new_value| is set then a new policy with that value is expected after 142 // storing the |policy_| blob. 143 void PerformStorePolicy(const std::vector<uint8>* new_public_key, 144 const char* previous_value, 145 const char* new_value) { 146 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 147 EXPECT_CALL(session_manager_client_, 148 StorePolicyForUser(PolicyBuilder::kFakeUsername, 149 policy_.GetBlob(), _, _)) 150 .WillOnce(SaveArg<3>(&store_callback)); 151 store_->Store(policy_.policy()); 152 RunUntilIdle(); 153 Mock::VerifyAndClearExpectations(&session_manager_client_); 154 ASSERT_FALSE(store_callback.is_null()); 155 156 // The new policy shouldn't be present yet. 157 PolicyMap previous_policy; 158 EXPECT_EQ(previous_value != NULL, store_->policy() != NULL); 159 if (previous_value) { 160 previous_policy.Set(key::kHomepageLocation, 161 POLICY_LEVEL_MANDATORY, 162 POLICY_SCOPE_USER, 163 base::Value::CreateStringValue(previous_value), NULL); 164 } 165 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); 166 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 167 168 // Store the new public key so that the validation after the retrieve 169 // operation completes can verify the signature. 170 if (new_public_key) 171 StoreUserPolicyKey(*new_public_key); 172 173 // Let the store operation complete. 174 chromeos::SessionManagerClient::RetrievePolicyCallback retrieve_callback; 175 EXPECT_CALL(session_manager_client_, 176 RetrievePolicyForUser(PolicyBuilder::kFakeUsername, _)) 177 .WillOnce(SaveArg<1>(&retrieve_callback)); 178 store_callback.Run(true); 179 RunUntilIdle(); 180 EXPECT_TRUE(previous_policy.Equals(store_->policy_map())); 181 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 182 Mock::VerifyAndClearExpectations(&session_manager_client_); 183 ASSERT_FALSE(retrieve_callback.is_null()); 184 185 // Finish the retrieve callback. 186 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 187 retrieve_callback.Run(policy_.GetBlob()); 188 RunUntilIdle(); 189 ASSERT_TRUE(store_->policy()); 190 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 191 store_->policy()->SerializeAsString()); 192 VerifyPolicyMap(new_value); 193 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 194 } 195 196 void VerifyStoreHasValidationError() { 197 EXPECT_FALSE(store_->policy()); 198 EXPECT_TRUE(store_->policy_map().empty()); 199 EXPECT_EQ(CloudPolicyStore::STATUS_VALIDATION_ERROR, store_->status()); 200 } 201 202 void RunUntilIdle() { 203 loop_.RunUntilIdle(); 204 content::BrowserThread::GetBlockingPool()->FlushForTesting(); 205 loop_.RunUntilIdle(); 206 } 207 208 base::FilePath user_policy_dir() { 209 return tmp_dir_.path().AppendASCII("var_run_user_policy"); 210 } 211 212 base::FilePath user_policy_key_file() { 213 return user_policy_dir().AppendASCII(kSanitizedUsername) 214 .AppendASCII("policy.pub"); 215 } 216 217 base::FilePath token_file() { 218 return tmp_dir_.path().AppendASCII("token"); 219 } 220 221 base::FilePath policy_file() { 222 return tmp_dir_.path().AppendASCII("policy"); 223 } 224 225 base::MessageLoop loop_; 226 chromeos::MockCryptohomeClient cryptohome_client_; 227 chromeos::MockSessionManagerClient session_manager_client_; 228 UserPolicyBuilder policy_; 229 MockCloudPolicyStoreObserver observer_; 230 scoped_ptr<UserCloudPolicyStoreChromeOS> store_; 231 232 private: 233 content::TestBrowserThread ui_thread_; 234 content::TestBrowserThread file_thread_; 235 base::ScopedTempDir tmp_dir_; 236 237 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOSTest); 238}; 239 240TEST_F(UserCloudPolicyStoreChromeOSTest, InitialStore) { 241 // Start without any public key to trigger the initial key checks. 242 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); 243 // Make the policy blob contain a new public key. 244 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); 245 policy_.Build(); 246 std::vector<uint8> new_public_key; 247 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key)); 248 ASSERT_NO_FATAL_FAILURE( 249 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); 250} 251 252TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithExistingKey) { 253 ASSERT_NO_FATAL_FAILURE( 254 PerformStorePolicy(NULL, NULL, kDefaultHomepage)); 255} 256 257TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithRotation) { 258 // Make the policy blob contain a new public key. 259 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); 260 policy_.Build(); 261 std::vector<uint8> new_public_key; 262 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key)); 263 ASSERT_NO_FATAL_FAILURE( 264 PerformStorePolicy(&new_public_key, NULL, kDefaultHomepage)); 265} 266 267TEST_F(UserCloudPolicyStoreChromeOSTest, StoreFail) { 268 // Store policy. 269 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 270 EXPECT_CALL(session_manager_client_, 271 StorePolicyForUser(PolicyBuilder::kFakeUsername, 272 policy_.GetBlob(), _, _)) 273 .WillOnce(SaveArg<3>(&store_callback)); 274 store_->Store(policy_.policy()); 275 RunUntilIdle(); 276 Mock::VerifyAndClearExpectations(&session_manager_client_); 277 ASSERT_FALSE(store_callback.is_null()); 278 279 // Let the store operation complete. 280 ExpectError(CloudPolicyStore::STATUS_STORE_ERROR); 281 store_callback.Run(false); 282 RunUntilIdle(); 283 EXPECT_FALSE(store_->policy()); 284 EXPECT_TRUE(store_->policy_map().empty()); 285 EXPECT_EQ(CloudPolicyStore::STATUS_STORE_ERROR, store_->status()); 286} 287 288TEST_F(UserCloudPolicyStoreChromeOSTest, StoreValidationError) { 289 policy_.policy_data().clear_policy_type(); 290 policy_.Build(); 291 292 // Store policy. 293 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 294 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 295 EXPECT_CALL(session_manager_client_, 296 StorePolicyForUser(PolicyBuilder::kFakeUsername, 297 policy_.GetBlob(), _, _)) 298 .Times(0); 299 store_->Store(policy_.policy()); 300 RunUntilIdle(); 301 Mock::VerifyAndClearExpectations(&session_manager_client_); 302} 303 304TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithoutPolicyKey) { 305 // Make the dbus call to cryptohome fail. 306 Mock::VerifyAndClearExpectations(&cryptohome_client_); 307 EXPECT_CALL(cryptohome_client_, 308 GetSanitizedUsername(PolicyBuilder::kFakeUsername, _)) 309 .Times(AnyNumber()) 310 .WillRepeatedly(SendSanitizedUsername(chromeos::DBUS_METHOD_CALL_FAILURE, 311 std::string())); 312 313 // Store policy. 314 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 315 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 316 EXPECT_CALL(session_manager_client_, 317 StorePolicyForUser(PolicyBuilder::kFakeUsername, 318 policy_.GetBlob(), _, _)) 319 .Times(0); 320 store_->Store(policy_.policy()); 321 RunUntilIdle(); 322 Mock::VerifyAndClearExpectations(&session_manager_client_); 323} 324 325TEST_F(UserCloudPolicyStoreChromeOSTest, StoreWithInvalidSignature) { 326 // Break the signature. 327 policy_.policy().mutable_policy_data_signature()->append("garbage"); 328 329 // Store policy. 330 chromeos::SessionManagerClient::StorePolicyCallback store_callback; 331 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 332 EXPECT_CALL(session_manager_client_, 333 StorePolicyForUser(PolicyBuilder::kFakeUsername, 334 policy_.GetBlob(), _, _)) 335 .Times(0); 336 store_->Store(policy_.policy()); 337 RunUntilIdle(); 338 Mock::VerifyAndClearExpectations(&session_manager_client_); 339} 340 341TEST_F(UserCloudPolicyStoreChromeOSTest, Load) { 342 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 343 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 344 Mock::VerifyAndClearExpectations(&observer_); 345 346 // Verify that the policy has been loaded. 347 ASSERT_TRUE(store_->policy()); 348 EXPECT_EQ(policy_.policy_data().SerializeAsString(), 349 store_->policy()->SerializeAsString()); 350 VerifyPolicyMap(kDefaultHomepage); 351 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 352} 353 354TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoPolicy) { 355 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 356 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 357 Mock::VerifyAndClearExpectations(&observer_); 358 359 // Verify no policy has been installed. 360 EXPECT_FALSE(store_->policy()); 361 EXPECT_TRUE(store_->policy_map().empty()); 362 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 363} 364 365TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidPolicy) { 366 ExpectError(CloudPolicyStore::STATUS_PARSE_ERROR); 367 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("invalid")); 368 369 // Verify no policy has been installed. 370 EXPECT_FALSE(store_->policy()); 371 EXPECT_TRUE(store_->policy_map().empty()); 372 EXPECT_EQ(CloudPolicyStore::STATUS_PARSE_ERROR, store_->status()); 373} 374 375TEST_F(UserCloudPolicyStoreChromeOSTest, LoadValidationError) { 376 policy_.policy_data().clear_policy_type(); 377 policy_.Build(); 378 379 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 380 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 381 VerifyStoreHasValidationError(); 382} 383 384TEST_F(UserCloudPolicyStoreChromeOSTest, LoadNoKey) { 385 // The loaded policy can't be verified without the public key. 386 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); 387 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 388 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 389 VerifyStoreHasValidationError(); 390} 391 392TEST_F(UserCloudPolicyStoreChromeOSTest, LoadInvalidSignature) { 393 // Break the signature. 394 policy_.policy().mutable_policy_data_signature()->append("garbage"); 395 ExpectError(CloudPolicyStore::STATUS_VALIDATION_ERROR); 396 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad(policy_.GetBlob())); 397 VerifyStoreHasValidationError(); 398} 399 400TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationFull) { 401 std::string data; 402 403 em::DeviceCredentials credentials; 404 credentials.set_device_token(kLegacyToken); 405 credentials.set_device_id(kLegacyDeviceId); 406 ASSERT_TRUE(credentials.SerializeToString(&data)); 407 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); 408 409 em::CachedCloudPolicyResponse cached_policy; 410 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); 411 ASSERT_TRUE(cached_policy.SerializeToString(&data)); 412 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); 413 414 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 415 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 416 Mock::VerifyAndClearExpectations(&observer_); 417 418 // Verify that legacy user policy and token have been loaded. 419 em::PolicyData expected_policy_data; 420 EXPECT_TRUE(expected_policy_data.ParseFromString( 421 cached_policy.cloud_policy().policy_data())); 422 expected_policy_data.clear_public_key_version(); 423 expected_policy_data.set_request_token(kLegacyToken); 424 expected_policy_data.set_device_id(kLegacyDeviceId); 425 ASSERT_TRUE(store_->policy()); 426 EXPECT_EQ(expected_policy_data.SerializeAsString(), 427 store_->policy()->SerializeAsString()); 428 VerifyPolicyMap(kDefaultHomepage); 429 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 430} 431 432TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoToken) { 433 std::string data; 434 testing::Sequence seq; 435 436 em::CachedCloudPolicyResponse cached_policy; 437 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); 438 ASSERT_TRUE(cached_policy.SerializeToString(&data)); 439 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); 440 441 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 442 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 443 Mock::VerifyAndClearExpectations(&observer_); 444 445 // Verify the legacy cache has been loaded. 446 em::PolicyData expected_policy_data; 447 EXPECT_TRUE(expected_policy_data.ParseFromString( 448 cached_policy.cloud_policy().policy_data())); 449 expected_policy_data.clear_public_key_version(); 450 ASSERT_TRUE(store_->policy()); 451 EXPECT_EQ(expected_policy_data.SerializeAsString(), 452 store_->policy()->SerializeAsString()); 453 VerifyPolicyMap(kDefaultHomepage); 454 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 455} 456 457TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationNoPolicy) { 458 std::string data; 459 460 em::DeviceCredentials credentials; 461 credentials.set_device_token(kLegacyToken); 462 credentials.set_device_id(kLegacyDeviceId); 463 ASSERT_TRUE(credentials.SerializeToString(&data)); 464 ASSERT_NE(-1, file_util::WriteFile(token_file(), data.c_str(), data.size())); 465 466 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 467 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 468 Mock::VerifyAndClearExpectations(&observer_); 469 470 // Verify that legacy user policy and token have been loaded. 471 em::PolicyData expected_policy_data; 472 expected_policy_data.set_request_token(kLegacyToken); 473 expected_policy_data.set_device_id(kLegacyDeviceId); 474 ASSERT_TRUE(store_->policy()); 475 EXPECT_EQ(expected_policy_data.SerializeAsString(), 476 store_->policy()->SerializeAsString()); 477 EXPECT_TRUE(store_->policy_map().empty()); 478 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 479} 480 481TEST_F(UserCloudPolicyStoreChromeOSTest, MigrationAndStoreNew) { 482 // Start without an existing public key. 483 ASSERT_TRUE(base::DeleteFile(user_policy_key_file(), false)); 484 485 std::string data; 486 em::CachedCloudPolicyResponse cached_policy; 487 cached_policy.mutable_cloud_policy()->CopyFrom(policy_.policy()); 488 ASSERT_TRUE(cached_policy.SerializeToString(&data)); 489 ASSERT_NE(-1, file_util::WriteFile(policy_file(), data.c_str(), data.size())); 490 491 EXPECT_CALL(observer_, OnStoreLoaded(store_.get())); 492 ASSERT_NO_FATAL_FAILURE(PerformPolicyLoad("")); 493 Mock::VerifyAndClearExpectations(&observer_); 494 495 // Verify the legacy cache has been loaded. 496 em::PolicyData expected_policy_data; 497 EXPECT_TRUE(expected_policy_data.ParseFromString( 498 cached_policy.cloud_policy().policy_data())); 499 expected_policy_data.clear_public_key_version(); 500 ASSERT_TRUE(store_->policy()); 501 EXPECT_EQ(expected_policy_data.SerializeAsString(), 502 store_->policy()->SerializeAsString()); 503 VerifyPolicyMap(kDefaultHomepage); 504 EXPECT_EQ(CloudPolicyStore::STATUS_OK, store_->status()); 505 EXPECT_TRUE(base::PathExists(policy_file())); 506 507 // Now store a new policy using the new homepage location. 508 const char kNewHomepage[] = "http://google.com"; 509 policy_.payload().mutable_homepagelocation()->set_value(kNewHomepage); 510 policy_.set_new_signing_key(PolicyBuilder::CreateTestNewSigningKey()); 511 policy_.Build(); 512 std::vector<uint8> new_public_key; 513 ASSERT_TRUE(policy_.new_signing_key()->ExportPublicKey(&new_public_key)); 514 ASSERT_NO_FATAL_FAILURE( 515 PerformStorePolicy(&new_public_key, kDefaultHomepage, kNewHomepage)); 516 VerifyPolicyMap(kNewHomepage); 517 518 // Verify that the legacy cache has been removed. 519 EXPECT_FALSE(base::PathExists(policy_file())); 520} 521 522} // namespace 523 524} // namespace policy 525