15f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Copyright 2014 The Chromium Authors. All rights reserved. 25f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// found in the LICENSE file. 45f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 55f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include <string> 65f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 75f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/command_line.h" 85f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/files/file_path.h" 91320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "base/files/file_util.h" 105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/json/json_file_value_serializer.h" 115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/memory/scoped_ptr.h" 125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/metrics/histogram_base.h" 135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/metrics/histogram_samples.h" 145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/metrics/statistics_recorder.h" 155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/path_service.h" 165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/prefs/pref_service.h" 175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/prefs/scoped_user_pref_update.h" 185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/strings/string_number_conversions.h" 195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/strings/string_util.h" 205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "base/values.h" 215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "build/build_config.h" 225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/extensions/extension_browsertest.h" 235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/extensions/extension_service.h" 245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/prefs/chrome_pref_service_factory.h" 255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/prefs/profile_pref_store_manager.h" 265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/prefs/session_startup_pref.h" 275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/profiles/profile.h" 285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/browser/ui/browser.h" 295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/common/chrome_constants.h" 305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/common/chrome_paths.h" 315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/common/pref_names.h" 325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chrome/test/base/testing_profile.h" 335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "components/search_engines/default_search_manager.h" 345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "content/public/common/content_switches.h" 355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "extensions/browser/pref_names.h" 365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "extensions/common/extension.h" 375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if defined(OS_CHROMEOS) 395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "chromeos/chromeos_switches.h" 405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif 415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)namespace { 435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Extension ID of chrome/test/data/extensions/good.crx 455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)const char kGoodCrxId[] = "ldnnhddmnhbkjipkidpdiheffobcpfmf"; 465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Explicit expectations from the caller of GetTrackedPrefHistogramCount(). This 485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// enables detailed reporting of the culprit on failure. 495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)enum AllowedBuckets { 505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Allow no samples in any buckets. 515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE = -1, 525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Any integer between BEGIN_ALLOW_SINGLE_BUCKET and END_ALLOW_SINGLE_BUCKET 535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // indicates that only this specific bucket is allowed to have a sample. 545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET = 0, 555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) END_ALLOW_SINGLE_BUCKET = 100, 565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Allow any buckets (no extra verifications performed). 575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_ANY 585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Returns the number of times |histogram_name| was reported so far; adding the 615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// results of the first 100 buckets (there are only ~19 reporting IDs as of this 625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// writing; varies depending on the platform). |allowed_buckets| hints at extra 635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// requirements verified in this method (see AllowedBuckets for details). 645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)int GetTrackedPrefHistogramCount(const char* histogram_name, 655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int allowed_buckets) { 665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::HistogramBase* histogram = 675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::StatisticsRecorder::FindHistogram(histogram_name); 685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!histogram) 695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return 0; 705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) scoped_ptr<base::HistogramSamples> samples(histogram->SnapshotSamples()); 725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int sum = 0; 735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) for (int i = 0; i < 100; ++i) { 745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int count_for_id = samples->GetCount(i); 755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_GE(count_for_id, 0); 765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) sum += count_for_id; 775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (allowed_buckets == ALLOW_NONE || 795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) (allowed_buckets != ALLOW_ANY && i != allowed_buckets)) { 805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, count_for_id) << "Unexpected reporting_id: " << i; 815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return sum; 845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)scoped_ptr<base::DictionaryValue> ReadPrefsDictionary( 875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::FilePath& pref_file) { 885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) JSONFileValueSerializer serializer(pref_file); 895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int error_code = JSONFileValueSerializer::JSON_NO_ERROR; 905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string error_str; 915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) scoped_ptr<base::Value> prefs( 925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) serializer.Deserialize(&error_code, &error_str)); 935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!prefs || error_code != JSONFileValueSerializer::JSON_NO_ERROR) { 945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ADD_FAILURE() << "Error #" << error_code << ": " << error_str; 955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return scoped_ptr<base::DictionaryValue>(); 965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!prefs->IsType(base::Value::TYPE_DICTIONARY)) { 985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ADD_FAILURE(); 995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return scoped_ptr<base::DictionaryValue>(); 1005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 1015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return scoped_ptr<base::DictionaryValue>( 1025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) static_cast<base::DictionaryValue*>(prefs.release())); 1035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} 1045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#define PREF_HASH_BROWSER_TEST(fixture, test_name) \ 1065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) IN_PROC_BROWSER_TEST_P(fixture, PRE_##test_name) { \ 1075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SetupPreferences(); \ 1085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } \ 1095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) IN_PROC_BROWSER_TEST_P(fixture, test_name) { \ 1105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) VerifyReactionToPrefAttack(); \ 1115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } \ 1125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) INSTANTIATE_TEST_CASE_P( \ 1135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fixture##Instance, \ 1145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fixture, \ 1155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) testing::Values( \ 1165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chrome_prefs::internals::kSettingsEnforcementGroupNoEnforcement, \ 1175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chrome_prefs::internals::kSettingsEnforcementGroupEnforceAlways, \ 1185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chrome_prefs::internals:: \ 1195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kSettingsEnforcementGroupEnforceAlwaysWithDSE, \ 1205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chrome_prefs::internals:: \ 1215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kSettingsEnforcementGroupEnforceAlwaysWithExtensionsAndDSE)); 1225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// A base fixture designed such that implementations do two things: 1245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// 1) Override all three pure-virtual methods below to setup, attack, and 1255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// verify preferenes throughout the tests provided by this fixture. 1265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// 2) Instantiate their test via the PREF_HASH_BROWSER_TEST macro above. 1275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Based on top of ExtensionBrowserTest to allow easy interaction with the 1285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// ExtensionService. 1295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestBase 1305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : public ExtensionBrowserTest, 1315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public testing::WithParamInterface<std::string> { 1325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 1335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // List of potential protection levels for this test in strict increasing 1345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // order of protection levels. 1355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) enum SettingsProtectionLevel { 1365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PROTECTION_DISABLED_ON_PLATFORM, 1375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PROTECTION_DISABLED_FOR_GROUP, 1385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PROTECTION_ENABLED_BASIC, 1395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PROTECTION_ENABLED_DSE, 1405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PROTECTION_ENABLED_EXTENSIONS, 1415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Represents the strongest level (i.e. always equivalent to the last one in 1425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // terms of protection), leave this one last when adding new levels. 1435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PROTECTION_ENABLED_ALL 1445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) }; 1455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PrefHashBrowserTestBase() 1475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : protection_level_(GetProtectionLevelFromTrialGroup(GetParam())) { 1485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 1495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 1515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ExtensionBrowserTest::SetUpCommandLine(command_line); 1525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(command_line->HasSwitch(switches::kForceFieldTrials)); 1535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) command_line->AppendSwitchASCII( 1545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) switches::kForceFieldTrials, 1555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string(chrome_prefs::internals::kSettingsEnforcementTrialName) + 1565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "/" + GetParam() + "/"); 1575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if defined(OS_CHROMEOS) 1585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) command_line->AppendSwitch( 1595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chromeos::switches::kIgnoreUserProfileMappingForTests); 1605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif 1615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 1625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual bool SetUpUserDataDirectory() OVERRIDE { 1645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Do the normal setup in the PRE test and attack preferences in the main 1655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // test. 1665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (IsPRETest()) 1675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return ExtensionBrowserTest::SetUpUserDataDirectory(); 1685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if defined(OS_CHROMEOS) 1705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // For some reason, the Preferences file does not exist in the location 1715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // below on Chrome OS. Since protection is disabled on Chrome OS, it's okay 1725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // to simply not attack preferences at all (and still assert that no 1735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // hardening related histogram kicked in in VerifyReactionToPrefAttack()). 1745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // TODO(gab): Figure out why there is no Preferences file in this location 1755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // on Chrome OS (and re-enable the section disabled for OS_CHROMEOS further 1765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // below). 1775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(PROTECTION_DISABLED_ON_PLATFORM, protection_level_); 1785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return true; 1795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif 1805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::FilePath profile_dir; 1825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(PathService::Get(chrome::DIR_USER_DATA, &profile_dir)); 1835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile_dir = profile_dir.AppendASCII(TestingProfile::kTestUserProfileDir); 1845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Sanity check that old protected pref file is never present in modern 1865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Chromes. 1875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_FALSE(base::PathExists( 1885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile_dir.Append(chrome::kProtectedPreferencesFilenameDeprecated))); 1895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Read the preferences from disk. 1915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::FilePath unprotected_pref_file = 1935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile_dir.Append(chrome::kPreferencesFilename); 1945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(base::PathExists(unprotected_pref_file)); 1955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::FilePath protected_pref_file = 1975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile_dir.Append(chrome::kSecurePreferencesFilename); 1985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM, 1995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::PathExists(protected_pref_file)); 2005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) scoped_ptr<base::DictionaryValue> unprotected_preferences( 2025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ReadPrefsDictionary(unprotected_pref_file)); 2035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!unprotected_preferences) 2045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return false; 2055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) scoped_ptr<base::DictionaryValue> protected_preferences; 2075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (protection_level_ > PROTECTION_DISABLED_ON_PLATFORM) { 2085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protected_preferences = ReadPrefsDictionary(protected_pref_file); 2095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!protected_preferences) 2105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return false; 2115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 2125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Let the underlying test modify the preferences. 2145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) AttackPreferencesOnDisk(unprotected_preferences.get(), 2155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protected_preferences.get()); 2165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Write the modified preferences back to disk. 2185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) JSONFileValueSerializer unprotected_prefs_serializer(unprotected_pref_file); 2205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE( 2215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) unprotected_prefs_serializer.Serialize(*unprotected_preferences)); 2225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (protected_preferences) { 2245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) JSONFileValueSerializer protected_prefs_serializer(protected_pref_file); 2255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(protected_prefs_serializer.Serialize(*protected_preferences)); 2265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 2275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return true; 2295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 2305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetUpInProcessBrowserTestFixture() OVERRIDE { 2325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ExtensionBrowserTest::SetUpInProcessBrowserTestFixture(); 2335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Bots are on a domain, turn off the domain check for settings hardening in 2355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // order to be able to test all SettingsEnforcement groups. 2365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) chrome_prefs::DisableDelaysAndDomainCheckForTesting(); 2375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 2385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // In the PRE_ test, find the number of tracked preferences that were 2405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // initialized and save it to a file to be read back in the main test and used 2415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // as the total number of tracked preferences. 2425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetUpOnMainThread() OVERRIDE { 2435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ExtensionBrowserTest::SetUpOnMainThread(); 2445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // File in which the PRE_ test will save the number of tracked preferences 2465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // on this platform. 2475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const char kNumTrackedPrefFilename[] = "NumTrackedPrefs"; 2485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::FilePath num_tracked_prefs_file; 2505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ASSERT_TRUE( 2515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PathService::Get(chrome::DIR_USER_DATA, &num_tracked_prefs_file)); 2525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_file = 2535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_file.AppendASCII(kNumTrackedPrefFilename); 2545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (IsPRETest()) { 2565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_ = GetTrackedPrefHistogramCount( 2575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceTrustedInitialized", ALLOW_ANY); 2585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM, 2595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_ > 0); 2605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Split tracked prefs are reported as Unchanged not as TrustedInitialized 2625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // when an empty dictionary is encountered on first run (this should only 2635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // hit for pref #5 in the current design). 2645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int num_split_tracked_prefs = GetTrackedPrefHistogramCount( 2655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceUnchanged", BEGIN_ALLOW_SINGLE_BUCKET + 5); 2665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM ? 1 : 0, 2675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_split_tracked_prefs); 2685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_ += num_split_tracked_prefs; 2705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string num_tracked_prefs_str = base::IntToString(num_tracked_prefs_); 2725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(static_cast<int>(num_tracked_prefs_str.size()), 2735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::WriteFile(num_tracked_prefs_file, 2745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_str.c_str(), 2755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_tracked_prefs_str.size())); 2765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } else { 2775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) std::string num_tracked_prefs_str; 2785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(base::ReadFileToString(num_tracked_prefs_file, 2795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) &num_tracked_prefs_str)); 2805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE( 2815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::StringToInt(num_tracked_prefs_str, &num_tracked_prefs_)); 2825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 2835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 2845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protected: 2865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Called from the PRE_ test's body. Overrides should use it to setup 2875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // preferences through Chrome. 2885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() = 0; 2895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Called prior to the main test launching its browser. Overrides should use 2915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // it to attack preferences. |(un)protected_preferences| represent the state 2925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // on disk prior to launching the main test, they can be modified by this 2935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // method and modifications will be flushed back to disk before launching the 2945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // main test. |unprotected_preferences| is never NULL, |protected_preferences| 2955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // may be NULL if in PROTECTION_DISABLED_ON_PLATFORM mode. 2965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void AttackPreferencesOnDisk( 2975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* unprotected_preferences, 2985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* protected_preferences) = 0; 2995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Called from the body of the main test. Overrides should use it to verify 3015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // that the browser had the desired reaction when faced when the attack 3025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // orchestrated in AttackPreferencesOnDisk(). 3035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() = 0; 3045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int num_tracked_prefs() const { return num_tracked_prefs_; } 3065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const SettingsProtectionLevel protection_level_; 3085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) private: 3105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Returns true if this is the PRE_ phase of the test. 3115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) bool IsPRETest() { 3125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return StartsWithASCII( 3135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) testing::UnitTest::GetInstance()->current_test_info()->name(), 3145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "PRE_", 3155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) true /* case_sensitive */); 3165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 3175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SettingsProtectionLevel GetProtectionLevelFromTrialGroup( 3195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const std::string& trial_group) { 3205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (!ProfilePrefStoreManager::kPlatformSupportsPreferenceTracking) 3215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_DISABLED_ON_PLATFORM; 3225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Protection levels can't be adjusted via --force-fieldtrials in official 3245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// builds. 3255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if defined(OFFICIAL_BUILD) 3265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if defined(OS_WIN) 3285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // The strongest mode is enforced on Windows in the absence of a field 3295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // trial. 3305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_ENABLED_ALL; 3315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#else 3325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_DISABLED_FOR_GROUP; 3335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif 3345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#else // defined(OFFICIAL_BUILD) 3365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) using namespace chrome_prefs::internals; 3385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (trial_group == kSettingsEnforcementGroupNoEnforcement) { 3395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_DISABLED_FOR_GROUP; 3405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } else if (trial_group == kSettingsEnforcementGroupEnforceAlways) { 3415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_ENABLED_BASIC; 3425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } else if (trial_group == kSettingsEnforcementGroupEnforceAlwaysWithDSE) { 3435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_ENABLED_DSE; 3445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } else if (trial_group == 3455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) kSettingsEnforcementGroupEnforceAlwaysWithExtensionsAndDSE) { 3465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return PROTECTION_ENABLED_EXTENSIONS; 3475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } else { 3485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ADD_FAILURE(); 3495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) return static_cast<SettingsProtectionLevel>(-1); 3505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 3515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif // defined(OFFICIAL_BUILD) 3535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 3555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int num_tracked_prefs_; 3575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 3585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)} // namespace 3605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that nothing is reset when nothing is tampered with. 3625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Also sanity checks that the expected preferences files are in place. 3635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestUnchangedDefault : public PrefHashBrowserTestBase { 3645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 3655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() OVERRIDE { 3665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Default Chrome setup. 3675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 3685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void AttackPreferencesOnDisk( 3705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* unprotected_preferences, 3715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* protected_preferences) OVERRIDE { 3725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // No attack. 3735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 3745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() OVERRIDE { 3765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Expect all prefs to be reported as Unchanged with no resets. 3775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM 3785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ? num_tracked_prefs() : 0, 3795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 3805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceUnchanged", ALLOW_ANY)); 3815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 3825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 3835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceWantedReset", ALLOW_NONE)); 3845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 3855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 3865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 3875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 3885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Nothing else should have triggered. 3895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 3905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 3915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 3925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 3935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 3945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 3955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 3965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 3975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceInitialized", ALLOW_NONE)); 3985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 3995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceTrustedInitialized", ALLOW_NONE)); 4015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 4025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 0, 4035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 4055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 4065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 4075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)PREF_HASH_BROWSER_TEST(PrefHashBrowserTestUnchangedDefault, UnchangedDefault); 4095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Augments PrefHashBrowserTestUnchangedDefault to confirm that nothing is reset 4115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// when nothing is tampered with, even if Chrome itself wrote custom prefs in 4125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// its last run. 4135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestUnchangedCustom 4145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : public PrefHashBrowserTestUnchangedDefault { 4155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 4165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() OVERRIDE { 4175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs()->SetString(prefs::kHomePage, "http://example.com"); 4185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) InstallExtensionWithUIAutoConfirm( 4205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) test_data_dir_.AppendASCII("good.crx"), 1, browser()); 4215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 4225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() OVERRIDE { 4245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Make sure the settings written in the last run stuck. 4255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ("http://example.com", 4265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs()->GetString(prefs::kHomePage)); 4275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(extension_service()->GetExtensionById(kGoodCrxId, false)); 4295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Reaction should be identical to unattacked default prefs. 4315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) PrefHashBrowserTestUnchangedDefault::VerifyReactionToPrefAttack(); 4325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 4335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 4345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)PREF_HASH_BROWSER_TEST(PrefHashBrowserTestUnchangedCustom, UnchangedCustom); 4365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that cleared prefs are reported. 4385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestClearedAtomic : public PrefHashBrowserTestBase { 4395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 4405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() OVERRIDE { 4415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs()->SetString(prefs::kHomePage, "http://example.com"); 4425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 4435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void AttackPreferencesOnDisk( 4455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* unprotected_preferences, 4465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* protected_preferences) OVERRIDE { 4475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* selected_prefs = 4485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protection_level_ >= PROTECTION_ENABLED_BASIC ? protected_preferences 4495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : unprotected_preferences; 4505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // |selected_prefs| should never be NULL under the protection level picking 4515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // it. 4525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(selected_prefs); 4535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(selected_prefs->Remove(prefs::kHomePage, NULL)); 4545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 4555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() OVERRIDE { 4575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // The clearance of homepage should have been noticed (as pref #2 being 4585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // cleared), but shouldn't have triggered a reset (as there is nothing we 4595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // can do when the pref is already gone). 4605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM ? 1 : 0, 4615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 4625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 2)); 4635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM 4645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ? num_tracked_prefs() - 1 : 0, 4655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceUnchanged", ALLOW_ANY)); 4675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 4685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceWantedReset", ALLOW_NONE)); 4705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 4715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 4725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 4735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Nothing else should have triggered. 4755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 4765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 4775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 4785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 4795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceInitialized", ALLOW_NONE)); 4815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 4825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceTrustedInitialized", ALLOW_NONE)); 4845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 4855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 0, 4865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 4875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 4885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 4895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 4905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)PREF_HASH_BROWSER_TEST(PrefHashBrowserTestClearedAtomic, ClearedAtomic); 4925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 4935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that clearing the MACs results in untrusted Initialized pings for 4945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// non-null protected prefs. 4955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestUntrustedInitialized : public PrefHashBrowserTestBase { 4965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 4975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() OVERRIDE { 4985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Explicitly set the DSE (it's otherwise NULL by default, preventing 4995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // thorough testing of the PROTECTION_ENABLED_DSE level). 5005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) DefaultSearchManager default_search_manager( 5015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs(), DefaultSearchManager::ObserverCallback()); 5025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) DefaultSearchManager::Source dse_source = 5035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) static_cast<DefaultSearchManager::Source>(-1); 5045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const TemplateURLData* default_template_url_data = 5065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) default_search_manager.GetDefaultSearchEngine(&dse_source); 5075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(DefaultSearchManager::FROM_FALLBACK, dse_source); 5085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) default_search_manager.SetUserSelectedDefaultSearchEngine( 5105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) *default_template_url_data); 5115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) default_search_manager.GetDefaultSearchEngine(&dse_source); 5135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(DefaultSearchManager::FROM_USER, dse_source); 5145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Also explicitly set an atomic pref that falls under 5165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // PROTECTION_ENABLED_BASIC. 5175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs()->SetInteger(prefs::kRestoreOnStartup, 5185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SessionStartupPref::URLS); 5195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 5205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void AttackPreferencesOnDisk( 5225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* unprotected_preferences, 5235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* protected_preferences) OVERRIDE { 5245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(unprotected_preferences->Remove("protection.macs", NULL)); 5255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (protected_preferences) 5265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(protected_preferences->Remove("protection.macs", NULL)); 5275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 5285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() OVERRIDE { 5305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Preferences that are NULL by default will be TrustedInitialized. 5315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int num_null_values = GetTrackedPrefHistogramCount( 5325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceTrustedInitialized", ALLOW_ANY); 5335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM, 5345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_null_values > 0); 5355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) if (num_null_values > 0) { 5365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // This test requires that at least 3 prefs be non-null (extensions, DSE, 5375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // and 1 atomic pref explictly set for this test above). 5385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_LT(num_null_values, num_tracked_prefs() - 3); 5395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 5405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Expect all non-null prefs to be reported as Initialized (with 5425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // accompanying resets or wanted resets based on the current protection 5435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // level). 5445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(num_tracked_prefs() - num_null_values, 5455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 5465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceInitialized", ALLOW_ANY)); 5475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int num_protected_prefs = 0; 5495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // A switch statement falling through each protection level in decreasing 5505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // levels of protection to add expectations for each level which augments 5515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // the previous one. 5525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) switch (protection_level_) { 5535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) case PROTECTION_ENABLED_ALL: 5545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Falls through. 5555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) case PROTECTION_ENABLED_EXTENSIONS: 5565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ++num_protected_prefs; 5575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Falls through. 5585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) case PROTECTION_ENABLED_DSE: 5595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ++num_protected_prefs; 5605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Falls through. 5615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) case PROTECTION_ENABLED_BASIC: 5625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) num_protected_prefs += num_tracked_prefs() - num_null_values - 2; 5635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Falls through. 5645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) case PROTECTION_DISABLED_FOR_GROUP: 5655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // No protection. Falls through. 5665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) case PROTECTION_DISABLED_ON_PLATFORM: 5675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // No protection. 5685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) break; 5695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 5705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(num_tracked_prefs() - num_null_values - num_protected_prefs, 5725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 5735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceWantedReset", ALLOW_ANY)); 5745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(num_protected_prefs, 5755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 5765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_ANY)); 5775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Explicitly verify the result of reported resets. 5795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) DefaultSearchManager default_search_manager( 5815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs(), DefaultSearchManager::ObserverCallback()); 5825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) DefaultSearchManager::Source dse_source = 5835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) static_cast<DefaultSearchManager::Source>(-1); 5845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) default_search_manager.GetDefaultSearchEngine(&dse_source); 5855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ < PROTECTION_ENABLED_DSE 5865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ? DefaultSearchManager::FROM_USER 5875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : DefaultSearchManager::FROM_FALLBACK, 5885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) dse_source); 5895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ < PROTECTION_ENABLED_BASIC, 5915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs()->GetInteger(prefs::kRestoreOnStartup) == 5925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SessionStartupPref::URLS); 5935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 5945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Nothing else should have triggered. 5955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 5965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 5975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceUnchanged", ALLOW_NONE)); 5985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 5995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 6005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 6015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 6025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 6035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 6045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 6055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 0, 6065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 6075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 6085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 6095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 6105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)PREF_HASH_BROWSER_TEST(PrefHashBrowserTestUntrustedInitialized, 6125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) UntrustedInitialized); 6135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that changing an atomic pref results in it being reported (and reset 6155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// if the protection level allows it). 6165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestChangedAtomic : public PrefHashBrowserTestBase { 6175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 6185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() OVERRIDE { 6195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile()->GetPrefs()->SetInteger(prefs::kRestoreOnStartup, 6205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) SessionStartupPref::URLS); 6215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ListPrefUpdate update(profile()->GetPrefs(), 6235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) prefs::kURLsToRestoreOnStartup); 6245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) update->AppendString("http://example.com"); 6255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 6265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void AttackPreferencesOnDisk( 6285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* unprotected_preferences, 6295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* protected_preferences) OVERRIDE { 6305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* selected_prefs = 6315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protection_level_ >= PROTECTION_ENABLED_BASIC ? protected_preferences 6325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : unprotected_preferences; 6335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // |selected_prefs| should never be NULL under the protection level picking 6345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // it. 6355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(selected_prefs); 6365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::ListValue* startup_urls; 6375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE( 6385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) selected_prefs->GetList(prefs::kURLsToRestoreOnStartup, &startup_urls)); 6395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(startup_urls); 6405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(1U, startup_urls->GetSize()); 6415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) startup_urls->AppendString("http://example.org"); 6425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 6435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() OVERRIDE { 6455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Expect a single Changed event for tracked pref #4 (startup URLs). 6465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM ? 1 : 0, 6475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 6485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 4)); 6495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM 6505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ? num_tracked_prefs() - 1 : 0, 6515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 6525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceUnchanged", ALLOW_ANY)); 6535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 6555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) (protection_level_ > PROTECTION_DISABLED_ON_PLATFORM && 6565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protection_level_ < PROTECTION_ENABLED_BASIC) ? 1 : 0, 6575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceWantedReset", 6585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 4)); 6595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ >= PROTECTION_ENABLED_BASIC ? 1 : 0, 6605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 6615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 4)); 6625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// TODO(gab): This doesn't work on OS_CHROMEOS because we fail to attack 6645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Preferences. 6655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#if !defined(OS_CHROMEOS) 6665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Explicitly verify the result of reported resets. 6675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ >= PROTECTION_ENABLED_BASIC ? 0U : 2U, 6685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) profile() 6695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ->GetPrefs() 6705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ->GetList(prefs::kURLsToRestoreOnStartup) 6715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ->GetSize()); 6725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#endif 6735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Nothing else should have triggered. 6755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 6765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 6775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 6785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 6795f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 6805f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceInitialized", ALLOW_NONE)); 6815f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 6825f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 6835f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceTrustedInitialized", ALLOW_NONE)); 6845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 6855f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 0, 6865f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 6875f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 6885f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 6895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 6905f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)PREF_HASH_BROWSER_TEST(PrefHashBrowserTestChangedAtomic, ChangedAtomic); 6925f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 6935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// Verifies that changing or adding an entry in a split pref results in both 6945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)// items being reported (and remove if the protection level allows it). 6955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)class PrefHashBrowserTestChangedSplitPref : public PrefHashBrowserTestBase { 6965f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) public: 6975f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetupPreferences() OVERRIDE { 6985f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) InstallExtensionWithUIAutoConfirm( 6995f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) test_data_dir_.AppendASCII("good.crx"), 1, browser()); 7005f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 7015f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7025f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void AttackPreferencesOnDisk( 7035f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* unprotected_preferences, 7045f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* protected_preferences) OVERRIDE { 7055f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* selected_prefs = 7065f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protection_level_ >= PROTECTION_ENABLED_EXTENSIONS 7075f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ? protected_preferences 7085f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) : unprotected_preferences; 7095f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // |selected_prefs| should never be NULL under the protection level picking 7105f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // it. 7115f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(selected_prefs); 7125f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* extensions_dict; 7135f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(selected_prefs->GetDictionary( 7145f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) extensions::pref_names::kExtensions, &extensions_dict)); 7155f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(extensions_dict); 7165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Tamper with any installed setting for good.crx 7185f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* good_crx_dict; 7195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(extensions_dict->GetDictionary(kGoodCrxId, &good_crx_dict)); 7205f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) int good_crx_state; 7215f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_TRUE(good_crx_dict->GetInteger("state", &good_crx_state)); 7225f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(extensions::Extension::ENABLED, good_crx_state); 7235f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) good_crx_dict->SetInteger("state", extensions::Extension::DISABLED); 7245f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7255f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Drop a fake extension (for the purpose of this test, dropped settings 7265f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // don't need to be valid extension settings). 7275f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::DictionaryValue* fake_extension = new base::DictionaryValue; 7285f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) fake_extension->SetString("name", "foo"); 7295f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) extensions_dict->Set(std::string(32, 'a'), fake_extension); 7305f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 7315f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7325f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void VerifyReactionToPrefAttack() OVERRIDE { 7335f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Expect a single split pref changed report with a count of 2 for tracked 7345f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // pref #5 (extensions). 7355f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM ? 1 : 0, 7365f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 7375f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 5)); 7385f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM ? 1 : 0, 7395f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 7405f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedSplitPreferenceChanged.extensions.settings", 7415f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 2)); 7425f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7435f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Everything else should have remained unchanged. 7445f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM 7455f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ? num_tracked_prefs() - 1 : 0, 7465f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 7475f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceUnchanged", ALLOW_ANY)); 7485f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7495f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 7505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) (protection_level_ > PROTECTION_DISABLED_ON_PLATFORM && 7515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) protection_level_ < PROTECTION_ENABLED_EXTENSIONS) ? 1 : 0, 7525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceWantedReset", 7535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 5)); 7545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ >= PROTECTION_ENABLED_EXTENSIONS ? 1 : 0, 7555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 7565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) BEGIN_ALLOW_SINGLE_BUCKET + 5)); 7575f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7585f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(protection_level_ < PROTECTION_ENABLED_EXTENSIONS, 7595f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) extension_service()->GetExtensionById(kGoodCrxId, true) != NULL); 7605f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7615f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Nothing else should have triggered. 7625f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 7635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 7645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ALLOW_NONE)); 7655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 7665f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 7675f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceInitialized", ALLOW_NONE)); 7685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ(0, 7695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 7705f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceTrustedInitialized", ALLOW_NONE)); 7715f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) EXPECT_EQ( 7725f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 0, 7735f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) GetTrackedPrefHistogramCount( 7745f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 7755f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) } 7765f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)}; 7775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 7785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)PREF_HASH_BROWSER_TEST(PrefHashBrowserTestChangedSplitPref, ChangedSplitPref); 7791320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 7801320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// Verifies that adding a value to unprotected preferences for a key which is 7811320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// still using the default (i.e. has no value stored in protected preferences) 7821320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// doesn't allow that value to slip in with no valid MAC (regression test for 7831320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// http://crbug.com/414554) 7841320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucciclass PrefHashBrowserTestUntrustedAdditionToPrefs 7851320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci : public PrefHashBrowserTestBase { 7861320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci public: 7871320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void SetupPreferences() OVERRIDE { 7881320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Ensure there is no user-selected value for kRestoreOnStartup. 7891320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_FALSE( 7901320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci profile()->GetPrefs()->GetUserPrefValue(prefs::kRestoreOnStartup)); 7911320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 7921320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 7931320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void AttackPreferencesOnDisk( 7941320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::DictionaryValue* unprotected_preferences, 7951320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::DictionaryValue* protected_preferences) OVERRIDE { 7961320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci unprotected_preferences->SetInteger(prefs::kRestoreOnStartup, 7971320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci SessionStartupPref::LAST); 7981320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 7991320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8001320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void VerifyReactionToPrefAttack() OVERRIDE { 8011320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Expect a single Changed event for tracked pref #3 (kRestoreOnStartup) if 8021320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // not protecting; if protection is enabled the change should be a no-op. 8031320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci int changed_expected = 8041320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protection_level_ == PROTECTION_DISABLED_FOR_GROUP ? 1 : 0; 8051320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ( 8061320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci (protection_level_ > PROTECTION_DISABLED_ON_PLATFORM && 8071320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protection_level_ < PROTECTION_ENABLED_BASIC) ? changed_expected : 0, 8081320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 8091320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci BEGIN_ALLOW_SINGLE_BUCKET + 3)); 8101320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM 8111320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ? num_tracked_prefs() - changed_expected : 0, 8121320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 8131320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceUnchanged", ALLOW_ANY)); 8141320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8151320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ( 8161320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci (protection_level_ > PROTECTION_DISABLED_ON_PLATFORM && 8171320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protection_level_ < PROTECTION_ENABLED_BASIC) ? 1 : 0, 8181320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceWantedReset", 8191320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci BEGIN_ALLOW_SINGLE_BUCKET + 3)); 8201320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8211320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 8221320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ALLOW_NONE)); 8231320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8241320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Nothing else should have triggered. 8251320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8261320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 8271320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ALLOW_NONE)); 8281320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8291320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 8301320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceInitialized", ALLOW_NONE)); 8311320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8321320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 8331320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceTrustedInitialized", ALLOW_NONE)); 8341320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ( 8351320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 0, 8361320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 8371320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 8381320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 8391320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci}; 8401320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8411320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciPREF_HASH_BROWSER_TEST(PrefHashBrowserTestUntrustedAdditionToPrefs, 8421320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci UntrustedAdditionToPrefs); 8431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8441320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// Verifies that adding a value to unprotected preferences while wiping a 8451320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// user-selected value from protected preferences doesn't allow that value to 8461320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci// slip in with no valid MAC (regression test for http://crbug.com/414554). 8471320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucciclass PrefHashBrowserTestUntrustedAdditionToPrefsAfterWipe 8481320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci : public PrefHashBrowserTestBase { 8491320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci public: 8501320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void SetupPreferences() OVERRIDE { 8511320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci profile()->GetPrefs()->SetString(prefs::kHomePage, "http://example.com"); 8521320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 8531320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8541320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void AttackPreferencesOnDisk( 8551320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::DictionaryValue* unprotected_preferences, 8561320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::DictionaryValue* protected_preferences) OVERRIDE { 8571320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Set or change the value in Preferences to the attacker's choice. 8581320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci unprotected_preferences->SetString(prefs::kHomePage, "http://example.net"); 8591320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Clear the value in Secure Preferences, if any. 8601320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci if (protected_preferences) 8611320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protected_preferences->Remove(prefs::kHomePage, NULL); 8621320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 8631320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8641320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci virtual void VerifyReactionToPrefAttack() OVERRIDE { 8651320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Expect a single Changed event for tracked pref #2 (kHomePage) if 8661320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // not protecting; if protection is enabled the change should be a Cleared. 8671320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci int changed_expected = 8681320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protection_level_ > PROTECTION_DISABLED_ON_PLATFORM && 8691320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protection_level_ < PROTECTION_ENABLED_BASIC 8701320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ? 1 : 0; 8711320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci int cleared_expected = 8721320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci protection_level_ >= PROTECTION_ENABLED_BASIC 8731320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ? 1 : 0; 8741320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(changed_expected, 8751320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceChanged", 8761320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci BEGIN_ALLOW_SINGLE_BUCKET + 2)); 8771320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(cleared_expected, 8781320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceCleared", 8791320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci BEGIN_ALLOW_SINGLE_BUCKET + 2)); 8801320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(protection_level_ > PROTECTION_DISABLED_ON_PLATFORM 8811320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ? num_tracked_prefs() - changed_expected - cleared_expected 8821320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci : 0, 8831320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 8841320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceUnchanged", ALLOW_ANY)); 8851320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8861320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ( 8871320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci changed_expected, 8881320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceWantedReset", 8891320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci BEGIN_ALLOW_SINGLE_BUCKET + 2)); 8901320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8911320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount("Settings.TrackedPreferenceReset", 8921320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ALLOW_NONE)); 8931320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 8941320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Nothing else should have triggered. 8951320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8961320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 8971320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceInitialized", ALLOW_NONE)); 8981320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ(0, 8991320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 9001320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceTrustedInitialized", ALLOW_NONE)); 9011320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci EXPECT_EQ( 9021320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 0, 9031320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci GetTrackedPrefHistogramCount( 9041320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci "Settings.TrackedPreferenceMigratedLegacyDeviceId", ALLOW_NONE)); 9051320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci } 9061320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci}; 9071320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 9081320f92c476a1ad9d19dba2a48c72b75566198e9Primiano TucciPREF_HASH_BROWSER_TEST(PrefHashBrowserTestUntrustedAdditionToPrefsAfterWipe, 9091320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci UntrustedAdditionToPrefsAfterWipe); 910