1// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "policy/libpolicy.h"
6
7#include <openssl/err.h>
8#include <openssl/ssl.h>
9
10#include <base/files/file_path.h>
11#include <base/logging.h>
12#include <gtest/gtest.h>
13
14#include "policy/device_policy_impl.h"
15
16namespace policy {
17
18static const char kPolicyFileAllSet[] =
19    "policy/tests/whitelist/policy_all";
20static const char kPolicyFileNoneSet[] =
21    "policy/tests/whitelist/policy_none";
22static const char kKeyFile[] = "policy/tests/whitelist/owner.key";
23
24// This class mocks only the minimally needed functionionality to run tests
25// that would otherwise fail because of hard restrictions like root file
26// ownership. Otherwise, it preserves all the functionallity of the original
27// class.
28class MockDevicePolicyImpl : public DevicePolicyImpl {
29 public:
30  MockDevicePolicyImpl(const base::FilePath& policy_path,
31                       const base::FilePath& keyfile_path,
32                       bool verify_files)
33      : verify_files_(verify_files) {
34    policy_path_ = policy_path;
35    keyfile_path_ = keyfile_path;
36  }
37
38 private:
39  // We don't care if files are owned by root for most tests.
40  virtual bool VerifyPolicyFiles() {
41    return !verify_files_ || DevicePolicyImpl::VerifyPolicyFiles();
42  }
43
44  bool verify_files_;
45};
46
47// Test that a policy file can be verified and parsed correctly. The file
48// contains all possible fields, so reading should succeed for all.
49TEST(PolicyTest, DevicePolicyAllSetTest) {
50  base::FilePath policy_file(kPolicyFileAllSet);
51  base::FilePath key_file(kKeyFile);
52  MockDevicePolicyImpl* device_policy =
53      new MockDevicePolicyImpl(policy_file, key_file, false);
54  PolicyProvider provider(device_policy);
55  provider.Reload();
56
57  // Ensure we successfully loaded the device policy file.
58  ASSERT_TRUE(provider.device_policy_is_loaded());
59
60  const DevicePolicy& policy = provider.GetDevicePolicy();
61
62  // Check that we can read out all fields of the sample protobuf.
63  int int_value = -1;
64  ASSERT_TRUE(policy.GetPolicyRefreshRate(&int_value));
65  ASSERT_EQ(100, int_value);
66
67  std::vector<std::string> list_value;
68  ASSERT_TRUE(policy.GetUserWhitelist(&list_value));
69  ASSERT_EQ(3, list_value.size());
70  ASSERT_EQ("me@here.com", list_value[0]);
71  ASSERT_EQ("you@there.com", list_value[1]);
72  ASSERT_EQ("*@monsters.com", list_value[2]);
73
74  bool bool_value = true;
75  ASSERT_TRUE(policy.GetGuestModeEnabled(&bool_value));
76  ASSERT_FALSE(bool_value);
77
78  bool_value = true;
79  ASSERT_TRUE(policy.GetCameraEnabled(&bool_value));
80  ASSERT_FALSE(bool_value);
81
82  bool_value = true;
83  ASSERT_TRUE(policy.GetShowUserNames(&bool_value));
84  ASSERT_FALSE(bool_value);
85
86  bool_value = true;
87  ASSERT_TRUE(policy.GetDataRoamingEnabled(&bool_value));
88  ASSERT_FALSE(bool_value);
89
90  bool_value = true;
91  ASSERT_TRUE(policy.GetAllowNewUsers(&bool_value));
92  ASSERT_FALSE(bool_value);
93
94  bool_value = true;
95  ASSERT_TRUE(policy.GetMetricsEnabled(&bool_value));
96  ASSERT_FALSE(bool_value);
97
98  bool_value = true;
99  ASSERT_TRUE(policy.GetReportVersionInfo(&bool_value));
100  ASSERT_FALSE(bool_value);
101
102  bool_value = true;
103  ASSERT_TRUE(policy.GetReportActivityTimes(&bool_value));
104  ASSERT_FALSE(bool_value);
105
106  bool_value = true;
107  ASSERT_TRUE(policy.GetReportBootMode(&bool_value));
108  ASSERT_FALSE(bool_value);
109
110  bool_value = true;
111  ASSERT_TRUE(policy.GetEphemeralUsersEnabled(&bool_value));
112  ASSERT_FALSE(bool_value);
113
114  std::string string_value;
115  ASSERT_TRUE(policy.GetReleaseChannel(&string_value));
116  ASSERT_EQ("stable-channel", string_value);
117
118  bool_value = false;
119  ASSERT_TRUE(policy.GetReleaseChannelDelegated(&bool_value));
120  ASSERT_TRUE(bool_value);
121
122  bool_value = true;
123  ASSERT_TRUE(policy.GetUpdateDisabled(&bool_value));
124  ASSERT_FALSE(bool_value);
125
126  int64_t int64_value = -1LL;
127  ASSERT_TRUE(policy.GetScatterFactorInSeconds(&int64_value));
128  ASSERT_EQ(17LL, int64_value);
129
130  ASSERT_TRUE(policy.GetTargetVersionPrefix(&string_value));
131  ASSERT_EQ("42.0.", string_value);
132
133  std::set<std::string> types;
134  ASSERT_TRUE(policy.GetAllowedConnectionTypesForUpdate(&types));
135  ASSERT_TRUE(types.end() != types.find("ethernet"));
136  ASSERT_TRUE(types.end() != types.find("wifi"));
137  ASSERT_EQ(2, types.size());
138
139  ASSERT_TRUE(policy.GetOpenNetworkConfiguration(&string_value));
140  ASSERT_EQ("{}", string_value);
141
142  ASSERT_TRUE(policy.GetOwner(&string_value));
143  ASSERT_EQ("", string_value);
144
145  bool_value = true;
146  ASSERT_TRUE(policy.GetHttpDownloadsEnabled(&bool_value));
147  ASSERT_FALSE(bool_value);
148
149  bool_value = true;
150  ASSERT_TRUE(policy.GetAuP2PEnabled(&bool_value));
151  ASSERT_FALSE(bool_value);
152
153  // Reloading the protobuf should succeed.
154  ASSERT_TRUE(provider.Reload());
155}
156
157// Test that a policy file can be verified and parsed correctly. The file
158// contains none of the possible fields, so reading should fail for all.
159TEST(PolicyTest, DevicePolicyNoneSetTest) {
160  base::FilePath policy_file(kPolicyFileNoneSet);
161  base::FilePath key_file(kKeyFile);
162  MockDevicePolicyImpl* device_policy =
163      new MockDevicePolicyImpl(policy_file, key_file, false);
164  PolicyProvider provider(device_policy);
165  provider.Reload();
166
167  // Ensure we successfully loaded the device policy file.
168  ASSERT_TRUE(provider.device_policy_is_loaded());
169
170  const DevicePolicy& policy = provider.GetDevicePolicy();
171
172  // Check that we cannot read any fields out of the sample protobuf.
173  int int_value;
174  int64_t int64_value;
175  std::vector<std::string> list_value;
176  bool bool_value;
177  std::string string_value;
178
179  ASSERT_FALSE(policy.GetPolicyRefreshRate(&int_value));
180  ASSERT_FALSE(policy.GetUserWhitelist(&list_value));
181  ASSERT_FALSE(policy.GetGuestModeEnabled(&bool_value));
182  ASSERT_FALSE(policy.GetCameraEnabled(&bool_value));
183  ASSERT_FALSE(policy.GetShowUserNames(&bool_value));
184  ASSERT_FALSE(policy.GetDataRoamingEnabled(&bool_value));
185  ASSERT_FALSE(policy.GetAllowNewUsers(&bool_value));
186  ASSERT_FALSE(policy.GetMetricsEnabled(&bool_value));
187  ASSERT_FALSE(policy.GetReportVersionInfo(&bool_value));
188  ASSERT_FALSE(policy.GetReportActivityTimes(&bool_value));
189  ASSERT_FALSE(policy.GetReportBootMode(&bool_value));
190  ASSERT_FALSE(policy.GetEphemeralUsersEnabled(&bool_value));
191  ASSERT_FALSE(policy.GetReleaseChannel(&string_value));
192  ASSERT_FALSE(policy.GetUpdateDisabled(&bool_value));
193  ASSERT_FALSE(policy.GetTargetVersionPrefix(&string_value));
194  ASSERT_FALSE(policy.GetScatterFactorInSeconds(&int64_value));
195  ASSERT_FALSE(policy.GetOpenNetworkConfiguration(&string_value));
196  ASSERT_FALSE(policy.GetHttpDownloadsEnabled(&bool_value));
197  ASSERT_FALSE(policy.GetAuP2PEnabled(&bool_value));
198}
199
200// Verify that the library will correctly recognize and signal missing files.
201TEST(PolicyTest, DevicePolicyFailure) {
202  LOG(INFO) << "Errors expected.";
203  // Try loading non-existing protobuf should fail.
204  base::FilePath non_existing("this_file_is_doof");
205  MockDevicePolicyImpl* device_policy =
206      new MockDevicePolicyImpl(non_existing, non_existing, true);
207  PolicyProvider provider(device_policy);
208  // Even after reload the policy should still be not loaded.
209  ASSERT_FALSE(provider.Reload());
210  ASSERT_FALSE(provider.device_policy_is_loaded());
211}
212
213}  // namespace policy
214
215int main(int argc, char* argv[]) {
216  ::testing::InitGoogleTest(&argc, argv);
217  return RUN_ALL_TESTS();
218}
219