chrome/browser/chromeos/policy/device_cloud_policy_initializer_unittest.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
   6
   7 #include "base/prefs/testing_pref_service.h"
   8 #include "base/values.h"
   9 #include "chrome/browser/chromeos/policy/enrollment_config.h"
  10 #include "chrome/browser/chromeos/policy/server_backed_device_state.h"
  11 #include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
  12 #include "chrome/browser/prefs/browser_prefs.h"
  13 #include "chrome/common/pref_names.h"
  14 #include "chromeos/system/fake_statistics_provider.h"
  15 #include "chromeos/system/statistics_provider.h"
  16 #include "testing/gtest/include/gtest/gtest.h"
  17
  18 namespace policy {
  19
  20 class DeviceCloudPolicyInitializerTest : public testing::Test {
  21  protected:
  22   DeviceCloudPolicyInitializerTest()
  23       : device_cloud_policy_initializer_(
  24             &local_state_,
  25             nullptr,
  26             nullptr,
  27             nullptr,
  28             &install_attributes_,
  29             nullptr,
  30             nullptr,
  31             nullptr) {
  32     chrome::RegisterLocalState(local_state_.registry());
  33     statistics_provider_.SetMachineStatistic("serial_number", "fake-serial");
  34   }
  35
  36   chromeos::system::ScopedFakeStatisticsProvider statistics_provider_;
  37   TestingPrefServiceSimple local_state_;
  38   StubEnterpriseInstallAttributes install_attributes_;
  39   DeviceCloudPolicyInitializer device_cloud_policy_initializer_;
  40 };
  41
  42 TEST_F(DeviceCloudPolicyInitializerTest,
  43        GetPrescribedEnrollmentConfigDuringOOBE) {
  44   // Default configuration is empty.
  45   EnrollmentConfig config =
  46       device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
  47   EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
  48   EXPECT_TRUE(config.management_domain.empty());
  49
  50   // Set signals in increasing order of precedence, check results.
  51
  52   // OEM manifest: advertised enrollment.
  53   statistics_provider_.SetMachineFlag(
  54       chromeos::system::kOemIsEnterpriseManagedKey, true);
  55   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
  56   EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_ADVERTISED, config.mode);
  57   EXPECT_TRUE(config.management_domain.empty());
  58
  59   // Pref: advertised enrollment. The resulting |config| is indistinguishable
  60   // from the OEM manifest configuration, so clear the latter to at least verify
  61   // the pref configuration results in the expect behavior on its own.
  62   statistics_provider_.ClearMachineFlag(
  63       chromeos::system::kOemIsEnterpriseManagedKey);
  64   local_state_.SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
  65   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
  66   EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_ADVERTISED, config.mode);
  67   EXPECT_TRUE(config.management_domain.empty());
  68
  69   // Server-backed state: advertised enrollment.
  70   base::DictionaryValue state_dict;
  71   state_dict.SetString(kDeviceStateRestoreMode,
  72                        kDeviceStateRestoreModeReEnrollmentRequested);
  73   state_dict.SetString(kDeviceStateManagementDomain, "example.com");
  74   local_state_.Set(prefs::kServerBackedDeviceState, state_dict);
  75   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
  76   EXPECT_EQ(EnrollmentConfig::MODE_SERVER_ADVERTISED, config.mode);
  77   EXPECT_EQ("example.com", config.management_domain);
  78
  79   // OEM manifest: forced enrollment.
  80   statistics_provider_.SetMachineFlag(
  81       chromeos::system::kOemIsEnterpriseManagedKey, true);
  82   statistics_provider_.SetMachineFlag(
  83       chromeos::system::kOemCanExitEnterpriseEnrollmentKey, false);
  84   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
  85   EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_FORCED, config.mode);
  86   EXPECT_TRUE(config.management_domain.empty());
  87
  88   // Pref: forced enrollment. The resulting |config| is indistinguishable from
  89   // the OEM manifest configuration, so clear the latter to at least verify the
  90   // pref configuration results in the expect behavior on its own.
  91   statistics_provider_.ClearMachineFlag(
  92       chromeos::system::kOemIsEnterpriseManagedKey);
  93   local_state_.SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
  94   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
  95   EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_FORCED, config.mode);
  96   EXPECT_TRUE(config.management_domain.empty());
  97
  98   // Server-backed state: forced enrollment.
  99   state_dict.SetString(kDeviceStateRestoreMode,
 100                        kDeviceStateRestoreModeReEnrollmentEnforced);
 101   local_state_.Set(prefs::kServerBackedDeviceState, state_dict);
 102   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
 103   EXPECT_EQ(EnrollmentConfig::MODE_SERVER_FORCED, config.mode);
 104   EXPECT_EQ("example.com", config.management_domain);
 105 }
 106
 107 TEST_F(DeviceCloudPolicyInitializerTest,
 108        GetPrescribedEnrollmentConfigAfterOOBE) {
 109   // If OOBE is complete, we may re-enroll to the domain configured in install
 110   // attributes. This is only enforced after detecting enrollment loss.
 111   local_state_.SetBoolean(prefs::kOobeComplete, true);
 112   EnrollmentConfig config =
 113       device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
 114   EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
 115   EXPECT_TRUE(config.management_domain.empty());
 116
 117   // Advertised enrollment gets ignored.
 118   local_state_.SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
 119   statistics_provider_.SetMachineFlag(
 120       chromeos::system::kOemIsEnterpriseManagedKey, true);
 121   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
 122   EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
 123   EXPECT_TRUE(config.management_domain.empty());
 124
 125   // If the device is enterprise-managed, the management domain gets pulled from
 126   // install attributes.
 127   install_attributes_.SetRegistrationUser("user@example.com");
 128   install_attributes_.SetDomain("example.com");
 129   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
 130   EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
 131   EXPECT_EQ("example.com", config.management_domain);
 132
 133   // If enrollment recovery is on, this is signaled in |config.mode|.
 134   local_state_.SetBoolean(prefs::kEnrollmentRecoveryRequired, true);
 135   config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
 136   EXPECT_EQ(EnrollmentConfig::MODE_RECOVERY, config.mode);
 137   EXPECT_EQ("example.com", config.management_domain);
 138 }
 139
 140 }  // namespace policy