Google Git
Sign in
chromium / chromium / f827aa4078adda4e5dbfa6b6ffc964487dd50103 / . / chrome / test / functional / chromeos_ephemeral.py
blob: cffd316f7981940babff2e5fb0673ce6c6e658d4 [file] [log] [blame]
# Copyright (c) 2012 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
import logging
import os
import sys
import pyauto_functional # Must come before pyauto (and thus, policy_base).
import policy_base
sys.path.append('/usr/local') # Required to import autotest libs.
from autotest.cros import constants
from autotest.cros import cryptohome
class ChromeosEphemeral(policy_base.PolicyTestBase):
"""Tests a policy that makes users ephemeral.
When this policy is enabled, no persistent information in the form of
cryptohome shadow directories or local state prefs should be created for
users. Additionally, any persistent information previously accumulated should
be cleared when a user first logs in after enabling the policy."""
_usernames = ('alice@example.com', 'bob@example.com')
def _SetEphemeralUsersEnabled(self, enabled):
"""Sets the ephemeral users device policy.
The show_user_names policy is set to False to ensure that even if the local
state is not being automatically cleared, the login screen never shows user
pods. This is required by the Login browser automation call.
"""
self.SetDevicePolicy({'ephemeral_users_enabled': enabled,
'show_user_names': False})
def _DoesVaultDirectoryExist(self, user_index):
user_hash = cryptohome.get_user_hash(self._usernames[user_index])
return os.path.exists(os.path.join(constants.SHADOW_ROOT, user_hash))
def _AssertLocalStatePrefsSet(self, user_indexes):
expected = sorted([self._usernames[index] for index in user_indexes])
# The OAuthTokenStatus pref is populated asynchronously. Checking whether it
# is set would lead to an ugly race.
for pref in ['LoggedInUsers', 'UserImages', 'UserDisplayEmail', ]:
actual = sorted(self.GetLocalStatePrefsInfo().Prefs(pref))
self.assertEqual(actual, expected,
msg='Expected to find prefs in local state for users.')
def _AssertLocalStatePrefsEmpty(self):
for pref in ['LoggedInUsers',
'UserImages',
'UserDisplayEmail',
'OAuthTokenStatus']:
self.assertFalse(self.GetLocalStatePrefsInfo().Prefs(pref),
msg='Expected to not find prefs in local state for any user.')
def _AssertVaultDirectoryExists(self, user_index):
self.assertTrue(self._DoesVaultDirectoryExist(user_index=user_index),
msg='Expected vault shadow directory to exist.')
def _AssertVaultDirectoryDoesNotExist(self, user_index):
self.assertFalse(self._DoesVaultDirectoryExist(user_index=user_index),
msg='Expected vault shadow directory to not exist.')
def _AssertVaultMounted(self, user_index, ephemeral):
if ephemeral:
device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_EPHEMERAL
fs_regex = constants.CRYPTOHOME_FS_REGEX_TMPFS
else:
device_regex = constants.CRYPTOHOME_DEV_REGEX_REGULAR_USER_SHADOW
fs_regex = constants.CRYPTOHOME_FS_REGEX_ANY
self.assertTrue(
cryptohome.is_vault_mounted(device_regex=device_regex,
fs_regex=fs_regex,
user=self._usernames[user_index],
allow_fail=True),
msg='Expected vault backed by %s to be mounted.' %
'tmpfs' if ephemeral else 'shadow directory')
def _AssertNoVaultMounted(self):
self.assertFalse(cryptohome.is_vault_mounted(allow_fail=True),
msg='Did not expect any vault to be mounted.')
def Login(self, user_index):
"""Convenience method to login to the usr at the given index."""
self.assertFalse(self.GetLoginInfo()['is_logged_in'],
msg='Expected to be logged out.')
policy_base.PolicyTestBase.Login(self,
self._usernames[user_index],
'dummy_password')
self.assertTrue(self.GetLoginInfo()['is_logged_in'],
msg='Expected to be logged in.')
def testEnablingBeforeSession(self):
"""Checks that a new session can be made ephemeral."""
self.PrepareToWaitForLoginFormReload()
self._SetEphemeralUsersEnabled(True)
self.WaitForLoginFormReload()
self.Login(user_index=0)
self._AssertLocalStatePrefsEmpty()
self._AssertVaultMounted(user_index=0, ephemeral=True)
self.Logout()
self._AssertLocalStatePrefsEmpty()
self._AssertNoVaultMounted()
self._AssertVaultDirectoryDoesNotExist(user_index=0)
def testEnablingDuringSession(self):
"""Checks that an existing non-ephemeral session is not made ephemeral."""
self.PrepareToWaitForLoginFormReload()
self._SetEphemeralUsersEnabled(False)
self.WaitForLoginFormReload()
self.Login(user_index=0)
self._AssertLocalStatePrefsSet(user_indexes=[0])
self._AssertVaultMounted(user_index=0, ephemeral=False)
self._SetEphemeralUsersEnabled(True)
self._AssertLocalStatePrefsSet(user_indexes=[0])
self._AssertVaultMounted(user_index=0, ephemeral=False)
self.Logout()
self._AssertLocalStatePrefsEmpty()
self._AssertNoVaultMounted()
self._AssertVaultDirectoryDoesNotExist(user_index=0)
def testDisablingDuringSession(self):
"""Checks that an existing ephemeral session is not made non-ephemeral."""
self.PrepareToWaitForLoginFormReload()
self._SetEphemeralUsersEnabled(True)
self.WaitForLoginFormReload()
self.Login(user_index=0)
self._AssertVaultMounted(user_index=0, ephemeral=True)
self._SetEphemeralUsersEnabled(False)
self._AssertVaultMounted(user_index=0, ephemeral=True)
self.Logout()
self._AssertLocalStatePrefsEmpty()
self._AssertNoVaultMounted()
self._AssertVaultDirectoryDoesNotExist(user_index=0)
def testEnablingEphemeralUsersCleansUp(self):
"""Checks that persistent information is cleared."""
self.PrepareToWaitForLoginFormReload()
self._SetEphemeralUsersEnabled(False)
self.WaitForLoginFormReload()
self.Login(user_index=0)
self.Logout()
self._AssertLocalStatePrefsSet(user_indexes=[0])
self.Login(user_index=1)
self.Logout()
self._AssertLocalStatePrefsSet(user_indexes=[0, 1])
self._AssertVaultDirectoryExists(user_index=0)
self._AssertVaultDirectoryExists(user_index=1)
self._SetEphemeralUsersEnabled(True)
self.Login(user_index=0)
self._AssertVaultMounted(user_index=0, ephemeral=True)
self.Logout()
self._AssertVaultDirectoryDoesNotExist(user_index=0)
self._AssertVaultDirectoryDoesNotExist(user_index=1)
if __name__ == '__main__':
pyauto_functional.Main()