| // Copyright 2020 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <utility> |
| |
| #include "base/files/file_util.h" |
| #include "base/files/scoped_temp_dir.h" |
| #include "build/build_config.h" |
| #include "chrome/updater/constants.h" |
| #include "chrome/updater/dm_cached_policy_info.h" |
| #include "chrome/updater/dm_storage.h" |
| #include "chrome/updater/policy_manager.h" |
| #include "chrome/updater/protos/omaha_settings.pb.h" |
| #include "components/policy/proto/device_management_backend.pb.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace updater { |
| |
| namespace { |
| |
| class TestTokenService : public TokenServiceInterface { |
| public: |
| TestTokenService() |
| : enrollment_token_("TestEnrollmentToken"), dm_token_("TestDMToken") {} |
| ~TestTokenService() override = default; |
| |
| // Overrides for TokenServiceInterface. |
| std::string GetDeviceID() override { return "TestDeviceID"; } |
| |
| bool StoreEnrollmentToken(const std::string& enrollment_token) override { |
| enrollment_token_ = enrollment_token; |
| return true; |
| } |
| |
| std::string GetEnrollmentToken() override { return enrollment_token_; } |
| |
| bool StoreDmToken(const std::string& dm_token) override { |
| dm_token_ = dm_token; |
| return true; |
| } |
| std::string GetDmToken() override { return dm_token_; } |
| |
| private: |
| std::string enrollment_token_; |
| std::string dm_token_; |
| }; |
| |
| std::string CannedOmahaPolicyFetchResponse() { |
| ::wireless_android_enterprise_devicemanagement::OmahaSettingsClientProto |
| omaha_settings; |
| |
| omaha_settings.set_auto_update_check_period_minutes(111); |
| omaha_settings.set_download_preference("cacheable"); |
| omaha_settings.mutable_updates_suppressed()->set_start_hour(8); |
| omaha_settings.mutable_updates_suppressed()->set_start_minute(8); |
| omaha_settings.mutable_updates_suppressed()->set_duration_min(47); |
| omaha_settings.set_proxy_mode("proxy_pac_script"); |
| omaha_settings.set_proxy_pac_url("foo.c/proxy.pa"); |
| omaha_settings.set_install_default( |
| ::wireless_android_enterprise_devicemanagement::INSTALL_DISABLED); |
| omaha_settings.set_update_default( |
| ::wireless_android_enterprise_devicemanagement::MANUAL_UPDATES_ONLY); |
| |
| ::wireless_android_enterprise_devicemanagement::ApplicationSettings app; |
| app.set_app_guid("{8A69D345-D564-463C-AFF1-A69D9E530F96}"); |
| |
| app.set_install( |
| ::wireless_android_enterprise_devicemanagement::INSTALL_DISABLED); |
| app.set_update( |
| ::wireless_android_enterprise_devicemanagement::AUTOMATIC_UPDATES_ONLY); |
| app.set_target_version_prefix("3.6.55"); |
| app.set_rollback_to_target_version( |
| ::wireless_android_enterprise_devicemanagement:: |
| ROLLBACK_TO_TARGET_VERSION_ENABLED); |
| |
| omaha_settings.mutable_application_settings()->Add(std::move(app)); |
| |
| ::enterprise_management::PolicyData policy_data; |
| policy_data.set_policy_value(omaha_settings.SerializeAsString()); |
| |
| ::enterprise_management::PolicyFetchResponse response; |
| response.set_policy_data(policy_data.SerializeAsString()); |
| return response.SerializeAsString(); |
| } |
| |
| } // namespace |
| |
| #if defined(OS_MACOSX) |
| |
| TEST(DMStorage, LoadDeviceID) { |
| DMStorage storage(base::FilePath(FILE_PATH_LITERAL("/TestPolicyCacheRoot"))); |
| EXPECT_FALSE(storage.GetDeviceID().empty()); |
| } |
| |
| #endif // OS_MACOSX |
| |
| TEST(DMStorage, PersistPolicies) { |
| DMPolicyMap policies({ |
| {"google/machine-level-omaha", "serialized-omaha-policy-data"}, |
| {"foobar", "serialized-foobar-policy-data"}, |
| }); |
| base::ScopedTempDir cache_root; |
| ASSERT_TRUE(cache_root.CreateUniqueTempDir()); |
| |
| // Mock stale policy files |
| base::FilePath stale_poliy = |
| cache_root.GetPath().Append(FILE_PATH_LITERAL("stale_policy_dir")); |
| EXPECT_TRUE(base::CreateDirectory(stale_poliy)); |
| EXPECT_TRUE(base::DirectoryExists(stale_poliy)); |
| |
| DMStorage storage(cache_root.GetPath()); |
| EXPECT_TRUE(storage.PersistPolicies("policy-meta-data", policies)); |
| base::FilePath policy_info_file = |
| cache_root.GetPath().AppendASCII("CachedPolicyInfo"); |
| EXPECT_TRUE(base::PathExists(policy_info_file)); |
| std::string policy_info_data; |
| EXPECT_TRUE(base::ReadFileToString(policy_info_file, &policy_info_data)); |
| EXPECT_EQ(policy_info_data, "policy-meta-data"); |
| |
| base::FilePath omaha_policy_file = |
| cache_root.GetPath() |
| .AppendASCII("Z29vZ2xlL21hY2hpbmUtbGV2ZWwtb21haGE=") |
| .AppendASCII("PolicyFetchResponse"); |
| EXPECT_TRUE(base::PathExists(omaha_policy_file)); |
| std::string omaha_policy; |
| EXPECT_TRUE(base::ReadFileToString(omaha_policy_file, &omaha_policy)); |
| EXPECT_EQ(omaha_policy, "serialized-omaha-policy-data"); |
| |
| base::FilePath foobar_policy_file = cache_root.GetPath() |
| .AppendASCII("Zm9vYmFy") |
| .AppendASCII("PolicyFetchResponse"); |
| EXPECT_TRUE(base::PathExists(foobar_policy_file)); |
| std::string foobar_policy; |
| EXPECT_TRUE(base::ReadFileToString(foobar_policy_file, &foobar_policy)); |
| EXPECT_EQ(foobar_policy, "serialized-foobar-policy-data"); |
| |
| // Stale policies should be purged. |
| EXPECT_FALSE(base::DirectoryExists(stale_poliy)); |
| } |
| |
| TEST(DMStorage, GetCachedPolicyInfo) { |
| enterprise_management::PolicyData policy_data; |
| policy_data.set_policy_value("SerializedProtobufDataFromPolicy"); |
| policy_data.set_policy_type("TestPolicyType1"); |
| policy_data.set_request_token("TestDMToken"); |
| policy_data.set_timestamp(12340000); |
| policy_data.set_device_id("TestDMToken"); |
| policy_data.set_request_token("TestDMToken"); |
| |
| std::string new_public_key = "SampleNewPublicKeyData"; |
| enterprise_management::PublicKeyVerificationData key_verif_data; |
| key_verif_data.set_new_public_key(new_public_key); |
| key_verif_data.set_new_public_key_version(15); |
| |
| enterprise_management::PolicyFetchResponse response; |
| response.set_policy_data(policy_data.SerializeAsString()); |
| response.set_new_public_key(new_public_key); |
| response.set_new_public_key_verification_data( |
| key_verif_data.SerializeAsString()); |
| |
| base::ScopedTempDir cache_root; |
| ASSERT_TRUE(cache_root.CreateUniqueTempDir()); |
| DMStorage storage(cache_root.GetPath(), std::make_unique<TestTokenService>()); |
| EXPECT_TRUE(storage.PersistPolicies(response.SerializeAsString(), |
| /* policies map */ {})); |
| |
| auto policy_info = storage.GetCachedPolicyInfo(); |
| ASSERT_NE(policy_info, nullptr); |
| EXPECT_EQ(policy_info->PublicKey(), "SampleNewPublicKeyData"); |
| EXPECT_TRUE(policy_info->HasKeyVersion()); |
| EXPECT_EQ(policy_info->KeyVersion(), 15); |
| EXPECT_EQ(policy_info->TimeStamp(), 12340000); |
| } |
| |
| TEST(DMStorage, ReadCachedOmahaPolicy) { |
| // Persist the default testing omaha policy. |
| std::string omaha_policy_data = CannedOmahaPolicyFetchResponse(); |
| |
| DMPolicyMap policies({ |
| {"google/machine-level-omaha", omaha_policy_data}, |
| }); |
| base::ScopedTempDir cache_root; |
| ASSERT_TRUE(cache_root.CreateUniqueTempDir()); |
| DMStorage storage(cache_root.GetPath(), std::make_unique<TestTokenService>()); |
| EXPECT_TRUE(storage.PersistPolicies(omaha_policy_data, policies)); |
| |
| auto policy_manager = storage.GetOmahaPolicyManager(); |
| ASSERT_NE(policy_manager, nullptr); |
| |
| int check_interval = 0; |
| EXPECT_TRUE(policy_manager->GetLastCheckPeriodMinutes(&check_interval)); |
| EXPECT_EQ(check_interval, 111); |
| |
| int suppressed_start_hour = 0; |
| int suppressed_start_minute = 0; |
| int suppressed_duration_minute = 0; |
| EXPECT_TRUE(policy_manager->GetUpdatesSuppressedTimes( |
| &suppressed_start_hour, &suppressed_start_minute, |
| &suppressed_duration_minute)); |
| EXPECT_EQ(suppressed_start_hour, 8); |
| EXPECT_EQ(suppressed_start_minute, 8); |
| EXPECT_EQ(suppressed_duration_minute, 47); |
| |
| // Proxy policies. |
| std::string proxy_mode; |
| EXPECT_TRUE(policy_manager->GetProxyMode(&proxy_mode)); |
| EXPECT_EQ(proxy_mode, "proxy_pac_script"); |
| std::string proxy_pac_url; |
| EXPECT_TRUE(policy_manager->GetProxyPacUrl(&proxy_pac_url)); |
| EXPECT_EQ(proxy_pac_url, "foo.c/proxy.pa"); |
| std::string proxy_server; |
| EXPECT_FALSE(policy_manager->GetProxyServer(&proxy_server)); |
| |
| // Download preference. |
| std::string download_preference; |
| EXPECT_TRUE( |
| policy_manager->GetDownloadPreferenceGroupPolicy(&download_preference)); |
| EXPECT_EQ(download_preference, "cacheable"); |
| |
| // Cache policies. |
| int cache_size = 0; |
| EXPECT_FALSE(policy_manager->GetPackageCacheSizeLimitMBytes(&cache_size)); |
| int cache_life = 0; |
| EXPECT_FALSE(policy_manager->GetPackageCacheExpirationTimeDays(&cache_life)); |
| |
| // Chrome policies. |
| const std::string chrome_appid = "{8A69D345-D564-463C-AFF1-A69D9E530F96}"; |
| int chrome_install_policy = -1; |
| EXPECT_TRUE(policy_manager->GetEffectivePolicyForAppInstalls( |
| chrome_appid, &chrome_install_policy)); |
| EXPECT_EQ(chrome_install_policy, kPolicyDisabled); |
| int chrome_update_policy = -1; |
| EXPECT_TRUE(policy_manager->GetEffectivePolicyForAppUpdates( |
| chrome_appid, &chrome_update_policy)); |
| EXPECT_EQ(chrome_update_policy, kPolicyAutomaticUpdatesOnly); |
| std::string target_version_prefix; |
| EXPECT_TRUE(policy_manager->GetTargetVersionPrefix(chrome_appid, |
| &target_version_prefix)); |
| EXPECT_EQ(target_version_prefix, "3.6.55"); |
| bool rollback_allowed = false; |
| EXPECT_TRUE(policy_manager->IsRollbackToTargetVersionAllowed( |
| chrome_appid, &rollback_allowed)); |
| EXPECT_TRUE(rollback_allowed); |
| |
| // No app-specific policy should fallback to global. |
| const std::string non_exist_appid = "{00000000-1111-2222-3333-444444444444}"; |
| int app_install_policy = -1; |
| EXPECT_TRUE(policy_manager->GetEffectivePolicyForAppInstalls( |
| non_exist_appid, &app_install_policy)); |
| EXPECT_EQ(app_install_policy, kPolicyDisabled); |
| int app_update_policy = -1; |
| EXPECT_TRUE(policy_manager->GetEffectivePolicyForAppUpdates( |
| non_exist_appid, &app_update_policy)); |
| EXPECT_EQ(app_update_policy, kPolicyManualUpdatesOnly); |
| std::string app_target_version_prefix; |
| EXPECT_FALSE(policy_manager->GetTargetVersionPrefix( |
| non_exist_appid, &app_target_version_prefix)); |
| bool app_rollback_allowed = false; |
| EXPECT_FALSE(policy_manager->IsRollbackToTargetVersionAllowed( |
| non_exist_appid, &app_rollback_allowed)); |
| |
| // Verify no policy manager once device is deregistered. |
| EXPECT_TRUE(storage.DeregisterDevice()); |
| EXPECT_FALSE(storage.IsValidDMToken()); |
| ASSERT_EQ(storage.GetOmahaPolicyManager(), nullptr); |
| } |
| |
| } // namespace updater |