| // Copyright 2022 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "base/values.h" |
| #include "chrome/browser/policy/profile_policy_connector.h" |
| #include "chrome/browser/profiles/profile_manager.h" |
| #include "chrome/browser/ui/webui/certificates_handler.h" |
| #include "chrome/test/base/in_process_browser_test.h" |
| #include "chromeos/startup/browser_init_params.h" |
| #include "components/policy/core/common/policy_bundle.h" |
| #include "components/policy/core/common/policy_map.h" |
| #include "components/policy/core/common/policy_namespace.h" |
| #include "components/policy/core/common/policy_service.h" |
| #include "components/policy/core/common/policy_types.h" |
| #include "components/policy/policy_constants.h" |
| #include "content/public/test/browser_test.h" |
| #include "testing/gmock/include/gmock/gmock.h" |
| |
| namespace policy { |
| |
| namespace { |
| |
| const PolicyNamespace kChromeNamespace(POLICY_DOMAIN_CHROME, std::string()); |
| |
| PolicyMap BuildRestrictedPolicyMap() { |
| PolicyMap policy_map; |
| policy_map.Set(key::kAllowDeletingBrowserHistory, POLICY_LEVEL_MANDATORY, |
| POLICY_SCOPE_USER, |
| POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE, |
| base::Value(true), nullptr); |
| policy_map.Set( |
| key::kCACertificateManagementAllowed, POLICY_LEVEL_MANDATORY, |
| POLICY_SCOPE_USER, |
| POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE, |
| base::Value(static_cast<int>(CACertificateManagementPermission::kNone)), |
| nullptr); |
| policy_map.Set(key::kClientCertificateManagementAllowed, |
| POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, |
| POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE, |
| base::Value(static_cast<int>( |
| ClientCertificateManagementPermission::kNone)), |
| nullptr); |
| policy_map.Set(key::kEnableMediaRouter, POLICY_LEVEL_MANDATORY, |
| POLICY_SCOPE_USER, |
| POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE, |
| base::Value(false), nullptr); |
| policy_map.Set(key::kPasswordManagerEnabled, POLICY_LEVEL_MANDATORY, |
| POLICY_SCOPE_USER, |
| POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE, |
| base::Value(false), nullptr); |
| policy_map.Set(key::kScreenCaptureAllowed, POLICY_LEVEL_MANDATORY, |
| POLICY_SCOPE_USER, |
| POLICY_SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE, |
| base::Value(false), nullptr); |
| |
| return policy_map; |
| } |
| |
| } // namespace |
| |
| class RestrictedMGSPolicyProviderLacrosBrowserTest |
| : public InProcessBrowserTest, |
| public testing::WithParamInterface< |
| crosapi::mojom::DeviceSettings::OptionalBool> { |
| public: |
| void SetUp() override { |
| // The value of DeviceRestrictedManagedGuestSessionEnabled is passed as a |
| // test parameter. |
| SetInitParams( |
| /*session_type=*/crosapi::mojom::SessionType::kPublicSession, |
| /*restricted=*/GetParam()); |
| InProcessBrowserTest::SetUp(); |
| } |
| |
| void SetInitParams(crosapi::mojom::SessionType session_type, |
| crosapi::mojom::DeviceSettings_OptionalBool restricted) { |
| auto params = crosapi::mojom::BrowserInitParams::New(); |
| params->session_type = session_type; |
| params->device_settings = crosapi::mojom::DeviceSettings::New(); |
| params->device_settings->device_restricted_managed_guest_session_enabled = |
| restricted; |
| chromeos::BrowserInitParams::SetInitParamsForTests(std::move(params)); |
| } |
| }; |
| |
| INSTANTIATE_TEST_SUITE_P( |
| All, |
| RestrictedMGSPolicyProviderLacrosBrowserTest, |
| testing::Values(crosapi::mojom::DeviceSettings::OptionalBool::kFalse, |
| crosapi::mojom::DeviceSettings::OptionalBool::kTrue)); |
| |
| IN_PROC_BROWSER_TEST_P(RestrictedMGSPolicyProviderLacrosBrowserTest, |
| DeviceRestrictedManagedGuestSessionEnabled) { |
| auto* profile = ProfileManager::GetPrimaryUserProfile(); |
| auto* policy_connector = profile->GetProfilePolicyConnector(); |
| const PolicyMap& current_policy_map = |
| policy_connector->policy_service()->GetPolicies(kChromeNamespace); |
| |
| PolicyMap expected_policy_map; |
| if (GetParam() == crosapi::mojom::DeviceSettings::OptionalBool::kTrue) |
| expected_policy_map = BuildRestrictedPolicyMap(); |
| |
| EXPECT_TRUE(expected_policy_map.Equals(current_policy_map)); |
| } |
| |
| } // namespace policy |