diff options
| author | fqj <fqj@chromium.org> | 2015-11-13 06:04:30 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-11-13 14:05:38 +0000 |
| commit | 34fdc7360bbc1286e0b6688fccd22037293d1fdf (patch) | |
| tree | 3a23345909815409d78d55515f1f93a71bbd0046 | |
| parent | 299ed00dced2a431701c9c0ab3f5eaf1acef0aa9 (diff) | |
| download | chromium_src-34fdc7360bbc1286e0b6688fccd22037293d1fdf.zip chromium_src-34fdc7360bbc1286e0b6688fccd22037293d1fdf.tar.gz chromium_src-34fdc7360bbc1286e0b6688fccd22037293d1fdf.tar.bz2 | |
ONC: AllowOnlyPolicyNetworksToConnect
This CL maps AllowOnlyPolicyNetworksToConnect to only allowing users
to connect to managed networks.
BUG=208378
Review URL: https://codereview.chromium.org/1433423003
Cr-Commit-Position: refs/heads/master@{#359542}
| -rw-r--r-- | chromeos/network/onc/onc_signature.cc | 2 | ||||
| -rw-r--r-- | chromeos/network/onc/onc_validator.cc | 11 | ||||
| -rw-r--r-- | chromeos/network/onc/onc_validator_unittest.cc | 5 | ||||
| -rw-r--r-- | chromeos/test/data/network/managed_toplevel_with_only_managed.onc | 16 | ||||
| -rw-r--r-- | components/onc/onc_constants.cc | 2 | ||||
| -rw-r--r-- | components/onc/onc_constants.h | 1 |
6 files changed, 37 insertions, 0 deletions
diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc index 562730c..0587c11 100644 --- a/chromeos/network/onc/onc_signature.cc +++ b/chromeos/network/onc/onc_signature.cc @@ -341,6 +341,8 @@ const OncFieldSignature network_with_state_fields[] = { const OncFieldSignature global_network_configuration_fields[] = { {::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect, &kBoolSignature}, + {::onc::global_network_config::kAllowOnlyPolicyNetworksToConnect, + &kBoolSignature}, {::onc::global_network_config::kDisableNetworkTypes, &kStringListSignature}, {NULL}}; diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc index 74512fa..6574561 100644 --- a/chromeos/network/onc/onc_validator.cc +++ b/chromeos/network/onc/onc_validator.cc @@ -896,6 +896,17 @@ bool Validator::ValidateGlobalNetworkConfiguration( } } + if (result->HasKey(kAllowOnlyPolicyNetworksToConnect)) { + // The kAllowOnlyPolicyNetworksToConnect field is only allowed in device + // policy. + if (onc_source_ != ::onc::ONC_SOURCE_DEVICE_POLICY) { + error_or_warning_found_ = true; + LOG(ERROR) + << "AllowOnlyPolicyNetworksToConnect only allowed in device policy."; + return false; + } + } + // Ensure the list contains only legitimate network type identifiers. const char* const kValidNetworkTypeValues[] = {kCellular, kEthernet, kWiFi, kWimax}; diff --git a/chromeos/network/onc/onc_validator_unittest.cc b/chromeos/network/onc/onc_validator_unittest.cc index 05c0df1..f1bf451 100644 --- a/chromeos/network/onc/onc_validator_unittest.cc +++ b/chromeos/network/onc/onc_validator_unittest.cc @@ -154,6 +154,11 @@ INSTANTIATE_TEST_CASE_P( &kToplevelConfigurationSignature, true, ::onc::ONC_SOURCE_USER_POLICY), + // AllowOnlyPolicyNetworksToConnect is only allowed for device policies. + OncParams("managed_toplevel_with_only_managed.onc", + &kToplevelConfigurationSignature, + true, + ::onc::ONC_SOURCE_DEVICE_POLICY), OncParams("managed_toplevel_l2tpipsec.onc", &kToplevelConfigurationSignature, true), diff --git a/chromeos/test/data/network/managed_toplevel_with_only_managed.onc b/chromeos/test/data/network/managed_toplevel_with_only_managed.onc new file mode 100644 index 0000000..e83e1a0 --- /dev/null +++ b/chromeos/test/data/network/managed_toplevel_with_only_managed.onc @@ -0,0 +1,16 @@ +{ + "GlobalNetworkConfiguration":{ + "AllowOnlyPolicyNetworksToAutoconnect": true, + "AllowOnlyPolicyNetworksToConnect": true, + }, + "NetworkConfigurations":[ + { + "Ethernet":{ + "Authentication":"None" + }, + "GUID":"guid", + "Name":"name", + "Type":"Ethernet" + } + ] +} diff --git a/components/onc/onc_constants.cc b/components/onc/onc_constants.cc index 268122a..7b3c014 100644 --- a/components/onc/onc_constants.cc +++ b/components/onc/onc_constants.cc @@ -416,6 +416,8 @@ const char kEmailField[] = "${LOGIN_EMAIL}"; namespace global_network_config { const char kAllowOnlyPolicyNetworksToAutoconnect[] = "AllowOnlyPolicyNetworksToAutoconnect"; +const char kAllowOnlyPolicyNetworksToConnect[] = + "AllowOnlyPolicyNetworksToConnect"; const char kDisableNetworkTypes[] = "DisableNetworkTypes"; } // global_network_config diff --git a/components/onc/onc_constants.h b/components/onc/onc_constants.h index d773933..f0fb7ec 100644 --- a/components/onc/onc_constants.h +++ b/components/onc/onc_constants.h @@ -429,6 +429,7 @@ ONC_EXPORT extern const char kWPAD[]; namespace global_network_config { ONC_EXPORT extern const char kAllowOnlyPolicyNetworksToAutoconnect[]; +ONC_EXPORT extern const char kAllowOnlyPolicyNetworksToConnect[]; ONC_EXPORT extern const char kDisableNetworkTypes[]; } // global_network_config |