Add an ONC property for disabling net technologies

This CL maps an ONC property for disabling network technologies. BUG=426390 Review URL: https://codereview.chromium.org/1306813008 Cr-Commit-Position: refs/heads/master@{#347638}
author: cschuet <cschuet@chromium.org> 2015-09-07 09:51:26 -0700
committer: Commit bot <commit-bot@chromium.org> 2015-09-07 16:52:04 +0000
commit: 0002215abc92c2b723c802d147372a48a62d7413 (patch)
tree: 4ce688e09a86251ba55a754f638740b86a271598 /chromeos/network
parent: d8ed85742313f6a3b7db1d81277e01c3f5d23bf7 (diff)
download: chromium_src-0002215abc92c2b723c802d147372a48a62d7413.zip
chromium_src-0002215abc92c2b723c802d147372a48a62d7413.tar.gz
chromium_src-0002215abc92c2b723c802d147372a48a62d7413.tar.bz2
4 files changed, 89 insertions, 12 deletions
diff --git a/chromeos/network/onc/onc_signature.cc b/chromeos/network/onc/onc_signature.cc
index 65df396..562730c 100644
--- a/chromeos/network/onc/onc_signature.cc
+++ b/chromeos/network/onc/onc_signature.cc
@@ -341,6 +341,7 @@ const OncFieldSignature network_with_state_fields[] = {
 const OncFieldSignature global_network_configuration_fields[] = {
     {::onc::global_network_config::kAllowOnlyPolicyNetworksToAutoconnect,
      &kBoolSignature},
+    {::onc::global_network_config::kDisableNetworkTypes, &kStringListSignature},
     {NULL}};
 
 const OncFieldSignature certificate_fields[] = {
diff --git a/chromeos/network/onc/onc_validator.cc b/chromeos/network/onc/onc_validator.cc
index 4c2067a..cb4acf9 100644
--- a/chromeos/network/onc/onc_validator.cc
+++ b/chromeos/network/onc/onc_validator.cc
@@ -128,6 +128,8 @@ scoped_ptr<base::DictionaryValue> Validator::MapObject(
       valid = ValidateVerifyX509(repaired.get());
     } else if (&signature == &kCertificatePatternSignature) {
       valid = ValidateCertificatePattern(repaired.get());
+    } else if (&signature == &kGlobalNetworkConfigurationSignature) {
+      valid = ValidateGlobalNetworkConfiguration(repaired.get());
     } else if (&signature == &kProxySettingsSignature) {
       valid = ValidateProxySettings(repaired.get());
     } else if (&signature == &kProxyLocationSignature) {
@@ -330,6 +332,20 @@ std::string JoinStringRange(const std::vector<const char*>& strings,
 
 }  // namespace
 
+bool Validator::IsValidValue(const std::string& field_value,
+                             const std::vector<const char*>& valid_values) {
+  for (const char* it : valid_values) {
+    if (field_value == it)
+      return true;
+  }
+  error_or_warning_found_ = true;
+  const std::string valid_values_str =
+      "[" + JoinStringRange(valid_values, ", ") + "]";
+  LOG(ERROR) << MessageHeader() << "Found value '" << field_value
+             << "', but expected one of the values " << valid_values_str;
+  return false;
+}
+
 bool Validator::FieldExistsAndHasNoValidValue(
     const base::DictionaryValue& object,
     const std::string& field_name,
@@ -338,20 +354,10 @@ bool Validator::FieldExistsAndHasNoValidValue(
   if (!object.GetStringWithoutPathExpansion(field_name, &actual_value))
     return false;
 
-  for (std::vector<const char*>::const_iterator it = valid_values.begin();
-       it != valid_values.end();
-       ++it) {
-    if (actual_value == *it)
-      return false;
-  }
-  error_or_warning_found_ = true;
-  std::string valid_values_str =
-      "[" + JoinStringRange(valid_values, ", ") + "]";
   path_.push_back(field_name);
-  LOG(ERROR) << MessageHeader() << "Found value '" << actual_value <<
-      "', but expected one of the values " << valid_values_str;
+  const bool valid = IsValidValue(actual_value, valid_values);
   path_.pop_back();
-  return true;
+  return !valid;
 }
 
 bool Validator::FieldExistsAndIsNotInRange(const base::DictionaryValue& object,
@@ -399,6 +405,29 @@ bool Validator::FieldExistsAndIsEmpty(const base::DictionaryValue& object,
   return true;
 }
 
+bool Validator::ListFieldContainsValidValues(
+    const base::DictionaryValue& object,
+    const std::string& field_name,
+    const std::vector<const char*>& valid_values) {
+  const base::ListValue* list = NULL;
+  if (object.GetListWithoutPathExpansion(field_name, &list)) {
+    path_.push_back(field_name);
+    for (const base::Value* entry : *list) {
+      std::string value;
+      if (!entry->GetAsString(&value)) {
+        NOTREACHED();  // The types of field values are already verified.
+        continue;
+      }
+      if (!IsValidValue(value, valid_values)) {
+        path_.pop_back();
+        return false;
+      }
+    }
+    path_.pop_back();
+  }
+  return true;
+}
+
 bool Validator::ValidateSSIDAndHexSSID(base::DictionaryValue* object) {
   // Check SSID validity.
   std::string ssid_string;
@@ -849,6 +878,36 @@ bool Validator::ValidateCertificatePattern(base::DictionaryValue* result) {
   return !error_on_missing_field_ || all_required_exist;
 }
 
+bool Validator::ValidateGlobalNetworkConfiguration(
+    base::DictionaryValue* result) {
+  using namespace ::onc::global_network_config;
+  using namespace ::onc::network_config;
+
+  // Validate kDisableNetworkTypes field.
+  const base::ListValue* disabled_network_types = NULL;
+  if (result->GetListWithoutPathExpansion(kDisableNetworkTypes,
+                                          &disabled_network_types)) {
+    // The kDisableNetworkTypes field is only allowed in user policy.
+    if (!disabled_network_types->empty() &&
+        onc_source_ != ::onc::ONC_SOURCE_USER_POLICY) {
+      error_or_warning_found_ = true;
+      LOG(ERROR) << "Disabled network types only allowed in user policy.";
+      return false;
+    }
+  }
+
+  // Ensure the list contains only legitimate network type identifiers.
+  const char* const kValidNetworkTypeValues[] = {kCellular, kEthernet, kWiFi,
+                                                 kWimax};
+  const std::vector<const char*> valid_network_type_values(
+      toVector(kValidNetworkTypeValues));
+  if (!ListFieldContainsValidValues(*result, kDisableNetworkTypes,
+                                    valid_network_type_values)) {
+    return false;
+  }
+  return true;
+}
+
 bool Validator::ValidateProxySettings(base::DictionaryValue* result) {
   using namespace ::onc::proxy;
 
diff --git a/chromeos/network/onc/onc_validator.h b/chromeos/network/onc/onc_validator.h
index 424f7eb..adacbda 100644
--- a/chromeos/network/onc/onc_validator.h
+++ b/chromeos/network/onc/onc_validator.h
@@ -163,11 +163,14 @@ class CHROMEOS_EXPORT Validator : public Mapper {
   bool ValidateThirdPartyVPN(base::DictionaryValue* result);
   bool ValidateVerifyX509(base::DictionaryValue* result);
   bool ValidateCertificatePattern(base::DictionaryValue* result);
+  bool ValidateGlobalNetworkConfiguration(base::DictionaryValue* result);
   bool ValidateProxySettings(base::DictionaryValue* result);
   bool ValidateProxyLocation(base::DictionaryValue* result);
   bool ValidateEAP(base::DictionaryValue* result);
   bool ValidateCertificate(base::DictionaryValue* result);
 
+  bool IsValidValue(const std::string& field_value,
+                    const std::vector<const char*>& valid_values);
   bool FieldExistsAndHasNoValidValue(
       const base::DictionaryValue& object,
       const std::string& field_name,
@@ -181,6 +184,11 @@ class CHROMEOS_EXPORT Validator : public Mapper {
   bool FieldExistsAndIsEmpty(const base::DictionaryValue& object,
                              const std::string& field_name);
 
+  bool ListFieldContainsValidValues(
+      const base::DictionaryValue& object,
+      const std::string& field_name,
+      const std::vector<const char*>& valid_values);
+
   bool ValidateSSIDAndHexSSID(base::DictionaryValue* object);
 
   // Returns true if |key| is a key of |dict|. Otherwise, returns false and,
diff --git a/chromeos/network/onc/onc_validator_unittest.cc b/chromeos/network/onc/onc_validator_unittest.cc
index 8517f71..05c0df1 100644
--- a/chromeos/network/onc/onc_validator_unittest.cc
+++ b/chromeos/network/onc/onc_validator_unittest.cc
@@ -149,6 +149,11 @@ INSTANTIATE_TEST_CASE_P(
                   &kToplevelConfigurationSignature,
                   true,
                   ::onc::ONC_SOURCE_DEVICE_POLICY),
+        // Disabled technologies are only allowed for user policies.
+        OncParams("managed_toplevel_with_disabled_technologies.onc",
+                  &kToplevelConfigurationSignature,
+                  true,
+                  ::onc::ONC_SOURCE_USER_POLICY),
         OncParams("managed_toplevel_l2tpipsec.onc",
                   &kToplevelConfigurationSignature,
                   true),
@@ -474,6 +479,10 @@ INSTANTIATE_TEST_CASE_P(
     StrictAndLiberalInvalid,
     ONCValidatorTestRepairable,
     ::testing::Values(
+        std::make_pair(OncParams("global-disabled-technologies",
+                                 &kGlobalNetworkConfigurationSignature,
+                                 false),
+                       ExpectBothNotValid("", "")),
         std::make_pair(OncParams("network-unknown-value",
                                  &kNetworkConfigurationSignature,
                                  false),
author	cschuet <cschuet@chromium.org>	2015-09-07 09:51:26 -0700
committer	Commit bot <commit-bot@chromium.org>	2015-09-07 16:52:04 +0000
commit	0002215abc92c2b723c802d147372a48a62d7413 (patch)
tree	4ce688e09a86251ba55a754f638740b86a271598 /chromeos/network
parent	d8ed85742313f6a3b7db1d81277e01c3f5d23bf7 (diff)
download	chromium_src-0002215abc92c2b723c802d147372a48a62d7413.zip chromium_src-0002215abc92c2b723c802d147372a48a62d7413.tar.gz chromium_src-0002215abc92c2b723c802d147372a48a62d7413.tar.bz2