1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/chromeos/policy/device_cloud_policy_initializer.h"
#include "base/prefs/testing_pref_service.h"
#include "base/values.h"
#include "chrome/browser/chromeos/policy/enrollment_config.h"
#include "chrome/browser/chromeos/policy/server_backed_device_state.h"
#include "chrome/browser/chromeos/policy/stub_enterprise_install_attributes.h"
#include "chrome/browser/prefs/browser_prefs.h"
#include "chrome/common/pref_names.h"
#include "chromeos/system/fake_statistics_provider.h"
#include "chromeos/system/statistics_provider.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace policy {
class DeviceCloudPolicyInitializerTest : public testing::Test {
protected:
DeviceCloudPolicyInitializerTest()
: device_cloud_policy_initializer_(
&local_state_,
nullptr,
nullptr,
nullptr,
&install_attributes_,
nullptr,
nullptr,
nullptr) {
chrome::RegisterLocalState(local_state_.registry());
statistics_provider_.SetMachineStatistic("serial_number", "fake-serial");
}
chromeos::system::ScopedFakeStatisticsProvider statistics_provider_;
TestingPrefServiceSimple local_state_;
StubEnterpriseInstallAttributes install_attributes_;
DeviceCloudPolicyInitializer device_cloud_policy_initializer_;
};
TEST_F(DeviceCloudPolicyInitializerTest,
GetPrescribedEnrollmentConfigDuringOOBE) {
// Default configuration is empty.
EnrollmentConfig config =
device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// Set signals in increasing order of precedence, check results.
// OEM manifest: advertised enrollment.
statistics_provider_.SetMachineFlag(
chromeos::system::kOemIsEnterpriseManagedKey, true);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_ADVERTISED, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// Pref: advertised enrollment. The resulting |config| is indistinguishable
// from the OEM manifest configuration, so clear the latter to at least verify
// the pref configuration results in the expect behavior on its own.
statistics_provider_.ClearMachineFlag(
chromeos::system::kOemIsEnterpriseManagedKey);
local_state_.SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_ADVERTISED, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// Server-backed state: advertised enrollment.
base::DictionaryValue state_dict;
state_dict.SetString(kDeviceStateRestoreMode,
kDeviceStateRestoreModeReEnrollmentRequested);
state_dict.SetString(kDeviceStateManagementDomain, "example.com");
local_state_.Set(prefs::kServerBackedDeviceState, state_dict);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_SERVER_ADVERTISED, config.mode);
EXPECT_EQ("example.com", config.management_domain);
// OEM manifest: forced enrollment.
statistics_provider_.SetMachineFlag(
chromeos::system::kOemIsEnterpriseManagedKey, true);
statistics_provider_.SetMachineFlag(
chromeos::system::kOemCanExitEnterpriseEnrollmentKey, false);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_FORCED, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// Pref: forced enrollment. The resulting |config| is indistinguishable from
// the OEM manifest configuration, so clear the latter to at least verify the
// pref configuration results in the expect behavior on its own.
statistics_provider_.ClearMachineFlag(
chromeos::system::kOemIsEnterpriseManagedKey);
local_state_.SetBoolean(prefs::kDeviceEnrollmentCanExit, false);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_LOCAL_FORCED, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// Server-backed state: forced enrollment.
state_dict.SetString(kDeviceStateRestoreMode,
kDeviceStateRestoreModeReEnrollmentEnforced);
local_state_.Set(prefs::kServerBackedDeviceState, state_dict);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_SERVER_FORCED, config.mode);
EXPECT_EQ("example.com", config.management_domain);
}
TEST_F(DeviceCloudPolicyInitializerTest,
GetPrescribedEnrollmentConfigAfterOOBE) {
// If OOBE is complete, we may re-enroll to the domain configured in install
// attributes. This is only enforced after detecting enrollment loss.
local_state_.SetBoolean(prefs::kOobeComplete, true);
EnrollmentConfig config =
device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// Advertised enrollment gets ignored.
local_state_.SetBoolean(prefs::kDeviceEnrollmentAutoStart, true);
statistics_provider_.SetMachineFlag(
chromeos::system::kOemIsEnterpriseManagedKey, true);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
EXPECT_TRUE(config.management_domain.empty());
// If the device is enterprise-managed, the management domain gets pulled from
// install attributes.
install_attributes_.SetRegistrationUser("user@example.com");
install_attributes_.SetDomain("example.com");
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_NONE, config.mode);
EXPECT_EQ("example.com", config.management_domain);
// If enrollment recovery is on, this is signaled in |config.mode|.
local_state_.SetBoolean(prefs::kEnrollmentRecoveryRequired, true);
config = device_cloud_policy_initializer_.GetPrescribedEnrollmentConfig();
EXPECT_EQ(EnrollmentConfig::MODE_RECOVERY, config.mode);
EXPECT_EQ("example.com", config.management_domain);
}
} // namespace policy
|
