1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/policy/core/common/policy_service_impl.h"
6
7 #include <memory>
8 #include <utility>
9
10 #include "base/bind.h"
11 #include "base/callback.h"
12 #include "base/callback_helpers.h"
13 #include "base/macros.h"
14 #include "base/run_loop.h"
15 #include "base/test/task_environment.h"
16 #include "base/values.h"
17 #include "components/policy/core/common/external_data_fetcher.h"
18 #include "components/policy/core/common/mock_configuration_policy_provider.h"
19 #include "components/policy/core/common/mock_policy_service.h"
20 #include "components/policy/core/common/policy_migrator.h"
21 #include "components/policy/core/common/policy_types.h"
22 #include "components/policy/policy_constants.h"
23 #include "components/strings/grit/components_strings.h"
24 #include "testing/gmock/include/gmock/gmock.h"
25 #include "testing/gtest/include/gtest/gtest.h"
26
27 using ::testing::_;
28 using ::testing::AnyNumber;
29 using ::testing::Invoke;
30 using ::testing::Mock;
31 using ::testing::Return;
32
33 namespace policy {
34
35 namespace {
36
37 const char kExtension[] = "extension-id";
38 const char kSameLevelPolicy[] = "policy-same-level-and-scope";
39 const char kDiffLevelPolicy[] = "chrome-diff-level-and-scope";
40
41 // Helper to compare the arguments to an EXPECT_CALL of OnPolicyUpdated() with
42 // their expected values.
43 MATCHER_P(PolicyEquals, expected, "") {
44 return arg.Equals(*expected);
45 }
46
47 // Helper to compare the arguments to an EXPECT_CALL of OnPolicyValueUpdated()
48 // with their expected values.
49 MATCHER_P(ValueEquals, expected, "") {
50 return *expected == *arg;
51 }
52
53 // Helper that fills |bundle| with test policies.
AddTestPolicies(PolicyBundle * bundle,const char * value,PolicyLevel level,PolicyScope scope)54 void AddTestPolicies(PolicyBundle* bundle,
55 const char* value,
56 PolicyLevel level,
57 PolicyScope scope) {
58 PolicyMap* policy_map =
59 &bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()));
60 policy_map->Set(kSameLevelPolicy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
61 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(value),
62 nullptr);
63 policy_map->Set(kDiffLevelPolicy, level, scope, POLICY_SOURCE_PLATFORM,
64 base::Value(value), nullptr);
65 policy_map =
66 &bundle->Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension));
67 policy_map->Set(kSameLevelPolicy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
68 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(value),
69 nullptr);
70 policy_map->Set(kDiffLevelPolicy, level, scope, POLICY_SOURCE_PLATFORM,
71 base::Value(value), nullptr);
72 }
73
74 // Observer class that changes the policy in the passed provider when the
75 // callback is invoked.
76 class ChangePolicyObserver : public PolicyService::Observer {
77 public:
ChangePolicyObserver(MockConfigurationPolicyProvider * provider)78 explicit ChangePolicyObserver(MockConfigurationPolicyProvider* provider)
79 : provider_(provider),
80 observer_invoked_(false) {}
81
OnPolicyUpdated(const PolicyNamespace &,const PolicyMap & previous,const PolicyMap & current)82 void OnPolicyUpdated(const PolicyNamespace&,
83 const PolicyMap& previous,
84 const PolicyMap& current) override {
85 PolicyMap new_policy;
86 new_policy.Set("foo", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
87 POLICY_SOURCE_CLOUD, base::Value(14), nullptr);
88 provider_->UpdateChromePolicy(new_policy);
89 observer_invoked_ = true;
90 }
91
observer_invoked() const92 bool observer_invoked() const { return observer_invoked_; }
93
94 private:
95 MockConfigurationPolicyProvider* provider_;
96 bool observer_invoked_;
97 };
98
99 class MockPolicyMigrator : public PolicyMigrator {
100 public:
101 MOCK_METHOD1(Migrate, void(PolicyBundle* bundle));
102 };
103
104 } // namespace
105
106 class PolicyServiceTest : public testing::Test {
107 public:
108 PolicyServiceTest() = default;
SetUp()109 void SetUp() override {
110 EXPECT_CALL(provider0_, IsInitializationComplete(_))
111 .WillRepeatedly(Return(true));
112 EXPECT_CALL(provider1_, IsInitializationComplete(_))
113 .WillRepeatedly(Return(true));
114 EXPECT_CALL(provider2_, IsInitializationComplete(_))
115 .WillRepeatedly(Return(true));
116 EXPECT_CALL(provider0_, IsFirstPolicyLoadComplete(_))
117 .WillRepeatedly(Return(true));
118 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(_))
119 .WillRepeatedly(Return(true));
120 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
121 .WillRepeatedly(Return(true));
122
123 provider0_.Init();
124 provider1_.Init();
125 provider2_.Init();
126
127 policy0_.Set("pre", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
128 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(13), nullptr);
129 provider0_.UpdateChromePolicy(policy0_);
130
131 PolicyServiceImpl::Providers providers;
132 providers.push_back(&provider0_);
133 providers.push_back(&provider1_);
134 providers.push_back(&provider2_);
135 auto migrator = std::make_unique<MockPolicyMigrator>();
136 EXPECT_CALL(*migrator, Migrate(_))
137 .WillRepeatedly(Invoke([](PolicyBundle* bundle) {
138 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
139 .Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
140 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
141 }));
142 PolicyServiceImpl::Migrators migrators;
143 migrators.push_back(std::move(migrator));
144 policy_service_ = std::make_unique<PolicyServiceImpl>(std::move(providers),
145 std::move(migrators));
146 }
147
TearDown()148 void TearDown() override {
149 provider0_.Shutdown();
150 provider1_.Shutdown();
151 provider2_.Shutdown();
152 }
153
154 MOCK_METHOD2(OnPolicyValueUpdated, void(const base::Value*,
155 const base::Value*));
156
157 MOCK_METHOD0(OnPolicyRefresh, void());
158
159 // Returns true if the policies for namespace |ns| match |expected|.
VerifyPolicies(const PolicyNamespace & ns,const PolicyMap & expected)160 bool VerifyPolicies(const PolicyNamespace& ns,
161 const PolicyMap& expected) {
162 return policy_service_->GetPolicies(ns).Equals(expected);
163 }
164
RunUntilIdle()165 void RunUntilIdle() {
166 base::RunLoop loop;
167 loop.RunUntilIdle();
168 }
169
170 protected:
171 base::test::SingleThreadTaskEnvironment task_environment_;
172 MockConfigurationPolicyProvider provider0_;
173 MockConfigurationPolicyProvider provider1_;
174 MockConfigurationPolicyProvider provider2_;
175 PolicyMap policy0_;
176 PolicyMap policy1_;
177 PolicyMap policy2_;
178 std::unique_ptr<PolicyServiceImpl> policy_service_;
179
180 private:
181 DISALLOW_COPY_AND_ASSIGN(PolicyServiceTest);
182 };
183
TEST_F(PolicyServiceTest,LoadsPoliciesBeforeProvidersRefresh)184 TEST_F(PolicyServiceTest, LoadsPoliciesBeforeProvidersRefresh) {
185 PolicyMap expected;
186 expected.Set("pre", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
187 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(13), nullptr);
188 expected.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
189 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
190 EXPECT_TRUE(VerifyPolicies(
191 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), expected));
192 }
193
TEST_F(PolicyServiceTest,NotifyObservers)194 TEST_F(PolicyServiceTest, NotifyObservers) {
195 MockPolicyServiceObserver observer;
196 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &observer);
197
198 PolicyMap expectedPrevious;
199 expectedPrevious.Set("pre", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
200 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(13),
201 nullptr);
202 expectedPrevious.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
203 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
204
205 PolicyMap expectedCurrent;
206 expectedCurrent.CopyFrom(expectedPrevious);
207 expectedCurrent.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
208 POLICY_SOURCE_CLOUD, base::Value(123), nullptr);
209 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
210 POLICY_SOURCE_CLOUD, base::Value(123), nullptr);
211 EXPECT_CALL(observer, OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_CHROME,
212 std::string()),
213 PolicyEquals(&expectedPrevious),
214 PolicyEquals(&expectedCurrent)));
215 provider0_.UpdateChromePolicy(policy0_);
216 Mock::VerifyAndClearExpectations(&observer);
217
218 // No changes.
219 EXPECT_CALL(observer, OnPolicyUpdated(_, _, _)).Times(0);
220 provider0_.UpdateChromePolicy(policy0_);
221 Mock::VerifyAndClearExpectations(&observer);
222 EXPECT_TRUE(VerifyPolicies(
223 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), expectedCurrent));
224
225 // New policy.
226 expectedPrevious.CopyFrom(expectedCurrent);
227 expectedCurrent.Set("bbb", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
228 POLICY_SOURCE_CLOUD, base::Value(456), nullptr);
229 policy0_.Set("bbb", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
230 POLICY_SOURCE_CLOUD, base::Value(456), nullptr);
231 EXPECT_CALL(observer, OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_CHROME,
232 std::string()),
233 PolicyEquals(&expectedPrevious),
234 PolicyEquals(&expectedCurrent)));
235 provider0_.UpdateChromePolicy(policy0_);
236 Mock::VerifyAndClearExpectations(&observer);
237
238 // Removed policy.
239 expectedPrevious.CopyFrom(expectedCurrent);
240 expectedCurrent.Erase("bbb");
241 policy0_.Erase("bbb");
242 EXPECT_CALL(observer, OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_CHROME,
243 std::string()),
244 PolicyEquals(&expectedPrevious),
245 PolicyEquals(&expectedCurrent)));
246 provider0_.UpdateChromePolicy(policy0_);
247 Mock::VerifyAndClearExpectations(&observer);
248
249 // Changed policy.
250 expectedPrevious.CopyFrom(expectedCurrent);
251 expectedCurrent.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
252 POLICY_SOURCE_CLOUD, base::Value(789), nullptr);
253 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
254 POLICY_SOURCE_CLOUD, base::Value(789), nullptr);
255
256 EXPECT_CALL(observer, OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_CHROME,
257 std::string()),
258 PolicyEquals(&expectedPrevious),
259 PolicyEquals(&expectedCurrent)));
260 provider0_.UpdateChromePolicy(policy0_);
261 Mock::VerifyAndClearExpectations(&observer);
262
263 // No changes again.
264 EXPECT_CALL(observer, OnPolicyUpdated(_, _, _)).Times(0);
265 provider0_.UpdateChromePolicy(policy0_);
266 Mock::VerifyAndClearExpectations(&observer);
267 EXPECT_TRUE(VerifyPolicies(
268 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), expectedCurrent));
269
270 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &observer);
271 }
272
TEST_F(PolicyServiceTest,NotifyObserversInMultipleNamespaces)273 TEST_F(PolicyServiceTest, NotifyObserversInMultipleNamespaces) {
274 const std::string kExtension0("extension-0");
275 const std::string kExtension1("extension-1");
276 const std::string kExtension2("extension-2");
277 MockPolicyServiceObserver chrome_observer;
278 MockPolicyServiceObserver extension_observer;
279 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &chrome_observer);
280 policy_service_->AddObserver(POLICY_DOMAIN_EXTENSIONS, &extension_observer);
281
282 PolicyMap previous_policy_map;
283 previous_policy_map.Set("pre", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
284 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(13),
285 nullptr);
286 previous_policy_map.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
287 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
288 PolicyMap policy_map;
289 policy_map.CopyFrom(previous_policy_map);
290 policy_map.Set("policy", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
291 POLICY_SOURCE_CLOUD, base::Value("value"), nullptr);
292
293 auto bundle = std::make_unique<PolicyBundle>();
294 // The initial setup includes a policy for chrome that is now changing.
295 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
296 .CopyFrom(policy_map);
297 bundle->Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension0))
298 .CopyFrom(policy_map);
299 bundle->Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension1))
300 .CopyFrom(policy_map);
301
302 const PolicyMap kEmptyPolicyMap;
303 EXPECT_CALL(
304 chrome_observer,
305 OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()),
306 PolicyEquals(&previous_policy_map),
307 PolicyEquals(&policy_map)));
308 EXPECT_CALL(
309 extension_observer,
310 OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension0),
311 PolicyEquals(&kEmptyPolicyMap),
312 PolicyEquals(&policy_map)));
313 EXPECT_CALL(
314 extension_observer,
315 OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension1),
316 PolicyEquals(&kEmptyPolicyMap),
317 PolicyEquals(&policy_map)));
318 provider0_.UpdatePolicy(std::move(bundle));
319 RunUntilIdle();
320 Mock::VerifyAndClearExpectations(&chrome_observer);
321 Mock::VerifyAndClearExpectations(&extension_observer);
322
323 // Chrome policy stays the same, kExtension0 is gone, kExtension1 changes,
324 // and kExtension2 is new.
325 previous_policy_map.CopyFrom(policy_map);
326 bundle.reset(new PolicyBundle());
327 bundle->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
328 .CopyFrom(policy_map);
329 policy_map.Set("policy", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
330 POLICY_SOURCE_CLOUD, base::Value("another value"), nullptr);
331 bundle->Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension1))
332 .CopyFrom(policy_map);
333 bundle->Get(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension2))
334 .CopyFrom(policy_map);
335
336 EXPECT_CALL(chrome_observer, OnPolicyUpdated(_, _, _)).Times(0);
337 EXPECT_CALL(
338 extension_observer,
339 OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension0),
340 PolicyEquals(&previous_policy_map),
341 PolicyEquals(&kEmptyPolicyMap)));
342 EXPECT_CALL(
343 extension_observer,
344 OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension1),
345 PolicyEquals(&previous_policy_map),
346 PolicyEquals(&policy_map)));
347 EXPECT_CALL(
348 extension_observer,
349 OnPolicyUpdated(PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension2),
350 PolicyEquals(&kEmptyPolicyMap),
351 PolicyEquals(&policy_map)));
352 provider0_.UpdatePolicy(std::move(bundle));
353 RunUntilIdle();
354 Mock::VerifyAndClearExpectations(&chrome_observer);
355 Mock::VerifyAndClearExpectations(&extension_observer);
356
357 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &chrome_observer);
358 policy_service_->RemoveObserver(POLICY_DOMAIN_EXTENSIONS,
359 &extension_observer);
360 }
361
TEST_F(PolicyServiceTest,ObserverChangesPolicy)362 TEST_F(PolicyServiceTest, ObserverChangesPolicy) {
363 ChangePolicyObserver observer(&provider0_);
364 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &observer);
365 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
366 POLICY_SOURCE_CLOUD, base::Value(123), nullptr);
367 policy0_.Set("bbb", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
368 POLICY_SOURCE_CLOUD, base::Value(1234), nullptr);
369 // Should not crash.
370 provider0_.UpdateChromePolicy(policy0_);
371 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &observer);
372 EXPECT_TRUE(observer.observer_invoked());
373 }
374
TEST_F(PolicyServiceTest,HasProvider)375 TEST_F(PolicyServiceTest, HasProvider) {
376 MockConfigurationPolicyProvider other_provider;
377 EXPECT_TRUE(policy_service_->HasProvider(&provider0_));
378 EXPECT_TRUE(policy_service_->HasProvider(&provider1_));
379 EXPECT_TRUE(policy_service_->HasProvider(&provider2_));
380 EXPECT_FALSE(policy_service_->HasProvider(&other_provider));
381 }
382
TEST_F(PolicyServiceTest,NotifyProviderUpdateObserver)383 TEST_F(PolicyServiceTest, NotifyProviderUpdateObserver) {
384 MockPolicyServiceProviderUpdateObserver provider_update_observer;
385 policy_service_->AddProviderUpdateObserver(&provider_update_observer);
386
387 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
388 POLICY_SOURCE_CLOUD, base::Value(123), nullptr);
389 EXPECT_CALL(provider_update_observer,
390 OnProviderUpdatePropagated(&provider0_));
391 provider0_.UpdateChromePolicy(policy0_);
392 Mock::VerifyAndClearExpectations(&provider_update_observer);
393
394 // No changes, ProviderUpdateObserver still notified.
395 EXPECT_CALL(provider_update_observer,
396 OnProviderUpdatePropagated(&provider0_));
397 provider0_.UpdateChromePolicy(policy0_);
398 Mock::VerifyAndClearExpectations(&provider_update_observer);
399
400 policy_service_->RemoveProviderUpdateObserver(&provider_update_observer);
401 }
402
TEST_F(PolicyServiceTest,Priorities)403 TEST_F(PolicyServiceTest, Priorities) {
404 PolicyMap expected;
405 expected.Set("pre", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
406 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value(13), nullptr);
407 expected.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
408 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
409 expected.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
410 POLICY_SOURCE_CLOUD, base::Value(0), nullptr);
411 expected.GetMutable("aaa")->AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
412 expected.GetMutable("aaa")->AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
413 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
414 POLICY_SOURCE_CLOUD, base::Value(0), nullptr);
415 policy1_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
416 POLICY_SOURCE_CLOUD, base::Value(1), nullptr);
417 policy2_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
418 POLICY_SOURCE_CLOUD, base::Value(2), nullptr);
419 provider0_.UpdateChromePolicy(policy0_);
420 provider1_.UpdateChromePolicy(policy1_);
421 provider2_.UpdateChromePolicy(policy2_);
422 expected.GetMutable("aaa")->AddConflictingPolicy(
423 policy1_.Get("aaa")->DeepCopy());
424 expected.GetMutable("aaa")->AddConflictingPolicy(
425 policy2_.Get("aaa")->DeepCopy());
426
427 EXPECT_TRUE(VerifyPolicies(
428 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), expected));
429
430 expected.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
431 POLICY_SOURCE_CLOUD, base::Value(1), nullptr);
432 expected.GetMutable("aaa")->AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
433 policy0_.Erase("aaa");
434 provider0_.UpdateChromePolicy(policy0_);
435 expected.GetMutable("aaa")->AddConflictingPolicy(
436 policy2_.Get("aaa")->DeepCopy());
437 EXPECT_TRUE(VerifyPolicies(
438 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), expected));
439
440 expected.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
441 POLICY_SOURCE_CLOUD, base::Value(2), nullptr);
442 expected.GetMutable("aaa")->AddWarning(IDS_POLICY_CONFLICT_SAME_VALUE);
443 policy1_.Set("aaa", POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER,
444 POLICY_SOURCE_CLOUD, base::Value(1), nullptr);
445 expected.GetMutable("aaa")->AddConflictingPolicy(
446 policy2_.Get("aaa")->DeepCopy());
447 provider1_.UpdateChromePolicy(policy2_);
448 EXPECT_TRUE(VerifyPolicies(
449 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()), expected));
450 }
451
TEST_F(PolicyServiceTest,PolicyChangeRegistrar)452 TEST_F(PolicyServiceTest, PolicyChangeRegistrar) {
453 std::unique_ptr<PolicyChangeRegistrar> registrar(new PolicyChangeRegistrar(
454 policy_service_.get(),
455 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())));
456
457 // Starting to observe existing policies doesn't trigger a notification.
458 EXPECT_CALL(*this, OnPolicyValueUpdated(_, _)).Times(0);
459 registrar->Observe(
460 "pre", base::BindRepeating(&PolicyServiceTest::OnPolicyValueUpdated,
461 base::Unretained(this)));
462 registrar->Observe(
463 "aaa", base::BindRepeating(&PolicyServiceTest::OnPolicyValueUpdated,
464 base::Unretained(this)));
465 RunUntilIdle();
466 Mock::VerifyAndClearExpectations(this);
467
468 // Changing it now triggers a notification.
469 base::Value kValue0(0);
470 EXPECT_CALL(*this, OnPolicyValueUpdated(NULL, ValueEquals(&kValue0)));
471 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
472 POLICY_SOURCE_CLOUD, kValue0.Clone(), nullptr);
473 provider0_.UpdateChromePolicy(policy0_);
474 Mock::VerifyAndClearExpectations(this);
475
476 // Changing other values doesn't trigger a notification.
477 EXPECT_CALL(*this, OnPolicyValueUpdated(_, _)).Times(0);
478 policy0_.Set("bbb", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
479 POLICY_SOURCE_CLOUD, kValue0.Clone(), nullptr);
480 provider0_.UpdateChromePolicy(policy0_);
481 Mock::VerifyAndClearExpectations(this);
482
483 // Modifying the value triggers a notification.
484 base::Value kValue1(1);
485 EXPECT_CALL(*this, OnPolicyValueUpdated(ValueEquals(&kValue0),
486 ValueEquals(&kValue1)));
487 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
488 POLICY_SOURCE_CLOUD, kValue1.Clone(), nullptr);
489 provider0_.UpdateChromePolicy(policy0_);
490 Mock::VerifyAndClearExpectations(this);
491
492 // Removing the value triggers a notification.
493 EXPECT_CALL(*this, OnPolicyValueUpdated(ValueEquals(&kValue1), NULL));
494 policy0_.Erase("aaa");
495 provider0_.UpdateChromePolicy(policy0_);
496 Mock::VerifyAndClearExpectations(this);
497
498 // No more notifications after destroying the registrar.
499 EXPECT_CALL(*this, OnPolicyValueUpdated(_, _)).Times(0);
500 registrar.reset();
501 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
502 POLICY_SOURCE_CLOUD, kValue1.Clone(), nullptr);
503 policy0_.Set("pre", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
504 POLICY_SOURCE_ENTERPRISE_DEFAULT, kValue1.Clone(), nullptr);
505 provider0_.UpdateChromePolicy(policy0_);
506 Mock::VerifyAndClearExpectations(this);
507 }
508
TEST_F(PolicyServiceTest,RefreshPolicies)509 TEST_F(PolicyServiceTest, RefreshPolicies) {
510 EXPECT_CALL(provider0_, RefreshPolicies()).Times(AnyNumber());
511 EXPECT_CALL(provider1_, RefreshPolicies()).Times(AnyNumber());
512 EXPECT_CALL(provider2_, RefreshPolicies()).Times(AnyNumber());
513
514 EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
515 policy_service_->RefreshPolicies(base::BindOnce(
516 &PolicyServiceTest::OnPolicyRefresh, base::Unretained(this)));
517 // Let any queued observer tasks run.
518 RunUntilIdle();
519 Mock::VerifyAndClearExpectations(this);
520
521 EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
522 base::Value kValue0(0);
523 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
524 POLICY_SOURCE_CLOUD, kValue0.Clone(), nullptr);
525 provider0_.UpdateChromePolicy(policy0_);
526 Mock::VerifyAndClearExpectations(this);
527
528 EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
529 base::Value kValue1(1);
530 policy1_.Set("aaa", POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER,
531 POLICY_SOURCE_CLOUD, kValue1.Clone(), nullptr);
532 provider1_.UpdateChromePolicy(policy1_);
533 Mock::VerifyAndClearExpectations(this);
534
535 // A provider can refresh more than once after a RefreshPolicies call, but
536 // OnPolicyRefresh should be triggered only after all providers are
537 // refreshed.
538 EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
539 policy1_.Set("bbb", POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER,
540 POLICY_SOURCE_CLOUD, kValue1.Clone(), nullptr);
541 provider1_.UpdateChromePolicy(policy1_);
542 Mock::VerifyAndClearExpectations(this);
543
544 // If another RefreshPolicies() call happens while waiting for a previous
545 // one to complete, then all providers must refresh again.
546 EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
547 policy_service_->RefreshPolicies(base::BindOnce(
548 &PolicyServiceTest::OnPolicyRefresh, base::Unretained(this)));
549 RunUntilIdle();
550 Mock::VerifyAndClearExpectations(this);
551
552 EXPECT_CALL(*this, OnPolicyRefresh()).Times(0);
553 policy2_.Set("bbb", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
554 POLICY_SOURCE_CLOUD, kValue0.Clone(), nullptr);
555 provider2_.UpdateChromePolicy(policy2_);
556 Mock::VerifyAndClearExpectations(this);
557
558 // Providers 0 and 1 must reload again.
559 EXPECT_CALL(*this, OnPolicyRefresh()).Times(2);
560 base::Value kValue2(2);
561 policy0_.Set("aaa", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
562 POLICY_SOURCE_CLOUD, kValue2.Clone(), nullptr);
563 provider0_.UpdateChromePolicy(policy0_);
564 provider1_.UpdateChromePolicy(policy1_);
565 Mock::VerifyAndClearExpectations(this);
566
567 const PolicyMap& policies = policy_service_->GetPolicies(
568 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()));
569 EXPECT_EQ(kValue2, *policies.GetValue("aaa"));
570 EXPECT_EQ(kValue0, *policies.GetValue("bbb"));
571 }
572
TEST_F(PolicyServiceTest,NamespaceMerge)573 TEST_F(PolicyServiceTest, NamespaceMerge) {
574 auto bundle0 = std::make_unique<PolicyBundle>();
575 auto bundle1 = std::make_unique<PolicyBundle>();
576 auto bundle2 = std::make_unique<PolicyBundle>();
577
578 AddTestPolicies(bundle0.get(), "bundle0",
579 POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER);
580 AddTestPolicies(bundle1.get(), "bundle1",
581 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER);
582 AddTestPolicies(bundle2.get(), "bundle2",
583 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE);
584
585 PolicyMap expected;
586 // For policies of the same level and scope, the first provider takes
587 // precedence, on every namespace.
588 expected.Set(kSameLevelPolicy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
589 POLICY_SOURCE_ENTERPRISE_DEFAULT, base::Value("bundle0"),
590 nullptr);
591 expected.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
592 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
593 expected.GetMutable(kSameLevelPolicy)
594 ->AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
595 expected.GetMutable(kSameLevelPolicy)
596 ->AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
597 expected.GetMutable(kSameLevelPolicy)
598 ->AddConflictingPolicy(
599 bundle1->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
600 .Get(kSameLevelPolicy)
601 ->DeepCopy());
602 expected.GetMutable(kSameLevelPolicy)
603 ->AddConflictingPolicy(
604 bundle2->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
605 .Get(kSameLevelPolicy)
606 ->DeepCopy());
607 // For policies with different levels and scopes, the highest priority
608 // level/scope combination takes precedence, on every namespace.
609 expected.Set(kDiffLevelPolicy, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
610 POLICY_SOURCE_PLATFORM, base::Value("bundle2"), nullptr);
611 expected.GetMutable(kDiffLevelPolicy)
612 ->AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
613 expected.GetMutable(kDiffLevelPolicy)
614 ->AddConflictingPolicy(
615 bundle0->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
616 .Get(kDiffLevelPolicy)
617 ->DeepCopy());
618 expected.GetMutable(kDiffLevelPolicy)
619 ->AddConflictingPolicy(
620 bundle1->Get(PolicyNamespace(POLICY_DOMAIN_CHROME, std::string()))
621 .Get(kDiffLevelPolicy)
622 ->DeepCopy());
623
624 provider0_.UpdatePolicy(std::move(bundle0));
625 provider1_.UpdatePolicy(std::move(bundle1));
626 provider2_.UpdatePolicy(std::move(bundle2));
627 RunUntilIdle();
628
629 EXPECT_TRUE(policy_service_->GetPolicies(
630 PolicyNamespace(POLICY_DOMAIN_CHROME, std::string())).Equals(expected));
631 expected.Erase("migrated");
632 EXPECT_TRUE(policy_service_->GetPolicies(
633 PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, kExtension)).Equals(expected));
634 }
635
TEST_F(PolicyServiceTest,IsInitializationComplete)636 TEST_F(PolicyServiceTest, IsInitializationComplete) {
637 // |provider0_| has all domains initialized.
638 Mock::VerifyAndClearExpectations(&provider1_);
639 Mock::VerifyAndClearExpectations(&provider2_);
640 EXPECT_CALL(provider1_, IsInitializationComplete(_))
641 .WillRepeatedly(Return(false));
642 EXPECT_CALL(provider2_, IsInitializationComplete(_))
643 .WillRepeatedly(Return(false));
644 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(_))
645 .WillRepeatedly(Return(false));
646 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
647 .WillRepeatedly(Return(false));
648 PolicyServiceImpl::Providers providers;
649 providers.push_back(&provider0_);
650 providers.push_back(&provider1_);
651 providers.push_back(&provider2_);
652 policy_service_ = std::make_unique<PolicyServiceImpl>(std::move(providers));
653 EXPECT_FALSE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
654 EXPECT_FALSE(
655 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
656 EXPECT_FALSE(policy_service_->IsInitializationComplete(
657 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
658
659 // |provider2_| still doesn't have POLICY_DOMAIN_CHROME initialized, so
660 // the initialization status of that domain won't change.
661 MockPolicyServiceObserver observer;
662 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &observer);
663 policy_service_->AddObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
664 policy_service_->AddObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
665 EXPECT_CALL(observer, OnPolicyServiceInitialized(_)).Times(0);
666 Mock::VerifyAndClearExpectations(&provider1_);
667 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(_))
668 .WillRepeatedly(Return(false));
669 EXPECT_CALL(provider1_, IsInitializationComplete(POLICY_DOMAIN_CHROME))
670 .WillRepeatedly(Return(true));
671 EXPECT_CALL(provider1_, IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS))
672 .WillRepeatedly(Return(false));
673 EXPECT_CALL(provider1_,
674 IsInitializationComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
675 .WillRepeatedly(Return(false));
676 const PolicyMap kPolicyMap;
677 provider1_.UpdateChromePolicy(kPolicyMap);
678 Mock::VerifyAndClearExpectations(&observer);
679 EXPECT_FALSE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
680 EXPECT_FALSE(
681 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
682 EXPECT_FALSE(policy_service_->IsInitializationComplete(
683 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
684
685 // Same if |provider1_| doesn't have POLICY_DOMAIN_EXTENSIONS initialized.
686 EXPECT_CALL(observer, OnPolicyServiceInitialized(_)).Times(0);
687 Mock::VerifyAndClearExpectations(&provider2_);
688 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
689 .WillRepeatedly(Return(false));
690 EXPECT_CALL(provider2_, IsInitializationComplete(POLICY_DOMAIN_CHROME))
691 .WillRepeatedly(Return(false));
692 EXPECT_CALL(provider2_, IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS))
693 .WillRepeatedly(Return(true));
694 EXPECT_CALL(provider2_,
695 IsInitializationComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
696 .WillRepeatedly(Return(true));
697 provider2_.UpdateChromePolicy(kPolicyMap);
698 Mock::VerifyAndClearExpectations(&observer);
699 EXPECT_FALSE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
700 EXPECT_FALSE(
701 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
702 EXPECT_FALSE(policy_service_->IsInitializationComplete(
703 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
704
705 // Now initialize POLICY_DOMAIN_CHROME on all the providers.
706 EXPECT_CALL(observer, OnPolicyServiceInitialized(POLICY_DOMAIN_CHROME));
707 Mock::VerifyAndClearExpectations(&provider2_);
708 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
709 .WillRepeatedly(Return(false));
710 EXPECT_CALL(provider2_, IsInitializationComplete(POLICY_DOMAIN_CHROME))
711 .WillRepeatedly(Return(true));
712 EXPECT_CALL(provider2_, IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS))
713 .WillRepeatedly(Return(true));
714 EXPECT_CALL(provider2_,
715 IsInitializationComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
716 .WillRepeatedly(Return(true));
717 provider2_.UpdateChromePolicy(kPolicyMap);
718 Mock::VerifyAndClearExpectations(&observer);
719 EXPECT_TRUE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
720 // Other domains are still not initialized.
721 EXPECT_FALSE(
722 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
723 EXPECT_FALSE(policy_service_->IsInitializationComplete(
724 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
725
726 // Initialize the remaining domains.
727 EXPECT_CALL(observer, OnPolicyServiceInitialized(POLICY_DOMAIN_EXTENSIONS));
728 EXPECT_CALL(observer,
729 OnPolicyServiceInitialized(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
730 Mock::VerifyAndClearExpectations(&provider1_);
731 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(_))
732 .WillRepeatedly(Return(false));
733 EXPECT_CALL(provider1_, IsInitializationComplete(POLICY_DOMAIN_CHROME))
734 .WillRepeatedly(Return(true));
735 EXPECT_CALL(provider1_, IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS))
736 .WillRepeatedly(Return(true));
737 EXPECT_CALL(provider1_,
738 IsInitializationComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
739 .WillRepeatedly(Return(true));
740 provider1_.UpdateChromePolicy(kPolicyMap);
741 Mock::VerifyAndClearExpectations(&observer);
742 EXPECT_TRUE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
743 EXPECT_TRUE(
744 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
745 EXPECT_TRUE(policy_service_->IsInitializationComplete(
746 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
747
748 // Cleanup.
749 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &observer);
750 policy_service_->RemoveObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
751 policy_service_->RemoveObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
752 }
753
754 // Tests initialization throttling of PolicyServiceImpl.
755 // This actually tests two cases:
756 // (1) A domain was initialized before UnthrottleInitialization is called.
757 // Observers only get notified after calling UnthrottleInitialization.
758 // This is tested on POLICY_DOMAIN_CHROME.
759 // (2) A domain becomes initialized after UnthrottleInitialization has already
760 // been called. Because initialization is not throttled anymore, observers
761 // get notified immediately when the domain becomes initialized.
762 // This is tested on POLICY_DOMAIN_EXTENSIONS and
763 // POLICY_DOMAIN_SIGNIN_EXTENSIONS.
TEST_F(PolicyServiceTest,InitializationThrottled)764 TEST_F(PolicyServiceTest, InitializationThrottled) {
765 // |provider0_| and |provider1_| has all domains initialized, |provider2_| has
766 // no domain initialized.
767 Mock::VerifyAndClearExpectations(&provider2_);
768 EXPECT_CALL(provider2_, IsInitializationComplete(_))
769 .WillRepeatedly(Return(false));
770 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
771 .WillRepeatedly(Return(false));
772 PolicyServiceImpl::Providers providers;
773 providers.push_back(&provider0_);
774 providers.push_back(&provider1_);
775 providers.push_back(&provider2_);
776 policy_service_ = PolicyServiceImpl::CreateWithThrottledInitialization(
777 std::move(providers));
778 EXPECT_FALSE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
779 EXPECT_FALSE(
780 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
781 EXPECT_FALSE(policy_service_->IsInitializationComplete(
782 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
783
784 EXPECT_FALSE(
785 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
786 EXPECT_FALSE(
787 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
788 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
789 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
790
791 MockPolicyServiceObserver observer;
792 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &observer);
793 policy_service_->AddObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
794 policy_service_->AddObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
795
796 // Now additionally initialize POLICY_DOMAIN_CHROME on |provider2_|.
797 // Note: VerifyAndClearExpectations is called to reset the previously set
798 // action for IsInitializationComplete and IsFirstPolicyLoadComplete on
799 // |provider_2|.
800 Mock::VerifyAndClearExpectations(&provider2_);
801 EXPECT_CALL(provider2_, IsInitializationComplete(POLICY_DOMAIN_CHROME))
802 .WillRepeatedly(Return(true));
803 EXPECT_CALL(provider2_, IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS))
804 .WillRepeatedly(Return(false));
805 EXPECT_CALL(provider2_,
806 IsInitializationComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
807 .WillRepeatedly(Return(false));
808
809 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME))
810 .WillRepeatedly(Return(true));
811 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS))
812 .WillRepeatedly(Return(false));
813 EXPECT_CALL(provider2_,
814 IsFirstPolicyLoadComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
815 .WillRepeatedly(Return(false));
816
817 // Nothing will happen because initialization is still throttled.
818 EXPECT_CALL(observer, OnPolicyServiceInitialized(_)).Times(0);
819 EXPECT_CALL(observer, OnFirstPoliciesLoaded(_)).Times(0);
820 const PolicyMap kPolicyMap;
821 provider2_.UpdateChromePolicy(kPolicyMap);
822 Mock::VerifyAndClearExpectations(&observer);
823 EXPECT_FALSE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
824 EXPECT_FALSE(
825 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
826 EXPECT_FALSE(policy_service_->IsInitializationComplete(
827 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
828
829 EXPECT_FALSE(
830 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
831 EXPECT_FALSE(
832 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
833 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
834 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
835
836 // Unthrottle initialization. This will signal that POLICY_DOMAIN_CHROME is
837 // initialized, the other domains should still not be initialized because
838 // |provider2_| is returning false in IsInitializationComplete and
839 // IsFirstPolicyLoadComplete for them.
840 EXPECT_CALL(observer, OnPolicyServiceInitialized(POLICY_DOMAIN_CHROME));
841 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_CHROME));
842 policy_service_->UnthrottleInitialization();
843 Mock::VerifyAndClearExpectations(&observer);
844 EXPECT_TRUE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
845 EXPECT_FALSE(
846 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
847 EXPECT_FALSE(policy_service_->IsInitializationComplete(
848 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
849
850 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
851 EXPECT_FALSE(
852 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
853 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
854 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
855
856 // Initialize the remaining domains.
857 // Note: VerifyAndClearExpectations is called to reset the previously set
858 // action for IsInitializationComplete and IsFirstPolicyLoadComplete on
859 // |provider_2|.
860 Mock::VerifyAndClearExpectations(&provider2_);
861 EXPECT_CALL(provider2_, IsInitializationComplete(_))
862 .WillRepeatedly(Return(true));
863 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
864 .WillRepeatedly(Return(true));
865
866 EXPECT_CALL(observer, OnPolicyServiceInitialized(POLICY_DOMAIN_EXTENSIONS));
867 EXPECT_CALL(observer,
868 OnPolicyServiceInitialized(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
869 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_EXTENSIONS));
870 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
871 provider2_.UpdateChromePolicy(kPolicyMap);
872 Mock::VerifyAndClearExpectations(&observer);
873 EXPECT_TRUE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
874 EXPECT_TRUE(
875 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
876 EXPECT_TRUE(policy_service_->IsInitializationComplete(
877 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
878
879 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
880 EXPECT_TRUE(
881 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
882 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(
883 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
884
885 // Cleanup.
886 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &observer);
887 policy_service_->RemoveObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
888 policy_service_->RemoveObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
889 }
890
TEST_F(PolicyServiceTest,InitializationThrottledProvidersAlreadyInitialized)891 TEST_F(PolicyServiceTest, InitializationThrottledProvidersAlreadyInitialized) {
892 // All providers have all domains initialized.
893 PolicyServiceImpl::Providers providers;
894 providers.push_back(&provider0_);
895 providers.push_back(&provider1_);
896 providers.push_back(&provider2_);
897 policy_service_ = PolicyServiceImpl::CreateWithThrottledInitialization(
898 std::move(providers));
899 EXPECT_FALSE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
900 EXPECT_FALSE(
901 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
902 EXPECT_FALSE(policy_service_->IsInitializationComplete(
903 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
904
905 EXPECT_FALSE(
906 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
907 EXPECT_FALSE(
908 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
909 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
910 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
911
912 MockPolicyServiceObserver observer;
913 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &observer);
914 policy_service_->AddObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
915 policy_service_->AddObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
916
917 // Unthrottle initialization. This will signal that all domains are
918 // initialized.
919 EXPECT_CALL(observer, OnPolicyServiceInitialized(POLICY_DOMAIN_CHROME));
920 EXPECT_CALL(observer, OnPolicyServiceInitialized(POLICY_DOMAIN_EXTENSIONS));
921 EXPECT_CALL(observer,
922 OnPolicyServiceInitialized(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
923 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_CHROME));
924 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_EXTENSIONS));
925 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
926 policy_service_->UnthrottleInitialization();
927 Mock::VerifyAndClearExpectations(&observer);
928 EXPECT_TRUE(policy_service_->IsInitializationComplete(POLICY_DOMAIN_CHROME));
929 EXPECT_TRUE(
930 policy_service_->IsInitializationComplete(POLICY_DOMAIN_EXTENSIONS));
931 EXPECT_TRUE(policy_service_->IsInitializationComplete(
932 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
933
934 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
935 EXPECT_TRUE(
936 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
937 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(
938 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
939
940 // Cleanup.
941 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &observer);
942 policy_service_->RemoveObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
943 policy_service_->RemoveObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
944 }
945
TEST_F(PolicyServiceTest,IsFirstPolicyLoadComplete)946 TEST_F(PolicyServiceTest, IsFirstPolicyLoadComplete) {
947 // |provider0_| has all domains initialized.
948 Mock::VerifyAndClearExpectations(&provider1_);
949 Mock::VerifyAndClearExpectations(&provider2_);
950 EXPECT_CALL(provider1_, IsInitializationComplete(_))
951 .WillRepeatedly(Return(true));
952 EXPECT_CALL(provider2_, IsInitializationComplete(_))
953 .WillRepeatedly(Return(true));
954 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(_))
955 .WillRepeatedly(Return(false));
956 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(_))
957 .WillRepeatedly(Return(false));
958 PolicyServiceImpl::Providers providers;
959 providers.push_back(&provider0_);
960 providers.push_back(&provider1_);
961 providers.push_back(&provider2_);
962 policy_service_ = std::make_unique<PolicyServiceImpl>(std::move(providers));
963 EXPECT_FALSE(
964 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
965 EXPECT_FALSE(
966 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
967 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
968 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
969
970 // |provider2_| still doesn't have POLICY_DOMAIN_CHROME initialized, so
971 // the initialization status of that domain won't change.
972 MockPolicyServiceObserver observer;
973 policy_service_->AddObserver(POLICY_DOMAIN_CHROME, &observer);
974 policy_service_->AddObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
975 policy_service_->AddObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
976 EXPECT_CALL(observer, OnFirstPoliciesLoaded(_)).Times(0);
977 Mock::VerifyAndClearExpectations(&provider1_);
978 EXPECT_CALL(provider1_, IsInitializationComplete(_))
979 .WillRepeatedly(Return(true));
980 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME))
981 .WillRepeatedly(Return(true));
982 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS))
983 .WillRepeatedly(Return(false));
984 EXPECT_CALL(provider1_,
985 IsFirstPolicyLoadComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
986 .WillRepeatedly(Return(false));
987 const PolicyMap kPolicyMap;
988 provider1_.UpdateChromePolicy(kPolicyMap);
989 Mock::VerifyAndClearExpectations(&observer);
990 EXPECT_FALSE(
991 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
992 EXPECT_FALSE(
993 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
994 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
995 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
996
997 // Same if |provider1_| doesn't have POLICY_DOMAIN_EXTENSIONS initialized.
998 EXPECT_CALL(observer, OnFirstPoliciesLoaded(_)).Times(0);
999 Mock::VerifyAndClearExpectations(&provider2_);
1000 EXPECT_CALL(provider2_, IsInitializationComplete(_))
1001 .WillRepeatedly(Return(true));
1002 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME))
1003 .WillRepeatedly(Return(false));
1004 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS))
1005 .WillRepeatedly(Return(true));
1006 EXPECT_CALL(provider2_,
1007 IsFirstPolicyLoadComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
1008 .WillRepeatedly(Return(true));
1009 provider2_.UpdateChromePolicy(kPolicyMap);
1010 Mock::VerifyAndClearExpectations(&observer);
1011 EXPECT_FALSE(
1012 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
1013 EXPECT_FALSE(
1014 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
1015 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
1016 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
1017
1018 // Now initialize POLICY_DOMAIN_CHROME on all the providers.
1019 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_CHROME));
1020 Mock::VerifyAndClearExpectations(&provider2_);
1021 EXPECT_CALL(provider2_, IsInitializationComplete(_))
1022 .WillRepeatedly(Return(true));
1023 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME))
1024 .WillRepeatedly(Return(true));
1025 EXPECT_CALL(provider2_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS))
1026 .WillRepeatedly(Return(true));
1027 EXPECT_CALL(provider2_,
1028 IsFirstPolicyLoadComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
1029 .WillRepeatedly(Return(true));
1030 provider2_.UpdateChromePolicy(kPolicyMap);
1031 Mock::VerifyAndClearExpectations(&observer);
1032 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
1033 // Other domains are still not initialized.
1034 EXPECT_FALSE(
1035 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
1036 EXPECT_FALSE(policy_service_->IsFirstPolicyLoadComplete(
1037 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
1038
1039 // Initialize the remaining domains.
1040 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_EXTENSIONS));
1041 EXPECT_CALL(observer, OnFirstPoliciesLoaded(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
1042 Mock::VerifyAndClearExpectations(&provider1_);
1043 EXPECT_CALL(provider1_, IsInitializationComplete(_))
1044 .WillRepeatedly(Return(true));
1045 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME))
1046 .WillRepeatedly(Return(true));
1047 EXPECT_CALL(provider1_, IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS))
1048 .WillRepeatedly(Return(true));
1049 EXPECT_CALL(provider1_,
1050 IsFirstPolicyLoadComplete(POLICY_DOMAIN_SIGNIN_EXTENSIONS))
1051 .WillRepeatedly(Return(true));
1052 provider1_.UpdateChromePolicy(kPolicyMap);
1053 Mock::VerifyAndClearExpectations(&observer);
1054 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_CHROME));
1055 EXPECT_TRUE(
1056 policy_service_->IsFirstPolicyLoadComplete(POLICY_DOMAIN_EXTENSIONS));
1057 EXPECT_TRUE(policy_service_->IsFirstPolicyLoadComplete(
1058 POLICY_DOMAIN_SIGNIN_EXTENSIONS));
1059
1060 // Cleanup.
1061 policy_service_->RemoveObserver(POLICY_DOMAIN_CHROME, &observer);
1062 policy_service_->RemoveObserver(POLICY_DOMAIN_EXTENSIONS, &observer);
1063 policy_service_->RemoveObserver(POLICY_DOMAIN_SIGNIN_EXTENSIONS, &observer);
1064 }
1065
TEST_F(PolicyServiceTest,SeparateProxyPoliciesMerging)1066 TEST_F(PolicyServiceTest, SeparateProxyPoliciesMerging) {
1067 const PolicyNamespace chrome_namespace(POLICY_DOMAIN_CHROME, std::string());
1068 const PolicyNamespace extension_namespace(POLICY_DOMAIN_EXTENSIONS, "xyz");
1069
1070 std::unique_ptr<PolicyBundle> policy_bundle(new PolicyBundle());
1071 PolicyMap& policy_map = policy_bundle->Get(chrome_namespace);
1072 // Individual proxy policy values in the Chrome namespace should be collected
1073 // into a dictionary.
1074 policy_map.Set(key::kProxyServerMode, POLICY_LEVEL_MANDATORY,
1075 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, base::Value(3),
1076 nullptr);
1077
1078 // Both these policies should be ignored, since there's a higher priority
1079 // policy available.
1080 policy_map.Set(key::kProxyMode, POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER,
1081 POLICY_SOURCE_CLOUD, base::Value("pac_script"), nullptr);
1082 policy_map.Set(key::kProxyPacUrl, POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_USER,
1083 POLICY_SOURCE_CLOUD,
1084 base::Value("http://example.com/wpad.dat"), nullptr);
1085
1086 // Add a value to a non-Chrome namespace.
1087 policy_bundle->Get(extension_namespace)
1088 .Set(key::kProxyServerMode, POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
1089 POLICY_SOURCE_CLOUD, base::Value(3), nullptr);
1090
1091 // The resulting Chrome namespace map should have the collected policy.
1092 PolicyMap expected_chrome;
1093 base::Value expected_value(base::Value::Type::DICTIONARY);
1094 expected_value.SetIntKey(key::kProxyServerMode, 3);
1095 expected_chrome.Set(key::kProxySettings, POLICY_LEVEL_MANDATORY,
1096 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
1097 std::move(expected_value), nullptr);
1098 expected_chrome.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
1099 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
1100
1101 // The resulting Extensions namespace map shouldn't have been modified.
1102 PolicyMap expected_extension;
1103 expected_extension.Set(key::kProxyServerMode, POLICY_LEVEL_MANDATORY,
1104 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD, base::Value(3),
1105 nullptr);
1106
1107 provider0_.UpdatePolicy(std::move(policy_bundle));
1108 RunUntilIdle();
1109
1110 EXPECT_TRUE(VerifyPolicies(chrome_namespace, expected_chrome));
1111 EXPECT_TRUE(VerifyPolicies(extension_namespace, expected_extension));
1112 }
TEST_F(PolicyServiceTest,DictionaryPoliciesMerging)1113 TEST_F(PolicyServiceTest, DictionaryPoliciesMerging) {
1114 const PolicyNamespace chrome_namespace(POLICY_DOMAIN_CHROME, std::string());
1115
1116 base::Value dict1(base::Value::Type::DICTIONARY);
1117 dict1.SetBoolKey("google.com", false);
1118 dict1.SetBoolKey("gmail.com", true);
1119 base::Value dict2 = base::Value(base::Value::Type::DICTIONARY);
1120 dict2.SetBoolKey("example.com", true);
1121 dict2.SetBoolKey("gmail.com", false);
1122 base::Value result = base::Value(base::Value::Type::DICTIONARY);
1123 result.SetBoolKey("google.com", false);
1124 result.SetBoolKey("gmail.com", false);
1125 result.SetBoolKey("example.com", true);
1126
1127 std::unique_ptr<base::Value> policy =
1128 std::make_unique<base::Value>(base::Value::Type::LIST);
1129 policy->Append(base::Value(key::kExtensionSettings));
1130
1131 auto policy_bundle1 = std::make_unique<PolicyBundle>();
1132 PolicyMap& policy_map1 = policy_bundle1->Get(chrome_namespace);
1133 policy_map1.Set(key::kPolicyDictionaryMultipleSourceMergeList,
1134 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1135 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1136 PolicyMap::Entry entry_dict_1(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1137 POLICY_SOURCE_PLATFORM, std::move(dict1),
1138 nullptr);
1139 policy_map1.Set(key::kExtensionSettings, entry_dict_1.DeepCopy());
1140
1141 auto policy_bundle2 = std::make_unique<PolicyBundle>();
1142 PolicyMap& policy_map2 = policy_bundle2->Get(chrome_namespace);
1143 PolicyMap::Entry entry_dict_2(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1144 POLICY_SOURCE_PRIORITY_CLOUD, std::move(dict2),
1145 nullptr);
1146 policy_map2.Set(key::kExtensionSettings, entry_dict_2.DeepCopy());
1147
1148 PolicyMap expected_chrome;
1149 expected_chrome.Set(key::kPolicyDictionaryMultipleSourceMergeList,
1150 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1151 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1152 expected_chrome.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
1153 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
1154
1155 PolicyMap::Entry merged(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1156 POLICY_SOURCE_MERGED, std::move(result), nullptr);
1157 merged.AddConflictingPolicy(entry_dict_1.DeepCopy());
1158 merged.AddConflictingPolicy(entry_dict_2.DeepCopy());
1159 merged.AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
1160 expected_chrome.Set(key::kExtensionSettings, std::move(merged));
1161
1162 provider0_.UpdatePolicy(std::move(policy_bundle1));
1163 provider1_.UpdatePolicy(std::move(policy_bundle2));
1164 RunUntilIdle();
1165
1166 EXPECT_TRUE(VerifyPolicies(chrome_namespace, expected_chrome));
1167 }
1168
TEST_F(PolicyServiceTest,ListsPoliciesMerging)1169 TEST_F(PolicyServiceTest, ListsPoliciesMerging) {
1170 const PolicyNamespace chrome_namespace(POLICY_DOMAIN_CHROME, std::string());
1171
1172 base::Value list1(base::Value::Type::LIST);
1173 list1.Append(base::Value("google.com"));
1174 list1.Append(base::Value("gmail.com"));
1175 base::Value list2 = base::Value(base::Value::Type::LIST);
1176 list2.Append(base::Value("example.com"));
1177 list2.Append(base::Value("gmail.com"));
1178 base::Value result = base::Value(base::Value::Type::LIST);
1179 result.Append(base::Value("google.com"));
1180 result.Append(base::Value("gmail.com"));
1181 result.Append(base::Value("example.com"));
1182
1183 std::unique_ptr<base::ListValue> policy = std::make_unique<base::ListValue>();
1184 policy->Append(base::Value(policy::key::kExtensionInstallForcelist));
1185
1186 auto policy_bundle1 = std::make_unique<PolicyBundle>();
1187 PolicyMap& policy_map1 = policy_bundle1->Get(chrome_namespace);
1188 policy_map1.Set(key::kPolicyListMultipleSourceMergeList,
1189 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1190 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1191 PolicyMap::Entry entry_list_1(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1192 POLICY_SOURCE_PLATFORM, std::move(list1),
1193 nullptr);
1194 policy_map1.Set(key::kExtensionInstallForcelist, entry_list_1.DeepCopy());
1195
1196 auto policy_bundle2 = std::make_unique<PolicyBundle>();
1197 PolicyMap& policy_map2 = policy_bundle2->Get(chrome_namespace);
1198 PolicyMap::Entry entry_list_2(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1199 POLICY_SOURCE_CLOUD, std::move(list2), nullptr);
1200 policy_map2.Set(key::kExtensionInstallForcelist, entry_list_2.DeepCopy());
1201
1202 PolicyMap expected_chrome;
1203 expected_chrome.Set(key::kPolicyListMultipleSourceMergeList,
1204 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1205 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1206 expected_chrome.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
1207 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
1208
1209 PolicyMap::Entry merged(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1210 POLICY_SOURCE_MERGED, std::move(result), nullptr);
1211 merged.AddConflictingPolicy(entry_list_2.DeepCopy());
1212 merged.AddConflictingPolicy(entry_list_1.DeepCopy());
1213 merged.AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
1214 expected_chrome.Set(key::kExtensionInstallForcelist, std::move(merged));
1215
1216 provider0_.UpdatePolicy(std::move(policy_bundle1));
1217 provider1_.UpdatePolicy(std::move(policy_bundle2));
1218 RunUntilIdle();
1219
1220 EXPECT_TRUE(VerifyPolicies(chrome_namespace, expected_chrome));
1221 }
1222
TEST_F(PolicyServiceTest,GroupPoliciesMergingDisabledForCloudUsers)1223 TEST_F(PolicyServiceTest, GroupPoliciesMergingDisabledForCloudUsers) {
1224 const PolicyNamespace chrome_namespace(POLICY_DOMAIN_CHROME, std::string());
1225
1226 base::Value list1(base::Value::Type::LIST);
1227 list1.Append(base::Value("google.com"));
1228 base::Value list2(base::Value::Type::LIST);
1229 list2.Append(base::Value("example.com"));
1230 base::Value list3(base::Value::Type::LIST);
1231 list3.Append(base::Value("example_xyz.com"));
1232 base::Value result(base::Value::Type::LIST);
1233 result.Append(base::Value("google.com"));
1234 result.Append(base::Value("example.com"));
1235
1236 std::unique_ptr<base::ListValue> policy = std::make_unique<base::ListValue>();
1237 policy->Append(base::Value(policy::key::kExtensionInstallForcelist));
1238 policy->Append(base::Value(policy::key::kExtensionInstallBlocklist));
1239
1240 auto policy_bundle1 = std::make_unique<PolicyBundle>();
1241 PolicyMap& policy_map1 = policy_bundle1->Get(chrome_namespace);
1242 policy_map1.Set(key::kPolicyListMultipleSourceMergeList,
1243 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1244 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1245 PolicyMap::Entry entry_list_1(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1246 POLICY_SOURCE_PLATFORM, std::move(list1),
1247 nullptr);
1248 policy_map1.Set(key::kExtensionInstallForcelist, entry_list_1.DeepCopy());
1249 policy_map1.Set(key::kExtensionInstallBlocklist, entry_list_1.DeepCopy());
1250 PolicyMap::Entry atomic_policy_enabled(POLICY_LEVEL_MANDATORY,
1251 POLICY_SCOPE_USER, POLICY_SOURCE_CLOUD,
1252 base::Value(true), nullptr);
1253 policy_map1.Set(key::kPolicyAtomicGroupsEnabled,
1254 atomic_policy_enabled.DeepCopy());
1255
1256 auto policy_bundle2 = std::make_unique<PolicyBundle>();
1257 PolicyMap& policy_map2 = policy_bundle2->Get(chrome_namespace);
1258 PolicyMap::Entry entry_list_2(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1259 POLICY_SOURCE_CLOUD, std::move(list2), nullptr);
1260 PolicyMap::Entry entry_list_3(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1261 POLICY_SOURCE_CLOUD, std::move(list3), nullptr);
1262 policy_map2.Set(key::kExtensionInstallForcelist, entry_list_2.DeepCopy());
1263 policy_map2.Set(key::kExtensionInstallBlocklist, entry_list_2.DeepCopy());
1264 policy_map2.Set(key::kExtensionInstallAllowlist, entry_list_3.DeepCopy());
1265
1266 PolicyMap expected_chrome;
1267 expected_chrome.Set(key::kPolicyListMultipleSourceMergeList,
1268 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1269 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1270 expected_chrome.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
1271 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
1272
1273 PolicyMap::Entry merged(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1274 POLICY_SOURCE_MERGED, std::move(result), nullptr);
1275 merged.AddConflictingPolicy(entry_list_2.DeepCopy());
1276 merged.AddConflictingPolicy(entry_list_1.DeepCopy());
1277 merged.AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
1278 expected_chrome.Set(key::kExtensionInstallForcelist, merged.DeepCopy());
1279 expected_chrome.Set(key::kExtensionInstallBlocklist, std::move(merged));
1280 expected_chrome.Set(key::kExtensionInstallAllowlist, std::move(entry_list_3));
1281 expected_chrome.Set(key::kPolicyAtomicGroupsEnabled,
1282 atomic_policy_enabled.DeepCopy());
1283
1284 provider0_.UpdatePolicy(std::move(policy_bundle1));
1285 provider1_.UpdatePolicy(std::move(policy_bundle2));
1286 RunUntilIdle();
1287
1288 EXPECT_TRUE(VerifyPolicies(chrome_namespace, expected_chrome));
1289 }
1290
TEST_F(PolicyServiceTest,GroupPoliciesMergingEnabled)1291 TEST_F(PolicyServiceTest, GroupPoliciesMergingEnabled) {
1292 const PolicyNamespace chrome_namespace(POLICY_DOMAIN_CHROME, std::string());
1293
1294 base::Value list1(base::Value::Type::LIST);
1295 list1.Append(base::Value("google.com"));
1296 base::Value list2(base::Value::Type::LIST);
1297 list2.Append(base::Value("example.com"));
1298 base::Value list3(base::Value::Type::LIST);
1299 list3.Append(base::Value("example_xyz.com"));
1300 base::Value result(base::Value::Type::LIST);
1301 result.Append(base::Value("google.com"));
1302 result.Append(base::Value("example.com"));
1303
1304 std::unique_ptr<base::ListValue> policy = std::make_unique<base::ListValue>();
1305 policy->Append(base::Value(policy::key::kExtensionInstallForcelist));
1306 policy->Append(base::Value(policy::key::kExtensionInstallBlocklist));
1307
1308 auto policy_bundle1 = std::make_unique<PolicyBundle>();
1309 PolicyMap& policy_map1 = policy_bundle1->Get(chrome_namespace);
1310 policy_map1.Set(key::kPolicyListMultipleSourceMergeList,
1311 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1312 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1313 PolicyMap::Entry entry_list_1(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1314 POLICY_SOURCE_PLATFORM, std::move(list1),
1315 nullptr);
1316 policy_map1.Set(key::kExtensionInstallForcelist, entry_list_1.DeepCopy());
1317 policy_map1.Set(key::kExtensionInstallBlocklist, entry_list_1.DeepCopy());
1318 PolicyMap::Entry atomic_policy_enabled(
1319 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER, POLICY_SOURCE_PLATFORM,
1320 base::Value(true), nullptr);
1321 policy_map1.Set(key::kPolicyAtomicGroupsEnabled,
1322 atomic_policy_enabled.DeepCopy());
1323
1324 auto policy_bundle2 = std::make_unique<PolicyBundle>();
1325 PolicyMap& policy_map2 = policy_bundle2->Get(chrome_namespace);
1326 PolicyMap::Entry entry_list_2(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1327 POLICY_SOURCE_CLOUD, std::move(list2), nullptr);
1328 PolicyMap::Entry entry_list_3(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1329 POLICY_SOURCE_CLOUD, std::move(list3), nullptr);
1330 policy_map2.Set(key::kExtensionInstallForcelist, entry_list_2.DeepCopy());
1331 policy_map2.Set(key::kExtensionInstallBlocklist, entry_list_2.DeepCopy());
1332 policy_map2.Set(key::kExtensionInstallAllowlist, entry_list_3.DeepCopy());
1333
1334 PolicyMap expected_chrome;
1335 expected_chrome.Set(key::kPolicyListMultipleSourceMergeList,
1336 POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1337 POLICY_SOURCE_PLATFORM, policy->Clone(), nullptr);
1338 expected_chrome.Set("migrated", POLICY_LEVEL_MANDATORY, POLICY_SCOPE_USER,
1339 POLICY_SOURCE_PLATFORM, base::Value(15), nullptr);
1340
1341 PolicyMap::Entry merged(POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
1342 POLICY_SOURCE_MERGED, std::move(result), nullptr);
1343 merged.AddConflictingPolicy(entry_list_2.DeepCopy());
1344 merged.AddConflictingPolicy(entry_list_1.DeepCopy());
1345 merged.AddWarning(IDS_POLICY_CONFLICT_DIFF_VALUE);
1346 entry_list_3.SetIgnoredByPolicyAtomicGroup();
1347 expected_chrome.Set(key::kExtensionInstallForcelist, merged.DeepCopy());
1348 expected_chrome.Set(key::kExtensionInstallBlocklist, std::move(merged));
1349 expected_chrome.Set(key::kExtensionInstallAllowlist, std::move(entry_list_3));
1350 expected_chrome.Set(key::kPolicyAtomicGroupsEnabled,
1351 atomic_policy_enabled.DeepCopy());
1352
1353 provider0_.UpdatePolicy(std::move(policy_bundle1));
1354 provider1_.UpdatePolicy(std::move(policy_bundle2));
1355 RunUntilIdle();
1356
1357 EXPECT_TRUE(VerifyPolicies(chrome_namespace, expected_chrome));
1358 }
1359
1360 } // namespace policy
1361