diff options
| -rw-r--r-- | update_manager/chromeos_policy.cc | 15 | ||||
| -rw-r--r-- | update_manager/chromeos_policy_unittest.cc | 30 | ||||
| -rw-r--r-- | update_manager/device_policy_provider.h | 2 | ||||
| -rw-r--r-- | update_manager/fake_device_policy_provider.h | 6 | ||||
| -rw-r--r-- | update_manager/real_device_policy_provider.cc | 2 | ||||
| -rw-r--r-- | update_manager/real_device_policy_provider.h | 6 | ||||
| -rw-r--r-- | update_manager/real_device_policy_provider_unittest.cc | 2 |
7 files changed, 51 insertions, 12 deletions
diff --git a/update_manager/chromeos_policy.cc b/update_manager/chromeos_policy.cc index a3d64951..291a1478 100644 --- a/update_manager/chromeos_policy.cc +++ b/update_manager/chromeos_policy.cc @@ -360,13 +360,22 @@ EvalStatus ChromeOSPolicy::UpdateCanStart( } } - // Determine whether use of P2P is allowed by policy. + // Determine whether use of P2P is allowed by policy. Even if P2P is not + // explicitly allowed, we allow it if the device is enterprise enrolled + // (that is, missing or empty owner string). const bool* policy_au_p2p_enabled_p = ec->GetValue( dp_provider->var_au_p2p_enabled()); - result->p2p_allowed = policy_au_p2p_enabled_p && *policy_au_p2p_enabled_p; + if (policy_au_p2p_enabled_p) { + result->p2p_allowed = *policy_au_p2p_enabled_p; + } else { + const string* policy_owner_p = ec->GetValue(dp_provider->var_owner()); + if (!policy_owner_p || policy_owner_p->empty()) + result->p2p_allowed = true; + } } - // Enable P2P, if so mandated by the updater configuration. + // Enable P2P, if so mandated by the updater configuration. This is additive + // to whether or not P2P is allowed per device policy (see above). if (!result->p2p_allowed) { const bool* updater_p2p_enabled_p = ec->GetValue( state->updater_provider()->var_p2p_enabled()); diff --git a/update_manager/chromeos_policy_unittest.cc b/update_manager/chromeos_policy_unittest.cc index e3f7acf6..ae741e74 100644 --- a/update_manager/chromeos_policy_unittest.cc +++ b/update_manager/chromeos_policy_unittest.cc @@ -1193,6 +1193,36 @@ TEST_F(UmChromeOSPolicyTest, UpdateCanStartAllowedNoUsableUrlsButP2PEnabled) { EXPECT_FALSE(result.do_increment_failures); } +TEST_F(UmChromeOSPolicyTest, + UpdateCanStartAllowedNoUsableUrlsButEnterpriseEnrolled) { + // The UpdateCanStart policy returns true; there's a single HTTP URL but its + // use is forbidden by policy, and P2P is unset on the policy, however the + // device is enterprise-enrolled so P2P is allowed. The result indicates that + // no URL can be used. + // + // Note: The number of failed attempts should not increase in this case (see + // above test). + + SetUpdateCheckAllowed(false); + + // Override specific device policy attributes. + fake_state_.device_policy_provider()->var_au_p2p_enabled()->reset(nullptr); + fake_state_.device_policy_provider()->var_owner()->reset(nullptr); + fake_state_.device_policy_provider()->var_http_downloads_enabled()->reset( + new bool(false)); + + // Check that the UpdateCanStart returns true. + UpdateState update_state = GetDefaultUpdateState(TimeDelta::FromMinutes(10)); + UpdateDownloadParams result; + ExpectPolicyStatus(EvalStatus::kSucceeded, &Policy::UpdateCanStart, &result, + update_state); + EXPECT_TRUE(result.update_can_start); + EXPECT_TRUE(result.p2p_allowed); + EXPECT_GT(0, result.download_url_idx); + EXPECT_EQ(0, result.download_url_num_errors); + EXPECT_FALSE(result.do_increment_failures); +} + TEST_F(UmChromeOSPolicyTest, UpdateDownloadAllowedEthernetDefault) { // Ethernet is always allowed. diff --git a/update_manager/device_policy_provider.h b/update_manager/device_policy_provider.h index ba5d4d96..b0b9d368 100644 --- a/update_manager/device_policy_provider.h +++ b/update_manager/device_policy_provider.h @@ -45,7 +45,7 @@ class DevicePolicyProvider : public Provider { // Variable stating the name of the device owner. For enterprise enrolled // devices, this will be an empty string. - virtual Variable<std::string>* var_get_owner() = 0; + virtual Variable<std::string>* var_owner() = 0; virtual Variable<bool>* var_http_downloads_enabled() = 0; diff --git a/update_manager/fake_device_policy_provider.h b/update_manager/fake_device_policy_provider.h index 54e419a8..5819c43c 100644 --- a/update_manager/fake_device_policy_provider.h +++ b/update_manager/fake_device_policy_provider.h @@ -47,8 +47,8 @@ class FakeDevicePolicyProvider : public DevicePolicyProvider { return &var_allowed_connection_types_for_update_; } - FakeVariable<std::string>* var_get_owner() override { - return &var_get_owner_; + FakeVariable<std::string>* var_owner() override { + return &var_owner_; } FakeVariable<bool>* var_http_downloads_enabled() override { @@ -75,7 +75,7 @@ class FakeDevicePolicyProvider : public DevicePolicyProvider { FakeVariable<std::set<ConnectionType>> var_allowed_connection_types_for_update_{ "allowed_connection_types_for_update", kVariableModePoll}; - FakeVariable<std::string> var_get_owner_{"get_owner", kVariableModePoll}; + FakeVariable<std::string> var_owner_{"owner", kVariableModePoll}; FakeVariable<bool> var_http_downloads_enabled_{ "http_downloads_enabled", kVariableModePoll}; FakeVariable<bool> var_au_p2p_enabled_{"au_p2p_enabled", kVariableModePoll}; diff --git a/update_manager/real_device_policy_provider.cc b/update_manager/real_device_policy_provider.cc index ca1f6cab..9a689560 100644 --- a/update_manager/real_device_policy_provider.cc +++ b/update_manager/real_device_policy_provider.cc @@ -129,7 +129,7 @@ void RealDevicePolicyProvider::RefreshDevicePolicy() { UpdateVariable( &var_allowed_connection_types_for_update_, &RealDevicePolicyProvider::ConvertAllowedConnectionTypesForUpdate); - UpdateVariable(&var_get_owner_, &DevicePolicy::GetOwner); + UpdateVariable(&var_owner_, &DevicePolicy::GetOwner); UpdateVariable(&var_http_downloads_enabled_, &DevicePolicy::GetHttpDownloadsEnabled); UpdateVariable(&var_au_p2p_enabled_, &DevicePolicy::GetAuP2PEnabled); diff --git a/update_manager/real_device_policy_provider.h b/update_manager/real_device_policy_provider.h index 4b75d68a..c3e29809 100644 --- a/update_manager/real_device_policy_provider.h +++ b/update_manager/real_device_policy_provider.h @@ -56,8 +56,8 @@ class RealDevicePolicyProvider : public DevicePolicyProvider { return &var_allowed_connection_types_for_update_; } - Variable<std::string>* var_get_owner() override { - return &var_get_owner_; + Variable<std::string>* var_owner() override { + return &var_owner_; } Variable<bool>* var_http_downloads_enabled() override { @@ -123,7 +123,7 @@ class RealDevicePolicyProvider : public DevicePolicyProvider { AsyncCopyVariable<std::set<ConnectionType>> var_allowed_connection_types_for_update_{ "allowed_connection_types_for_update"}; - AsyncCopyVariable<std::string> var_get_owner_{"get_owner"}; + AsyncCopyVariable<std::string> var_owner_{"owner"}; AsyncCopyVariable<bool> var_http_downloads_enabled_{"http_downloads_enabled"}; AsyncCopyVariable<bool> var_au_p2p_enabled_{"au_p2p_enabled"}; diff --git a/update_manager/real_device_policy_provider_unittest.cc b/update_manager/real_device_policy_provider_unittest.cc index 91453d95..0f000a8f 100644 --- a/update_manager/real_device_policy_provider_unittest.cc +++ b/update_manager/real_device_policy_provider_unittest.cc @@ -99,7 +99,7 @@ TEST_F(UmRealDevicePolicyProviderTest, NonExistentDevicePolicyEmptyVariables) { UmTestUtils::ExpectVariableNotSet(provider_->var_scatter_factor()); UmTestUtils::ExpectVariableNotSet( provider_->var_allowed_connection_types_for_update()); - UmTestUtils::ExpectVariableNotSet(provider_->var_get_owner()); + UmTestUtils::ExpectVariableNotSet(provider_->var_owner()); UmTestUtils::ExpectVariableNotSet(provider_->var_http_downloads_enabled()); UmTestUtils::ExpectVariableNotSet(provider_->var_au_p2p_enabled()); } |