def run_once(self):
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
# Sign in. Sign out happens automatically when cr goes out of scope.
with chrome.Chrome(clear_enterprise_policy=False) as cr:
listener.wait_for_signals(desc='Owner settings written to disk.')
key = open(constants.OWNER_KEY_FILE, 'rb')
hash = hashlib.md5(key.read())
key.close()
mtime = os.stat(constants.OWNER_KEY_FILE).st_mtime
# Sign in/sign out as a second user.
with chrome.Chrome(clear_enterprise_policy=False,
username=self._TEST_USER,
password=self._TEST_PASS,
gaia_id=self._TEST_GAIAID) as cr:
pass
# Checking mtime to see if key file was touched during second sign in.
if os.stat(constants.OWNER_KEY_FILE).st_mtime > mtime:
raise error.TestFail("Owner key was touched on second login!")
# Sanity check.
key2 = open(constants.OWNER_KEY_FILE, 'rb')
hash2 = hashlib.md5(key2.read())
key2.close()
if hash.hexdigest() != hash2.hexdigest():
raise error.TestFail("Owner key was touched on second login!")
class platform_SessionManagerBlockDevmodeSetting(test.test):
"""Verifies that session_manager updates the block_devmode flag to be in
sync with the corresponding device setting."""
version = 1
def initialize(self):
super(platform_SessionManagerBlockDevmodeSetting, self).initialize()
ownership.restart_ui_to_clear_ownership_files()
self._bus_loop = DBusGMainLoop(set_as_default=True)
def run_once(self):
try:
if utils.system_output('crossystem mainfw_type') == 'nonchrome':
raise error.TestNAError(
'State key generation only works on Chrome OS hardware')
except error.CmdError, e:
raise error.TestError('Failed to run crossystem: %s' % e)
# Make sure that the flag sticks when there is no owner.
set_block_devmode(True)
cros_ui.restart()
cros_ui.stop()
if not get_block_devmode():
raise error.TestFail("Flag got reset for non-owned device.")
# Test whether the flag gets reset when taking ownership.
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
with chrome.Chrome() as cr:
listener.wait_for_signals(desc='Ownership files written to disk.')
if get_block_devmode():
raise error.TestFail(
"Flag not clear after ownership got established.")
# Put a new owner key and policy blob in place, the latter of which
# specifies block_devmode=true.
cros_ui.stop(allow_fail=True)
shutil.copyfile(os.path.join(self.bindir, 'owner.key'),
constants.OWNER_KEY_FILE)
shutil.copyfile(
os.path.join(self.bindir, 'policy_block_devmode_enabled'),
constants.SIGNED_POLICY_FILE)
cros_ui.start()
if not get_block_devmode():
raise error.TestFail(
"Flag not set after starting with policy enabled.")
# Send a new policy blob to session_manager that disables block_devmode.
listener.listen_for_new_policy()
with open(os.path.join(self.bindir,
'policy_block_devmode_disabled')) as f:
session_manager_proxy = session_manager.connect(self._bus_loop)
session_manager_proxy.StorePolicyEx(
session_manager.make_device_policy_descriptor(), f.read())
listener.wait_for_signals(desc='Policy updated.')
if get_block_devmode():
raise error.TestFail(
"Flag set after updating policy to clear flag.")
def initialize(self):
super(login_GuestAndActualSession, self).initialize()
# Ensure a clean beginning.
ownership.restart_ui_to_clear_ownership_files()
bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(bus_loop)
self._listener = session_manager.OwnershipSignalListener(
gobject.MainLoop())
self._listener.listen_for_new_key_and_policy()
def initialize(self):
super(login_CryptohomeOwnerQuery, self).initialize()
# Ensure a clean beginning.
ownership.restart_ui_to_clear_ownership_files()
bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(bus_loop)
self._listener = session_manager.OwnershipSignalListener(
gobject.MainLoop())
self._listener.listen_for_new_key_and_policy()
self._cryptohome_proxy = cryptohome.CryptohomeProxy(bus_loop)
def run_once(self):
bus_loop = DBusGMainLoop(set_as_default=True)
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
with chrome.Chrome() as cr:
listener.wait_for_signals(desc='Owner settings written to disk.')
sm = session_manager.connect(bus_loop)
retrieved_policy = sm.RetrievePolicy(byte_arrays=True)
if retrieved_policy is None:
raise error.TestFail('Policy not found.')
self._validate_policy(retrieved_policy, cr.username)
def initialize(self):
super(login_MultipleSessions, self).initialize()
policy.install_protobufs(self.autodir, self.job)
# Ensure a clean beginning.
ownership.restart_ui_to_clear_ownership_files()
self._bus_loop = DBusGMainLoop(set_as_default=True)
self._session_manager = session_manager.connect(self._bus_loop)
self._listener = session_manager.OwnershipSignalListener(
gobject.MainLoop())
self._listener.listen_for_new_key_and_policy()
self._cryptohome_proxy = cryptohome.CryptohomeProxy(
self._bus_loop, self.autodir, self.job)
def run_once(self):
pkey = ownership.known_privkey()
pubkey = ownership.known_pubkey()
# Pre-configure some owner settings, including initial key.
poldata = policy.build_policy_data(self.srcdir,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER,
'[email protected]'))
policy_string = policy.generate_policy(self.srcdir,
pkey,
pubkey,
poldata)
policy.push_policy_and_verify(policy_string, self._sm)
# grab key, ensure that it's the same as the known key.
if (utils.read_file(constants.OWNER_KEY_FILE) != pubkey):
raise error.TestFail('Owner key should not have changed!')
# Start a new session, which will trigger the re-taking of ownership.
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
self._cryptohome_proxy.mount(ownership.TESTUSER,
ownership.TESTPASS,
create=True)
if not self._sm.StartSession(ownership.TESTUSER, ''):
raise error.TestError('Could not start session for owner')
listener.wait_for_signals(desc='Re-taking of ownership complete.')
# grab key, ensure that it's different than known key
if (utils.read_file(constants.OWNER_KEY_FILE) == pubkey):
raise error.TestFail('Owner key should have changed!')
# RetrievePolicy, check sig against new key, check properties
retrieved_policy = self._sm.RetrievePolicy(byte_arrays=True)
if retrieved_policy is None:
raise error.TestError('Policy not found')
policy.compare_policy_response(self.srcdir,
retrieved_policy,
owner=ownership.TESTUSER,
guests=False,
new_users=True,
roaming=True,
whitelist=(ownership.TESTUSER, '[email protected]'))
def push_policy_and_verify(policy_string, sm):
"""Push a device policy to the session manager over DBus.
The serialized device policy |policy_string| is sent to the session
manager with the StorePolicy DBus call. Success of the store is
validated by fetching the policy again and comparing.
@param policy_string: serialized policy to push to the session manager.
@param sm: a connected SessionManagerInterface.
@raises error.TestFail if policy push failed.
"""
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_policy()
sm.StorePolicy(dbus.ByteArray(policy_string), byte_arrays=True)
listener.wait_for_signals(desc='Policy push.')
retrieved_policy = sm.RetrievePolicy(byte_arrays=True)
if retrieved_policy != policy_string:
raise error.TestFail('Policy should not be %s' % retrieved_policy)
def run_once(self):
# TODO(apronin): crbug.com/618392. This test flakes on these boards.
boards_to_skip = ['tricky', 'peach_pit', 'falco']
board = utils.get_current_board()
if board in boards_to_skip:
logging.info("Skipping test run on %s.", board)
return
listener = session_manager.OwnershipSignalListener(gobject.MainLoop())
listener.listen_for_new_key_and_policy()
# Sign in. Sign out happens automatically when cr goes out of scope.
with chrome.Chrome(clear_enterprise_policy=False) as cr:
listener.wait_for_signals(desc='Owner settings written to disk.')
key = open(constants.OWNER_KEY_FILE, 'rb')
hash = hashlib.md5(key.read())
key.close()
mtime = os.stat(constants.OWNER_KEY_FILE).st_mtime
# Sign in/sign out as a second user.
with chrome.Chrome(clear_enterprise_policy=False,
username=self._TEST_USER,
password=self._TEST_PASS,
gaia_id=self._TEST_GAIAID) as cr:
pass
# Checking mtime to see if key file was touched during second sign in.
if os.stat(constants.OWNER_KEY_FILE).st_mtime > mtime:
raise error.TestFail("Owner key was touched on second login!")
# Sanity check.
key2 = open(constants.OWNER_KEY_FILE, 'rb')
hash2 = hashlib.md5(key2.read())
key2.close()
if hash.hexdigest() != hash2.hexdigest():
raise error.TestFail("Owner key was touched on second login!")
