Better support for child user login tests

The main goal is to avoid session start delay while chrome is
attempting to fetch fresh child user's policy. The user session manager
implements fetch timeout (so tests pass without this), but waiting for
it adds some 10s to test login.

To fix this:
*   have login manager mixin mark child users as requiring policy
*   add support for configuring policy test server (in addition to
    session manager cache) to user policy mixin
*   add utility method to fake gaia to setup child user credentials
    (needed as policy fetch will be blocked on getting policy
     auth token)

Bug: None

Change-Id: I5a2e65a4cbf1e9ce192fb0ac750a1661f895e462
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1602153Reviewed-by: Alexander Alekseev <alemate@chromium.org>
Reviewed-by: Denis Kuznetsov <antrim@chromium.org>
Reviewed-by: Aga Wronska <agawronska@chromium.org>
Commit-Queue: Toni Baržić <tbarzic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#659256}

chrome/browser/chromeos/login/crash_restore_browsertest.cc

@@ -21,6 +21,9 @@
 #include "chrome/browser/chromeos/login/mixin_based_in_process_browser_test.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager.h"
 #include "chrome/browser/chromeos/login/session/user_session_manager_test_api.h"
+#include "chrome/browser/chromeos/login/test/embedded_test_server_mixin.h"
+#include "chrome/browser/chromeos/login/test/fake_gaia_mixin.h"
+#include "chrome/browser/chromeos/login/test/local_policy_test_server_mixin.h"
 #include "chrome/browser/chromeos/login/test/login_manager_mixin.h"
 #include "chrome/browser/chromeos/login/test/user_policy_mixin.h"
 #include "chrome/browser/chromeos/profiles/profile_helper.h"
@@ -38,7 +41,9 @@
 #include "components/session_manager/core/session_manager.h"
 #include "components/user_manager/user.h"
 #include "components/user_manager/user_manager.h"
+#include "content/public/test/test_launcher.h"
 #include "content/public/test/test_utils.h"
+#include "net/dns/mock_host_resolver.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "third_party/cros_system_api/dbus/service_constants.h"
 
@@ -264,15 +269,47 @@ IN_PROC_BROWSER_TEST_F(CrashRestoreComplexTest, RestoreSessionForThreeUsers) {
 // Tests crash restore flow for child user.
 class CrashRestoreChildUserTest : public MixinBasedInProcessBrowserTest {
  protected:
-  CrashRestoreChildUserTest() { login_manager_.set_session_restore_enabled(); }
+  CrashRestoreChildUserTest() {
+    login_manager_.set_session_restore_enabled();
+
+    // Setup mixins needed for smoother child login in PRE test only, as this is
+    // the test that goes through login flow. These are set up to provide OAuth2
+    // token and fresh child user policy during login (session start is blocked
+    // on fetching the policy - this eventually times out, but adds unnecessary
+    // test runtime).
+    if (content::IsPreTest()) {
+      embedded_test_server_setup_ =
+          std::make_unique<EmbeddedTestServerSetupMixin>(
+              &mixin_host_, embedded_test_server());
+      fake_gaia_ =
+          std::make_unique<FakeGaiaMixin>(&mixin_host_, embedded_test_server());
+      policy_server_ =
+          std::make_unique<LocalPolicyTestServerMixin>(&mixin_host_);
+    }
+    user_policy_mixin_ = std::make_unique<UserPolicyMixin>(
+        &mixin_host_, test_user_.account_id, policy_server_.get());
+  }
+
   ~CrashRestoreChildUserTest() override = default;
 
   // MixinBasedInProcessBrowserTest:
-  void SetUp() override {
+  void SetUpInProcessBrowserTestFixture() override {
     // Child users require a user policy, set up an empty one so the user can
     // get through login.
-    ASSERT_TRUE(user_policy_mixin_.RequestCachedPolicyUpdate());
-    MixinBasedInProcessBrowserTest::SetUp();
+    ASSERT_TRUE(user_policy_mixin_->RequestPolicyUpdate());
+    MixinBasedInProcessBrowserTest::SetUpInProcessBrowserTestFixture();
+  }
+
+  void SetUpOnMainThread() override {
+    if (fake_gaia_) {
+      host_resolver()->AddRule("*", "127.0.0.1");
+      fake_gaia_->SetupFakeGaiaForChildUser(
+          test_user_.account_id.GetUserEmail(),
+          test_user_.account_id.GetGaiaId(), "fake-refresh-token",
+          false /*issue_any_scope_token*/);
+    }
+
+    MixinBasedInProcessBrowserTest::SetUpOnMainThread();
   }
 
   const LoginManagerMixin::TestUserInfo test_user_{
@@ -280,13 +317,21 @@ class CrashRestoreChildUserTest : public MixinBasedInProcessBrowserTest {
       user_manager::USER_TYPE_CHILD};
 
   LoginManagerMixin login_manager_{&mixin_host_, {test_user_}};
-  UserPolicyMixin user_policy_mixin_{&mixin_host_, test_user_.account_id};
+
+  std::unique_ptr<LocalPolicyTestServerMixin> policy_server_;
+  std::unique_ptr<UserPolicyMixin> user_policy_mixin_;
+
+  std::unique_ptr<EmbeddedTestServerSetupMixin> embedded_test_server_setup_;
+  std::unique_ptr<FakeGaiaMixin> fake_gaia_;
 };
 
 IN_PROC_BROWSER_TEST_F(CrashRestoreChildUserTest, PRE_SessionRestore) {
+  UserContext user_context =
+      LoginManagerMixin::CreateDefaultUserContext(test_user_);
+  user_context.SetRefreshToken("fake-refresh-token");
+
   // Verify that child user can log in.
-  login_manager_.LoginAndWaitForActiveSession(
-      LoginManagerMixin::CreateDefaultUserContext(test_user_));
+  login_manager_.LoginAndWaitForActiveSession(user_context);
 }
 
 IN_PROC_BROWSER_TEST_F(CrashRestoreChildUserTest, SessionRestore) {

chrome/browser/chromeos/login/encryption_migration_browsertest.cc

@@ -93,7 +93,7 @@ class EncryptionMigrationTest : public MixinBasedInProcessBrowserTest {
   void SetUpEncryptionMigrationActionPolicy(
       arc::policy_util::EcryptfsMigrationAction action) {
     std::unique_ptr<ScopedUserPolicyUpdate> updater =
-        user_policy_mixin_.RequestCachedPolicyUpdate();
+        user_policy_mixin_.RequestPolicyUpdate();
     updater->policy_payload()->mutable_ecryptfsmigrationstrategy()->set_value(
         static_cast<int>(action));
   }

chrome/browser/chromeos/login/screens/supervision_transition_screen_browsertest.cc

@@ -11,7 +11,10 @@
 #include "chrome/browser/chromeos/arc/arc_session_manager.h"
 #include "chrome/browser/chromeos/arc/arc_util.h"
 #include "chrome/browser/chromeos/login/mixin_based_in_process_browser_test.h"
+#include "chrome/browser/chromeos/login/test/embedded_test_server_mixin.h"
+#include "chrome/browser/chromeos/login/test/fake_gaia_mixin.h"
 #include "chrome/browser/chromeos/login/test/js_checker.h"
+#include "chrome/browser/chromeos/login/test/local_policy_test_server_mixin.h"
 #include "chrome/browser/chromeos/login/test/login_manager_mixin.h"
 #include "chrome/browser/chromeos/login/test/login_screen_tester.h"
 #include "chrome/browser/chromeos/login/test/oobe_screen_waiter.h"
@@ -30,6 +33,7 @@
 #include "components/arc/test/fake_arc_session.h"
 #include "components/prefs/pref_service.h"
 #include "components/user_manager/user_type.h"
+#include "net/dns/mock_host_resolver.h"
 
 namespace chromeos {
 
@@ -49,7 +53,9 @@ class SupervisionTransitionScreenTest
   }
 
   void SetUpOnMainThread() override {
-    ASSERT_TRUE(user_policy_.RequestCachedPolicyUpdate());
+    host_resolver()->AddRule("*", "127.0.0.1");
+
+    ASSERT_TRUE(user_policy_.RequestPolicyUpdate());
 
     arc::ArcServiceLauncher::Get()->ResetForTesting();
     arc::ArcSessionManager::Get()->SetArcSessionRunnerForTesting(
@@ -68,17 +74,35 @@ class SupervisionTransitionScreenTest
                : user_manager::USER_TYPE_REGULAR;
   }
 
+  void LogIn(const LoginManagerMixin::TestUserInfo& user) {
+    UserContext user_context =
+        LoginManagerMixin::CreateDefaultUserContext(user);
+    if (user.user_type == user_manager::USER_TYPE_CHILD) {
+      fake_gaia_.SetupFakeGaiaForChildUser(
+          user.account_id.GetUserEmail(), user.account_id.GetGaiaId(),
+          "refresh-token", false /*issue_any_scope_token*/);
+      user_context.SetRefreshToken("refresh-token");
+    }
+    login_manager_.AttemptLoginUsingAuthenticator(
+        user_context, std::make_unique<StubAuthenticatorBuilder>(user_context));
+  }
+
   LoginManagerMixin::TestUserInfo user_{
       AccountId::FromUserEmailGaiaId("user@gmail.com", "user"), GetParam()};
   LoginManagerMixin login_manager_{&mixin_host_, {user_}};
 
-  UserPolicyMixin user_policy_{&mixin_host_, user_.account_id};
+  LocalPolicyTestServerMixin policy_server_{&mixin_host_};
+  UserPolicyMixin user_policy_{&mixin_host_, user_.account_id, &policy_server_};
+
+  EmbeddedTestServerSetupMixin embedded_test_server_setup_{
+      &mixin_host_, embedded_test_server()};
+  FakeGaiaMixin fake_gaia_{&mixin_host_, embedded_test_server()};
 };
 
 IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest,
                        PRE_SuccessfulTransition) {
-  login_manager_.LoginAndWaitForActiveSession(
-      LoginManagerMixin::CreateDefaultUserContext(user_));
+  LogIn(user_);
+  login_manager_.WaitForActiveSession();
 
   Profile* profile = ProfileManager::GetPrimaryUserProfile();
   profile->GetPrefs()->SetBoolean(arc::prefs::kArcSignedIn, true);
@@ -88,11 +112,7 @@ IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest,
 IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest, SuccessfulTransition) {
   LoginManagerMixin::TestUserInfo transitioned_user(user_.account_id,
                                                     GetTargetUserType());
-  UserContext user_context =
-      LoginManagerMixin::CreateDefaultUserContext(transitioned_user);
-
-  login_manager_.AttemptLoginUsingAuthenticator(
-      user_context, std::make_unique<StubAuthenticatorBuilder>(user_context));
+  LogIn(transitioned_user);
 
   OobeScreenWaiter(SupervisionTransitionScreenView::kScreenId).Wait();
 
@@ -115,8 +135,8 @@ IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest, SuccessfulTransition) {
 }
 
 IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest, PRE_TransitionTimeout) {
-  login_manager_.LoginAndWaitForActiveSession(
-      LoginManagerMixin::CreateDefaultUserContext(user_));
+  LogIn(user_);
+  login_manager_.WaitForActiveSession();
 
   Profile* profile = ProfileManager::GetPrimaryUserProfile();
   profile->GetPrefs()->SetBoolean(arc::prefs::kArcSignedIn, true);
@@ -126,11 +146,7 @@ IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest, PRE_TransitionTimeout) {
 IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest, TransitionTimeout) {
   LoginManagerMixin::TestUserInfo transitioned_user(user_.account_id,
                                                     GetTargetUserType());
-  UserContext user_context =
-      LoginManagerMixin::CreateDefaultUserContext(transitioned_user);
-
-  login_manager_.AttemptLoginUsingAuthenticator(
-      user_context, std::make_unique<StubAuthenticatorBuilder>(user_context));
+  LogIn(transitioned_user);
 
   OobeScreenWaiter(SupervisionTransitionScreenView::kScreenId).Wait();
 
@@ -170,8 +186,8 @@ IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest, TransitionTimeout) {
 
 IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest,
                        PRE_SkipTransitionIfArcNeverStarted) {
-  login_manager_.LoginAndWaitForActiveSession(
-      LoginManagerMixin::CreateDefaultUserContext(user_));
+  LogIn(user_);
+  login_manager_.WaitForActiveSession();
 }
 
 IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest,
@@ -180,8 +196,8 @@ IN_PROC_BROWSER_TEST_P(SupervisionTransitionScreenTest,
                                                     GetTargetUserType());
 
   // Login should go through without being interrupted.
-  login_manager_.LoginAndWaitForActiveSession(
-      LoginManagerMixin::CreateDefaultUserContext(transitioned_user));
+  LogIn(transitioned_user);
+  login_manager_.WaitForActiveSession();
 }
 
 INSTANTIATE_TEST_SUITE_P(/* no prefix */,

chrome/browser/chromeos/login/test/fake_gaia_mixin.cc

@@ -6,6 +6,7 @@
 
 #include "ash/public/cpp/ash_switches.h"
 #include "base/command_line.h"
+#include "chrome/browser/chromeos/child_accounts/child_account_test_utils.h"
 #include "google_apis/gaia/gaia_constants.h"
 #include "google_apis/gaia/gaia_switches.h"
 #include "google_apis/gaia/gaia_urls.h"
@@ -61,6 +62,42 @@ void FakeGaiaMixin::SetupFakeGaiaForLogin(const std::string& user_email,
   fake_gaia_->IssueOAuthToken(refresh_token, token_info);
 }
 
+void FakeGaiaMixin::SetupFakeGaiaForChildUser(const std::string& user_email,
+                                              const std::string& gaia_id,
+                                              const std::string& refresh_token,
+                                              bool issue_any_scope_token) {
+  if (!gaia_id.empty())
+    fake_gaia_->MapEmailToGaiaId(user_email, gaia_id);
+
+  FakeGaia::AccessTokenInfo user_info_token;
+  user_info_token.scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);
+  user_info_token.scopes.insert(GaiaConstants::kOAuthWrapBridgeUserInfoScope);
+  user_info_token.audience = GaiaUrls::GetInstance()->oauth2_chrome_client_id();
+
+  user_info_token.token = "fake-userinfo-token";
+  user_info_token.email = user_email;
+  fake_gaia_->IssueOAuthToken(refresh_token, user_info_token);
+
+  if (issue_any_scope_token) {
+    FakeGaia::AccessTokenInfo all_scopes_token;
+    all_scopes_token.token = kTestAllScopeAccessToken;
+    all_scopes_token.audience =
+        GaiaUrls::GetInstance()->oauth2_chrome_client_id();
+    all_scopes_token.email = user_email;
+    all_scopes_token.any_scope = true;
+    fake_gaia_->IssueOAuthToken(refresh_token, all_scopes_token);
+  }
+
+  if (initialize_fake_merge_session()) {
+    fake_gaia_->SetFakeMergeSessionParams(user_email, kFakeSIDCookie,
+                                          kFakeLSIDCookie);
+
+    FakeGaia::MergeSessionParams merge_session_update;
+    merge_session_update.id_token = test::GetChildAccountOAuthIdToken();
+    fake_gaia_->UpdateMergeSessionParams(merge_session_update);
+  }
+}
+
 void FakeGaiaMixin::SetupFakeGaiaForLoginManager() {
   FakeGaia::AccessTokenInfo token_info;
   token_info.scopes.insert(GaiaConstants::kDeviceManagementServiceOAuth);

chrome/browser/chromeos/login/test/fake_gaia_mixin.h

@@ -63,6 +63,18 @@ class FakeGaiaMixin : public InProcessBrowserTestMixin {
   void SetupFakeGaiaForLogin(const std::string& user_email,
                              const std::string& gaia_id,
                              const std::string& refresh_token);
+  // Sets up fake gaia to serve access tokens for a child user.
+  // *   Maps |user_email| to |gaia_id|. If |gaia_id| is empty, |user_email|
+  //     will be mapped to kDefaultGaiaId in FakeGaia.
+  // *   Issues user info token scoped for device management service.
+  // *   If |issue_any_scope_token|, issues a special all-access token
+  //     associated with the test refresh token (as it's done in
+  //     SetupFakeGaiaForLogin()).
+  // *   Initializes fake merge session as needed.
+  void SetupFakeGaiaForChildUser(const std::string& user_email,
+                                 const std::string& gaia_id,
+                                 const std::string& refresh_token,
+                                 bool issue_any_scope_token);
   void SetupFakeGaiaForLoginManager();
 
   bool initialize_fake_merge_session() {

chrome/browser/chromeos/login/test/local_policy_test_server_mixin.cc

@@ -128,6 +128,26 @@ bool LocalPolicyTestServerMixin::UpdateDevicePolicy(
       std::string() /* entity_id */, policy.SerializeAsString());
 }
 
+bool LocalPolicyTestServerMixin::UpdateUserPolicy(
+    const enterprise_management::CloudPolicySettings& policy,
+    const std::string& policy_user) {
+  // Configure the test server's policy user. This will ensure the desired
+  // username is set in policy responses, even if the request does not contain
+  // username field.
+  base::Value managed_users_list(base::Value::Type::LIST);
+  managed_users_list.GetList().emplace_back("*");
+  server_config_.SetKey("managed_users", std::move(managed_users_list));
+  server_config_.SetKey("policy_user", base::Value(policy_user));
+  server_config_.SetKey("current_key_index", base::Value(0));
+  if (!policy_test_server_->SetConfig(server_config_))
+    return false;
+
+  // Update the policy that should be served for the user.
+  return policy_test_server_->UpdatePolicy(
+      policy::dm_protocol::kChromeUserPolicyType, std::string() /* entity_id */,
+      policy.SerializeAsString());
+}
+
 bool LocalPolicyTestServerMixin::UpdateUserPolicy(
     const base::Value& mandatory_policy,
     const base::Value& recommended_policy,

chrome/browser/chromeos/login/test/local_policy_test_server_mixin.h

@@ -14,6 +14,7 @@
 #include "chrome/browser/chromeos/policy/server_backed_state_keys_broker.h"
 #include "chrome/browser/policy/test/local_policy_test_server.h"
 #include "components/policy/proto/chrome_device_policy.pb.h"
+#include "components/policy/proto/cloud_policy.pb.h"
 #include "components/policy/proto/device_management_backend.pb.h"
 
 namespace chromeos {
@@ -32,9 +33,20 @@ class LocalPolicyTestServerMixin : public InProcessBrowserTestMixin {
   void SetUp() override;
   void SetUpCommandLine(base::CommandLine* command_line) override;
 
+  // Updates device policy blob served by the local policy test server.
   bool UpdateDevicePolicy(
       const enterprise_management::ChromeDeviceSettingsProto& policy);
 
+  // Updates user policy blob served by the local policy test server.
+  // |policy_user| - the policy user's email.
+  bool UpdateUserPolicy(
+      const enterprise_management::CloudPolicySettings& policy,
+      const std::string& policy_user);
+
+  // Updates user policies served by the local policy test server, by
+  // configuring ser of mandatory and recommended policies that should be
+  // returned for the policy user.
+  // |policy_user| - the policy user's email.
   bool UpdateUserPolicy(const base::Value& mandatory_policy,
                         const base::Value& recommended_policy,
                         const std::string& policy_user);

chrome/browser/chromeos/login/test/login_manager_mixin.cc

@@ -67,6 +67,12 @@ class TestUserRegistrationMainExtra : public ChromeBrowserMainExtraParts {
                                  base::Value(static_cast<int>(user.user_type)));
 
         user_manager::known_user::UpdateId(user.account_id);
+
+        if (user.user_type == user_manager::USER_TYPE_CHILD) {
+          user_manager::known_user::SetProfileRequiresPolicy(
+              user.account_id,
+              user_manager::known_user::ProfileRequiresPolicy::kPolicyRequired);
+        }
       }
     }
 

chrome/browser/chromeos/login/test/user_policy_mixin.cc

@@ -10,6 +10,7 @@
 #include "base/files/file_path.h"
 #include "base/path_service.h"
 #include "base/threading/thread_restrictions.h"
+#include "chrome/browser/chromeos/login/test/local_policy_test_server_mixin.h"
 #include "chrome/common/chrome_paths.h"
 #include "chromeos/constants/chromeos_paths.h"
 #include "chromeos/cryptohome/cryptohome_parameters.h"
@@ -18,6 +19,7 @@
 #include "chromeos/dbus/cryptohome/rpc.pb.h"
 #include "chromeos/dbus/session_manager/fake_session_manager_client.h"
 #include "chromeos/dbus/session_manager/session_manager_client.h"
+#include "components/policy/core/common/cloud/cloud_policy_constants.h"
 
 namespace chromeos {
 
@@ -25,10 +27,17 @@ UserPolicyMixin::UserPolicyMixin(InProcessBrowserTestMixinHost* mixin_host,
                                  const AccountId& account_id)
     : InProcessBrowserTestMixin(mixin_host), account_id_(account_id) {}
 
+UserPolicyMixin::UserPolicyMixin(InProcessBrowserTestMixinHost* mixin_host,
+                                 const AccountId& account_id,
+                                 LocalPolicyTestServerMixin* policy_server)
+    : InProcessBrowserTestMixin(mixin_host),
+      account_id_(account_id),
+      policy_server_(policy_server) {}
+
 UserPolicyMixin::~UserPolicyMixin() = default;
 
 void UserPolicyMixin::SetUpInProcessBrowserTestFixture() {
-  SetUpUserKeysFile(cached_user_policy_builder_.GetPublicSigningKeyAsString());
+  SetUpUserKeysFile(user_policy_builder_.GetPublicSigningKeyAsString());
 
   // Make sure session manager client has been initialized as in-memory. This is
   // requirement for setting policy blobs.
@@ -37,16 +46,14 @@ void UserPolicyMixin::SetUpInProcessBrowserTestFixture() {
 
   session_manager_initialized_ = true;
 
-  if (set_cached_policy_in_setup_)
-    SetUpCachedPolicy();
+  if (set_policy_in_setup_)
+    SetUpPolicy();
 }
 
-std::unique_ptr<ScopedUserPolicyUpdate>
-UserPolicyMixin::RequestCachedPolicyUpdate() {
+std::unique_ptr<ScopedUserPolicyUpdate> UserPolicyMixin::RequestPolicyUpdate() {
   return std::make_unique<ScopedUserPolicyUpdate>(
-      &cached_user_policy_builder_,
-      base::BindOnce(&UserPolicyMixin::SetUpCachedPolicy,
-                     weak_factory_.GetWeakPtr()));
+      &user_policy_builder_, base::BindOnce(&UserPolicyMixin::SetUpPolicy,
+                                            weak_factory_.GetWeakPtr()));
 }
 
 void UserPolicyMixin::SetUpUserKeysFile(const std::string& user_key_bits) {
@@ -76,24 +83,31 @@ void UserPolicyMixin::SetUpUserKeysFile(const std::string& user_key_bits) {
   DCHECK_EQ(static_cast<int>(user_key_bits.length()), write_result);
 }
 
-void UserPolicyMixin::SetUpCachedPolicy() {
+void UserPolicyMixin::SetUpPolicy() {
   if (!session_manager_initialized_) {
-    set_cached_policy_in_setup_ = true;
+    set_policy_in_setup_ = true;
     return;
   }
 
-  cached_user_policy_builder_.policy_data().set_username(
-      account_id_.GetUserEmail());
-  cached_user_policy_builder_.policy_data().set_gaia_id(
-      account_id_.GetGaiaId());
-  cached_user_policy_builder_.Build();
+  user_policy_builder_.policy_data().set_username(account_id_.GetUserEmail());
+  user_policy_builder_.policy_data().set_gaia_id(account_id_.GetGaiaId());
+  user_policy_builder_.policy_data().set_public_key_version(1);
+
+  user_policy_builder_.SetDefaultSigningKey();
+  user_policy_builder_.Build();
+
+  const std::string policy_blob = user_policy_builder_.GetBlob();
 
   const cryptohome::AccountIdentifier cryptohome_id =
       cryptohome::CreateAccountIdentifierFromAccountId(account_id_);
-  FakeSessionManagerClient::Get()->set_user_policy(
-      cryptohome_id, cached_user_policy_builder_.GetBlob());
+  FakeSessionManagerClient::Get()->set_user_policy(cryptohome_id, policy_blob);
   FakeSessionManagerClient::Get()->set_user_policy_without_session(
-      cryptohome_id, cached_user_policy_builder_.GetBlob());
+      cryptohome_id, policy_blob);
+
+  if (policy_server_) {
+    policy_server_->UpdateUserPolicy(user_policy_builder_.payload(),
+                                     account_id_.GetUserEmail());
+  }
 }
 
 }  // namespace chromeos

chrome/browser/chromeos/login/test/user_policy_mixin.h

@@ -17,13 +17,19 @@
 
 namespace chromeos {
 
+class LocalPolicyTestServerMixin;
+
 // Mixin for setting up user policy for a test user.
-// Currently supports setting cached user policy.
+// Currently supports setting cached user policy and optionally user policy
+// served by local policy test server..
 // NOTE: This mixin will set up in-memory FakeSessionManagerClient during setup.
 class UserPolicyMixin : public InProcessBrowserTestMixin {
  public:
   UserPolicyMixin(InProcessBrowserTestMixinHost* mixin_host,
                   const AccountId& account_id);
+  UserPolicyMixin(InProcessBrowserTestMixinHost* mixin_host,
+                  const AccountId& account_id,
+                  LocalPolicyTestServerMixin* policy_server);
   ~UserPolicyMixin() override;
 
   // InProcessBrowserTestMixin:
@@ -36,7 +42,7 @@ class UserPolicyMixin : public InProcessBrowserTestMixin {
   //
   // If called during setup, before steps that initialize session manager,
   // policy change will be deferred until session manager initialization.
-  std::unique_ptr<ScopedUserPolicyUpdate> RequestCachedPolicyUpdate();
+  std::unique_ptr<ScopedUserPolicyUpdate> RequestPolicyUpdate();
 
  private:
   // Creates a file containing public policy signing key that will be used to
@@ -44,21 +50,26 @@ class UserPolicyMixin : public InProcessBrowserTestMixin {
   // this step is skipped.
   void SetUpUserKeysFile(const std::string& user_key_bits);
 
-  // Sets policy blobs cached in the fake session manager client.
-  void SetUpCachedPolicy();
+  // Sets policy blobs in the fake session manager client.
+  void SetUpPolicy();
 
   // The account ID of the user whose policy is set up by the mixin.
   AccountId account_id_;
 
-  // Whether the mixin should set up the cached policy blobs during setup.
+  // Whether the mixin should set up policy blobs during setup.
   // Set in RequestCachedPolicyUpdate() is used during test setup (before
   // SetUpInProcessBrowserTestFixture()).
-  bool set_cached_policy_in_setup_ = false;
+  bool set_policy_in_setup_ = false;
 
   // Whether the mixin initialized fake session manager client.
   bool session_manager_initialized_ = false;
 
-  policy::UserPolicyBuilder cached_user_policy_builder_;
+  // Policy server that can optionally be passed into UserPolicyMixin. If set
+  // user policy changes done by RequestPolicyUpdate() will also be forwarded
+  // to the policy server.
+  LocalPolicyTestServerMixin* policy_server_ = nullptr;
+
+  policy::UserPolicyBuilder user_policy_builder_;
 
   base::WeakPtrFactory<UserPolicyMixin> weak_factory_{this};
 

chrome/browser/chromeos/policy/site_isolation_flag_handling_browsertest.cc

@@ -306,7 +306,7 @@ class SiteIsolationFlagHandlingTest
     update.reset();
 
     std::unique_ptr<ScopedUserPolicyUpdate> user_policy_update =
-        user_policy_.RequestCachedPolicyUpdate();
+        user_policy_.RequestPolicyUpdate();
     if (GetParam().user_policy_site_per_process) {
       user_policy_update->policy_payload()
           ->mutable_siteperprocess()