DLP: Add unittests for DataTransferDlpController

- Added unittests for DataTransferDlpController.
- Changed some functions in DlpRulesManager &
DataTransferDlpController to be virtual, so it'd
be possible to override them in tests.

Bug: 1140528
Change-Id: I36091bb4bc8d2c55cd0ef8749ce46073e9cac689
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2550544
Commit-Queue: Aya Elsayed <ayaelattar@chromium.org>
Reviewed-by: Nikita Podguzov <nikitapodguzov@chromium.org>
Reviewed-by: Sergey Poromov <poromov@chromium.org>
Cr-Commit-Position: refs/heads/master@{#830979}

chrome/browser/chromeos/BUILD.gn

@@ -3700,6 +3700,7 @@ source_set("unit_tests") {
     "policy/device_dock_mac_address_source_handler_unittest.cc",
     "policy/device_local_account_policy_service_unittest.cc",
     "policy/device_policy_decoder_chromeos_unittest.cc",
+    "policy/dlp/data_transfer_dlp_controller_unittest.cc",
     "policy/dlp/dlp_content_manager_unittest.cc",
     "policy/dlp/dlp_content_tab_helper_unittest.cc",
     "policy/dlp/dlp_rules_manager_test_utils.cc",

chrome/browser/chromeos/policy/dlp/data_transfer_dlp_controller.cc

@@ -101,7 +101,7 @@ bool DataTransferDlpController::IsDataReadAllowed(
   }
 
   if (level == DlpRulesManager::Level::kBlock && notify_on_paste) {
-    helper_.NotifyBlockedPaste(data_src, data_dst);
+    DoNotifyBlockedPaste(data_src, data_dst);
   }
 
   return level == DlpRulesManager::Level::kAllow;
@@ -111,4 +111,10 @@ DataTransferDlpController::DataTransferDlpController() = default;
 
 DataTransferDlpController::~DataTransferDlpController() = default;
 
+void DataTransferDlpController::DoNotifyBlockedPaste(
+    const ui::DataTransferEndpoint* const data_src,
+    const ui::DataTransferEndpoint* const data_dst) {
+  helper_.NotifyBlockedPaste(data_src, data_dst);
+}
+
 }  // namespace policy

chrome/browser/chromeos/policy/dlp/data_transfer_dlp_controller.h

@@ -34,10 +34,15 @@ class DataTransferDlpController : public ui::DataTransferPolicyController {
       const ui::DataTransferEndpoint* const data_src,
       const ui::DataTransferEndpoint* const data_dst) override;
 
- private:
+ protected:
   DataTransferDlpController();
   ~DataTransferDlpController() override;
 
+ private:
+  virtual void DoNotifyBlockedPaste(
+      const ui::DataTransferEndpoint* const data_src,
+      const ui::DataTransferEndpoint* const data_dst);
+
   DlpClipboardNotificationHelper helper_;
 };
 

chrome/browser/chromeos/policy/dlp/data_transfer_dlp_controller_unittest.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/dlp/data_transfer_dlp_controller.h"
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_rules_manager.h"
+#include "testing/gmock/include/gmock/gmock-matchers.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "ui/base/data_transfer_policy/data_transfer_endpoint.h"
+#include "url/origin.h"
+
+namespace policy {
+
+namespace {
+
+constexpr char kGoogleUrl[] = "https://www.google.com";
+constexpr char kYoutubeUrl[] = "https://www.youtube.com";
+
+class MockDlpRulesManager : public DlpRulesManager {
+ public:
+  MockDlpRulesManager() = default;
+  ~MockDlpRulesManager() override = default;
+
+  MOCK_CONST_METHOD3(IsRestrictedDestination,
+                     Level(const GURL& source,
+                           const GURL& destination,
+                           Restriction restriction));
+
+  MOCK_CONST_METHOD3(IsRestrictedComponent,
+                     Level(const GURL& source,
+                           const Component& destination,
+                           Restriction restriction));
+
+  MOCK_CONST_METHOD3(IsRestrictedAnyOfComponents,
+                     Level(const GURL& source,
+                           const std::vector<Component>& destinations,
+                           Restriction restriction));
+};
+
+class MockDlpController : public DataTransferDlpController {
+ public:
+  MOCK_METHOD2(DoNotifyBlockedPaste,
+               void(const ui::DataTransferEndpoint* const data_src,
+                    const ui::DataTransferEndpoint* const data_dst));
+};
+
+}  // namespace
+
+class DataTransferDlpControllerTest : public testing::Test {
+ protected:
+  DataTransferDlpControllerTest() = default;
+
+  ~DataTransferDlpControllerTest() override = default;
+
+  ::testing::StrictMock<MockDlpController> dlp_controller_;
+  ::testing::StrictMock<MockDlpRulesManager> rules_manager_;
+};
+
+TEST_F(DataTransferDlpControllerTest, NullSrc) {
+  EXPECT_EQ(true, dlp_controller_.IsDataReadAllowed(nullptr, nullptr));
+}
+
+TEST_F(DataTransferDlpControllerTest, NullDst) {
+  ui::DataTransferEndpoint data_src(url::Origin::Create(GURL(kGoogleUrl)));
+  EXPECT_CALL(rules_manager_, IsRestrictedDestination)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_CALL(dlp_controller_, DoNotifyBlockedPaste);
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, nullptr));
+}
+
+TEST_F(DataTransferDlpControllerTest, DefaultDst) {
+  ui::DataTransferEndpoint data_src(url::Origin::Create(GURL(kGoogleUrl)));
+  ui::DataTransferEndpoint data_dst_1(ui::EndpointType::kDefault);
+  EXPECT_CALL(rules_manager_, IsRestrictedDestination)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_CALL(dlp_controller_, DoNotifyBlockedPaste);
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst_1));
+  testing::Mock::VerifyAndClearExpectations(&rules_manager_);
+  testing::Mock::VerifyAndClearExpectations(&dlp_controller_);
+
+  // Turn off notifications
+  ui::DataTransferEndpoint data_dst_2(ui::EndpointType::kDefault,
+                                      /*notify_if_restricted=*/false);
+  EXPECT_CALL(rules_manager_, IsRestrictedDestination)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst_2));
+}
+
+TEST_F(DataTransferDlpControllerTest, ClipboardHistoryDst) {
+  ui::DataTransferEndpoint data_src(url::Origin::Create(GURL(kGoogleUrl)));
+  ui::DataTransferEndpoint data_dst(ui::EndpointType::kClipboardHistory);
+  EXPECT_EQ(true, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst));
+}
+
+TEST_F(DataTransferDlpControllerTest, UrlSrcDst) {
+  ui::DataTransferEndpoint data_src(url::Origin::Create(GURL(kGoogleUrl)));
+  ui::DataTransferEndpoint data_dst_1(url::Origin::Create(GURL(kYoutubeUrl)));
+  EXPECT_CALL(rules_manager_, IsRestrictedDestination)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_CALL(dlp_controller_, DoNotifyBlockedPaste);
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst_1));
+  testing::Mock::VerifyAndClearExpectations(&rules_manager_);
+  testing::Mock::VerifyAndClearExpectations(&dlp_controller_);
+
+  // Turn off notifications
+  ui::DataTransferEndpoint data_dst_2(url::Origin::Create(GURL(kYoutubeUrl)),
+                                      /*notify_if_restricted=*/false);
+  EXPECT_CALL(rules_manager_, IsRestrictedDestination)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst_2));
+}
+
+TEST_F(DataTransferDlpControllerTest, ArcDst) {
+  ui::DataTransferEndpoint data_src(url::Origin::Create(GURL(kGoogleUrl)));
+  ui::DataTransferEndpoint data_dst(ui::EndpointType::kArc);
+  EXPECT_CALL(rules_manager_, IsRestrictedComponent)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_CALL(dlp_controller_, DoNotifyBlockedPaste);
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst));
+}
+
+TEST_F(DataTransferDlpControllerTest, GuestOsDst) {
+  ui::DataTransferEndpoint data_src(url::Origin::Create(GURL(kGoogleUrl)));
+  ui::DataTransferEndpoint data_dst(ui::EndpointType::kGuestOs);
+  EXPECT_CALL(rules_manager_, IsRestrictedAnyOfComponents)
+      .WillOnce(testing::Return(DlpRulesManager::Level::kBlock));
+  EXPECT_CALL(dlp_controller_, DoNotifyBlockedPaste);
+  EXPECT_EQ(false, dlp_controller_.IsDataReadAllowed(&data_src, &data_dst));
+}
+
+}  // namespace policy

chrome/browser/chromeos/policy/dlp/dlp_rules_manager.cc

@@ -145,8 +145,8 @@ static DlpRulesManager* g_dlp_rules_manager = nullptr;
 
 // static
 void DlpRulesManager::Init() {
-  if (!g_dlp_rules_manager)
-    g_dlp_rules_manager = new DlpRulesManager();
+  if (!IsInitialized())
+    new DlpRulesManager();
 }
 
 // static
@@ -243,7 +243,13 @@ DlpRulesManager::Level DlpRulesManager::IsRestrictedAnyOfComponents(
 }
 
 DlpRulesManager::DlpRulesManager() {
-  pref_change_registrar_.Init(g_browser_process->local_state());
+  g_dlp_rules_manager = this;
+
+  auto* local_state = g_browser_process->local_state();
+  if (!local_state)  // Sometimes it's not available in tests.
+    return;
+
+  pref_change_registrar_.Init(local_state);
   pref_change_registrar_.Add(
       policy_prefs::kDlpRulesList,
       base::BindRepeating(&DlpRulesManager::OnPolicyUpdate,

chrome/browser/chromeos/policy/dlp/dlp_rules_manager.h

@@ -98,36 +98,38 @@ class DlpRulesManager {
   // from `source`. ALLOW is returned if no restrictions should be applied.
   // Requires `restriction` to be one of the following: screenshot, printing,
   // privacy screen, screenshare.
-  Level IsRestricted(const GURL& source, Restriction restriction) const;
+  virtual Level IsRestricted(const GURL& source, Restriction restriction) const;
 
   // Returns the enforcement level for `restriction` given that data comes
   // from `source` and requested to be shared to `destination`. ALLOW is
   // returned if no restrictions should be applied. Requires `restriction` to be
   // clipboard.
-  Level IsRestrictedDestination(const GURL& source,
-                                const GURL& destination,
-                                Restriction restriction) const;
+  virtual Level IsRestrictedDestination(const GURL& source,
+                                        const GURL& destination,
+                                        Restriction restriction) const;
 
   // Returns the enforcement level for `restriction` given that data comes
   // from `source` and requested to be shared to `destination`. ALLOW is
   // returned if no restrictions should be applied. Requires `restriction` to be
   // clipboard.
-  Level IsRestrictedComponent(const GURL& source,
-                              const Component& destination,
-                              Restriction restriction) const;
+  virtual Level IsRestrictedComponent(const GURL& source,
+                                      const Component& destination,
+                                      Restriction restriction) const;
 
   // Returns the enforcement level for `restriction` given that data comes
   // from `source` and requested to be shared to `destinations`. ALLOW is
   // returned if there is not any restriction should be applied on any of the
   // `destinations`. Requires `restriction` to be clipboard.
-  Level IsRestrictedAnyOfComponents(const GURL& source,
-                                    const std::vector<Component>& destinations,
-                                    Restriction restriction) const;
+  virtual Level IsRestrictedAnyOfComponents(
+      const GURL& source,
+      const std::vector<Component>& destinations,
+      Restriction restriction) const;
 
- private:
+ protected:
   DlpRulesManager();
-  ~DlpRulesManager();
+  virtual ~DlpRulesManager();
 
+ private:
   void OnPolicyUpdate();
 
   // Returns the maximum level of the rules of given `restriction` joined with