FakeCryptohomeClient: Simulate ecryptfs user home only when configured

FakeCryptohomeClient is changed to simluate an ecryptfs user home only if this has been configured by FakeCryptohomeClient::SetEcryptfsUserHome, which supersedes set_needs_dircrypto_migration. Configuring a user home to be ecryptfs will have two effects: NeedsDircryptoMigration will return true for the user home and MountEx will fail if forcing dircrypto. Until this CL, FakeCryptohomeClient was pretending that all mounts are still on ecryptfs, which was masked by the migration being disallowed in ExistingUserController (due to assumed enterprise user policy in the browsertests). Bug: 832127 Change-Id: I0cd95c55d1c0fcb8a6bd862f7e9eeffcde9ecd46 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2515405 Commit-Queue: Pavol Marko <pmarko@chromium.org> Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#824153}

FakeCryptohomeClient: Simulate ecryptfs user home only when configured
FakeCryptohomeClient is changed to simluate an ecryptfs user home only if this has been configured by FakeCryptohomeClient::SetEcryptfsUserHome, which supersedes set_needs_dircrypto_migration. Configuring a user home to be ecryptfs will have two effects: NeedsDircryptoMigration will return true for the user home and MountEx will fail if forcing dircrypto. Until this CL, FakeCryptohomeClient was pretending that all mounts are still on ecryptfs, which was masked by the migration being disallowed in ExistingUserController (due to assumed enterprise user policy in the browsertests). Bug: 832127 Change-Id: I0cd95c55d1c0fcb8a6bd862f7e9eeffcde9ecd46 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2515405 Commit-Queue: Pavol Marko <pmarko@chromium.org> Reviewed-by: Ryo Hashimoto <hashimoto@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#824153}
72f93d1d · Pavol Marko · Commit Bot · 6e1edd3e · 72f93d1d · 72f93d1d
Commit 72f93d1d authored Nov 04, 2020 by Pavol Marko Committed by Commit Bot Nov 04, 2020
4 changed files
--- a/chrome/browser/chromeos/login/encryption_migration_browsertest.cc
+++ b/chrome/browser/chromeos/login/encryption_migration_browsertest.cc
@@ -76,6 +76,8 @@ class EncryptionMigrationTest : public OobeBaseTest {
  void SetUpOnMainThread() override {
    OobeBaseTest::SetUpOnMainThread();
+    FakeCryptohomeClient::Get()->SetEcryptfsUserHome(GetTestCryptohomeId(),
+                                                     true);
    FakeCryptohomeClient::Get()->set_run_default_dircrypto_migration(false);
    // Configure encryption migration screen for test.

--- a/chrome/browser/chromeos/login/screens/user_selection_screen_browsertest.cc
+++ b/chrome/browser/chromeos/login/screens/user_selection_screen_browsertest.cc
@@ -13,6 +13,7 @@
 #include "chrome/browser/chromeos/login/test/login_manager_mixin.h"
 #include "chrome/browser/chromeos/login/test/test_predicate_waiter.h"
 #include "chromeos/constants/chromeos_switches.h"
+#include "chromeos/cryptohome/cryptohome_parameters.h"
 #include "chromeos/dbus/cryptohome/fake_cryptohome_client.h"
 #include "content/public/test/browser_test.h"
@@ -48,8 +49,9 @@ IN_PROC_BROWSER_TEST_F(UserSelectionScreenTest, ShowDircryptoMigrationBanner) {
  std::unique_ptr<base::HistogramTester> histogram_tester =
      std::make_unique<base::HistogramTester>();
-  // Change the needs dircrypto migration response.
+  FakeCryptohomeClient::Get()->SetEcryptfsUserHome(
-  FakeCryptohomeClient::Get()->set_needs_dircrypto_migration(true);
+      cryptohome::CreateAccountIdentifierFromAccountId(users[1].account_id),
+      true);
  // Focus the 2nd user pod (consumer).
  ASSERT_TRUE(ash::LoginScreenTestApi::FocusUser(users[1].account_id));
@@ -62,8 +64,9 @@ IN_PROC_BROWSER_TEST_F(UserSelectionScreenTest, ShowDircryptoMigrationBanner) {
  histogram_tester->ExpectBucketCount("Ash.Login.Login.MigrationBanner", true,
                                      1);
-  // Change the needs dircrypto migration response.
+  FakeCryptohomeClient::Get()->SetEcryptfsUserHome(
-  FakeCryptohomeClient::Get()->set_needs_dircrypto_migration(false);
+      cryptohome::CreateAccountIdentifierFromAccountId(users[2].account_id),
+      false);
  histogram_tester = std::make_unique<base::HistogramTester>();
  // Focus the 3rd user pod (consumer).
  ASSERT_TRUE(ash::LoginScreenTestApi::FocusUser(users[2].account_id));
@@ -76,8 +79,9 @@ IN_PROC_BROWSER_TEST_F(UserSelectionScreenTest, ShowDircryptoMigrationBanner) {
  histogram_tester->ExpectBucketCount("Ash.Login.Login.MigrationBanner", false,
                                      1);
-  // Change the needs dircrypto migration response.
+  FakeCryptohomeClient::Get()->SetEcryptfsUserHome(
-  FakeCryptohomeClient::Get()->set_needs_dircrypto_migration(true);
+      cryptohome::CreateAccountIdentifierFromAccountId(users[3].account_id),
+      true);
  histogram_tester = std::make_unique<base::HistogramTester>();
  // Focus to the 4th user pod (enterprise).

--- a/chromeos/dbus/cryptohome/fake_cryptohome_client.cc
+++ b/chromeos/dbus/cryptohome/fake_cryptohome_client.cc
@@ -424,7 +424,8 @@ void FakeCryptohomeClient::MountEx(
  cryptohome::MountReply* mount =
      reply.MutableExtension(cryptohome::MountReply::reply);
  mount->set_sanitized_username(GetStubSanitizedUsername(cryptohome_id));
-  if (!request.to_migrate_from_ecryptfs() &&
+  if (IsEcryptfsUserHome(cryptohome_id) &&
+      !request.to_migrate_from_ecryptfs() &&
      request.force_dircrypto_if_available()) {
    error = cryptohome::CRYPTOHOME_ERROR_MOUNT_OLD_ENCRYPTION;
  }
@@ -563,7 +564,7 @@ void FakeCryptohomeClient::NeedsDircryptoMigration(
    DBusMethodCallback<bool> callback) {
  base::ThreadTaskRunnerHandle::Get()->PostTask(
      FROM_HERE,
-      base::BindOnce(std::move(callback), needs_dircrypto_migration_));
+      base::BindOnce(std::move(callback), IsEcryptfsUserHome(cryptohome_id)));
 }
 void FakeCryptohomeClient::GetSupportedKeyPolicies(
@@ -646,6 +647,15 @@ std::vector<uint8_t> FakeCryptohomeClient::GetStubSystemSalt() {
      kStubSystemSalt, kStubSystemSalt + base::size(kStubSystemSalt) - 1);
 }
+void FakeCryptohomeClient::SetEcryptfsUserHome(
+    const cryptohome::AccountIdentifier& cryptohome_id,
+    bool use_ecryptfs) {
+  if (use_ecryptfs)
+    ecryptfs_user_homes_.insert(cryptohome_id);
+  else
+    ecryptfs_user_homes_.erase(cryptohome_id);
+}
 void FakeCryptohomeClient::ReturnProtobufMethodCallback(
    const cryptohome::BaseReply& reply,
    DBusMethodCallback<cryptohome::BaseReply> callback) {
@@ -699,6 +709,7 @@ void FakeCryptohomeClient::OnDircryptoMigrationProgressUpdated() {
    NotifyDircryptoMigrationProgress(cryptohome::DIRCRYPTO_MIGRATION_SUCCESS,
                                     dircrypto_migration_progress_,
                                     kDircryptoMigrationMaxProgress);
+    SetEcryptfsUserHome(id_for_disk_migrated_to_dircrypto_, false);
    dircrypto_migration_progress_timer_.Stop();
    return;
  }
@@ -767,6 +778,11 @@ bool FakeCryptohomeClient::LoadInstallAttributes() {
  return true;
 }
+bool FakeCryptohomeClient::IsEcryptfsUserHome(
+    const cryptohome::AccountIdentifier& cryptohome_id) {
+  return base::Contains(ecryptfs_user_homes_, cryptohome_id);
+}
 std::map<std::string, cryptohome::Key>::const_iterator
 FakeCryptohomeClient::FindKey(
    const std::map<std::string, cryptohome::Key>& keys,

--- a/chromeos/dbus/cryptohome/fake_cryptohome_client.h
+++ b/chromeos/dbus/cryptohome/fake_cryptohome_client.h
@@ -8,6 +8,7 @@
 #include <stdint.h>
 #include <map>
+#include <set>
 #include <string>
 #include <utility>
 #include <vector>
@@ -234,10 +235,10 @@ class COMPONENT_EXPORT(CRYPTOHOME_CLIENT) FakeCryptohomeClient
  // format used by SystemSaltGetter::ConvertRawSaltToHexString()).
  static std::vector<uint8_t> GetStubSystemSalt();
-  // Sets the needs dircrypto migration value.
+  // Marks |cryptohome_id| as using ecryptfs (|use_ecryptfs|=true) or dircrypto
-  void set_needs_dircrypto_migration(bool needs_migration) {
+  // (|use_ecryptfs|=false).
-    needs_dircrypto_migration_ = needs_migration;
+  void SetEcryptfsUserHome(const cryptohome::AccountIdentifier& cryptohome_id,
-  }
+                           bool use_ecryptfs);
  // Sets whether dircrypto migration update should be run automatically.
  // If set to false, the client will not send any dircrypto migration progress
@@ -350,6 +351,10 @@ class COMPONENT_EXPORT(CRYPTOHOME_CLIENT) FakeCryptohomeClient
  // Loads install attributes from the stub file.
  bool LoadInstallAttributes();
+  // Returns true if |cryptohome_id| has been marked as being an ecryptfs user
+  // home using SetEcryptfsUserHome.
+  bool IsEcryptfsUserHome(const cryptohome::AccountIdentifier& cryptohome_id);
  // Finds a key matching the given label. Wildcard labels are supported.
  std::map<std::string, cryptohome::Key>::const_iterator FindKey(
      const std::map<std::string, cryptohome::Key>& keys,
@@ -380,10 +385,13 @@ class COMPONENT_EXPORT(CRYPTOHOME_CLIENT) FakeCryptohomeClient
           std::map<std::string, cryptohome::Key>>
      key_data_map_;
+  // Set of account identifiers whose user homes use ecryptfs. User homes not
+  // mentioned here use dircrypto.
+  std::set<cryptohome::AccountIdentifier> ecryptfs_user_homes_;
  base::RepeatingTimer dircrypto_migration_progress_timer_;
  uint64_t dircrypto_migration_progress_ = 0;
-  bool needs_dircrypto_migration_ = false;
  bool run_default_dircrypto_migration_ = true;
  bool supports_low_entropy_credentials_ = false;
  // Controls if CheckKeyEx actually checks the key.