Enable the command line policy on Android

The CommandLinePolicyProvider will be addded on Android device for Canary, Dev amd trunk channel. Unless the CommandLineOnNonRooted feature is enabled. Test locally with following command: out/Release/bin/chrome_apk run --args='--policy="{\"BrowserSignin\":0}"' And here is the screenshot of chrome://policy page: https://drive.google.com/file/d/1wp2nlPpgbMrOWFXigqYjgshjH5E7ZrrT/view?usp=sharing Bug: 1113792 Change-Id: I11f5d00a68a2f2a852eff1dc02ed6d1e653ff506 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357459 Commit-Queue: Owen Min <zmin@chromium.org> Reviewed-by: Sky Malice <skym@chromium.org> Cr-Commit-Position: refs/heads/master@{#798856}

Enable the command line policy on Android
The CommandLinePolicyProvider will be addded on Android device for Canary, Dev amd trunk channel. Unless the CommandLineOnNonRooted feature is enabled. Test locally with following command: out/Release/bin/chrome_apk run --args='--policy="{\"BrowserSignin\":0}"' And here is the screenshot of chrome://policy page: https://drive.google.com/file/d/1wp2nlPpgbMrOWFXigqYjgshjH5E7ZrrT/view?usp=sharing Bug: 1113792 Change-Id: I11f5d00a68a2f2a852eff1dc02ed6d1e653ff506 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357459 Commit-Queue: Owen Min <zmin@chromium.org> Reviewed-by: Sky Malice <skym@chromium.org> Cr-Commit-Position: refs/heads/master@{#798856}
9ddaaa5d · Owen Min · Commit Bot · 0abb249c · 9ddaaa5d · 9ddaaa5d
Commit 9ddaaa5d authored Aug 17, 2020 by Owen Min Committed by Commit Bot Aug 17, 2020
4 changed files
--- a/chrome/browser/policy/chrome_browser_policy_connector.cc
+++ b/chrome/browser/policy/chrome_browser_policy_connector.cc
@@ -18,6 +18,7 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/policy/configuration_policy_handler_list_factory.h"
 #include "chrome/browser/policy/device_management_service_configuration.h"
+#include "chrome/common/channel_info.h"
 #include "chrome/common/chrome_paths.h"
 #include "components/policy/core/common/async_policy_provider.h"
 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
@@ -61,13 +62,6 @@

 namespace policy {

-namespace {
-bool IsCommandLinePolicySupported() {
-  // TODO(crbug/1113792): Enable it on Android.
-  return false;
-}
-}  // namespace
-
 ChromeBrowserPolicyConnector::ChromeBrowserPolicyConnector()
    : BrowserPolicyConnector(base::Bind(&BuildHandlerList)) {
 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
@@ -155,10 +149,10 @@ ChromeBrowserPolicyConnector::CreatePolicyProviders() {
  }
 #endif

-  if (IsCommandLinePolicySupported()) {
-    std::unique_ptr<CommandLinePolicyProvider> command_line_provider =
-        std::make_unique<CommandLinePolicyProvider>(
-            *base::CommandLine::ForCurrentProcess());
+  std::unique_ptr<CommandLinePolicyProvider> command_line_provider =
+      CommandLinePolicyProvider::CreateIfAllowed(
+          *base::CommandLine::ForCurrentProcess(), chrome::GetChannel());
+  if (command_line_provider) {
    command_line_provider_ = command_line_provider.get();
    providers.push_back(std::move(command_line_provider));
  }

--- a/components/policy/core/common/command_line_policy_provider.cc
+++ b/components/policy/core/common/command_line_policy_provider.cc
@@ -7,15 +7,43 @@
 #include <memory>
 #include <utility>

+#include "base/memory/ptr_util.h"
+#include "build/build_config.h"
 #include "components/policy/core/common/policy_bundle.h"

+#if defined(OS_ANDROID)
+#include "base/android/build_info.h"
+#endif  // defined(OS_ANDROID)
+
 namespace policy {

-CommandLinePolicyProvider::CommandLinePolicyProvider(
-    const base::CommandLine& command_line)
-    : loader_(command_line) {
-  RefreshPolicies();
+// static
+std::unique_ptr<CommandLinePolicyProvider>
+CommandLinePolicyProvider::CreateIfAllowed(
+    const base::CommandLine& command_line,
+    version_info::Channel channel) {
+#if defined(OS_ANDROID)
+  if (channel == version_info::Channel::STABLE ||
+      channel == version_info::Channel::BETA) {
+    return nullptr;
+  }
+
+  if (!base::android::BuildInfo::GetInstance()->is_debug_android())
+    return nullptr;
+
+  return base::WrapUnique(new CommandLinePolicyProvider(command_line));
+#else
+  return nullptr;
+#endif  // defined(OS_ANDROID)
+}
+
+// static
+std::unique_ptr<CommandLinePolicyProvider>
+CommandLinePolicyProvider::CreateForTesting(
+    const base::CommandLine& command_line) {
+  return base::WrapUnique(new CommandLinePolicyProvider(command_line));
 }
+
 CommandLinePolicyProvider::~CommandLinePolicyProvider() = default;

 void CommandLinePolicyProvider::RefreshPolicies() {
@@ -23,4 +51,10 @@ void CommandLinePolicyProvider::RefreshPolicies() {
  UpdatePolicy(std::move(bundle));
 }

+CommandLinePolicyProvider::CommandLinePolicyProvider(
+    const base::CommandLine& command_line)
+    : loader_(command_line) {
+  RefreshPolicies();
+}
+
 }  // namespace policy
--- a/components/policy/core/common/command_line_policy_provider.h
+++ b/components/policy/core/common/command_line_policy_provider.h
@@ -8,6 +8,7 @@
 #include "components/policy/core/common/configuration_policy_provider.h"
 #include "components/policy/core/common/policy_loader_command_line.h"
 #include "components/policy/policy_export.h"
+#include "components/version_info/channel.h"

 namespace policy {

@@ -16,7 +17,16 @@ namespace policy {
 class POLICY_EXPORT CommandLinePolicyProvider
    : public ConfigurationPolicyProvider {
 public:
-  explicit CommandLinePolicyProvider(const base::CommandLine& command_line);
+  // The |CommandLinePolicyProvider| provides an extremely easy way to set up
+  // policies which means it can be used for malicious purposes. So it should
+  // be created if and only if the browser is under development environment.
+  static std::unique_ptr<CommandLinePolicyProvider> CreateIfAllowed(
+      const base::CommandLine& command_line,
+      version_info::Channel channel);
+
+  static std::unique_ptr<CommandLinePolicyProvider> CreateForTesting(
+      const base::CommandLine& command_line);
+
  CommandLinePolicyProvider(const CommandLinePolicyProvider&) = delete;
  CommandLinePolicyProvider& operator=(const CommandLinePolicyProvider&) =
      delete;
@@ -27,6 +37,8 @@ class POLICY_EXPORT CommandLinePolicyProvider
  void RefreshPolicies() override;

 private:
+  explicit CommandLinePolicyProvider(const base::CommandLine& command_line);
+
  PolicyLoaderCommandLine loader_;
 };


--- a/components/policy/core/common/command_line_policy_provider_unittest.cc
+++ b/components/policy/core/common/command_line_policy_provider_unittest.cc
@@ -7,11 +7,16 @@
 #include <memory>

 #include "base/values.h"
+#include "build/build_config.h"
 #include "components/policy/core/common/policy_bundle.h"
 #include "components/policy/core/common/policy_switches.h"
 #include "components/policy/core/common/policy_types.h"
 #include "testing/gtest/include/gtest/gtest.h"

+#if defined(OS_ANDROID)
+#include "base/android/build_info.h"
+#endif  // defined(OS_ANDROID)
+
 namespace policy {

 namespace {
@@ -36,9 +41,16 @@ class CommandLinePolicyProviderTest : public ::testing::Test {
  }

  std::unique_ptr<CommandLinePolicyProvider> CreatePolicyProvider() {
-    return std::make_unique<CommandLinePolicyProvider>(command_line_);
+    return CommandLinePolicyProvider::CreateForTesting(command_line_);
+  }
+
+  std::unique_ptr<CommandLinePolicyProvider> CreatePolicyProviderWithCheck(
+      version_info::Channel channel) {
+    return CommandLinePolicyProvider::CreateIfAllowed(command_line_, channel);
  }

+  base::CommandLine* command_line() { return &command_line_; }
+
 private:
  base::CommandLine command_line_{base::CommandLine::NO_PROGRAM};
 };
@@ -51,4 +63,25 @@ TEST_F(CommandLinePolicyProviderTest, LoadAndRefresh) {
  policy_provider->RefreshPolicies();
  VerifyPolicyProvider(policy_provider.get());
 }
+
+TEST_F(CommandLinePolicyProviderTest, Creator) {
+  version_info::Channel channels[] = {
+      version_info::Channel::UNKNOWN, version_info::Channel::CANARY,
+      version_info::Channel::DEV, version_info::Channel::BETA,
+      version_info::Channel::STABLE};
+  for (auto channel : channels) {
+    bool is_created = false;
+#if defined(OS_ANDROID)
+    is_created = channel != version_info::Channel::BETA &&
+                 channel != version_info::Channel::STABLE &&
+                 base::android::BuildInfo::GetInstance()->is_debug_android();
+#endif  // defined(OS_ANDROID)
+    auto policy_provider = CreatePolicyProviderWithCheck(channel);
+    if (is_created)
+      EXPECT_TRUE(policy_provider);
+    else
+      EXPECT_FALSE(policy_provider);
+  }
+}
+
 }  // namespace policy