Enable the command line policy on Android

The CommandLinePolicyProvider will be addded on Android device for
Canary, Dev amd trunk channel. Unless the CommandLineOnNonRooted feature
is enabled.

Test locally with following command:
out/Release/bin/chrome_apk run --args='--policy="{\"BrowserSignin\":0}"'

And here is the screenshot of chrome://policy page:
https://drive.google.com/file/d/1wp2nlPpgbMrOWFXigqYjgshjH5E7ZrrT/view?usp=sharing

Bug: 1113792
Change-Id: I11f5d00a68a2f2a852eff1dc02ed6d1e653ff506
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2357459
Commit-Queue: Owen Min <zmin@chromium.org>
Reviewed-by: Sky Malice <skym@chromium.org>
Cr-Commit-Position: refs/heads/master@{#798856}

chrome/browser/policy/chrome_browser_policy_connector.cc

@@ -18,6 +18,7 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/policy/configuration_policy_handler_list_factory.h"
 #include "chrome/browser/policy/device_management_service_configuration.h"
+#include "chrome/common/channel_info.h"
 #include "chrome/common/chrome_paths.h"
 #include "components/policy/core/common/async_policy_provider.h"
 #include "components/policy/core/common/cloud/cloud_external_data_manager.h"
@@ -61,13 +62,6 @@
 
 namespace policy {
 
-namespace {
-bool IsCommandLinePolicySupported() {
-  // TODO(crbug/1113792): Enable it on Android.
-  return false;
-}
-}  // namespace
-
 ChromeBrowserPolicyConnector::ChromeBrowserPolicyConnector()
     : BrowserPolicyConnector(base::Bind(&BuildHandlerList)) {
 #if !defined(OS_ANDROID) && !defined(OS_CHROMEOS)
@@ -155,10 +149,10 @@ ChromeBrowserPolicyConnector::CreatePolicyProviders() {
   }
 #endif
 
-  if (IsCommandLinePolicySupported()) {
   std::unique_ptr<CommandLinePolicyProvider> command_line_provider =
-        std::make_unique<CommandLinePolicyProvider>(
-            *base::CommandLine::ForCurrentProcess());
+      CommandLinePolicyProvider::CreateIfAllowed(
+          *base::CommandLine::ForCurrentProcess(), chrome::GetChannel());
+  if (command_line_provider) {
     command_line_provider_ = command_line_provider.get();
     providers.push_back(std::move(command_line_provider));
   }

components/policy/core/common/command_line_policy_provider.cc

@@ -7,15 +7,43 @@
 #include <memory>
 #include <utility>
 
+#include "base/memory/ptr_util.h"
+#include "build/build_config.h"
 #include "components/policy/core/common/policy_bundle.h"
 
+#if defined(OS_ANDROID)
+#include "base/android/build_info.h"
+#endif  // defined(OS_ANDROID)
+
 namespace policy {
 
-CommandLinePolicyProvider::CommandLinePolicyProvider(
-    const base::CommandLine& command_line)
-    : loader_(command_line) {
-  RefreshPolicies();
+// static
+std::unique_ptr<CommandLinePolicyProvider>
+CommandLinePolicyProvider::CreateIfAllowed(
+    const base::CommandLine& command_line,
+    version_info::Channel channel) {
+#if defined(OS_ANDROID)
+  if (channel == version_info::Channel::STABLE ||
+      channel == version_info::Channel::BETA) {
+    return nullptr;
+  }
+
+  if (!base::android::BuildInfo::GetInstance()->is_debug_android())
+    return nullptr;
+
+  return base::WrapUnique(new CommandLinePolicyProvider(command_line));
+#else
+  return nullptr;
+#endif  // defined(OS_ANDROID)
+}
+
+// static
+std::unique_ptr<CommandLinePolicyProvider>
+CommandLinePolicyProvider::CreateForTesting(
+    const base::CommandLine& command_line) {
+  return base::WrapUnique(new CommandLinePolicyProvider(command_line));
 }
+
 CommandLinePolicyProvider::~CommandLinePolicyProvider() = default;
 
 void CommandLinePolicyProvider::RefreshPolicies() {
@@ -23,4 +51,10 @@ void CommandLinePolicyProvider::RefreshPolicies() {
   UpdatePolicy(std::move(bundle));
 }
 
+CommandLinePolicyProvider::CommandLinePolicyProvider(
+    const base::CommandLine& command_line)
+    : loader_(command_line) {
+  RefreshPolicies();
+}
+
 }  // namespace policy

components/policy/core/common/command_line_policy_provider.h

@@ -8,6 +8,7 @@
 #include "components/policy/core/common/configuration_policy_provider.h"
 #include "components/policy/core/common/policy_loader_command_line.h"
 #include "components/policy/policy_export.h"
+#include "components/version_info/channel.h"
 
 namespace policy {
 
@@ -16,7 +17,16 @@ namespace policy {
 class POLICY_EXPORT CommandLinePolicyProvider
     : public ConfigurationPolicyProvider {
  public:
-  explicit CommandLinePolicyProvider(const base::CommandLine& command_line);
+  // The |CommandLinePolicyProvider| provides an extremely easy way to set up
+  // policies which means it can be used for malicious purposes. So it should
+  // be created if and only if the browser is under development environment.
+  static std::unique_ptr<CommandLinePolicyProvider> CreateIfAllowed(
+      const base::CommandLine& command_line,
+      version_info::Channel channel);
+
+  static std::unique_ptr<CommandLinePolicyProvider> CreateForTesting(
+      const base::CommandLine& command_line);
+
   CommandLinePolicyProvider(const CommandLinePolicyProvider&) = delete;
   CommandLinePolicyProvider& operator=(const CommandLinePolicyProvider&) =
       delete;
@@ -27,6 +37,8 @@ class POLICY_EXPORT CommandLinePolicyProvider
   void RefreshPolicies() override;
 
  private:
+  explicit CommandLinePolicyProvider(const base::CommandLine& command_line);
+
   PolicyLoaderCommandLine loader_;
 };
 

components/policy/core/common/command_line_policy_provider_unittest.cc

@@ -7,11 +7,16 @@
 #include <memory>
 
 #include "base/values.h"
+#include "build/build_config.h"
 #include "components/policy/core/common/policy_bundle.h"
 #include "components/policy/core/common/policy_switches.h"
 #include "components/policy/core/common/policy_types.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+#if defined(OS_ANDROID)
+#include "base/android/build_info.h"
+#endif  // defined(OS_ANDROID)
+
 namespace policy {
 
 namespace {
@@ -36,9 +41,16 @@ class CommandLinePolicyProviderTest : public ::testing::Test {
   }
 
   std::unique_ptr<CommandLinePolicyProvider> CreatePolicyProvider() {
-    return std::make_unique<CommandLinePolicyProvider>(command_line_);
+    return CommandLinePolicyProvider::CreateForTesting(command_line_);
+  }
+
+  std::unique_ptr<CommandLinePolicyProvider> CreatePolicyProviderWithCheck(
+      version_info::Channel channel) {
+    return CommandLinePolicyProvider::CreateIfAllowed(command_line_, channel);
   }
 
+  base::CommandLine* command_line() { return &command_line_; }
+
  private:
   base::CommandLine command_line_{base::CommandLine::NO_PROGRAM};
 };
@@ -51,4 +63,25 @@ TEST_F(CommandLinePolicyProviderTest, LoadAndRefresh) {
   policy_provider->RefreshPolicies();
   VerifyPolicyProvider(policy_provider.get());
 }
+
+TEST_F(CommandLinePolicyProviderTest, Creator) {
+  version_info::Channel channels[] = {
+      version_info::Channel::UNKNOWN, version_info::Channel::CANARY,
+      version_info::Channel::DEV, version_info::Channel::BETA,
+      version_info::Channel::STABLE};
+  for (auto channel : channels) {
+    bool is_created = false;
+#if defined(OS_ANDROID)
+    is_created = channel != version_info::Channel::BETA &&
+                 channel != version_info::Channel::STABLE &&
+                 base::android::BuildInfo::GetInstance()->is_debug_android();
+#endif  // defined(OS_ANDROID)
+    auto policy_provider = CreatePolicyProviderWithCheck(channel);
+    if (is_created)
+      EXPECT_TRUE(policy_provider);
+    else
+      EXPECT_FALSE(policy_provider);
+  }
+}
+
 }  // namespace policy