Add ArcPolicyBridge::Observer

Add an observer interface to ArcPolicyBridge. Observers are notified
whenever policy is sent to CloudDPC or a compliance report is
received from it.

The CL also forces a compliance report to be sent after the initial
policy fetch by adding a GUID to the policy JSON which changes
whenever a new instances of ArcPolicyBridge is created. A cleaner
way to do this would be a |force_compliance_report| flag sent to
CloudDPC. This clean-up is tracked in a follow-up bug.

Bug: b/73277923
Bug: b/73762796
Test: unit_tests
Change-Id: Ib4cdfb28e4b3ea2ea0ca03d1cd7293d7e07f0bcd
Reviewed-on: https://chromium-review.googlesource.com/931705
Commit-Queue: Bartosz Fabianowski <bartfab@chromium.org>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Luis Hector Chavez <lhchavez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#538838}

chrome/browser/chromeos/arc/policy/arc_policy_bridge.cc

@@ -9,6 +9,7 @@
 
 #include "base/bind.h"
 #include "base/callback_helpers.h"
+#include "base/guid.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_string_value_serializer.h"
 #include "base/logging.h"
@@ -199,6 +200,7 @@ void AddOncCaCertsToPolicies(const policy::PolicyMap& policy_map,
 }
 
 std::string GetFilteredJSONPolicies(const policy::PolicyMap& policy_map,
+                                    const std::string& guid,
                                     bool is_affiliated) {
   base::DictionaryValue filtered_policies;
   // Parse ArcPolicy as JSON string before adding other policies to the
@@ -245,6 +247,8 @@ std::string GetFilteredJSONPolicies(const policy::PolicyMap& policy_map,
   if (!is_affiliated)
     filtered_policies.RemoveKey("apkCacheEnabled");
 
+  filtered_policies.SetString("guid", guid);
+
   std::string policy_json;
   JSONStringValueSerializer serializer(&policy_json);
   serializer.Serialize(filtered_policies);
@@ -330,6 +334,7 @@ ArcPolicyBridge::ArcPolicyBridge(content::BrowserContext* context,
     : context_(context),
       arc_bridge_service_(bridge_service),
       policy_service_(policy_service),
+      instance_guid_(base::GenerateGUID()),
       weak_ptr_factory_(this) {
   VLOG(2) << "ArcPolicyBridge::ArcPolicyBridge";
   arc_bridge_service_->policy()->SetHost(this);
@@ -342,6 +347,18 @@ ArcPolicyBridge::~ArcPolicyBridge() {
   arc_bridge_service_->policy()->SetHost(nullptr);
 }
 
+const std::string& ArcPolicyBridge::GetInstanceGuidForTesting() {
+  return instance_guid_;
+}
+
+void ArcPolicyBridge::AddObserver(Observer* observer) {
+  observers_.AddObserver(observer);
+}
+
+void ArcPolicyBridge::RemoveObserver(Observer* observer) {
+  observers_.RemoveObserver(observer);
+}
+
 void ArcPolicyBridge::OverrideIsManagedForTesting(bool is_managed) {
   is_managed_ = is_managed;
 }
@@ -364,7 +381,11 @@ void ArcPolicyBridge::OnConnectionClosed() {
 
 void ArcPolicyBridge::GetPolicies(GetPoliciesCallback callback) {
   VLOG(1) << "ArcPolicyBridge::GetPolicies";
-  std::move(callback).Run(GetCurrentJSONPolicies());
+  const std::string policy = GetCurrentJSONPolicies();
+  for (Observer& observer : observers_) {
+    observer.OnPolicySent(policy);
+  }
+  std::move(callback).Run(policy);
 }
 
 void ArcPolicyBridge::ReportCompliance(const std::string& request,
@@ -420,7 +441,8 @@ std::string ArcPolicyBridge::GetCurrentJSONPolicies() const {
   const user_manager::User* const user =
       chromeos::ProfileHelper::Get()->GetUserByProfile(profile);
 
-  return GetFilteredJSONPolicies(policy_map, user->IsAffiliated());
+  return GetFilteredJSONPolicies(policy_map, instance_guid_,
+                                 user->IsAffiliated());
 }
 
 void ArcPolicyBridge::OnReportComplianceParseSuccess(
@@ -432,8 +454,12 @@ void ArcPolicyBridge::OnReportComplianceParseSuccess(
       prefs::kArcPolicyComplianceReported, true);
 
   const base::DictionaryValue* dict = nullptr;
-  if (parsed_json->GetAsDictionary(&dict))
+  if (parsed_json->GetAsDictionary(&dict)) {
     UpdateComplianceReportMetrics(dict);
+    for (Observer& observer : observers_) {
+      observer.OnComplianceReportReceived(parsed_json.get());
+    }
+  }
 }
 
 void ArcPolicyBridge::UpdateComplianceReportMetrics(

chrome/browser/chromeos/arc/policy/arc_policy_bridge.h

@@ -10,6 +10,7 @@
 
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/observer_list.h"
 #include "base/time/time.h"
 #include "components/arc/common/policy.mojom.h"
 #include "components/arc/connection_observer.h"
@@ -17,6 +18,10 @@
 #include "components/policy/core/common/policy_namespace.h"
 #include "components/policy/core/common/policy_service.h"
 
+namespace base {
+class Value;
+}
+
 namespace content {
 class BrowserContext;
 }  // namespace content
@@ -43,6 +48,22 @@ class ArcPolicyBridge : public KeyedService,
                         public mojom::PolicyHost,
                         public policy::PolicyService::Observer {
  public:
+  class Observer {
+   public:
+    // Called when policy is sent to CloudDPC.
+    virtual void OnPolicySent(const std::string& policy) = 0;
+
+    // Called when a compliance report is received from CloudDPC.
+    virtual void OnComplianceReportReceived(
+        const base::Value* compliance_report) = 0;
+
+   protected:
+    Observer() = default;
+    virtual ~Observer() = default;
+
+    DISALLOW_COPY_AND_ASSIGN(Observer);
+  };
+
   // Returns singleton instance for the given BrowserContext,
   // or nullptr if the browser |context| is not allowed to use ARC.
   static ArcPolicyBridge* GetForBrowserContext(
@@ -55,6 +76,11 @@ class ArcPolicyBridge : public KeyedService,
                   policy::PolicyService* policy_service);
   ~ArcPolicyBridge() override;
 
+  const std::string& GetInstanceGuidForTesting();
+
+  void AddObserver(Observer* observer);
+  void RemoveObserver(Observer* observer);
+
   void OverrideIsManagedForTesting(bool is_managed);
 
   // ConnectionObserver<mojom::PolicyInstance> overrides.
@@ -90,6 +116,10 @@ class ArcPolicyBridge : public KeyedService,
   policy::PolicyService* policy_service_ = nullptr;
   bool is_managed_ = false;
 
+  // HACK(b/73762796): A GUID that is regenerated whenever |this| is created,
+  // ensuring that the first policy sent to CloudDPC is considered different
+  // from previous policy and a compliance report is sent.
+  const std::string instance_guid_;
   // Hash of the policies that were up to date when ARC started.
   std::string initial_policies_hash_;
   // Whether the UMA metric for the first successfully obtained compliance
@@ -105,6 +135,8 @@ class ArcPolicyBridge : public KeyedService,
   // since the most recent policy update notificaton was already reported.
   bool compliance_since_update_timing_reported_ = false;
 
+  base::ObserverList<Observer, true /* check_empty */> observers_;
+
   // Must be the last member.
   base::WeakPtrFactory<ArcPolicyBridge> weak_ptr_factory_;
 

chrome/browser/chromeos/arc/policy/arc_policy_bridge_unittest.cc

@@ -5,6 +5,7 @@
 #include <memory>
 #include <string>
 
+#include "base/json/json_reader.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
@@ -29,6 +30,12 @@
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
+using testing::_;
+using testing::Mock;
+using testing::ReturnRef;
+
+namespace arc {
+
 namespace {
 
 constexpr char kFakeONC[] =
@@ -61,6 +68,22 @@ constexpr char kFakeONC[] =
 
 constexpr char kPolicyCompliantResponse[] = "{ \"policyCompliant\": true }";
 
+MATCHER_P(ValueEquals, expected, "value matches") {
+  return *expected == *arg;
+}
+
+class MockArcPolicyBridgeObserver : public ArcPolicyBridge::Observer {
+ public:
+  MockArcPolicyBridgeObserver() = default;
+  ~MockArcPolicyBridgeObserver() override = default;
+
+  MOCK_METHOD1(OnPolicySent, void(const std::string&));
+  MOCK_METHOD1(OnComplianceReportReceived, void(const base::Value*));
+
+ private:
+  DISALLOW_COPY_AND_ASSIGN(MockArcPolicyBridgeObserver);
+};
+
 // Helper class to define callbacks that verify that they were run.
 // Wraps a bool initially set to |false| and verifies that it's been set to
 // |true| before destruction.
@@ -109,11 +132,6 @@ arc::ArcPolicyBridge::ReportComplianceCallback PolicyComplianceCallback(
 
 }  // namespace
 
-using testing::_;
-using testing::ReturnRef;
-
-namespace arc {
-
 class ArcPolicyBridgeTestBase {
  public:
   ArcPolicyBridgeTestBase() = default;
@@ -149,6 +167,8 @@ class ArcPolicyBridgeTestBase {
     policy_bridge_ = std::make_unique<ArcPolicyBridge>(
         profile_, bridge_service_.get(), &policy_service_);
     policy_bridge_->OverrideIsManagedForTesting(true);
+    policy_bridge_->AddObserver(&observer_);
+    instance_guid_ = policy_bridge_->GetInstanceGuidForTesting();
 
     policy_instance_ = std::make_unique<FakePolicyInstance>();
     bridge_service_->policy()->SetInstance(policy_instance_.get());
@@ -158,10 +178,37 @@ class ArcPolicyBridgeTestBase {
   void DoTearDown() {
     bridge_service_->policy()->CloseInstance(policy_instance_.get());
     policy_instance_.reset();
+    policy_bridge_->RemoveObserver(&observer_);
   }
 
  protected:
+  void GetPoliciesAndVerifyResult(const std::string& expected_policy_json) {
+    Mock::VerifyAndClearExpectations(&observer_);
+    EXPECT_CALL(observer_, OnPolicySent(expected_policy_json));
+    policy_bridge()->GetPolicies(PolicyStringCallback(expected_policy_json));
+    Mock::VerifyAndClearExpectations(&observer_);
+  }
+
+  void ReportComplianceAndVerifyObserverCallback(
+      const std::string& compliance_report) {
+    Mock::VerifyAndClearExpectations(&observer_);
+    std::unique_ptr<base::Value> compliance_report_value =
+        base::JSONReader::Read(compliance_report);
+    if (compliance_report_value && compliance_report_value->is_dict()) {
+      EXPECT_CALL(observer_, OnComplianceReportReceived(
+                                 ValueEquals(compliance_report_value.get())));
+    } else {
+      EXPECT_CALL(observer_, OnComplianceReportReceived(_)).Times(0);
+    }
+    policy_bridge()->ReportCompliance(
+        compliance_report, PolicyComplianceCallback(run_loop().QuitClosure(),
+                                                    kPolicyCompliantResponse));
+    run_loop().Run();
+    Mock::VerifyAndClearExpectations(&observer_);
+  }
+
   ArcPolicyBridge* policy_bridge() { return policy_bridge_.get(); }
+  const std::string& instance_guid() { return instance_guid_; }
   FakePolicyInstance* policy_instance() { return policy_instance_.get(); }
   policy::PolicyMap& policy_map() { return policy_map_; }
   base::RunLoop& run_loop() { return run_loop_; }
@@ -178,6 +225,8 @@ class ArcPolicyBridgeTestBase {
 
   std::unique_ptr<ArcBridgeService> bridge_service_;
   std::unique_ptr<ArcPolicyBridge> policy_bridge_;
+  std::string instance_guid_;
+  MockArcPolicyBridgeObserver observer_;
   // Always keep policy_instance_ below bridge_service_, so that
   // policy_instance_ is destructed first. It needs to remove itself as
   // observer.
@@ -210,12 +259,12 @@ class ArcPolicyBridgeAffiliatedTest : public ArcPolicyBridgeTestBase,
 
 TEST_F(ArcPolicyBridgeTest, UnmanagedTest) {
   policy_bridge()->OverrideIsManagedForTesting(false);
-  policy_bridge()->GetPolicies(PolicyStringCallback(""));
+  GetPoliciesAndVerifyResult("");
 }
 
 TEST_F(ArcPolicyBridgeTest, EmptyPolicyTest) {
-  // No policy is set, result should be empty.
-  policy_bridge()->GetPolicies(PolicyStringCallback("{}"));
+  // No policy is set, result should be empty except for the instance GUID.
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, ArcPolicyTest) {
@@ -232,24 +281,26 @@ TEST_F(ArcPolicyBridgeTest, ArcPolicyTest) {
           "\"defaultPermissionPolicy\":\"GRANT\""
           "}"),
       nullptr);
-  policy_bridge()->GetPolicies(PolicyStringCallback(
+  GetPoliciesAndVerifyResult(
       "{\"applications\":"
       "[{\"installType\":\"REQUIRED\","
       "\"lockTaskAllowed\":false,"
       "\"packageName\":\"com.google.android.apps.youtube.kids\","
       "\"permissionGrants\":[]"
       "}],"
-      "\"defaultPermissionPolicy\":\"GRANT\""
-      "}"));
+      "\"defaultPermissionPolicy\":\"GRANT\","
+      "\"guid\":\"" +
+      instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, HompageLocationTest) {
-  // This policy will not be passed on, result should be empty.
+  // This policy will not be passed on, result should be empty except for the
+  // instance GUID.
   policy_map().Set(
       policy::key::kHomepageLocation, policy::POLICY_LEVEL_MANDATORY,
       policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
       std::make_unique<base::Value>("http://chromium.org"), nullptr);
-  policy_bridge()->GetPolicies(PolicyStringCallback("{}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, DisableScreenshotsTest) {
@@ -257,8 +308,8 @@ TEST_F(ArcPolicyBridgeTest, DisableScreenshotsTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(true), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"screenCaptureDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"screenCaptureDisabled\":true}");
 }
 
 TEST_F(ArcPolicyBridgeTest, VideoCaptureAllowedTest) {
@@ -266,8 +317,8 @@ TEST_F(ArcPolicyBridgeTest, VideoCaptureAllowedTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(false), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"cameraDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"cameraDisabled\":true,\"guid\":\"" +
+                             instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, AudioCaptureAllowedTest) {
@@ -275,8 +326,8 @@ TEST_F(ArcPolicyBridgeTest, AudioCaptureAllowedTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(false), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"unmuteMicrophoneDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"unmuteMicrophoneDisabled\":true}");
 }
 
 TEST_F(ArcPolicyBridgeTest, DefaultGeolocationSettingTest) {
@@ -284,20 +335,20 @@ TEST_F(ArcPolicyBridgeTest, DefaultGeolocationSettingTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(1), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"shareLocationDisabled\":false}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"shareLocationDisabled\":false}");
   policy_map().Set(policy::key::kDefaultGeolocationSetting,
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(2), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"shareLocationDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"shareLocationDisabled\":true}");
   policy_map().Set(policy::key::kDefaultGeolocationSetting,
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(3), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"shareLocationDisabled\":false}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"shareLocationDisabled\":false}");
 }
 
 TEST_F(ArcPolicyBridgeTest, ExternalStorageDisabledTest) {
@@ -305,8 +356,8 @@ TEST_F(ArcPolicyBridgeTest, ExternalStorageDisabledTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(true), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"mountPhysicalMediaDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"mountPhysicalMediaDisabled\":true}");
 }
 
 TEST_F(ArcPolicyBridgeTest, WallpaperImageSetTest) {
@@ -316,8 +367,8 @@ TEST_F(ArcPolicyBridgeTest, WallpaperImageSetTest) {
   policy_map().Set(policy::key::kWallpaperImage, policy::POLICY_LEVEL_MANDATORY,
                    policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
                    dict.CreateDeepCopy(), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"setWallpaperDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() +
+                             "\",\"setWallpaperDisabled\":true}");
 }
 
 TEST_F(ArcPolicyBridgeTest, WallpaperImageSet_NotCompletePolicyTest) {
@@ -327,7 +378,7 @@ TEST_F(ArcPolicyBridgeTest, WallpaperImageSet_NotCompletePolicyTest) {
   policy_map().Set(policy::key::kWallpaperImage, policy::POLICY_LEVEL_MANDATORY,
                    policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
                    dict.CreateDeepCopy(), nullptr);
-  policy_bridge()->GetPolicies(PolicyStringCallback("{}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, CaCertificateTest) {
@@ -340,7 +391,7 @@ TEST_F(ArcPolicyBridgeTest, CaCertificateTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(kFakeONC), nullptr);
-  policy_bridge()->GetPolicies(PolicyStringCallback(
+  GetPoliciesAndVerifyResult(
       "{\"caCerts\":"
       "[{\"X509\":\"TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyByZWFzb24"
       "sIGJ1dCBieSB0aGlzIHNpbmd1bGFyIHBhc3Npb24gZnJvbSBvdGhlciBhbmltYWxzLCB3aGl"
@@ -349,14 +400,16 @@ TEST_F(ArcPolicyBridgeTest, CaCertificateTest) {
       "ga25vd2xlZGdlLCBleGNlZWRzIHRoZSBzaG9ydCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCB"
       "wbGVhc3VyZS4=\"}"
       "],"
-      "\"credentialsConfigDisabled\":true}"));
+      "\"credentialsConfigDisabled\":true,"
+      "\"guid\":\"" +
+      instance_guid() + "\"}");
 
   // Disable CA certificates sync.
   policy_map().Set(
       policy::key::kArcCertificatesSyncMode, policy::POLICY_LEVEL_MANDATORY,
       policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
       std::make_unique<base::Value>(ArcCertsSyncMode::SYNC_DISABLED), nullptr);
-  policy_bridge()->GetPolicies(PolicyStringCallback("{}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, DeveloperToolsDisabledTest) {
@@ -364,8 +417,8 @@ TEST_F(ArcPolicyBridgeTest, DeveloperToolsDisabledTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(true), nullptr);
-  policy_bridge()->GetPolicies(
-      PolicyStringCallback("{\"debuggingFeaturesDisabled\":true}"));
+  GetPoliciesAndVerifyResult("{\"debuggingFeaturesDisabled\":true,\"guid\":\"" +
+                             instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, MultiplePoliciesTest) {
@@ -389,7 +442,7 @@ TEST_F(ArcPolicyBridgeTest, MultiplePoliciesTest) {
                    policy::POLICY_LEVEL_MANDATORY, policy::POLICY_SCOPE_USER,
                    policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(false), nullptr);
-  policy_bridge()->GetPolicies(PolicyStringCallback(
+  GetPoliciesAndVerifyResult(
       "{\"applications\":"
       "[{\"installType\":\"REQUIRED\","
       "\"lockTaskAllowed\":false,"
@@ -397,56 +450,45 @@ TEST_F(ArcPolicyBridgeTest, MultiplePoliciesTest) {
       "\"permissionGrants\":[]"
       "}],"
       "\"cameraDisabled\":true,"
-      "\"defaultPermissionPolicy\":\"GRANT\""
-      "}"));
+      "\"defaultPermissionPolicy\":\"GRANT\","
+      "\"guid\":\"" +
+      instance_guid() + "\"}");
 }
 
 TEST_F(ArcPolicyBridgeTest, EmptyReportComplianceTest) {
-  ASSERT_FALSE(
+  EXPECT_FALSE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
-  policy_bridge()->ReportCompliance(
-      "{}", PolicyComplianceCallback(run_loop().QuitClosure(),
-                                     kPolicyCompliantResponse));
-  run_loop().Run();
-  ASSERT_TRUE(
+  ReportComplianceAndVerifyObserverCallback("{}");
+  EXPECT_TRUE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
 }
 
 TEST_F(ArcPolicyBridgeTest, ParsableReportComplianceTest) {
-  ASSERT_FALSE(
+  EXPECT_FALSE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
-  policy_bridge()->ReportCompliance(
-      "{\"nonComplianceDetails\" : []}",
-      PolicyComplianceCallback(run_loop().QuitClosure(),
-                               kPolicyCompliantResponse));
-  run_loop().Run();
-  ASSERT_TRUE(
+  ReportComplianceAndVerifyObserverCallback("{\"nonComplianceDetails\" : []}");
+  EXPECT_TRUE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
 }
 
 TEST_F(ArcPolicyBridgeTest, NonParsableReportComplianceTest) {
-  ASSERT_FALSE(
+  EXPECT_FALSE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
-  policy_bridge()->ReportCompliance(
-      "\"nonComplianceDetails\" : [}",
-      PolicyComplianceCallback(run_loop().QuitClosure(),
-                               kPolicyCompliantResponse));
-  run_loop().Run();
-  ASSERT_FALSE(
+  ReportComplianceAndVerifyObserverCallback("\"nonComplianceDetails\" : [}");
+  EXPECT_FALSE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
 }
 
 TEST_F(ArcPolicyBridgeTest, ReportComplianceTest_WithNonCompliantDetails) {
-  ASSERT_FALSE(
+  EXPECT_FALSE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
-  policy_bridge()->ReportCompliance(
+  ReportComplianceAndVerifyObserverCallback(
       "{\"nonComplianceDetails\" : "
       "[{\"fieldPath\":\"\",\"nonComplianceReason\":0,\"packageName\":\"\","
-      "\"settingName\":\"someSetting\",\"cachedSize\":-1}]}",
-      PolicyComplianceCallback(run_loop().QuitClosure(),
-                               kPolicyCompliantResponse));
-  run_loop().Run();
-  ASSERT_TRUE(
+      "\"settingName\":\"someSetting\",\"cachedSize\":-1},"
+      "{\"cachedSize\":-1,\"fieldPath\":\"\",\"nonComplianceReason\":6,"
+      "\"packageName\":\"\",\"settingName\":\"guid\"}]}");
+  EXPECT_TRUE(
       profile()->GetPrefs()->GetBoolean(prefs::kArcPolicyComplianceReported));
 }
 
@@ -454,24 +496,24 @@ TEST_F(ArcPolicyBridgeTest, ReportComplianceTest_WithNonCompliantDetails) {
 // between a PolicyInstance and the PolicyBridge.
 TEST_F(ArcPolicyBridgeTest, PolicyInstanceUnmanagedTest) {
   policy_bridge()->OverrideIsManagedForTesting(false);
-  policy_instance()->CallGetPolicies(PolicyStringCallback(""));
+  GetPoliciesAndVerifyResult("");
 }
 
 TEST_F(ArcPolicyBridgeTest, PolicyInstanceManagedTest) {
-  policy_instance()->CallGetPolicies(PolicyStringCallback("{}"));
+  GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() + "\"}");
 }
 
 TEST_P(ArcPolicyBridgeAffiliatedTest, ApkCacheEnabledTest) {
-  const std::string apk_cache_enabled_policy("{\"apkCacheEnabled\":true}");
+  const std::string apk_cache_enabled_policy(
+      "{\"apkCacheEnabled\":true,\"guid\":\"" + instance_guid() + "\"}");
   policy_map().Set(policy::key::kArcPolicy, policy::POLICY_LEVEL_MANDATORY,
                    policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
                    std::make_unique<base::Value>(apk_cache_enabled_policy),
                    nullptr);
   if (is_affiliated_) {
-    policy_bridge()->GetPolicies(
-        PolicyStringCallback(apk_cache_enabled_policy));
+    GetPoliciesAndVerifyResult(apk_cache_enabled_policy);
   } else {
-    policy_bridge()->GetPolicies(PolicyStringCallback("{}"));
+    GetPoliciesAndVerifyResult("{\"guid\":\"" + instance_guid() + "\"}");
   }
 }
 
@@ -480,4 +522,5 @@ TEST_P(ArcPolicyBridgeAffiliatedTest, ApkCacheEnabledTest) {
 INSTANTIATE_TEST_CASE_P(ArcPolicyBridgeAffiliatedTestInstance,
                         ArcPolicyBridgeAffiliatedTest,
                         testing::Bool());
+
 }  // namespace arc