Disable lacros for non-google managed users.

Bug: 1135494 Change-Id: Ife13223dea213e57427803bc6cae97e492608a25 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2458848 Commit-Queue: Erik Chen <erikchen@chromium.org> Auto-Submit: Erik Chen <erikchen@chromium.org> Reviewed-by: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/master@{#814955}

Disable lacros for non-google managed users.
Bug: 1135494 Change-Id: Ife13223dea213e57427803bc6cae97e492608a25 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2458848 Commit-Queue: Erik Chen <erikchen@chromium.org> Auto-Submit: Erik Chen <erikchen@chromium.org> Reviewed-by: James Cook <jamescook@chromium.org> Cr-Commit-Position: refs/heads/master@{#814955}
dc55cea9 · Erik Chen · Commit Bot · 11efe4f5 · dc55cea9 · dc55cea9
Commit dc55cea9 authored Oct 08, 2020 by Erik Chen Committed by Commit Bot Oct 08, 2020
3 changed files
--- a/chrome/browser/chromeos/crosapi/browser_util.cc
+++ b/chrome/browser/chromeos/crosapi/browser_util.cc
@@ -13,6 +13,9 @@
 #include "base/strings/string_util.h"
 #include "base/system/sys_info.h"
 #include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/policy/profile_policy_connector.h"
+#include "chrome/browser/profiles/profile.h"
 #include "chrome/common/channel_info.h"
 #include "chrome/common/chrome_paths.h"
 #include "chromeos/crosapi/cpp/crosapi_constants.h"
@@ -101,6 +104,20 @@ bool IsLacrosAllowed(Channel channel) {
  if (!IsUserTypeAllowed(user))
    return false;

+  const Profile* const profile =
+      chromeos::ProfileHelper::Get()->GetProfileByUser(user);
+  DCHECK(profile);
+
+  // TODO(https://crbug.com/1135494): Disable Lacros for managed users that
+  // aren't @google using more robust mechanism.
+  if (profile->GetProfilePolicyConnector()->IsManaged()) {
+    const std::string canonical_email = user->GetAccountId().GetUserEmail();
+    if (!base::EndsWith(canonical_email, "@google.com",
+                        base::CompareCase::INSENSITIVE_ASCII)) {
+      return false;
+    }
+  }
+
  switch (channel) {
    case Channel::UNKNOWN:
    case Channel::CANARY:

--- a/chrome/browser/chromeos/crosapi/browser_util_unittest.cc
+++ b/chrome/browser/chromeos/crosapi/browser_util_unittest.cc
@@ -4,10 +4,15 @@

 #include "chrome/browser/chromeos/crosapi/browser_util.h"

+#include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/policy/profile_policy_connector.h"
+#include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/test/base/testing_profile.h"
 #include "components/account_id/account_id.h"
-#include "components/user_manager/fake_user_manager.h"
 #include "components/user_manager/scoped_user_manager.h"
 #include "components/version_info/channel.h"
+#include "content/public/test/browser_task_environment.h"
 #include "testing/gtest/include/gtest/gtest.h"

 using user_manager::User;
@@ -21,10 +26,9 @@ class LacrosUtilTest : public testing::Test {
  ~LacrosUtilTest() override = default;

  void SetUp() override {
-    auto fake_user_manager = std::make_unique<user_manager::FakeUserManager>();
-    fake_user_manager_ = fake_user_manager.get();
+    fake_user_manager_ = new chromeos::FakeChromeUserManager;
    scoped_user_manager_ = std::make_unique<user_manager::ScopedUserManager>(
-        std::move(fake_user_manager));
+        base::WrapUnique(fake_user_manager_));
  }

  void AddRegularUser(const std::string& email) {
@@ -33,14 +37,21 @@ class LacrosUtilTest : public testing::Test {
    fake_user_manager_->UserLoggedIn(account_id, user->username_hash(),
                                     /*browser_restart=*/false,
                                     /*is_child=*/false);
+    chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting(
+        user, &testing_profile_);
  }

-  user_manager::FakeUserManager* fake_user_manager_ = nullptr;
+  // The order of these members is relevant for both construction and
+  // destruction timing.
+  content::BrowserTaskEnvironment task_environment_;
+  TestingProfile testing_profile_;
+  chromeos::FakeChromeUserManager* fake_user_manager_ = nullptr;
  std::unique_ptr<user_manager::ScopedUserManager> scoped_user_manager_;
 };

 TEST_F(LacrosUtilTest, ChannelTest) {
  AddRegularUser("user@test.com");
+
  EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::UNKNOWN));
  EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::CANARY));
  EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::DEV));
@@ -48,6 +59,30 @@ TEST_F(LacrosUtilTest, ChannelTest) {
  EXPECT_FALSE(browser_util::IsLacrosAllowed(Channel::STABLE));
 }

+TEST_F(LacrosUtilTest, ManagedAccountGoogle) {
+  AddRegularUser("user@google.com");
+  testing_profile_.GetProfilePolicyConnector()->OverrideIsManagedForTesting(
+      true);
+
+  EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::CANARY));
+}
+
+TEST_F(LacrosUtilTest, ManagedAccountFakeGoogle) {
+  AddRegularUser("user@thisisnotgoogle.com");
+  testing_profile_.GetProfilePolicyConnector()->OverrideIsManagedForTesting(
+      true);
+
+  EXPECT_FALSE(browser_util::IsLacrosAllowed(Channel::CANARY));
+}
+
+TEST_F(LacrosUtilTest, ManagedAccountNonGoogle) {
+  AddRegularUser("user@foople.com");
+  testing_profile_.GetProfilePolicyConnector()->OverrideIsManagedForTesting(
+      true);
+
+  EXPECT_FALSE(browser_util::IsLacrosAllowed(Channel::CANARY));
+}
+
 TEST_F(LacrosUtilTest, BlockedForChildUser) {
  AccountId account_id = AccountId::FromUserEmail("user@test.com");
  const User* user = fake_user_manager_->AddChildUser(account_id);

--- a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc
+++ b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc
@@ -50,6 +50,7 @@
 #include "chrome/browser/chromeos/file_manager/app_id.h"
 #include "chrome/browser/chromeos/login/demo_mode/demo_mode_test_helper.h"
 #include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/extensions/extension_service.h"
 #include "chrome/browser/extensions/test_extension_system.h"
 #include "chrome/browser/prefs/browser_prefs.h"
@@ -1387,9 +1388,15 @@ TEST_P(ChromeLauncherControllerLacrosTest, LacrosPinnedByDefault) {
  auto* fake_user_manager = user_manager.get();
  user_manager::ScopedUserManager scoped_user_manager(std::move(user_manager));
  AccountId account_id = AccountId::FromUserEmail("user@example.com");
-  fake_user_manager->AddUser(account_id);
+  user_manager::User* user = fake_user_manager->AddUser(account_id);
  fake_user_manager->LoginUser(account_id);

+  TestingProfile::Builder profile_builder;
+  profile_builder.SetProfileName(account_id.GetUserEmail());
+  std::unique_ptr<TestingProfile> testing_profile = profile_builder.Build();
+  chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting(
+      user, testing_profile.get());
+
  InitLauncherController();
  EXPECT_EQ("Chrome, Lacros", GetPinnedAppStatus());
 }