[Merge to M87] Disable lacros for non-google managed users.
(cherry picked from commit dc55cea9edc00e9acf3001d69ca1d61cf24f3f22)
Bug: 1135494
Change-Id: Ife13223dea213e57427803bc6cae97e492608a25
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2458848
Commit-Queue: Erik Chen <[email protected]>
Auto-Submit: Erik Chen <[email protected]>
Reviewed-by: James Cook <[email protected]>
Cr-Original-Commit-Position: refs/heads/master@{#814955}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2461223
Cr-Commit-Position: refs/branch-heads/4280@{#172}
Cr-Branched-From: ea420fb963f9658c9969b6513c56b8f47efa1a2a-refs/heads/master@{#812852}
diff --git a/chrome/browser/chromeos/crosapi/browser_util.cc b/chrome/browser/chromeos/crosapi/browser_util.cc
index f930270..ae4daeb2 100644
--- a/chrome/browser/chromeos/crosapi/browser_util.cc
+++ b/chrome/browser/chromeos/crosapi/browser_util.cc
@@ -13,6 +13,9 @@
#include "base/strings/string_util.h"
#include "base/system/sys_info.h"
#include "chrome/browser/browser_process.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/policy/profile_policy_connector.h"
+#include "chrome/browser/profiles/profile.h"
#include "chrome/common/channel_info.h"
#include "chrome/common/chrome_paths.h"
#include "chromeos/crosapi/cpp/crosapi_constants.h"
@@ -101,6 +104,20 @@
if (!IsUserTypeAllowed(user))
return false;
+ const Profile* const profile =
+ chromeos::ProfileHelper::Get()->GetProfileByUser(user);
+ DCHECK(profile);
+
+ // TODO(https://crbug.com/1135494): Disable Lacros for managed users that
+ // aren't @google using more robust mechanism.
+ if (profile->GetProfilePolicyConnector()->IsManaged()) {
+ const std::string canonical_email = user->GetAccountId().GetUserEmail();
+ if (!base::EndsWith(canonical_email, "@google.com",
+ base::CompareCase::INSENSITIVE_ASCII)) {
+ return false;
+ }
+ }
+
switch (channel) {
case Channel::UNKNOWN:
case Channel::CANARY:
diff --git a/chrome/browser/chromeos/crosapi/browser_util_unittest.cc b/chrome/browser/chromeos/crosapi/browser_util_unittest.cc
index 9474a661..db900a4c 100644
--- a/chrome/browser/chromeos/crosapi/browser_util_unittest.cc
+++ b/chrome/browser/chromeos/crosapi/browser_util_unittest.cc
@@ -4,10 +4,15 @@
#include "chrome/browser/chromeos/crosapi/browser_util.h"
+#include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#include "chrome/browser/policy/profile_policy_connector.h"
+#include "chrome/browser/profiles/profile_manager.h"
+#include "chrome/test/base/testing_profile.h"
#include "components/account_id/account_id.h"
-#include "components/user_manager/fake_user_manager.h"
#include "components/user_manager/scoped_user_manager.h"
#include "components/version_info/channel.h"
+#include "content/public/test/browser_task_environment.h"
#include "testing/gtest/include/gtest/gtest.h"
using user_manager::User;
@@ -21,10 +26,9 @@
~LacrosUtilTest() override = default;
void SetUp() override {
- auto fake_user_manager = std::make_unique<user_manager::FakeUserManager>();
- fake_user_manager_ = fake_user_manager.get();
+ fake_user_manager_ = new chromeos::FakeChromeUserManager;
scoped_user_manager_ = std::make_unique<user_manager::ScopedUserManager>(
- std::move(fake_user_manager));
+ base::WrapUnique(fake_user_manager_));
}
void AddRegularUser(const std::string& email) {
@@ -33,14 +37,21 @@
fake_user_manager_->UserLoggedIn(account_id, user->username_hash(),
/*browser_restart=*/false,
/*is_child=*/false);
+ chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting(
+ user, &testing_profile_);
}
- user_manager::FakeUserManager* fake_user_manager_ = nullptr;
+ // The order of these members is relevant for both construction and
+ // destruction timing.
+ content::BrowserTaskEnvironment task_environment_;
+ TestingProfile testing_profile_;
+ chromeos::FakeChromeUserManager* fake_user_manager_ = nullptr;
std::unique_ptr<user_manager::ScopedUserManager> scoped_user_manager_;
};
TEST_F(LacrosUtilTest, ChannelTest) {
AddRegularUser("[email protected]");
+
EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::UNKNOWN));
EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::CANARY));
EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::DEV));
@@ -48,6 +59,30 @@
EXPECT_FALSE(browser_util::IsLacrosAllowed(Channel::STABLE));
}
+TEST_F(LacrosUtilTest, ManagedAccountGoogle) {
+ AddRegularUser("[email protected]");
+ testing_profile_.GetProfilePolicyConnector()->OverrideIsManagedForTesting(
+ true);
+
+ EXPECT_TRUE(browser_util::IsLacrosAllowed(Channel::CANARY));
+}
+
+TEST_F(LacrosUtilTest, ManagedAccountFakeGoogle) {
+ AddRegularUser("[email protected]");
+ testing_profile_.GetProfilePolicyConnector()->OverrideIsManagedForTesting(
+ true);
+
+ EXPECT_FALSE(browser_util::IsLacrosAllowed(Channel::CANARY));
+}
+
+TEST_F(LacrosUtilTest, ManagedAccountNonGoogle) {
+ AddRegularUser("[email protected]");
+ testing_profile_.GetProfilePolicyConnector()->OverrideIsManagedForTesting(
+ true);
+
+ EXPECT_FALSE(browser_util::IsLacrosAllowed(Channel::CANARY));
+}
+
TEST_F(LacrosUtilTest, BlockedForChildUser) {
AccountId account_id = AccountId::FromUserEmail("[email protected]");
const User* user = fake_user_manager_->AddChildUser(account_id);
diff --git a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc
index 3ad24f4..f74be7c 100644
--- a/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc
+++ b/chrome/browser/ui/ash/launcher/chrome_launcher_controller_unittest.cc
@@ -50,6 +50,7 @@
#include "chrome/browser/chromeos/file_manager/app_id.h"
#include "chrome/browser/chromeos/login/demo_mode/demo_mode_test_helper.h"
#include "chrome/browser/chromeos/login/users/fake_chrome_user_manager.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
#include "chrome/browser/extensions/extension_service.h"
#include "chrome/browser/extensions/test_extension_system.h"
#include "chrome/browser/prefs/browser_prefs.h"
@@ -1387,9 +1388,15 @@
auto* fake_user_manager = user_manager.get();
user_manager::ScopedUserManager scoped_user_manager(std::move(user_manager));
AccountId account_id = AccountId::FromUserEmail("[email protected]");
- fake_user_manager->AddUser(account_id);
+ user_manager::User* user = fake_user_manager->AddUser(account_id);
fake_user_manager->LoginUser(account_id);
+ TestingProfile::Builder profile_builder;
+ profile_builder.SetProfileName(account_id.GetUserEmail());
+ std::unique_ptr<TestingProfile> testing_profile = profile_builder.Build();
+ chromeos::ProfileHelper::Get()->SetUserToProfileMappingForTesting(
+ user, testing_profile.get());
+
InitLauncherController();
EXPECT_EQ("Chrome, Lacros", GetPinnedAppStatus());
}
