libpolicy: Add getter for ChromeDeviceSettingsProto

Adds a getter for ChromeDeviceSettingsProto in DevicePolicyImpl. This
prevents a lot of boilerplate code when used by classes that deal with
device policy, anyway, like authpolicyd.

Also adds a way to disable validation to be used for authpolicyd unit
tests.

BUG=chromium:801704
TEST=cros_run_unit_tests --board=amd64-generic --packages libbrillo

Change-Id: Ide9e8f87c9798c6d482e9d88bb7e2f909b1ff02e
Reviewed-on: https://chromium-review.googlesource.com/893180
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Dan Erat <derat@chromium.org>

4 files changed, 23 insertions, 12 deletions

diff --git a/policy/device_policy.h b/policy/device_policy.h
index c33d508..144759c 100644
--- a/policy/device_policy.h
+++ b/policy/device_policy.h
@@ -38,7 +38,7 @@ class DevicePolicy {
   DevicePolicy();
   virtual ~DevicePolicy();
 
-  // Load the signed policy off of disk into |policy_|.
+  // Load device policy off of disk into |policy_|.
   // Returns true unless there is a policy on disk and loading it fails.
   virtual bool LoadPolicy() = 0;
 
@@ -90,7 +90,7 @@ class DevicePolicy {
   // Writes the value of the EphemeralUsersEnabled policy in
   // |ephemeral_users_enabled|. Returns true on success.
   virtual bool GetEphemeralUsersEnabled(
-      bool* ephemeral_users_enabled) const =  0;
+      bool* ephemeral_users_enabled) const = 0;
 
   // Writes the value of the release channel policy in |release_channel|.
   // Returns true on success.
@@ -152,8 +152,7 @@ class DevicePolicy {
 
   // Writes the value of the kiosk app id into |app_id_out|.
   // Only succeeds if the device is in auto-launched kiosk mode.
-  virtual bool GetAutoLaunchedKioskAppId(
-      std::string* app_id_out) const = 0;
+  virtual bool GetAutoLaunchedKioskAppId(std::string* app_id_out) const = 0;
 
   // Returns true if the policy data indicates that the device is enterprise
   // managed. Note that this potentially could be faked by an exploit, therefore
diff --git a/policy/device_policy_impl.cc b/policy/device_policy_impl.cc
index 4f7d051..eeba17e 100644
--- a/policy/device_policy_impl.cc
+++ b/policy/device_policy_impl.cc
@@ -98,9 +98,7 @@ std::string DecodeConnectionType(int type) {
 }  // namespace
 
 DevicePolicyImpl::DevicePolicyImpl()
-    : policy_path_(kPolicyPath),
-      keyfile_path_(kPublicKeyPath),
-      verify_root_ownership_(true) {}
+    : policy_path_(kPolicyPath), keyfile_path_(kPublicKeyPath) {}
 
 DevicePolicyImpl::~DevicePolicyImpl() {}
 
@@ -523,7 +521,7 @@ bool DevicePolicyImpl::LoadPolicyFromFile(const base::FilePath& policy_path) {
     return false;
   }
 
-  bool verify_policy = true;
+  bool verify_policy = verify_policy_;
   if (!install_attributes_reader_) {
     install_attributes_reader_ = std::make_unique<InstallAttributesReader>();
   }
diff --git a/policy/device_policy_impl.h b/policy/device_policy_impl.h
index dba0de1..902daa9 100644
--- a/policy/device_policy_impl.h
+++ b/policy/device_policy_impl.h
@@ -32,6 +32,12 @@ class DevicePolicyImpl : public DevicePolicy {
   DevicePolicyImpl();
   ~DevicePolicyImpl() override;
 
+  const enterprise_management::ChromeDeviceSettingsProto& get_device_policy()
+      const {
+    return device_policy_;
+  }
+
+  // DevicePolicy overrides:
   bool LoadPolicy() override;
   bool GetPolicyRefreshRate(int* rate) const override;
   bool GetUserWhitelist(
@@ -87,6 +93,7 @@ class DevicePolicyImpl : public DevicePolicy {
   void set_key_file_path_for_testing(const base::FilePath& keyfile_path) {
     keyfile_path_ = keyfile_path;
   }
+  void set_verify_policy_for_testing(bool value) { verify_policy_ = value; }
 
  private:
   // Verifies that both the policy file and the signature file exist and are
@@ -97,11 +104,14 @@ class DevicePolicyImpl : public DevicePolicy {
   // Verifies that the policy signature is correct.
   bool VerifyPolicySignature() override;
 
-  // Loads the signed policy off of disk from |policy_path| into |policy_|.
-  // Returns true if the |policy_path| is present on disk and loading it is
-  // successful.
+  // Loads policy off of disk from |policy_path| into |policy_|. Returns true if
+  // the |policy_path| is present on disk and loading it is successful.
   bool LoadPolicyFromFile(const base::FilePath& policy_path);
 
+  // Path of the default policy file, e.g. /path/to/policy. In order to make
+  // device policy more resilient against broken files, this class also tries to
+  // load indexed paths /path/to/policy.1, /path/to/policy.2 etc., see
+  // resilient_policy_utils.h.
   base::FilePath policy_path_;
   base::FilePath keyfile_path_;
   std::unique_ptr<InstallAttributesReader> install_attributes_reader_;
@@ -111,7 +121,10 @@ class DevicePolicyImpl : public DevicePolicy {
 
   // If true, verify that policy files are owned by root. True in production
   // but can be set to false by tests.
-  bool verify_root_ownership_;
+  bool verify_root_ownership_ = true;
+  // If false, all types of verification are disabled. True in production
+  // but can be set to false by tests.
+  bool verify_policy_ = true;
 
   DISALLOW_COPY_AND_ASSIGN(DevicePolicyImpl);
 };
diff --git a/policy/libpolicy.h b/policy/libpolicy.h
index 4a54518..ac39bd9 100644
--- a/policy/libpolicy.h
+++ b/policy/libpolicy.h
@@ -22,6 +22,7 @@ class DevicePolicy;
 // its signature.
 class PolicyProvider {
  public:
+  // The default constructor does not load policy.
   PolicyProvider();
   virtual ~PolicyProvider();