Ivan, do you know if there's an easy (or not too hard) way to enter a kiosk session in a browsertest?

It seems that some test does
(a) set up fake gaia (inlcuding the resolver rules to redirect everything to 127.0.0.1)
(b) set up a fake local server serving a crx
(c) set up device policy to have a device-local account which is a kioks session pointing at that crx
(d) start that kiosk session.

That seems to be a lot of work. Do you know if we have something easier?
If not, I guess it would make sense to move steps (a)..(d) to a helper utility that can be used from random browsertests (which can change device policy) to enter a kiosk session.

Never tried entering a kiosk session in a browsertest so no idea unfortunately.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c269e4340bbf44f571d0e8f98b1a7cc9fe45c581

commit c269e4340bbf44f571d0e8f98b1a7cc9fe45c581
Author: Pavol Marko <pmarko@chromium.org>
Date: Thu Nov 15 09:12:25 2018

Make user policy pushed CAs test only depend on user policy

The goal is to make it obvious that the browser test testing
policy-provided CA certificates which are used as trust anchors
does not depend on device policy.
Use InProcessBrowserTest instead of DevicePolicyCrosBrowserTest as base
class for the test to achieve this.
To make this easier, move the common 'user policy provided CA cert' test
functionality to its own class, used by multiple tests.

Bug: 874937
Test: browser tests
Change-Id: I2be87daeafa7e21dd08de97958c2b66a8cb43271
Reviewed-on: https://chromium-review.googlesource.com/c/1178047
Reviewed-by: Lutz Justen <ljusten@chromium.org>
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608299}
[modify] https://crrev.com/c269e4340bbf44f571d0e8f98b1a7cc9fe45c581/chrome/browser/chromeos/policy/user_network_configuration_updater_factory_browsertest.cc

The CL above fixed (1), fixing (2) is still pending.