Create DISALLOW_{ADD,REMOVE}_MANAGED_PROFILE user restrictions
Bug: 31952368
Test: runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
Test: runtest -c com.android.server.pm.UserManagerTest frameworks-services
Test: cts-tradefed run cts --module DevicePolicyManager --test com.android.cts.devicepolicy.UserRestrictionsTest
Change-Id: I240ab99c2409bbabffbc574bef202f2457026905
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 0c00886..5b6d31b 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -49,6 +49,7 @@
import com.android.internal.R;
import com.android.server.LocalServices;
import com.android.server.SystemService;
+import com.android.server.pm.UserRestrictionsUtils;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
@@ -1190,6 +1191,22 @@
assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
UserHandle.USER_SYSTEM));
+ // Check that the user restrictions that are enabled by default are set. Then unset them.
+ String[] defaultRestrictions = UserRestrictionsUtils
+ .getDefaultEnabledForDeviceOwner().toArray(new String[0]);
+ DpmTestUtils.assertRestrictions(
+ DpmTestUtils.newRestrictions(defaultRestrictions),
+ dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ );
+ DpmTestUtils.assertRestrictions(
+ DpmTestUtils.newRestrictions(defaultRestrictions),
+ dpm.getUserRestrictions(admin1)
+ );
+
+ for (String restriction : defaultRestrictions) {
+ dpm.clearUserRestriction(admin1, restriction);
+ }
+
DpmTestUtils.assertRestrictions(
DpmTestUtils.newRestrictions(),
dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
@@ -2188,7 +2205,7 @@
assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
DevicePolicyManager.CODE_OK);
assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
- DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE);
+ DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);
assertCheckProvisioningPreCondition(
DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
DevicePolicyManager.CODE_OK);
@@ -2226,7 +2243,7 @@
assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
DevicePolicyManager.CODE_OK);
assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
- DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE);
+ DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);
assertCheckProvisioningPreCondition(
DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
DevicePolicyManager.CODE_OK);
@@ -2368,7 +2385,9 @@
when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
.thenReturn(true);
when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
- when(mContext.userManager.hasUserRestriction(UserManager.DISALLOW_REMOVE_USER))
+ when(mContext.userManager.hasUserRestriction(
+ UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
+ UserHandle.of(DpmMockContext.CALLER_USER_HANDLE)))
.thenReturn(true);
when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
false /* we can't remove a managed profile */)).thenReturn(false);
diff --git a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
index 40d8ac0..9b2c94e 100644
--- a/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/pm/UserManagerTest.java
@@ -241,15 +241,14 @@
}
}
- // Make sure createProfile would fail if we have DISALLOW_ADD_USER.
+ // Make sure createUser would fail if we have DISALLOW_ADD_USER.
@MediumTest
- public void testCreateProfileForUser_disallowAddUser() throws Exception {
+ public void testCreateUser_disallowAddUser() throws Exception {
final int primaryUserId = mUserManager.getPrimaryUser().id;
final UserHandle primaryUserHandle = new UserHandle(primaryUserId);
mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, true, primaryUserHandle);
try {
- UserInfo userInfo = createProfileForUser("Managed",
- UserInfo.FLAG_MANAGED_PROFILE, primaryUserId);
+ UserInfo userInfo = createUser("SecondaryUser", /*flags=*/ 0);
assertNull(userInfo);
} finally {
mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false,
@@ -257,17 +256,51 @@
}
}
- // Make sure createProfileEvenWhenDisallowedForUser bypass DISALLOW_ADD_USER.
+ // Make sure createProfile would fail if we have DISALLOW_ADD_MANAGED_PROFILE.
+ @MediumTest
+ public void testCreateProfileForUser_disallowAddManagedProfile() throws Exception {
+ final int primaryUserId = mUserManager.getPrimaryUser().id;
+ final UserHandle primaryUserHandle = new UserHandle(primaryUserId);
+ mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, true,
+ primaryUserHandle);
+ try {
+ UserInfo userInfo = createProfileForUser("Managed",
+ UserInfo.FLAG_MANAGED_PROFILE, primaryUserId);
+ assertNull(userInfo);
+ } finally {
+ mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false,
+ primaryUserHandle);
+ }
+ }
+
+ // Make sure createProfileEvenWhenDisallowedForUser bypass DISALLOW_ADD_MANAGED_PROFILE.
@MediumTest
public void testCreateProfileForUserEvenWhenDisallowed() throws Exception {
final int primaryUserId = mUserManager.getPrimaryUser().id;
final UserHandle primaryUserHandle = new UserHandle(primaryUserId);
- mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, true, primaryUserHandle);
+ mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, true,
+ primaryUserHandle);
try {
UserInfo userInfo = createProfileEvenWhenDisallowedForUser("Managed",
UserInfo.FLAG_MANAGED_PROFILE, primaryUserId);
assertNotNull(userInfo);
} finally {
+ mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_MANAGED_PROFILE, false,
+ primaryUserHandle);
+ }
+ }
+
+ // createProfile succeeds even if DISALLOW_ADD_USER is set
+ @MediumTest
+ public void testCreateProfileForUser_disallowAddUser() throws Exception {
+ final int primaryUserId = mUserManager.getPrimaryUser().id;
+ final UserHandle primaryUserHandle = new UserHandle(primaryUserId);
+ mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, true, primaryUserHandle);
+ try {
+ UserInfo userInfo = createProfileForUser("Managed",
+ UserInfo.FLAG_MANAGED_PROFILE, primaryUserId);
+ assertNotNull(userInfo);
+ } finally {
mUserManager.setUserRestriction(UserManager.DISALLOW_ADD_USER, false,
primaryUserHandle);
}