First cut of user restriction layering.
- Start persisting restrictions set by DO/PO.
- Also dump user restrictions on dumpsys
- More changes will follow, including migration.
- Now System settings are mockable.
Bug 23902097
Bug 23902477
Change-Id: I0bda22f484e1a8e259a1feb2df83c5f4a29116da
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
index f4ffe2e..b109e7b 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerServiceTestable.java
@@ -225,5 +225,45 @@
boolean userManagerIsSplitSystemUser() {
return context.userManagerForMock.isSplitSystemUser();
}
+
+ @Override
+ int settingsSecureGetIntForUser(String name, int def, int userHandle) {
+ return context.settings.settingsSecureGetIntForUser(name, def, userHandle);
+ }
+
+ @Override
+ void settingsSecurePutIntForUser(String name, int value, int userHandle) {
+ context.settings.settingsSecurePutIntForUser(name, value, userHandle);
+ }
+
+ @Override
+ void settingsSecurePutStringForUser(String name, String value, int userHandle) {
+ context.settings.settingsSecurePutStringForUser(name, value, userHandle);
+ }
+
+ @Override
+ void settingsGlobalPutStringForUser(String name, String value, int userHandle) {
+ context.settings.settingsGlobalPutStringForUser(name, value, userHandle);
+ }
+
+ @Override
+ void settingsSecurePutInt(String name, int value) {
+ context.settings.settingsSecurePutInt(name, value);
+ }
+
+ @Override
+ void settingsGlobalPutInt(String name, int value) {
+ context.settings.settingsGlobalPutInt(name, value);
+ }
+
+ @Override
+ void settingsSecurePutString(String name, String value) {
+ context.settings.settingsSecurePutString(name, value);
+ }
+
+ @Override
+ void settingsGlobalPutString(String name, String value) {
+ context.settings.settingsGlobalPutString(name, value);
+ }
}
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 5b23798..03b892e 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -31,8 +31,8 @@
import android.content.pm.ResolveInfo;
import android.os.Bundle;
import android.content.pm.PackageInfo;
-import android.content.pm.UserInfo;
import android.os.UserHandle;
+import android.os.UserManager;
import android.util.Pair;
import org.mockito.ArgumentCaptor;
@@ -65,8 +65,6 @@
(mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
*/
public class DevicePolicyManagerTest extends DpmTestBase {
-
-
private DpmMockContext mContext;
public DevicePolicyManager dpm;
public DevicePolicyManagerServiceTestable dpms;
@@ -207,9 +205,7 @@
mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
- final UserInfo uh = new UserInfo(DpmMockContext.CALLER_USER_HANDLE, "user", 0);
-
- // DO needs to be an DA.
+ // PO needs to be an DA.
dpm.setActiveAdmin(admin, /* replace =*/ false);
// Fire!
@@ -625,4 +621,97 @@
dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
}
+
+ public void testSetUserRestriction_asDo() throws Exception {
+ mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
+ mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
+ mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
+
+ // First, set DO.
+
+ // Call from a process on the system user.
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+
+ // Make sure admin1 is installed on system user.
+ setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
+ setUpApplicationInfo(PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED,
+ DpmMockContext.CALLER_SYSTEM_USER_UID);
+
+ // Call.
+ dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
+ assertTrue(dpm.setDeviceOwner(admin1.getPackageName(), "owner-name",
+ UserHandle.USER_SYSTEM));
+
+ assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_SMS));
+ assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ dpm.addUserRestriction(admin1, UserManager.DISALLOW_SMS);
+ dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
+
+ assertTrue(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_SMS));
+ assertTrue(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ dpm.clearUserRestriction(admin1, UserManager.DISALLOW_SMS);
+
+ assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_SMS));
+ assertTrue(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
+
+ assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_SMS));
+ assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ // TODO Check inner calls.
+ // TODO Make sure restrictions are written to the file.
+ }
+
+ public void testSetUserRestriction_asPo() {
+ setAsProfileOwner(admin1);
+
+ assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
+ assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
+ dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
+
+ assertTrue(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
+ assertTrue(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
+
+ assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
+ assertTrue(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
+
+ assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
+ assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
+ .ensureUserRestrictions()
+ .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
+
+ // TODO Check inner calls.
+ // TODO Make sure restrictions are written to the file.
+ }
}
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
index 7b36e88..73d63ea 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DpmMockContext.java
@@ -158,6 +158,33 @@
}
}
+ public static class SettingsForMock {
+ int settingsSecureGetIntForUser(String name, int def, int userHandle) {
+ return 0;
+ }
+
+ void settingsSecurePutIntForUser(String name, int value, int userHandle) {
+ }
+
+ void settingsSecurePutStringForUser(String name, String value, int userHandle) {
+ }
+
+ void settingsGlobalPutStringForUser(String name, String value, int userHandle) {
+ }
+
+ void settingsSecurePutInt(String name, int value) {
+ }
+
+ void settingsGlobalPutInt(String name, int value) {
+ }
+
+ void settingsSecurePutString(String name, String value) {
+ }
+
+ void settingsGlobalPutString(String name, String value) {
+ }
+ }
+
public final Context realTestContext;
/**
@@ -184,6 +211,7 @@
public final IBackupManager ibackupManager;
public final IAudioService iaudioService;
public final LockPatternUtils lockPatternUtils;
+ public final SettingsForMock settings;
/** Note this is a partial mock, not a real mock. */
public final PackageManager packageManager;
@@ -212,6 +240,7 @@
ibackupManager = mock(IBackupManager.class);
iaudioService = mock(IAudioService.class);
lockPatternUtils = mock(LockPatternUtils.class);
+ settings = mock(SettingsForMock.class);
// Package manager is huge, so we use a partial mock instead.
packageManager = spy(context.getPackageManager());
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java
index 5255628..a210d46 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/OwnersTest.java
@@ -21,6 +21,7 @@
import android.content.ComponentName;
import android.content.pm.UserInfo;
import android.os.UserHandle;
+import android.os.UserManager;
import android.util.Log;
import java.io.BufferedReader;
@@ -28,6 +29,8 @@
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStreamReader;
+import java.io.PrintWriter;
+import java.io.StringWriter;
import java.util.ArrayList;
import static org.mockito.Mockito.when;