Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c3bd7b78d80370f21102bae155b05f2567f2a31d^! / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
commitc3bd7b78d80370f21102bae155b05f2567f2a31d[log] [tgz]
authorNicolas Prevot <nprevot@google.com>Tue Jan 10 11:32:43 2017 +0000
committerNicolas Prevot <nprevot@google.com>Tue Jan 10 16:08:47 2017 +0000
treed52617a594650569ffeff256310ba212a61168ee
parent0a57fbd93cb6beadbf1709ddfc3d094a38c0799f [diff] [blame]
Additional unit tests for isProvisioningAllowed

Test it with disallow add / remove managed profile user restrictions.

BUG:32629873
Test: adb shell am instrument -e class
com.android.server.devicepolicy.DevicePolicyManagerTest -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner

Change-Id: Ic6b01c2b0ed9081204801a6c5719b0fd25eafbba

diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index d392459..182f045 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java

@@ -2289,6 +2289,11 @@
         setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
         mContext.packageName = admin1.getPackageName();
 
+        final ComponentName adminDifferentPackage =
+                new ComponentName("another.package", "whatever.random.class");
+        final int ANOTHER_UID = UserHandle.getUid(DpmMockContext.CALLER_USER_HANDLE, 948);
+        setUpPackageManagerForFakeAdmin(adminDifferentPackage, ANOTHER_UID, admin2);
+
         // COMP mode is allowed.
         assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
 
@@ -2304,12 +2309,66 @@
                 .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
         assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
 
+        // But another app should not
+        mContext.binder.callingUid = ANOTHER_UID;
+        mContext.packageName = adminDifferentPackage.getPackageName();
+        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
+
         // The DO should not be allowed to initiate provisioning if the restriction is set by
         // another entity.
         when(mContext.userManager.getUserRestrictionSource(
                 eq(UserManager.DISALLOW_ADD_MANAGED_PROFILE),
                 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
                 .thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
+        mContext.binder.callingUid = DpmMockContext.CALLER_UID;
+        mContext.packageName = admin1.getPackageName();
+        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
+
+        mContext.binder.callingUid = ANOTHER_UID;
+        mContext.packageName = adminDifferentPackage.getPackageName();
+        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
+    }
+
+    public void testIsProvisioningAllowed_nonSplitUser_comp() throws Exception {
+        setDeviceOwner();
+        setup_nonSplitUser_afterDeviceSetup_primaryUser();
+        setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
+
+        final ComponentName adminDifferentPackage =
+                new ComponentName("another.package", "whatever.class");
+        final int ANOTHER_UID = UserHandle.getUid(DpmMockContext.CALLER_USER_HANDLE, 948);
+        setUpPackageManagerForFakeAdmin(adminDifferentPackage, ANOTHER_UID, admin2);
+
+        final int MANAGED_PROFILE_USER_ID = 18;
+        final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 1308);
+        addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
+
+        when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
+                false /* we can't remove a managed profile */)).thenReturn(false);
+        when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
+                true)).thenReturn(true);
+
+        // We can delete the managed profile to create a new one, so provisioning is allowed.
+        mContext.packageName = admin1.getPackageName();
+        mContext.binder.callingUid = DpmMockContext.CALLER_UID;
+        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
+
+        mContext.packageName = adminDifferentPackage.getPackageName();
+        mContext.binder.callingUid = ANOTHER_UID;
+        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
+
+        when(mContext.userManager.hasUserRestriction(
+                eq(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE),
+                eq(UserHandle.of(DpmMockContext.CALLER_USER_HANDLE))))
+                .thenReturn(true);
+
+        // Now, we can't remove the profile any more to create a new one.
+        mContext.packageName = admin1.getPackageName();
+        mContext.binder.callingUid = DpmMockContext.CALLER_UID;
+        assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
+
+        mContext.packageName = adminDifferentPackage.getPackageName();
+        mContext.binder.callingUid = ANOTHER_UID;
         assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
     }