Use affiliation ids when checking bind target users.
BUG:32764274
Test: adb shell am instrument -e class
com.android.server.devicepolicy.DevicePolicyManagerTest -w
com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ic79b58dcb583b1d9eb9e7af0d1501cf8cfd0ee86
diff --git a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
index 0c00886..81a01d8 100644
--- a/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
@@ -2664,8 +2664,26 @@
final int ANOTHER_USER_ID = 36;
mContext.addUser(ANOTHER_USER_ID, 0);
+ // Since the managed profile is not affiliated, they should not be allowed to talk to each
+ // other.
+ targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
+ MoreAsserts.assertEmpty(targetUsers);
+
+ mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
+ targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
+ MoreAsserts.assertEmpty(targetUsers);
+
+ // Setting affiliation ids
+ final List<String> userAffiliationIds = Arrays.asList("some.affiliation-id");
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+ dpm.setAffiliationIds(admin1, userAffiliationIds);
+
+ mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
+ dpm.setAffiliationIds(admin1, userAffiliationIds);
+
// Calling from device owner admin, the result list should just contain the managed
// profile user id.
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.of(MANAGED_PROFILE_USER_ID));
@@ -2674,6 +2692,18 @@
mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.SYSTEM);
+
+ // Changing affiliation ids in one
+ dpm.setAffiliationIds(admin1, Arrays.asList("some-different-affiliation-id"));
+
+ // Since the managed profile is not affiliated any more, they should not be allowed to talk
+ // to each other.
+ targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
+ MoreAsserts.assertEmpty(targetUsers);
+
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
+ targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
+ MoreAsserts.assertEmpty(targetUsers);
}
public void testGetBindDeviceAdminTargetUsers_differentPackage() throws Exception {
@@ -2688,8 +2718,16 @@
new ComponentName("another.package", "whatever.class");
addManagedProfile(adminDifferentPackage, MANAGED_PROFILE_ADMIN_UID, admin2);
+ // Setting affiliation ids
+ final List<String> userAffiliationIds = Arrays.asList("some-affiliation-id");
+ dpm.setAffiliationIds(admin1, userAffiliationIds);
+
+ mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
+ dpm.setAffiliationIds(adminDifferentPackage, userAffiliationIds);
+
// Calling from device owner admin, we should get zero bind device admin target users as
// their packages are different.
+ mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
List<UserHandle> targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
MoreAsserts.assertEmpty(targetUsers);