Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1216ae5d023e8f6e4f158a447a5764288e4ccc3e / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
blob: 6c2bdda3e21aaec18e691f4d0fb5ada4c1a5caf7 [file] [log] [blame]
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]16package com.android.server.devicepolicy;
17
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]18import android.Manifest.permission;
19import android.app.Activity;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]20import android.app.admin.DeviceAdminReceiver;
21import android.app.admin.DevicePolicyManager;
22import android.app.admin.DevicePolicyManagerInternal;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]23import android.content.BroadcastReceiver;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]24import android.content.ComponentName;
Rubin Xued1928a2016-02-11 17:23:06 +0000[diff] [blame]25import android.content.pm.ApplicationInfo;
26import android.content.pm.PackageInfo;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]27import android.content.pm.PackageManager;
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]28import android.net.wifi.WifiInfo;
Makoto Onuki3ab6f2e2015-11-05 13:55:37 -0800[diff] [blame]29import android.os.Build.VERSION_CODES;
Rubin Xued1928a2016-02-11 17:23:06 +0000[diff] [blame]30import android.os.Build;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]31import android.os.Bundle;
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]32import android.os.Process;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]33import android.os.UserHandle;
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]34import android.os.UserManager;
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]35import android.provider.Settings;
Mahaver Chopra1216ae52016-03-11 15:39:48 +0000[diff] [blame^]36import android.telephony.TelephonyManager;
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]37import android.test.MoreAsserts;
Benjamin Franz6d009032016-01-25 18:56:38 +0000[diff] [blame]38import android.test.suitebuilder.annotation.SmallTest;
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]39import android.util.ArraySet;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]40import android.util.Pair;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]41
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame]42import com.android.server.LocalServices;
43import com.android.server.SystemService;
44
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]45import org.mockito.ArgumentCaptor;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]46import org.mockito.invocation.InvocationOnMock;
47import org.mockito.stubbing.Answer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]48
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]49import java.util.ArrayList;
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame]50import java.util.Arrays;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]51import java.util.HashMap;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]52import java.util.List;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]53import java.util.Map;
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]54import java.util.Set;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]55
56import static org.mockito.Matchers.any;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]57import static org.mockito.Matchers.anyInt;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]58import static org.mockito.Matchers.anyString;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]59import static org.mockito.Matchers.eq;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]60import static org.mockito.Matchers.isNull;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]61import static org.mockito.Mockito.doAnswer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]62import static org.mockito.Mockito.doReturn;
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]63import static org.mockito.Mockito.reset;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]64import static org.mockito.Mockito.times;
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]65import static org.mockito.Mockito.validateMockitoUsage;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]66import static org.mockito.Mockito.verify;
67import static org.mockito.Mockito.when;
68
69/**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]70 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]71 *
72 m FrameworksServicesTests &&
73 adb install \
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame]74 -r ${ANDROID_PRODUCT_OUT}/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]75 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]76 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]77
78 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
79 */
Benjamin Franz6d009032016-01-25 18:56:38 +0000[diff] [blame]80@SmallTest
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]81public class DevicePolicyManagerTest extends DpmTestBase {
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame]82 private static final List<String> OWNER_SETUP_PERMISSIONS = Arrays.asList(
83 permission.MANAGE_DEVICE_ADMINS, permission.MANAGE_PROFILE_AND_DEVICE_OWNERS,
84 permission.MANAGE_USERS, permission.INTERACT_ACROSS_USERS_FULL);
85
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]86 private DpmMockContext mContext;
87 public DevicePolicyManager dpm;
88 public DevicePolicyManagerServiceTestable dpms;
89
90 @Override
91 protected void setUp() throws Exception {
92 super.setUp();
93
94 mContext = getContext();
95
96 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
97 .thenReturn(true);
98
Makoto Onuki1a5ee772016-02-12 15:34:57 -0800[diff] [blame]99 // By default, pretend all users are running and unlocked.
100 when(mContext.userManager.isUserUnlocked(anyInt())).thenReturn(true);
101
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]102 initializeDpms();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]103
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]104 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
105 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
106 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
Makoto Onuki3ab6f2e2015-11-05 13:55:37 -0800[diff] [blame]107 setUpPackageManagerForAdmin(adminNoPerm, DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]108
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]109 setUpUserManager();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]110 }
111
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]112 private void initializeDpms() {
113 // Need clearCallingIdentity() to pass permission checks.
114 final long ident = mContext.binder.clearCallingIdentity();
115 try {
116 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
117
118 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
119
120 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY);
121 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED);
122
123 dpm = new DevicePolicyManagerTestable(mContext, dpms);
124 } finally {
125 mContext.binder.restoreCallingIdentity(ident);
126 }
127 }
128
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]129 private void setUpUserManager() {
130 // Emulate UserManager.set/getApplicationRestriction().
131 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
132
133 // UM.setApplicationRestrictions() will save to appRestrictions.
134 doAnswer(new Answer<Void>() {
135 @Override
136 public Void answer(InvocationOnMock invocation) throws Throwable {
137 String pkg = (String) invocation.getArguments()[0];
138 Bundle bundle = (Bundle) invocation.getArguments()[1];
139 UserHandle user = (UserHandle) invocation.getArguments()[2];
140
141 appRestrictions.put(Pair.create(pkg, user), bundle);
142
143 return null;
144 }
145 }).when(mContext.userManager).setApplicationRestrictions(
146 anyString(), any(Bundle.class), any(UserHandle.class));
147
148 // UM.getApplicationRestrictions() will read from appRestrictions.
149 doAnswer(new Answer<Bundle>() {
150 @Override
151 public Bundle answer(InvocationOnMock invocation) throws Throwable {
152 String pkg = (String) invocation.getArguments()[0];
153 UserHandle user = (UserHandle) invocation.getArguments()[1];
154
155 return appRestrictions.get(Pair.create(pkg, user));
156 }
157 }).when(mContext.userManager).getApplicationRestrictions(
158 anyString(), any(UserHandle.class));
159
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]160 // Add the first secondary user.
161 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]162 }
163
164 private void setAsProfileOwner(ComponentName admin) {
165 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
166 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
167
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]168 // PO needs to be an DA.
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]169 dpm.setActiveAdmin(admin, /* replace =*/ false);
170
171 // Fire!
172 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
173
174 // Check
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]175 assertEquals(admin, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]176 }
177
178 public void testHasNoFeature() throws Exception {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]179 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
180 .thenReturn(false);
181
182 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
183 new DevicePolicyManagerServiceTestable(mContext, dataDir);
184
185 // If the device has no DPMS feature, it shouldn't register the local service.
186 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
187 }
188
189 /**
190 * Caller doesn't have proper permissions.
191 */
192 public void testSetActiveAdmin_SecurityException() {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]193 // 1. Failure cases.
194
195 // Caller doesn't have MANAGE_DEVICE_ADMINS.
196 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]197 dpm.setActiveAdmin(admin1, false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]198 fail("Didn't throw SecurityException");
199 } catch (SecurityException expected) {
200 }
201
202 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
203 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
204 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]205 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]206 fail("Didn't throw SecurityException");
207 } catch (SecurityException expected) {
208 }
209 }
210
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]211 /**
212 * Test for:
213 * {@link DevicePolicyManager#setActiveAdmin}
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]214 * with replace=false and replace=true
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]215 * {@link DevicePolicyManager#isAdminActive}
216 * {@link DevicePolicyManager#isAdminActiveAsUser}
217 * {@link DevicePolicyManager#getActiveAdmins}
218 * {@link DevicePolicyManager#getActiveAdminsAsUser}
219 */
220 public void testSetActiveAdmin() throws Exception {
221 // 1. Make sure the caller has proper permissions.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]222 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
223
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]224 // 2. Call the API.
225 dpm.setActiveAdmin(admin1, /* replace =*/ false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]226
227 // 3. Verify internal calls.
228
229 // Check if the boradcast is sent.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]230 verify(mContext.spiedContext).sendBroadcastAsUser(
231 MockUtils.checkIntentAction(
232 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
233 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
234 verify(mContext.spiedContext).sendBroadcastAsUser(
235 MockUtils.checkIntentAction(
236 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]237 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
238
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]239 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
240 eq(admin1.getPackageName()),
241 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
242 eq(PackageManager.DONT_KILL_APP),
243 eq(DpmMockContext.CALLER_USER_HANDLE),
244 anyString());
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]245
246 // TODO Verify other calls too.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]247
248 // Make sure it's active admin1.
249 assertTrue(dpm.isAdminActive(admin1));
250 assertFalse(dpm.isAdminActive(admin2));
251 assertFalse(dpm.isAdminActive(admin3));
252
253 // But not admin1 for a different user.
254
255 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
256 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
257 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
258
259 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
260 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
261
262 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
263
264 // Next, add one more admin.
265 // Before doing so, update the application info, now it's enabled.
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]266 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,
267 PackageManager.COMPONENT_ENABLED_STATE_ENABLED);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]268
269 dpm.setActiveAdmin(admin2, /* replace =*/ false);
270
271 // Now we have two admins.
272 assertTrue(dpm.isAdminActive(admin1));
273 assertTrue(dpm.isAdminActive(admin2));
274 assertFalse(dpm.isAdminActive(admin3));
275
276 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
277 // again. (times(1) because it was previously called for admin1)
278 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
279 eq(admin1.getPackageName()),
280 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
281 eq(PackageManager.DONT_KILL_APP),
282 eq(DpmMockContext.CALLER_USER_HANDLE),
283 anyString());
284
285 // 4. Add the same admin1 again without replace, which should throw.
286 try {
287 dpm.setActiveAdmin(admin1, /* replace =*/ false);
288 fail("Didn't throw");
289 } catch (IllegalArgumentException expected) {
290 }
291
292 // 5. Add the same admin1 again with replace, which should succeed.
293 dpm.setActiveAdmin(admin1, /* replace =*/ true);
294
295 // TODO make sure it's replaced.
296
297 // 6. Test getActiveAdmins()
298 List<ComponentName> admins = dpm.getActiveAdmins();
299 assertEquals(2, admins.size());
300 assertEquals(admin1, admins.get(0));
301 assertEquals(admin2, admins.get(1));
302
303 // Another user has no admins.
304 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
305
306 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
307 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
308
309 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
310 }
311
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]312 public void testSetActiveAdmin_multiUsers() throws Exception {
313
314 final int ANOTHER_USER_ID = 100;
315 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
316
317 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
318
319 // Set up pacakge manager for the other user.
320 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]321
322 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
323
324 dpm.setActiveAdmin(admin1, /* replace =*/ false);
325
326 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
327 dpm.setActiveAdmin(admin2, /* replace =*/ false);
328
329
330 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
331 assertTrue(dpm.isAdminActive(admin1));
332 assertFalse(dpm.isAdminActive(admin2));
333
334 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
335 assertFalse(dpm.isAdminActive(admin1));
336 assertTrue(dpm.isAdminActive(admin2));
337 }
338
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]339 /**
340 * Test for:
341 * {@link DevicePolicyManager#setActiveAdmin}
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]342 * with replace=false
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]343 */
344 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
345 // 1. Make sure the caller has proper permissions.
346 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
347
348 dpm.setActiveAdmin(admin1, /* replace =*/ false);
349 assertTrue(dpm.isAdminActive(admin1));
350
351 // Add the same admin1 again without replace, which should throw.
352 try {
353 dpm.setActiveAdmin(admin1, /* replace =*/ false);
354 fail("Didn't throw");
355 } catch (IllegalArgumentException expected) {
356 }
357 }
358
359 /**
360 * Test for:
Makoto Onuki3ab6f2e2015-11-05 13:55:37 -0800[diff] [blame]361 * {@link DevicePolicyManager#setActiveAdmin} when the admin isn't protected with
362 * BIND_DEVICE_ADMIN.
363 */
364 public void testSetActiveAdmin_permissionCheck() throws Exception {
365 // 1. Make sure the caller has proper permissions.
366 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
367
368 try {
369 dpm.setActiveAdmin(adminNoPerm, /* replace =*/ false);
370 fail();
371 } catch (IllegalArgumentException expected) {
372 assertTrue(expected.getMessage().contains(permission.BIND_DEVICE_ADMIN));
373 }
374 assertFalse(dpm.isAdminActive(adminNoPerm));
375
376 // Change the target API level to MNC. Now it can be set as DA.
377 setUpPackageManagerForAdmin(adminNoPerm, DpmMockContext.CALLER_UID, null,
378 VERSION_CODES.M);
379 dpm.setActiveAdmin(adminNoPerm, /* replace =*/ false);
380 assertTrue(dpm.isAdminActive(adminNoPerm));
381
382 // TODO Test the "load from the file" case where DA will still be loaded even without
383 // BIND_DEVICE_ADMIN and target API is N.
384 }
385
386 /**
387 * Test for:
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]388 * {@link DevicePolicyManager#removeActiveAdmin}
389 */
390 public void testRemoveActiveAdmin_SecurityException() {
391 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
392
393 // Add admin.
394
395 dpm.setActiveAdmin(admin1, /* replace =*/ false);
396
397 assertTrue(dpm.isAdminActive(admin1));
398
399 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
400
401 // Directly call the DPMS method with a different userid, which should fail.
402 try {
403 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
404 fail("Didn't throw SecurityException");
405 } catch (SecurityException expected) {
406 }
407
408 // Try to remove active admin with a different caller userid should fail too, without
409 // having MANAGE_DEVICE_ADMINS.
410 mContext.callerPermissions.clear();
411
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]412 // Change the caller, and call into DPMS directly with a different user-id.
413
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]414 mContext.binder.callingUid = 1234567;
415 try {
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]416 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]417 fail("Didn't throw SecurityException");
418 } catch (SecurityException expected) {
419 }
420 }
421
422 /**
Makoto Onuki1a5ee772016-02-12 15:34:57 -0800[diff] [blame]423 * {@link DevicePolicyManager#removeActiveAdmin} should fail with the user is not unlocked
424 * (because we can't send the remove broadcast).
425 */
426 public void testRemoveActiveAdmin_userNotRunningOrLocked() {
427 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
428
429 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
430
431 // Add admin.
432
433 dpm.setActiveAdmin(admin1, /* replace =*/ false);
434
435 assertTrue(dpm.isAdminActive(admin1));
436
437 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
438
439 // 1. User not unlocked.
440 when(mContext.userManager.isUserUnlocked(eq(DpmMockContext.CALLER_USER_HANDLE)))
441 .thenReturn(false);
442 try {
443 dpm.removeActiveAdmin(admin1);
444 fail("Didn't throw IllegalStateException");
445 } catch (IllegalStateException expected) {
446 MoreAsserts.assertContainsRegex(
447 "User must be running and unlocked", expected.getMessage());
448 }
449
450 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
451
452 // 2. User unlocked.
453 when(mContext.userManager.isUserUnlocked(eq(DpmMockContext.CALLER_USER_HANDLE)))
454 .thenReturn(true);
455
456 dpm.removeActiveAdmin(admin1);
457
458 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
459 }
460
461 /**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]462 * Test for:
463 * {@link DevicePolicyManager#removeActiveAdmin}
464 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]465 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]466 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
467
468 // Add admin1.
469
470 dpm.setActiveAdmin(admin1, /* replace =*/ false);
471
472 assertTrue(dpm.isAdminActive(admin1));
473 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
474
475 // Different user, but should work, because caller has proper permissions.
476 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]477
478 // Change the caller, and call into DPMS directly with a different user-id.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]479 mContext.binder.callingUid = 1234567;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]480
481 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]482
483 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
484
485 // TODO DO Still can't be removed in this case.
486 }
487
488 /**
489 * Test for:
490 * {@link DevicePolicyManager#removeActiveAdmin}
491 */
492 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
493 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
494 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
495
496 // Add admin1.
497
498 dpm.setActiveAdmin(admin1, /* replace =*/ false);
499
500 assertTrue(dpm.isAdminActive(admin1));
501 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
502
503 // Broadcast from saveSettingsLocked().
504 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
505 MockUtils.checkIntentAction(
506 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
507 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
508
509 // Remove. No permissions, but same user, so it'll work.
510 mContext.callerPermissions.clear();
511 dpm.removeActiveAdmin(admin1);
512
513 final ArgumentCaptor<BroadcastReceiver> brCap =
514 ArgumentCaptor.forClass(BroadcastReceiver.class);
515
516 // Is removing now, but not removed yet.
517 assertTrue(dpm.isAdminActive(admin1));
518 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
519
520 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
521 MockUtils.checkIntentAction(
522 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
523 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
524 isNull(String.class),
525 brCap.capture(),
526 eq(dpms.mHandler),
527 eq(Activity.RESULT_OK),
528 isNull(String.class),
529 isNull(Bundle.class));
530
531 brCap.getValue().onReceive(mContext, null);
532
533 assertFalse(dpm.isAdminActive(admin1));
534 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
535
536 // Again broadcast from saveSettingsLocked().
537 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
538 MockUtils.checkIntentAction(
539 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
540 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
541
542 // TODO Check other internal calls.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]543 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]544
545 /**
546 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs
547 * successfully.
548 */
549 public void testSetDeviceOwner() throws Exception {
550 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]551 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]552 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
553 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
554
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]555 // In this test, change the caller user to "system".
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]556 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
557
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]558 // Make sure admin1 is installed on system user.
559 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]560
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]561 // Check various get APIs.
562 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ false);
563
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]564 // DO needs to be an DA.
565 dpm.setActiveAdmin(admin1, /* replace =*/ false);
566
567 // Fire!
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]568 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]569
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]570 // getDeviceOwnerComponent should return the admin1 component.
571 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
572 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
573
574 // Check various get APIs.
575 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ true);
576
577 // getDeviceOwnerComponent should *NOT* return the admin1 component for other users.
578 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
579 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
580 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
581
582 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
583
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]584 // Verify internal calls.
585 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
586 eq(admin1.getPackageName()));
587
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]588 // TODO We should check if the caller has called clearCallerIdentity().
589 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
590 eq(UserHandle.USER_SYSTEM), eq(false));
591
592 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
593 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
594 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
595
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]596 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]597
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]598 // Try to set a profile owner on the same user, which should fail.
599 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
600 dpm.setActiveAdmin(admin2, /* refreshing= */ true, UserHandle.USER_SYSTEM);
601 try {
602 dpm.setProfileOwner(admin2, "owner-name", UserHandle.USER_SYSTEM);
603 fail("IllegalStateException not thrown");
604 } catch (IllegalStateException expected) {
605 assertTrue("Message was: " + expected.getMessage(),
606 expected.getMessage().contains("already has a device owner"));
607 }
608
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]609 // DO admin can't be deactivated.
610 dpm.removeActiveAdmin(admin1);
611 assertTrue(dpm.isAdminActive(admin1));
612
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]613 // TODO Test getDeviceOwnerName() too. To do so, we need to change
614 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
615 }
616
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]617 private void checkGetDeviceOwnerInfoApi(DevicePolicyManager dpm, boolean hasDeviceOwner) {
618 final int origCallingUser = mContext.binder.callingUid;
619 final List origPermissions = new ArrayList(mContext.callerPermissions);
620 mContext.callerPermissions.clear();
621
622 mContext.callerPermissions.add(permission.MANAGE_USERS);
623
624 mContext.binder.callingUid = Process.SYSTEM_UID;
625
626 // TODO Test getDeviceOwnerName() too. To do so, we need to change
627 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
628 if (hasDeviceOwner) {
629 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
630 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
631 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
632
633 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
634 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
635 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
636 } else {
637 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
638 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
639 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
640
641 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
642 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
643 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
644 }
645
646 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
647 if (hasDeviceOwner) {
648 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
649 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
650 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
651
652 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
653 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
654 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
655 } else {
656 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
657 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
658 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
659
660 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
661 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
662 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
663 }
664
665 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
666 // Still with MANAGE_USERS.
667 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
668 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
669 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
670
671 if (hasDeviceOwner) {
672 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
673 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
674 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
675 } else {
676 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
677 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
678 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
679 }
680
681 mContext.binder.callingUid = Process.SYSTEM_UID;
682 mContext.callerPermissions.remove(permission.MANAGE_USERS);
683 // System can still call "OnAnyUser" without MANAGE_USERS.
684 if (hasDeviceOwner) {
685 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
686 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
687 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
688
689 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
690 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
691 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
692 } else {
693 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
694 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
695 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
696
697 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
698 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
699 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
700 }
701
702 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
703 // Still no MANAGE_USERS.
704 if (hasDeviceOwner) {
705 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
706 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
707 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
708 } else {
709 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
710 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
711 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
712 }
713
714 try {
715 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
716 fail();
717 } catch (SecurityException expected) {
718 }
719 try {
720 dpm.getDeviceOwnerComponentOnAnyUser();
721 fail();
722 } catch (SecurityException expected) {
723 }
724 try {
725 dpm.getDeviceOwnerUserId();
726 fail();
727 } catch (SecurityException expected) {
728 }
729 try {
730 dpm.getDeviceOwnerNameOnAnyUser();
731 fail();
732 } catch (SecurityException expected) {
733 }
734
735 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
736 // Still no MANAGE_USERS.
737 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
738 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
739 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
740
741 try {
742 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
743 fail();
744 } catch (SecurityException expected) {
745 }
746 try {
747 dpm.getDeviceOwnerComponentOnAnyUser();
748 fail();
749 } catch (SecurityException expected) {
750 }
751 try {
752 dpm.getDeviceOwnerUserId();
753 fail();
754 } catch (SecurityException expected) {
755 }
756 try {
757 dpm.getDeviceOwnerNameOnAnyUser();
758 fail();
759 } catch (SecurityException expected) {
760 }
761
762 // Restore.
763 mContext.binder.callingUid = origCallingUser;
764 mContext.callerPermissions.addAll(origPermissions);
765 }
766
767
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]768 /**
769 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
770 */
771 public void testSetDeviceOwner_noSuchPackage() {
772 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]773 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]774 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
775 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
776
777 // Call from a process on the system user.
778 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
779
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]780 try {
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]781 dpm.setDeviceOwner(new ComponentName("a.b.c", ".def"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]782 fail("Didn't throw IllegalArgumentException");
783 } catch (IllegalArgumentException expected) {
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]784 assertTrue("Message was: " + expected.getMessage(),
785 expected.getMessage().contains("Invalid component"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]786 }
787 }
788
789 public void testSetDeviceOwner_failures() throws Exception {
790 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
791 }
792
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]793 public void testClearDeviceOwner() throws Exception {
794 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]795 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]796 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
797 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
798
799 // Set admin1 as a DA to the secondary user.
800 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
801
802 dpm.setActiveAdmin(admin1, /* replace =*/ false);
803
804 // Set admin 1 as the DO to the system user.
805
806 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
807 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
808 dpm.setActiveAdmin(admin1, /* replace =*/ false);
809 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
810
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]811 // Verify internal calls.
812 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
813 eq(admin1.getPackageName()));
814
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]815 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]816
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]817 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
818
819 assertTrue(dpm.isAdminActive(admin1));
820 assertFalse(dpm.isRemovingAdmin(admin1, UserHandle.USER_SYSTEM));
821
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]822 // Set up other mocks.
823 when(mContext.userManager.getUserRestrictions()).thenReturn(new Bundle());
824
825 // Now call clear.
Jeff Sharkeye06b4d12016-01-06 14:51:50 -0700[diff] [blame]826 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager).getPackageUidAsUser(
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]827 eq(admin1.getPackageName()),
828 anyInt());
Makoto Onuki1a5ee772016-02-12 15:34:57 -0800[diff] [blame]829
830 // But first pretend the user is locked. Then it should fail.
831 when(mContext.userManager.isUserUnlocked(anyInt())).thenReturn(false);
832 try {
833 dpm.clearDeviceOwnerApp(admin1.getPackageName());
834 fail("Didn't throw IllegalStateException");
835 } catch (IllegalStateException expected) {
836 MoreAsserts.assertContainsRegex(
837 "User must be running and unlocked", expected.getMessage());
838 }
839
840 when(mContext.userManager.isUserUnlocked(anyInt())).thenReturn(true);
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]841 reset(mContext.userManagerInternal);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]842 dpm.clearDeviceOwnerApp(admin1.getPackageName());
843
844 // Now DO shouldn't be set.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]845 assertNull(dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]846
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]847 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
848 eq(UserHandle.USER_SYSTEM),
849 MockUtils.checkUserRestrictions(),
850 MockUtils.checkUserRestrictions()
851 );
852
853 assertTrue(dpm.isAdminActive(admin1));
854 assertTrue(dpm.isRemovingAdmin(admin1, UserHandle.USER_SYSTEM));
855
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]856 // TODO Check other calls.
857 }
858
859 public void testClearDeviceOwner_fromDifferentUser() throws Exception {
860 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]861 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]862 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
863 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
864
865 // Set admin1 as a DA to the secondary user.
866 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
867
868 dpm.setActiveAdmin(admin1, /* replace =*/ false);
869
870 // Set admin 1 as the DO to the system user.
871
872 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
873 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
874 dpm.setActiveAdmin(admin1, /* replace =*/ false);
875 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
876
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]877 // Verify internal calls.
878 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
879 eq(admin1.getPackageName()));
880
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]881 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]882
883 // Now call clear from the secondary user, which should throw.
884 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
885
886 // Now call clear.
Jeff Sharkeye06b4d12016-01-06 14:51:50 -0700[diff] [blame]887 doReturn(DpmMockContext.CALLER_UID).when(mContext.packageManager).getPackageUidAsUser(
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]888 eq(admin1.getPackageName()),
889 anyInt());
890 try {
891 dpm.clearDeviceOwnerApp(admin1.getPackageName());
892 fail("Didn't throw");
893 } catch (SecurityException e) {
894 assertEquals("clearDeviceOwner can only be called by the device owner", e.getMessage());
895 }
896
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]897 // DO shouldn't be removed.
898 assertTrue(dpm.isDeviceManaged());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]899 }
900
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]901 public void testSetProfileOwner() throws Exception {
902 setAsProfileOwner(admin1);
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]903
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]904 // PO admin can't be deactivated.
905 dpm.removeActiveAdmin(admin1);
906 assertTrue(dpm.isAdminActive(admin1));
907
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]908 // Try setting DO on the same user, which should fail.
909 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
910 dpm.setActiveAdmin(admin2, /* refreshing= */ true, DpmMockContext.CALLER_USER_HANDLE);
911 try {
912 dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE);
913 fail("IllegalStateException not thrown");
914 } catch (IllegalStateException expected) {
915 assertTrue("Message was: " + expected.getMessage(),
916 expected.getMessage().contains("already has a profile owner"));
917 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]918 }
919
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]920 public void testClearProfileOwner() throws Exception {
921 setAsProfileOwner(admin1);
922
923 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
924
925 assertTrue(dpm.isProfileOwnerApp(admin1.getPackageName()));
926 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
927
Makoto Onuki1a5ee772016-02-12 15:34:57 -0800[diff] [blame]928 // First try when the user is locked, which should fail.
929 when(mContext.userManager.isUserUnlocked(anyInt()))
930 .thenReturn(false);
931 try {
932 dpm.clearProfileOwner(admin1);
933 fail("Didn't throw IllegalStateException");
934 } catch (IllegalStateException expected) {
935 MoreAsserts.assertContainsRegex(
936 "User must be running and unlocked", expected.getMessage());
937 }
938 // Clear, really.
939 when(mContext.userManager.isUserUnlocked(anyInt()))
940 .thenReturn(true);
Makoto Onuki90b89652016-01-28 14:44:18 -0800[diff] [blame]941 dpm.clearProfileOwner(admin1);
942
943 // Check
944 assertFalse(dpm.isProfileOwnerApp(admin1.getPackageName()));
945 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
946 }
947
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]948 public void testSetProfileOwner_failures() throws Exception {
949 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
950 }
951
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]952 public void testGetDeviceOwnerAdminLocked() throws Exception {
953 checkDeviceOwnerWithMultipleDeviceAdmins();
954 }
955
956 private void checkDeviceOwnerWithMultipleDeviceAdmins() throws Exception {
957 // In ths test, we use 3 users (system + 2 secondary users), set some device admins to them,
958 // set admin2 on CALLER_USER_HANDLE as DO, then call getDeviceOwnerAdminLocked() to
959 // make sure it gets the right component from the right user.
960
961 final int ANOTHER_USER_ID = 100;
962 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 456);
963
964 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
965
966 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]967 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]968 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
969 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
970
971 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
972
Victor Change29cd472016-03-02 20:57:42 +0000[diff] [blame]973 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
974
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]975 // Make sure the admin packge is installed to each user.
976 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
977 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID);
978
979 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
980 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
981
982 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
983
984
985 // Set active admins to the users.
986 dpm.setActiveAdmin(admin1, /* replace =*/ false);
987 dpm.setActiveAdmin(admin3, /* replace =*/ false);
988
989 dpm.setActiveAdmin(admin1, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
990 dpm.setActiveAdmin(admin2, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
991
992 dpm.setActiveAdmin(admin2, /* replace =*/ false, ANOTHER_USER_ID);
993
994 // Set DO on the first non-system user.
995 mContext.setUserRunning(DpmMockContext.CALLER_USER_HANDLE, true);
996 assertTrue(dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
997
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]998 assertEquals(admin2, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]999
1000 // Then check getDeviceOwnerAdminLocked().
1001 assertEquals(admin2, dpms.getDeviceOwnerAdminLocked().info.getComponent());
1002 assertEquals(DpmMockContext.CALLER_UID, dpms.getDeviceOwnerAdminLocked().getUid());
1003 }
1004
1005 /**
1006 * This essentially tests
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]1007 * {@code DevicePolicyManagerService.findOwnerComponentIfNecessaryLocked()}. (which is
1008 * private.)
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1009 *
1010 * We didn't use to persist the DO component class name, but now we do, and the above method
1011 * finds the right component from a package name upon migration.
1012 */
1013 public void testDeviceOwnerMigration() throws Exception {
Victor Change29cd472016-03-02 20:57:42 +0000[diff] [blame]1014 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1015 checkDeviceOwnerWithMultipleDeviceAdmins();
1016
1017 // Overwrite the device owner setting and clears the clas name.
1018 dpms.mOwners.setDeviceOwner(
1019 new ComponentName(admin2.getPackageName(), ""),
1020 "owner-name", DpmMockContext.CALLER_USER_HANDLE);
1021 dpms.mOwners.writeDeviceOwner();
1022
1023 // Make sure the DO component name doesn't have a class name.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]1024 assertEquals("", dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false).getClassName());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1025
1026 // Then create a new DPMS to have it load the settings from files.
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1027 when(mContext.userManager.getUserRestrictions(any(UserHandle.class)))
1028 .thenReturn(new Bundle());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1029 initializeDpms();
1030
1031 // Now the DO component name is a full name.
1032 // *BUT* because both admin1 and admin2 belong to the same package, we think admin1 is the
1033 // DO.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]1034 assertEquals(admin1, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1035 }
1036
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]1037 public void testSetGetApplicationRestriction() {
1038 setAsProfileOwner(admin1);
1039
1040 {
1041 Bundle rest = new Bundle();
1042 rest.putString("KEY_STRING", "Foo1");
1043 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
1044 }
1045
1046 {
1047 Bundle rest = new Bundle();
1048 rest.putString("KEY_STRING", "Foo2");
1049 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
1050 }
1051
1052 {
1053 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
1054 assertNotNull(returned);
1055 assertEquals(returned.size(), 1);
1056 assertEquals(returned.get("KEY_STRING"), "Foo1");
1057 }
1058
1059 {
1060 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
1061 assertNotNull(returned);
1062 assertEquals(returned.size(), 1);
1063 assertEquals(returned.get("KEY_STRING"), "Foo2");
1064 }
1065
1066 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
1067 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
1068 }
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1069
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]1070 public void testApplicationRestrictionsManagingApp() throws Exception {
1071 setAsProfileOwner(admin1);
1072
Rubin Xued1928a2016-02-11 17:23:06 +0000[diff] [blame]1073 final String nonExistAppRestrictionsManagerPackage = "com.google.app.restrictions.manager2";
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]1074 final String appRestrictionsManagerPackage = "com.google.app.restrictions.manager";
1075 final int appRestrictionsManagerAppId = 20987;
1076 final int appRestrictionsManagerUid = UserHandle.getUid(
1077 DpmMockContext.CALLER_USER_HANDLE, appRestrictionsManagerAppId);
Jeff Sharkeye06b4d12016-01-06 14:51:50 -0700[diff] [blame]1078 doReturn(appRestrictionsManagerUid).when(mContext.packageManager).getPackageUidAsUser(
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]1079 eq(appRestrictionsManagerPackage),
1080 eq(DpmMockContext.CALLER_USER_HANDLE));
1081 mContext.binder.callingUid = appRestrictionsManagerUid;
1082
Rubin Xued1928a2016-02-11 17:23:06 +0000[diff] [blame]1083 final PackageInfo pi = new PackageInfo();
1084 pi.applicationInfo = new ApplicationInfo();
1085 pi.applicationInfo.flags = ApplicationInfo.FLAG_HAS_CODE;
1086 doReturn(pi).when(mContext.ipackageManager).getPackageInfo(
1087 eq(appRestrictionsManagerPackage),
1088 anyInt(),
1089 eq(DpmMockContext.CALLER_USER_HANDLE));
1090
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]1091 // appRestrictionsManager package shouldn't be able to manage restrictions as the PO hasn't
1092 // delegated that permission yet.
1093 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1094 Bundle rest = new Bundle();
1095 rest.putString("KEY_STRING", "Foo1");
1096 try {
1097 dpm.setApplicationRestrictions(null, "pkg1", rest);
1098 fail("Didn't throw expected SecurityException");
1099 } catch (SecurityException expected) {
1100 MoreAsserts.assertContainsRegex(
1101 "caller cannot manage application restrictions", expected.getMessage());
1102 }
1103 try {
1104 dpm.getApplicationRestrictions(null, "pkg1");
1105 fail("Didn't throw expected SecurityException");
1106 } catch (SecurityException expected) {
1107 MoreAsserts.assertContainsRegex(
1108 "caller cannot manage application restrictions", expected.getMessage());
1109 }
1110
1111 // Check via the profile owner that no restrictions were set.
1112 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1113 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg1").size());
1114
Rubin Xued1928a2016-02-11 17:23:06 +0000[diff] [blame]1115 // Check the API does not allow setting a non-existent package
1116 try {
1117 dpm.setApplicationRestrictionsManagingPackage(admin1,
1118 nonExistAppRestrictionsManagerPackage);
1119 fail("Non-existent app set as app restriction manager.");
1120 } catch (IllegalArgumentException expected) {
1121 MoreAsserts.assertContainsRegex(
1122 "is not installed on the current user", expected.getMessage());
1123 }
1124
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]1125 // Let appRestrictionsManagerPackage manage app restrictions
1126 dpm.setApplicationRestrictionsManagingPackage(admin1, appRestrictionsManagerPackage);
1127 assertEquals(appRestrictionsManagerPackage,
1128 dpm.getApplicationRestrictionsManagingPackage(admin1));
1129
1130 // Now that package should be able to set and retrieve app restrictions.
1131 mContext.binder.callingUid = appRestrictionsManagerUid;
1132 assertTrue(dpm.isCallerApplicationRestrictionsManagingPackage());
1133 dpm.setApplicationRestrictions(null, "pkg1", rest);
1134 Bundle returned = dpm.getApplicationRestrictions(null, "pkg1");
1135 assertEquals(1, returned.size(), 1);
1136 assertEquals("Foo1", returned.get("KEY_STRING"));
1137
1138 // The same app running on a separate user shouldn't be able to manage app restrictions.
1139 mContext.binder.callingUid = UserHandle.getUid(
1140 UserHandle.USER_SYSTEM, appRestrictionsManagerAppId);
1141 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1142 try {
1143 dpm.setApplicationRestrictions(null, "pkg1", rest);
1144 fail("Didn't throw expected SecurityException");
1145 } catch (SecurityException expected) {
1146 MoreAsserts.assertContainsRegex(
1147 "caller cannot manage application restrictions", expected.getMessage());
1148 }
1149
1150 // The DPM is still able to manage app restrictions, even if it allowed another app to do it
1151 // too.
1152 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1153 assertEquals(returned, dpm.getApplicationRestrictions(admin1, "pkg1"));
1154 dpm.setApplicationRestrictions(admin1, "pkg1", null);
1155 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg1").size());
1156
1157 // Removing the ability for the package to manage app restrictions.
1158 dpm.setApplicationRestrictionsManagingPackage(admin1, null);
1159 assertNull(dpm.getApplicationRestrictionsManagingPackage(admin1));
1160 mContext.binder.callingUid = appRestrictionsManagerUid;
1161 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1162 try {
1163 dpm.setApplicationRestrictions(null, "pkg1", null);
1164 fail("Didn't throw expected SecurityException");
1165 } catch (SecurityException expected) {
1166 MoreAsserts.assertContainsRegex(
1167 "caller cannot manage application restrictions", expected.getMessage());
1168 }
1169 }
1170
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1171 public void testSetUserRestriction_asDo() throws Exception {
1172 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]1173 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1174 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1175 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1176
1177 // First, set DO.
1178
1179 // Call from a process on the system user.
1180 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1181
1182 // Make sure admin1 is installed on system user.
1183 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1184
1185 // Call.
1186 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1187 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1188 UserHandle.USER_SYSTEM));
1189
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1190 DpmTestUtils.assertRestrictions(
1191 DpmTestUtils.newRestrictions(),
1192 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1193 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1194 DpmTestUtils.assertRestrictions(
1195 DpmTestUtils.newRestrictions(),
1196 dpm.getUserRestrictions(admin1)
1197 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1198
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1199 reset(mContext.userManagerInternal);
1200
1201 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1202 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1203 eq(UserHandle.USER_SYSTEM),
1204 MockUtils.checkUserRestrictions(),
1205 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]1206 );
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1207 reset(mContext.userManagerInternal);
1208
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1209 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1210 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1211 eq(UserHandle.USER_SYSTEM),
1212 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1213 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
1214 );
1215 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1216
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1217 DpmTestUtils.assertRestrictions(
1218 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1219 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1220 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1221 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1222 DpmTestUtils.assertRestrictions(
1223 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1224 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1225 dpm.getUserRestrictions(admin1)
1226 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1227
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1228 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1229 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1230 eq(UserHandle.USER_SYSTEM),
1231 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1232 MockUtils.checkUserRestrictions()
1233 );
1234 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1235
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1236 DpmTestUtils.assertRestrictions(
1237 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1238 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1239 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1240 DpmTestUtils.assertRestrictions(
1241 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1242 dpm.getUserRestrictions(admin1)
1243 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1244
1245 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1246 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1247 eq(UserHandle.USER_SYSTEM),
1248 MockUtils.checkUserRestrictions(),
1249 MockUtils.checkUserRestrictions()
1250 );
1251 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1252
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1253 DpmTestUtils.assertRestrictions(
1254 DpmTestUtils.newRestrictions(),
1255 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1256 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1257 DpmTestUtils.assertRestrictions(
1258 DpmTestUtils.newRestrictions(),
1259 dpm.getUserRestrictions(admin1)
1260 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1261
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1262 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE are PO restrictions, but when
1263 // DO sets them, the scope is global.
1264 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1265 reset(mContext.userManagerInternal);
1266 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1267 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1268 eq(UserHandle.USER_SYSTEM),
1269 MockUtils.checkUserRestrictions(),
1270 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1271 UserManager.DISALLOW_UNMUTE_MICROPHONE)
1272 );
1273 reset(mContext.userManagerInternal);
1274
1275 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1276 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1277
1278
1279 // More tests.
1280 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1281 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1282 eq(UserHandle.USER_SYSTEM),
1283 MockUtils.checkUserRestrictions(),
1284 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
1285 );
1286 reset(mContext.userManagerInternal);
1287
1288 dpm.addUserRestriction(admin1, UserManager.DISALLOW_FUN);
1289 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1290 eq(UserHandle.USER_SYSTEM),
1291 MockUtils.checkUserRestrictions(),
1292 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1293 UserManager.DISALLOW_ADD_USER)
1294 );
1295 reset(mContext.userManagerInternal);
1296
1297 dpm.setCameraDisabled(admin1, true);
1298 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1299 eq(UserHandle.USER_SYSTEM),
1300 // DISALLOW_CAMERA will be applied to both local and global.
1301 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
1302 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1303 UserManager.DISALLOW_CAMERA, UserManager.DISALLOW_ADD_USER)
1304 );
1305 reset(mContext.userManagerInternal);
1306
1307 // Set up another DA and let it disable camera. Now DISALLOW_CAMERA will only be applied
1308 // locally.
1309 dpm.setCameraDisabled(admin1, false);
1310 reset(mContext.userManagerInternal);
1311
1312 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
1313 dpm.setActiveAdmin(admin2, /* replace =*/ false, UserHandle.USER_SYSTEM);
1314 dpm.setCameraDisabled(admin2, true);
1315
1316 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1317 eq(UserHandle.USER_SYSTEM),
1318 // DISALLOW_CAMERA will be applied to both local and global.
1319 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
1320 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1321 UserManager.DISALLOW_ADD_USER)
1322 );
1323 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1324 // TODO Make sure restrictions are written to the file.
1325 }
1326
1327 public void testSetUserRestriction_asPo() {
1328 setAsProfileOwner(admin1);
1329
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1330 DpmTestUtils.assertRestrictions(
1331 DpmTestUtils.newRestrictions(),
1332 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1333 .ensureUserRestrictions()
1334 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1335
1336 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1337 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1338 eq(DpmMockContext.CALLER_USER_HANDLE),
1339 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES),
1340 isNull(Bundle.class)
1341 );
1342 reset(mContext.userManagerInternal);
1343
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1344 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1345 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1346 eq(DpmMockContext.CALLER_USER_HANDLE),
1347 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1348 UserManager.DISALLOW_OUTGOING_CALLS),
1349 isNull(Bundle.class)
1350 );
1351 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1352
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1353 DpmTestUtils.assertRestrictions(
1354 DpmTestUtils.newRestrictions(
1355 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1356 UserManager.DISALLOW_OUTGOING_CALLS
1357 ),
1358 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1359 .ensureUserRestrictions()
1360 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1361 DpmTestUtils.assertRestrictions(
1362 DpmTestUtils.newRestrictions(
1363 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1364 UserManager.DISALLOW_OUTGOING_CALLS
1365 ),
1366 dpm.getUserRestrictions(admin1)
1367 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1368
1369 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1370 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1371 eq(DpmMockContext.CALLER_USER_HANDLE),
1372 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1373 isNull(Bundle.class)
1374 );
1375 reset(mContext.userManagerInternal);
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1376
1377 DpmTestUtils.assertRestrictions(
1378 DpmTestUtils.newRestrictions(
1379 UserManager.DISALLOW_OUTGOING_CALLS
1380 ),
1381 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1382 .ensureUserRestrictions()
1383 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1384 DpmTestUtils.assertRestrictions(
1385 DpmTestUtils.newRestrictions(
1386 UserManager.DISALLOW_OUTGOING_CALLS
1387 ),
1388 dpm.getUserRestrictions(admin1)
1389 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1390
1391 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1392 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1393 eq(DpmMockContext.CALLER_USER_HANDLE),
1394 MockUtils.checkUserRestrictions(),
1395 isNull(Bundle.class)
1396 );
1397 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1398
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1399 DpmTestUtils.assertRestrictions(
1400 DpmTestUtils.newRestrictions(),
1401 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1402 .ensureUserRestrictions()
1403 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1404 DpmTestUtils.assertRestrictions(
1405 DpmTestUtils.newRestrictions(),
1406 dpm.getUserRestrictions(admin1)
1407 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1408
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1409 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE can be set by PO too, even
1410 // though when DO sets them they'll be applied globally.
1411 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1412 reset(mContext.userManagerInternal);
1413 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1414 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1415 eq(DpmMockContext.CALLER_USER_HANDLE),
1416 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1417 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1418 isNull(Bundle.class)
1419 );
1420 reset(mContext.userManagerInternal);
1421
1422 dpm.setCameraDisabled(admin1, true);
1423 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1424 eq(DpmMockContext.CALLER_USER_HANDLE),
1425 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA,
1426 UserManager.DISALLOW_ADJUST_VOLUME,
1427 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1428 isNull(Bundle.class)
1429 );
1430 reset(mContext.userManagerInternal);
1431
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1432 // TODO Make sure restrictions are written to the file.
1433 }
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1434
1435 public void testGetMacAddress() throws Exception {
1436 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1437 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1438 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1439
1440 // In this test, change the caller user to "system".
1441 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1442
1443 // Make sure admin1 is installed on system user.
1444 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1445
1446 // Test 1. Caller doesn't have DO or DA.
1447 try {
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1448 dpm.getWifiMacAddress(admin1);
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1449 fail();
1450 } catch (SecurityException e) {
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1451 MoreAsserts.assertContainsRegex("No active admin", e.getMessage());
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1452 }
1453
1454 // DO needs to be an DA.
1455 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1456 assertTrue(dpm.isAdminActive(admin1));
1457
1458 // Test 2. Caller has DA, but not DO.
1459 try {
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1460 dpm.getWifiMacAddress(admin1);
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1461 fail();
1462 } catch (SecurityException e) {
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1463 MoreAsserts.assertContainsRegex("does not own the device", e.getMessage());
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1464 }
1465
1466 // Test 3. Caller has PO, but not DO.
1467 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1468 try {
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1469 dpm.getWifiMacAddress(admin1);
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1470 fail();
1471 } catch (SecurityException e) {
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1472 MoreAsserts.assertContainsRegex("does not own the device", e.getMessage());
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1473 }
1474
1475 // Remove PO.
1476 dpm.clearProfileOwner(admin1);
1477
1478 // Test 4, Caller is DO now.
1479 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1480
1481 // 4-1. But no WifiInfo.
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1482 assertNull(dpm.getWifiMacAddress(admin1));
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1483
1484 // 4-2. Returns WifiInfo, but with the default MAC.
1485 when(mContext.wifiManager.getConnectionInfo()).thenReturn(new WifiInfo());
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1486 assertNull(dpm.getWifiMacAddress(admin1));
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1487
1488 // 4-3. With a real MAC address.
1489 final WifiInfo wi = new WifiInfo();
1490 wi.setMacAddress("11:22:33:44:55:66");
1491 when(mContext.wifiManager.getConnectionInfo()).thenReturn(wi);
Sudheer Shanka3cb4da12016-03-07 18:51:49 -0800[diff] [blame]1492 assertEquals("11:22:33:44:55:66", dpm.getWifiMacAddress(admin1));
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1493 }
Mahaver Chopraf8373b52015-12-23 14:42:18 +0000[diff] [blame]1494
Mahaver Chopra1216ae52016-03-11 15:39:48 +0000[diff] [blame^]1495 public void testReboot() throws Exception {
Mahaver Chopraf8373b52015-12-23 14:42:18 +0000[diff] [blame]1496 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1497 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1498
1499 // In this test, change the caller user to "system".
1500 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1501
1502 // Make sure admin1 is installed on system user.
1503 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1504
1505 // Set admin1 as DA.
1506 dpm.setActiveAdmin(admin1, false);
1507 assertTrue(dpm.isAdminActive(admin1));
1508 try {
1509 dpm.reboot(admin1);
1510 fail("DA calls DPM.reboot(), did not throw expected SecurityException");
1511 } catch (SecurityException expected) {
1512 MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
1513 }
1514
1515 // Set admin1 as PO.
1516 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1517 try {
1518 dpm.reboot(admin1);
1519 fail("PO calls DPM.reboot(), did not throw expected SecurityException");
1520 } catch (SecurityException expected) {
1521 MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
1522 }
1523
1524 // Remove PO and add DO.
1525 dpm.clearProfileOwner(admin1);
1526 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1527
Mahaver Chopra1216ae52016-03-11 15:39:48 +0000[diff] [blame^]1528 // admin1 is DO.
1529 // Set current call state of device to ringing.
1530 when(mContext.telephonyManager.getCallState())
1531 .thenReturn(TelephonyManager.CALL_STATE_RINGING);
1532 try {
1533 dpm.reboot(admin1);
1534 fail("DPM.reboot() called when receiveing a call, should thrown IllegalStateException");
1535 } catch (IllegalStateException expected) {
1536 MoreAsserts.assertContainsRegex("ongoing call on the device", expected.getMessage());
1537 }
1538
1539 // Set current call state of device to dialing/active.
1540 when(mContext.telephonyManager.getCallState())
1541 .thenReturn(TelephonyManager.CALL_STATE_OFFHOOK);
1542 try {
1543 dpm.reboot(admin1);
1544 fail("DPM.reboot() called when dialing, should thrown IllegalStateException");
1545 } catch (IllegalStateException expected) {
1546 MoreAsserts.assertContainsRegex("ongoing call on the device", expected.getMessage());
1547 }
1548
1549 // Set current call state of device to idle.
1550 when(mContext.telephonyManager.getCallState()).thenReturn(TelephonyManager.CALL_STATE_IDLE);
Mahaver Chopraf8373b52015-12-23 14:42:18 +0000[diff] [blame]1551 dpm.reboot(admin1);
1552 }
Kenny Guy06de4e72015-12-22 12:07:39 +0000[diff] [blame]1553
1554 public void testSetGetSupportText() {
1555 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1556 dpm.setActiveAdmin(admin1, true);
1557 dpm.setActiveAdmin(admin2, true);
1558 mContext.callerPermissions.remove(permission.MANAGE_DEVICE_ADMINS);
1559
1560 // Null default support messages.
1561 {
1562 assertNull(dpm.getLongSupportMessage(admin1));
1563 assertNull(dpm.getShortSupportMessage(admin1));
1564 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1565 assertNull(dpm.getShortSupportMessageForUser(admin1,
1566 DpmMockContext.CALLER_USER_HANDLE));
1567 assertNull(dpm.getLongSupportMessageForUser(admin1,
1568 DpmMockContext.CALLER_USER_HANDLE));
1569 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
1570 }
1571
1572 // Only system can call the per user versions.
1573 {
1574 try {
1575 dpm.getShortSupportMessageForUser(admin1,
1576 DpmMockContext.CALLER_USER_HANDLE);
1577 fail("Only system should be able to call getXXXForUser versions");
1578 } catch (SecurityException expected) {
1579 MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
1580 }
1581 try {
1582 dpm.getLongSupportMessageForUser(admin1,
1583 DpmMockContext.CALLER_USER_HANDLE);
1584 fail("Only system should be able to call getXXXForUser versions");
1585 } catch (SecurityException expected) {
1586 MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
1587 }
1588 }
1589
1590 // Can't set message for admin in another uid.
1591 {
1592 mContext.binder.callingUid = DpmMockContext.CALLER_UID + 1;
1593 try {
1594 dpm.setShortSupportMessage(admin1, "Some text");
1595 fail("Admins should only be able to change their own support text.");
1596 } catch (SecurityException expected) {
1597 MoreAsserts.assertContainsRegex("is not owned by uid", expected.getMessage());
1598 }
1599 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1600 }
1601
1602 // Set/Get short returns what it sets and other admins text isn't changed.
1603 {
1604 final String supportText = "Some text to test with.";
1605 dpm.setShortSupportMessage(admin1, supportText);
1606 assertEquals(supportText, dpm.getShortSupportMessage(admin1));
1607 assertNull(dpm.getLongSupportMessage(admin1));
1608 assertNull(dpm.getShortSupportMessage(admin2));
1609
1610 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1611 assertEquals(supportText, dpm.getShortSupportMessageForUser(admin1,
1612 DpmMockContext.CALLER_USER_HANDLE));
1613 assertNull(dpm.getShortSupportMessageForUser(admin2,
1614 DpmMockContext.CALLER_USER_HANDLE));
1615 assertNull(dpm.getLongSupportMessageForUser(admin1,
1616 DpmMockContext.CALLER_USER_HANDLE));
1617 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
1618
1619 dpm.setShortSupportMessage(admin1, null);
1620 assertNull(dpm.getShortSupportMessage(admin1));
1621 }
1622
1623 // Set/Get long returns what it sets and other admins text isn't changed.
1624 {
1625 final String supportText = "Some text to test with.\nWith more text.";
1626 dpm.setLongSupportMessage(admin1, supportText);
1627 assertEquals(supportText, dpm.getLongSupportMessage(admin1));
1628 assertNull(dpm.getShortSupportMessage(admin1));
1629 assertNull(dpm.getLongSupportMessage(admin2));
1630
1631 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1632 assertEquals(supportText, dpm.getLongSupportMessageForUser(admin1,
1633 DpmMockContext.CALLER_USER_HANDLE));
1634 assertNull(dpm.getLongSupportMessageForUser(admin2,
1635 DpmMockContext.CALLER_USER_HANDLE));
1636 assertNull(dpm.getShortSupportMessageForUser(admin1,
1637 DpmMockContext.CALLER_USER_HANDLE));
1638 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
1639
1640 dpm.setLongSupportMessage(admin1, null);
1641 assertNull(dpm.getLongSupportMessage(admin1));
1642 }
1643 }
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]1644
1645 /**
1646 * Test for:
1647 * {@link DevicePolicyManager#setAffiliationIds}
1648 * {@link DevicePolicyManager#isAffiliatedUser}
1649 */
1650 public void testUserAffiliation() throws Exception {
1651 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1652 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1653 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1654
1655 // Check that the system user is unaffiliated.
1656 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1657 assertFalse(dpm.isAffiliatedUser());
1658
1659 // Set a device owner on the system user. Check that the system user becomes affiliated.
1660 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1661 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1662 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
1663 assertTrue(dpm.isAffiliatedUser());
1664
1665 // Install a profile owner whose package name matches the device owner on a test user. Check
1666 // that the test user is unaffiliated.
1667 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1668 setAsProfileOwner(admin2);
1669 assertFalse(dpm.isAffiliatedUser());
1670
1671 // Have the profile owner specify a set of affiliation ids. Check that the test user remains
1672 // unaffiliated.
1673 final Set<String> userAffiliationIds = new ArraySet<>();
1674 userAffiliationIds.add("red");
1675 userAffiliationIds.add("green");
1676 userAffiliationIds.add("blue");
1677 dpm.setAffiliationIds(admin2, userAffiliationIds);
1678 assertFalse(dpm.isAffiliatedUser());
1679
1680 // Have the device owner specify a set of affiliation ids that do not intersect with those
1681 // specified by the profile owner. Check that the test user remains unaffiliated.
1682 final Set<String> deviceAffiliationIds = new ArraySet<>();
1683 deviceAffiliationIds.add("cyan");
1684 deviceAffiliationIds.add("yellow");
1685 deviceAffiliationIds.add("magenta");
1686 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1687 dpm.setAffiliationIds(admin1, deviceAffiliationIds);
1688 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1689 assertFalse(dpm.isAffiliatedUser());
1690
1691 // Have the profile owner specify a set of affiliation ids that intersect with those
1692 // specified by the device owner. Check that the test user becomes affiliated.
1693 userAffiliationIds.add("yellow");
1694 dpm.setAffiliationIds(admin2, userAffiliationIds);
1695 assertTrue(dpm.isAffiliatedUser());
1696
1697 // Change the profile owner to one whose package name does not match the device owner. Check
1698 // that the test user is not affiliated anymore.
1699 dpm.clearProfileOwner(admin2);
1700 final ComponentName admin = new ComponentName("test", "test");
Makoto Onuki184db602016-02-17 15:35:01 -0800[diff] [blame]1701
1702 setUpPackageManagerForFakeAdmin(admin, DpmMockContext.CALLER_UID,
1703 /* enabledSetting =*/ PackageManager.COMPONENT_ENABLED_STATE_ENABLED,
1704 /* appTargetSdk = */ null, admin2);
1705
1706 dpm.setActiveAdmin(admin, /* refreshing =*/ true, DpmMockContext.CALLER_USER_HANDLE);
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]1707 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
1708 assertFalse(dpm.isAffiliatedUser());
1709
1710 // Check that the system user remains affiliated.
1711 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1712 assertTrue(dpm.isAffiliatedUser());
1713 }
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame]1714
1715 public void testGetUserProvisioningState_defaultResult() {
1716 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
1717 }
1718
1719 public void testSetUserProvisioningState_permission() throws Exception {
1720 setupProfileOwner();
1721 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1722
1723 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1724 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1725 }
1726
1727 public void testSetUserProvisioningState_unprivileged() throws Exception {
1728 setupProfileOwner();
1729 try {
1730 dpm.setUserProvisioningState(DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
1731 DpmMockContext.CALLER_USER_HANDLE);
1732 fail("Expected SecurityException");
1733 } catch (SecurityException expected) {
1734 }
1735 }
1736
1737 public void testSetUserProvisioningState_noManagement() {
1738 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1739 try {
1740 dpm.setUserProvisioningState(DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
1741 DpmMockContext.CALLER_USER_HANDLE);
1742 fail("IllegalStateException expected");
1743 } catch (IllegalStateException e) {
1744 MoreAsserts.assertContainsRegex("change provisioning state unless a .* owner is set",
1745 e.getMessage());
1746 }
1747 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
1748 }
1749
1750 public void testSetUserProvisioningState_deviceOwnerFromSetupWizard() throws Exception {
1751 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1752 setupDeviceOwner();
1753 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1754
1755 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
1756 DevicePolicyManager.STATE_USER_SETUP_COMPLETE,
1757 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1758 }
1759
1760 public void testSetUserProvisioningState_deviceOwnerFromSetupWizardAlternative()
1761 throws Exception {
1762 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1763 setupDeviceOwner();
1764 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1765
1766 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
1767 DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE,
1768 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1769 }
1770
1771 public void testSetUserProvisioningState_deviceOwnerWithoutSetupWizard() throws Exception {
1772 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1773 setupDeviceOwner();
1774 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1775
1776 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
1777 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1778 }
1779
1780 public void testSetUserProvisioningState_managedProfileFromSetupWizard_primaryUser()
1781 throws Exception {
1782 setupProfileOwner();
1783 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1784
1785 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1786 DevicePolicyManager.STATE_USER_PROFILE_COMPLETE,
1787 DevicePolicyManager.STATE_USER_UNMANAGED);
1788 }
1789
1790 public void testSetUserProvisioningState_managedProfileFromSetupWizard_managedProfile()
1791 throws Exception {
1792 setupProfileOwner();
1793 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1794
1795 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1796 DevicePolicyManager.STATE_USER_SETUP_COMPLETE,
1797 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1798 }
1799
1800 public void testSetUserProvisioningState_managedProfileWithoutSetupWizard() throws Exception {
1801 setupProfileOwner();
1802 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1803
1804 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1805 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1806 }
1807
1808 public void testSetUserProvisioningState_illegalTransitionOutOfFinalized1() throws Exception {
1809 setupProfileOwner();
1810 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1811
1812 try {
1813 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1814 DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
1815 DevicePolicyManager.STATE_USER_UNMANAGED);
1816 fail("Expected IllegalStateException");
1817 } catch (IllegalStateException e) {
1818 MoreAsserts.assertContainsRegex("Cannot move to user provisioning state",
1819 e.getMessage());
1820 }
1821 }
1822
1823 public void testSetUserProvisioningState_illegalTransitionToAnotherInProgressState()
1824 throws Exception {
1825 setupProfileOwner();
1826 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1827
1828 try {
1829 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1830 DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE,
1831 DevicePolicyManager.STATE_USER_SETUP_COMPLETE);
1832 fail("Expected IllegalStateException");
1833 } catch (IllegalStateException e) {
1834 MoreAsserts.assertContainsRegex("Cannot move to user provisioning state",
1835 e.getMessage());
1836 }
1837 }
1838
1839 private void exerciseUserProvisioningTransitions(int userId, int... states) {
1840 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
1841 for (int state : states) {
1842 dpm.setUserProvisioningState(state, userId);
1843 assertEquals(state, dpm.getUserProvisioningState());
1844 }
1845 }
1846
1847 private void setupProfileOwner() throws Exception {
1848 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
1849
1850 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
1851 dpm.setActiveAdmin(admin1, false);
1852 assertTrue(dpm.setProfileOwner(admin1, null, DpmMockContext.CALLER_USER_HANDLE));
1853
1854 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
1855 }
1856
1857 private void setupDeviceOwner() throws Exception {
1858 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
1859
1860 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1861 dpm.setActiveAdmin(admin1, false);
1862 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1863
1864 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
1865 }
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]1866
1867 public void testSetMaximumTimeToLock() {
1868 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
1869
1870 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1871 dpm.setActiveAdmin(admin2, /* replace =*/ false);
1872
1873 reset(mMockContext.powerManagerInternal);
1874 reset(mMockContext.settings);
1875
1876 dpm.setMaximumTimeToLock(admin1, 0);
1877 verifyScreenTimeoutCall(null, false);
1878 reset(mMockContext.powerManagerInternal);
1879 reset(mMockContext.settings);
1880
1881 dpm.setMaximumTimeToLock(admin1, 1);
1882 verifyScreenTimeoutCall(1, true);
1883 reset(mMockContext.powerManagerInternal);
1884 reset(mMockContext.settings);
1885
1886 dpm.setMaximumTimeToLock(admin2, 10);
1887 verifyScreenTimeoutCall(null, false);
1888 reset(mMockContext.powerManagerInternal);
1889 reset(mMockContext.settings);
1890
1891 dpm.setMaximumTimeToLock(admin1, 5);
1892 verifyScreenTimeoutCall(5, true);
1893 reset(mMockContext.powerManagerInternal);
1894 reset(mMockContext.settings);
1895
1896 dpm.setMaximumTimeToLock(admin2, 4);
1897 verifyScreenTimeoutCall(4, true);
1898 reset(mMockContext.powerManagerInternal);
1899 reset(mMockContext.settings);
1900
1901 dpm.setMaximumTimeToLock(admin1, 0);
1902 reset(mMockContext.powerManagerInternal);
1903 reset(mMockContext.settings);
1904
1905 dpm.setMaximumTimeToLock(admin2, Integer.MAX_VALUE);
1906 verifyScreenTimeoutCall(Integer.MAX_VALUE, true);
1907 reset(mMockContext.powerManagerInternal);
1908 reset(mMockContext.settings);
1909
1910 dpm.setMaximumTimeToLock(admin2, Integer.MAX_VALUE + 1);
1911 verifyScreenTimeoutCall(Integer.MAX_VALUE, true);
1912 reset(mMockContext.powerManagerInternal);
1913 reset(mMockContext.settings);
1914
1915 dpm.setMaximumTimeToLock(admin2, 10);
1916 verifyScreenTimeoutCall(10, true);
1917 reset(mMockContext.powerManagerInternal);
1918 reset(mMockContext.settings);
1919
1920 // There's no restriction; shold be set to MAX.
1921 dpm.setMaximumTimeToLock(admin2, 0);
1922 verifyScreenTimeoutCall(Integer.MAX_VALUE, false);
1923 }
1924
1925 private void verifyScreenTimeoutCall(Integer expectedTimeout,
1926 boolean shouldStayOnWhilePluggedInBeCleared) {
1927 if (expectedTimeout == null) {
1928 verify(mMockContext.powerManagerInternal, times(0))
1929 .setMaximumScreenOffTimeoutFromDeviceAdmin(anyInt());
1930 } else {
1931 verify(mMockContext.powerManagerInternal, times(1))
1932 .setMaximumScreenOffTimeoutFromDeviceAdmin(eq(expectedTimeout));
1933 }
1934 // TODO Verify calls to settingsGlobalPutInt. Tried but somehow mockito threw
1935 // UnfinishedVerificationException.
1936 }
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1937}
Makoto Onuki2a3c3da2016-02-18 14:25:30 -0800[diff] [blame]1938