Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 219bbafc3fa40dae163d652365cc4a97d613011f / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
blob: 36980e3c7d49372ed608917b2d7bddc8212e81f3 [file] [log] [blame]
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]16package com.android.server.devicepolicy;
17
18import com.android.server.LocalServices;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]19import com.android.server.SystemService;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]20
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]21import android.Manifest.permission;
22import android.app.Activity;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]23import android.app.admin.DeviceAdminReceiver;
24import android.app.admin.DevicePolicyManager;
25import android.app.admin.DevicePolicyManagerInternal;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]26import android.content.BroadcastReceiver;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]27import android.content.ComponentName;
28import android.content.Intent;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]29import android.content.pm.ApplicationInfo;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]30import android.content.pm.PackageManager;
31import android.content.pm.ResolveInfo;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]32import android.os.Bundle;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]33import android.content.pm.PackageInfo;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]34import android.os.UserHandle;
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]35import android.os.UserManager;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]36import android.util.Pair;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]37
38import org.mockito.ArgumentCaptor;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]39import org.mockito.invocation.InvocationOnMock;
40import org.mockito.stubbing.Answer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]41
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]42import java.util.HashMap;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]43import java.util.List;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]44import java.util.Map;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]45
46import static org.mockito.Matchers.any;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]47import static org.mockito.Matchers.anyInt;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]48import static org.mockito.Matchers.anyString;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]49import static org.mockito.Matchers.eq;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]50import static org.mockito.Matchers.isNull;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]51import static org.mockito.Mockito.doAnswer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]52import static org.mockito.Mockito.doReturn;
53import static org.mockito.Mockito.times;
54import static org.mockito.Mockito.verify;
55import static org.mockito.Mockito.when;
56
57/**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]58 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]59 *
60 m FrameworksServicesTests &&
61 adb install \
62 -r out/target/product/hammerhead/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
63 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
64 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
65
66 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
67 */
68public class DevicePolicyManagerTest extends DpmTestBase {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]69 private DpmMockContext mContext;
70 public DevicePolicyManager dpm;
71 public DevicePolicyManagerServiceTestable dpms;
72
73 @Override
74 protected void setUp() throws Exception {
75 super.setUp();
76
77 mContext = getContext();
78
79 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
80 .thenReturn(true);
81
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]82 initializeDpms();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]83
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]84 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
85 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
86 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]87
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]88 setUpUserManager();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]89 }
90
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]91 private void initializeDpms() {
92 // Need clearCallingIdentity() to pass permission checks.
93 final long ident = mContext.binder.clearCallingIdentity();
94 try {
95 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
96
97 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
98
99 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY);
100 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED);
101
102 dpm = new DevicePolicyManagerTestable(mContext, dpms);
103 } finally {
104 mContext.binder.restoreCallingIdentity(ident);
105 }
106 }
107
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]108 private void setUpUserManager() {
109 // Emulate UserManager.set/getApplicationRestriction().
110 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
111
112 // UM.setApplicationRestrictions() will save to appRestrictions.
113 doAnswer(new Answer<Void>() {
114 @Override
115 public Void answer(InvocationOnMock invocation) throws Throwable {
116 String pkg = (String) invocation.getArguments()[0];
117 Bundle bundle = (Bundle) invocation.getArguments()[1];
118 UserHandle user = (UserHandle) invocation.getArguments()[2];
119
120 appRestrictions.put(Pair.create(pkg, user), bundle);
121
122 return null;
123 }
124 }).when(mContext.userManager).setApplicationRestrictions(
125 anyString(), any(Bundle.class), any(UserHandle.class));
126
127 // UM.getApplicationRestrictions() will read from appRestrictions.
128 doAnswer(new Answer<Bundle>() {
129 @Override
130 public Bundle answer(InvocationOnMock invocation) throws Throwable {
131 String pkg = (String) invocation.getArguments()[0];
132 UserHandle user = (UserHandle) invocation.getArguments()[1];
133
134 return appRestrictions.get(Pair.create(pkg, user));
135 }
136 }).when(mContext.userManager).getApplicationRestrictions(
137 anyString(), any(UserHandle.class));
138
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]139 // Add the first secondary user.
140 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]141 }
142
143 private void setAsProfileOwner(ComponentName admin) {
144 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
145 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
146
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]147 // PO needs to be an DA.
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]148 dpm.setActiveAdmin(admin, /* replace =*/ false);
149
150 // Fire!
151 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
152
153 // Check
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]154 assertEquals(admin, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]155 }
156
157 public void testHasNoFeature() throws Exception {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]158 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
159 .thenReturn(false);
160
161 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
162 new DevicePolicyManagerServiceTestable(mContext, dataDir);
163
164 // If the device has no DPMS feature, it shouldn't register the local service.
165 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
166 }
167
168 /**
169 * Caller doesn't have proper permissions.
170 */
171 public void testSetActiveAdmin_SecurityException() {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]172 // 1. Failure cases.
173
174 // Caller doesn't have MANAGE_DEVICE_ADMINS.
175 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]176 dpm.setActiveAdmin(admin1, false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]177 fail("Didn't throw SecurityException");
178 } catch (SecurityException expected) {
179 }
180
181 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
182 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
183 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]184 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]185 fail("Didn't throw SecurityException");
186 } catch (SecurityException expected) {
187 }
188 }
189
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]190 /**
191 * Test for:
192 * {@link DevicePolicyManager#setActiveAdmin}
193 * with replace=false and replace=true
194 * {@link DevicePolicyManager#isAdminActive}
195 * {@link DevicePolicyManager#isAdminActiveAsUser}
196 * {@link DevicePolicyManager#getActiveAdmins}
197 * {@link DevicePolicyManager#getActiveAdminsAsUser}
198 */
199 public void testSetActiveAdmin() throws Exception {
200 // 1. Make sure the caller has proper permissions.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]201 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
202
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]203 // 2. Call the API.
204 dpm.setActiveAdmin(admin1, /* replace =*/ false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]205
206 // 3. Verify internal calls.
207
208 // Check if the boradcast is sent.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]209 verify(mContext.spiedContext).sendBroadcastAsUser(
210 MockUtils.checkIntentAction(
211 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
212 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
213 verify(mContext.spiedContext).sendBroadcastAsUser(
214 MockUtils.checkIntentAction(
215 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]216 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
217
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]218 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
219 eq(admin1.getPackageName()),
220 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
221 eq(PackageManager.DONT_KILL_APP),
222 eq(DpmMockContext.CALLER_USER_HANDLE),
223 anyString());
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]224
225 // TODO Verify other calls too.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]226
227 // Make sure it's active admin1.
228 assertTrue(dpm.isAdminActive(admin1));
229 assertFalse(dpm.isAdminActive(admin2));
230 assertFalse(dpm.isAdminActive(admin3));
231
232 // But not admin1 for a different user.
233
234 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
235 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
236 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
237
238 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
239 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
240
241 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
242
243 // Next, add one more admin.
244 // Before doing so, update the application info, now it's enabled.
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]245 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,
246 PackageManager.COMPONENT_ENABLED_STATE_ENABLED);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]247
248 dpm.setActiveAdmin(admin2, /* replace =*/ false);
249
250 // Now we have two admins.
251 assertTrue(dpm.isAdminActive(admin1));
252 assertTrue(dpm.isAdminActive(admin2));
253 assertFalse(dpm.isAdminActive(admin3));
254
255 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
256 // again. (times(1) because it was previously called for admin1)
257 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
258 eq(admin1.getPackageName()),
259 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
260 eq(PackageManager.DONT_KILL_APP),
261 eq(DpmMockContext.CALLER_USER_HANDLE),
262 anyString());
263
264 // 4. Add the same admin1 again without replace, which should throw.
265 try {
266 dpm.setActiveAdmin(admin1, /* replace =*/ false);
267 fail("Didn't throw");
268 } catch (IllegalArgumentException expected) {
269 }
270
271 // 5. Add the same admin1 again with replace, which should succeed.
272 dpm.setActiveAdmin(admin1, /* replace =*/ true);
273
274 // TODO make sure it's replaced.
275
276 // 6. Test getActiveAdmins()
277 List<ComponentName> admins = dpm.getActiveAdmins();
278 assertEquals(2, admins.size());
279 assertEquals(admin1, admins.get(0));
280 assertEquals(admin2, admins.get(1));
281
282 // Another user has no admins.
283 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
284
285 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
286 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
287
288 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
289 }
290
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]291 public void testSetActiveAdmin_multiUsers() throws Exception {
292
293 final int ANOTHER_USER_ID = 100;
294 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
295
296 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
297
298 // Set up pacakge manager for the other user.
299 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]300
301 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
302
303 dpm.setActiveAdmin(admin1, /* replace =*/ false);
304
305 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
306 dpm.setActiveAdmin(admin2, /* replace =*/ false);
307
308
309 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
310 assertTrue(dpm.isAdminActive(admin1));
311 assertFalse(dpm.isAdminActive(admin2));
312
313 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
314 assertFalse(dpm.isAdminActive(admin1));
315 assertTrue(dpm.isAdminActive(admin2));
316 }
317
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]318 /**
319 * Test for:
320 * {@link DevicePolicyManager#setActiveAdmin}
321 * with replace=false
322 */
323 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
324 // 1. Make sure the caller has proper permissions.
325 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
326
327 dpm.setActiveAdmin(admin1, /* replace =*/ false);
328 assertTrue(dpm.isAdminActive(admin1));
329
330 // Add the same admin1 again without replace, which should throw.
331 try {
332 dpm.setActiveAdmin(admin1, /* replace =*/ false);
333 fail("Didn't throw");
334 } catch (IllegalArgumentException expected) {
335 }
336 }
337
338 /**
339 * Test for:
340 * {@link DevicePolicyManager#removeActiveAdmin}
341 */
342 public void testRemoveActiveAdmin_SecurityException() {
343 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
344
345 // Add admin.
346
347 dpm.setActiveAdmin(admin1, /* replace =*/ false);
348
349 assertTrue(dpm.isAdminActive(admin1));
350
351 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
352
353 // Directly call the DPMS method with a different userid, which should fail.
354 try {
355 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
356 fail("Didn't throw SecurityException");
357 } catch (SecurityException expected) {
358 }
359
360 // Try to remove active admin with a different caller userid should fail too, without
361 // having MANAGE_DEVICE_ADMINS.
362 mContext.callerPermissions.clear();
363
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]364 // Change the caller, and call into DPMS directly with a different user-id.
365
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]366 mContext.binder.callingUid = 1234567;
367 try {
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]368 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]369 fail("Didn't throw SecurityException");
370 } catch (SecurityException expected) {
371 }
372 }
373
374 /**
375 * Test for:
376 * {@link DevicePolicyManager#removeActiveAdmin}
377 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]378 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]379 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
380
381 // Add admin1.
382
383 dpm.setActiveAdmin(admin1, /* replace =*/ false);
384
385 assertTrue(dpm.isAdminActive(admin1));
386 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
387
388 // Different user, but should work, because caller has proper permissions.
389 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]390
391 // Change the caller, and call into DPMS directly with a different user-id.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]392 mContext.binder.callingUid = 1234567;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]393
394 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]395
396 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
397
398 // TODO DO Still can't be removed in this case.
399 }
400
401 /**
402 * Test for:
403 * {@link DevicePolicyManager#removeActiveAdmin}
404 */
405 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
406 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
407 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
408
409 // Add admin1.
410
411 dpm.setActiveAdmin(admin1, /* replace =*/ false);
412
413 assertTrue(dpm.isAdminActive(admin1));
414 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
415
416 // Broadcast from saveSettingsLocked().
417 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
418 MockUtils.checkIntentAction(
419 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
420 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
421
422 // Remove. No permissions, but same user, so it'll work.
423 mContext.callerPermissions.clear();
424 dpm.removeActiveAdmin(admin1);
425
426 final ArgumentCaptor<BroadcastReceiver> brCap =
427 ArgumentCaptor.forClass(BroadcastReceiver.class);
428
429 // Is removing now, but not removed yet.
430 assertTrue(dpm.isAdminActive(admin1));
431 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
432
433 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
434 MockUtils.checkIntentAction(
435 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
436 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
437 isNull(String.class),
438 brCap.capture(),
439 eq(dpms.mHandler),
440 eq(Activity.RESULT_OK),
441 isNull(String.class),
442 isNull(Bundle.class));
443
444 brCap.getValue().onReceive(mContext, null);
445
446 assertFalse(dpm.isAdminActive(admin1));
447 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
448
449 // Again broadcast from saveSettingsLocked().
450 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
451 MockUtils.checkIntentAction(
452 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
453 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
454
455 // TODO Check other internal calls.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]456 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]457
458 /**
459 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs
460 * successfully.
461 */
462 public void testSetDeviceOwner() throws Exception {
463 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
464 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
465 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
466
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]467 // In this test, change the caller user to "system".
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]468 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
469
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]470 // Make sure admin1 is installed on system user.
471 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]472
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]473 // DO needs to be an DA.
474 dpm.setActiveAdmin(admin1, /* replace =*/ false);
475
476 // Fire!
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]477 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]478
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame^]479 // Verify internal calls.
480 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
481 eq(admin1.getPackageName()));
482
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]483 // TODO We should check if the caller has called clearCallerIdentity().
484 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
485 eq(UserHandle.USER_SYSTEM), eq(false));
486
487 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
488 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
489 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
490
491 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
492
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]493 // Try to set a profile owner on the same user, which should fail.
494 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
495 dpm.setActiveAdmin(admin2, /* refreshing= */ true, UserHandle.USER_SYSTEM);
496 try {
497 dpm.setProfileOwner(admin2, "owner-name", UserHandle.USER_SYSTEM);
498 fail("IllegalStateException not thrown");
499 } catch (IllegalStateException expected) {
500 assertTrue("Message was: " + expected.getMessage(),
501 expected.getMessage().contains("already has a device owner"));
502 }
503
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]504 // TODO Test getDeviceOwnerName() too. To do so, we need to change
505 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
506 }
507
508 /**
509 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
510 */
511 public void testSetDeviceOwner_noSuchPackage() {
512 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
513 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
514 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
515
516 // Call from a process on the system user.
517 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
518
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]519 try {
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]520 dpm.setDeviceOwner(new ComponentName("a.b.c", ".def"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]521 fail("Didn't throw IllegalArgumentException");
522 } catch (IllegalArgumentException expected) {
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]523 assertTrue("Message was: " + expected.getMessage(),
524 expected.getMessage().contains("Invalid component"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]525 }
526 }
527
528 public void testSetDeviceOwner_failures() throws Exception {
529 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
530 }
531
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]532 public void testClearDeviceOwner() throws Exception {
533 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
534 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
535 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
536
537 // Set admin1 as a DA to the secondary user.
538 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
539
540 dpm.setActiveAdmin(admin1, /* replace =*/ false);
541
542 // Set admin 1 as the DO to the system user.
543
544 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
545 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
546 dpm.setActiveAdmin(admin1, /* replace =*/ false);
547 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
548
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame^]549 // Verify internal calls.
550 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
551 eq(admin1.getPackageName()));
552
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]553 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
554
555 // Set up other mocks.
556 when(mContext.userManager.getUserRestrictions()).thenReturn(new Bundle());
557
558 // Now call clear.
559 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager).getPackageUid(
560 eq(admin1.getPackageName()),
561 anyInt());
562 dpm.clearDeviceOwnerApp(admin1.getPackageName());
563
564 // Now DO shouldn't be set.
565 assertNull(dpm.getDeviceOwner());
566
567 // TODO Check other calls.
568 }
569
570 public void testClearDeviceOwner_fromDifferentUser() throws Exception {
571 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
572 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
573 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
574
575 // Set admin1 as a DA to the secondary user.
576 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
577
578 dpm.setActiveAdmin(admin1, /* replace =*/ false);
579
580 // Set admin 1 as the DO to the system user.
581
582 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
583 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
584 dpm.setActiveAdmin(admin1, /* replace =*/ false);
585 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
586
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame^]587 // Verify internal calls.
588 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
589 eq(admin1.getPackageName()));
590
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]591 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
592
593 // Now call clear from the secondary user, which should throw.
594 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
595
596 // Now call clear.
597 doReturn(DpmMockContext.CALLER_UID).when(mContext.packageManager).getPackageUid(
598 eq(admin1.getPackageName()),
599 anyInt());
600 try {
601 dpm.clearDeviceOwnerApp(admin1.getPackageName());
602 fail("Didn't throw");
603 } catch (SecurityException e) {
604 assertEquals("clearDeviceOwner can only be called by the device owner", e.getMessage());
605 }
606
607 // Now DO shouldn't be set.
608 assertNotNull(dpm.getDeviceOwner());
609 }
610
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]611 public void testSetProfileOwner() throws Exception {
612 setAsProfileOwner(admin1);
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]613
614 // Try setting DO on the same user, which should fail.
615 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
616 dpm.setActiveAdmin(admin2, /* refreshing= */ true, DpmMockContext.CALLER_USER_HANDLE);
617 try {
618 dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE);
619 fail("IllegalStateException not thrown");
620 } catch (IllegalStateException expected) {
621 assertTrue("Message was: " + expected.getMessage(),
622 expected.getMessage().contains("already has a profile owner"));
623 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]624 }
625
626 public void testSetProfileOwner_failures() throws Exception {
627 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
628 }
629
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]630 public void testGetDeviceOwnerAdminLocked() throws Exception {
631 checkDeviceOwnerWithMultipleDeviceAdmins();
632 }
633
634 private void checkDeviceOwnerWithMultipleDeviceAdmins() throws Exception {
635 // In ths test, we use 3 users (system + 2 secondary users), set some device admins to them,
636 // set admin2 on CALLER_USER_HANDLE as DO, then call getDeviceOwnerAdminLocked() to
637 // make sure it gets the right component from the right user.
638
639 final int ANOTHER_USER_ID = 100;
640 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 456);
641
642 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
643
644 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
645 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
646 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
647
648 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
649
650 // Make sure the admin packge is installed to each user.
651 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
652 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID);
653
654 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
655 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
656
657 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
658
659
660 // Set active admins to the users.
661 dpm.setActiveAdmin(admin1, /* replace =*/ false);
662 dpm.setActiveAdmin(admin3, /* replace =*/ false);
663
664 dpm.setActiveAdmin(admin1, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
665 dpm.setActiveAdmin(admin2, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
666
667 dpm.setActiveAdmin(admin2, /* replace =*/ false, ANOTHER_USER_ID);
668
669 // Set DO on the first non-system user.
670 mContext.setUserRunning(DpmMockContext.CALLER_USER_HANDLE, true);
671 assertTrue(dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
672
673 // Make sure it's set.
674 assertEquals(admin2, dpm.getDeviceOwnerComponent());
675
676 // Then check getDeviceOwnerAdminLocked().
677 assertEquals(admin2, dpms.getDeviceOwnerAdminLocked().info.getComponent());
678 assertEquals(DpmMockContext.CALLER_UID, dpms.getDeviceOwnerAdminLocked().getUid());
679 }
680
681 /**
682 * This essentially tests
683 * {@code DevicePolicyManagerService.findOwnerComponentIfNecessaryLocked()}. (which is private.)
684 *
685 * We didn't use to persist the DO component class name, but now we do, and the above method
686 * finds the right component from a package name upon migration.
687 */
688 public void testDeviceOwnerMigration() throws Exception {
689 checkDeviceOwnerWithMultipleDeviceAdmins();
690
691 // Overwrite the device owner setting and clears the clas name.
692 dpms.mOwners.setDeviceOwner(
693 new ComponentName(admin2.getPackageName(), ""),
694 "owner-name", DpmMockContext.CALLER_USER_HANDLE);
695 dpms.mOwners.writeDeviceOwner();
696
697 // Make sure the DO component name doesn't have a class name.
698 assertEquals("", dpms.getDeviceOwner().getClassName());
699
700 // Then create a new DPMS to have it load the settings from files.
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]701 when(mContext.userManager.getUserRestrictions(any(UserHandle.class)))
702 .thenReturn(new Bundle());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]703 initializeDpms();
704
705 // Now the DO component name is a full name.
706 // *BUT* because both admin1 and admin2 belong to the same package, we think admin1 is the
707 // DO.
708 assertEquals(admin1, dpms.getDeviceOwner());
709 }
710
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]711 public void testSetGetApplicationRestriction() {
712 setAsProfileOwner(admin1);
713
714 {
715 Bundle rest = new Bundle();
716 rest.putString("KEY_STRING", "Foo1");
717 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
718 }
719
720 {
721 Bundle rest = new Bundle();
722 rest.putString("KEY_STRING", "Foo2");
723 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
724 }
725
726 {
727 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
728 assertNotNull(returned);
729 assertEquals(returned.size(), 1);
730 assertEquals(returned.get("KEY_STRING"), "Foo1");
731 }
732
733 {
734 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
735 assertNotNull(returned);
736 assertEquals(returned.size(), 1);
737 assertEquals(returned.get("KEY_STRING"), "Foo2");
738 }
739
740 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
741 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
742 }
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]743
744 public void testSetUserRestriction_asDo() throws Exception {
745 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
746 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
747 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
748
749 // First, set DO.
750
751 // Call from a process on the system user.
752 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
753
754 // Make sure admin1 is installed on system user.
755 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]756
757 // Call.
758 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]759 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]760 UserHandle.USER_SYSTEM));
761
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]762 DpmTestUtils.assertRestrictions(
763 DpmTestUtils.newRestrictions(),
764 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
765 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]766 DpmTestUtils.assertRestrictions(
767 DpmTestUtils.newRestrictions(),
768 dpm.getUserRestrictions(admin1)
769 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]770
771 dpm.addUserRestriction(admin1, UserManager.DISALLOW_SMS);
772 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
773
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]774 DpmTestUtils.assertRestrictions(
775 DpmTestUtils.newRestrictions(
776 UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS),
777 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
778 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]779 DpmTestUtils.assertRestrictions(
780 DpmTestUtils.newRestrictions(
781 UserManager.DISALLOW_SMS, UserManager.DISALLOW_OUTGOING_CALLS),
782 dpm.getUserRestrictions(admin1)
783 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]784
785 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_SMS);
786
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]787 DpmTestUtils.assertRestrictions(
788 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
789 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
790 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]791 DpmTestUtils.assertRestrictions(
792 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
793 dpm.getUserRestrictions(admin1)
794 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]795
796 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
797
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]798 DpmTestUtils.assertRestrictions(
799 DpmTestUtils.newRestrictions(),
800 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
801 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]802 DpmTestUtils.assertRestrictions(
803 DpmTestUtils.newRestrictions(),
804 dpm.getUserRestrictions(admin1)
805 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]806
807 // TODO Check inner calls.
808 // TODO Make sure restrictions are written to the file.
809 }
810
811 public void testSetUserRestriction_asPo() {
812 setAsProfileOwner(admin1);
813
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]814 DpmTestUtils.assertRestrictions(
815 DpmTestUtils.newRestrictions(),
816 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
817 .ensureUserRestrictions()
818 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]819
820 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
821 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
822
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]823 DpmTestUtils.assertRestrictions(
824 DpmTestUtils.newRestrictions(
825 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
826 UserManager.DISALLOW_OUTGOING_CALLS
827 ),
828 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
829 .ensureUserRestrictions()
830 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]831 DpmTestUtils.assertRestrictions(
832 DpmTestUtils.newRestrictions(
833 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
834 UserManager.DISALLOW_OUTGOING_CALLS
835 ),
836 dpm.getUserRestrictions(admin1)
837 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]838
839 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
840
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]841
842 DpmTestUtils.assertRestrictions(
843 DpmTestUtils.newRestrictions(
844 UserManager.DISALLOW_OUTGOING_CALLS
845 ),
846 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
847 .ensureUserRestrictions()
848 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]849 DpmTestUtils.assertRestrictions(
850 DpmTestUtils.newRestrictions(
851 UserManager.DISALLOW_OUTGOING_CALLS
852 ),
853 dpm.getUserRestrictions(admin1)
854 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]855
856 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
857
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]858 DpmTestUtils.assertRestrictions(
859 DpmTestUtils.newRestrictions(),
860 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
861 .ensureUserRestrictions()
862 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]863 DpmTestUtils.assertRestrictions(
864 DpmTestUtils.newRestrictions(),
865 dpm.getUserRestrictions(admin1)
866 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]867
868 // TODO Check inner calls.
869 // TODO Make sure restrictions are written to the file.
870 }
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]871
872 public void testGetComposedUserRestrictions_noDoNoPo() throws Exception {
873 final Bundle in = DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS);
874
875 Bundle actual = dpms.mLocalService.getComposedUserRestrictions(
876 UserHandle.USER_SYSTEM, in);
877 assertTrue(in == actual);
878
879 actual = dpms.mLocalService.getComposedUserRestrictions(
880 DpmMockContext.CALLER_USER_HANDLE, in);
881 assertTrue(in == actual);
882 }
883
884 public void testGetComposedUserRestrictions() throws Exception {
885 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
886 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
887 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
888
889 // First, set DO.
890
891 // Call from a process on the system user.
892 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
893
894 // Make sure admin1 is installed on system user.
895 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
896
897 // Call.
898 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
899 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
900 UserHandle.USER_SYSTEM));
901
902 dpm.addUserRestriction(admin1, "rest1");
903 dpm.addUserRestriction(admin1, "rest2");
904
905 // Set PO on CALLER_USER_HANDLE.
906 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
907
908 setAsProfileOwner(admin2);
909
910 dpm.addUserRestriction(admin2, "restA");
911 dpm.addUserRestriction(admin2, "restB");
912
913 final Bundle in = DpmTestUtils.newRestrictions("abc");
914
915 Bundle actual = dpms.mLocalService.getComposedUserRestrictions(
916 UserHandle.USER_SYSTEM, in);
917 DpmTestUtils.assertRestrictions(
918 DpmTestUtils.newRestrictions("abc", "rest1", "rest2"),
919 actual);
920
921 actual = dpms.mLocalService.getComposedUserRestrictions(
922 DpmMockContext.CALLER_USER_HANDLE, in);
923 DpmTestUtils.assertRestrictions(
924 DpmTestUtils.newRestrictions("abc", "rest1", "rest2", "restA", "restB"),
925 actual);
926
927 actual = dpms.mLocalService.getComposedUserRestrictions(
928 DpmMockContext.CALLER_USER_HANDLE + 1, in);
929 DpmTestUtils.assertRestrictions(
930 DpmTestUtils.newRestrictions("abc", "rest1", "rest2"),
931 actual);
932 }
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]933}