Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.settingslib; |
| 18 | |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 19 | import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; |
| 20 | import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT; |
| 21 | import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_REMOTE_INPUT; |
| 22 | import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS; |
| 23 | import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; |
| 24 | import static com.google.common.truth.Truth.assertThat; |
| 25 | import static org.mockito.Matchers.any; |
| 26 | import static org.mockito.Matchers.eq; |
| 27 | import static org.mockito.Mockito.doReturn; |
| 28 | import static org.mockito.Mockito.when; |
| 29 | |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 30 | import android.app.admin.DevicePolicyManager; |
| 31 | import android.content.ComponentName; |
| 32 | import android.content.Context; |
| 33 | import android.content.pm.UserInfo; |
| 34 | import android.os.UserManager; |
| 35 | |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 36 | import org.junit.Before; |
| 37 | import org.junit.Test; |
| 38 | import org.junit.runner.RunWith; |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 39 | import org.mockito.Answers; |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 40 | import org.mockito.Mock; |
| 41 | import org.mockito.MockitoAnnotations; |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 42 | import org.robolectric.annotation.Config; |
| 43 | |
| 44 | import java.util.Arrays; |
| 45 | |
Tony Mantler | 4ca9ebd | 2017-07-31 10:54:20 -0700 | [diff] [blame] | 46 | @RunWith(SettingsLibRobolectricTestRunner.class) |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 47 | @Config(manifest = TestConfig.MANIFEST_PATH, sdk = TestConfig.SDK_VERSION) |
| 48 | public class RestrictedLockUtilsTest { |
| 49 | |
| 50 | @Mock |
| 51 | private Context mContext; |
| 52 | @Mock |
| 53 | private DevicePolicyManager mDevicePolicyManager; |
| 54 | @Mock |
| 55 | private UserManager mUserManager; |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 56 | @Mock(answer = Answers.RETURNS_DEEP_STUBS) |
| 57 | private RestrictedLockUtils.Proxy mProxy; |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 58 | |
| 59 | private static final int mUserId = 194; |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 60 | private static final int mProfileId = 160; |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 61 | private static final ComponentName mAdmin1 = new ComponentName("admin1", "admin1class"); |
| 62 | private static final ComponentName mAdmin2 = new ComponentName("admin2", "admin2class"); |
| 63 | |
| 64 | @Before |
| 65 | public void setUp() { |
| 66 | MockitoAnnotations.initMocks(this); |
| 67 | |
| 68 | when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)) |
| 69 | .thenReturn(mDevicePolicyManager); |
| 70 | when(mContext.getSystemService(Context.USER_SERVICE)) |
| 71 | .thenReturn(mUserManager); |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 72 | |
| 73 | RestrictedLockUtils.sProxy = mProxy; |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 74 | } |
| 75 | |
| 76 | @Test |
| 77 | public void checkIfKeyguardFeaturesDisabled_noEnforcedAdminForManagedProfile() { |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 78 | setUpManagedProfile(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 79 | |
| 80 | final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 81 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); |
| 82 | |
| 83 | assertThat(enforcedAdmin).isEqualTo(null); |
| 84 | } |
| 85 | |
| 86 | @Test |
| 87 | public void checkIfKeyguardFeaturesDisabled_oneEnforcedAdminForManagedProfile() { |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 88 | setUpManagedProfile(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 89 | |
| 90 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) |
| 91 | .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); |
| 92 | |
| 93 | final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 94 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); |
| 95 | |
| 96 | assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, mUserId)); |
| 97 | } |
| 98 | |
| 99 | @Test |
| 100 | public void checkIfKeyguardFeaturesDisabled_multipleEnforcedAdminForManagedProfile() { |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 101 | setUpManagedProfile(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 102 | |
| 103 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) |
| 104 | .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); |
| 105 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mUserId)) |
| 106 | .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); |
| 107 | |
| 108 | final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 109 | mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId); |
| 110 | |
| 111 | assertThat(enforcedAdmin).isEqualTo(EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN); |
| 112 | } |
| 113 | |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 114 | @Test |
| 115 | public void checkIfKeyguardFeaturesAreDisabled_doesMatchAllowedFeature_unifiedManagedProfile() { |
| 116 | UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); |
| 117 | UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); |
| 118 | when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(new UserInfo[] { |
| 119 | userInfo, profileInfo})); |
| 120 | |
| 121 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) |
| 122 | .thenReturn(KEYGUARD_DISABLE_FEATURES_NONE); |
| 123 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mProfileId)) |
| 124 | .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); |
| 125 | |
| 126 | // Querying the parent should return the policy, since it affects the parent. |
| 127 | EnforcedAdmin parent = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 128 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); |
| 129 | assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); |
| 130 | |
| 131 | // Querying the child should return that too. |
| 132 | EnforcedAdmin profile = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 133 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); |
| 134 | assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); |
| 135 | |
| 136 | // Querying for some unrelated feature should return nothing. Nothing! |
| 137 | assertThat(RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 138 | mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId)).isNull(); |
| 139 | assertThat(RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 140 | mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mProfileId)).isNull(); |
| 141 | } |
| 142 | |
| 143 | @Test |
| 144 | public void checkIfKeyguardFeaturesAreDisabled_notMatchOtherFeatures_unifiedManagedProfile() { |
| 145 | UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); |
| 146 | UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); |
| 147 | when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(new UserInfo[] { |
| 148 | userInfo, profileInfo})); |
| 149 | |
| 150 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) |
| 151 | .thenReturn(KEYGUARD_DISABLE_FEATURES_NONE); |
| 152 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mProfileId)) |
| 153 | .thenReturn(KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS); |
| 154 | |
| 155 | // Querying the parent should not return the policy, because it's not a policy that should |
| 156 | // affect parents even when the lock screen is unified. |
| 157 | EnforcedAdmin primary = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 158 | mContext, KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS, mUserId); |
| 159 | assertThat(primary).isNull(); |
| 160 | |
| 161 | // Querying the child should still return the policy. |
| 162 | EnforcedAdmin profile = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 163 | mContext, KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS, mProfileId); |
| 164 | assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); |
| 165 | } |
| 166 | |
| 167 | @Test |
| 168 | public void checkIfKeyguardFeaturesAreDisabled_onlyMatchesProfile_separateManagedProfile() { |
| 169 | UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); |
| 170 | UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); |
| 171 | when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(new UserInfo[] { |
| 172 | userInfo, profileInfo})); |
| 173 | |
| 174 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) |
| 175 | .thenReturn(KEYGUARD_DISABLE_FEATURES_NONE); |
| 176 | when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mProfileId)) |
| 177 | .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); |
| 178 | |
| 179 | // Crucially for this test, isSeparateWorkChallengeEnabled => true. |
| 180 | doReturn(true).when(mProxy).isSeparateProfileChallengeEnabled(any(), eq(mProfileId)); |
| 181 | |
| 182 | // Querying the parent should not return the policy, even though it's shared by default, |
| 183 | // because the parent doesn't share a lock screen with the profile any more. |
| 184 | EnforcedAdmin parent = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 185 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); |
| 186 | assertThat(parent).isNull(); |
| 187 | |
| 188 | // Querying the child should still return the policy. |
| 189 | EnforcedAdmin profile = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 190 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); |
| 191 | assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); |
| 192 | } |
| 193 | |
| 194 | /** |
| 195 | * This test works great. The real world implementation is sketchy though. |
| 196 | * <p> |
| 197 | * DevicePolicyManager.getParentProfileInstance(UserInfo) does not do what it looks like it does |
| 198 | * (which would be to get an instance for the parent of the user that's passed in to it.) |
| 199 | * <p> |
| 200 | * Instead it just always returns a parent instance for the current user. |
| 201 | * <p> |
| 202 | * Still, the test works. |
| 203 | */ |
| 204 | @Test |
| 205 | public void checkIfKeyguardFeaturesAreDisabled_onlyMatchesParent_profileParentPolicy() { |
| 206 | UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); |
| 207 | UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); |
| 208 | when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(new UserInfo[] { |
| 209 | userInfo, profileInfo})); |
| 210 | |
| 211 | when(mProxy.getParentProfileInstance(any(DevicePolicyManager.class), any()) |
| 212 | .getKeyguardDisabledFeatures(mAdmin2, mProfileId)) |
| 213 | .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); |
| 214 | |
| 215 | // Parent should get the policy. |
| 216 | EnforcedAdmin parent = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 217 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); |
| 218 | assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, mProfileId)); |
| 219 | |
| 220 | // Profile should not get the policy. |
| 221 | EnforcedAdmin profile = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( |
| 222 | mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); |
| 223 | assertThat(profile).isNull(); |
| 224 | } |
| 225 | |
| 226 | private UserInfo setUpUser(int userId, ComponentName[] admins) { |
| 227 | UserInfo userInfo = new UserInfo(userId, "primary", 0); |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 228 | when(mUserManager.getUserInfo(userId)).thenReturn(userInfo); |
Robin Lee | acdeac6 | 2017-02-21 22:13:38 +0000 | [diff] [blame] | 229 | setUpActiveAdmins(userId, admins); |
| 230 | return userInfo; |
| 231 | } |
| 232 | |
| 233 | private UserInfo setUpManagedProfile(int userId, ComponentName[] admins) { |
| 234 | UserInfo userInfo = new UserInfo(userId, "profile", UserInfo.FLAG_MANAGED_PROFILE); |
| 235 | when(mUserManager.getUserInfo(userId)).thenReturn(userInfo); |
| 236 | setUpActiveAdmins(userId, admins); |
Andrew Scull | 4e20148 | 2016-12-07 10:37:41 +0000 | [diff] [blame] | 237 | return userInfo; |
| 238 | } |
| 239 | |
| 240 | private void setUpActiveAdmins(int userId, ComponentName[] activeAdmins) { |
| 241 | when(mDevicePolicyManager.getActiveAdminsAsUser(userId)) |
| 242 | .thenReturn(Arrays.asList(activeAdmins)); |
| 243 | } |
| 244 | } |