Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / a31ebbc439364a4993e79fd385cf6373408a42fe / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
blob: 01593568b699f1145448481c96eee270d655cf7b [file] [log] [blame]
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]16package com.android.server.devicepolicy;
17
18import com.android.server.LocalServices;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]19import com.android.server.SystemService;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]20
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]21import android.Manifest.permission;
22import android.app.Activity;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]23import android.app.admin.DeviceAdminReceiver;
24import android.app.admin.DevicePolicyManager;
25import android.app.admin.DevicePolicyManagerInternal;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]26import android.content.BroadcastReceiver;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]27import android.content.ComponentName;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]28import android.content.pm.PackageManager;
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame^]29import android.net.wifi.WifiInfo;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]30import android.os.Bundle;
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]31import android.os.Process;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]32import android.os.UserHandle;
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]33import android.os.UserManager;
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame^]34import android.test.MoreAsserts;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]35import android.util.Pair;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]36
37import org.mockito.ArgumentCaptor;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]38import org.mockito.invocation.InvocationOnMock;
39import org.mockito.stubbing.Answer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]40
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]41import java.util.ArrayList;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]42import java.util.HashMap;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]43import java.util.List;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]44import java.util.Map;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]45
46import static org.mockito.Matchers.any;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]47import static org.mockito.Matchers.anyInt;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]48import static org.mockito.Matchers.anyString;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]49import static org.mockito.Matchers.eq;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]50import static org.mockito.Matchers.isNull;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]51import static org.mockito.Mockito.doAnswer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]52import static org.mockito.Mockito.doReturn;
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]53import static org.mockito.Mockito.reset;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]54import static org.mockito.Mockito.times;
55import static org.mockito.Mockito.verify;
56import static org.mockito.Mockito.when;
57
58/**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]59 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]60 *
61 m FrameworksServicesTests &&
62 adb install \
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]63 -r out/target/product/hammerhead/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]64 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]65 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]66
67 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
68 */
69public class DevicePolicyManagerTest extends DpmTestBase {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]70 private DpmMockContext mContext;
71 public DevicePolicyManager dpm;
72 public DevicePolicyManagerServiceTestable dpms;
73
74 @Override
75 protected void setUp() throws Exception {
76 super.setUp();
77
78 mContext = getContext();
79
80 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
81 .thenReturn(true);
82
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]83 initializeDpms();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]84
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]85 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
86 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
87 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]88
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]89 setUpUserManager();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]90 }
91
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]92 private void initializeDpms() {
93 // Need clearCallingIdentity() to pass permission checks.
94 final long ident = mContext.binder.clearCallingIdentity();
95 try {
96 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
97
98 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
99
100 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY);
101 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED);
102
103 dpm = new DevicePolicyManagerTestable(mContext, dpms);
104 } finally {
105 mContext.binder.restoreCallingIdentity(ident);
106 }
107 }
108
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]109 private void setUpUserManager() {
110 // Emulate UserManager.set/getApplicationRestriction().
111 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
112
113 // UM.setApplicationRestrictions() will save to appRestrictions.
114 doAnswer(new Answer<Void>() {
115 @Override
116 public Void answer(InvocationOnMock invocation) throws Throwable {
117 String pkg = (String) invocation.getArguments()[0];
118 Bundle bundle = (Bundle) invocation.getArguments()[1];
119 UserHandle user = (UserHandle) invocation.getArguments()[2];
120
121 appRestrictions.put(Pair.create(pkg, user), bundle);
122
123 return null;
124 }
125 }).when(mContext.userManager).setApplicationRestrictions(
126 anyString(), any(Bundle.class), any(UserHandle.class));
127
128 // UM.getApplicationRestrictions() will read from appRestrictions.
129 doAnswer(new Answer<Bundle>() {
130 @Override
131 public Bundle answer(InvocationOnMock invocation) throws Throwable {
132 String pkg = (String) invocation.getArguments()[0];
133 UserHandle user = (UserHandle) invocation.getArguments()[1];
134
135 return appRestrictions.get(Pair.create(pkg, user));
136 }
137 }).when(mContext.userManager).getApplicationRestrictions(
138 anyString(), any(UserHandle.class));
139
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]140 // Add the first secondary user.
141 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]142 }
143
144 private void setAsProfileOwner(ComponentName admin) {
145 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
146 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
147
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]148 // PO needs to be an DA.
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]149 dpm.setActiveAdmin(admin, /* replace =*/ false);
150
151 // Fire!
152 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
153
154 // Check
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]155 assertEquals(admin, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]156 }
157
158 public void testHasNoFeature() throws Exception {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]159 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
160 .thenReturn(false);
161
162 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
163 new DevicePolicyManagerServiceTestable(mContext, dataDir);
164
165 // If the device has no DPMS feature, it shouldn't register the local service.
166 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
167 }
168
169 /**
170 * Caller doesn't have proper permissions.
171 */
172 public void testSetActiveAdmin_SecurityException() {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]173 // 1. Failure cases.
174
175 // Caller doesn't have MANAGE_DEVICE_ADMINS.
176 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]177 dpm.setActiveAdmin(admin1, false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]178 fail("Didn't throw SecurityException");
179 } catch (SecurityException expected) {
180 }
181
182 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
183 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
184 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]185 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]186 fail("Didn't throw SecurityException");
187 } catch (SecurityException expected) {
188 }
189 }
190
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]191 /**
192 * Test for:
193 * {@link DevicePolicyManager#setActiveAdmin}
194 * with replace=false and replace=true
195 * {@link DevicePolicyManager#isAdminActive}
196 * {@link DevicePolicyManager#isAdminActiveAsUser}
197 * {@link DevicePolicyManager#getActiveAdmins}
198 * {@link DevicePolicyManager#getActiveAdminsAsUser}
199 */
200 public void testSetActiveAdmin() throws Exception {
201 // 1. Make sure the caller has proper permissions.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]202 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
203
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]204 // 2. Call the API.
205 dpm.setActiveAdmin(admin1, /* replace =*/ false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]206
207 // 3. Verify internal calls.
208
209 // Check if the boradcast is sent.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]210 verify(mContext.spiedContext).sendBroadcastAsUser(
211 MockUtils.checkIntentAction(
212 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
213 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
214 verify(mContext.spiedContext).sendBroadcastAsUser(
215 MockUtils.checkIntentAction(
216 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]217 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
218
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]219 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
220 eq(admin1.getPackageName()),
221 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
222 eq(PackageManager.DONT_KILL_APP),
223 eq(DpmMockContext.CALLER_USER_HANDLE),
224 anyString());
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]225
226 // TODO Verify other calls too.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]227
228 // Make sure it's active admin1.
229 assertTrue(dpm.isAdminActive(admin1));
230 assertFalse(dpm.isAdminActive(admin2));
231 assertFalse(dpm.isAdminActive(admin3));
232
233 // But not admin1 for a different user.
234
235 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
236 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
237 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
238
239 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
240 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
241
242 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
243
244 // Next, add one more admin.
245 // Before doing so, update the application info, now it's enabled.
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]246 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,
247 PackageManager.COMPONENT_ENABLED_STATE_ENABLED);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]248
249 dpm.setActiveAdmin(admin2, /* replace =*/ false);
250
251 // Now we have two admins.
252 assertTrue(dpm.isAdminActive(admin1));
253 assertTrue(dpm.isAdminActive(admin2));
254 assertFalse(dpm.isAdminActive(admin3));
255
256 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
257 // again. (times(1) because it was previously called for admin1)
258 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
259 eq(admin1.getPackageName()),
260 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
261 eq(PackageManager.DONT_KILL_APP),
262 eq(DpmMockContext.CALLER_USER_HANDLE),
263 anyString());
264
265 // 4. Add the same admin1 again without replace, which should throw.
266 try {
267 dpm.setActiveAdmin(admin1, /* replace =*/ false);
268 fail("Didn't throw");
269 } catch (IllegalArgumentException expected) {
270 }
271
272 // 5. Add the same admin1 again with replace, which should succeed.
273 dpm.setActiveAdmin(admin1, /* replace =*/ true);
274
275 // TODO make sure it's replaced.
276
277 // 6. Test getActiveAdmins()
278 List<ComponentName> admins = dpm.getActiveAdmins();
279 assertEquals(2, admins.size());
280 assertEquals(admin1, admins.get(0));
281 assertEquals(admin2, admins.get(1));
282
283 // Another user has no admins.
284 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
285
286 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
287 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
288
289 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
290 }
291
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]292 public void testSetActiveAdmin_multiUsers() throws Exception {
293
294 final int ANOTHER_USER_ID = 100;
295 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
296
297 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
298
299 // Set up pacakge manager for the other user.
300 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]301
302 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
303
304 dpm.setActiveAdmin(admin1, /* replace =*/ false);
305
306 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
307 dpm.setActiveAdmin(admin2, /* replace =*/ false);
308
309
310 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
311 assertTrue(dpm.isAdminActive(admin1));
312 assertFalse(dpm.isAdminActive(admin2));
313
314 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
315 assertFalse(dpm.isAdminActive(admin1));
316 assertTrue(dpm.isAdminActive(admin2));
317 }
318
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]319 /**
320 * Test for:
321 * {@link DevicePolicyManager#setActiveAdmin}
322 * with replace=false
323 */
324 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
325 // 1. Make sure the caller has proper permissions.
326 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
327
328 dpm.setActiveAdmin(admin1, /* replace =*/ false);
329 assertTrue(dpm.isAdminActive(admin1));
330
331 // Add the same admin1 again without replace, which should throw.
332 try {
333 dpm.setActiveAdmin(admin1, /* replace =*/ false);
334 fail("Didn't throw");
335 } catch (IllegalArgumentException expected) {
336 }
337 }
338
339 /**
340 * Test for:
341 * {@link DevicePolicyManager#removeActiveAdmin}
342 */
343 public void testRemoveActiveAdmin_SecurityException() {
344 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
345
346 // Add admin.
347
348 dpm.setActiveAdmin(admin1, /* replace =*/ false);
349
350 assertTrue(dpm.isAdminActive(admin1));
351
352 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
353
354 // Directly call the DPMS method with a different userid, which should fail.
355 try {
356 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
357 fail("Didn't throw SecurityException");
358 } catch (SecurityException expected) {
359 }
360
361 // Try to remove active admin with a different caller userid should fail too, without
362 // having MANAGE_DEVICE_ADMINS.
363 mContext.callerPermissions.clear();
364
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]365 // Change the caller, and call into DPMS directly with a different user-id.
366
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]367 mContext.binder.callingUid = 1234567;
368 try {
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]369 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]370 fail("Didn't throw SecurityException");
371 } catch (SecurityException expected) {
372 }
373 }
374
375 /**
376 * Test for:
377 * {@link DevicePolicyManager#removeActiveAdmin}
378 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]379 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]380 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
381
382 // Add admin1.
383
384 dpm.setActiveAdmin(admin1, /* replace =*/ false);
385
386 assertTrue(dpm.isAdminActive(admin1));
387 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
388
389 // Different user, but should work, because caller has proper permissions.
390 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]391
392 // Change the caller, and call into DPMS directly with a different user-id.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]393 mContext.binder.callingUid = 1234567;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]394
395 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]396
397 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
398
399 // TODO DO Still can't be removed in this case.
400 }
401
402 /**
403 * Test for:
404 * {@link DevicePolicyManager#removeActiveAdmin}
405 */
406 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
407 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
408 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
409
410 // Add admin1.
411
412 dpm.setActiveAdmin(admin1, /* replace =*/ false);
413
414 assertTrue(dpm.isAdminActive(admin1));
415 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
416
417 // Broadcast from saveSettingsLocked().
418 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
419 MockUtils.checkIntentAction(
420 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
421 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
422
423 // Remove. No permissions, but same user, so it'll work.
424 mContext.callerPermissions.clear();
425 dpm.removeActiveAdmin(admin1);
426
427 final ArgumentCaptor<BroadcastReceiver> brCap =
428 ArgumentCaptor.forClass(BroadcastReceiver.class);
429
430 // Is removing now, but not removed yet.
431 assertTrue(dpm.isAdminActive(admin1));
432 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
433
434 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
435 MockUtils.checkIntentAction(
436 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
437 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
438 isNull(String.class),
439 brCap.capture(),
440 eq(dpms.mHandler),
441 eq(Activity.RESULT_OK),
442 isNull(String.class),
443 isNull(Bundle.class));
444
445 brCap.getValue().onReceive(mContext, null);
446
447 assertFalse(dpm.isAdminActive(admin1));
448 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
449
450 // Again broadcast from saveSettingsLocked().
451 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
452 MockUtils.checkIntentAction(
453 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
454 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
455
456 // TODO Check other internal calls.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]457 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]458
459 /**
460 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs
461 * successfully.
462 */
463 public void testSetDeviceOwner() throws Exception {
464 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]465 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]466 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
467 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
468
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]469 // In this test, change the caller user to "system".
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]470 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
471
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]472 // Make sure admin1 is installed on system user.
473 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]474
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]475 // Check various get APIs.
476 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ false);
477
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]478 // DO needs to be an DA.
479 dpm.setActiveAdmin(admin1, /* replace =*/ false);
480
481 // Fire!
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]482 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]483
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]484 // getDeviceOwnerComponent should return the admin1 component.
485 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
486 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
487
488 // Check various get APIs.
489 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ true);
490
491 // getDeviceOwnerComponent should *NOT* return the admin1 component for other users.
492 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
493 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
494 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
495
496 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
497
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]498 // Verify internal calls.
499 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
500 eq(admin1.getPackageName()));
501
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]502 // TODO We should check if the caller has called clearCallerIdentity().
503 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
504 eq(UserHandle.USER_SYSTEM), eq(false));
505
506 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
507 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
508 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
509
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]510 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]511
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]512 // Try to set a profile owner on the same user, which should fail.
513 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
514 dpm.setActiveAdmin(admin2, /* refreshing= */ true, UserHandle.USER_SYSTEM);
515 try {
516 dpm.setProfileOwner(admin2, "owner-name", UserHandle.USER_SYSTEM);
517 fail("IllegalStateException not thrown");
518 } catch (IllegalStateException expected) {
519 assertTrue("Message was: " + expected.getMessage(),
520 expected.getMessage().contains("already has a device owner"));
521 }
522
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]523 // TODO Test getDeviceOwnerName() too. To do so, we need to change
524 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
525 }
526
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]527 private void checkGetDeviceOwnerInfoApi(DevicePolicyManager dpm, boolean hasDeviceOwner) {
528 final int origCallingUser = mContext.binder.callingUid;
529 final List origPermissions = new ArrayList(mContext.callerPermissions);
530 mContext.callerPermissions.clear();
531
532 mContext.callerPermissions.add(permission.MANAGE_USERS);
533
534 mContext.binder.callingUid = Process.SYSTEM_UID;
535
536 // TODO Test getDeviceOwnerName() too. To do so, we need to change
537 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
538 if (hasDeviceOwner) {
539 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
540 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
541 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
542
543 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
544 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
545 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
546 } else {
547 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
548 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
549 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
550
551 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
552 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
553 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
554 }
555
556 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
557 if (hasDeviceOwner) {
558 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
559 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
560 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
561
562 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
563 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
564 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
565 } else {
566 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
567 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
568 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
569
570 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
571 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
572 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
573 }
574
575 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
576 // Still with MANAGE_USERS.
577 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
578 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
579 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
580
581 if (hasDeviceOwner) {
582 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
583 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
584 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
585 } else {
586 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
587 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
588 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
589 }
590
591 mContext.binder.callingUid = Process.SYSTEM_UID;
592 mContext.callerPermissions.remove(permission.MANAGE_USERS);
593 // System can still call "OnAnyUser" without MANAGE_USERS.
594 if (hasDeviceOwner) {
595 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
596 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
597 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
598
599 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
600 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
601 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
602 } else {
603 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
604 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
605 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
606
607 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
608 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
609 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
610 }
611
612 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
613 // Still no MANAGE_USERS.
614 if (hasDeviceOwner) {
615 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
616 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
617 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
618 } else {
619 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
620 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
621 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
622 }
623
624 try {
625 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
626 fail();
627 } catch (SecurityException expected) {
628 }
629 try {
630 dpm.getDeviceOwnerComponentOnAnyUser();
631 fail();
632 } catch (SecurityException expected) {
633 }
634 try {
635 dpm.getDeviceOwnerUserId();
636 fail();
637 } catch (SecurityException expected) {
638 }
639 try {
640 dpm.getDeviceOwnerNameOnAnyUser();
641 fail();
642 } catch (SecurityException expected) {
643 }
644
645 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
646 // Still no MANAGE_USERS.
647 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
648 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
649 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
650
651 try {
652 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
653 fail();
654 } catch (SecurityException expected) {
655 }
656 try {
657 dpm.getDeviceOwnerComponentOnAnyUser();
658 fail();
659 } catch (SecurityException expected) {
660 }
661 try {
662 dpm.getDeviceOwnerUserId();
663 fail();
664 } catch (SecurityException expected) {
665 }
666 try {
667 dpm.getDeviceOwnerNameOnAnyUser();
668 fail();
669 } catch (SecurityException expected) {
670 }
671
672 // Restore.
673 mContext.binder.callingUid = origCallingUser;
674 mContext.callerPermissions.addAll(origPermissions);
675 }
676
677
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]678 /**
679 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
680 */
681 public void testSetDeviceOwner_noSuchPackage() {
682 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]683 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]684 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
685 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
686
687 // Call from a process on the system user.
688 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
689
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]690 try {
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]691 dpm.setDeviceOwner(new ComponentName("a.b.c", ".def"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]692 fail("Didn't throw IllegalArgumentException");
693 } catch (IllegalArgumentException expected) {
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]694 assertTrue("Message was: " + expected.getMessage(),
695 expected.getMessage().contains("Invalid component"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]696 }
697 }
698
699 public void testSetDeviceOwner_failures() throws Exception {
700 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
701 }
702
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]703 public void testClearDeviceOwner() throws Exception {
704 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]705 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]706 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
707 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
708
709 // Set admin1 as a DA to the secondary user.
710 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
711
712 dpm.setActiveAdmin(admin1, /* replace =*/ false);
713
714 // Set admin 1 as the DO to the system user.
715
716 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
717 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
718 dpm.setActiveAdmin(admin1, /* replace =*/ false);
719 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
720
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]721 // Verify internal calls.
722 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
723 eq(admin1.getPackageName()));
724
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]725 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]726
727 // Set up other mocks.
728 when(mContext.userManager.getUserRestrictions()).thenReturn(new Bundle());
729
730 // Now call clear.
731 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager).getPackageUid(
732 eq(admin1.getPackageName()),
733 anyInt());
734 dpm.clearDeviceOwnerApp(admin1.getPackageName());
735
736 // Now DO shouldn't be set.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]737 assertNull(dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]738
739 // TODO Check other calls.
740 }
741
742 public void testClearDeviceOwner_fromDifferentUser() throws Exception {
743 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]744 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]745 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
746 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
747
748 // Set admin1 as a DA to the secondary user.
749 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
750
751 dpm.setActiveAdmin(admin1, /* replace =*/ false);
752
753 // Set admin 1 as the DO to the system user.
754
755 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
756 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
757 dpm.setActiveAdmin(admin1, /* replace =*/ false);
758 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
759
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]760 // Verify internal calls.
761 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
762 eq(admin1.getPackageName()));
763
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]764 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]765
766 // Now call clear from the secondary user, which should throw.
767 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
768
769 // Now call clear.
770 doReturn(DpmMockContext.CALLER_UID).when(mContext.packageManager).getPackageUid(
771 eq(admin1.getPackageName()),
772 anyInt());
773 try {
774 dpm.clearDeviceOwnerApp(admin1.getPackageName());
775 fail("Didn't throw");
776 } catch (SecurityException e) {
777 assertEquals("clearDeviceOwner can only be called by the device owner", e.getMessage());
778 }
779
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]780 // DO shouldn't be removed.
781 assertTrue(dpm.isDeviceManaged());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]782 }
783
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]784 public void testSetProfileOwner() throws Exception {
785 setAsProfileOwner(admin1);
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]786
787 // Try setting DO on the same user, which should fail.
788 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
789 dpm.setActiveAdmin(admin2, /* refreshing= */ true, DpmMockContext.CALLER_USER_HANDLE);
790 try {
791 dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE);
792 fail("IllegalStateException not thrown");
793 } catch (IllegalStateException expected) {
794 assertTrue("Message was: " + expected.getMessage(),
795 expected.getMessage().contains("already has a profile owner"));
796 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]797 }
798
799 public void testSetProfileOwner_failures() throws Exception {
800 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
801 }
802
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]803 public void testGetDeviceOwnerAdminLocked() throws Exception {
804 checkDeviceOwnerWithMultipleDeviceAdmins();
805 }
806
807 private void checkDeviceOwnerWithMultipleDeviceAdmins() throws Exception {
808 // In ths test, we use 3 users (system + 2 secondary users), set some device admins to them,
809 // set admin2 on CALLER_USER_HANDLE as DO, then call getDeviceOwnerAdminLocked() to
810 // make sure it gets the right component from the right user.
811
812 final int ANOTHER_USER_ID = 100;
813 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 456);
814
815 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
816
817 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]818 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]819 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
820 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
821
822 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
823
824 // Make sure the admin packge is installed to each user.
825 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
826 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID);
827
828 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
829 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
830
831 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
832
833
834 // Set active admins to the users.
835 dpm.setActiveAdmin(admin1, /* replace =*/ false);
836 dpm.setActiveAdmin(admin3, /* replace =*/ false);
837
838 dpm.setActiveAdmin(admin1, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
839 dpm.setActiveAdmin(admin2, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
840
841 dpm.setActiveAdmin(admin2, /* replace =*/ false, ANOTHER_USER_ID);
842
843 // Set DO on the first non-system user.
844 mContext.setUserRunning(DpmMockContext.CALLER_USER_HANDLE, true);
845 assertTrue(dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
846
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]847 assertEquals(admin2, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]848
849 // Then check getDeviceOwnerAdminLocked().
850 assertEquals(admin2, dpms.getDeviceOwnerAdminLocked().info.getComponent());
851 assertEquals(DpmMockContext.CALLER_UID, dpms.getDeviceOwnerAdminLocked().getUid());
852 }
853
854 /**
855 * This essentially tests
856 * {@code DevicePolicyManagerService.findOwnerComponentIfNecessaryLocked()}. (which is private.)
857 *
858 * We didn't use to persist the DO component class name, but now we do, and the above method
859 * finds the right component from a package name upon migration.
860 */
861 public void testDeviceOwnerMigration() throws Exception {
862 checkDeviceOwnerWithMultipleDeviceAdmins();
863
864 // Overwrite the device owner setting and clears the clas name.
865 dpms.mOwners.setDeviceOwner(
866 new ComponentName(admin2.getPackageName(), ""),
867 "owner-name", DpmMockContext.CALLER_USER_HANDLE);
868 dpms.mOwners.writeDeviceOwner();
869
870 // Make sure the DO component name doesn't have a class name.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]871 assertEquals("", dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false).getClassName());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]872
873 // Then create a new DPMS to have it load the settings from files.
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]874 when(mContext.userManager.getUserRestrictions(any(UserHandle.class)))
875 .thenReturn(new Bundle());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]876 initializeDpms();
877
878 // Now the DO component name is a full name.
879 // *BUT* because both admin1 and admin2 belong to the same package, we think admin1 is the
880 // DO.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]881 assertEquals(admin1, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]882 }
883
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]884 public void testSetGetApplicationRestriction() {
885 setAsProfileOwner(admin1);
886
887 {
888 Bundle rest = new Bundle();
889 rest.putString("KEY_STRING", "Foo1");
890 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
891 }
892
893 {
894 Bundle rest = new Bundle();
895 rest.putString("KEY_STRING", "Foo2");
896 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
897 }
898
899 {
900 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
901 assertNotNull(returned);
902 assertEquals(returned.size(), 1);
903 assertEquals(returned.get("KEY_STRING"), "Foo1");
904 }
905
906 {
907 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
908 assertNotNull(returned);
909 assertEquals(returned.size(), 1);
910 assertEquals(returned.get("KEY_STRING"), "Foo2");
911 }
912
913 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
914 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
915 }
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]916
917 public void testSetUserRestriction_asDo() throws Exception {
918 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]919 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]920 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
921 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
922
923 // First, set DO.
924
925 // Call from a process on the system user.
926 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
927
928 // Make sure admin1 is installed on system user.
929 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]930
931 // Call.
932 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]933 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]934 UserHandle.USER_SYSTEM));
935
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]936 DpmTestUtils.assertRestrictions(
937 DpmTestUtils.newRestrictions(),
938 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
939 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]940 DpmTestUtils.assertRestrictions(
941 DpmTestUtils.newRestrictions(),
942 dpm.getUserRestrictions(admin1)
943 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]944
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]945 reset(mContext.userManagerInternal);
946
947 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
948 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
949 eq(UserHandle.USER_SYSTEM),
950 MockUtils.checkUserRestrictions(),
951 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
952 );
953 reset(mContext.userManagerInternal);
954
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]955 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]956 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
957 eq(UserHandle.USER_SYSTEM),
958 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
959 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
960 );
961 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]962
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]963 DpmTestUtils.assertRestrictions(
964 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]965 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]966 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
967 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]968 DpmTestUtils.assertRestrictions(
969 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]970 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]971 dpm.getUserRestrictions(admin1)
972 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]973
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]974 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
975 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
976 eq(UserHandle.USER_SYSTEM),
977 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
978 MockUtils.checkUserRestrictions()
979 );
980 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]981
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]982 DpmTestUtils.assertRestrictions(
983 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
984 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
985 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]986 DpmTestUtils.assertRestrictions(
987 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
988 dpm.getUserRestrictions(admin1)
989 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]990
991 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]992 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
993 eq(UserHandle.USER_SYSTEM),
994 MockUtils.checkUserRestrictions(),
995 MockUtils.checkUserRestrictions()
996 );
997 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]998
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]999 DpmTestUtils.assertRestrictions(
1000 DpmTestUtils.newRestrictions(),
1001 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1002 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1003 DpmTestUtils.assertRestrictions(
1004 DpmTestUtils.newRestrictions(),
1005 dpm.getUserRestrictions(admin1)
1006 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1007
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1008 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE are PO restrictions, but when
1009 // DO sets them, the scope is global.
1010 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1011 reset(mContext.userManagerInternal);
1012 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1013 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1014 eq(UserHandle.USER_SYSTEM),
1015 MockUtils.checkUserRestrictions(),
1016 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1017 UserManager.DISALLOW_UNMUTE_MICROPHONE)
1018 );
1019 reset(mContext.userManagerInternal);
1020
1021 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1022 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1023
1024
1025 // More tests.
1026 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1027 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1028 eq(UserHandle.USER_SYSTEM),
1029 MockUtils.checkUserRestrictions(),
1030 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
1031 );
1032 reset(mContext.userManagerInternal);
1033
1034 dpm.addUserRestriction(admin1, UserManager.DISALLOW_FUN);
1035 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1036 eq(UserHandle.USER_SYSTEM),
1037 MockUtils.checkUserRestrictions(),
1038 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1039 UserManager.DISALLOW_ADD_USER)
1040 );
1041 reset(mContext.userManagerInternal);
1042
1043 dpm.setCameraDisabled(admin1, true);
1044 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1045 eq(UserHandle.USER_SYSTEM),
1046 // DISALLOW_CAMERA will be applied to both local and global.
1047 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
1048 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1049 UserManager.DISALLOW_CAMERA, UserManager.DISALLOW_ADD_USER)
1050 );
1051 reset(mContext.userManagerInternal);
1052
1053 // Set up another DA and let it disable camera. Now DISALLOW_CAMERA will only be applied
1054 // locally.
1055 dpm.setCameraDisabled(admin1, false);
1056 reset(mContext.userManagerInternal);
1057
1058 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
1059 dpm.setActiveAdmin(admin2, /* replace =*/ false, UserHandle.USER_SYSTEM);
1060 dpm.setCameraDisabled(admin2, true);
1061
1062 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1063 eq(UserHandle.USER_SYSTEM),
1064 // DISALLOW_CAMERA will be applied to both local and global.
1065 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
1066 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1067 UserManager.DISALLOW_ADD_USER)
1068 );
1069 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1070 // TODO Make sure restrictions are written to the file.
1071 }
1072
1073 public void testSetUserRestriction_asPo() {
1074 setAsProfileOwner(admin1);
1075
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1076 DpmTestUtils.assertRestrictions(
1077 DpmTestUtils.newRestrictions(),
1078 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1079 .ensureUserRestrictions()
1080 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1081
1082 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1083 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1084 eq(DpmMockContext.CALLER_USER_HANDLE),
1085 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES),
1086 isNull(Bundle.class)
1087 );
1088 reset(mContext.userManagerInternal);
1089
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1090 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1091 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1092 eq(DpmMockContext.CALLER_USER_HANDLE),
1093 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1094 UserManager.DISALLOW_OUTGOING_CALLS),
1095 isNull(Bundle.class)
1096 );
1097 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1098
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1099 DpmTestUtils.assertRestrictions(
1100 DpmTestUtils.newRestrictions(
1101 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1102 UserManager.DISALLOW_OUTGOING_CALLS
1103 ),
1104 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1105 .ensureUserRestrictions()
1106 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1107 DpmTestUtils.assertRestrictions(
1108 DpmTestUtils.newRestrictions(
1109 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1110 UserManager.DISALLOW_OUTGOING_CALLS
1111 ),
1112 dpm.getUserRestrictions(admin1)
1113 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1114
1115 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1116 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1117 eq(DpmMockContext.CALLER_USER_HANDLE),
1118 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1119 isNull(Bundle.class)
1120 );
1121 reset(mContext.userManagerInternal);
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1122
1123 DpmTestUtils.assertRestrictions(
1124 DpmTestUtils.newRestrictions(
1125 UserManager.DISALLOW_OUTGOING_CALLS
1126 ),
1127 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1128 .ensureUserRestrictions()
1129 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1130 DpmTestUtils.assertRestrictions(
1131 DpmTestUtils.newRestrictions(
1132 UserManager.DISALLOW_OUTGOING_CALLS
1133 ),
1134 dpm.getUserRestrictions(admin1)
1135 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1136
1137 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1138 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1139 eq(DpmMockContext.CALLER_USER_HANDLE),
1140 MockUtils.checkUserRestrictions(),
1141 isNull(Bundle.class)
1142 );
1143 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1144
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1145 DpmTestUtils.assertRestrictions(
1146 DpmTestUtils.newRestrictions(),
1147 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1148 .ensureUserRestrictions()
1149 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1150 DpmTestUtils.assertRestrictions(
1151 DpmTestUtils.newRestrictions(),
1152 dpm.getUserRestrictions(admin1)
1153 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1154
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1155 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE can be set by PO too, even
1156 // though when DO sets them they'll be applied globally.
1157 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1158 reset(mContext.userManagerInternal);
1159 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1160 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1161 eq(DpmMockContext.CALLER_USER_HANDLE),
1162 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1163 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1164 isNull(Bundle.class)
1165 );
1166 reset(mContext.userManagerInternal);
1167
1168 dpm.setCameraDisabled(admin1, true);
1169 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1170 eq(DpmMockContext.CALLER_USER_HANDLE),
1171 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA,
1172 UserManager.DISALLOW_ADJUST_VOLUME,
1173 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1174 isNull(Bundle.class)
1175 );
1176 reset(mContext.userManagerInternal);
1177
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1178 // TODO Make sure restrictions are written to the file.
1179 }
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame^]1180
1181 public void testGetMacAddress() throws Exception {
1182 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1183 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1184 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1185
1186 // In this test, change the caller user to "system".
1187 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1188
1189 // Make sure admin1 is installed on system user.
1190 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1191
1192 // Test 1. Caller doesn't have DO or DA.
1193 try {
1194 dpm.getWifiMacAddress();
1195 fail();
1196 } catch (SecurityException e) {
1197 MoreAsserts.assertContainsRegex("No active admin owned", e.getMessage());
1198 }
1199
1200 // DO needs to be an DA.
1201 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1202 assertTrue(dpm.isAdminActive(admin1));
1203
1204 // Test 2. Caller has DA, but not DO.
1205 try {
1206 dpm.getWifiMacAddress();
1207 fail();
1208 } catch (SecurityException e) {
1209 MoreAsserts.assertContainsRegex("No active admin owned", e.getMessage());
1210 }
1211
1212 // Test 3. Caller has PO, but not DO.
1213 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1214 try {
1215 dpm.getWifiMacAddress();
1216 fail();
1217 } catch (SecurityException e) {
1218 MoreAsserts.assertContainsRegex("No active admin owned", e.getMessage());
1219 }
1220
1221 // Remove PO.
1222 dpm.clearProfileOwner(admin1);
1223
1224 // Test 4, Caller is DO now.
1225 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1226
1227 // 4-1. But no WifiInfo.
1228 assertNull(dpm.getWifiMacAddress());
1229
1230 // 4-2. Returns WifiInfo, but with the default MAC.
1231 when(mContext.wifiManager.getConnectionInfo()).thenReturn(new WifiInfo());
1232 assertNull(dpm.getWifiMacAddress());
1233
1234 // 4-3. With a real MAC address.
1235 final WifiInfo wi = new WifiInfo();
1236 wi.setMacAddress("11:22:33:44:55:66");
1237 when(mContext.wifiManager.getConnectionInfo()).thenReturn(wi);
1238 assertEquals("11:22:33:44:55:66", dpm.getWifiMacAddress());
1239 }
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1240}