Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / a4f119790e32fcce56586e7324d508e35cb30a2a / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
blob: 03b892e55c41bfa10e799e9eba87083543883a0a [file] [log] [blame]
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]16package com.android.server.devicepolicy;
17
18import com.android.server.LocalServices;
19
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]20import android.Manifest.permission;
21import android.app.Activity;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]22import android.app.admin.DeviceAdminReceiver;
23import android.app.admin.DevicePolicyManager;
24import android.app.admin.DevicePolicyManagerInternal;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]25import android.content.BroadcastReceiver;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]26import android.content.ComponentName;
27import android.content.Intent;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]28import android.content.pm.ApplicationInfo;
29import android.content.pm.IPackageManager;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]30import android.content.pm.PackageManager;
31import android.content.pm.ResolveInfo;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]32import android.os.Bundle;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]33import android.content.pm.PackageInfo;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]34import android.os.UserHandle;
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame^]35import android.os.UserManager;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]36import android.util.Pair;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]37
38import org.mockito.ArgumentCaptor;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]39import org.mockito.invocation.InvocationOnMock;
40import org.mockito.stubbing.Answer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]41
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]42import java.util.HashMap;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]43import java.util.List;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]44import java.util.Map;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]45
46import static org.mockito.Matchers.any;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]47import static org.mockito.Matchers.anyString;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]48import static org.mockito.Matchers.eq;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]49import static org.mockito.Matchers.isNull;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]50import static org.mockito.Mockito.doAnswer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]51import static org.mockito.Mockito.doReturn;
52import static org.mockito.Mockito.times;
53import static org.mockito.Mockito.verify;
54import static org.mockito.Mockito.when;
55
56/**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]57 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]58 *
59 m FrameworksServicesTests &&
60 adb install \
61 -r out/target/product/hammerhead/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
62 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
63 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
64
65 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
66 */
67public class DevicePolicyManagerTest extends DpmTestBase {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]68 private DpmMockContext mContext;
69 public DevicePolicyManager dpm;
70 public DevicePolicyManagerServiceTestable dpms;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]71 public ComponentName admin1;
72 public ComponentName admin2;
73 public ComponentName admin3;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]74
75 @Override
76 protected void setUp() throws Exception {
77 super.setUp();
78
79 mContext = getContext();
80
81 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
82 .thenReturn(true);
83
84 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
85 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
86 dpm = new DevicePolicyManagerTestable(mContext, dpms);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]87
88 admin1 = new ComponentName(mRealTestContext, DummyDeviceAdmins.Admin1.class);
89 admin2 = new ComponentName(mRealTestContext, DummyDeviceAdmins.Admin2.class);
90 admin3 = new ComponentName(mRealTestContext, DummyDeviceAdmins.Admin3.class);
91
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]92 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
93 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
94 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]95
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]96 setUpApplicationInfo(PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED,
97 DpmMockContext.CALLER_UID);
98
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]99 setUpPackageInfo();
100 setUpUserManager();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]101 }
102
103 /**
104 * Set up a mock result for {@link PackageManager#queryBroadcastReceivers}. We'll return
105 * the actual ResolveInfo for the admin component, but we need to mock PM so it'll return
106 * it for user {@link DpmMockContext#CALLER_USER_HANDLE}.
107 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]108 private void setUpPackageManagerForAdmin(ComponentName admin, int packageUid) {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]109 final Intent resolveIntent = new Intent();
110 resolveIntent.setComponent(admin);
111 final List<ResolveInfo> realResolveInfo =
112 mRealTestContext.getPackageManager().queryBroadcastReceivers(
113 resolveIntent,
114 PackageManager.GET_META_DATA);
115 assertNotNull(realResolveInfo);
116 assertEquals(1, realResolveInfo.size());
117
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]118 // We need to change AI, so set a clone.
119 realResolveInfo.set(0, DpmTestUtils.cloneParcelable(realResolveInfo.get(0)));
120
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]121 // We need to rewrite the UID in the activity info.
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]122 realResolveInfo.get(0).activityInfo.applicationInfo.uid = packageUid;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]123
124 doReturn(realResolveInfo).when(mContext.packageManager).queryBroadcastReceivers(
125 MockUtils.checkIntentComponent(admin),
126 eq(PackageManager.GET_META_DATA
127 | PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS),
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]128 eq(UserHandle.getUserId(packageUid)));
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]129 }
130
131 /**
132 * Set up a mock result for {@link IPackageManager#getApplicationInfo} for user
133 * {@link DpmMockContext#CALLER_USER_HANDLE}.
134 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]135 private void setUpApplicationInfo(int enabledSetting, int packageUid) throws Exception {
136 final ApplicationInfo ai = DpmTestUtils.cloneParcelable(
137 mRealTestContext.getPackageManager().getApplicationInfo(
138 admin1.getPackageName(),
139 PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS));
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]140
141 ai.enabledSetting = enabledSetting;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]142 ai.uid = packageUid;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]143
144 doReturn(ai).when(mContext.ipackageManager).getApplicationInfo(
145 eq(admin1.getPackageName()),
146 eq(PackageManager.GET_DISABLED_UNTIL_USED_COMPONENTS),
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]147 eq(UserHandle.getUserId(packageUid)));
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]148 }
149
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]150 /**
151 * Set up a mock result for {@link IPackageManager#getPackageInfo(String, int, int)} for user
152 * {@link DpmMockContext#CALLER_USER_HANDLE} as well as the system user.
153 */
154 private void setUpPackageInfo() throws Exception {
155 final PackageInfo pi = mRealTestContext.getPackageManager().getPackageInfo(
156 admin1.getPackageName(), 0);
157 assertTrue(pi.applicationInfo.flags != 0);
158
159 doReturn(pi).when(mContext.ipackageManager).getPackageInfo(
160 eq(admin1.getPackageName()),
161 eq(0),
162 eq(DpmMockContext.CALLER_USER_HANDLE));
163 doReturn(pi).when(mContext.ipackageManager).getPackageInfo(
164 eq(admin1.getPackageName()),
165 eq(0),
166 eq(UserHandle.USER_SYSTEM));
167 }
168
169 private void setUpUserManager() {
170 // Emulate UserManager.set/getApplicationRestriction().
171 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
172
173 // UM.setApplicationRestrictions() will save to appRestrictions.
174 doAnswer(new Answer<Void>() {
175 @Override
176 public Void answer(InvocationOnMock invocation) throws Throwable {
177 String pkg = (String) invocation.getArguments()[0];
178 Bundle bundle = (Bundle) invocation.getArguments()[1];
179 UserHandle user = (UserHandle) invocation.getArguments()[2];
180
181 appRestrictions.put(Pair.create(pkg, user), bundle);
182
183 return null;
184 }
185 }).when(mContext.userManager).setApplicationRestrictions(
186 anyString(), any(Bundle.class), any(UserHandle.class));
187
188 // UM.getApplicationRestrictions() will read from appRestrictions.
189 doAnswer(new Answer<Bundle>() {
190 @Override
191 public Bundle answer(InvocationOnMock invocation) throws Throwable {
192 String pkg = (String) invocation.getArguments()[0];
193 UserHandle user = (UserHandle) invocation.getArguments()[1];
194
195 return appRestrictions.get(Pair.create(pkg, user));
196 }
197 }).when(mContext.userManager).getApplicationRestrictions(
198 anyString(), any(UserHandle.class));
199
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]200 // Add the first secondary user.
201 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]202 }
203
204 private void setAsProfileOwner(ComponentName admin) {
205 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
206 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
207
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame^]208 // PO needs to be an DA.
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]209 dpm.setActiveAdmin(admin, /* replace =*/ false);
210
211 // Fire!
212 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
213
214 // Check
215 assertEquals(admin1, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
216 }
217
218 public void testHasNoFeature() throws Exception {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]219 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
220 .thenReturn(false);
221
222 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
223 new DevicePolicyManagerServiceTestable(mContext, dataDir);
224
225 // If the device has no DPMS feature, it shouldn't register the local service.
226 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
227 }
228
229 /**
230 * Caller doesn't have proper permissions.
231 */
232 public void testSetActiveAdmin_SecurityException() {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]233 // 1. Failure cases.
234
235 // Caller doesn't have MANAGE_DEVICE_ADMINS.
236 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]237 dpm.setActiveAdmin(admin1, false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]238 fail("Didn't throw SecurityException");
239 } catch (SecurityException expected) {
240 }
241
242 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
243 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
244 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]245 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]246 fail("Didn't throw SecurityException");
247 } catch (SecurityException expected) {
248 }
249 }
250
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]251 /**
252 * Test for:
253 * {@link DevicePolicyManager#setActiveAdmin}
254 * with replace=false and replace=true
255 * {@link DevicePolicyManager#isAdminActive}
256 * {@link DevicePolicyManager#isAdminActiveAsUser}
257 * {@link DevicePolicyManager#getActiveAdmins}
258 * {@link DevicePolicyManager#getActiveAdminsAsUser}
259 */
260 public void testSetActiveAdmin() throws Exception {
261 // 1. Make sure the caller has proper permissions.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]262 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
263
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]264 // 2. Call the API.
265 dpm.setActiveAdmin(admin1, /* replace =*/ false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]266
267 // 3. Verify internal calls.
268
269 // Check if the boradcast is sent.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]270 verify(mContext.spiedContext).sendBroadcastAsUser(
271 MockUtils.checkIntentAction(
272 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
273 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
274 verify(mContext.spiedContext).sendBroadcastAsUser(
275 MockUtils.checkIntentAction(
276 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]277 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
278
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]279 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
280 eq(admin1.getPackageName()),
281 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
282 eq(PackageManager.DONT_KILL_APP),
283 eq(DpmMockContext.CALLER_USER_HANDLE),
284 anyString());
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]285
286 // TODO Verify other calls too.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]287
288 // Make sure it's active admin1.
289 assertTrue(dpm.isAdminActive(admin1));
290 assertFalse(dpm.isAdminActive(admin2));
291 assertFalse(dpm.isAdminActive(admin3));
292
293 // But not admin1 for a different user.
294
295 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
296 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
297 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
298
299 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
300 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
301
302 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
303
304 // Next, add one more admin.
305 // Before doing so, update the application info, now it's enabled.
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]306 setUpApplicationInfo(PackageManager.COMPONENT_ENABLED_STATE_ENABLED,
307 DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]308
309 dpm.setActiveAdmin(admin2, /* replace =*/ false);
310
311 // Now we have two admins.
312 assertTrue(dpm.isAdminActive(admin1));
313 assertTrue(dpm.isAdminActive(admin2));
314 assertFalse(dpm.isAdminActive(admin3));
315
316 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
317 // again. (times(1) because it was previously called for admin1)
318 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
319 eq(admin1.getPackageName()),
320 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
321 eq(PackageManager.DONT_KILL_APP),
322 eq(DpmMockContext.CALLER_USER_HANDLE),
323 anyString());
324
325 // 4. Add the same admin1 again without replace, which should throw.
326 try {
327 dpm.setActiveAdmin(admin1, /* replace =*/ false);
328 fail("Didn't throw");
329 } catch (IllegalArgumentException expected) {
330 }
331
332 // 5. Add the same admin1 again with replace, which should succeed.
333 dpm.setActiveAdmin(admin1, /* replace =*/ true);
334
335 // TODO make sure it's replaced.
336
337 // 6. Test getActiveAdmins()
338 List<ComponentName> admins = dpm.getActiveAdmins();
339 assertEquals(2, admins.size());
340 assertEquals(admin1, admins.get(0));
341 assertEquals(admin2, admins.get(1));
342
343 // Another user has no admins.
344 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
345
346 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
347 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
348
349 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
350 }
351
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]352 public void testSetActiveAdmin_multiUsers() throws Exception {
353
354 final int ANOTHER_USER_ID = 100;
355 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
356
357 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
358
359 // Set up pacakge manager for the other user.
360 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
361 setUpApplicationInfo(PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED,
362 ANOTHER_ADMIN_UID);
363
364 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
365
366 dpm.setActiveAdmin(admin1, /* replace =*/ false);
367
368 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
369 dpm.setActiveAdmin(admin2, /* replace =*/ false);
370
371
372 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
373 assertTrue(dpm.isAdminActive(admin1));
374 assertFalse(dpm.isAdminActive(admin2));
375
376 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
377 assertFalse(dpm.isAdminActive(admin1));
378 assertTrue(dpm.isAdminActive(admin2));
379 }
380
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]381 /**
382 * Test for:
383 * {@link DevicePolicyManager#setActiveAdmin}
384 * with replace=false
385 */
386 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
387 // 1. Make sure the caller has proper permissions.
388 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
389
390 dpm.setActiveAdmin(admin1, /* replace =*/ false);
391 assertTrue(dpm.isAdminActive(admin1));
392
393 // Add the same admin1 again without replace, which should throw.
394 try {
395 dpm.setActiveAdmin(admin1, /* replace =*/ false);
396 fail("Didn't throw");
397 } catch (IllegalArgumentException expected) {
398 }
399 }
400
401 /**
402 * Test for:
403 * {@link DevicePolicyManager#removeActiveAdmin}
404 */
405 public void testRemoveActiveAdmin_SecurityException() {
406 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
407
408 // Add admin.
409
410 dpm.setActiveAdmin(admin1, /* replace =*/ false);
411
412 assertTrue(dpm.isAdminActive(admin1));
413
414 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
415
416 // Directly call the DPMS method with a different userid, which should fail.
417 try {
418 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
419 fail("Didn't throw SecurityException");
420 } catch (SecurityException expected) {
421 }
422
423 // Try to remove active admin with a different caller userid should fail too, without
424 // having MANAGE_DEVICE_ADMINS.
425 mContext.callerPermissions.clear();
426
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]427 // Change the caller, and call into DPMS directly with a different user-id.
428
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]429 mContext.binder.callingUid = 1234567;
430 try {
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]431 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]432 fail("Didn't throw SecurityException");
433 } catch (SecurityException expected) {
434 }
435 }
436
437 /**
438 * Test for:
439 * {@link DevicePolicyManager#removeActiveAdmin}
440 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]441 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]442 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
443
444 // Add admin1.
445
446 dpm.setActiveAdmin(admin1, /* replace =*/ false);
447
448 assertTrue(dpm.isAdminActive(admin1));
449 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
450
451 // Different user, but should work, because caller has proper permissions.
452 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]453
454 // Change the caller, and call into DPMS directly with a different user-id.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]455 mContext.binder.callingUid = 1234567;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]456
457 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]458
459 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
460
461 // TODO DO Still can't be removed in this case.
462 }
463
464 /**
465 * Test for:
466 * {@link DevicePolicyManager#removeActiveAdmin}
467 */
468 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
469 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
470 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
471
472 // Add admin1.
473
474 dpm.setActiveAdmin(admin1, /* replace =*/ false);
475
476 assertTrue(dpm.isAdminActive(admin1));
477 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
478
479 // Broadcast from saveSettingsLocked().
480 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
481 MockUtils.checkIntentAction(
482 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
483 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
484
485 // Remove. No permissions, but same user, so it'll work.
486 mContext.callerPermissions.clear();
487 dpm.removeActiveAdmin(admin1);
488
489 final ArgumentCaptor<BroadcastReceiver> brCap =
490 ArgumentCaptor.forClass(BroadcastReceiver.class);
491
492 // Is removing now, but not removed yet.
493 assertTrue(dpm.isAdminActive(admin1));
494 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
495
496 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
497 MockUtils.checkIntentAction(
498 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
499 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
500 isNull(String.class),
501 brCap.capture(),
502 eq(dpms.mHandler),
503 eq(Activity.RESULT_OK),
504 isNull(String.class),
505 isNull(Bundle.class));
506
507 brCap.getValue().onReceive(mContext, null);
508
509 assertFalse(dpm.isAdminActive(admin1));
510 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
511
512 // Again broadcast from saveSettingsLocked().
513 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
514 MockUtils.checkIntentAction(
515 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
516 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
517
518 // TODO Check other internal calls.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]519 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]520
521 /**
522 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs
523 * successfully.
524 */
525 public void testSetDeviceOwner() throws Exception {
526 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
527 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
528 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
529
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]530 // In this test, change the caller user to "system".
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]531 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
532
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]533 // Make sure admin1 is installed on system user.
534 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
535 setUpApplicationInfo(PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED,
536 DpmMockContext.CALLER_SYSTEM_USER_UID);
537
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]538 // DO needs to be an DA.
539 dpm.setActiveAdmin(admin1, /* replace =*/ false);
540
541 // Fire!
542 assertTrue(dpm.setDeviceOwner(admin1.getPackageName(), "owner-name"));
543
544 // Verify internal calls.
545 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
546 eq(admin1.getPackageName()));
547
548 // TODO We should check if the caller has called clearCallerIdentity().
549 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
550 eq(UserHandle.USER_SYSTEM), eq(false));
551
552 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
553 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
554 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
555
556 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
557
558 // TODO Test getDeviceOwnerName() too. To do so, we need to change
559 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
560 }
561
562 /**
563 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
564 */
565 public void testSetDeviceOwner_noSuchPackage() {
566 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
567 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
568 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
569
570 // Call from a process on the system user.
571 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
572
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]573 try {
574 dpm.setDeviceOwner("a.b.c");
575 fail("Didn't throw IllegalArgumentException");
576 } catch (IllegalArgumentException expected) {
577 }
578 }
579
580 public void testSetDeviceOwner_failures() throws Exception {
581 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
582 }
583
584 public void testSetProfileOwner() throws Exception {
585 setAsProfileOwner(admin1);
586 }
587
588 public void testSetProfileOwner_failures() throws Exception {
589 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
590 }
591
592 public void testSetGetApplicationRestriction() {
593 setAsProfileOwner(admin1);
594
595 {
596 Bundle rest = new Bundle();
597 rest.putString("KEY_STRING", "Foo1");
598 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
599 }
600
601 {
602 Bundle rest = new Bundle();
603 rest.putString("KEY_STRING", "Foo2");
604 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
605 }
606
607 {
608 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
609 assertNotNull(returned);
610 assertEquals(returned.size(), 1);
611 assertEquals(returned.get("KEY_STRING"), "Foo1");
612 }
613
614 {
615 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
616 assertNotNull(returned);
617 assertEquals(returned.size(), 1);
618 assertEquals(returned.get("KEY_STRING"), "Foo2");
619 }
620
621 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
622 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
623 }
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame^]624
625 public void testSetUserRestriction_asDo() throws Exception {
626 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
627 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
628 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
629
630 // First, set DO.
631
632 // Call from a process on the system user.
633 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
634
635 // Make sure admin1 is installed on system user.
636 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
637 setUpApplicationInfo(PackageManager.COMPONENT_ENABLED_STATE_DISABLED_UNTIL_USED,
638 DpmMockContext.CALLER_SYSTEM_USER_UID);
639
640 // Call.
641 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
642 assertTrue(dpm.setDeviceOwner(admin1.getPackageName(), "owner-name",
643 UserHandle.USER_SYSTEM));
644
645 assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
646 .getBoolean(UserManager.DISALLOW_SMS));
647 assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
648 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
649
650 dpm.addUserRestriction(admin1, UserManager.DISALLOW_SMS);
651 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
652
653 assertTrue(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
654 .getBoolean(UserManager.DISALLOW_SMS));
655 assertTrue(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
656 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
657
658 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_SMS);
659
660 assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
661 .getBoolean(UserManager.DISALLOW_SMS));
662 assertTrue(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
663 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
664
665 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
666
667 assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
668 .getBoolean(UserManager.DISALLOW_SMS));
669 assertFalse(dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
670 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
671
672 // TODO Check inner calls.
673 // TODO Make sure restrictions are written to the file.
674 }
675
676 public void testSetUserRestriction_asPo() {
677 setAsProfileOwner(admin1);
678
679 assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
680 .ensureUserRestrictions()
681 .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
682 assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
683 .ensureUserRestrictions()
684 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
685
686 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
687 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
688
689 assertTrue(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
690 .ensureUserRestrictions()
691 .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
692 assertTrue(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
693 .ensureUserRestrictions()
694 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
695
696 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
697
698 assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
699 .ensureUserRestrictions()
700 .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
701 assertTrue(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
702 .ensureUserRestrictions()
703 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
704
705 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
706
707 assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
708 .ensureUserRestrictions()
709 .getBoolean(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES));
710 assertFalse(dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
711 .ensureUserRestrictions()
712 .getBoolean(UserManager.DISALLOW_OUTGOING_CALLS));
713
714 // TODO Check inner calls.
715 // TODO Make sure restrictions are written to the file.
716 }
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]717}