Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / afad8783699b1ba6f3c7ee5961d6ddc2bd771dc1 / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
blob: 72421ae1f959b0357d6ca399cd5f3b3088a08153 [file] [log] [blame]
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]16package com.android.server.devicepolicy;
17
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]18import android.Manifest.permission;
19import android.app.Activity;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]20import android.app.admin.DeviceAdminReceiver;
21import android.app.admin.DevicePolicyManager;
22import android.app.admin.DevicePolicyManagerInternal;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]23import android.content.BroadcastReceiver;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]24import android.content.ComponentName;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]25import android.content.pm.PackageManager;
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]26import android.net.wifi.WifiInfo;
Makoto Onuki3ab6f2e2015-11-05 13:55:37 -0800[diff] [blame]27import android.os.Build.VERSION_CODES;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]28import android.os.Bundle;
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]29import android.os.Process;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]30import android.os.UserHandle;
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]31import android.os.UserManager;
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]32import android.test.MoreAsserts;
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]33import android.util.ArraySet;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]34import android.util.Pair;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]35
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame^]36import com.android.server.LocalServices;
37import com.android.server.SystemService;
38
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]39import org.mockito.ArgumentCaptor;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]40import org.mockito.invocation.InvocationOnMock;
41import org.mockito.stubbing.Answer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]42
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]43import java.util.ArrayList;
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame^]44import java.util.Arrays;
45import java.util.Collections;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]46import java.util.HashMap;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]47import java.util.List;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]48import java.util.Map;
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]49import java.util.Set;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]50
51import static org.mockito.Matchers.any;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]52import static org.mockito.Matchers.anyInt;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]53import static org.mockito.Matchers.anyString;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]54import static org.mockito.Matchers.eq;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]55import static org.mockito.Matchers.isNull;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]56import static org.mockito.Mockito.doAnswer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]57import static org.mockito.Mockito.doReturn;
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]58import static org.mockito.Mockito.reset;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]59import static org.mockito.Mockito.times;
60import static org.mockito.Mockito.verify;
61import static org.mockito.Mockito.when;
62
63/**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]64 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]65 *
66 m FrameworksServicesTests &&
67 adb install \
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame^]68 -r ${ANDROID_PRODUCT_OUT}/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]69 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]70 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]71
72 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
73 */
74public class DevicePolicyManagerTest extends DpmTestBase {
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame^]75 private static final List<String> OWNER_SETUP_PERMISSIONS = Arrays.asList(
76 permission.MANAGE_DEVICE_ADMINS, permission.MANAGE_PROFILE_AND_DEVICE_OWNERS,
77 permission.MANAGE_USERS, permission.INTERACT_ACROSS_USERS_FULL);
78
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]79 private DpmMockContext mContext;
80 public DevicePolicyManager dpm;
81 public DevicePolicyManagerServiceTestable dpms;
82
83 @Override
84 protected void setUp() throws Exception {
85 super.setUp();
86
87 mContext = getContext();
88
89 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
90 .thenReturn(true);
91
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]92 initializeDpms();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]93
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]94 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
95 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
96 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
Makoto Onuki3ab6f2e2015-11-05 13:55:37 -0800[diff] [blame]97 setUpPackageManagerForAdmin(adminNoPerm, DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]98
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]99 setUpUserManager();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]100 }
101
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]102 private void initializeDpms() {
103 // Need clearCallingIdentity() to pass permission checks.
104 final long ident = mContext.binder.clearCallingIdentity();
105 try {
106 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
107
108 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
109
110 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY);
111 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED);
112
113 dpm = new DevicePolicyManagerTestable(mContext, dpms);
114 } finally {
115 mContext.binder.restoreCallingIdentity(ident);
116 }
117 }
118
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]119 private void setUpUserManager() {
120 // Emulate UserManager.set/getApplicationRestriction().
121 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
122
123 // UM.setApplicationRestrictions() will save to appRestrictions.
124 doAnswer(new Answer<Void>() {
125 @Override
126 public Void answer(InvocationOnMock invocation) throws Throwable {
127 String pkg = (String) invocation.getArguments()[0];
128 Bundle bundle = (Bundle) invocation.getArguments()[1];
129 UserHandle user = (UserHandle) invocation.getArguments()[2];
130
131 appRestrictions.put(Pair.create(pkg, user), bundle);
132
133 return null;
134 }
135 }).when(mContext.userManager).setApplicationRestrictions(
136 anyString(), any(Bundle.class), any(UserHandle.class));
137
138 // UM.getApplicationRestrictions() will read from appRestrictions.
139 doAnswer(new Answer<Bundle>() {
140 @Override
141 public Bundle answer(InvocationOnMock invocation) throws Throwable {
142 String pkg = (String) invocation.getArguments()[0];
143 UserHandle user = (UserHandle) invocation.getArguments()[1];
144
145 return appRestrictions.get(Pair.create(pkg, user));
146 }
147 }).when(mContext.userManager).getApplicationRestrictions(
148 anyString(), any(UserHandle.class));
149
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]150 // Add the first secondary user.
151 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]152 }
153
154 private void setAsProfileOwner(ComponentName admin) {
155 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
156 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
157
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]158 // PO needs to be an DA.
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]159 dpm.setActiveAdmin(admin, /* replace =*/ false);
160
161 // Fire!
162 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
163
164 // Check
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]165 assertEquals(admin, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]166 }
167
168 public void testHasNoFeature() throws Exception {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]169 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
170 .thenReturn(false);
171
172 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
173 new DevicePolicyManagerServiceTestable(mContext, dataDir);
174
175 // If the device has no DPMS feature, it shouldn't register the local service.
176 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
177 }
178
179 /**
180 * Caller doesn't have proper permissions.
181 */
182 public void testSetActiveAdmin_SecurityException() {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]183 // 1. Failure cases.
184
185 // Caller doesn't have MANAGE_DEVICE_ADMINS.
186 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]187 dpm.setActiveAdmin(admin1, false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]188 fail("Didn't throw SecurityException");
189 } catch (SecurityException expected) {
190 }
191
192 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
193 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
194 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]195 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]196 fail("Didn't throw SecurityException");
197 } catch (SecurityException expected) {
198 }
199 }
200
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]201 /**
202 * Test for:
203 * {@link DevicePolicyManager#setActiveAdmin}
204 * with replace=false and replace=true
205 * {@link DevicePolicyManager#isAdminActive}
206 * {@link DevicePolicyManager#isAdminActiveAsUser}
207 * {@link DevicePolicyManager#getActiveAdmins}
208 * {@link DevicePolicyManager#getActiveAdminsAsUser}
209 */
210 public void testSetActiveAdmin() throws Exception {
211 // 1. Make sure the caller has proper permissions.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]212 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
213
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]214 // 2. Call the API.
215 dpm.setActiveAdmin(admin1, /* replace =*/ false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]216
217 // 3. Verify internal calls.
218
219 // Check if the boradcast is sent.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]220 verify(mContext.spiedContext).sendBroadcastAsUser(
221 MockUtils.checkIntentAction(
222 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
223 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
224 verify(mContext.spiedContext).sendBroadcastAsUser(
225 MockUtils.checkIntentAction(
226 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]227 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
228
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]229 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
230 eq(admin1.getPackageName()),
231 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
232 eq(PackageManager.DONT_KILL_APP),
233 eq(DpmMockContext.CALLER_USER_HANDLE),
234 anyString());
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]235
236 // TODO Verify other calls too.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]237
238 // Make sure it's active admin1.
239 assertTrue(dpm.isAdminActive(admin1));
240 assertFalse(dpm.isAdminActive(admin2));
241 assertFalse(dpm.isAdminActive(admin3));
242
243 // But not admin1 for a different user.
244
245 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
246 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
247 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
248
249 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
250 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
251
252 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
253
254 // Next, add one more admin.
255 // Before doing so, update the application info, now it's enabled.
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]256 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,
257 PackageManager.COMPONENT_ENABLED_STATE_ENABLED);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]258
259 dpm.setActiveAdmin(admin2, /* replace =*/ false);
260
261 // Now we have two admins.
262 assertTrue(dpm.isAdminActive(admin1));
263 assertTrue(dpm.isAdminActive(admin2));
264 assertFalse(dpm.isAdminActive(admin3));
265
266 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
267 // again. (times(1) because it was previously called for admin1)
268 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
269 eq(admin1.getPackageName()),
270 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
271 eq(PackageManager.DONT_KILL_APP),
272 eq(DpmMockContext.CALLER_USER_HANDLE),
273 anyString());
274
275 // 4. Add the same admin1 again without replace, which should throw.
276 try {
277 dpm.setActiveAdmin(admin1, /* replace =*/ false);
278 fail("Didn't throw");
279 } catch (IllegalArgumentException expected) {
280 }
281
282 // 5. Add the same admin1 again with replace, which should succeed.
283 dpm.setActiveAdmin(admin1, /* replace =*/ true);
284
285 // TODO make sure it's replaced.
286
287 // 6. Test getActiveAdmins()
288 List<ComponentName> admins = dpm.getActiveAdmins();
289 assertEquals(2, admins.size());
290 assertEquals(admin1, admins.get(0));
291 assertEquals(admin2, admins.get(1));
292
293 // Another user has no admins.
294 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
295
296 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
297 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
298
299 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
300 }
301
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]302 public void testSetActiveAdmin_multiUsers() throws Exception {
303
304 final int ANOTHER_USER_ID = 100;
305 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
306
307 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
308
309 // Set up pacakge manager for the other user.
310 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]311
312 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
313
314 dpm.setActiveAdmin(admin1, /* replace =*/ false);
315
316 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
317 dpm.setActiveAdmin(admin2, /* replace =*/ false);
318
319
320 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
321 assertTrue(dpm.isAdminActive(admin1));
322 assertFalse(dpm.isAdminActive(admin2));
323
324 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
325 assertFalse(dpm.isAdminActive(admin1));
326 assertTrue(dpm.isAdminActive(admin2));
327 }
328
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]329 /**
330 * Test for:
331 * {@link DevicePolicyManager#setActiveAdmin}
332 * with replace=false
333 */
334 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
335 // 1. Make sure the caller has proper permissions.
336 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
337
338 dpm.setActiveAdmin(admin1, /* replace =*/ false);
339 assertTrue(dpm.isAdminActive(admin1));
340
341 // Add the same admin1 again without replace, which should throw.
342 try {
343 dpm.setActiveAdmin(admin1, /* replace =*/ false);
344 fail("Didn't throw");
345 } catch (IllegalArgumentException expected) {
346 }
347 }
348
349 /**
350 * Test for:
Makoto Onuki3ab6f2e2015-11-05 13:55:37 -0800[diff] [blame]351 * {@link DevicePolicyManager#setActiveAdmin} when the admin isn't protected with
352 * BIND_DEVICE_ADMIN.
353 */
354 public void testSetActiveAdmin_permissionCheck() throws Exception {
355 // 1. Make sure the caller has proper permissions.
356 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
357
358 try {
359 dpm.setActiveAdmin(adminNoPerm, /* replace =*/ false);
360 fail();
361 } catch (IllegalArgumentException expected) {
362 assertTrue(expected.getMessage().contains(permission.BIND_DEVICE_ADMIN));
363 }
364 assertFalse(dpm.isAdminActive(adminNoPerm));
365
366 // Change the target API level to MNC. Now it can be set as DA.
367 setUpPackageManagerForAdmin(adminNoPerm, DpmMockContext.CALLER_UID, null,
368 VERSION_CODES.M);
369 dpm.setActiveAdmin(adminNoPerm, /* replace =*/ false);
370 assertTrue(dpm.isAdminActive(adminNoPerm));
371
372 // TODO Test the "load from the file" case where DA will still be loaded even without
373 // BIND_DEVICE_ADMIN and target API is N.
374 }
375
376 /**
377 * Test for:
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]378 * {@link DevicePolicyManager#removeActiveAdmin}
379 */
380 public void testRemoveActiveAdmin_SecurityException() {
381 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
382
383 // Add admin.
384
385 dpm.setActiveAdmin(admin1, /* replace =*/ false);
386
387 assertTrue(dpm.isAdminActive(admin1));
388
389 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
390
391 // Directly call the DPMS method with a different userid, which should fail.
392 try {
393 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
394 fail("Didn't throw SecurityException");
395 } catch (SecurityException expected) {
396 }
397
398 // Try to remove active admin with a different caller userid should fail too, without
399 // having MANAGE_DEVICE_ADMINS.
400 mContext.callerPermissions.clear();
401
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]402 // Change the caller, and call into DPMS directly with a different user-id.
403
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]404 mContext.binder.callingUid = 1234567;
405 try {
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]406 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]407 fail("Didn't throw SecurityException");
408 } catch (SecurityException expected) {
409 }
410 }
411
412 /**
413 * Test for:
414 * {@link DevicePolicyManager#removeActiveAdmin}
415 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]416 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]417 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
418
419 // Add admin1.
420
421 dpm.setActiveAdmin(admin1, /* replace =*/ false);
422
423 assertTrue(dpm.isAdminActive(admin1));
424 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
425
426 // Different user, but should work, because caller has proper permissions.
427 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]428
429 // Change the caller, and call into DPMS directly with a different user-id.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]430 mContext.binder.callingUid = 1234567;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]431
432 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]433
434 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
435
436 // TODO DO Still can't be removed in this case.
437 }
438
439 /**
440 * Test for:
441 * {@link DevicePolicyManager#removeActiveAdmin}
442 */
443 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
444 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
445 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
446
447 // Add admin1.
448
449 dpm.setActiveAdmin(admin1, /* replace =*/ false);
450
451 assertTrue(dpm.isAdminActive(admin1));
452 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
453
454 // Broadcast from saveSettingsLocked().
455 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
456 MockUtils.checkIntentAction(
457 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
458 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
459
460 // Remove. No permissions, but same user, so it'll work.
461 mContext.callerPermissions.clear();
462 dpm.removeActiveAdmin(admin1);
463
464 final ArgumentCaptor<BroadcastReceiver> brCap =
465 ArgumentCaptor.forClass(BroadcastReceiver.class);
466
467 // Is removing now, but not removed yet.
468 assertTrue(dpm.isAdminActive(admin1));
469 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
470
471 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
472 MockUtils.checkIntentAction(
473 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
474 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
475 isNull(String.class),
476 brCap.capture(),
477 eq(dpms.mHandler),
478 eq(Activity.RESULT_OK),
479 isNull(String.class),
480 isNull(Bundle.class));
481
482 brCap.getValue().onReceive(mContext, null);
483
484 assertFalse(dpm.isAdminActive(admin1));
485 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
486
487 // Again broadcast from saveSettingsLocked().
488 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
489 MockUtils.checkIntentAction(
490 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
491 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
492
493 // TODO Check other internal calls.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]494 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]495
496 /**
497 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs
498 * successfully.
499 */
500 public void testSetDeviceOwner() throws Exception {
501 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]502 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]503 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
504 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
505
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]506 // In this test, change the caller user to "system".
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]507 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
508
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]509 // Make sure admin1 is installed on system user.
510 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]511
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]512 // Check various get APIs.
513 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ false);
514
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]515 // DO needs to be an DA.
516 dpm.setActiveAdmin(admin1, /* replace =*/ false);
517
518 // Fire!
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]519 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]520
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]521 // getDeviceOwnerComponent should return the admin1 component.
522 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
523 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
524
525 // Check various get APIs.
526 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ true);
527
528 // getDeviceOwnerComponent should *NOT* return the admin1 component for other users.
529 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
530 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
531 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
532
533 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
534
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]535 // Verify internal calls.
536 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
537 eq(admin1.getPackageName()));
538
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]539 // TODO We should check if the caller has called clearCallerIdentity().
540 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
541 eq(UserHandle.USER_SYSTEM), eq(false));
542
543 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
544 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
545 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
546
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]547 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]548
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]549 // Try to set a profile owner on the same user, which should fail.
550 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
551 dpm.setActiveAdmin(admin2, /* refreshing= */ true, UserHandle.USER_SYSTEM);
552 try {
553 dpm.setProfileOwner(admin2, "owner-name", UserHandle.USER_SYSTEM);
554 fail("IllegalStateException not thrown");
555 } catch (IllegalStateException expected) {
556 assertTrue("Message was: " + expected.getMessage(),
557 expected.getMessage().contains("already has a device owner"));
558 }
559
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]560 // TODO Test getDeviceOwnerName() too. To do so, we need to change
561 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
562 }
563
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]564 private void checkGetDeviceOwnerInfoApi(DevicePolicyManager dpm, boolean hasDeviceOwner) {
565 final int origCallingUser = mContext.binder.callingUid;
566 final List origPermissions = new ArrayList(mContext.callerPermissions);
567 mContext.callerPermissions.clear();
568
569 mContext.callerPermissions.add(permission.MANAGE_USERS);
570
571 mContext.binder.callingUid = Process.SYSTEM_UID;
572
573 // TODO Test getDeviceOwnerName() too. To do so, we need to change
574 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
575 if (hasDeviceOwner) {
576 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
577 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
578 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
579
580 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
581 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
582 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
583 } else {
584 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
585 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
586 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
587
588 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
589 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
590 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
591 }
592
593 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
594 if (hasDeviceOwner) {
595 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
596 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
597 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
598
599 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
600 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
601 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
602 } else {
603 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
604 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
605 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
606
607 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
608 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
609 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
610 }
611
612 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
613 // Still with MANAGE_USERS.
614 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
615 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
616 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
617
618 if (hasDeviceOwner) {
619 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
620 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
621 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
622 } else {
623 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
624 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
625 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
626 }
627
628 mContext.binder.callingUid = Process.SYSTEM_UID;
629 mContext.callerPermissions.remove(permission.MANAGE_USERS);
630 // System can still call "OnAnyUser" without MANAGE_USERS.
631 if (hasDeviceOwner) {
632 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
633 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
634 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
635
636 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
637 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
638 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
639 } else {
640 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
641 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
642 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
643
644 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
645 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
646 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
647 }
648
649 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
650 // Still no MANAGE_USERS.
651 if (hasDeviceOwner) {
652 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
653 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
654 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
655 } else {
656 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
657 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
658 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
659 }
660
661 try {
662 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
663 fail();
664 } catch (SecurityException expected) {
665 }
666 try {
667 dpm.getDeviceOwnerComponentOnAnyUser();
668 fail();
669 } catch (SecurityException expected) {
670 }
671 try {
672 dpm.getDeviceOwnerUserId();
673 fail();
674 } catch (SecurityException expected) {
675 }
676 try {
677 dpm.getDeviceOwnerNameOnAnyUser();
678 fail();
679 } catch (SecurityException expected) {
680 }
681
682 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
683 // Still no MANAGE_USERS.
684 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
685 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
686 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
687
688 try {
689 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
690 fail();
691 } catch (SecurityException expected) {
692 }
693 try {
694 dpm.getDeviceOwnerComponentOnAnyUser();
695 fail();
696 } catch (SecurityException expected) {
697 }
698 try {
699 dpm.getDeviceOwnerUserId();
700 fail();
701 } catch (SecurityException expected) {
702 }
703 try {
704 dpm.getDeviceOwnerNameOnAnyUser();
705 fail();
706 } catch (SecurityException expected) {
707 }
708
709 // Restore.
710 mContext.binder.callingUid = origCallingUser;
711 mContext.callerPermissions.addAll(origPermissions);
712 }
713
714
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]715 /**
716 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
717 */
718 public void testSetDeviceOwner_noSuchPackage() {
719 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]720 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]721 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
722 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
723
724 // Call from a process on the system user.
725 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
726
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]727 try {
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]728 dpm.setDeviceOwner(new ComponentName("a.b.c", ".def"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]729 fail("Didn't throw IllegalArgumentException");
730 } catch (IllegalArgumentException expected) {
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]731 assertTrue("Message was: " + expected.getMessage(),
732 expected.getMessage().contains("Invalid component"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]733 }
734 }
735
736 public void testSetDeviceOwner_failures() throws Exception {
737 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
738 }
739
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]740 public void testClearDeviceOwner() throws Exception {
741 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]742 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]743 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
744 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
745
746 // Set admin1 as a DA to the secondary user.
747 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
748
749 dpm.setActiveAdmin(admin1, /* replace =*/ false);
750
751 // Set admin 1 as the DO to the system user.
752
753 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
754 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
755 dpm.setActiveAdmin(admin1, /* replace =*/ false);
756 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
757
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]758 // Verify internal calls.
759 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
760 eq(admin1.getPackageName()));
761
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]762 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]763
764 // Set up other mocks.
765 when(mContext.userManager.getUserRestrictions()).thenReturn(new Bundle());
766
767 // Now call clear.
Jeff Sharkeye06b4d12016-01-06 14:51:50 -0700[diff] [blame]768 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager).getPackageUidAsUser(
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]769 eq(admin1.getPackageName()),
770 anyInt());
771 dpm.clearDeviceOwnerApp(admin1.getPackageName());
772
773 // Now DO shouldn't be set.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]774 assertNull(dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]775
776 // TODO Check other calls.
777 }
778
779 public void testClearDeviceOwner_fromDifferentUser() throws Exception {
780 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]781 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]782 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
783 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
784
785 // Set admin1 as a DA to the secondary user.
786 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
787
788 dpm.setActiveAdmin(admin1, /* replace =*/ false);
789
790 // Set admin 1 as the DO to the system user.
791
792 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
793 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
794 dpm.setActiveAdmin(admin1, /* replace =*/ false);
795 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
796
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]797 // Verify internal calls.
798 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
799 eq(admin1.getPackageName()));
800
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]801 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]802
803 // Now call clear from the secondary user, which should throw.
804 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
805
806 // Now call clear.
Jeff Sharkeye06b4d12016-01-06 14:51:50 -0700[diff] [blame]807 doReturn(DpmMockContext.CALLER_UID).when(mContext.packageManager).getPackageUidAsUser(
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]808 eq(admin1.getPackageName()),
809 anyInt());
810 try {
811 dpm.clearDeviceOwnerApp(admin1.getPackageName());
812 fail("Didn't throw");
813 } catch (SecurityException e) {
814 assertEquals("clearDeviceOwner can only be called by the device owner", e.getMessage());
815 }
816
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]817 // DO shouldn't be removed.
818 assertTrue(dpm.isDeviceManaged());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]819 }
820
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]821 public void testSetProfileOwner() throws Exception {
822 setAsProfileOwner(admin1);
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]823
824 // Try setting DO on the same user, which should fail.
825 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
826 dpm.setActiveAdmin(admin2, /* refreshing= */ true, DpmMockContext.CALLER_USER_HANDLE);
827 try {
828 dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE);
829 fail("IllegalStateException not thrown");
830 } catch (IllegalStateException expected) {
831 assertTrue("Message was: " + expected.getMessage(),
832 expected.getMessage().contains("already has a profile owner"));
833 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]834 }
835
836 public void testSetProfileOwner_failures() throws Exception {
837 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
838 }
839
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]840 public void testGetDeviceOwnerAdminLocked() throws Exception {
841 checkDeviceOwnerWithMultipleDeviceAdmins();
842 }
843
844 private void checkDeviceOwnerWithMultipleDeviceAdmins() throws Exception {
845 // In ths test, we use 3 users (system + 2 secondary users), set some device admins to them,
846 // set admin2 on CALLER_USER_HANDLE as DO, then call getDeviceOwnerAdminLocked() to
847 // make sure it gets the right component from the right user.
848
849 final int ANOTHER_USER_ID = 100;
850 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 456);
851
852 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
853
854 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]855 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]856 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
857 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
858
859 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
860
861 // Make sure the admin packge is installed to each user.
862 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
863 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID);
864
865 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
866 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
867
868 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
869
870
871 // Set active admins to the users.
872 dpm.setActiveAdmin(admin1, /* replace =*/ false);
873 dpm.setActiveAdmin(admin3, /* replace =*/ false);
874
875 dpm.setActiveAdmin(admin1, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
876 dpm.setActiveAdmin(admin2, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
877
878 dpm.setActiveAdmin(admin2, /* replace =*/ false, ANOTHER_USER_ID);
879
880 // Set DO on the first non-system user.
881 mContext.setUserRunning(DpmMockContext.CALLER_USER_HANDLE, true);
882 assertTrue(dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
883
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]884 assertEquals(admin2, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]885
886 // Then check getDeviceOwnerAdminLocked().
887 assertEquals(admin2, dpms.getDeviceOwnerAdminLocked().info.getComponent());
888 assertEquals(DpmMockContext.CALLER_UID, dpms.getDeviceOwnerAdminLocked().getUid());
889 }
890
891 /**
892 * This essentially tests
893 * {@code DevicePolicyManagerService.findOwnerComponentIfNecessaryLocked()}. (which is private.)
894 *
895 * We didn't use to persist the DO component class name, but now we do, and the above method
896 * finds the right component from a package name upon migration.
897 */
898 public void testDeviceOwnerMigration() throws Exception {
899 checkDeviceOwnerWithMultipleDeviceAdmins();
900
901 // Overwrite the device owner setting and clears the clas name.
902 dpms.mOwners.setDeviceOwner(
903 new ComponentName(admin2.getPackageName(), ""),
904 "owner-name", DpmMockContext.CALLER_USER_HANDLE);
905 dpms.mOwners.writeDeviceOwner();
906
907 // Make sure the DO component name doesn't have a class name.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]908 assertEquals("", dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false).getClassName());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]909
910 // Then create a new DPMS to have it load the settings from files.
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]911 when(mContext.userManager.getUserRestrictions(any(UserHandle.class)))
912 .thenReturn(new Bundle());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]913 initializeDpms();
914
915 // Now the DO component name is a full name.
916 // *BUT* because both admin1 and admin2 belong to the same package, we think admin1 is the
917 // DO.
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]918 assertEquals(admin1, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]919 }
920
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]921 public void testSetGetApplicationRestriction() {
922 setAsProfileOwner(admin1);
923
924 {
925 Bundle rest = new Bundle();
926 rest.putString("KEY_STRING", "Foo1");
927 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
928 }
929
930 {
931 Bundle rest = new Bundle();
932 rest.putString("KEY_STRING", "Foo2");
933 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
934 }
935
936 {
937 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
938 assertNotNull(returned);
939 assertEquals(returned.size(), 1);
940 assertEquals(returned.get("KEY_STRING"), "Foo1");
941 }
942
943 {
944 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
945 assertNotNull(returned);
946 assertEquals(returned.size(), 1);
947 assertEquals(returned.get("KEY_STRING"), "Foo2");
948 }
949
950 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
951 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
952 }
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]953
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]954 public void testApplicationRestrictionsManagingApp() throws Exception {
955 setAsProfileOwner(admin1);
956
957 final String appRestrictionsManagerPackage = "com.google.app.restrictions.manager";
958 final int appRestrictionsManagerAppId = 20987;
959 final int appRestrictionsManagerUid = UserHandle.getUid(
960 DpmMockContext.CALLER_USER_HANDLE, appRestrictionsManagerAppId);
Jeff Sharkeye06b4d12016-01-06 14:51:50 -0700[diff] [blame]961 doReturn(appRestrictionsManagerUid).when(mContext.packageManager).getPackageUidAsUser(
Esteban Talaverabf60f722015-12-10 16:26:44 +0000[diff] [blame]962 eq(appRestrictionsManagerPackage),
963 eq(DpmMockContext.CALLER_USER_HANDLE));
964 mContext.binder.callingUid = appRestrictionsManagerUid;
965
966 // appRestrictionsManager package shouldn't be able to manage restrictions as the PO hasn't
967 // delegated that permission yet.
968 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
969 Bundle rest = new Bundle();
970 rest.putString("KEY_STRING", "Foo1");
971 try {
972 dpm.setApplicationRestrictions(null, "pkg1", rest);
973 fail("Didn't throw expected SecurityException");
974 } catch (SecurityException expected) {
975 MoreAsserts.assertContainsRegex(
976 "caller cannot manage application restrictions", expected.getMessage());
977 }
978 try {
979 dpm.getApplicationRestrictions(null, "pkg1");
980 fail("Didn't throw expected SecurityException");
981 } catch (SecurityException expected) {
982 MoreAsserts.assertContainsRegex(
983 "caller cannot manage application restrictions", expected.getMessage());
984 }
985
986 // Check via the profile owner that no restrictions were set.
987 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
988 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg1").size());
989
990 // Let appRestrictionsManagerPackage manage app restrictions
991 dpm.setApplicationRestrictionsManagingPackage(admin1, appRestrictionsManagerPackage);
992 assertEquals(appRestrictionsManagerPackage,
993 dpm.getApplicationRestrictionsManagingPackage(admin1));
994
995 // Now that package should be able to set and retrieve app restrictions.
996 mContext.binder.callingUid = appRestrictionsManagerUid;
997 assertTrue(dpm.isCallerApplicationRestrictionsManagingPackage());
998 dpm.setApplicationRestrictions(null, "pkg1", rest);
999 Bundle returned = dpm.getApplicationRestrictions(null, "pkg1");
1000 assertEquals(1, returned.size(), 1);
1001 assertEquals("Foo1", returned.get("KEY_STRING"));
1002
1003 // The same app running on a separate user shouldn't be able to manage app restrictions.
1004 mContext.binder.callingUid = UserHandle.getUid(
1005 UserHandle.USER_SYSTEM, appRestrictionsManagerAppId);
1006 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1007 try {
1008 dpm.setApplicationRestrictions(null, "pkg1", rest);
1009 fail("Didn't throw expected SecurityException");
1010 } catch (SecurityException expected) {
1011 MoreAsserts.assertContainsRegex(
1012 "caller cannot manage application restrictions", expected.getMessage());
1013 }
1014
1015 // The DPM is still able to manage app restrictions, even if it allowed another app to do it
1016 // too.
1017 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1018 assertEquals(returned, dpm.getApplicationRestrictions(admin1, "pkg1"));
1019 dpm.setApplicationRestrictions(admin1, "pkg1", null);
1020 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg1").size());
1021
1022 // Removing the ability for the package to manage app restrictions.
1023 dpm.setApplicationRestrictionsManagingPackage(admin1, null);
1024 assertNull(dpm.getApplicationRestrictionsManagingPackage(admin1));
1025 mContext.binder.callingUid = appRestrictionsManagerUid;
1026 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1027 try {
1028 dpm.setApplicationRestrictions(null, "pkg1", null);
1029 fail("Didn't throw expected SecurityException");
1030 } catch (SecurityException expected) {
1031 MoreAsserts.assertContainsRegex(
1032 "caller cannot manage application restrictions", expected.getMessage());
1033 }
1034 }
1035
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1036 public void testSetUserRestriction_asDo() throws Exception {
1037 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
Makoto Onukic8a5a552015-11-19 14:29:12 -0800[diff] [blame]1038 mContext.callerPermissions.add(permission.MANAGE_USERS);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1039 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1040 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1041
1042 // First, set DO.
1043
1044 // Call from a process on the system user.
1045 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1046
1047 // Make sure admin1 is installed on system user.
1048 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1049
1050 // Call.
1051 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]1052 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1053 UserHandle.USER_SYSTEM));
1054
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1055 DpmTestUtils.assertRestrictions(
1056 DpmTestUtils.newRestrictions(),
1057 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1058 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1059 DpmTestUtils.assertRestrictions(
1060 DpmTestUtils.newRestrictions(),
1061 dpm.getUserRestrictions(admin1)
1062 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1063
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1064 reset(mContext.userManagerInternal);
1065
1066 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1067 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1068 eq(UserHandle.USER_SYSTEM),
1069 MockUtils.checkUserRestrictions(),
1070 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
1071 );
1072 reset(mContext.userManagerInternal);
1073
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1074 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1075 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1076 eq(UserHandle.USER_SYSTEM),
1077 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1078 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
1079 );
1080 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1081
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1082 DpmTestUtils.assertRestrictions(
1083 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1084 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1085 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1086 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1087 DpmTestUtils.assertRestrictions(
1088 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1089 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1090 dpm.getUserRestrictions(admin1)
1091 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1092
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1093 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1094 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1095 eq(UserHandle.USER_SYSTEM),
1096 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1097 MockUtils.checkUserRestrictions()
1098 );
1099 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1100
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1101 DpmTestUtils.assertRestrictions(
1102 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1103 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1104 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1105 DpmTestUtils.assertRestrictions(
1106 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1107 dpm.getUserRestrictions(admin1)
1108 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1109
1110 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1111 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1112 eq(UserHandle.USER_SYSTEM),
1113 MockUtils.checkUserRestrictions(),
1114 MockUtils.checkUserRestrictions()
1115 );
1116 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1117
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1118 DpmTestUtils.assertRestrictions(
1119 DpmTestUtils.newRestrictions(),
1120 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1121 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1122 DpmTestUtils.assertRestrictions(
1123 DpmTestUtils.newRestrictions(),
1124 dpm.getUserRestrictions(admin1)
1125 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1126
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1127 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE are PO restrictions, but when
1128 // DO sets them, the scope is global.
1129 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1130 reset(mContext.userManagerInternal);
1131 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1132 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1133 eq(UserHandle.USER_SYSTEM),
1134 MockUtils.checkUserRestrictions(),
1135 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1136 UserManager.DISALLOW_UNMUTE_MICROPHONE)
1137 );
1138 reset(mContext.userManagerInternal);
1139
1140 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1141 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1142
1143
1144 // More tests.
1145 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1146 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1147 eq(UserHandle.USER_SYSTEM),
1148 MockUtils.checkUserRestrictions(),
1149 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
1150 );
1151 reset(mContext.userManagerInternal);
1152
1153 dpm.addUserRestriction(admin1, UserManager.DISALLOW_FUN);
1154 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1155 eq(UserHandle.USER_SYSTEM),
1156 MockUtils.checkUserRestrictions(),
1157 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1158 UserManager.DISALLOW_ADD_USER)
1159 );
1160 reset(mContext.userManagerInternal);
1161
1162 dpm.setCameraDisabled(admin1, true);
1163 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1164 eq(UserHandle.USER_SYSTEM),
1165 // DISALLOW_CAMERA will be applied to both local and global.
1166 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
1167 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1168 UserManager.DISALLOW_CAMERA, UserManager.DISALLOW_ADD_USER)
1169 );
1170 reset(mContext.userManagerInternal);
1171
1172 // Set up another DA and let it disable camera. Now DISALLOW_CAMERA will only be applied
1173 // locally.
1174 dpm.setCameraDisabled(admin1, false);
1175 reset(mContext.userManagerInternal);
1176
1177 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
1178 dpm.setActiveAdmin(admin2, /* replace =*/ false, UserHandle.USER_SYSTEM);
1179 dpm.setCameraDisabled(admin2, true);
1180
1181 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1182 eq(UserHandle.USER_SYSTEM),
1183 // DISALLOW_CAMERA will be applied to both local and global.
1184 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
1185 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1186 UserManager.DISALLOW_ADD_USER)
1187 );
1188 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1189 // TODO Make sure restrictions are written to the file.
1190 }
1191
1192 public void testSetUserRestriction_asPo() {
1193 setAsProfileOwner(admin1);
1194
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1195 DpmTestUtils.assertRestrictions(
1196 DpmTestUtils.newRestrictions(),
1197 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1198 .ensureUserRestrictions()
1199 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1200
1201 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1202 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1203 eq(DpmMockContext.CALLER_USER_HANDLE),
1204 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES),
1205 isNull(Bundle.class)
1206 );
1207 reset(mContext.userManagerInternal);
1208
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1209 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1210 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1211 eq(DpmMockContext.CALLER_USER_HANDLE),
1212 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1213 UserManager.DISALLOW_OUTGOING_CALLS),
1214 isNull(Bundle.class)
1215 );
1216 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1217
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1218 DpmTestUtils.assertRestrictions(
1219 DpmTestUtils.newRestrictions(
1220 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1221 UserManager.DISALLOW_OUTGOING_CALLS
1222 ),
1223 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1224 .ensureUserRestrictions()
1225 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1226 DpmTestUtils.assertRestrictions(
1227 DpmTestUtils.newRestrictions(
1228 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1229 UserManager.DISALLOW_OUTGOING_CALLS
1230 ),
1231 dpm.getUserRestrictions(admin1)
1232 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1233
1234 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1235 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1236 eq(DpmMockContext.CALLER_USER_HANDLE),
1237 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1238 isNull(Bundle.class)
1239 );
1240 reset(mContext.userManagerInternal);
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1241
1242 DpmTestUtils.assertRestrictions(
1243 DpmTestUtils.newRestrictions(
1244 UserManager.DISALLOW_OUTGOING_CALLS
1245 ),
1246 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1247 .ensureUserRestrictions()
1248 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1249 DpmTestUtils.assertRestrictions(
1250 DpmTestUtils.newRestrictions(
1251 UserManager.DISALLOW_OUTGOING_CALLS
1252 ),
1253 dpm.getUserRestrictions(admin1)
1254 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1255
1256 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1257 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1258 eq(DpmMockContext.CALLER_USER_HANDLE),
1259 MockUtils.checkUserRestrictions(),
1260 isNull(Bundle.class)
1261 );
1262 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1263
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]1264 DpmTestUtils.assertRestrictions(
1265 DpmTestUtils.newRestrictions(),
1266 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1267 .ensureUserRestrictions()
1268 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]1269 DpmTestUtils.assertRestrictions(
1270 DpmTestUtils.newRestrictions(),
1271 dpm.getUserRestrictions(admin1)
1272 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1273
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]1274 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE can be set by PO too, even
1275 // though when DO sets them they'll be applied globally.
1276 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1277 reset(mContext.userManagerInternal);
1278 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1279 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1280 eq(DpmMockContext.CALLER_USER_HANDLE),
1281 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1282 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1283 isNull(Bundle.class)
1284 );
1285 reset(mContext.userManagerInternal);
1286
1287 dpm.setCameraDisabled(admin1, true);
1288 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1289 eq(DpmMockContext.CALLER_USER_HANDLE),
1290 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA,
1291 UserManager.DISALLOW_ADJUST_VOLUME,
1292 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1293 isNull(Bundle.class)
1294 );
1295 reset(mContext.userManagerInternal);
1296
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1297 // TODO Make sure restrictions are written to the file.
1298 }
Makoto Onukia31ebbc2015-11-23 17:15:21 -0800[diff] [blame]1299
1300 public void testGetMacAddress() throws Exception {
1301 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1302 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1303 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1304
1305 // In this test, change the caller user to "system".
1306 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1307
1308 // Make sure admin1 is installed on system user.
1309 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1310
1311 // Test 1. Caller doesn't have DO or DA.
1312 try {
1313 dpm.getWifiMacAddress();
1314 fail();
1315 } catch (SecurityException e) {
1316 MoreAsserts.assertContainsRegex("No active admin owned", e.getMessage());
1317 }
1318
1319 // DO needs to be an DA.
1320 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1321 assertTrue(dpm.isAdminActive(admin1));
1322
1323 // Test 2. Caller has DA, but not DO.
1324 try {
1325 dpm.getWifiMacAddress();
1326 fail();
1327 } catch (SecurityException e) {
1328 MoreAsserts.assertContainsRegex("No active admin owned", e.getMessage());
1329 }
1330
1331 // Test 3. Caller has PO, but not DO.
1332 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1333 try {
1334 dpm.getWifiMacAddress();
1335 fail();
1336 } catch (SecurityException e) {
1337 MoreAsserts.assertContainsRegex("No active admin owned", e.getMessage());
1338 }
1339
1340 // Remove PO.
1341 dpm.clearProfileOwner(admin1);
1342
1343 // Test 4, Caller is DO now.
1344 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1345
1346 // 4-1. But no WifiInfo.
1347 assertNull(dpm.getWifiMacAddress());
1348
1349 // 4-2. Returns WifiInfo, but with the default MAC.
1350 when(mContext.wifiManager.getConnectionInfo()).thenReturn(new WifiInfo());
1351 assertNull(dpm.getWifiMacAddress());
1352
1353 // 4-3. With a real MAC address.
1354 final WifiInfo wi = new WifiInfo();
1355 wi.setMacAddress("11:22:33:44:55:66");
1356 when(mContext.wifiManager.getConnectionInfo()).thenReturn(wi);
1357 assertEquals("11:22:33:44:55:66", dpm.getWifiMacAddress());
1358 }
Mahaver Chopraf8373b52015-12-23 14:42:18 +0000[diff] [blame]1359
1360 public void testRebootCanOnlyBeCalledByDeviceOwner() throws Exception {
1361 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1362 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1363
1364 // In this test, change the caller user to "system".
1365 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1366
1367 // Make sure admin1 is installed on system user.
1368 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1369
1370 // Set admin1 as DA.
1371 dpm.setActiveAdmin(admin1, false);
1372 assertTrue(dpm.isAdminActive(admin1));
1373 try {
1374 dpm.reboot(admin1);
1375 fail("DA calls DPM.reboot(), did not throw expected SecurityException");
1376 } catch (SecurityException expected) {
1377 MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
1378 }
1379
1380 // Set admin1 as PO.
1381 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1382 try {
1383 dpm.reboot(admin1);
1384 fail("PO calls DPM.reboot(), did not throw expected SecurityException");
1385 } catch (SecurityException expected) {
1386 MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
1387 }
1388
1389 // Remove PO and add DO.
1390 dpm.clearProfileOwner(admin1);
1391 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1392
1393 dpm.reboot(admin1);
1394 }
Kenny Guy06de4e72015-12-22 12:07:39 +0000[diff] [blame]1395
1396 public void testSetGetSupportText() {
1397 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1398 dpm.setActiveAdmin(admin1, true);
1399 dpm.setActiveAdmin(admin2, true);
1400 mContext.callerPermissions.remove(permission.MANAGE_DEVICE_ADMINS);
1401
1402 // Null default support messages.
1403 {
1404 assertNull(dpm.getLongSupportMessage(admin1));
1405 assertNull(dpm.getShortSupportMessage(admin1));
1406 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1407 assertNull(dpm.getShortSupportMessageForUser(admin1,
1408 DpmMockContext.CALLER_USER_HANDLE));
1409 assertNull(dpm.getLongSupportMessageForUser(admin1,
1410 DpmMockContext.CALLER_USER_HANDLE));
1411 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
1412 }
1413
1414 // Only system can call the per user versions.
1415 {
1416 try {
1417 dpm.getShortSupportMessageForUser(admin1,
1418 DpmMockContext.CALLER_USER_HANDLE);
1419 fail("Only system should be able to call getXXXForUser versions");
1420 } catch (SecurityException expected) {
1421 MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
1422 }
1423 try {
1424 dpm.getLongSupportMessageForUser(admin1,
1425 DpmMockContext.CALLER_USER_HANDLE);
1426 fail("Only system should be able to call getXXXForUser versions");
1427 } catch (SecurityException expected) {
1428 MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
1429 }
1430 }
1431
1432 // Can't set message for admin in another uid.
1433 {
1434 mContext.binder.callingUid = DpmMockContext.CALLER_UID + 1;
1435 try {
1436 dpm.setShortSupportMessage(admin1, "Some text");
1437 fail("Admins should only be able to change their own support text.");
1438 } catch (SecurityException expected) {
1439 MoreAsserts.assertContainsRegex("is not owned by uid", expected.getMessage());
1440 }
1441 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1442 }
1443
1444 // Set/Get short returns what it sets and other admins text isn't changed.
1445 {
1446 final String supportText = "Some text to test with.";
1447 dpm.setShortSupportMessage(admin1, supportText);
1448 assertEquals(supportText, dpm.getShortSupportMessage(admin1));
1449 assertNull(dpm.getLongSupportMessage(admin1));
1450 assertNull(dpm.getShortSupportMessage(admin2));
1451
1452 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1453 assertEquals(supportText, dpm.getShortSupportMessageForUser(admin1,
1454 DpmMockContext.CALLER_USER_HANDLE));
1455 assertNull(dpm.getShortSupportMessageForUser(admin2,
1456 DpmMockContext.CALLER_USER_HANDLE));
1457 assertNull(dpm.getLongSupportMessageForUser(admin1,
1458 DpmMockContext.CALLER_USER_HANDLE));
1459 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
1460
1461 dpm.setShortSupportMessage(admin1, null);
1462 assertNull(dpm.getShortSupportMessage(admin1));
1463 }
1464
1465 // Set/Get long returns what it sets and other admins text isn't changed.
1466 {
1467 final String supportText = "Some text to test with.\nWith more text.";
1468 dpm.setLongSupportMessage(admin1, supportText);
1469 assertEquals(supportText, dpm.getLongSupportMessage(admin1));
1470 assertNull(dpm.getShortSupportMessage(admin1));
1471 assertNull(dpm.getLongSupportMessage(admin2));
1472
1473 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1474 assertEquals(supportText, dpm.getLongSupportMessageForUser(admin1,
1475 DpmMockContext.CALLER_USER_HANDLE));
1476 assertNull(dpm.getLongSupportMessageForUser(admin2,
1477 DpmMockContext.CALLER_USER_HANDLE));
1478 assertNull(dpm.getShortSupportMessageForUser(admin1,
1479 DpmMockContext.CALLER_USER_HANDLE));
1480 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
1481
1482 dpm.setLongSupportMessage(admin1, null);
1483 assertNull(dpm.getLongSupportMessage(admin1));
1484 }
1485 }
Bartosz Fabianowski4c052f22016-01-25 14:18:43 +0100[diff] [blame]1486
1487 /**
1488 * Test for:
1489 * {@link DevicePolicyManager#setAffiliationIds}
1490 * {@link DevicePolicyManager#isAffiliatedUser}
1491 */
1492 public void testUserAffiliation() throws Exception {
1493 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1494 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1495 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1496
1497 // Check that the system user is unaffiliated.
1498 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1499 assertFalse(dpm.isAffiliatedUser());
1500
1501 // Set a device owner on the system user. Check that the system user becomes affiliated.
1502 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1503 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1504 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
1505 assertTrue(dpm.isAffiliatedUser());
1506
1507 // Install a profile owner whose package name matches the device owner on a test user. Check
1508 // that the test user is unaffiliated.
1509 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1510 setAsProfileOwner(admin2);
1511 assertFalse(dpm.isAffiliatedUser());
1512
1513 // Have the profile owner specify a set of affiliation ids. Check that the test user remains
1514 // unaffiliated.
1515 final Set<String> userAffiliationIds = new ArraySet<>();
1516 userAffiliationIds.add("red");
1517 userAffiliationIds.add("green");
1518 userAffiliationIds.add("blue");
1519 dpm.setAffiliationIds(admin2, userAffiliationIds);
1520 assertFalse(dpm.isAffiliatedUser());
1521
1522 // Have the device owner specify a set of affiliation ids that do not intersect with those
1523 // specified by the profile owner. Check that the test user remains unaffiliated.
1524 final Set<String> deviceAffiliationIds = new ArraySet<>();
1525 deviceAffiliationIds.add("cyan");
1526 deviceAffiliationIds.add("yellow");
1527 deviceAffiliationIds.add("magenta");
1528 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1529 dpm.setAffiliationIds(admin1, deviceAffiliationIds);
1530 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1531 assertFalse(dpm.isAffiliatedUser());
1532
1533 // Have the profile owner specify a set of affiliation ids that intersect with those
1534 // specified by the device owner. Check that the test user becomes affiliated.
1535 userAffiliationIds.add("yellow");
1536 dpm.setAffiliationIds(admin2, userAffiliationIds);
1537 assertTrue(dpm.isAffiliatedUser());
1538
1539 // Change the profile owner to one whose package name does not match the device owner. Check
1540 // that the test user is not affiliated anymore.
1541 dpm.clearProfileOwner(admin2);
1542 final ComponentName admin = new ComponentName("test", "test");
1543 markPackageAsInstalled(admin.getPackageName(), null, DpmMockContext.CALLER_USER_HANDLE);
1544 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
1545 assertFalse(dpm.isAffiliatedUser());
1546
1547 // Check that the system user remains affiliated.
1548 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1549 assertTrue(dpm.isAffiliatedUser());
1550 }
Alan Treadwayafad8782016-01-19 15:15:08 +0000[diff] [blame^]1551
1552 public void testGetUserProvisioningState_defaultResult() {
1553 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
1554 }
1555
1556 public void testSetUserProvisioningState_permission() throws Exception {
1557 setupProfileOwner();
1558 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1559
1560 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1561 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1562 }
1563
1564 public void testSetUserProvisioningState_unprivileged() throws Exception {
1565 setupProfileOwner();
1566 try {
1567 dpm.setUserProvisioningState(DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
1568 DpmMockContext.CALLER_USER_HANDLE);
1569 fail("Expected SecurityException");
1570 } catch (SecurityException expected) {
1571 }
1572 }
1573
1574 public void testSetUserProvisioningState_noManagement() {
1575 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1576 try {
1577 dpm.setUserProvisioningState(DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
1578 DpmMockContext.CALLER_USER_HANDLE);
1579 fail("IllegalStateException expected");
1580 } catch (IllegalStateException e) {
1581 MoreAsserts.assertContainsRegex("change provisioning state unless a .* owner is set",
1582 e.getMessage());
1583 }
1584 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
1585 }
1586
1587 public void testSetUserProvisioningState_deviceOwnerFromSetupWizard() throws Exception {
1588 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1589 setupDeviceOwner();
1590 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1591
1592 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
1593 DevicePolicyManager.STATE_USER_SETUP_COMPLETE,
1594 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1595 }
1596
1597 public void testSetUserProvisioningState_deviceOwnerFromSetupWizardAlternative()
1598 throws Exception {
1599 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1600 setupDeviceOwner();
1601 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1602
1603 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
1604 DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE,
1605 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1606 }
1607
1608 public void testSetUserProvisioningState_deviceOwnerWithoutSetupWizard() throws Exception {
1609 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1610 setupDeviceOwner();
1611 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1612
1613 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
1614 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1615 }
1616
1617 public void testSetUserProvisioningState_managedProfileFromSetupWizard_primaryUser()
1618 throws Exception {
1619 setupProfileOwner();
1620 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1621
1622 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1623 DevicePolicyManager.STATE_USER_PROFILE_COMPLETE,
1624 DevicePolicyManager.STATE_USER_UNMANAGED);
1625 }
1626
1627 public void testSetUserProvisioningState_managedProfileFromSetupWizard_managedProfile()
1628 throws Exception {
1629 setupProfileOwner();
1630 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1631
1632 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1633 DevicePolicyManager.STATE_USER_SETUP_COMPLETE,
1634 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1635 }
1636
1637 public void testSetUserProvisioningState_managedProfileWithoutSetupWizard() throws Exception {
1638 setupProfileOwner();
1639 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1640
1641 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1642 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
1643 }
1644
1645 public void testSetUserProvisioningState_illegalTransitionOutOfFinalized1() throws Exception {
1646 setupProfileOwner();
1647 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1648
1649 try {
1650 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1651 DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
1652 DevicePolicyManager.STATE_USER_UNMANAGED);
1653 fail("Expected IllegalStateException");
1654 } catch (IllegalStateException e) {
1655 MoreAsserts.assertContainsRegex("Cannot move to user provisioning state",
1656 e.getMessage());
1657 }
1658 }
1659
1660 public void testSetUserProvisioningState_illegalTransitionToAnotherInProgressState()
1661 throws Exception {
1662 setupProfileOwner();
1663 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1664
1665 try {
1666 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
1667 DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE,
1668 DevicePolicyManager.STATE_USER_SETUP_COMPLETE);
1669 fail("Expected IllegalStateException");
1670 } catch (IllegalStateException e) {
1671 MoreAsserts.assertContainsRegex("Cannot move to user provisioning state",
1672 e.getMessage());
1673 }
1674 }
1675
1676 private void exerciseUserProvisioningTransitions(int userId, int... states) {
1677 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
1678 for (int state : states) {
1679 dpm.setUserProvisioningState(state, userId);
1680 assertEquals(state, dpm.getUserProvisioningState());
1681 }
1682 }
1683
1684 private void setupProfileOwner() throws Exception {
1685 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
1686
1687 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
1688 dpm.setActiveAdmin(admin1, false);
1689 assertTrue(dpm.setProfileOwner(admin1, null, DpmMockContext.CALLER_USER_HANDLE));
1690
1691 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
1692 }
1693
1694 private void setupDeviceOwner() throws Exception {
1695 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
1696
1697 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1698 dpm.setActiveAdmin(admin1, false);
1699 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1700
1701 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
1702 }
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1703}