Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / abef6d6f2b3224960be4cb5625e862498f4b7edf / . / services / tests / servicestests / src / com / android / server / devicepolicy / DevicePolicyManagerTest.java
blob: 0bd4896906b6aba9fb1d0ba83435b382cff2c25c [file] [log] [blame]
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]16package com.android.server.devicepolicy;
17
18import com.android.server.LocalServices;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]19import com.android.server.SystemService;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]20
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]21import android.Manifest.permission;
22import android.app.Activity;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]23import android.app.admin.DeviceAdminReceiver;
24import android.app.admin.DevicePolicyManager;
25import android.app.admin.DevicePolicyManagerInternal;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]26import android.content.BroadcastReceiver;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]27import android.content.ComponentName;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]28import android.content.pm.PackageManager;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]29import android.os.Bundle;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]30import android.os.UserHandle;
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]31import android.os.UserManager;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]32import android.util.Pair;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]33
34import org.mockito.ArgumentCaptor;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]35import org.mockito.invocation.InvocationOnMock;
36import org.mockito.stubbing.Answer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]37
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]38import java.util.HashMap;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]39import java.util.List;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]40import java.util.Map;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]41
42import static org.mockito.Matchers.any;
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]43import static org.mockito.Matchers.anyInt;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]44import static org.mockito.Matchers.anyString;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]45import static org.mockito.Matchers.eq;
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]46import static org.mockito.Matchers.isNull;
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]47import static org.mockito.Mockito.doAnswer;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]48import static org.mockito.Mockito.doReturn;
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]49import static org.mockito.Mockito.reset;
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]50import static org.mockito.Mockito.times;
51import static org.mockito.Mockito.verify;
52import static org.mockito.Mockito.when;
53
54/**
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]55 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]56 *
57 m FrameworksServicesTests &&
58 adb install \
59 -r out/target/product/hammerhead/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
60 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
61 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
62
63 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
64 */
65public class DevicePolicyManagerTest extends DpmTestBase {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]66 private DpmMockContext mContext;
67 public DevicePolicyManager dpm;
68 public DevicePolicyManagerServiceTestable dpms;
69
70 @Override
71 protected void setUp() throws Exception {
72 super.setUp();
73
74 mContext = getContext();
75
76 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
77 .thenReturn(true);
78
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]79 initializeDpms();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]80
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]81 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
82 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
83 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]84
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]85 setUpUserManager();
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]86 }
87
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]88 private void initializeDpms() {
89 // Need clearCallingIdentity() to pass permission checks.
90 final long ident = mContext.binder.clearCallingIdentity();
91 try {
92 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
93
94 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
95
96 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY);
97 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED);
98
99 dpm = new DevicePolicyManagerTestable(mContext, dpms);
100 } finally {
101 mContext.binder.restoreCallingIdentity(ident);
102 }
103 }
104
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]105 private void setUpUserManager() {
106 // Emulate UserManager.set/getApplicationRestriction().
107 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
108
109 // UM.setApplicationRestrictions() will save to appRestrictions.
110 doAnswer(new Answer<Void>() {
111 @Override
112 public Void answer(InvocationOnMock invocation) throws Throwable {
113 String pkg = (String) invocation.getArguments()[0];
114 Bundle bundle = (Bundle) invocation.getArguments()[1];
115 UserHandle user = (UserHandle) invocation.getArguments()[2];
116
117 appRestrictions.put(Pair.create(pkg, user), bundle);
118
119 return null;
120 }
121 }).when(mContext.userManager).setApplicationRestrictions(
122 anyString(), any(Bundle.class), any(UserHandle.class));
123
124 // UM.getApplicationRestrictions() will read from appRestrictions.
125 doAnswer(new Answer<Bundle>() {
126 @Override
127 public Bundle answer(InvocationOnMock invocation) throws Throwable {
128 String pkg = (String) invocation.getArguments()[0];
129 UserHandle user = (UserHandle) invocation.getArguments()[1];
130
131 return appRestrictions.get(Pair.create(pkg, user));
132 }
133 }).when(mContext.userManager).getApplicationRestrictions(
134 anyString(), any(UserHandle.class));
135
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]136 // Add the first secondary user.
137 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]138 }
139
140 private void setAsProfileOwner(ComponentName admin) {
141 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
142 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
143
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]144 // PO needs to be an DA.
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]145 dpm.setActiveAdmin(admin, /* replace =*/ false);
146
147 // Fire!
148 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
149
150 // Check
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]151 assertEquals(admin, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]152 }
153
154 public void testHasNoFeature() throws Exception {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]155 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
156 .thenReturn(false);
157
158 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
159 new DevicePolicyManagerServiceTestable(mContext, dataDir);
160
161 // If the device has no DPMS feature, it shouldn't register the local service.
162 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
163 }
164
165 /**
166 * Caller doesn't have proper permissions.
167 */
168 public void testSetActiveAdmin_SecurityException() {
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]169 // 1. Failure cases.
170
171 // Caller doesn't have MANAGE_DEVICE_ADMINS.
172 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]173 dpm.setActiveAdmin(admin1, false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]174 fail("Didn't throw SecurityException");
175 } catch (SecurityException expected) {
176 }
177
178 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
179 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
180 try {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]181 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]182 fail("Didn't throw SecurityException");
183 } catch (SecurityException expected) {
184 }
185 }
186
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]187 /**
188 * Test for:
189 * {@link DevicePolicyManager#setActiveAdmin}
190 * with replace=false and replace=true
191 * {@link DevicePolicyManager#isAdminActive}
192 * {@link DevicePolicyManager#isAdminActiveAsUser}
193 * {@link DevicePolicyManager#getActiveAdmins}
194 * {@link DevicePolicyManager#getActiveAdminsAsUser}
195 */
196 public void testSetActiveAdmin() throws Exception {
197 // 1. Make sure the caller has proper permissions.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]198 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
199
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]200 // 2. Call the API.
201 dpm.setActiveAdmin(admin1, /* replace =*/ false);
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]202
203 // 3. Verify internal calls.
204
205 // Check if the boradcast is sent.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]206 verify(mContext.spiedContext).sendBroadcastAsUser(
207 MockUtils.checkIntentAction(
208 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
209 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
210 verify(mContext.spiedContext).sendBroadcastAsUser(
211 MockUtils.checkIntentAction(
212 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]213 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
214
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]215 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
216 eq(admin1.getPackageName()),
217 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
218 eq(PackageManager.DONT_KILL_APP),
219 eq(DpmMockContext.CALLER_USER_HANDLE),
220 anyString());
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]221
222 // TODO Verify other calls too.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]223
224 // Make sure it's active admin1.
225 assertTrue(dpm.isAdminActive(admin1));
226 assertFalse(dpm.isAdminActive(admin2));
227 assertFalse(dpm.isAdminActive(admin3));
228
229 // But not admin1 for a different user.
230
231 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
232 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
233 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
234
235 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
236 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
237
238 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
239
240 // Next, add one more admin.
241 // Before doing so, update the application info, now it's enabled.
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]242 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,
243 PackageManager.COMPONENT_ENABLED_STATE_ENABLED);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]244
245 dpm.setActiveAdmin(admin2, /* replace =*/ false);
246
247 // Now we have two admins.
248 assertTrue(dpm.isAdminActive(admin1));
249 assertTrue(dpm.isAdminActive(admin2));
250 assertFalse(dpm.isAdminActive(admin3));
251
252 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
253 // again. (times(1) because it was previously called for admin1)
254 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
255 eq(admin1.getPackageName()),
256 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
257 eq(PackageManager.DONT_KILL_APP),
258 eq(DpmMockContext.CALLER_USER_HANDLE),
259 anyString());
260
261 // 4. Add the same admin1 again without replace, which should throw.
262 try {
263 dpm.setActiveAdmin(admin1, /* replace =*/ false);
264 fail("Didn't throw");
265 } catch (IllegalArgumentException expected) {
266 }
267
268 // 5. Add the same admin1 again with replace, which should succeed.
269 dpm.setActiveAdmin(admin1, /* replace =*/ true);
270
271 // TODO make sure it's replaced.
272
273 // 6. Test getActiveAdmins()
274 List<ComponentName> admins = dpm.getActiveAdmins();
275 assertEquals(2, admins.size());
276 assertEquals(admin1, admins.get(0));
277 assertEquals(admin2, admins.get(1));
278
279 // Another user has no admins.
280 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
281
282 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
283 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
284
285 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
286 }
287
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]288 public void testSetActiveAdmin_multiUsers() throws Exception {
289
290 final int ANOTHER_USER_ID = 100;
291 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
292
293 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
294
295 // Set up pacakge manager for the other user.
296 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]297
298 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
299
300 dpm.setActiveAdmin(admin1, /* replace =*/ false);
301
302 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
303 dpm.setActiveAdmin(admin2, /* replace =*/ false);
304
305
306 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
307 assertTrue(dpm.isAdminActive(admin1));
308 assertFalse(dpm.isAdminActive(admin2));
309
310 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
311 assertFalse(dpm.isAdminActive(admin1));
312 assertTrue(dpm.isAdminActive(admin2));
313 }
314
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]315 /**
316 * Test for:
317 * {@link DevicePolicyManager#setActiveAdmin}
318 * with replace=false
319 */
320 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
321 // 1. Make sure the caller has proper permissions.
322 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
323
324 dpm.setActiveAdmin(admin1, /* replace =*/ false);
325 assertTrue(dpm.isAdminActive(admin1));
326
327 // Add the same admin1 again without replace, which should throw.
328 try {
329 dpm.setActiveAdmin(admin1, /* replace =*/ false);
330 fail("Didn't throw");
331 } catch (IllegalArgumentException expected) {
332 }
333 }
334
335 /**
336 * Test for:
337 * {@link DevicePolicyManager#removeActiveAdmin}
338 */
339 public void testRemoveActiveAdmin_SecurityException() {
340 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
341
342 // Add admin.
343
344 dpm.setActiveAdmin(admin1, /* replace =*/ false);
345
346 assertTrue(dpm.isAdminActive(admin1));
347
348 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
349
350 // Directly call the DPMS method with a different userid, which should fail.
351 try {
352 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
353 fail("Didn't throw SecurityException");
354 } catch (SecurityException expected) {
355 }
356
357 // Try to remove active admin with a different caller userid should fail too, without
358 // having MANAGE_DEVICE_ADMINS.
359 mContext.callerPermissions.clear();
360
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]361 // Change the caller, and call into DPMS directly with a different user-id.
362
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]363 mContext.binder.callingUid = 1234567;
364 try {
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]365 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]366 fail("Didn't throw SecurityException");
367 } catch (SecurityException expected) {
368 }
369 }
370
371 /**
372 * Test for:
373 * {@link DevicePolicyManager#removeActiveAdmin}
374 */
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]375 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]376 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
377
378 // Add admin1.
379
380 dpm.setActiveAdmin(admin1, /* replace =*/ false);
381
382 assertTrue(dpm.isAdminActive(admin1));
383 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
384
385 // Different user, but should work, because caller has proper permissions.
386 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]387
388 // Change the caller, and call into DPMS directly with a different user-id.
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]389 mContext.binder.callingUid = 1234567;
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]390
391 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
Makoto Onukif76b06a2015-09-22 15:03:44 -0700[diff] [blame]392
393 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
394
395 // TODO DO Still can't be removed in this case.
396 }
397
398 /**
399 * Test for:
400 * {@link DevicePolicyManager#removeActiveAdmin}
401 */
402 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
403 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
404 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
405
406 // Add admin1.
407
408 dpm.setActiveAdmin(admin1, /* replace =*/ false);
409
410 assertTrue(dpm.isAdminActive(admin1));
411 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
412
413 // Broadcast from saveSettingsLocked().
414 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
415 MockUtils.checkIntentAction(
416 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
417 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
418
419 // Remove. No permissions, but same user, so it'll work.
420 mContext.callerPermissions.clear();
421 dpm.removeActiveAdmin(admin1);
422
423 final ArgumentCaptor<BroadcastReceiver> brCap =
424 ArgumentCaptor.forClass(BroadcastReceiver.class);
425
426 // Is removing now, but not removed yet.
427 assertTrue(dpm.isAdminActive(admin1));
428 assertTrue(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
429
430 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
431 MockUtils.checkIntentAction(
432 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
433 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
434 isNull(String.class),
435 brCap.capture(),
436 eq(dpms.mHandler),
437 eq(Activity.RESULT_OK),
438 isNull(String.class),
439 isNull(Bundle.class));
440
441 brCap.getValue().onReceive(mContext, null);
442
443 assertFalse(dpm.isAdminActive(admin1));
444 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
445
446 // Again broadcast from saveSettingsLocked().
447 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
448 MockUtils.checkIntentAction(
449 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
450 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
451
452 // TODO Check other internal calls.
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]453 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]454
455 /**
456 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs
457 * successfully.
458 */
459 public void testSetDeviceOwner() throws Exception {
460 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
461 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
462 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
463
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]464 // In this test, change the caller user to "system".
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]465 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
466
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]467 // Make sure admin1 is installed on system user.
468 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukid932f762015-09-29 16:53:38 -0700[diff] [blame]469
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]470 // DO needs to be an DA.
471 dpm.setActiveAdmin(admin1, /* replace =*/ false);
472
473 // Fire!
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]474 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]475
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]476 // Verify internal calls.
477 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
478 eq(admin1.getPackageName()));
479
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]480 // TODO We should check if the caller has called clearCallerIdentity().
481 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
482 eq(UserHandle.USER_SYSTEM), eq(false));
483
484 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
485 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
486 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
487
488 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
489
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]490 // Try to set a profile owner on the same user, which should fail.
491 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
492 dpm.setActiveAdmin(admin2, /* refreshing= */ true, UserHandle.USER_SYSTEM);
493 try {
494 dpm.setProfileOwner(admin2, "owner-name", UserHandle.USER_SYSTEM);
495 fail("IllegalStateException not thrown");
496 } catch (IllegalStateException expected) {
497 assertTrue("Message was: " + expected.getMessage(),
498 expected.getMessage().contains("already has a device owner"));
499 }
500
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]501 // TODO Test getDeviceOwnerName() too. To do so, we need to change
502 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
503 }
504
505 /**
506 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
507 */
508 public void testSetDeviceOwner_noSuchPackage() {
509 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
510 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
511 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
512
513 // Call from a process on the system user.
514 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
515
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]516 try {
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]517 dpm.setDeviceOwner(new ComponentName("a.b.c", ".def"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]518 fail("Didn't throw IllegalArgumentException");
519 } catch (IllegalArgumentException expected) {
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]520 assertTrue("Message was: " + expected.getMessage(),
521 expected.getMessage().contains("Invalid component"));
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]522 }
523 }
524
525 public void testSetDeviceOwner_failures() throws Exception {
526 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
527 }
528
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]529 public void testClearDeviceOwner() throws Exception {
530 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
531 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
532 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
533
534 // Set admin1 as a DA to the secondary user.
535 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
536
537 dpm.setActiveAdmin(admin1, /* replace =*/ false);
538
539 // Set admin 1 as the DO to the system user.
540
541 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
542 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
543 dpm.setActiveAdmin(admin1, /* replace =*/ false);
544 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
545
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]546 // Verify internal calls.
547 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
548 eq(admin1.getPackageName()));
549
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]550 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
551
552 // Set up other mocks.
553 when(mContext.userManager.getUserRestrictions()).thenReturn(new Bundle());
554
555 // Now call clear.
556 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager).getPackageUid(
557 eq(admin1.getPackageName()),
558 anyInt());
559 dpm.clearDeviceOwnerApp(admin1.getPackageName());
560
561 // Now DO shouldn't be set.
562 assertNull(dpm.getDeviceOwner());
563
564 // TODO Check other calls.
565 }
566
567 public void testClearDeviceOwner_fromDifferentUser() throws Exception {
568 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
569 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
570 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
571
572 // Set admin1 as a DA to the secondary user.
573 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
574
575 dpm.setActiveAdmin(admin1, /* replace =*/ false);
576
577 // Set admin 1 as the DO to the system user.
578
579 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
580 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
581 dpm.setActiveAdmin(admin1, /* replace =*/ false);
582 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
583
Makoto Onuki219bbaf2015-11-12 01:38:47 +0000[diff] [blame]584 // Verify internal calls.
585 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
586 eq(admin1.getPackageName()));
587
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]588 assertEquals(admin1.getPackageName(), dpm.getDeviceOwner());
589
590 // Now call clear from the secondary user, which should throw.
591 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
592
593 // Now call clear.
594 doReturn(DpmMockContext.CALLER_UID).when(mContext.packageManager).getPackageUid(
595 eq(admin1.getPackageName()),
596 anyInt());
597 try {
598 dpm.clearDeviceOwnerApp(admin1.getPackageName());
599 fail("Didn't throw");
600 } catch (SecurityException e) {
601 assertEquals("clearDeviceOwner can only be called by the device owner", e.getMessage());
602 }
603
604 // Now DO shouldn't be set.
605 assertNotNull(dpm.getDeviceOwner());
606 }
607
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]608 public void testSetProfileOwner() throws Exception {
609 setAsProfileOwner(admin1);
Makoto Onuki803d6752015-10-30 12:58:39 -0700[diff] [blame]610
611 // Try setting DO on the same user, which should fail.
612 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
613 dpm.setActiveAdmin(admin2, /* refreshing= */ true, DpmMockContext.CALLER_USER_HANDLE);
614 try {
615 dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE);
616 fail("IllegalStateException not thrown");
617 } catch (IllegalStateException expected) {
618 assertTrue("Message was: " + expected.getMessage(),
619 expected.getMessage().contains("already has a profile owner"));
620 }
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]621 }
622
623 public void testSetProfileOwner_failures() throws Exception {
624 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
625 }
626
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]627 public void testGetDeviceOwnerAdminLocked() throws Exception {
628 checkDeviceOwnerWithMultipleDeviceAdmins();
629 }
630
631 private void checkDeviceOwnerWithMultipleDeviceAdmins() throws Exception {
632 // In ths test, we use 3 users (system + 2 secondary users), set some device admins to them,
633 // set admin2 on CALLER_USER_HANDLE as DO, then call getDeviceOwnerAdminLocked() to
634 // make sure it gets the right component from the right user.
635
636 final int ANOTHER_USER_ID = 100;
637 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 456);
638
639 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
640
641 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
642 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
643 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
644
645 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
646
647 // Make sure the admin packge is installed to each user.
648 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
649 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID);
650
651 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
652 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
653
654 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
655
656
657 // Set active admins to the users.
658 dpm.setActiveAdmin(admin1, /* replace =*/ false);
659 dpm.setActiveAdmin(admin3, /* replace =*/ false);
660
661 dpm.setActiveAdmin(admin1, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
662 dpm.setActiveAdmin(admin2, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
663
664 dpm.setActiveAdmin(admin2, /* replace =*/ false, ANOTHER_USER_ID);
665
666 // Set DO on the first non-system user.
667 mContext.setUserRunning(DpmMockContext.CALLER_USER_HANDLE, true);
668 assertTrue(dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
669
670 // Make sure it's set.
671 assertEquals(admin2, dpm.getDeviceOwnerComponent());
672
673 // Then check getDeviceOwnerAdminLocked().
674 assertEquals(admin2, dpms.getDeviceOwnerAdminLocked().info.getComponent());
675 assertEquals(DpmMockContext.CALLER_UID, dpms.getDeviceOwnerAdminLocked().getUid());
676 }
677
678 /**
679 * This essentially tests
680 * {@code DevicePolicyManagerService.findOwnerComponentIfNecessaryLocked()}. (which is private.)
681 *
682 * We didn't use to persist the DO component class name, but now we do, and the above method
683 * finds the right component from a package name upon migration.
684 */
685 public void testDeviceOwnerMigration() throws Exception {
686 checkDeviceOwnerWithMultipleDeviceAdmins();
687
688 // Overwrite the device owner setting and clears the clas name.
689 dpms.mOwners.setDeviceOwner(
690 new ComponentName(admin2.getPackageName(), ""),
691 "owner-name", DpmMockContext.CALLER_USER_HANDLE);
692 dpms.mOwners.writeDeviceOwner();
693
694 // Make sure the DO component name doesn't have a class name.
695 assertEquals("", dpms.getDeviceOwner().getClassName());
696
697 // Then create a new DPMS to have it load the settings from files.
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]698 when(mContext.userManager.getUserRestrictions(any(UserHandle.class)))
699 .thenReturn(new Bundle());
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]700 initializeDpms();
701
702 // Now the DO component name is a full name.
703 // *BUT* because both admin1 and admin2 belong to the same package, we think admin1 is the
704 // DO.
705 assertEquals(admin1, dpms.getDeviceOwner());
706 }
707
Makoto Onukib643fb02015-09-22 15:03:44 -0700[diff] [blame]708 public void testSetGetApplicationRestriction() {
709 setAsProfileOwner(admin1);
710
711 {
712 Bundle rest = new Bundle();
713 rest.putString("KEY_STRING", "Foo1");
714 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
715 }
716
717 {
718 Bundle rest = new Bundle();
719 rest.putString("KEY_STRING", "Foo2");
720 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
721 }
722
723 {
724 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
725 assertNotNull(returned);
726 assertEquals(returned.size(), 1);
727 assertEquals(returned.get("KEY_STRING"), "Foo1");
728 }
729
730 {
731 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
732 assertNotNull(returned);
733 assertEquals(returned.size(), 1);
734 assertEquals(returned.get("KEY_STRING"), "Foo2");
735 }
736
737 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
738 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
739 }
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]740
741 public void testSetUserRestriction_asDo() throws Exception {
742 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
743 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
744 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
745
746 // First, set DO.
747
748 // Call from a process on the system user.
749 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
750
751 // Make sure admin1 is installed on system user.
752 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]753
754 // Call.
755 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
Makoto Onukia52562c2015-10-01 16:12:31 -0700[diff] [blame]756 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]757 UserHandle.USER_SYSTEM));
758
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]759 DpmTestUtils.assertRestrictions(
760 DpmTestUtils.newRestrictions(),
761 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
762 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]763 DpmTestUtils.assertRestrictions(
764 DpmTestUtils.newRestrictions(),
765 dpm.getUserRestrictions(admin1)
766 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]767
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]768 reset(mContext.userManagerInternal);
769
770 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
771 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
772 eq(UserHandle.USER_SYSTEM),
773 MockUtils.checkUserRestrictions(),
774 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
775 );
776 reset(mContext.userManagerInternal);
777
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]778 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]779 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
780 eq(UserHandle.USER_SYSTEM),
781 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
782 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
783 );
784 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]785
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]786 DpmTestUtils.assertRestrictions(
787 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]788 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]789 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
790 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]791 DpmTestUtils.assertRestrictions(
792 DpmTestUtils.newRestrictions(
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]793 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]794 dpm.getUserRestrictions(admin1)
795 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]796
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]797 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
798 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
799 eq(UserHandle.USER_SYSTEM),
800 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
801 MockUtils.checkUserRestrictions()
802 );
803 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]804
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]805 DpmTestUtils.assertRestrictions(
806 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
807 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
808 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]809 DpmTestUtils.assertRestrictions(
810 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
811 dpm.getUserRestrictions(admin1)
812 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]813
814 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]815 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
816 eq(UserHandle.USER_SYSTEM),
817 MockUtils.checkUserRestrictions(),
818 MockUtils.checkUserRestrictions()
819 );
820 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]821
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]822 DpmTestUtils.assertRestrictions(
823 DpmTestUtils.newRestrictions(),
824 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
825 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]826 DpmTestUtils.assertRestrictions(
827 DpmTestUtils.newRestrictions(),
828 dpm.getUserRestrictions(admin1)
829 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]830
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]831 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE are PO restrictions, but when
832 // DO sets them, the scope is global.
833 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
834 reset(mContext.userManagerInternal);
835 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
836 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
837 eq(UserHandle.USER_SYSTEM),
838 MockUtils.checkUserRestrictions(),
839 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
840 UserManager.DISALLOW_UNMUTE_MICROPHONE)
841 );
842 reset(mContext.userManagerInternal);
843
844 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
845 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
846
847
848 // More tests.
849 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
850 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
851 eq(UserHandle.USER_SYSTEM),
852 MockUtils.checkUserRestrictions(),
853 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER)
854 );
855 reset(mContext.userManagerInternal);
856
857 dpm.addUserRestriction(admin1, UserManager.DISALLOW_FUN);
858 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
859 eq(UserHandle.USER_SYSTEM),
860 MockUtils.checkUserRestrictions(),
861 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
862 UserManager.DISALLOW_ADD_USER)
863 );
864 reset(mContext.userManagerInternal);
865
866 dpm.setCameraDisabled(admin1, true);
867 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
868 eq(UserHandle.USER_SYSTEM),
869 // DISALLOW_CAMERA will be applied to both local and global.
870 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
871 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
872 UserManager.DISALLOW_CAMERA, UserManager.DISALLOW_ADD_USER)
873 );
874 reset(mContext.userManagerInternal);
875
876 // Set up another DA and let it disable camera. Now DISALLOW_CAMERA will only be applied
877 // locally.
878 dpm.setCameraDisabled(admin1, false);
879 reset(mContext.userManagerInternal);
880
881 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
882 dpm.setActiveAdmin(admin2, /* replace =*/ false, UserHandle.USER_SYSTEM);
883 dpm.setCameraDisabled(admin2, true);
884
885 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
886 eq(UserHandle.USER_SYSTEM),
887 // DISALLOW_CAMERA will be applied to both local and global.
888 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA),
889 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
890 UserManager.DISALLOW_ADD_USER)
891 );
892 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]893 // TODO Make sure restrictions are written to the file.
894 }
895
896 public void testSetUserRestriction_asPo() {
897 setAsProfileOwner(admin1);
898
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]899 DpmTestUtils.assertRestrictions(
900 DpmTestUtils.newRestrictions(),
901 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
902 .ensureUserRestrictions()
903 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]904
905 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]906 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
907 eq(DpmMockContext.CALLER_USER_HANDLE),
908 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES),
909 isNull(Bundle.class)
910 );
911 reset(mContext.userManagerInternal);
912
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]913 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]914 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
915 eq(DpmMockContext.CALLER_USER_HANDLE),
916 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
917 UserManager.DISALLOW_OUTGOING_CALLS),
918 isNull(Bundle.class)
919 );
920 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]921
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]922 DpmTestUtils.assertRestrictions(
923 DpmTestUtils.newRestrictions(
924 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
925 UserManager.DISALLOW_OUTGOING_CALLS
926 ),
927 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
928 .ensureUserRestrictions()
929 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]930 DpmTestUtils.assertRestrictions(
931 DpmTestUtils.newRestrictions(
932 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
933 UserManager.DISALLOW_OUTGOING_CALLS
934 ),
935 dpm.getUserRestrictions(admin1)
936 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]937
938 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]939 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
940 eq(DpmMockContext.CALLER_USER_HANDLE),
941 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
942 isNull(Bundle.class)
943 );
944 reset(mContext.userManagerInternal);
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]945
946 DpmTestUtils.assertRestrictions(
947 DpmTestUtils.newRestrictions(
948 UserManager.DISALLOW_OUTGOING_CALLS
949 ),
950 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
951 .ensureUserRestrictions()
952 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]953 DpmTestUtils.assertRestrictions(
954 DpmTestUtils.newRestrictions(
955 UserManager.DISALLOW_OUTGOING_CALLS
956 ),
957 dpm.getUserRestrictions(admin1)
958 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]959
960 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]961 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
962 eq(DpmMockContext.CALLER_USER_HANDLE),
963 MockUtils.checkUserRestrictions(),
964 isNull(Bundle.class)
965 );
966 reset(mContext.userManagerInternal);
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]967
Makoto Onuki068c54a2015-10-13 14:34:03 -0700[diff] [blame]968 DpmTestUtils.assertRestrictions(
969 DpmTestUtils.newRestrictions(),
970 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
971 .ensureUserRestrictions()
972 );
Makoto Onuki3a3092f2015-10-30 11:07:51 -0700[diff] [blame]973 DpmTestUtils.assertRestrictions(
974 DpmTestUtils.newRestrictions(),
975 dpm.getUserRestrictions(admin1)
976 );
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]977
Makoto Onuki1a2cd742015-11-16 13:51:27 -0800[diff] [blame]978 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE can be set by PO too, even
979 // though when DO sets them they'll be applied globally.
980 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
981 reset(mContext.userManagerInternal);
982 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
983 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
984 eq(DpmMockContext.CALLER_USER_HANDLE),
985 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
986 UserManager.DISALLOW_UNMUTE_MICROPHONE),
987 isNull(Bundle.class)
988 );
989 reset(mContext.userManagerInternal);
990
991 dpm.setCameraDisabled(admin1, true);
992 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
993 eq(DpmMockContext.CALLER_USER_HANDLE),
994 MockUtils.checkUserRestrictions(UserManager.DISALLOW_CAMERA,
995 UserManager.DISALLOW_ADJUST_VOLUME,
996 UserManager.DISALLOW_UNMUTE_MICROPHONE),
997 isNull(Bundle.class)
998 );
999 reset(mContext.userManagerInternal);
1000
Makoto Onukia4f11972015-10-01 13:19:58 -0700[diff] [blame]1001 // TODO Make sure restrictions are written to the file.
1002 }
Makoto Onukicc4bbeb2015-09-17 10:28:24 -0700[diff] [blame]1003}