Merge "Adding car specific default guest restrictions." into pi-dev am: f7482de1ce
am: 1de20a529e

Change-Id: Ib727e0f6de56bb1e58bca742bbbe13decdd1f71e
diff --git a/car-lib/src/android/car/user/CarUserManagerHelper.java b/car-lib/src/android/car/user/CarUserManagerHelper.java
index ddd5546..ce50943 100644
--- a/car-lib/src/android/car/user/CarUserManagerHelper.java
+++ b/car-lib/src/android/car/user/CarUserManagerHelper.java
@@ -28,6 +28,7 @@
 import android.graphics.Bitmap;
 import android.graphics.drawable.BitmapDrawable;
 import android.graphics.drawable.Drawable;
+import android.os.Bundle;
 import android.os.SystemProperties;
 import android.os.UserHandle;
 import android.os.UserManager;
@@ -62,6 +63,18 @@
     private static final Set<String> DEFAULT_NON_ADMIN_RESTRICTIONS = Sets.newArraySet(
             UserManager.DISALLOW_FACTORY_RESET
     );
+    /**
+     * Default set of restrictions for Guest users.
+     */
+    private static final Set<String> DEFAULT_GUEST_RESTRICTIONS = Sets.newArraySet(
+            UserManager.DISALLOW_FACTORY_RESET,
+            UserManager.DISALLOW_REMOVE_USER,
+            UserManager.DISALLOW_MODIFY_ACCOUNTS,
+            UserManager.DISALLOW_OUTGOING_CALLS,
+            UserManager.DISALLOW_SMS,
+            UserManager.DISALLOW_INSTALL_APPS,
+            UserManager.DISALLOW_UNINSTALL_APPS
+    );
 
     private final Context mContext;
     private final UserManager mUserManager;
@@ -216,6 +229,19 @@
     }
 
     /**
+     * Sets default guest restrictions that will be applied every time a Guest user is created.
+     *
+     * <p> Restrictions are written to disk and persistent across boots.
+     */
+    public void initDefaultGuestRestrictions() {
+        Bundle defaultGuestRestrictions = new Bundle();
+        for (String restriction : DEFAULT_GUEST_RESTRICTIONS) {
+            defaultGuestRestrictions.putBoolean(restriction, true);
+        }
+        mUserManager.setDefaultGuestRestrictions(defaultGuestRestrictions);
+    }
+
+    /**
      * Returns {@code true} if the system is in the headless user 0 model.
      *
      * @return {@boolean true} if headless system user.
diff --git a/service/src/com/android/car/user/CarUserService.java b/service/src/com/android/car/user/CarUserService.java
index 3898e74..c63a2fd 100644
--- a/service/src/com/android/car/user/CarUserService.java
+++ b/service/src/com/android/car/user/CarUserService.java
@@ -93,6 +93,7 @@
         if (Intent.ACTION_LOCKED_BOOT_COMPLETED.equals(intent.getAction())) {
             if (mCarUserManagerHelper.getAllUsers().size() == 0) {
                 setSystemUserRestrictions();
+                mCarUserManagerHelper.initDefaultGuestRestrictions();
                 // On very first boot, create an admin user and switch to that user.
                 UserInfo admin = mCarUserManagerHelper.createNewAdminUser(OWNER_NAME);
                 mCarUserManagerHelper.switchToUser(admin);
diff --git a/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java b/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java
index c7fb3fd..7f53da5 100644
--- a/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java
@@ -34,6 +34,7 @@
 import android.content.pm.UserInfo;
 import android.graphics.Bitmap;
 import android.graphics.drawable.Drawable;
+import android.os.Bundle;
 import android.os.Handler;
 import android.os.SystemProperties;
 import android.os.UserHandle;
@@ -566,6 +567,26 @@
     }
 
     @Test
+    public void testDefaultGuestRestrictions() {
+        int guestRestrictionsExpectedCount = 7;
+
+        ArgumentCaptor<Bundle> bundleCaptor = ArgumentCaptor.forClass(Bundle.class);
+        mCarUserManagerHelper.initDefaultGuestRestrictions();
+
+        verify(mUserManager).setDefaultGuestRestrictions(bundleCaptor.capture());
+        Bundle guestRestrictions = bundleCaptor.getValue();
+
+        assertThat(guestRestrictions.keySet()).hasSize(guestRestrictionsExpectedCount);
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_FACTORY_RESET)).isTrue();
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_REMOVE_USER)).isTrue();
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_MODIFY_ACCOUNTS)).isTrue();
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_OUTGOING_CALLS)).isTrue();
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_SMS)).isTrue();
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_INSTALL_APPS)).isTrue();
+        assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_UNINSTALL_APPS)).isTrue();
+    }
+
+    @Test
     public void testAssigningAdminPrivilegesRemovesNonAdminRestrictions() {
         int testUserId = 30;
         boolean restrictionEnabled = false;
diff --git a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
index 710b847..48d447b 100644
--- a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
@@ -32,9 +32,6 @@
 import android.os.UserManager;
 import android.support.test.runner.AndroidJUnit4;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -42,6 +39,9 @@
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 
+import java.util.ArrayList;
+import java.util.List;
+
 /**
  * This class contains unit tests for the {@link CarUserService}.
  *
@@ -71,12 +71,14 @@
      * Initialize all of the objects with the @Mock annotation.
      */
     @Before
-    public void setUp() throws Exception {
+    public void setUpMocks() throws Exception {
         MockitoAnnotations.initMocks(this);
         doReturn(mApplicationContext).when(mMockContext).getApplicationContext();
         doReturn(mLocationManager).when(mMockContext).getSystemService(Context.LOCATION_SERVICE);
 
         mCarUserService = new CarUserService(mMockContext, mCarUserManagerHelper);
+
+        doReturn(new ArrayList<>()).when(mCarUserManagerHelper).getAllUsers();
     }
 
     /**
@@ -109,13 +111,7 @@
      */
     @Test
     public void testStartsSecondaryAdminUserOnFirstRun() {
-        List<UserInfo> users = new ArrayList<>();
-
-        int adminUserId = 10;
-        UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
-        doReturn(users).when(mCarUserManagerHelper).getAllUsers();
-        doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+        UserInfo admin = mockAdmin(/* adminId= */ 10);
 
         mCarUserService.onReceive(mMockContext,
                 new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
@@ -129,16 +125,12 @@
      */
     @Test
     public void testDisableModifyAccountsForSystemUserOnFirstRun() {
-        List<UserInfo> users = new ArrayList<>();
-
+        // Mock system user.
         UserInfo systemUser = new UserInfo();
         systemUser.id = UserHandle.USER_SYSTEM;
-        int adminUserId = 10;
-        UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
-        doReturn(users).when(mCarUserManagerHelper).getAllUsers();
         doReturn(systemUser).when(mCarUserManagerHelper).getSystemUserInfo();
-        doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+
+        mockAdmin(10);
 
         mCarUserService.onReceive(mMockContext,
                 new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
@@ -152,22 +144,13 @@
      */
     @Test
     public void testDisableLocationForSystemUserOnFirstRun() {
-        List<UserInfo> users = new ArrayList<>();
-
-        UserInfo systemUser = new UserInfo();
-        systemUser.id = UserHandle.USER_SYSTEM;
-        int adminUserId = 10;
-        UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
-        doReturn(users).when(mCarUserManagerHelper).getAllUsers();
-        doReturn(systemUser).when(mCarUserManagerHelper).getSystemUserInfo();
-        doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+        mockAdmin(/* adminId= */ 10);
 
         mCarUserService.onReceive(mMockContext,
                 new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
 
-        verify(mLocationManager)
-                .setLocationEnabledForUser(/* enabled= */ false, UserHandle.of(systemUser.id));
+        verify(mLocationManager).setLocationEnabledForUser(
+                /* enabled= */ false, UserHandle.of(UserHandle.USER_SYSTEM));
     }
 
     /**
@@ -176,21 +159,13 @@
      */
     @Test
     public void testUpdateLastActiveUserOnFirstRun() {
-        List<UserInfo> users = new ArrayList<>();
-
-        UserInfo systemUser = new UserInfo();
-        systemUser.id = UserHandle.USER_SYSTEM;
-        int adminUserId = 10;
-        UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
-        doReturn(users).when(mCarUserManagerHelper).getAllUsers();
-        doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+        UserInfo admin = mockAdmin(/* adminId= */ 10);
 
         mCarUserService.onReceive(mMockContext,
                 new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
 
         verify(mCarUserManagerHelper)
-                .setLastActiveUser(adminUserId, /* skipGlobalSetting= */ false);
+                .setLastActiveUser(admin.id, /* skipGlobalSetting= */ false);
     }
 
     /**
@@ -236,4 +211,23 @@
         verify(mCarUserManagerHelper).setLastActiveUser(
                 lastActiveUserId, /* skipGlobalSetting= */ false);
     }
+
+    /**
+     * Test that the {@link CarUserService} sets default guest restrictions on first boot.
+     */
+    @Test
+    public void testInitializeGuestRestrictionsOnFirstRun() {
+        mockAdmin(/* adminId= */ 10);
+
+        mCarUserService.onReceive(mMockContext,
+                new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
+
+        verify(mCarUserManagerHelper).initDefaultGuestRestrictions();
+    }
+
+    private UserInfo mockAdmin(int adminId) {
+        UserInfo admin = new UserInfo(adminId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
+        doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+        return admin;
+    }
 }