2 * Copyright (C) 2015 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package com.android.server.devicepolicy;
18 import static android.os.UserManagerInternal.CAMERA_DISABLED_GLOBALLY;
19 import static android.os.UserManagerInternal.CAMERA_DISABLED_LOCALLY;
20 import static android.os.UserManagerInternal.CAMERA_NOT_DISABLED;
22 import android.Manifest.permission;
23 import android.app.Activity;
24 import android.app.Notification;
25 import android.app.NotificationManager;
26 import android.app.admin.DeviceAdminReceiver;
27 import android.app.admin.DevicePolicyManager;
28 import android.app.admin.DevicePolicyManagerInternal;
29 import android.content.BroadcastReceiver;
30 import android.content.ComponentName;
31 import android.content.Context;
32 import android.content.Intent;
33 import android.content.ServiceConnection;
34 import android.content.pm.ApplicationInfo;
35 import android.content.pm.PackageInfo;
36 import android.content.pm.PackageManager;
37 import android.content.pm.StringParceledListSlice;
38 import android.content.res.Resources;
39 import android.graphics.Color;
40 import android.net.IIpConnectivityMetrics;
41 import android.net.Uri;
42 import android.content.pm.UserInfo;
43 import android.net.wifi.WifiInfo;
44 import android.os.Build.VERSION_CODES;
45 import android.os.Bundle;
46 import android.os.IBinder;
47 import android.os.Process;
48 import android.os.UserHandle;
49 import android.os.UserManager;
50 import android.os.UserManagerInternal;
51 import android.provider.Settings;
52 import android.security.IKeyChainService;
53 import android.security.KeyChain;
54 import android.telephony.TelephonyManager;
55 import android.test.MoreAsserts;
56 import android.test.suitebuilder.annotation.SmallTest;
57 import android.util.ArraySet;
58 import android.util.Pair;
60 import com.android.internal.R;
61 import com.android.internal.widget.LockPatternUtils;
62 import com.android.server.LocalServices;
63 import com.android.server.SystemService;
64 import com.android.server.pm.UserRestrictionsUtils;
66 import org.hamcrest.BaseMatcher;
67 import org.hamcrest.Description;
68 import org.mockito.invocation.InvocationOnMock;
69 import org.mockito.stubbing.Answer;
71 import java.util.ArrayList;
72 import java.util.Arrays;
73 import java.util.Collections;
74 import java.util.HashMap;
75 import java.util.List;
78 import java.util.concurrent.TimeUnit;
80 import static android.app.admin.DevicePolicyManager.DELEGATION_APP_RESTRICTIONS;
81 import static android.app.admin.DevicePolicyManager.DELEGATION_CERT_INSTALL;
83 import static org.mockito.Matchers.any;
84 import static org.mockito.Matchers.anyInt;
85 import static org.mockito.Matchers.anyLong;
86 import static org.mockito.Matchers.anyObject;
87 import static org.mockito.Matchers.anyString;
88 import static org.mockito.Matchers.eq;
89 import static org.mockito.Matchers.isNull;
90 import static org.mockito.Mockito.atLeast;
91 import static org.mockito.Mockito.doAnswer;
92 import static org.mockito.Mockito.doReturn;
93 import static org.mockito.Mockito.mock;
94 import static org.mockito.Mockito.never;
95 import static org.mockito.Mockito.nullable;
96 import static org.mockito.Mockito.reset;
97 import static org.mockito.Mockito.timeout;
98 import static org.mockito.Mockito.times;
99 import static org.mockito.Mockito.verify;
100 import static org.mockito.Mockito.verifyZeroInteractions;
101 import static org.mockito.Mockito.when;
102 import static org.mockito.hamcrest.MockitoHamcrest.argThat;
105 * Tests for DevicePolicyManager( and DevicePolicyManagerService).
106 * You can run them via:
107 m FrameworksServicesTests &&
109 -r ${ANDROID_PRODUCT_OUT}/data/app/FrameworksServicesTests/FrameworksServicesTests.apk &&
110 adb shell am instrument -e class com.android.server.devicepolicy.DevicePolicyManagerTest \
111 -w com.android.frameworks.servicestests/android.support.test.runner.AndroidJUnitRunner
113 (mmma frameworks/base/services/tests/servicestests/ for non-ninja build)
116 * runtest -c com.android.server.devicepolicy.DevicePolicyManagerTest frameworks-services
119 public class DevicePolicyManagerTest extends DpmTestBase {
120 private static final List<String> OWNER_SETUP_PERMISSIONS = Arrays.asList(
121 permission.MANAGE_DEVICE_ADMINS, permission.MANAGE_PROFILE_AND_DEVICE_OWNERS,
122 permission.MANAGE_USERS, permission.INTERACT_ACROSS_USERS_FULL);
124 private DpmMockContext mContext;
125 public DevicePolicyManager dpm;
126 public DevicePolicyManagerServiceTestable dpms;
129 * The CA cert below is the content of cacert.pem as generated by:
131 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
133 private static final String TEST_CA =
134 "-----BEGIN CERTIFICATE-----\n" +
135 "MIIDXTCCAkWgAwIBAgIJAK9Tl/F9V8kSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" +
136 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" +
137 "aWRnaXRzIFB0eSBMdGQwHhcNMTUwMzA2MTczMjExWhcNMjUwMzAzMTczMjExWjBF\n" +
138 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" +
139 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
140 "CgKCAQEAvItOutsE75WBTgTyNAHt4JXQ3JoseaGqcC3WQij6vhrleWi5KJ0jh1/M\n" +
141 "Rpry7Fajtwwb4t8VZa0NuM2h2YALv52w1xivql88zce/HU1y7XzbXhxis9o6SCI+\n" +
142 "oVQSbPeXRgBPppFzBEh3ZqYTVhAqw451XhwdA4Aqs3wts7ddjwlUzyMdU44osCUg\n" +
143 "kVg7lfPf9sTm5IoHVcfLSCWH5n6Nr9sH3o2ksyTwxuOAvsN11F/a0mmUoPciYPp+\n" +
144 "q7DzQzdi7akRG601DZ4YVOwo6UITGvDyuAAdxl5isovUXqe6Jmz2/myTSpAKxGFs\n" +
145 "jk9oRoG6WXWB1kni490GIPjJ1OceyQIDAQABo1AwTjAdBgNVHQ4EFgQUH1QIlPKL\n" +
146 "p2OQ/AoLOjKvBW4zK3AwHwYDVR0jBBgwFoAUH1QIlPKLp2OQ/AoLOjKvBW4zK3Aw\n" +
147 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcMi4voMMJHeQLjtq8Oky\n" +
148 "Azpyk8moDwgCd4llcGj7izOkIIFqq/lyqKdtykVKUWz2bSHO5cLrtaOCiBWVlaCV\n" +
149 "DYAnnVLM8aqaA6hJDIfaGs4zmwz0dY8hVMFCuCBiLWuPfiYtbEmjHGSmpQTG6Qxn\n" +
150 "ZJlaK5CZyt5pgh5EdNdvQmDEbKGmu0wpCq9qjZImwdyAul1t/B0DrsWApZMgZpeI\n" +
151 "d2od0VBrCICB1K4p+C51D93xyQiva7xQcCne+TAnGNy9+gjQ/MyR8MRpwRLv5ikD\n" +
152 "u0anJCN8pXo6IMglfMAsoton1J6o5/ae5uhC6caQU8bNUsCK570gpNfjkzo6rbP0\n" +
154 "-----END CERTIFICATE-----\n";
157 protected void setUp() throws Exception {
160 mContext = getContext();
161 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
164 // By default, pretend all users are running and unlocked.
165 when(mContext.userManager.isUserUnlocked(anyInt())).thenReturn(true);
169 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
170 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
171 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_UID);
172 setUpPackageManagerForAdmin(adminNoPerm, DpmMockContext.CALLER_UID);
178 protected void tearDown() throws Exception {
183 private void initializeDpms() {
184 // Need clearCallingIdentity() to pass permission checks.
185 final long ident = mContext.binder.clearCallingIdentity();
187 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
189 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir);
191 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY);
192 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED);
194 dpm = new DevicePolicyManagerTestable(mContext, dpms);
196 mContext.binder.restoreCallingIdentity(ident);
200 private void setUpUserManager() {
201 // Emulate UserManager.set/getApplicationRestriction().
202 final Map<Pair<String, UserHandle>, Bundle> appRestrictions = new HashMap<>();
204 // UM.setApplicationRestrictions() will save to appRestrictions.
205 doAnswer(new Answer<Void>() {
207 public Void answer(InvocationOnMock invocation) throws Throwable {
208 String pkg = (String) invocation.getArguments()[0];
209 Bundle bundle = (Bundle) invocation.getArguments()[1];
210 UserHandle user = (UserHandle) invocation.getArguments()[2];
212 appRestrictions.put(Pair.create(pkg, user), bundle);
216 }).when(mContext.userManager).setApplicationRestrictions(
217 anyString(), nullable(Bundle.class), any(UserHandle.class));
219 // UM.getApplicationRestrictions() will read from appRestrictions.
220 doAnswer(new Answer<Bundle>() {
222 public Bundle answer(InvocationOnMock invocation) throws Throwable {
223 String pkg = (String) invocation.getArguments()[0];
224 UserHandle user = (UserHandle) invocation.getArguments()[1];
226 return appRestrictions.get(Pair.create(pkg, user));
228 }).when(mContext.userManager).getApplicationRestrictions(
229 anyString(), any(UserHandle.class));
231 // Add the first secondary user.
232 mContext.addUser(DpmMockContext.CALLER_USER_HANDLE, 0);
235 private void setAsProfileOwner(ComponentName admin) {
236 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
237 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
239 // PO needs to be an DA.
240 dpm.setActiveAdmin(admin, /* replace =*/ false);
243 assertTrue(dpm.setProfileOwner(admin, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
246 assertEquals(admin, dpm.getProfileOwnerAsUser(DpmMockContext.CALLER_USER_HANDLE));
249 public void testHasNoFeature() throws Exception {
250 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN)))
253 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class);
254 new DevicePolicyManagerServiceTestable(mContext, dataDir);
256 // If the device has no DPMS feature, it shouldn't register the local service.
257 assertNull(LocalServices.getService(DevicePolicyManagerInternal.class));
261 * Caller doesn't have proper permissions.
263 public void testSetActiveAdmin_SecurityException() {
266 // Caller doesn't have MANAGE_DEVICE_ADMINS.
268 dpm.setActiveAdmin(admin1, false);
269 fail("Didn't throw SecurityException");
270 } catch (SecurityException expected) {
273 // Caller has MANAGE_DEVICE_ADMINS, but for different user.
274 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
276 dpm.setActiveAdmin(admin1, false, DpmMockContext.CALLER_USER_HANDLE + 1);
277 fail("Didn't throw SecurityException");
278 } catch (SecurityException expected) {
284 * {@link DevicePolicyManager#setActiveAdmin}
285 * with replace=false and replace=true
286 * {@link DevicePolicyManager#isAdminActive}
287 * {@link DevicePolicyManager#isAdminActiveAsUser}
288 * {@link DevicePolicyManager#getActiveAdmins}
289 * {@link DevicePolicyManager#getActiveAdminsAsUser}
291 public void testSetActiveAdmin() throws Exception {
292 // 1. Make sure the caller has proper permissions.
293 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
296 dpm.setActiveAdmin(admin1, /* replace =*/ false);
298 // 3. Verify internal calls.
300 // Check if the boradcast is sent.
301 verify(mContext.spiedContext).sendBroadcastAsUser(
302 MockUtils.checkIntentAction(
303 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
304 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
305 verify(mContext.spiedContext).sendBroadcastAsUser(
306 MockUtils.checkIntentAction(
307 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_ENABLED),
308 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
310 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
311 eq(admin1.getPackageName()),
312 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
313 eq(PackageManager.DONT_KILL_APP),
314 eq(DpmMockContext.CALLER_USER_HANDLE),
317 // TODO Verify other calls too.
319 // Make sure it's active admin1.
320 assertTrue(dpm.isAdminActive(admin1));
321 assertFalse(dpm.isAdminActive(admin2));
322 assertFalse(dpm.isAdminActive(admin3));
324 // But not admin1 for a different user.
326 // For this to work, caller needs android.permission.INTERACT_ACROSS_USERS_FULL.
327 // (Because we're checking a different user's status from CALLER_USER_HANDLE.)
328 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
330 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE + 1));
331 assertFalse(dpm.isAdminActiveAsUser(admin2, DpmMockContext.CALLER_USER_HANDLE + 1));
333 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
335 // Next, add one more admin.
336 // Before doing so, update the application info, now it's enabled.
337 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID,
338 PackageManager.COMPONENT_ENABLED_STATE_ENABLED);
340 dpm.setActiveAdmin(admin2, /* replace =*/ false);
342 // Now we have two admins.
343 assertTrue(dpm.isAdminActive(admin1));
344 assertTrue(dpm.isAdminActive(admin2));
345 assertFalse(dpm.isAdminActive(admin3));
347 // Admin2 was already enabled, so setApplicationEnabledSetting() shouldn't have called
348 // again. (times(1) because it was previously called for admin1)
349 verify(mContext.ipackageManager, times(1)).setApplicationEnabledSetting(
350 eq(admin1.getPackageName()),
351 eq(PackageManager.COMPONENT_ENABLED_STATE_DEFAULT),
352 eq(PackageManager.DONT_KILL_APP),
353 eq(DpmMockContext.CALLER_USER_HANDLE),
356 // 4. Add the same admin1 again without replace, which should throw.
358 dpm.setActiveAdmin(admin1, /* replace =*/ false);
359 fail("Didn't throw");
360 } catch (IllegalArgumentException expected) {
363 // 5. Add the same admin1 again with replace, which should succeed.
364 dpm.setActiveAdmin(admin1, /* replace =*/ true);
366 // TODO make sure it's replaced.
368 // 6. Test getActiveAdmins()
369 List<ComponentName> admins = dpm.getActiveAdmins();
370 assertEquals(2, admins.size());
371 assertEquals(admin1, admins.get(0));
372 assertEquals(admin2, admins.get(1));
374 // Another user has no admins.
375 mContext.callerPermissions.add("android.permission.INTERACT_ACROSS_USERS_FULL");
377 assertEquals(0, DpmTestUtils.getListSizeAllowingNull(
378 dpm.getActiveAdminsAsUser(DpmMockContext.CALLER_USER_HANDLE + 1)));
380 mContext.callerPermissions.remove("android.permission.INTERACT_ACROSS_USERS_FULL");
383 public void testSetActiveAdmin_multiUsers() throws Exception {
385 final int ANOTHER_USER_ID = 100;
386 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 20456);
388 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
390 // Set up pacakge manager for the other user.
391 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
393 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
395 dpm.setActiveAdmin(admin1, /* replace =*/ false);
397 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
398 dpm.setActiveAdmin(admin2, /* replace =*/ false);
401 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
402 assertTrue(dpm.isAdminActive(admin1));
403 assertFalse(dpm.isAdminActive(admin2));
405 mMockContext.binder.callingUid = ANOTHER_ADMIN_UID;
406 assertFalse(dpm.isAdminActive(admin1));
407 assertTrue(dpm.isAdminActive(admin2));
412 * {@link DevicePolicyManager#setActiveAdmin}
415 public void testSetActiveAdmin_twiceWithoutReplace() throws Exception {
416 // 1. Make sure the caller has proper permissions.
417 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
419 dpm.setActiveAdmin(admin1, /* replace =*/ false);
420 assertTrue(dpm.isAdminActive(admin1));
422 // Add the same admin1 again without replace, which should throw.
424 dpm.setActiveAdmin(admin1, /* replace =*/ false);
425 fail("Didn't throw");
426 } catch (IllegalArgumentException expected) {
432 * {@link DevicePolicyManager#setActiveAdmin} when the admin isn't protected with
435 public void testSetActiveAdmin_permissionCheck() throws Exception {
436 // 1. Make sure the caller has proper permissions.
437 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
440 dpm.setActiveAdmin(adminNoPerm, /* replace =*/ false);
442 } catch (IllegalArgumentException expected) {
443 assertTrue(expected.getMessage().contains(permission.BIND_DEVICE_ADMIN));
445 assertFalse(dpm.isAdminActive(adminNoPerm));
447 // Change the target API level to MNC. Now it can be set as DA.
448 setUpPackageManagerForAdmin(adminNoPerm, DpmMockContext.CALLER_UID, null,
450 dpm.setActiveAdmin(adminNoPerm, /* replace =*/ false);
451 assertTrue(dpm.isAdminActive(adminNoPerm));
453 // TODO Test the "load from the file" case where DA will still be loaded even without
454 // BIND_DEVICE_ADMIN and target API is N.
459 * {@link DevicePolicyManager#removeActiveAdmin}
461 public void testRemoveActiveAdmin_SecurityException() {
462 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
466 dpm.setActiveAdmin(admin1, /* replace =*/ false);
468 assertTrue(dpm.isAdminActive(admin1));
470 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
472 // Directly call the DPMS method with a different userid, which should fail.
474 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE + 1);
475 fail("Didn't throw SecurityException");
476 } catch (SecurityException expected) {
479 // Try to remove active admin with a different caller userid should fail too, without
480 // having MANAGE_DEVICE_ADMINS.
481 mContext.callerPermissions.clear();
483 // Change the caller, and call into DPMS directly with a different user-id.
485 mContext.binder.callingUid = 1234567;
487 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
488 fail("Didn't throw SecurityException");
489 } catch (SecurityException expected) {
494 * {@link DevicePolicyManager#removeActiveAdmin} should fail with the user is not unlocked
495 * (because we can't send the remove broadcast).
497 public void testRemoveActiveAdmin_userNotRunningOrLocked() {
498 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
500 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
504 dpm.setActiveAdmin(admin1, /* replace =*/ false);
506 assertTrue(dpm.isAdminActive(admin1));
508 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
510 // 1. User not unlocked.
511 when(mContext.userManager.isUserUnlocked(eq(DpmMockContext.CALLER_USER_HANDLE)))
514 dpm.removeActiveAdmin(admin1);
515 fail("Didn't throw IllegalStateException");
516 } catch (IllegalStateException expected) {
517 MoreAsserts.assertContainsRegex(
518 "User must be running and unlocked", expected.getMessage());
521 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
524 when(mContext.userManager.isUserUnlocked(eq(DpmMockContext.CALLER_USER_HANDLE)))
527 dpm.removeActiveAdmin(admin1);
528 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE));
533 * {@link DevicePolicyManager#removeActiveAdmin}
535 public void testRemoveActiveAdmin_fromDifferentUserWithINTERACT_ACROSS_USERS_FULL() {
536 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
540 dpm.setActiveAdmin(admin1, /* replace =*/ false);
542 assertTrue(dpm.isAdminActive(admin1));
543 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
545 // Different user, but should work, because caller has proper permissions.
546 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
548 // Change the caller, and call into DPMS directly with a different user-id.
549 mContext.binder.callingUid = 1234567;
551 dpms.removeActiveAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE);
552 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE));
554 // TODO DO Still can't be removed in this case.
559 * {@link DevicePolicyManager#removeActiveAdmin}
561 public void testRemoveActiveAdmin_sameUserNoMANAGE_DEVICE_ADMINS() {
562 // Need MANAGE_DEVICE_ADMINS for setActiveAdmin. We'll remove it later.
563 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
567 dpm.setActiveAdmin(admin1, /* replace =*/ false);
569 assertTrue(dpm.isAdminActive(admin1));
570 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
572 // Broadcast from saveSettingsLocked().
573 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
574 MockUtils.checkIntentAction(
575 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
576 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
578 // Remove. No permissions, but same user, so it'll work.
579 mContext.callerPermissions.clear();
580 dpm.removeActiveAdmin(admin1);
582 verify(mContext.spiedContext).sendOrderedBroadcastAsUser(
583 MockUtils.checkIntentAction(
584 DeviceAdminReceiver.ACTION_DEVICE_ADMIN_DISABLED),
585 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE),
586 isNull(String.class),
587 any(BroadcastReceiver.class),
589 eq(Activity.RESULT_OK),
590 isNull(String.class),
591 isNull(Bundle.class));
593 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE));
595 // Again broadcast from saveSettingsLocked().
596 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
597 MockUtils.checkIntentAction(
598 DevicePolicyManager.ACTION_DEVICE_POLICY_MANAGER_STATE_CHANGED),
599 MockUtils.checkUserHandle(DpmMockContext.CALLER_USER_HANDLE));
601 // TODO Check other internal calls.
605 * Test for: @{link DevicePolicyManager#setActivePasswordState}
607 * Validates that when the password for a user changes, the notification broadcast intent
608 * {@link DeviceAdminReceiver#ACTION_PASSWORD_CHANGED} is sent to managed profile owners, in
609 * addition to ones in the original user.
611 public void testSetActivePasswordState_sendToProfiles() throws Exception {
612 mContext.callerPermissions.add(permission.BIND_DEVICE_ADMIN);
614 final int MANAGED_PROFILE_USER_ID = 78;
615 final int MANAGED_PROFILE_ADMIN_UID =
616 UserHandle.getUid(MANAGED_PROFILE_USER_ID, DpmMockContext.SYSTEM_UID);
618 // Setup device owner.
619 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
620 mContext.packageName = admin1.getPackageName();
623 // Add a managed profile belonging to the system user.
624 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
626 // Change the parent user's password.
627 dpm.reportPasswordChanged(UserHandle.USER_SYSTEM);
629 // Both the device owner and the managed profile owner should receive this broadcast.
630 final Intent intent = new Intent(DeviceAdminReceiver.ACTION_PASSWORD_CHANGED);
631 intent.setComponent(admin1);
632 intent.putExtra(Intent.EXTRA_USER, UserHandle.of(UserHandle.USER_SYSTEM));
634 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
635 MockUtils.checkIntent(intent),
636 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
637 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
638 MockUtils.checkIntent(intent),
639 MockUtils.checkUserHandle(MANAGED_PROFILE_USER_ID));
643 * Test for: @{link DevicePolicyManager#setActivePasswordState}
645 * Validates that when the password for a managed profile changes, the notification broadcast
646 * intent {@link DeviceAdminReceiver#ACTION_PASSWORD_CHANGED} is only sent to the profile, not
649 public void testSetActivePasswordState_notSentToParent() throws Exception {
650 mContext.callerPermissions.add(permission.BIND_DEVICE_ADMIN);
652 final int MANAGED_PROFILE_USER_ID = 78;
653 final int MANAGED_PROFILE_ADMIN_UID =
654 UserHandle.getUid(MANAGED_PROFILE_USER_ID, DpmMockContext.SYSTEM_UID);
656 // Setup device owner.
657 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
658 mContext.packageName = admin1.getPackageName();
659 doReturn(true).when(mContext.lockPatternUtils)
660 .isSeparateProfileChallengeEnabled(MANAGED_PROFILE_USER_ID);
663 // Add a managed profile belonging to the system user.
664 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
666 // Change the profile's password.
667 dpm.reportPasswordChanged(MANAGED_PROFILE_USER_ID);
669 // Both the device owner and the managed profile owner should receive this broadcast.
670 final Intent intent = new Intent(DeviceAdminReceiver.ACTION_PASSWORD_CHANGED);
671 intent.setComponent(admin1);
672 intent.putExtra(Intent.EXTRA_USER, UserHandle.of(MANAGED_PROFILE_USER_ID));
674 verify(mContext.spiedContext, never()).sendBroadcastAsUser(
675 MockUtils.checkIntent(intent),
676 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
677 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
678 MockUtils.checkIntent(intent),
679 MockUtils.checkUserHandle(MANAGED_PROFILE_USER_ID));
682 * Test for: {@link DevicePolicyManager#setDeviceOwner} DO on system user installs successfully.
684 public void testSetDeviceOwner() throws Exception {
687 // Try to set a profile owner on the same user, which should fail.
688 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
689 dpm.setActiveAdmin(admin2, /* refreshing= */ true, UserHandle.USER_SYSTEM);
691 dpm.setProfileOwner(admin2, "owner-name", UserHandle.USER_SYSTEM);
692 fail("IllegalStateException not thrown");
693 } catch (IllegalStateException expected) {
694 assertTrue("Message was: " + expected.getMessage(),
695 expected.getMessage().contains("already has a device owner"));
698 // DO admin can't be deactivated.
699 dpm.removeActiveAdmin(admin1);
700 assertTrue(dpm.isAdminActive(admin1));
702 // TODO Test getDeviceOwnerName() too. To do so, we need to change
703 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
706 private void setDeviceOwner() throws Exception {
707 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
708 mContext.callerPermissions.add(permission.MANAGE_USERS);
709 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
710 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
712 // In this test, change the caller user to "system".
713 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
715 // Make sure admin1 is installed on system user.
716 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
718 // Check various get APIs.
719 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ false);
721 // DO needs to be an DA.
722 dpm.setActiveAdmin(admin1, /* replace =*/ false);
725 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
727 // getDeviceOwnerComponent should return the admin1 component.
728 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
729 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
731 // Check various get APIs.
732 checkGetDeviceOwnerInfoApi(dpm, /* hasDeviceOwner =*/ true);
734 // getDeviceOwnerComponent should *NOT* return the admin1 component for other users.
735 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
736 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
737 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
739 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
741 // Verify internal calls.
742 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
743 eq(admin1.getPackageName()));
745 // TODO We should check if the caller has called clearCallerIdentity().
746 verify(mContext.ibackupManager, times(1)).setBackupServiceActive(
747 eq(UserHandle.USER_SYSTEM), eq(false));
749 verify(mContext.spiedContext, times(1)).sendBroadcastAsUser(
750 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
751 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
753 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
756 private void checkGetDeviceOwnerInfoApi(DevicePolicyManager dpm, boolean hasDeviceOwner) {
757 final int origCallingUser = mContext.binder.callingUid;
758 final List origPermissions = new ArrayList(mContext.callerPermissions);
759 mContext.callerPermissions.clear();
761 mContext.callerPermissions.add(permission.MANAGE_USERS);
763 mContext.binder.callingUid = Process.SYSTEM_UID;
765 // TODO Test getDeviceOwnerName() too. To do so, we need to change
766 // DPMS.getApplicationLabel() because Context.createPackageContextAsUser() is not mockable.
767 if (hasDeviceOwner) {
768 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
769 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
770 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
772 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
773 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
774 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
776 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
777 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
778 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
780 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
781 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
782 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
785 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
786 if (hasDeviceOwner) {
787 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
788 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
789 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
791 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
792 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
793 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
795 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
796 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
797 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
799 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
800 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
801 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
804 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
805 // Still with MANAGE_USERS.
806 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
807 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
808 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
810 if (hasDeviceOwner) {
811 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
812 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
813 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
815 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
816 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
817 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
820 mContext.binder.callingUid = Process.SYSTEM_UID;
821 mContext.callerPermissions.remove(permission.MANAGE_USERS);
822 // System can still call "OnAnyUser" without MANAGE_USERS.
823 if (hasDeviceOwner) {
824 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
825 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
826 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
828 assertTrue(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
829 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
830 assertEquals(UserHandle.USER_SYSTEM, dpm.getDeviceOwnerUserId());
832 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
833 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
834 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
836 assertFalse(dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName()));
837 assertEquals(null, dpm.getDeviceOwnerComponentOnAnyUser());
838 assertEquals(UserHandle.USER_NULL, dpm.getDeviceOwnerUserId());
841 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
842 // Still no MANAGE_USERS.
843 if (hasDeviceOwner) {
844 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
845 assertTrue(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
846 assertEquals(admin1, dpm.getDeviceOwnerComponentOnCallingUser());
848 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
849 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
850 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
854 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
856 } catch (SecurityException expected) {
859 dpm.getDeviceOwnerComponentOnAnyUser();
861 } catch (SecurityException expected) {
864 dpm.getDeviceOwnerUserId();
866 } catch (SecurityException expected) {
869 dpm.getDeviceOwnerNameOnAnyUser();
871 } catch (SecurityException expected) {
874 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
875 // Still no MANAGE_USERS.
876 assertFalse(dpm.isDeviceOwnerApp(admin1.getPackageName()));
877 assertFalse(dpm.isDeviceOwnerAppOnCallingUser(admin1.getPackageName()));
878 assertEquals(null, dpm.getDeviceOwnerComponentOnCallingUser());
881 dpm.isDeviceOwnerAppOnAnyUser(admin1.getPackageName());
883 } catch (SecurityException expected) {
886 dpm.getDeviceOwnerComponentOnAnyUser();
888 } catch (SecurityException expected) {
891 dpm.getDeviceOwnerUserId();
893 } catch (SecurityException expected) {
896 dpm.getDeviceOwnerNameOnAnyUser();
898 } catch (SecurityException expected) {
902 mContext.binder.callingUid = origCallingUser;
903 mContext.callerPermissions.addAll(origPermissions);
908 * Test for: {@link DevicePolicyManager#setDeviceOwner} Package doesn't exist.
910 public void testSetDeviceOwner_noSuchPackage() {
911 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
912 mContext.callerPermissions.add(permission.MANAGE_USERS);
913 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
914 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
916 // Call from a process on the system user.
917 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
920 dpm.setDeviceOwner(new ComponentName("a.b.c", ".def"));
921 fail("Didn't throw IllegalArgumentException");
922 } catch (IllegalArgumentException expected) {
923 assertTrue("Message was: " + expected.getMessage(),
924 expected.getMessage().contains("Invalid component"));
928 public void testSetDeviceOwner_failures() throws Exception {
929 // TODO Test more failure cases. Basically test all chacks in enforceCanSetDeviceOwner().
932 public void testClearDeviceOwner() throws Exception {
933 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
934 mContext.callerPermissions.add(permission.MANAGE_USERS);
935 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
936 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
938 // Set admin1 as a DA to the secondary user.
939 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
941 dpm.setActiveAdmin(admin1, /* replace =*/ false);
943 // Set admin 1 as the DO to the system user.
945 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
946 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
947 dpm.setActiveAdmin(admin1, /* replace =*/ false);
948 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
950 // Verify internal calls.
951 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
952 eq(admin1.getPackageName()));
954 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
956 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
957 when(mContext.userManager.hasUserRestriction(eq(UserManager.DISALLOW_ADD_USER),
958 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM))).thenReturn(true);
960 assertTrue(dpm.isAdminActive(admin1));
961 assertFalse(dpm.isRemovingAdmin(admin1, UserHandle.USER_SYSTEM));
963 // Set up other mocks.
964 when(mContext.userManager.getUserRestrictions()).thenReturn(new Bundle());
967 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager).getPackageUidAsUser(
968 eq(admin1.getPackageName()),
971 // But first pretend the user is locked. Then it should fail.
972 when(mContext.userManager.isUserUnlocked(anyInt())).thenReturn(false);
974 dpm.clearDeviceOwnerApp(admin1.getPackageName());
975 fail("Didn't throw IllegalStateException");
976 } catch (IllegalStateException expected) {
977 MoreAsserts.assertContainsRegex(
978 "User must be running and unlocked", expected.getMessage());
981 when(mContext.userManager.isUserUnlocked(anyInt())).thenReturn(true);
982 reset(mContext.userManagerInternal);
983 dpm.clearDeviceOwnerApp(admin1.getPackageName());
985 // Now DO shouldn't be set.
986 assertNull(dpm.getDeviceOwnerComponentOnAnyUser());
988 verify(mContext.userManager).setUserRestriction(eq(UserManager.DISALLOW_ADD_USER),
990 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
992 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
993 eq(UserHandle.USER_SYSTEM),
995 eq(true), eq(CAMERA_NOT_DISABLED));
997 assertFalse(dpm.isAdminActiveAsUser(admin1, UserHandle.USER_SYSTEM));
999 // ACTION_DEVICE_OWNER_CHANGED should be sent twice, once for setting the device owner
1000 // and once for clearing it.
1001 verify(mContext.spiedContext, times(2)).sendBroadcastAsUser(
1002 MockUtils.checkIntentAction(DevicePolicyManager.ACTION_DEVICE_OWNER_CHANGED),
1003 MockUtils.checkUserHandle(UserHandle.USER_SYSTEM));
1004 // TODO Check other calls.
1007 public void testClearDeviceOwner_fromDifferentUser() throws Exception {
1008 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1009 mContext.callerPermissions.add(permission.MANAGE_USERS);
1010 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1011 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1013 // Set admin1 as a DA to the secondary user.
1014 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
1016 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1018 // Set admin 1 as the DO to the system user.
1020 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1021 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1022 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1023 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
1025 // Verify internal calls.
1026 verify(mContext.iactivityManager, times(1)).updateDeviceOwner(
1027 eq(admin1.getPackageName()));
1029 assertEquals(admin1, dpm.getDeviceOwnerComponentOnAnyUser());
1031 // Now call clear from the secondary user, which should throw.
1032 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1035 doReturn(DpmMockContext.CALLER_UID).when(mContext.packageManager).getPackageUidAsUser(
1036 eq(admin1.getPackageName()),
1039 dpm.clearDeviceOwnerApp(admin1.getPackageName());
1040 fail("Didn't throw");
1041 } catch (SecurityException e) {
1042 assertEquals("clearDeviceOwner can only be called by the device owner", e.getMessage());
1045 // DO shouldn't be removed.
1046 assertTrue(dpm.isDeviceManaged());
1049 public void testSetProfileOwner() throws Exception {
1050 setAsProfileOwner(admin1);
1052 // PO admin can't be deactivated.
1053 dpm.removeActiveAdmin(admin1);
1054 assertTrue(dpm.isAdminActive(admin1));
1056 // Try setting DO on the same user, which should fail.
1057 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
1058 dpm.setActiveAdmin(admin2, /* refreshing= */ true, DpmMockContext.CALLER_USER_HANDLE);
1060 dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE);
1061 fail("IllegalStateException not thrown");
1062 } catch (IllegalStateException expected) {
1063 assertTrue("Message was: " + expected.getMessage(),
1064 expected.getMessage().contains("already has a profile owner"));
1068 public void testClearProfileOwner() throws Exception {
1069 setAsProfileOwner(admin1);
1071 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1073 assertTrue(dpm.isProfileOwnerApp(admin1.getPackageName()));
1074 assertFalse(dpm.isRemovingAdmin(admin1, DpmMockContext.CALLER_USER_HANDLE));
1076 // First try when the user is locked, which should fail.
1077 when(mContext.userManager.isUserUnlocked(anyInt()))
1080 dpm.clearProfileOwner(admin1);
1081 fail("Didn't throw IllegalStateException");
1082 } catch (IllegalStateException expected) {
1083 MoreAsserts.assertContainsRegex(
1084 "User must be running and unlocked", expected.getMessage());
1087 when(mContext.userManager.isUserUnlocked(anyInt()))
1089 dpm.clearProfileOwner(admin1);
1092 assertFalse(dpm.isProfileOwnerApp(admin1.getPackageName()));
1093 assertFalse(dpm.isAdminActiveAsUser(admin1, DpmMockContext.CALLER_USER_HANDLE));
1096 public void testSetProfileOwner_failures() throws Exception {
1097 // TODO Test more failure cases. Basically test all chacks in enforceCanSetProfileOwner().
1100 public void testGetDeviceOwnerAdminLocked() throws Exception {
1101 checkDeviceOwnerWithMultipleDeviceAdmins();
1104 private void checkDeviceOwnerWithMultipleDeviceAdmins() throws Exception {
1105 // In ths test, we use 3 users (system + 2 secondary users), set some device admins to them,
1106 // set admin2 on CALLER_USER_HANDLE as DO, then call getDeviceOwnerAdminLocked() to
1107 // make sure it gets the right component from the right user.
1109 final int ANOTHER_USER_ID = 100;
1110 final int ANOTHER_ADMIN_UID = UserHandle.getUid(ANOTHER_USER_ID, 456);
1112 mMockContext.addUser(ANOTHER_USER_ID, 0); // Add one more user.
1114 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1115 mContext.callerPermissions.add(permission.MANAGE_USERS);
1116 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1117 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1119 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1121 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
1123 // Make sure the admin packge is installed to each user.
1124 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1125 setUpPackageManagerForAdmin(admin3, DpmMockContext.CALLER_SYSTEM_USER_UID);
1127 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
1128 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_UID);
1130 setUpPackageManagerForAdmin(admin2, ANOTHER_ADMIN_UID);
1133 // Set active admins to the users.
1134 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1135 dpm.setActiveAdmin(admin3, /* replace =*/ false);
1137 dpm.setActiveAdmin(admin1, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
1138 dpm.setActiveAdmin(admin2, /* replace =*/ false, DpmMockContext.CALLER_USER_HANDLE);
1140 dpm.setActiveAdmin(admin2, /* replace =*/ false, ANOTHER_USER_ID);
1142 // Set DO on the first non-system user.
1143 mContext.setUserRunning(DpmMockContext.CALLER_USER_HANDLE, true);
1144 assertTrue(dpm.setDeviceOwner(admin2, "owner-name", DpmMockContext.CALLER_USER_HANDLE));
1146 assertEquals(admin2, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
1148 // Then check getDeviceOwnerAdminLocked().
1149 assertEquals(admin2, dpms.getDeviceOwnerAdminLocked().info.getComponent());
1150 assertEquals(DpmMockContext.CALLER_UID, dpms.getDeviceOwnerAdminLocked().getUid());
1154 * This essentially tests
1155 * {@code DevicePolicyManagerService.findOwnerComponentIfNecessaryLocked()}. (which is
1158 * We didn't use to persist the DO component class name, but now we do, and the above method
1159 * finds the right component from a package name upon migration.
1161 public void testDeviceOwnerMigration() throws Exception {
1162 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
1163 checkDeviceOwnerWithMultipleDeviceAdmins();
1165 // Overwrite the device owner setting and clears the clas name.
1166 dpms.mOwners.setDeviceOwner(
1167 new ComponentName(admin2.getPackageName(), ""),
1168 "owner-name", DpmMockContext.CALLER_USER_HANDLE);
1169 dpms.mOwners.writeDeviceOwner();
1171 // Make sure the DO component name doesn't have a class name.
1172 assertEquals("", dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false).getClassName());
1174 // Then create a new DPMS to have it load the settings from files.
1175 when(mContext.userManager.getUserRestrictions(any(UserHandle.class)))
1176 .thenReturn(new Bundle());
1179 // Now the DO component name is a full name.
1180 // *BUT* because both admin1 and admin2 belong to the same package, we think admin1 is the
1182 assertEquals(admin1, dpms.getDeviceOwnerComponent(/* callingUserOnly =*/ false));
1185 public void testSetGetApplicationRestriction() {
1186 setAsProfileOwner(admin1);
1187 mContext.packageName = admin1.getPackageName();
1190 Bundle rest = new Bundle();
1191 rest.putString("KEY_STRING", "Foo1");
1192 dpm.setApplicationRestrictions(admin1, "pkg1", rest);
1196 Bundle rest = new Bundle();
1197 rest.putString("KEY_STRING", "Foo2");
1198 dpm.setApplicationRestrictions(admin1, "pkg2", rest);
1202 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg1");
1203 assertNotNull(returned);
1204 assertEquals(returned.size(), 1);
1205 assertEquals(returned.get("KEY_STRING"), "Foo1");
1209 Bundle returned = dpm.getApplicationRestrictions(admin1, "pkg2");
1210 assertNotNull(returned);
1211 assertEquals(returned.size(), 1);
1212 assertEquals(returned.get("KEY_STRING"), "Foo2");
1215 dpm.setApplicationRestrictions(admin1, "pkg2", new Bundle());
1216 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg2").size());
1220 * Setup a package in the package manager mock for {@link DpmMockContext#CALLER_USER_HANDLE}.
1221 * Useful for faking installed applications.
1223 * @param packageName the name of the package to be setup
1224 * @param appId the application ID to be given to the package
1225 * @return the UID of the package as known by the mock package manager
1227 private int setupPackageInPackageManager(final String packageName, final int appId)
1229 return setupPackageInPackageManager(
1230 packageName, DpmMockContext.CALLER_USER_HANDLE, appId,
1231 ApplicationInfo.FLAG_HAS_CODE);
1235 * Setup a package in the package manager mock. Useful for faking installed applications.
1237 * @param packageName the name of the package to be setup
1238 * @param userId the user id where the package will be "installed"
1239 * @param appId the application ID to be given to the package
1240 * @param flags flags to set in the ApplicationInfo for this package
1241 * @return the UID of the package as known by the mock package manager
1243 private int setupPackageInPackageManager(
1244 final String packageName, int userId, final int appId, int flags)
1246 // Make the PackageManager return the package instead of throwing a NameNotFoundException
1247 final PackageInfo pi = new PackageInfo();
1248 pi.applicationInfo = new ApplicationInfo();
1249 pi.applicationInfo.flags = flags;
1250 doReturn(pi).when(mContext.ipackageManager).getPackageInfo(
1254 doReturn(pi.applicationInfo).when(mContext.ipackageManager).getApplicationInfo(
1259 // Setup application UID with the PackageManager
1260 final int uid = UserHandle.getUid(userId, appId);
1261 doReturn(uid).when(mContext.packageManager).getPackageUidAsUser(
1264 // Associate packageName to uid
1265 doReturn(packageName).when(mContext.ipackageManager).getNameForUid(eq(uid));
1266 doReturn(new String[]{packageName})
1267 .when(mContext.ipackageManager).getPackagesForUid(eq(uid));
1271 public void testCertificateDisclosure() throws Exception {
1272 final int userId = DpmMockContext.CALLER_USER_HANDLE;
1273 final UserHandle user = UserHandle.of(userId);
1275 mContext.applicationInfo = new ApplicationInfo();
1276 mContext.callerPermissions.add(permission.MANAGE_USERS);
1277 mContext.packageName = "com.android.frameworks.servicestests";
1278 mContext.addPackageContext(user, mContext);
1279 when(mContext.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
1281 StringParceledListSlice oneCert = asSlice(new String[] {"1"});
1282 StringParceledListSlice fourCerts = asSlice(new String[] {"1", "2", "3", "4"});
1284 final String TEST_STRING = "Test for exactly 2 certs out of 4";
1285 doReturn(TEST_STRING).when(mContext.resources).getQuantityText(anyInt(), eq(2));
1287 // Given that we have exactly one certificate installed,
1288 when(mContext.keyChainConnection.getService().getUserCaAliases()).thenReturn(oneCert);
1289 // when that certificate is approved,
1290 dpms.approveCaCert(oneCert.getList().get(0), userId, true);
1291 // a notification should not be shown.
1292 verify(mContext.notificationManager, timeout(1000))
1293 .cancelAsUser(anyString(), anyInt(), eq(user));
1295 // Given that we have four certificates installed,
1296 when(mContext.keyChainConnection.getService().getUserCaAliases()).thenReturn(fourCerts);
1297 // when two of them are approved (one of them approved twice hence no action),
1298 dpms.approveCaCert(fourCerts.getList().get(0), userId, true);
1299 dpms.approveCaCert(fourCerts.getList().get(1), userId, true);
1300 // a notification should be shown saying that there are two certificates left to approve.
1301 verify(mContext.notificationManager, timeout(1000))
1302 .notifyAsUser(anyString(), anyInt(), argThat(
1303 new BaseMatcher<Notification>() {
1305 public boolean matches(Object item) {
1306 final Notification noti = (Notification) item;
1307 return TEST_STRING.equals(
1308 noti.extras.getString(Notification.EXTRA_TITLE));
1311 public void describeTo(Description description) {
1312 description.appendText(
1313 "Notification{title=\"" + TEST_STRING + "\"}");
1319 * Simple test for delegate set/get and general delegation. Tests verifying that delegated
1320 * privileges can acually be exercised by a delegate are not covered here.
1322 public void testDelegation() throws Exception {
1323 setAsProfileOwner(admin1);
1325 final int userHandle = DpmMockContext.CALLER_USER_HANDLE;
1327 // Given two packages
1328 final String CERT_DELEGATE = "com.delegate.certs";
1329 final String RESTRICTIONS_DELEGATE = "com.delegate.apprestrictions";
1330 final int CERT_DELEGATE_UID = setupPackageInPackageManager(CERT_DELEGATE, 20988);
1331 final int RESTRICTIONS_DELEGATE_UID = setupPackageInPackageManager(RESTRICTIONS_DELEGATE,
1335 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1336 mContext.packageName = admin1.getPackageName();
1337 dpm.setCertInstallerPackage(admin1, CERT_DELEGATE);
1338 dpm.setApplicationRestrictionsManagingPackage(admin1, RESTRICTIONS_DELEGATE);
1340 // DPMS correctly stores and retrieves the delegates
1341 DevicePolicyManagerService.DevicePolicyData policy = dpms.mUserData.get(userHandle);
1342 assertEquals(2, policy.mDelegationMap.size());
1343 MoreAsserts.assertContentsInAnyOrder(policy.mDelegationMap.get(CERT_DELEGATE),
1344 DELEGATION_CERT_INSTALL);
1345 MoreAsserts.assertContentsInAnyOrder(dpm.getDelegatedScopes(admin1, CERT_DELEGATE),
1346 DELEGATION_CERT_INSTALL);
1347 assertEquals(CERT_DELEGATE, dpm.getCertInstallerPackage(admin1));
1348 MoreAsserts.assertContentsInAnyOrder(policy.mDelegationMap.get(RESTRICTIONS_DELEGATE),
1349 DELEGATION_APP_RESTRICTIONS);
1350 MoreAsserts.assertContentsInAnyOrder(dpm.getDelegatedScopes(admin1, RESTRICTIONS_DELEGATE),
1351 DELEGATION_APP_RESTRICTIONS);
1352 assertEquals(RESTRICTIONS_DELEGATE, dpm.getApplicationRestrictionsManagingPackage(admin1));
1354 // On calling install certificate APIs from an unauthorized process
1355 mContext.binder.callingUid = RESTRICTIONS_DELEGATE_UID;
1356 mContext.packageName = RESTRICTIONS_DELEGATE;
1358 // DPMS throws a SecurityException
1360 dpm.installCaCert(null, null);
1361 fail("Didn't throw SecurityException on unauthorized access");
1362 } catch (SecurityException expected) {
1365 // On calling install certificate APIs from an authorized process
1366 mContext.binder.callingUid = CERT_DELEGATE_UID;
1367 mContext.packageName = CERT_DELEGATE;
1369 // DPMS executes without a SecurityException
1371 dpm.installCaCert(null, null);
1372 } catch (SecurityException unexpected) {
1373 fail("Threw SecurityException on authorized access");
1374 } catch (NullPointerException expected) {
1377 // On removing a delegate
1378 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1379 mContext.packageName = admin1.getPackageName();
1380 dpm.setCertInstallerPackage(admin1, null);
1382 // DPMS does not allow access to ex-delegate
1383 mContext.binder.callingUid = CERT_DELEGATE_UID;
1384 mContext.packageName = CERT_DELEGATE;
1386 dpm.installCaCert(null, null);
1387 fail("Didn't throw SecurityException on unauthorized access");
1388 } catch (SecurityException expected) {
1391 // But still allows access to other existing delegates
1392 mContext.binder.callingUid = RESTRICTIONS_DELEGATE_UID;
1393 mContext.packageName = RESTRICTIONS_DELEGATE;
1395 dpm.getApplicationRestrictions(null, "pkg");
1396 } catch (SecurityException expected) {
1397 fail("Threw SecurityException on authorized access");
1401 public void testApplicationRestrictionsManagingApp() throws Exception {
1402 setAsProfileOwner(admin1);
1404 final String nonExistAppRestrictionsManagerPackage = "com.google.app.restrictions.manager2";
1405 final String appRestrictionsManagerPackage = "com.google.app.restrictions.manager";
1406 final int appRestrictionsManagerAppId = 20987;
1407 final int appRestrictionsManagerUid = setupPackageInPackageManager(
1408 appRestrictionsManagerPackage, appRestrictionsManagerAppId);
1410 // appRestrictionsManager package shouldn't be able to manage restrictions as the PO hasn't
1411 // delegated that permission yet.
1412 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1413 mContext.packageName = admin1.getPackageName();
1414 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1415 Bundle rest = new Bundle();
1416 rest.putString("KEY_STRING", "Foo1");
1418 dpm.setApplicationRestrictions(null, "pkg1", rest);
1419 fail("Didn't throw expected SecurityException");
1420 } catch (SecurityException expected) {
1421 MoreAsserts.assertContainsRegex(
1422 "Caller with uid \\d+ is not a delegate of scope delegation-app-restrictions.",
1423 expected.getMessage());
1426 dpm.getApplicationRestrictions(null, "pkg1");
1427 fail("Didn't throw expected SecurityException");
1428 } catch (SecurityException expected) {
1429 MoreAsserts.assertContainsRegex(
1430 "Caller with uid \\d+ is not a delegate of scope delegation-app-restrictions.",
1431 expected.getMessage());
1434 // Check via the profile owner that no restrictions were set.
1435 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1436 mContext.packageName = admin1.getPackageName();
1437 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg1").size());
1439 // Check the API does not allow setting a non-existent package
1441 dpm.setApplicationRestrictionsManagingPackage(admin1,
1442 nonExistAppRestrictionsManagerPackage);
1443 fail("Non-existent app set as app restriction manager.");
1444 } catch (PackageManager.NameNotFoundException expected) {
1445 MoreAsserts.assertContainsRegex(
1446 nonExistAppRestrictionsManagerPackage, expected.getMessage());
1449 // Let appRestrictionsManagerPackage manage app restrictions
1450 dpm.setApplicationRestrictionsManagingPackage(admin1, appRestrictionsManagerPackage);
1451 assertEquals(appRestrictionsManagerPackage,
1452 dpm.getApplicationRestrictionsManagingPackage(admin1));
1454 // Now that package should be able to set and retrieve app restrictions.
1455 mContext.binder.callingUid = appRestrictionsManagerUid;
1456 mContext.packageName = appRestrictionsManagerPackage;
1457 assertTrue(dpm.isCallerApplicationRestrictionsManagingPackage());
1458 dpm.setApplicationRestrictions(null, "pkg1", rest);
1459 Bundle returned = dpm.getApplicationRestrictions(null, "pkg1");
1460 assertEquals(1, returned.size(), 1);
1461 assertEquals("Foo1", returned.get("KEY_STRING"));
1463 // The same app running on a separate user shouldn't be able to manage app restrictions.
1464 mContext.binder.callingUid = UserHandle.getUid(
1465 UserHandle.USER_SYSTEM, appRestrictionsManagerAppId);
1466 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1468 dpm.setApplicationRestrictions(null, "pkg1", rest);
1469 fail("Didn't throw expected SecurityException");
1470 } catch (SecurityException expected) {
1471 MoreAsserts.assertContainsRegex(
1472 "Caller with uid \\d+ is not a delegate of scope delegation-app-restrictions.",
1473 expected.getMessage());
1476 // The DPM is still able to manage app restrictions, even if it allowed another app to do it
1478 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
1479 mContext.packageName = admin1.getPackageName();
1480 assertEquals(returned, dpm.getApplicationRestrictions(admin1, "pkg1"));
1481 dpm.setApplicationRestrictions(admin1, "pkg1", null);
1482 assertEquals(0, dpm.getApplicationRestrictions(admin1, "pkg1").size());
1484 // Removing the ability for the package to manage app restrictions.
1485 dpm.setApplicationRestrictionsManagingPackage(admin1, null);
1486 assertNull(dpm.getApplicationRestrictionsManagingPackage(admin1));
1487 mContext.binder.callingUid = appRestrictionsManagerUid;
1488 mContext.packageName = appRestrictionsManagerPackage;
1489 assertFalse(dpm.isCallerApplicationRestrictionsManagingPackage());
1491 dpm.setApplicationRestrictions(null, "pkg1", null);
1492 fail("Didn't throw expected SecurityException");
1493 } catch (SecurityException expected) {
1494 MoreAsserts.assertContainsRegex(
1495 "Caller with uid \\d+ is not a delegate of scope delegation-app-restrictions.",
1496 expected.getMessage());
1500 public void testSetUserRestriction_asDo() throws Exception {
1501 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1502 mContext.callerPermissions.add(permission.MANAGE_USERS);
1503 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1504 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1508 // Call from a process on the system user.
1509 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1511 // Make sure admin1 is installed on system user.
1512 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1515 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
1516 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
1517 UserHandle.USER_SYSTEM));
1519 // Check that the user restrictions that are enabled by default are set. Then unset them.
1520 String[] defaultRestrictions = UserRestrictionsUtils
1521 .getDefaultEnabledForDeviceOwner().toArray(new String[0]);
1522 DpmTestUtils.assertRestrictions(
1523 DpmTestUtils.newRestrictions(defaultRestrictions),
1524 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1526 DpmTestUtils.assertRestrictions(
1527 DpmTestUtils.newRestrictions(defaultRestrictions),
1528 dpm.getUserRestrictions(admin1)
1530 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1531 eq(UserHandle.USER_SYSTEM),
1532 MockUtils.checkUserRestrictions(defaultRestrictions),
1533 eq(true) /* isDeviceOwner */,
1534 eq(CAMERA_NOT_DISABLED)
1536 reset(mContext.userManagerInternal);
1538 for (String restriction : defaultRestrictions) {
1539 dpm.clearUserRestriction(admin1, restriction);
1542 assertNoDeviceOwnerRestrictions();
1543 reset(mContext.userManagerInternal);
1545 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1546 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1547 eq(UserHandle.USER_SYSTEM),
1548 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER),
1549 eq(true), eq(CAMERA_NOT_DISABLED));
1550 reset(mContext.userManagerInternal);
1552 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
1553 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1554 eq(UserHandle.USER_SYSTEM),
1555 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS,
1556 UserManager.DISALLOW_ADD_USER),
1557 eq(true), eq(CAMERA_NOT_DISABLED));
1558 reset(mContext.userManagerInternal);
1560 DpmTestUtils.assertRestrictions(
1561 DpmTestUtils.newRestrictions(
1562 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
1563 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1565 DpmTestUtils.assertRestrictions(
1566 DpmTestUtils.newRestrictions(
1567 UserManager.DISALLOW_ADD_USER, UserManager.DISALLOW_OUTGOING_CALLS),
1568 dpm.getUserRestrictions(admin1)
1571 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1572 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1573 eq(UserHandle.USER_SYSTEM),
1574 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1575 eq(true), eq(CAMERA_NOT_DISABLED));
1576 reset(mContext.userManagerInternal);
1578 DpmTestUtils.assertRestrictions(
1579 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1580 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1582 DpmTestUtils.assertRestrictions(
1583 DpmTestUtils.newRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1584 dpm.getUserRestrictions(admin1)
1587 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
1588 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1589 eq(UserHandle.USER_SYSTEM),
1590 MockUtils.checkUserRestrictions(),
1591 eq(true), eq(CAMERA_NOT_DISABLED));
1592 reset(mContext.userManagerInternal);
1594 assertNoDeviceOwnerRestrictions();
1596 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE are PO restrictions, but when
1597 // DO sets them, the scope is global.
1598 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1599 reset(mContext.userManagerInternal);
1600 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1601 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1602 eq(UserHandle.USER_SYSTEM),
1603 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1604 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1605 eq(true), eq(CAMERA_NOT_DISABLED));
1606 reset(mContext.userManagerInternal);
1608 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1609 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1610 reset(mContext.userManagerInternal);
1613 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADD_USER);
1614 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1615 eq(UserHandle.USER_SYSTEM),
1616 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADD_USER),
1617 eq(true), eq(CAMERA_NOT_DISABLED));
1618 reset(mContext.userManagerInternal);
1620 dpm.addUserRestriction(admin1, UserManager.DISALLOW_FUN);
1621 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1622 eq(UserHandle.USER_SYSTEM),
1623 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1624 UserManager.DISALLOW_ADD_USER),
1625 eq(true), eq(CAMERA_NOT_DISABLED));
1626 reset(mContext.userManagerInternal);
1628 dpm.setCameraDisabled(admin1, true);
1629 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1630 eq(UserHandle.USER_SYSTEM),
1631 // DISALLOW_CAMERA will be applied to both local and global.
1632 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1633 UserManager.DISALLOW_ADD_USER),
1634 eq(true), eq(CAMERA_DISABLED_GLOBALLY));
1635 reset(mContext.userManagerInternal);
1637 // Set up another DA and let it disable camera. Now DISALLOW_CAMERA will only be applied
1639 dpm.setCameraDisabled(admin1, false);
1640 reset(mContext.userManagerInternal);
1642 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID);
1643 dpm.setActiveAdmin(admin2, /* replace =*/ false, UserHandle.USER_SYSTEM);
1644 dpm.setCameraDisabled(admin2, true);
1646 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1647 eq(UserHandle.USER_SYSTEM),
1648 // DISALLOW_CAMERA will be applied to both local and global. <- TODO: fix this
1649 MockUtils.checkUserRestrictions(UserManager.DISALLOW_FUN,
1650 UserManager.DISALLOW_ADD_USER),
1651 eq(true), eq(CAMERA_DISABLED_LOCALLY));
1652 reset(mContext.userManagerInternal);
1653 // TODO Make sure restrictions are written to the file.
1656 public void testSetUserRestriction_asPo() {
1657 setAsProfileOwner(admin1);
1659 DpmTestUtils.assertRestrictions(
1660 DpmTestUtils.newRestrictions(),
1661 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1662 .ensureUserRestrictions()
1665 dpm.addUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
1666 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1667 eq(DpmMockContext.CALLER_USER_HANDLE),
1668 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES),
1669 eq(false), eq(CAMERA_NOT_DISABLED));
1670 reset(mContext.userManagerInternal);
1672 dpm.addUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
1673 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1674 eq(DpmMockContext.CALLER_USER_HANDLE),
1675 MockUtils.checkUserRestrictions(UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1676 UserManager.DISALLOW_OUTGOING_CALLS),
1677 eq(false), eq(CAMERA_NOT_DISABLED));
1678 reset(mContext.userManagerInternal);
1680 DpmTestUtils.assertRestrictions(
1681 DpmTestUtils.newRestrictions(
1682 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1683 UserManager.DISALLOW_OUTGOING_CALLS
1685 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1686 .ensureUserRestrictions()
1688 DpmTestUtils.assertRestrictions(
1689 DpmTestUtils.newRestrictions(
1690 UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES,
1691 UserManager.DISALLOW_OUTGOING_CALLS
1693 dpm.getUserRestrictions(admin1)
1696 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES);
1697 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1698 eq(DpmMockContext.CALLER_USER_HANDLE),
1699 MockUtils.checkUserRestrictions(UserManager.DISALLOW_OUTGOING_CALLS),
1700 eq(false), eq(CAMERA_NOT_DISABLED));
1701 reset(mContext.userManagerInternal);
1703 DpmTestUtils.assertRestrictions(
1704 DpmTestUtils.newRestrictions(
1705 UserManager.DISALLOW_OUTGOING_CALLS
1707 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1708 .ensureUserRestrictions()
1710 DpmTestUtils.assertRestrictions(
1711 DpmTestUtils.newRestrictions(
1712 UserManager.DISALLOW_OUTGOING_CALLS
1714 dpm.getUserRestrictions(admin1)
1717 dpm.clearUserRestriction(admin1, UserManager.DISALLOW_OUTGOING_CALLS);
1718 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1719 eq(DpmMockContext.CALLER_USER_HANDLE),
1720 MockUtils.checkUserRestrictions(),
1721 eq(false), eq(CAMERA_NOT_DISABLED));
1722 reset(mContext.userManagerInternal);
1724 DpmTestUtils.assertRestrictions(
1725 DpmTestUtils.newRestrictions(),
1726 dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
1727 .ensureUserRestrictions()
1729 DpmTestUtils.assertRestrictions(
1730 DpmTestUtils.newRestrictions(),
1731 dpm.getUserRestrictions(admin1)
1734 // DISALLOW_ADJUST_VOLUME and DISALLOW_UNMUTE_MICROPHONE can be set by PO too, even
1735 // though when DO sets them they'll be applied globally.
1736 dpm.addUserRestriction(admin1, UserManager.DISALLOW_ADJUST_VOLUME);
1737 reset(mContext.userManagerInternal);
1738 dpm.addUserRestriction(admin1, UserManager.DISALLOW_UNMUTE_MICROPHONE);
1739 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1740 eq(DpmMockContext.CALLER_USER_HANDLE),
1741 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1742 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1743 eq(false), eq(CAMERA_NOT_DISABLED));
1744 reset(mContext.userManagerInternal);
1746 dpm.setCameraDisabled(admin1, true);
1747 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1748 eq(DpmMockContext.CALLER_USER_HANDLE),
1749 MockUtils.checkUserRestrictions(UserManager.DISALLOW_ADJUST_VOLUME,
1750 UserManager.DISALLOW_UNMUTE_MICROPHONE),
1751 eq(false), eq(CAMERA_DISABLED_LOCALLY));
1752 reset(mContext.userManagerInternal);
1754 // TODO Make sure restrictions are written to the file.
1758 public void testDefaultEnabledUserRestrictions() throws Exception {
1759 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1760 mContext.callerPermissions.add(permission.MANAGE_USERS);
1761 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1762 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1766 // Call from a process on the system user.
1767 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1769 // Make sure admin1 is installed on system user.
1770 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1772 dpm.setActiveAdmin(admin1, /* replace =*/ false, UserHandle.USER_SYSTEM);
1773 assertTrue(dpm.setDeviceOwner(admin1, "owner-name",
1774 UserHandle.USER_SYSTEM));
1776 // Check that the user restrictions that are enabled by default are set. Then unset them.
1777 String[] defaultRestrictions = UserRestrictionsUtils
1778 .getDefaultEnabledForDeviceOwner().toArray(new String[0]);
1779 assertTrue(defaultRestrictions.length > 0);
1780 DpmTestUtils.assertRestrictions(
1781 DpmTestUtils.newRestrictions(defaultRestrictions),
1782 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1784 DpmTestUtils.assertRestrictions(
1785 DpmTestUtils.newRestrictions(defaultRestrictions),
1786 dpm.getUserRestrictions(admin1)
1788 verify(mContext.userManagerInternal).setDevicePolicyUserRestrictions(
1789 eq(UserHandle.USER_SYSTEM),
1790 MockUtils.checkUserRestrictions(defaultRestrictions),
1791 eq(true) /* isDeviceOwner */,
1792 eq(CAMERA_NOT_DISABLED)
1794 reset(mContext.userManagerInternal);
1796 for (String restriction : defaultRestrictions) {
1797 dpm.clearUserRestriction(admin1, restriction);
1800 assertNoDeviceOwnerRestrictions();
1802 // Initialize DPMS again and check that the user restriction wasn't enabled again.
1803 reset(mContext.userManagerInternal);
1805 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
1806 assertNotNull(dpms.getDeviceOwnerAdminLocked());
1808 assertNoDeviceOwnerRestrictions();
1810 // Add a new restriction to the default set, initialize DPMS, and check that the restriction
1811 // is set as it wasn't enabled during setDeviceOwner.
1812 final String newDefaultEnabledRestriction = UserManager.DISALLOW_REMOVE_MANAGED_PROFILE;
1813 assertFalse(UserRestrictionsUtils
1814 .getDefaultEnabledForDeviceOwner().contains(newDefaultEnabledRestriction));
1815 UserRestrictionsUtils
1816 .getDefaultEnabledForDeviceOwner().add(newDefaultEnabledRestriction);
1818 reset(mContext.userManagerInternal);
1820 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
1821 assertNotNull(dpms.getDeviceOwnerAdminLocked());
1823 DpmTestUtils.assertRestrictions(
1824 DpmTestUtils.newRestrictions(newDefaultEnabledRestriction),
1825 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1827 DpmTestUtils.assertRestrictions(
1828 DpmTestUtils.newRestrictions(newDefaultEnabledRestriction),
1829 dpm.getUserRestrictions(admin1)
1831 verify(mContext.userManagerInternal, atLeast(1)).setDevicePolicyUserRestrictions(
1832 eq(UserHandle.USER_SYSTEM),
1833 MockUtils.checkUserRestrictions(newDefaultEnabledRestriction),
1834 eq(true) /* isDeviceOwner */,
1835 eq(CAMERA_NOT_DISABLED)
1837 reset(mContext.userManagerInternal);
1839 // Remove the restriction.
1840 dpm.clearUserRestriction(admin1, newDefaultEnabledRestriction);
1842 // Initialize DPMS again. The restriction shouldn't be enabled for a second time.
1844 assertTrue(dpm.isDeviceOwnerApp(admin1.getPackageName()));
1845 assertNotNull(dpms.getDeviceOwnerAdminLocked());
1846 assertNoDeviceOwnerRestrictions();
1848 UserRestrictionsUtils
1849 .getDefaultEnabledForDeviceOwner().remove(newDefaultEnabledRestriction);
1853 private void assertNoDeviceOwnerRestrictions() {
1854 DpmTestUtils.assertRestrictions(
1855 DpmTestUtils.newRestrictions(),
1856 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()
1858 DpmTestUtils.assertRestrictions(
1859 DpmTestUtils.newRestrictions(),
1860 dpm.getUserRestrictions(admin1)
1864 public void testGetMacAddress() throws Exception {
1865 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1866 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1867 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
1869 // In this test, change the caller user to "system".
1870 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1872 // Make sure admin1 is installed on system user.
1873 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1875 // Test 1. Caller doesn't have DO or DA.
1877 dpm.getWifiMacAddress(admin1);
1879 } catch (SecurityException e) {
1880 MoreAsserts.assertContainsRegex("No active admin", e.getMessage());
1883 // DO needs to be an DA.
1884 dpm.setActiveAdmin(admin1, /* replace =*/ false);
1885 assertTrue(dpm.isAdminActive(admin1));
1887 // Test 2. Caller has DA, but not DO.
1889 dpm.getWifiMacAddress(admin1);
1891 } catch (SecurityException e) {
1892 MoreAsserts.assertContainsRegex("does not own the device", e.getMessage());
1895 // Test 3. Caller has PO, but not DO.
1896 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1898 dpm.getWifiMacAddress(admin1);
1900 } catch (SecurityException e) {
1901 MoreAsserts.assertContainsRegex("does not own the device", e.getMessage());
1905 dpm.clearProfileOwner(admin1);
1906 dpm.setActiveAdmin(admin1, false);
1907 // Test 4, Caller is DO now.
1908 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1910 // 4-1. But no WifiInfo.
1911 assertNull(dpm.getWifiMacAddress(admin1));
1913 // 4-2. Returns WifiInfo, but with the default MAC.
1914 when(mContext.wifiManager.getConnectionInfo()).thenReturn(new WifiInfo());
1915 assertNull(dpm.getWifiMacAddress(admin1));
1917 // 4-3. With a real MAC address.
1918 final WifiInfo wi = new WifiInfo();
1919 wi.setMacAddress("11:22:33:44:55:66");
1920 when(mContext.wifiManager.getConnectionInfo()).thenReturn(wi);
1921 assertEquals("11:22:33:44:55:66", dpm.getWifiMacAddress(admin1));
1924 public void testReboot() throws Exception {
1925 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1926 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
1928 // In this test, change the caller user to "system".
1929 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
1931 // Make sure admin1 is installed on system user.
1932 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
1934 // Set admin1 as DA.
1935 dpm.setActiveAdmin(admin1, false);
1936 assertTrue(dpm.isAdminActive(admin1));
1939 fail("DA calls DPM.reboot(), did not throw expected SecurityException");
1940 } catch (SecurityException expected) {
1941 MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
1944 // Set admin1 as PO.
1945 assertTrue(dpm.setProfileOwner(admin1, null, UserHandle.USER_SYSTEM));
1948 fail("PO calls DPM.reboot(), did not throw expected SecurityException");
1949 } catch (SecurityException expected) {
1950 MoreAsserts.assertContainsRegex("does not own the device", expected.getMessage());
1953 // Remove PO and add DO.
1954 dpm.clearProfileOwner(admin1);
1955 dpm.setActiveAdmin(admin1, false);
1956 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
1959 // Set current call state of device to ringing.
1960 when(mContext.telephonyManager.getCallState())
1961 .thenReturn(TelephonyManager.CALL_STATE_RINGING);
1964 fail("DPM.reboot() called when receiveing a call, should thrown IllegalStateException");
1965 } catch (IllegalStateException expected) {
1966 MoreAsserts.assertContainsRegex("ongoing call on the device", expected.getMessage());
1969 // Set current call state of device to dialing/active.
1970 when(mContext.telephonyManager.getCallState())
1971 .thenReturn(TelephonyManager.CALL_STATE_OFFHOOK);
1974 fail("DPM.reboot() called when dialing, should thrown IllegalStateException");
1975 } catch (IllegalStateException expected) {
1976 MoreAsserts.assertContainsRegex("ongoing call on the device", expected.getMessage());
1979 // Set current call state of device to idle.
1980 when(mContext.telephonyManager.getCallState()).thenReturn(TelephonyManager.CALL_STATE_IDLE);
1984 public void testSetGetSupportText() {
1985 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
1986 dpm.setActiveAdmin(admin1, true);
1987 dpm.setActiveAdmin(admin2, true);
1988 mContext.callerPermissions.remove(permission.MANAGE_DEVICE_ADMINS);
1990 // Null default support messages.
1992 assertNull(dpm.getLongSupportMessage(admin1));
1993 assertNull(dpm.getShortSupportMessage(admin1));
1994 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
1995 assertNull(dpm.getShortSupportMessageForUser(admin1,
1996 DpmMockContext.CALLER_USER_HANDLE));
1997 assertNull(dpm.getLongSupportMessageForUser(admin1,
1998 DpmMockContext.CALLER_USER_HANDLE));
1999 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
2002 // Only system can call the per user versions.
2005 dpm.getShortSupportMessageForUser(admin1,
2006 DpmMockContext.CALLER_USER_HANDLE);
2007 fail("Only system should be able to call getXXXForUser versions");
2008 } catch (SecurityException expected) {
2009 MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
2012 dpm.getLongSupportMessageForUser(admin1,
2013 DpmMockContext.CALLER_USER_HANDLE);
2014 fail("Only system should be able to call getXXXForUser versions");
2015 } catch (SecurityException expected) {
2016 MoreAsserts.assertContainsRegex("message for user", expected.getMessage());
2020 // Can't set message for admin in another uid.
2022 mContext.binder.callingUid = DpmMockContext.CALLER_UID + 1;
2024 dpm.setShortSupportMessage(admin1, "Some text");
2025 fail("Admins should only be able to change their own support text.");
2026 } catch (SecurityException expected) {
2027 MoreAsserts.assertContainsRegex("is not owned by uid", expected.getMessage());
2029 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
2032 // Set/Get short returns what it sets and other admins text isn't changed.
2034 final String supportText = "Some text to test with.";
2035 dpm.setShortSupportMessage(admin1, supportText);
2036 assertEquals(supportText, dpm.getShortSupportMessage(admin1));
2037 assertNull(dpm.getLongSupportMessage(admin1));
2038 assertNull(dpm.getShortSupportMessage(admin2));
2040 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
2041 assertEquals(supportText, dpm.getShortSupportMessageForUser(admin1,
2042 DpmMockContext.CALLER_USER_HANDLE));
2043 assertNull(dpm.getShortSupportMessageForUser(admin2,
2044 DpmMockContext.CALLER_USER_HANDLE));
2045 assertNull(dpm.getLongSupportMessageForUser(admin1,
2046 DpmMockContext.CALLER_USER_HANDLE));
2047 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
2049 dpm.setShortSupportMessage(admin1, null);
2050 assertNull(dpm.getShortSupportMessage(admin1));
2053 // Set/Get long returns what it sets and other admins text isn't changed.
2055 final String supportText = "Some text to test with.\nWith more text.";
2056 dpm.setLongSupportMessage(admin1, supportText);
2057 assertEquals(supportText, dpm.getLongSupportMessage(admin1));
2058 assertNull(dpm.getShortSupportMessage(admin1));
2059 assertNull(dpm.getLongSupportMessage(admin2));
2061 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
2062 assertEquals(supportText, dpm.getLongSupportMessageForUser(admin1,
2063 DpmMockContext.CALLER_USER_HANDLE));
2064 assertNull(dpm.getLongSupportMessageForUser(admin2,
2065 DpmMockContext.CALLER_USER_HANDLE));
2066 assertNull(dpm.getShortSupportMessageForUser(admin1,
2067 DpmMockContext.CALLER_USER_HANDLE));
2068 mMockContext.binder.callingUid = DpmMockContext.CALLER_UID;
2070 dpm.setLongSupportMessage(admin1, null);
2071 assertNull(dpm.getLongSupportMessage(admin1));
2075 public void testCreateAdminSupportIntent() throws Exception {
2076 // Setup device owner.
2077 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2080 // Nonexisting permission returns null
2081 Intent intent = dpm.createAdminSupportIntent("disallow_nothing");
2084 // Existing permission that is not set returns null
2085 intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME);
2088 // Existing permission that is not set by device/profile owner returns null
2089 when(mContext.userManager.hasUserRestriction(
2090 eq(UserManager.DISALLOW_ADJUST_VOLUME),
2091 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
2093 intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME);
2096 // Permission that is set by device owner returns correct intent
2097 when(mContext.userManager.getUserRestrictionSource(
2098 eq(UserManager.DISALLOW_ADJUST_VOLUME),
2099 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
2100 .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
2101 intent = dpm.createAdminSupportIntent(UserManager.DISALLOW_ADJUST_VOLUME);
2102 assertNotNull(intent);
2103 assertEquals(Settings.ACTION_SHOW_ADMIN_SUPPORT_DETAILS, intent.getAction());
2104 assertEquals(UserHandle.getUserId(DpmMockContext.CALLER_SYSTEM_USER_UID),
2105 intent.getIntExtra(Intent.EXTRA_USER_ID, -1));
2106 assertEquals(admin1,
2107 (ComponentName) intent.getParcelableExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN));
2108 assertEquals(UserManager.DISALLOW_ADJUST_VOLUME,
2109 intent.getStringExtra(DevicePolicyManager.EXTRA_RESTRICTION));
2111 // Try with POLICY_DISABLE_CAMERA and POLICY_DISABLE_SCREEN_CAPTURE, which are not
2112 // user restrictions
2114 // Camera is not disabled
2115 intent = dpm.createAdminSupportIntent(DevicePolicyManager.POLICY_DISABLE_CAMERA);
2118 // Camera is disabled
2119 dpm.setCameraDisabled(admin1, true);
2120 intent = dpm.createAdminSupportIntent(DevicePolicyManager.POLICY_DISABLE_CAMERA);
2121 assertNotNull(intent);
2122 assertEquals(DevicePolicyManager.POLICY_DISABLE_CAMERA,
2123 intent.getStringExtra(DevicePolicyManager.EXTRA_RESTRICTION));
2125 // Screen capture is not disabled
2126 intent = dpm.createAdminSupportIntent(DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE);
2129 // Screen capture is disabled
2130 dpm.setScreenCaptureDisabled(admin1, true);
2131 intent = dpm.createAdminSupportIntent(DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE);
2132 assertNotNull(intent);
2133 assertEquals(DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE,
2134 intent.getStringExtra(DevicePolicyManager.EXTRA_RESTRICTION));
2136 // Same checks for different user
2137 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
2138 // Camera should be disabled by device owner
2139 intent = dpm.createAdminSupportIntent(DevicePolicyManager.POLICY_DISABLE_CAMERA);
2140 assertNotNull(intent);
2141 assertEquals(DevicePolicyManager.POLICY_DISABLE_CAMERA,
2142 intent.getStringExtra(DevicePolicyManager.EXTRA_RESTRICTION));
2143 assertEquals(UserHandle.getUserId(DpmMockContext.CALLER_SYSTEM_USER_UID),
2144 intent.getIntExtra(Intent.EXTRA_USER_ID, -1));
2145 // ScreenCapture should not be disabled by device owner
2146 intent = dpm.createAdminSupportIntent(DevicePolicyManager.POLICY_DISABLE_SCREEN_CAPTURE);
2152 * {@link DevicePolicyManager#setAffiliationIds}
2153 * {@link DevicePolicyManager#getAffiliationIds}
2154 * {@link DevicePolicyManager#isAffiliatedUser}
2156 public void testUserAffiliation() throws Exception {
2157 mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
2158 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2159 mContext.callerPermissions.add(permission.INTERACT_ACROSS_USERS_FULL);
2161 // Check that the system user is unaffiliated.
2162 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2163 assertFalse(dpm.isAffiliatedUser());
2165 // Set a device owner on the system user. Check that the system user becomes affiliated.
2166 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
2167 dpm.setActiveAdmin(admin1, /* replace =*/ false);
2168 assertTrue(dpm.setDeviceOwner(admin1, "owner-name"));
2169 assertTrue(dpm.isAffiliatedUser());
2170 assertTrue(dpm.getAffiliationIds(admin1).isEmpty());
2172 // Install a profile owner. Check that the test user is unaffiliated.
2173 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
2174 setAsProfileOwner(admin2);
2175 assertFalse(dpm.isAffiliatedUser());
2176 assertTrue(dpm.getAffiliationIds(admin2).isEmpty());
2178 // Have the profile owner specify a set of affiliation ids. Check that the test user remains
2180 final Set<String> userAffiliationIds = new ArraySet<>();
2181 userAffiliationIds.add("red");
2182 userAffiliationIds.add("green");
2183 userAffiliationIds.add("blue");
2184 dpm.setAffiliationIds(admin2, userAffiliationIds);
2185 MoreAsserts.assertContentsInAnyOrder(dpm.getAffiliationIds(admin2), "red", "green", "blue");
2186 assertFalse(dpm.isAffiliatedUser());
2188 // Have the device owner specify a set of affiliation ids that do not intersect with those
2189 // specified by the profile owner. Check that the test user remains unaffiliated.
2190 final Set<String> deviceAffiliationIds = new ArraySet<>();
2191 deviceAffiliationIds.add("cyan");
2192 deviceAffiliationIds.add("yellow");
2193 deviceAffiliationIds.add("magenta");
2194 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2195 dpm.setAffiliationIds(admin1, deviceAffiliationIds);
2196 MoreAsserts.assertContentsInAnyOrder(
2197 dpm.getAffiliationIds(admin1), "cyan", "yellow", "magenta");
2198 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
2199 assertFalse(dpm.isAffiliatedUser());
2201 // Have the profile owner specify a set of affiliation ids that intersect with those
2202 // specified by the device owner. Check that the test user becomes affiliated.
2203 userAffiliationIds.add("yellow");
2204 dpm.setAffiliationIds(admin2, userAffiliationIds);
2205 MoreAsserts.assertContentsInAnyOrder(
2206 dpm.getAffiliationIds(admin2), "red", "green", "blue", "yellow");
2207 assertTrue(dpm.isAffiliatedUser());
2209 // Clear affiliation ids for the profile owner. The user becomes unaffiliated.
2210 dpm.setAffiliationIds(admin2, Collections.emptySet());
2211 assertTrue(dpm.getAffiliationIds(admin2).isEmpty());
2212 assertFalse(dpm.isAffiliatedUser());
2214 // Set affiliation ids again, then clear PO to check that the user becomes unaffiliated
2215 dpm.setAffiliationIds(admin2, userAffiliationIds);
2216 assertTrue(dpm.isAffiliatedUser());
2217 dpm.clearProfileOwner(admin2);
2218 assertFalse(dpm.isAffiliatedUser());
2220 // Check that the system user remains affiliated.
2221 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2222 assertTrue(dpm.isAffiliatedUser());
2224 // Clear the device owner - the user becomes unaffiliated.
2226 assertFalse(dpm.isAffiliatedUser());
2229 public void testGetUserProvisioningState_defaultResult() {
2230 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
2233 public void testSetUserProvisioningState_permission() throws Exception {
2234 setupProfileOwner();
2235 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2237 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
2238 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
2241 public void testSetUserProvisioningState_unprivileged() throws Exception {
2242 setupProfileOwner();
2244 dpm.setUserProvisioningState(DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
2245 DpmMockContext.CALLER_USER_HANDLE);
2246 fail("Expected SecurityException");
2247 } catch (SecurityException expected) {
2251 public void testSetUserProvisioningState_noManagement() {
2252 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2254 dpm.setUserProvisioningState(DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
2255 DpmMockContext.CALLER_USER_HANDLE);
2256 fail("IllegalStateException expected");
2257 } catch (IllegalStateException e) {
2258 MoreAsserts.assertContainsRegex("change provisioning state unless a .* owner is set",
2261 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
2264 public void testSetUserProvisioningState_deviceOwnerFromSetupWizard() throws Exception {
2265 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2267 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2269 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
2270 DevicePolicyManager.STATE_USER_SETUP_COMPLETE,
2271 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
2274 public void testSetUserProvisioningState_deviceOwnerFromSetupWizardAlternative()
2276 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2278 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2280 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
2281 DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE,
2282 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
2285 public void testSetUserProvisioningState_deviceOwnerWithoutSetupWizard() throws Exception {
2286 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2288 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2290 exerciseUserProvisioningTransitions(UserHandle.USER_SYSTEM,
2291 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
2294 public void testSetUserProvisioningState_managedProfileFromSetupWizard_primaryUser()
2296 setupProfileOwner();
2297 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2299 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
2300 DevicePolicyManager.STATE_USER_PROFILE_COMPLETE,
2301 DevicePolicyManager.STATE_USER_UNMANAGED);
2304 public void testSetUserProvisioningState_managedProfileFromSetupWizard_managedProfile()
2306 setupProfileOwner();
2307 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2309 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
2310 DevicePolicyManager.STATE_USER_SETUP_COMPLETE,
2311 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
2314 public void testSetUserProvisioningState_managedProfileWithoutSetupWizard() throws Exception {
2315 setupProfileOwner();
2316 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2318 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
2319 DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
2322 public void testSetUserProvisioningState_illegalTransitionOutOfFinalized1() throws Exception {
2323 setupProfileOwner();
2324 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2327 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
2328 DevicePolicyManager.STATE_USER_SETUP_FINALIZED,
2329 DevicePolicyManager.STATE_USER_UNMANAGED);
2330 fail("Expected IllegalStateException");
2331 } catch (IllegalStateException e) {
2332 MoreAsserts.assertContainsRegex("Cannot move to user provisioning state",
2337 public void testSetUserProvisioningState_illegalTransitionToAnotherInProgressState()
2339 setupProfileOwner();
2340 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2343 exerciseUserProvisioningTransitions(DpmMockContext.CALLER_USER_HANDLE,
2344 DevicePolicyManager.STATE_USER_SETUP_INCOMPLETE,
2345 DevicePolicyManager.STATE_USER_SETUP_COMPLETE);
2346 fail("Expected IllegalStateException");
2347 } catch (IllegalStateException e) {
2348 MoreAsserts.assertContainsRegex("Cannot move to user provisioning state",
2353 private void exerciseUserProvisioningTransitions(int userId, int... states) {
2354 assertEquals(DevicePolicyManager.STATE_USER_UNMANAGED, dpm.getUserProvisioningState());
2355 for (int state : states) {
2356 dpm.setUserProvisioningState(state, userId);
2357 assertEquals(state, dpm.getUserProvisioningState());
2361 private void setupProfileOwner() throws Exception {
2362 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
2364 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_UID);
2365 dpm.setActiveAdmin(admin1, false);
2366 assertTrue(dpm.setProfileOwner(admin1, null, DpmMockContext.CALLER_USER_HANDLE));
2368 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
2371 private void setupDeviceOwner() throws Exception {
2372 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
2374 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID);
2375 dpm.setActiveAdmin(admin1, false);
2376 assertTrue(dpm.setDeviceOwner(admin1, null, UserHandle.USER_SYSTEM));
2378 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
2381 public void testSetMaximumTimeToLock() {
2382 mContext.callerPermissions.add(android.Manifest.permission.MANAGE_DEVICE_ADMINS);
2384 dpm.setActiveAdmin(admin1, /* replace =*/ false);
2385 dpm.setActiveAdmin(admin2, /* replace =*/ false);
2387 reset(mMockContext.powerManagerInternal);
2388 reset(mMockContext.settings);
2390 dpm.setMaximumTimeToLock(admin1, 0);
2391 verifyScreenTimeoutCall(null, false);
2392 reset(mMockContext.powerManagerInternal);
2393 reset(mMockContext.settings);
2395 dpm.setMaximumTimeToLock(admin1, 1);
2396 verifyScreenTimeoutCall(1, true);
2397 reset(mMockContext.powerManagerInternal);
2398 reset(mMockContext.settings);
2400 dpm.setMaximumTimeToLock(admin2, 10);
2401 verifyScreenTimeoutCall(null, false);
2402 reset(mMockContext.powerManagerInternal);
2403 reset(mMockContext.settings);
2405 dpm.setMaximumTimeToLock(admin1, 5);
2406 verifyScreenTimeoutCall(5, true);
2407 reset(mMockContext.powerManagerInternal);
2408 reset(mMockContext.settings);
2410 dpm.setMaximumTimeToLock(admin2, 4);
2411 verifyScreenTimeoutCall(4, true);
2412 reset(mMockContext.powerManagerInternal);
2413 reset(mMockContext.settings);
2415 dpm.setMaximumTimeToLock(admin1, 0);
2416 reset(mMockContext.powerManagerInternal);
2417 reset(mMockContext.settings);
2419 dpm.setMaximumTimeToLock(admin2, Integer.MAX_VALUE);
2420 verifyScreenTimeoutCall(Integer.MAX_VALUE, true);
2421 reset(mMockContext.powerManagerInternal);
2422 reset(mMockContext.settings);
2424 dpm.setMaximumTimeToLock(admin2, Integer.MAX_VALUE + 1);
2425 verifyScreenTimeoutCall(Integer.MAX_VALUE, true);
2426 reset(mMockContext.powerManagerInternal);
2427 reset(mMockContext.settings);
2429 dpm.setMaximumTimeToLock(admin2, 10);
2430 verifyScreenTimeoutCall(10, true);
2431 reset(mMockContext.powerManagerInternal);
2432 reset(mMockContext.settings);
2434 // There's no restriction; shold be set to MAX.
2435 dpm.setMaximumTimeToLock(admin2, 0);
2436 verifyScreenTimeoutCall(Integer.MAX_VALUE, false);
2439 public void testSetRequiredStrongAuthTimeout_DeviceOwner() throws Exception {
2440 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2442 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2444 final long MINIMUM_STRONG_AUTH_TIMEOUT_MS = TimeUnit.HOURS.toMillis(1);
2445 final long ONE_MINUTE = TimeUnit.MINUTES.toMillis(1);
2446 final long MIN_PLUS_ONE_MINUTE = MINIMUM_STRONG_AUTH_TIMEOUT_MS + ONE_MINUTE;
2447 final long MAX_MINUS_ONE_MINUTE = DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS
2450 // verify that the minimum timeout cannot be modified on user builds (system property is
2452 mContext.buildMock.isDebuggable = false;
2454 dpm.setRequiredStrongAuthTimeout(admin1, MAX_MINUS_ONE_MINUTE);
2455 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), MAX_MINUS_ONE_MINUTE);
2456 assertEquals(dpm.getRequiredStrongAuthTimeout(null), MAX_MINUS_ONE_MINUTE);
2458 verify(mContext.systemProperties, never()).getLong(anyString(), anyLong());
2460 // restore to the debuggable build state
2461 mContext.buildMock.isDebuggable = true;
2463 // Always return the default (second arg) when getting system property for long type
2464 when(mContext.systemProperties.getLong(anyString(), anyLong())).thenAnswer(
2465 new Answer<Long>() {
2467 public Long answer(InvocationOnMock invocation) throws Throwable {
2468 return (Long) invocation.getArguments()[1];
2473 // reset to default (0 means the admin is not participating, so default should be returned)
2474 dpm.setRequiredStrongAuthTimeout(admin1, 0);
2476 // aggregation should be the default if unset by any admin
2477 assertEquals(dpm.getRequiredStrongAuthTimeout(null),
2478 DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS);
2480 // admin not participating by default
2481 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), 0);
2483 //clamping from the top
2484 dpm.setRequiredStrongAuthTimeout(admin1,
2485 DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS + ONE_MINUTE);
2486 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1),
2487 DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS);
2488 assertEquals(dpm.getRequiredStrongAuthTimeout(null),
2489 DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS);
2491 // 0 means the admin is not participating, so default should be returned
2492 dpm.setRequiredStrongAuthTimeout(admin1, 0);
2493 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), 0);
2494 assertEquals(dpm.getRequiredStrongAuthTimeout(null),
2495 DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS);
2497 // clamping from the bottom
2498 dpm.setRequiredStrongAuthTimeout(admin1, MINIMUM_STRONG_AUTH_TIMEOUT_MS - ONE_MINUTE);
2499 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), MINIMUM_STRONG_AUTH_TIMEOUT_MS);
2500 assertEquals(dpm.getRequiredStrongAuthTimeout(null), MINIMUM_STRONG_AUTH_TIMEOUT_MS);
2502 // values within range
2503 dpm.setRequiredStrongAuthTimeout(admin1, MIN_PLUS_ONE_MINUTE);
2504 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), MIN_PLUS_ONE_MINUTE);
2505 assertEquals(dpm.getRequiredStrongAuthTimeout(null), MIN_PLUS_ONE_MINUTE);
2507 dpm.setRequiredStrongAuthTimeout(admin1, MAX_MINUS_ONE_MINUTE);
2508 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), MAX_MINUS_ONE_MINUTE);
2509 assertEquals(dpm.getRequiredStrongAuthTimeout(null), MAX_MINUS_ONE_MINUTE);
2512 dpm.setRequiredStrongAuthTimeout(admin1, 0);
2513 assertEquals(dpm.getRequiredStrongAuthTimeout(admin1), 0);
2514 assertEquals(dpm.getRequiredStrongAuthTimeout(null),
2515 DevicePolicyManager.DEFAULT_STRONG_AUTH_TIMEOUT_MS);
2519 dpm.setRequiredStrongAuthTimeout(admin1, -ONE_MINUTE);
2520 fail("Didn't throw IllegalArgumentException");
2521 } catch (IllegalArgumentException iae) {
2525 private void verifyScreenTimeoutCall(Integer expectedTimeout,
2526 boolean shouldStayOnWhilePluggedInBeCleared) {
2527 if (expectedTimeout == null) {
2528 verify(mMockContext.powerManagerInternal, times(0))
2529 .setMaximumScreenOffTimeoutFromDeviceAdmin(anyInt());
2531 verify(mMockContext.powerManagerInternal, times(1))
2532 .setMaximumScreenOffTimeoutFromDeviceAdmin(eq(expectedTimeout));
2534 // TODO Verify calls to settingsGlobalPutInt. Tried but somehow mockito threw
2535 // UnfinishedVerificationException.
2538 private void setup_DeviceAdminFeatureOff() throws Exception {
2539 when(mContext.packageManager.hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN))
2541 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2544 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(false);
2545 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
2547 setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM);
2549 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2552 public void testIsProvisioningAllowed_DeviceAdminFeatureOff() throws Exception {
2553 setup_DeviceAdminFeatureOff();
2554 mContext.packageName = admin1.getPackageName();
2555 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2556 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, false);
2557 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
2558 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2560 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER, false);
2563 public void testCheckProvisioningPreCondition_DeviceAdminFeatureOff() throws Exception {
2564 setup_DeviceAdminFeatureOff();
2565 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2566 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2567 DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);
2568 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2569 DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);
2570 assertCheckProvisioningPreCondition(
2571 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2572 DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);
2573 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2574 DevicePolicyManager.CODE_DEVICE_ADMIN_NOT_SUPPORTED);
2577 private void setup_ManagedProfileFeatureOff() throws Exception {
2578 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2581 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(false);
2582 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
2584 setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM);
2586 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2589 public void testIsProvisioningAllowed_ManagedProfileFeatureOff() throws Exception {
2590 setup_ManagedProfileFeatureOff();
2591 mContext.packageName = admin1.getPackageName();
2592 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2593 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);
2594 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
2595 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2597 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER, false);
2599 // Test again when split user is on
2600 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
2601 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);
2602 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
2603 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2605 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER, false);
2608 public void testCheckProvisioningPreCondition_ManagedProfileFeatureOff() throws Exception {
2609 setup_ManagedProfileFeatureOff();
2610 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2611 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2612 DevicePolicyManager.CODE_OK);
2613 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2614 DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED);
2615 assertCheckProvisioningPreCondition(
2616 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2617 DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT);
2618 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2619 DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED);
2621 // Test again when split user is on
2622 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
2623 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2624 DevicePolicyManager.CODE_OK);
2625 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2626 DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED);
2627 assertCheckProvisioningPreCondition(
2628 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2629 DevicePolicyManager.CODE_OK);
2630 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2631 DevicePolicyManager.CODE_MANAGED_USERS_NOT_SUPPORTED);
2634 private void setup_nonSplitUser_firstBoot_primaryUser() throws Exception {
2635 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2637 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(false);
2638 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
2640 setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM);
2642 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2645 public void testIsProvisioningAllowed_nonSplitUser_firstBoot_primaryUser() throws Exception {
2646 setup_nonSplitUser_firstBoot_primaryUser();
2647 mContext.packageName = admin1.getPackageName();
2648 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2649 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);
2650 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2651 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2652 false /* because of non-split user */);
2653 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2654 false /* because of non-split user */);
2657 public void testCheckProvisioningPreCondition_nonSplitUser_firstBoot_primaryUser()
2659 setup_nonSplitUser_firstBoot_primaryUser();
2660 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2661 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2662 DevicePolicyManager.CODE_OK);
2663 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2664 DevicePolicyManager.CODE_OK);
2665 assertCheckProvisioningPreCondition(
2666 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2667 DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT);
2668 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2669 DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT);
2672 private void setup_nonSplitUser_afterDeviceSetup_primaryUser() throws Exception {
2673 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2675 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(false);
2676 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
2678 setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM);
2680 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2683 private void setup_nonSplitUser_withDo_primaryUser() throws Exception {
2685 setup_nonSplitUser_afterDeviceSetup_primaryUser();
2686 setUpPackageManagerForFakeAdmin(adminAnotherPackage, DpmMockContext.ANOTHER_UID, admin2);
2689 private void setup_nonSplitUser_withDo_primaryUser_ManagedProfile() throws Exception {
2690 setup_nonSplitUser_withDo_primaryUser();
2691 final int MANAGED_PROFILE_USER_ID = 18;
2692 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 1308);
2693 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
2694 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM,
2695 false /* we can't remove a managed profile */)).thenReturn(false);
2696 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM,
2697 true)).thenReturn(true);
2700 public void testIsProvisioningAllowed_nonSplitUser_afterDeviceSetup_primaryUser()
2702 setup_nonSplitUser_afterDeviceSetup_primaryUser();
2703 mContext.packageName = admin1.getPackageName();
2704 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2705 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2706 false/* because of completed device setup */);
2707 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2708 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2709 false/* because of non-split user */);
2710 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2711 false/* because of non-split user */);
2714 public void testCheckProvisioningPreCondition_nonSplitUser_afterDeviceSetup_primaryUser()
2716 setup_nonSplitUser_afterDeviceSetup_primaryUser();
2717 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2718 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2719 DevicePolicyManager.CODE_USER_SETUP_COMPLETED);
2720 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2721 DevicePolicyManager.CODE_OK);
2722 assertCheckProvisioningPreCondition(
2723 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2724 DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT);
2725 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2726 DevicePolicyManager.CODE_NOT_SYSTEM_USER_SPLIT);
2729 public void testProvisioning_nonSplitUser_withDo_primaryUser() throws Exception {
2730 setup_nonSplitUser_withDo_primaryUser();
2731 mContext.packageName = admin1.getPackageName();
2732 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2734 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2735 DevicePolicyManager.CODE_HAS_DEVICE_OWNER);
2736 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, false);
2738 // COMP mode is allowed.
2739 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2740 DevicePolicyManager.CODE_OK);
2741 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2743 // And other DPCs can also provision a managed profile (DO + BYOD case).
2744 assertCheckProvisioningPreCondition(
2745 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2746 DpmMockContext.ANOTHER_PACKAGE_NAME,
2747 DevicePolicyManager.CODE_OK);
2748 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true,
2749 DpmMockContext.ANOTHER_PACKAGE_NAME, DpmMockContext.ANOTHER_UID);
2752 public void testProvisioning_nonSplitUser_withDo_primaryUser_restrictedByDo() throws Exception {
2753 setup_nonSplitUser_withDo_primaryUser();
2754 mContext.packageName = admin1.getPackageName();
2755 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2756 // The DO should be allowed to initiate provisioning if it set the restriction itself, but
2757 // other packages should be forbidden.
2758 when(mContext.userManager.hasUserRestriction(
2759 eq(UserManager.DISALLOW_ADD_MANAGED_PROFILE),
2760 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
2762 when(mContext.userManager.getUserRestrictionSource(
2763 eq(UserManager.DISALLOW_ADD_MANAGED_PROFILE),
2764 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
2765 .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
2766 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2767 DevicePolicyManager.CODE_OK);
2768 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2769 assertCheckProvisioningPreCondition(
2770 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2771 DpmMockContext.ANOTHER_PACKAGE_NAME,
2772 DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED);
2773 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false,
2774 DpmMockContext.ANOTHER_PACKAGE_NAME, DpmMockContext.ANOTHER_UID);
2777 public void testProvisioning_nonSplitUser_withDo_primaryUser_restrictedBySystem()
2779 setup_nonSplitUser_withDo_primaryUser();
2780 mContext.packageName = admin1.getPackageName();
2781 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2782 // The DO should not be allowed to initiate provisioning if the restriction is set by
2784 when(mContext.userManager.hasUserRestriction(
2785 eq(UserManager.DISALLOW_ADD_MANAGED_PROFILE),
2786 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
2788 when(mContext.userManager.getUserRestrictionSource(
2789 eq(UserManager.DISALLOW_ADD_MANAGED_PROFILE),
2790 eq(UserHandle.getUserHandleForUid(mContext.binder.callingUid))))
2791 .thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
2792 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2793 DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED);
2794 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
2796 assertCheckProvisioningPreCondition(
2797 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2798 DpmMockContext.ANOTHER_PACKAGE_NAME,
2799 DevicePolicyManager.CODE_ADD_MANAGED_PROFILE_DISALLOWED);
2800 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false,
2801 DpmMockContext.ANOTHER_PACKAGE_NAME, DpmMockContext.ANOTHER_UID);
2804 public void testCheckProvisioningPreCondition_nonSplitUser_comp() throws Exception {
2805 setup_nonSplitUser_withDo_primaryUser_ManagedProfile();
2806 mContext.packageName = admin1.getPackageName();
2807 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2809 // We can delete the managed profile to create a new one, so provisioning is allowed.
2810 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2811 DevicePolicyManager.CODE_OK);
2812 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2813 assertCheckProvisioningPreCondition(
2814 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2815 DpmMockContext.ANOTHER_PACKAGE_NAME,
2816 DevicePolicyManager.CODE_OK);
2817 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true,
2818 DpmMockContext.ANOTHER_PACKAGE_NAME, DpmMockContext.ANOTHER_UID);
2821 public void testCheckProvisioningPreCondition_nonSplitUser_comp_cannot_remove_profile()
2823 setup_nonSplitUser_withDo_primaryUser_ManagedProfile();
2824 mContext.packageName = admin1.getPackageName();
2825 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2826 when(mContext.userManager.hasUserRestriction(
2827 eq(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE),
2828 eq(UserHandle.SYSTEM)))
2830 when(mContext.userManager.getUserRestrictionSource(
2831 eq(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE),
2832 eq(UserHandle.SYSTEM)))
2833 .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
2835 // We can't remove the profile to create a new one.
2836 assertCheckProvisioningPreCondition(
2837 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2838 DpmMockContext.ANOTHER_PACKAGE_NAME,
2839 DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE);
2840 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false,
2841 DpmMockContext.ANOTHER_PACKAGE_NAME, DpmMockContext.ANOTHER_UID);
2843 // But the device owner can still do it because it has set the restriction itself.
2844 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2845 DevicePolicyManager.CODE_OK);
2846 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2849 private void setup_splitUser_firstBoot_systemUser() throws Exception {
2850 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2852 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
2853 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
2855 setUserSetupCompleteForUser(false, UserHandle.USER_SYSTEM);
2857 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2860 public void testIsProvisioningAllowed_splitUser_firstBoot_systemUser() throws Exception {
2861 setup_splitUser_firstBoot_systemUser();
2862 mContext.packageName = admin1.getPackageName();
2863 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2864 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);
2865 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2866 false /* because canAddMoreManagedProfiles returns false */);
2867 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2869 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2870 false/* because calling uid is system user */);
2873 public void testCheckProvisioningPreCondition_splitUser_firstBoot_systemUser()
2875 setup_splitUser_firstBoot_systemUser();
2876 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2877 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2878 DevicePolicyManager.CODE_OK);
2879 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2880 DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);
2881 assertCheckProvisioningPreCondition(
2882 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2883 DevicePolicyManager.CODE_OK);
2884 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2885 DevicePolicyManager.CODE_SYSTEM_USER);
2888 private void setup_splitUser_afterDeviceSetup_systemUser() throws Exception {
2889 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2891 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
2892 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
2894 setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM);
2896 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
2899 public void testIsProvisioningAllowed_splitUser_afterDeviceSetup_systemUser() throws Exception {
2900 setup_splitUser_afterDeviceSetup_systemUser();
2901 mContext.packageName = admin1.getPackageName();
2902 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2903 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2904 true/* it's undefined behavior. Can be changed into false in the future */);
2905 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2906 false /* because canAddMoreManagedProfiles returns false */);
2907 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2908 true/* it's undefined behavior. Can be changed into false in the future */);
2909 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2910 false/* because calling uid is system user */);
2913 public void testCheckProvisioningPreCondition_splitUser_afterDeviceSetup_systemUser()
2915 setup_splitUser_afterDeviceSetup_systemUser();
2916 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2917 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2918 DevicePolicyManager.CODE_OK);
2919 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2920 DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);
2921 assertCheckProvisioningPreCondition(
2922 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2923 DevicePolicyManager.CODE_OK);
2924 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2925 DevicePolicyManager.CODE_SYSTEM_USER);
2928 private void setup_splitUser_firstBoot_primaryUser() throws Exception {
2929 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2931 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
2932 when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
2933 true)).thenReturn(true);
2934 setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE);
2936 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
2939 public void testIsProvisioningAllowed_splitUser_firstBoot_primaryUser() throws Exception {
2940 setup_splitUser_firstBoot_primaryUser();
2941 mContext.packageName = admin1.getPackageName();
2942 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2943 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, true);
2944 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2945 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2947 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER, true);
2950 public void testCheckProvisioningPreCondition_splitUser_firstBoot_primaryUser()
2952 setup_splitUser_firstBoot_primaryUser();
2953 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2954 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2955 DevicePolicyManager.CODE_OK);
2956 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2957 DevicePolicyManager.CODE_OK);
2958 assertCheckProvisioningPreCondition(
2959 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2960 DevicePolicyManager.CODE_OK);
2961 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2962 DevicePolicyManager.CODE_OK);
2965 private void setup_splitUser_afterDeviceSetup_primaryUser() throws Exception {
2966 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
2968 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
2969 when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
2970 true)).thenReturn(true);
2971 setUserSetupCompleteForUser(true, DpmMockContext.CALLER_USER_HANDLE);
2973 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
2976 public void testIsProvisioningAllowed_splitUser_afterDeviceSetup_primaryUser()
2978 setup_splitUser_afterDeviceSetup_primaryUser();
2979 mContext.packageName = admin1.getPackageName();
2980 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
2981 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2982 true/* it's undefined behavior. Can be changed into false in the future */);
2983 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
2984 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
2985 true/* it's undefined behavior. Can be changed into false in the future */);
2986 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
2987 false/* because user setup completed */);
2990 public void testCheckProvisioningPreCondition_splitUser_afterDeviceSetup_primaryUser()
2992 setup_splitUser_afterDeviceSetup_primaryUser();
2993 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
2994 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE,
2995 DevicePolicyManager.CODE_OK);
2996 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
2997 DevicePolicyManager.CODE_OK);
2998 assertCheckProvisioningPreCondition(
2999 DevicePolicyManager.ACTION_PROVISION_MANAGED_SHAREABLE_DEVICE,
3000 DevicePolicyManager.CODE_OK);
3001 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_USER,
3002 DevicePolicyManager.CODE_USER_SETUP_COMPLETED);
3005 private void setup_provisionManagedProfileWithDeviceOwner_systemUser() throws Exception {
3008 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
3010 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
3011 when(mContext.userManager.canAddMoreManagedProfiles(UserHandle.USER_SYSTEM, true))
3013 setUserSetupCompleteForUser(true, UserHandle.USER_SYSTEM);
3015 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3018 public void testIsProvisioningAllowed_provisionManagedProfileWithDeviceOwner_systemUser()
3020 setup_provisionManagedProfileWithDeviceOwner_systemUser();
3021 mContext.packageName = admin1.getPackageName();
3022 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
3023 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
3024 false /* can't provision managed profile on system user */);
3027 public void testCheckProvisioningPreCondition_provisionManagedProfileWithDeviceOwner_systemUser()
3029 setup_provisionManagedProfileWithDeviceOwner_systemUser();
3030 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
3031 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
3032 DevicePolicyManager.CODE_SPLIT_SYSTEM_USER_DEVICE_SYSTEM_USER);
3035 private void setup_provisionManagedProfileWithDeviceOwner_primaryUser() throws Exception {
3038 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
3040 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
3041 when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
3042 true)).thenReturn(true);
3043 setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE);
3045 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
3048 public void testIsProvisioningAllowed_provisionManagedProfileWithDeviceOwner_primaryUser()
3050 setup_provisionManagedProfileWithDeviceOwner_primaryUser();
3051 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
3052 mContext.packageName = admin1.getPackageName();
3053 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, true);
3056 public void testCheckProvisioningPreCondition_provisionManagedProfileWithDeviceOwner_primaryUser()
3058 setup_provisionManagedProfileWithDeviceOwner_primaryUser();
3059 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
3061 // COMP mode is allowed.
3062 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
3063 DevicePolicyManager.CODE_OK);
3066 private void setup_provisionManagedProfileCantRemoveUser_primaryUser() throws Exception {
3069 when(mContext.ipackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS, 0))
3071 when(mContext.userManagerForMock.isSplitSystemUser()).thenReturn(true);
3072 when(mContext.userManager.hasUserRestriction(
3073 eq(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE),
3074 eq(UserHandle.of(DpmMockContext.CALLER_USER_HANDLE))))
3076 when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
3077 false /* we can't remove a managed profile */)).thenReturn(false);
3078 when(mContext.userManager.canAddMoreManagedProfiles(DpmMockContext.CALLER_USER_HANDLE,
3079 true)).thenReturn(true);
3080 setUserSetupCompleteForUser(false, DpmMockContext.CALLER_USER_HANDLE);
3082 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
3085 public void testIsProvisioningAllowed_provisionManagedProfileCantRemoveUser_primaryUser()
3087 setup_provisionManagedProfileCantRemoveUser_primaryUser();
3088 mContext.packageName = admin1.getPackageName();
3089 setUpPackageManagerForAdmin(admin1, mContext.binder.callingUid);
3090 assertProvisioningAllowed(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, false);
3093 public void testCheckProvisioningPreCondition_provisionManagedProfileCantRemoveUser_primaryUser()
3095 setup_provisionManagedProfileCantRemoveUser_primaryUser();
3096 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
3097 assertCheckProvisioningPreCondition(DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE,
3098 DevicePolicyManager.CODE_CANNOT_ADD_MANAGED_PROFILE);
3101 public void testCheckProvisioningPreCondition_permission() {
3102 // GIVEN the permission MANAGE_PROFILE_AND_DEVICE_OWNERS is not granted
3104 dpm.checkProvisioningPreCondition(
3105 DevicePolicyManager.ACTION_PROVISION_MANAGED_PROFILE, "some.package");
3106 fail("Didn't throw SecurityException");
3107 } catch (SecurityException expected) {
3111 public void testForceUpdateUserSetupComplete_permission() {
3112 // GIVEN the permission MANAGE_PROFILE_AND_DEVICE_OWNERS is not granted
3114 dpm.forceUpdateUserSetupComplete();
3115 fail("Didn't throw SecurityException");
3116 } catch (SecurityException expected) {
3120 public void testForceUpdateUserSetupComplete_systemUser() {
3121 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
3122 // GIVEN calling from user 20
3123 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
3125 dpm.forceUpdateUserSetupComplete();
3126 fail("Didn't throw SecurityException");
3127 } catch (SecurityException expected) {
3131 public void testForceUpdateUserSetupComplete_userbuild() {
3132 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
3133 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3135 final int userId = UserHandle.USER_SYSTEM;
3136 // GIVEN userComplete is false in SettingsProvider
3137 setUserSetupCompleteForUser(false, userId);
3139 // GIVEN userComplete is true in DPM
3140 DevicePolicyManagerService.DevicePolicyData userData =
3141 new DevicePolicyManagerService.DevicePolicyData(userId);
3142 userData.mUserSetupComplete = true;
3143 dpms.mUserData.put(UserHandle.USER_SYSTEM, userData);
3145 // GIVEN it's user build
3146 mContext.buildMock.isDebuggable = false;
3148 assertTrue(dpms.hasUserSetupCompleted());
3150 dpm.forceUpdateUserSetupComplete();
3152 // THEN the state in dpms is not changed
3153 assertTrue(dpms.hasUserSetupCompleted());
3156 public void testForceUpdateUserSetupComplete_userDebugbuild() {
3157 mContext.callerPermissions.add(permission.MANAGE_PROFILE_AND_DEVICE_OWNERS);
3158 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3160 final int userId = UserHandle.USER_SYSTEM;
3161 // GIVEN userComplete is false in SettingsProvider
3162 setUserSetupCompleteForUser(false, userId);
3164 // GIVEN userComplete is true in DPM
3165 DevicePolicyManagerService.DevicePolicyData userData =
3166 new DevicePolicyManagerService.DevicePolicyData(userId);
3167 userData.mUserSetupComplete = true;
3168 dpms.mUserData.put(UserHandle.USER_SYSTEM, userData);
3170 // GIVEN it's userdebug build
3171 mContext.buildMock.isDebuggable = true;
3173 assertTrue(dpms.hasUserSetupCompleted());
3175 dpm.forceUpdateUserSetupComplete();
3177 // THEN the state in dpms is not changed
3178 assertFalse(dpms.hasUserSetupCompleted());
3181 private void clearDeviceOwner() throws Exception {
3182 final long ident = mContext.binder.clearCallingIdentity();
3183 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3184 doReturn(DpmMockContext.CALLER_SYSTEM_USER_UID).when(mContext.packageManager)
3185 .getPackageUidAsUser(eq(admin1.getPackageName()), anyInt());
3186 dpm.clearDeviceOwnerApp(admin1.getPackageName());
3187 mContext.binder.restoreCallingIdentity(ident);
3190 public void testGetLastSecurityLogRetrievalTime() throws Exception {
3191 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3194 // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
3195 // feature is disabled because there are non-affiliated secondary users.
3196 mContext.removeUser(DpmMockContext.CALLER_USER_HANDLE);
3197 when(mContext.resources.getBoolean(R.bool.config_supportPreRebootSecurityLogs))
3200 // No logs were retrieved so far.
3201 assertEquals(-1, dpm.getLastSecurityLogRetrievalTime());
3203 // Enabling logging should not change the timestamp.
3204 dpm.setSecurityLoggingEnabled(admin1, true);
3205 verify(mContext.settings)
3206 .securityLogSetLoggingEnabledProperty(true);
3207 when(mContext.settings.securityLogGetLoggingEnabledProperty())
3209 assertEquals(-1, dpm.getLastSecurityLogRetrievalTime());
3211 // Retrieving the logs should update the timestamp.
3212 final long beforeRetrieval = System.currentTimeMillis();
3213 dpm.retrieveSecurityLogs(admin1);
3214 final long firstSecurityLogRetrievalTime = dpm.getLastSecurityLogRetrievalTime();
3215 final long afterRetrieval = System.currentTimeMillis();
3216 assertTrue(firstSecurityLogRetrievalTime >= beforeRetrieval);
3217 assertTrue(firstSecurityLogRetrievalTime <= afterRetrieval);
3219 // Retrieving the pre-boot logs should update the timestamp.
3221 dpm.retrievePreRebootSecurityLogs(admin1);
3222 final long secondSecurityLogRetrievalTime = dpm.getLastSecurityLogRetrievalTime();
3223 assertTrue(secondSecurityLogRetrievalTime > firstSecurityLogRetrievalTime);
3225 // Checking the timestamp again should not change it.
3227 assertEquals(secondSecurityLogRetrievalTime, dpm.getLastSecurityLogRetrievalTime());
3229 // Retrieving the logs again should update the timestamp.
3230 dpm.retrieveSecurityLogs(admin1);
3231 final long thirdSecurityLogRetrievalTime = dpm.getLastSecurityLogRetrievalTime();
3232 assertTrue(thirdSecurityLogRetrievalTime > secondSecurityLogRetrievalTime);
3234 // Disabling logging should not change the timestamp.
3236 dpm.setSecurityLoggingEnabled(admin1, false);
3237 assertEquals(thirdSecurityLogRetrievalTime, dpm.getLastSecurityLogRetrievalTime());
3239 // Restarting the DPMS should not lose the timestamp.
3241 assertEquals(thirdSecurityLogRetrievalTime, dpm.getLastSecurityLogRetrievalTime());
3243 // Any uid holding MANAGE_USERS permission can retrieve the timestamp.
3244 mContext.binder.callingUid = 1234567;
3245 mContext.callerPermissions.add(permission.MANAGE_USERS);
3246 assertEquals(thirdSecurityLogRetrievalTime, dpm.getLastSecurityLogRetrievalTime());
3247 mContext.callerPermissions.remove(permission.MANAGE_USERS);
3249 // System can retrieve the timestamp.
3250 mContext.binder.clearCallingIdentity();
3251 assertEquals(thirdSecurityLogRetrievalTime, dpm.getLastSecurityLogRetrievalTime());
3253 // Removing the device owner should clear the timestamp.
3255 assertEquals(-1, dpm.getLastSecurityLogRetrievalTime());
3258 public void testGetLastBugReportRequestTime() throws Exception {
3259 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3262 mContext.packageName = admin1.getPackageName();
3263 mContext.applicationInfo = new ApplicationInfo();
3264 when(mContext.resources.getColor(eq(R.color.notification_action_list), anyObject()))
3265 .thenReturn(Color.WHITE);
3266 when(mContext.resources.getColor(eq(R.color.notification_material_background_color),
3267 anyObject())).thenReturn(Color.WHITE);
3269 // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
3270 // feature is disabled because there are non-affiliated secondary users.
3271 mContext.removeUser(DpmMockContext.CALLER_USER_HANDLE);
3273 // No bug reports were requested so far.
3274 assertEquals(-1, dpm.getLastBugReportRequestTime());
3276 // Requesting a bug report should update the timestamp.
3277 final long beforeRequest = System.currentTimeMillis();
3278 dpm.requestBugreport(admin1);
3279 final long bugReportRequestTime = dpm.getLastBugReportRequestTime();
3280 final long afterRequest = System.currentTimeMillis();
3281 assertTrue(bugReportRequestTime >= beforeRequest);
3282 assertTrue(bugReportRequestTime <= afterRequest);
3284 // Checking the timestamp again should not change it.
3286 assertEquals(bugReportRequestTime, dpm.getLastBugReportRequestTime());
3288 // Restarting the DPMS should not lose the timestamp.
3290 assertEquals(bugReportRequestTime, dpm.getLastBugReportRequestTime());
3292 // Any uid holding MANAGE_USERS permission can retrieve the timestamp.
3293 mContext.binder.callingUid = 1234567;
3294 mContext.callerPermissions.add(permission.MANAGE_USERS);
3295 assertEquals(bugReportRequestTime, dpm.getLastBugReportRequestTime());
3296 mContext.callerPermissions.remove(permission.MANAGE_USERS);
3298 // System can retrieve the timestamp.
3299 mContext.binder.clearCallingIdentity();
3300 assertEquals(bugReportRequestTime, dpm.getLastBugReportRequestTime());
3302 // Removing the device owner should clear the timestamp.
3304 assertEquals(-1, dpm.getLastBugReportRequestTime());
3307 public void testGetLastNetworkLogRetrievalTime() throws Exception {
3308 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3310 mContext.packageName = admin1.getPackageName();
3311 mContext.applicationInfo = new ApplicationInfo();
3312 when(mContext.resources.getColor(eq(R.color.notification_action_list), anyObject()))
3313 .thenReturn(Color.WHITE);
3314 when(mContext.resources.getColor(eq(R.color.notification_material_background_color),
3315 anyObject())).thenReturn(Color.WHITE);
3317 // setUp() adds a secondary user for CALLER_USER_HANDLE. Remove it as otherwise the
3318 // feature is disabled because there are non-affiliated secondary users.
3319 mContext.removeUser(DpmMockContext.CALLER_USER_HANDLE);
3320 when(mContext.iipConnectivityMetrics.registerNetdEventCallback(anyObject()))
3323 // No logs were retrieved so far.
3324 assertEquals(-1, dpm.getLastNetworkLogRetrievalTime());
3326 // Attempting to retrieve logs without enabling logging should not change the timestamp.
3327 dpm.retrieveNetworkLogs(admin1, 0 /* batchToken */);
3328 assertEquals(-1, dpm.getLastNetworkLogRetrievalTime());
3330 // Enabling logging should not change the timestamp.
3331 dpm.setNetworkLoggingEnabled(admin1, true);
3332 assertEquals(-1, dpm.getLastNetworkLogRetrievalTime());
3334 // Retrieving the logs should update the timestamp.
3335 final long beforeRetrieval = System.currentTimeMillis();
3336 dpm.retrieveNetworkLogs(admin1, 0 /* batchToken */);
3337 final long firstNetworkLogRetrievalTime = dpm.getLastNetworkLogRetrievalTime();
3338 final long afterRetrieval = System.currentTimeMillis();
3339 assertTrue(firstNetworkLogRetrievalTime >= beforeRetrieval);
3340 assertTrue(firstNetworkLogRetrievalTime <= afterRetrieval);
3342 // Checking the timestamp again should not change it.
3344 assertEquals(firstNetworkLogRetrievalTime, dpm.getLastNetworkLogRetrievalTime());
3346 // Retrieving the logs again should update the timestamp.
3347 dpm.retrieveNetworkLogs(admin1, 0 /* batchToken */);
3348 final long secondNetworkLogRetrievalTime = dpm.getLastNetworkLogRetrievalTime();
3349 assertTrue(secondNetworkLogRetrievalTime > firstNetworkLogRetrievalTime);
3351 // Disabling logging should not change the timestamp.
3353 dpm.setNetworkLoggingEnabled(admin1, false);
3354 assertEquals(secondNetworkLogRetrievalTime, dpm.getLastNetworkLogRetrievalTime());
3356 // Restarting the DPMS should not lose the timestamp.
3358 assertEquals(secondNetworkLogRetrievalTime, dpm.getLastNetworkLogRetrievalTime());
3360 // Any uid holding MANAGE_USERS permission can retrieve the timestamp.
3361 mContext.binder.callingUid = 1234567;
3362 mContext.callerPermissions.add(permission.MANAGE_USERS);
3363 assertEquals(secondNetworkLogRetrievalTime, dpm.getLastNetworkLogRetrievalTime());
3364 mContext.callerPermissions.remove(permission.MANAGE_USERS);
3366 // System can retrieve the timestamp.
3367 mContext.binder.clearCallingIdentity();
3368 assertEquals(secondNetworkLogRetrievalTime, dpm.getLastNetworkLogRetrievalTime());
3370 // Removing the device owner should clear the timestamp.
3372 assertEquals(-1, dpm.getLastNetworkLogRetrievalTime());
3375 public void testGetBindDeviceAdminTargetUsers() throws Exception {
3376 // Setup device owner.
3377 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3380 // Only device owner is setup, the result list should be empty.
3381 List<UserHandle> targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3382 MoreAsserts.assertEmpty(targetUsers);
3384 // Setup a managed profile managed by the same admin.
3385 final int MANAGED_PROFILE_USER_ID = 15;
3386 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 20456);
3387 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
3389 // Add a secondary user, it should never talk with.
3390 final int ANOTHER_USER_ID = 36;
3391 mContext.addUser(ANOTHER_USER_ID, 0);
3393 // Since the managed profile is not affiliated, they should not be allowed to talk to each
3395 targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3396 MoreAsserts.assertEmpty(targetUsers);
3398 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3399 targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3400 MoreAsserts.assertEmpty(targetUsers);
3402 // Setting affiliation ids
3403 final Set<String> userAffiliationIds = Collections.singleton("some.affiliation-id");
3404 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3405 dpm.setAffiliationIds(admin1, userAffiliationIds);
3407 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3408 dpm.setAffiliationIds(admin1, userAffiliationIds);
3410 // Calling from device owner admin, the result list should just contain the managed
3412 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3413 targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3414 MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.of(MANAGED_PROFILE_USER_ID));
3416 // Calling from managed profile admin, the result list should just contain the system
3418 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3419 targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3420 MoreAsserts.assertContentsInAnyOrder(targetUsers, UserHandle.SYSTEM);
3422 // Changing affiliation ids in one
3423 dpm.setAffiliationIds(admin1, Collections.singleton("some-different-affiliation-id"));
3425 // Since the managed profile is not affiliated any more, they should not be allowed to talk
3427 targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3428 MoreAsserts.assertEmpty(targetUsers);
3430 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3431 targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3432 MoreAsserts.assertEmpty(targetUsers);
3435 public void testGetBindDeviceAdminTargetUsers_differentPackage() throws Exception {
3436 // Setup a device owner.
3437 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3440 // Set up a managed profile managed by different package.
3441 final int MANAGED_PROFILE_USER_ID = 15;
3442 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 20456);
3443 final ComponentName adminDifferentPackage =
3444 new ComponentName("another.package", "whatever.class");
3445 addManagedProfile(adminDifferentPackage, MANAGED_PROFILE_ADMIN_UID, admin2);
3447 // Setting affiliation ids
3448 final Set<String> userAffiliationIds = Collections.singleton("some-affiliation-id");
3449 dpm.setAffiliationIds(admin1, userAffiliationIds);
3451 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3452 dpm.setAffiliationIds(adminDifferentPackage, userAffiliationIds);
3454 // Calling from device owner admin, we should get zero bind device admin target users as
3455 // their packages are different.
3456 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3457 List<UserHandle> targetUsers = dpm.getBindDeviceAdminTargetUsers(admin1);
3458 MoreAsserts.assertEmpty(targetUsers);
3460 // Calling from managed profile admin, we should still get zero target users for the same
3462 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3463 targetUsers = dpm.getBindDeviceAdminTargetUsers(adminDifferentPackage);
3464 MoreAsserts.assertEmpty(targetUsers);
3467 public void testLockTaskPackagesAllowedForAffiliatedUsers() throws Exception {
3468 // Setup a device owner.
3469 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3471 // Lock task packages are updated when loading user data.
3472 verify(mContext.iactivityManager)
3473 .updateLockTaskPackages(eq(UserHandle.USER_SYSTEM), eq(new String[0]));
3475 // Set up a managed profile managed by different package (package name shouldn't matter)
3476 final int MANAGED_PROFILE_USER_ID = 15;
3477 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 20456);
3478 final ComponentName adminDifferentPackage =
3479 new ComponentName("another.package", "whatever.class");
3480 addManagedProfile(adminDifferentPackage, MANAGED_PROFILE_ADMIN_UID, admin2);
3481 verify(mContext.iactivityManager)
3482 .updateLockTaskPackages(eq(MANAGED_PROFILE_USER_ID), eq(new String[0]));
3484 // The DO can still set lock task packages
3485 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3486 final String[] doPackages = {"doPackage1", "doPackage2"};
3487 dpm.setLockTaskPackages(admin1, doPackages);
3488 MoreAsserts.assertEquals(doPackages, dpm.getLockTaskPackages(admin1));
3489 assertTrue(dpm.isLockTaskPermitted("doPackage1"));
3490 assertFalse(dpm.isLockTaskPermitted("anotherPackage"));
3491 verify(mContext.iactivityManager)
3492 .updateLockTaskPackages(eq(UserHandle.USER_SYSTEM), eq(doPackages));
3494 // Managed profile is unaffiliated - shouldn't be able to setLockTaskPackages.
3495 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3496 final String[] poPackages = {"poPackage1", "poPackage2"};
3498 dpm.setLockTaskPackages(adminDifferentPackage, poPackages);
3499 fail("Didn't throw expected security exception.");
3500 } catch (SecurityException expected) {
3503 dpm.getLockTaskPackages(adminDifferentPackage);
3504 fail("Didn't throw expected security exception.");
3505 } catch (SecurityException expected) {
3507 assertFalse(dpm.isLockTaskPermitted("doPackage1"));
3509 // Setting same affiliation ids
3510 final Set<String> userAffiliationIds = Collections.singleton("some-affiliation-id");
3511 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3512 dpm.setAffiliationIds(admin1, userAffiliationIds);
3514 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3515 dpm.setAffiliationIds(adminDifferentPackage, userAffiliationIds);
3517 // Now the managed profile can set lock task packages.
3518 dpm.setLockTaskPackages(adminDifferentPackage, poPackages);
3519 MoreAsserts.assertEquals(poPackages, dpm.getLockTaskPackages(adminDifferentPackage));
3520 assertTrue(dpm.isLockTaskPermitted("poPackage1"));
3521 assertFalse(dpm.isLockTaskPermitted("doPackage2"));
3522 verify(mContext.iactivityManager)
3523 .updateLockTaskPackages(eq(MANAGED_PROFILE_USER_ID), eq(poPackages));
3525 // Unaffiliate the profile, lock task mode no longer available on the profile.
3526 dpm.setAffiliationIds(adminDifferentPackage, Collections.emptySet());
3527 assertFalse(dpm.isLockTaskPermitted("poPackage1"));
3528 // Lock task packages cleared when loading user data and when the user becomes unaffiliated.
3529 verify(mContext.iactivityManager, times(2))
3530 .updateLockTaskPackages(eq(MANAGED_PROFILE_USER_ID), eq(new String[0]));
3532 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3533 assertTrue(dpm.isLockTaskPermitted("doPackage1"));
3536 public void testIsDeviceManaged() throws Exception {
3537 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3540 // The device owner itself, any uid holding MANAGE_USERS permission and the system can
3541 // find out that the device has a device owner.
3542 assertTrue(dpm.isDeviceManaged());
3543 mContext.binder.callingUid = 1234567;
3544 mContext.callerPermissions.add(permission.MANAGE_USERS);
3545 assertTrue(dpm.isDeviceManaged());
3546 mContext.callerPermissions.remove(permission.MANAGE_USERS);
3547 mContext.binder.clearCallingIdentity();
3548 assertTrue(dpm.isDeviceManaged());
3552 // Any uid holding MANAGE_USERS permission and the system can find out that the device does
3553 // not have a device owner.
3554 mContext.binder.callingUid = 1234567;
3555 mContext.callerPermissions.add(permission.MANAGE_USERS);
3556 assertFalse(dpm.isDeviceManaged());
3557 mContext.callerPermissions.remove(permission.MANAGE_USERS);
3558 mContext.binder.clearCallingIdentity();
3559 assertFalse(dpm.isDeviceManaged());
3562 public void testDeviceOwnerOrganizationName() throws Exception {
3563 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3566 dpm.setOrganizationName(admin1, "organization");
3568 // Device owner can retrieve organization managing the device.
3569 assertEquals("organization", dpm.getDeviceOwnerOrganizationName());
3571 // Any uid holding MANAGE_USERS permission can retrieve organization managing the device.
3572 mContext.binder.callingUid = 1234567;
3573 mContext.callerPermissions.add(permission.MANAGE_USERS);
3574 assertEquals("organization", dpm.getDeviceOwnerOrganizationName());
3575 mContext.callerPermissions.remove(permission.MANAGE_USERS);
3577 // System can retrieve organization managing the device.
3578 mContext.binder.clearCallingIdentity();
3579 assertEquals("organization", dpm.getDeviceOwnerOrganizationName());
3581 // Removing the device owner clears the organization managing the device.
3583 assertNull(dpm.getDeviceOwnerOrganizationName());
3586 public void testWipeDataManagedProfile() throws Exception {
3587 final int MANAGED_PROFILE_USER_ID = 15;
3588 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
3589 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
3590 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3592 // Even if the caller is the managed profile, the current user is the user 0
3593 when(mContext.iactivityManager.getCurrentUser())
3594 .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
3597 verify(mContext.userManagerInternal).removeUserEvenWhenDisallowed(
3598 MANAGED_PROFILE_USER_ID);
3601 public void testWipeDataManagedProfileDisallowed() throws Exception {
3602 final int MANAGED_PROFILE_USER_ID = 15;
3603 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
3604 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
3606 // Even if the caller is the managed profile, the current user is the user 0
3607 when(mContext.iactivityManager.getCurrentUser())
3608 .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
3610 when(mContext.userManager.getUserRestrictionSource(
3611 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
3612 UserHandle.of(MANAGED_PROFILE_USER_ID)))
3613 .thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
3614 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3616 // The PO is not allowed to remove the profile if the user restriction was set on the
3617 // profile by the system
3619 fail("SecurityException not thrown");
3620 } catch (SecurityException expected) {
3624 public void testWipeDataDeviceOwner() throws Exception {
3626 when(mContext.userManager.getUserRestrictionSource(
3627 UserManager.DISALLOW_FACTORY_RESET,
3629 .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
3632 verify(mContext.recoverySystem).rebootWipeUserData(
3633 /*shutdown=*/ eq(false), anyString(), /*force=*/ eq(true));
3636 public void testWipeDataDeviceOwnerDisallowed() throws Exception {
3638 when(mContext.userManager.getUserRestrictionSource(
3639 UserManager.DISALLOW_FACTORY_RESET,
3641 .thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
3643 // The DO is not allowed to wipe the device if the user restriction was set
3646 fail("SecurityException not thrown");
3647 } catch (SecurityException expected) {
3651 public void testMaximumFailedPasswordAttemptsReachedManagedProfile() throws Exception {
3652 final int MANAGED_PROFILE_USER_ID = 15;
3653 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
3654 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
3656 // Even if the caller is the managed profile, the current user is the user 0
3657 when(mContext.iactivityManager.getCurrentUser())
3658 .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
3660 when(mContext.userManager.getUserRestrictionSource(
3661 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
3662 UserHandle.of(MANAGED_PROFILE_USER_ID)))
3663 .thenReturn(UserManager.RESTRICTION_SOURCE_PROFILE_OWNER);
3665 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3666 dpm.setMaximumFailedPasswordsForWipe(admin1, 3);
3668 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
3669 mContext.callerPermissions.add(permission.BIND_DEVICE_ADMIN);
3670 // Failed password attempts on the parent user are taken into account, as there isn't a
3671 // separate work challenge.
3672 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3673 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3674 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3676 // The profile should be wiped even if DISALLOW_REMOVE_MANAGED_PROFILE is enabled, because
3677 // both the user restriction and the policy were set by the PO.
3678 verify(mContext.userManagerInternal).removeUserEvenWhenDisallowed(
3679 MANAGED_PROFILE_USER_ID);
3680 verifyZeroInteractions(mContext.recoverySystem);
3683 public void testMaximumFailedPasswordAttemptsReachedManagedProfileDisallowed()
3685 final int MANAGED_PROFILE_USER_ID = 15;
3686 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
3687 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
3689 // Even if the caller is the managed profile, the current user is the user 0
3690 when(mContext.iactivityManager.getCurrentUser())
3691 .thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
3693 when(mContext.userManager.getUserRestrictionSource(
3694 UserManager.DISALLOW_REMOVE_MANAGED_PROFILE,
3695 UserHandle.of(MANAGED_PROFILE_USER_ID)))
3696 .thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
3698 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
3699 dpm.setMaximumFailedPasswordsForWipe(admin1, 3);
3701 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
3702 mContext.callerPermissions.add(permission.BIND_DEVICE_ADMIN);
3703 // Failed password attempts on the parent user are taken into account, as there isn't a
3704 // separate work challenge.
3705 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3706 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3707 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3709 // DISALLOW_REMOVE_MANAGED_PROFILE was set by the system, not the PO, so the profile is
3711 verify(mContext.userManagerInternal, never())
3712 .removeUserEvenWhenDisallowed(anyInt());
3713 verifyZeroInteractions(mContext.recoverySystem);
3716 public void testMaximumFailedPasswordAttemptsReachedDeviceOwner() throws Exception {
3718 when(mContext.userManager.getUserRestrictionSource(
3719 UserManager.DISALLOW_FACTORY_RESET,
3721 .thenReturn(UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);
3723 dpm.setMaximumFailedPasswordsForWipe(admin1, 3);
3725 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
3726 mContext.callerPermissions.add(permission.BIND_DEVICE_ADMIN);
3727 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3728 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3729 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3731 // The device should be wiped even if DISALLOW_FACTORY_RESET is enabled, because both the
3732 // user restriction and the policy were set by the DO.
3733 verify(mContext.recoverySystem).rebootWipeUserData(
3734 /*shutdown=*/ eq(false), anyString(), /*force=*/ eq(true));
3737 public void testMaximumFailedPasswordAttemptsReachedDeviceOwnerDisallowed() throws Exception {
3739 when(mContext.userManager.getUserRestrictionSource(
3740 UserManager.DISALLOW_FACTORY_RESET,
3742 .thenReturn(UserManager.RESTRICTION_SOURCE_SYSTEM);
3744 dpm.setMaximumFailedPasswordsForWipe(admin1, 3);
3746 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
3747 mContext.callerPermissions.add(permission.BIND_DEVICE_ADMIN);
3748 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3749 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3750 dpm.reportFailedPasswordAttempt(UserHandle.USER_SYSTEM);
3752 // DISALLOW_FACTORY_RESET was set by the system, not the DO, so the device is not wiped.
3753 verifyZeroInteractions(mContext.recoverySystem);
3754 verify(mContext.userManagerInternal, never())
3755 .removeUserEvenWhenDisallowed(anyInt());
3758 public void testGetPermissionGrantState() throws Exception {
3759 final String permission = "some.permission";
3760 final String app1 = "com.example.app1";
3761 final String app2 = "com.example.app2";
3763 when(mContext.ipackageManager.checkPermission(eq(permission), eq(app1), anyInt()))
3764 .thenReturn(PackageManager.PERMISSION_GRANTED);
3765 doReturn(PackageManager.FLAG_PERMISSION_POLICY_FIXED).when(mContext.packageManager)
3766 .getPermissionFlags(permission, app1, UserHandle.SYSTEM);
3767 when(mContext.packageManager.getPermissionFlags(permission, app1,
3768 UserHandle.of(DpmMockContext.CALLER_USER_HANDLE)))
3769 .thenReturn(PackageManager.FLAG_PERMISSION_POLICY_FIXED);
3770 when(mContext.ipackageManager.checkPermission(eq(permission), eq(app2), anyInt()))
3771 .thenReturn(PackageManager.PERMISSION_DENIED);
3772 doReturn(0).when(mContext.packageManager).getPermissionFlags(permission, app2,
3774 when(mContext.packageManager.getPermissionFlags(permission, app2,
3775 UserHandle.of(DpmMockContext.CALLER_USER_HANDLE))).thenReturn(0);
3777 // System can retrieve permission grant state.
3778 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
3779 mContext.packageName = "com.example.system";
3780 assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED,
3781 dpm.getPermissionGrantState(null, app1, permission));
3782 assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT,
3783 dpm.getPermissionGrantState(null, app2, permission));
3785 // A regular app cannot retrieve permission grant state.
3786 mContext.binder.callingUid = setupPackageInPackageManager(app1, 1);
3787 mContext.packageName = app1;
3789 dpm.getPermissionGrantState(null, app1, permission);
3790 fail("Didn't throw SecurityException");
3791 } catch (SecurityException expected) {
3794 // Profile owner can retrieve permission grant state.
3795 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
3796 mContext.packageName = admin1.getPackageName();
3797 setAsProfileOwner(admin1);
3798 assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED,
3799 dpm.getPermissionGrantState(admin1, app1, permission));
3800 assertEquals(DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT,
3801 dpm.getPermissionGrantState(admin1, app2, permission));
3804 public void testResetPasswordWithToken() throws Exception {
3805 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3807 // test token validation
3809 dpm.setResetPasswordToken(admin1, new byte[31]);
3810 fail("should not have accepted tokens too short");
3811 } catch (IllegalArgumentException expected) {
3813 // test adding a token
3814 final byte[] token = new byte[32];
3815 final long handle = 123456;
3816 final String password = "password";
3817 when(mContext.lockPatternUtils.addEscrowToken(eq(token), eq(UserHandle.USER_SYSTEM)))
3818 .thenReturn(handle);
3819 assertTrue(dpm.setResetPasswordToken(admin1, token));
3821 // test password activation
3822 when(mContext.lockPatternUtils.isEscrowTokenActive(eq(handle), eq(UserHandle.USER_SYSTEM)))
3824 assertTrue(dpm.isResetPasswordTokenActive(admin1));
3826 // test reset password with token
3827 when(mContext.lockPatternUtils.setLockCredentialWithToken(eq(password),
3828 eq(LockPatternUtils.CREDENTIAL_TYPE_PASSWORD), eq(handle), eq(token),
3829 eq(UserHandle.USER_SYSTEM)))
3831 assertTrue(dpm.resetPasswordWithToken(admin1, password, token, 0));
3833 // test removing a token
3834 when(mContext.lockPatternUtils.removeEscrowToken(eq(handle), eq(UserHandle.USER_SYSTEM)))
3836 assertTrue(dpm.clearResetPasswordToken(admin1));
3839 public void testIsCurrentInputMethodSetByOwnerForDeviceOwner() throws Exception {
3840 final String currentIme = Settings.Secure.DEFAULT_INPUT_METHOD;
3841 final Uri currentImeUri = Settings.Secure.getUriFor(currentIme);
3842 final int deviceOwnerUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
3843 final int firstUserSystemUid = UserHandle.getUid(UserHandle.USER_SYSTEM,
3844 DpmMockContext.SYSTEM_UID);
3845 final int secondUserSystemUid = UserHandle.getUid(DpmMockContext.CALLER_USER_HANDLE,
3846 DpmMockContext.SYSTEM_UID);
3848 // Set up a device owner.
3849 mContext.binder.callingUid = deviceOwnerUid;
3852 // First and second user set IMEs manually.
3853 mContext.binder.callingUid = firstUserSystemUid;
3854 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3855 mContext.binder.callingUid = secondUserSystemUid;
3856 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3858 // Device owner changes IME for first user.
3859 mContext.binder.callingUid = deviceOwnerUid;
3860 when(mContext.settings.settingsSecureGetStringForUser(currentIme, UserHandle.USER_SYSTEM))
3861 .thenReturn("ime1");
3862 dpm.setSecureSetting(admin1, currentIme, "ime2");
3863 verify(mContext.settings).settingsSecurePutStringForUser(currentIme, "ime2",
3864 UserHandle.USER_SYSTEM);
3865 reset(mContext.settings);
3866 dpms.notifyChangeToContentObserver(currentImeUri, UserHandle.USER_SYSTEM);
3867 mContext.binder.callingUid = firstUserSystemUid;
3868 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3869 mContext.binder.callingUid = secondUserSystemUid;
3870 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3872 // Second user changes IME manually.
3873 dpms.notifyChangeToContentObserver(currentImeUri, DpmMockContext.CALLER_USER_HANDLE);
3874 mContext.binder.callingUid = firstUserSystemUid;
3875 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3876 mContext.binder.callingUid = secondUserSystemUid;
3877 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3879 // First user changes IME manually.
3880 dpms.notifyChangeToContentObserver(currentImeUri, UserHandle.USER_SYSTEM);
3881 mContext.binder.callingUid = firstUserSystemUid;
3882 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3883 mContext.binder.callingUid = secondUserSystemUid;
3884 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3886 // Device owner changes IME for first user again.
3887 mContext.binder.callingUid = deviceOwnerUid;
3888 when(mContext.settings.settingsSecureGetStringForUser(currentIme, UserHandle.USER_SYSTEM))
3889 .thenReturn("ime2");
3890 dpm.setSecureSetting(admin1, currentIme, "ime3");
3891 verify(mContext.settings).settingsSecurePutStringForUser(currentIme, "ime3",
3892 UserHandle.USER_SYSTEM);
3893 dpms.notifyChangeToContentObserver(currentImeUri, UserHandle.USER_SYSTEM);
3894 mContext.binder.callingUid = firstUserSystemUid;
3895 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3896 mContext.binder.callingUid = secondUserSystemUid;
3897 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3899 // Restarting the DPMS should not lose information.
3901 mContext.binder.callingUid = firstUserSystemUid;
3902 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3903 mContext.binder.callingUid = secondUserSystemUid;
3904 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3906 // Device owner can find out whether it set the current IME itself.
3907 mContext.binder.callingUid = deviceOwnerUid;
3908 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3910 // Removing the device owner should clear the information that it set the current IME.
3912 mContext.binder.callingUid = firstUserSystemUid;
3913 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3914 mContext.binder.callingUid = secondUserSystemUid;
3915 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3918 public void testIsCurrentInputMethodSetByOwnerForProfileOwner() throws Exception {
3919 final String currentIme = Settings.Secure.DEFAULT_INPUT_METHOD;
3920 final Uri currentImeUri = Settings.Secure.getUriFor(currentIme);
3921 final int profileOwnerUid = DpmMockContext.CALLER_UID;
3922 final int firstUserSystemUid = UserHandle.getUid(UserHandle.USER_SYSTEM,
3923 DpmMockContext.SYSTEM_UID);
3924 final int secondUserSystemUid = UserHandle.getUid(DpmMockContext.CALLER_USER_HANDLE,
3925 DpmMockContext.SYSTEM_UID);
3927 // Set up a profile owner.
3928 mContext.binder.callingUid = profileOwnerUid;
3929 setupProfileOwner();
3931 // First and second user set IMEs manually.
3932 mContext.binder.callingUid = firstUserSystemUid;
3933 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3934 mContext.binder.callingUid = secondUserSystemUid;
3935 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3937 // Profile owner changes IME for second user.
3938 mContext.binder.callingUid = profileOwnerUid;
3939 when(mContext.settings.settingsSecureGetStringForUser(currentIme,
3940 DpmMockContext.CALLER_USER_HANDLE)).thenReturn("ime1");
3941 dpm.setSecureSetting(admin1, currentIme, "ime2");
3942 verify(mContext.settings).settingsSecurePutStringForUser(currentIme, "ime2",
3943 DpmMockContext.CALLER_USER_HANDLE);
3944 reset(mContext.settings);
3945 dpms.notifyChangeToContentObserver(currentImeUri, DpmMockContext.CALLER_USER_HANDLE);
3946 mContext.binder.callingUid = firstUserSystemUid;
3947 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3948 mContext.binder.callingUid = secondUserSystemUid;
3949 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3951 // First user changes IME manually.
3952 dpms.notifyChangeToContentObserver(currentImeUri, UserHandle.USER_SYSTEM);
3953 mContext.binder.callingUid = firstUserSystemUid;
3954 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3955 mContext.binder.callingUid = secondUserSystemUid;
3956 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3958 // Second user changes IME manually.
3959 dpms.notifyChangeToContentObserver(currentImeUri, DpmMockContext.CALLER_USER_HANDLE);
3960 mContext.binder.callingUid = firstUserSystemUid;
3961 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3962 mContext.binder.callingUid = secondUserSystemUid;
3963 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3965 // Profile owner changes IME for second user again.
3966 mContext.binder.callingUid = profileOwnerUid;
3967 when(mContext.settings.settingsSecureGetStringForUser(currentIme,
3968 DpmMockContext.CALLER_USER_HANDLE)).thenReturn("ime2");
3969 dpm.setSecureSetting(admin1, currentIme, "ime3");
3970 verify(mContext.settings).settingsSecurePutStringForUser(currentIme, "ime3",
3971 DpmMockContext.CALLER_USER_HANDLE);
3972 dpms.notifyChangeToContentObserver(currentImeUri, DpmMockContext.CALLER_USER_HANDLE);
3973 mContext.binder.callingUid = firstUserSystemUid;
3974 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3975 mContext.binder.callingUid = secondUserSystemUid;
3976 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3978 // Restarting the DPMS should not lose information.
3980 mContext.binder.callingUid = firstUserSystemUid;
3981 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3982 mContext.binder.callingUid = secondUserSystemUid;
3983 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3985 // Profile owner can find out whether it set the current IME itself.
3986 mContext.binder.callingUid = profileOwnerUid;
3987 assertTrue(dpm.isCurrentInputMethodSetByOwner());
3989 // Removing the profile owner should clear the information that it set the current IME.
3990 dpm.clearProfileOwner(admin1);
3991 mContext.binder.callingUid = firstUserSystemUid;
3992 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3993 mContext.binder.callingUid = secondUserSystemUid;
3994 assertFalse(dpm.isCurrentInputMethodSetByOwner());
3997 public void testSetPermittedCrossProfileNotificationListeners_unavailableForDo()
3999 // Set up a device owner.
4000 mContext.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
4002 assertSetPermittedCrossProfileNotificationListenersUnavailable(mContext.binder.callingUid);
4005 public void testSetPermittedCrossProfileNotificationListeners_unavailableForPoOnUser()
4007 // Set up a profile owner.
4008 mContext.binder.callingUid = DpmMockContext.CALLER_UID;
4009 setupProfileOwner();
4010 assertSetPermittedCrossProfileNotificationListenersUnavailable(mContext.binder.callingUid);
4013 private void assertSetPermittedCrossProfileNotificationListenersUnavailable(
4014 int adminUid) throws Exception {
4015 mContext.binder.callingUid = adminUid;
4016 final int userId = UserHandle.getUserId(adminUid);
4018 final String packageName = "some.package";
4019 assertFalse(dpms.setPermittedCrossProfileNotificationListeners(
4020 admin1, Collections.singletonList(packageName)));
4021 assertNull(dpms.getPermittedCrossProfileNotificationListeners(admin1));
4023 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4024 assertTrue(dpms.isNotificationListenerServicePermitted(packageName, userId));
4026 // Attempt to set to empty list (which means no listener is whitelisted)
4027 mContext.binder.callingUid = adminUid;
4028 assertFalse(dpms.setPermittedCrossProfileNotificationListeners(
4029 admin1, Collections.<String>emptyList()));
4030 assertNull(dpms.getPermittedCrossProfileNotificationListeners(admin1));
4032 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4033 assertTrue(dpms.isNotificationListenerServicePermitted(packageName, userId));
4036 public void testIsNotificationListenerServicePermitted_onlySystemCanCall() throws Exception {
4037 // Set up a managed profile
4038 final int MANAGED_PROFILE_USER_ID = 15;
4039 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
4040 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
4041 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4043 final String permittedListener = "some.package";
4044 setupPackageInPackageManager(
4046 UserHandle.USER_SYSTEM, // We check the packageInfo from the primary user.
4047 /*appId=*/ 12345, /*flags=*/ 0);
4049 assertTrue(dpms.setPermittedCrossProfileNotificationListeners(
4050 admin1, Collections.singletonList(permittedListener)));
4053 dpms.isNotificationListenerServicePermitted(
4054 permittedListener, MANAGED_PROFILE_USER_ID);
4055 fail("isNotificationListenerServicePermitted should throw if not called from System");
4056 } catch (SecurityException expected) {
4059 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4060 assertTrue(dpms.isNotificationListenerServicePermitted(
4061 permittedListener, MANAGED_PROFILE_USER_ID));
4064 public void testSetPermittedCrossProfileNotificationListeners_managedProfile()
4066 // Set up a managed profile
4067 final int MANAGED_PROFILE_USER_ID = 15;
4068 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
4069 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
4070 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4072 final String permittedListener = "permitted.package";
4074 setupPackageInPackageManager(
4076 UserHandle.USER_SYSTEM, // We check the packageInfo from the primary user.
4077 appId, /*flags=*/ 0);
4079 final String notPermittedListener = "not.permitted.package";
4080 setupPackageInPackageManager(
4081 notPermittedListener,
4082 UserHandle.USER_SYSTEM, // We check the packageInfo from the primary user.
4083 ++appId, /*flags=*/ 0);
4085 final String systemListener = "system.package";
4086 setupPackageInPackageManager(
4088 UserHandle.USER_SYSTEM, // We check the packageInfo from the primary user.
4089 ++appId, ApplicationInfo.FLAG_SYSTEM);
4091 // By default all packages are allowed
4092 assertNull(dpms.getPermittedCrossProfileNotificationListeners(admin1));
4094 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4095 assertTrue(dpms.isNotificationListenerServicePermitted(
4096 permittedListener, MANAGED_PROFILE_USER_ID));
4097 assertTrue(dpms.isNotificationListenerServicePermitted(
4098 notPermittedListener, MANAGED_PROFILE_USER_ID));
4099 assertTrue(dpms.isNotificationListenerServicePermitted(
4100 systemListener, MANAGED_PROFILE_USER_ID));
4102 // Setting only one package in the whitelist
4103 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4104 assertTrue(dpms.setPermittedCrossProfileNotificationListeners(
4105 admin1, Collections.singletonList(permittedListener)));
4106 List<String> permittedListeners =
4107 dpms.getPermittedCrossProfileNotificationListeners(admin1);
4108 assertEquals(1, permittedListeners.size());
4109 assertEquals(permittedListener, permittedListeners.get(0));
4111 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4112 assertTrue(dpms.isNotificationListenerServicePermitted(
4113 permittedListener, MANAGED_PROFILE_USER_ID));
4114 assertFalse(dpms.isNotificationListenerServicePermitted(
4115 notPermittedListener, MANAGED_PROFILE_USER_ID));
4116 // System packages are always allowed (even if not in the whitelist)
4117 assertTrue(dpms.isNotificationListenerServicePermitted(
4118 systemListener, MANAGED_PROFILE_USER_ID));
4120 // Setting an empty whitelist - only system listeners allowed
4121 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4122 assertTrue(dpms.setPermittedCrossProfileNotificationListeners(
4123 admin1, Collections.<String>emptyList()));
4124 assertEquals(0, dpms.getPermittedCrossProfileNotificationListeners(admin1).size());
4126 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4127 assertFalse(dpms.isNotificationListenerServicePermitted(
4128 permittedListener, MANAGED_PROFILE_USER_ID));
4129 assertFalse(dpms.isNotificationListenerServicePermitted(
4130 notPermittedListener, MANAGED_PROFILE_USER_ID));
4131 // System packages are always allowed (even if not in the whitelist)
4132 assertTrue(dpms.isNotificationListenerServicePermitted(
4133 systemListener, MANAGED_PROFILE_USER_ID));
4135 // Setting a null whitelist - all listeners allowed
4136 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4137 assertTrue(dpms.setPermittedCrossProfileNotificationListeners(admin1, null));
4138 assertNull(dpms.getPermittedCrossProfileNotificationListeners(admin1));
4140 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4141 assertTrue(dpms.isNotificationListenerServicePermitted(
4142 permittedListener, MANAGED_PROFILE_USER_ID));
4143 assertTrue(dpms.isNotificationListenerServicePermitted(
4144 notPermittedListener, MANAGED_PROFILE_USER_ID));
4145 assertTrue(dpms.isNotificationListenerServicePermitted(
4146 systemListener, MANAGED_PROFILE_USER_ID));
4149 public void testSetPermittedCrossProfileNotificationListeners_doesNotAffectPrimaryProfile()
4151 // Set up a managed profile
4152 final int MANAGED_PROFILE_USER_ID = 15;
4153 final int MANAGED_PROFILE_ADMIN_UID = UserHandle.getUid(MANAGED_PROFILE_USER_ID, 19436);
4154 addManagedProfile(admin1, MANAGED_PROFILE_ADMIN_UID, admin1);
4155 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4157 final String nonSystemPackage = "non.system.package";
4159 setupPackageInPackageManager(
4161 UserHandle.USER_SYSTEM, // We check the packageInfo from the primary user.
4162 appId, /*flags=*/ 0);
4164 final String systemListener = "system.package";
4165 setupPackageInPackageManager(
4167 UserHandle.USER_SYSTEM, // We check the packageInfo from the primary user.
4168 ++appId, ApplicationInfo.FLAG_SYSTEM);
4170 // By default all packages are allowed (for all profiles)
4171 assertNull(dpms.getPermittedCrossProfileNotificationListeners(admin1));
4173 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4174 assertTrue(dpms.isNotificationListenerServicePermitted(
4175 nonSystemPackage, MANAGED_PROFILE_USER_ID));
4176 assertTrue(dpms.isNotificationListenerServicePermitted(
4177 systemListener, MANAGED_PROFILE_USER_ID));
4178 assertTrue(dpms.isNotificationListenerServicePermitted(
4179 nonSystemPackage, UserHandle.USER_SYSTEM));
4180 assertTrue(dpms.isNotificationListenerServicePermitted(
4181 systemListener, UserHandle.USER_SYSTEM));
4183 // Setting an empty whitelist - only system listeners allowed in managed profile, but
4184 // all allowed in primary profile
4185 mContext.binder.callingUid = MANAGED_PROFILE_ADMIN_UID;
4186 assertTrue(dpms.setPermittedCrossProfileNotificationListeners(
4187 admin1, Collections.<String>emptyList()));
4188 assertEquals(0, dpms.getPermittedCrossProfileNotificationListeners(admin1).size());
4190 mContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4191 assertFalse(dpms.isNotificationListenerServicePermitted(
4192 nonSystemPackage, MANAGED_PROFILE_USER_ID));
4193 assertTrue(dpms.isNotificationListenerServicePermitted(
4194 systemListener, MANAGED_PROFILE_USER_ID));
4195 assertTrue(dpms.isNotificationListenerServicePermitted(
4196 nonSystemPackage, UserHandle.USER_SYSTEM));
4197 assertTrue(dpms.isNotificationListenerServicePermitted(
4198 systemListener, UserHandle.USER_SYSTEM));
4201 public void testGetOwnerInstalledCaCertsForDeviceOwner() throws Exception {
4202 mContext.packageName = mRealTestContext.getPackageName();
4205 final DpmMockContext caller = new DpmMockContext(mRealTestContext, "test-caller");
4206 caller.packageName = admin1.getPackageName();
4207 caller.binder.callingUid = DpmMockContext.CALLER_SYSTEM_USER_UID;
4209 verifyCanGetOwnerInstalledCaCerts(admin1, caller);
4212 public void testGetOwnerInstalledCaCertsForProfileOwner() throws Exception {
4213 mContext.packageName = mRealTestContext.getPackageName();
4214 setAsProfileOwner(admin1);
4216 final DpmMockContext caller = new DpmMockContext(mRealTestContext, "test-caller");
4217 caller.packageName = admin1.getPackageName();
4218 caller.binder.callingUid = DpmMockContext.CALLER_UID;
4220 verifyCanGetOwnerInstalledCaCerts(admin1, caller);
4221 verifyCantGetOwnerInstalledCaCertsProfileOwnerRemoval(admin1, caller);
4224 public void testGetOwnerInstalledCaCertsForDelegate() throws Exception {
4225 mContext.packageName = mRealTestContext.getPackageName();
4226 setAsProfileOwner(admin1);
4228 final String delegate = "com.example.delegate";
4229 final int delegateUid = setupPackageInPackageManager(delegate, 20988);
4230 dpm.setCertInstallerPackage(admin1, delegate);
4232 final DpmMockContext caller = new DpmMockContext(mRealTestContext, "test-caller");
4233 caller.packageName = delegate;
4234 caller.binder.callingUid = delegateUid;
4236 verifyCanGetOwnerInstalledCaCerts(null, caller);
4237 verifyCantGetOwnerInstalledCaCertsProfileOwnerRemoval(null, caller);
4240 private void verifyCanGetOwnerInstalledCaCerts(
4241 final ComponentName caller, final DpmMockContext callerContext) throws Exception {
4242 final String alias = "cert";
4243 final byte[] caCert = TEST_CA.getBytes();
4245 // device admin (used for posting the tls notification)
4246 final DpmMockContext admin1Context;
4247 if (admin1.getPackageName().equals(callerContext.getPackageName())) {
4248 admin1Context = callerContext;
4250 admin1Context = new DpmMockContext(mRealTestContext, "test-admin");
4251 admin1Context.packageName = admin1.getPackageName();
4252 admin1Context.applicationInfo = new ApplicationInfo();
4254 when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
4256 // caller: device admin or delegated certificate installer
4257 callerContext.applicationInfo = new ApplicationInfo();
4258 final UserHandle callerUser = callerContext.binder.getCallingUserHandle();
4261 final DpmMockContext serviceContext = mContext;
4262 serviceContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4263 serviceContext.addPackageContext(callerUser, admin1Context);
4264 serviceContext.addPackageContext(callerUser, callerContext);
4266 // Install a CA cert.
4267 runAsCaller(callerContext, dpms, (dpm) -> {
4268 when(mContext.keyChainConnection.getService().installCaCertificate(caCert))
4270 assertTrue(dpm.installCaCert(caller, caCert));
4271 when(mContext.keyChainConnection.getService().getUserCaAliases())
4272 .thenReturn(asSlice(new String[] {alias}));
4276 serviceContext.injectBroadcast(new Intent(KeyChain.ACTION_TRUST_STORE_CHANGED)
4277 .putExtra(Intent.EXTRA_USER_HANDLE, callerUser.getIdentifier()));
4280 final List<String> ownerInstalledCaCerts = new ArrayList<>();
4282 // Device Owner / Profile Owner can find out which CA certs were installed by itself.
4283 runAsCaller(admin1Context, dpms, (dpm) -> {
4284 final List<String> installedCaCerts = dpm.getOwnerInstalledCaCerts(callerUser);
4285 assertEquals(Arrays.asList(alias), installedCaCerts);
4286 ownerInstalledCaCerts.addAll(installedCaCerts);
4289 // Restarting the DPMS should not lose information.
4291 runAsCaller(admin1Context, dpms, (dpm) -> {
4292 assertEquals(ownerInstalledCaCerts, dpm.getOwnerInstalledCaCerts(callerUser));
4295 // System can find out which CA certs were installed by the Device Owner / Profile Owner.
4296 runAsCaller(serviceContext, dpms, (dpm) -> {
4297 assertEquals(ownerInstalledCaCerts, dpm.getOwnerInstalledCaCerts(callerUser));
4299 // Remove the CA cert.
4300 reset(mContext.keyChainConnection.getService());
4303 serviceContext.injectBroadcast(new Intent(KeyChain.ACTION_TRUST_STORE_CHANGED)
4304 .putExtra(Intent.EXTRA_USER_HANDLE, callerUser.getIdentifier()));
4307 // Verify that the CA cert is no longer reported as installed by the Device Owner / Profile
4309 runAsCaller(admin1Context, dpms, (dpm) -> {
4310 MoreAsserts.assertEmpty(dpm.getOwnerInstalledCaCerts(callerUser));
4314 private void verifyCantGetOwnerInstalledCaCertsProfileOwnerRemoval(
4315 final ComponentName callerName, final DpmMockContext callerContext) throws Exception {
4316 final String alias = "cert";
4317 final byte[] caCert = TEST_CA.getBytes();
4319 // device admin (used for posting the tls notification)
4320 final DpmMockContext admin1Context;
4321 if (admin1.getPackageName().equals(callerContext.getPackageName())) {
4322 admin1Context = callerContext;
4324 admin1Context = new DpmMockContext(mRealTestContext, "test-admin");
4325 admin1Context.packageName = admin1.getPackageName();
4326 admin1Context.applicationInfo = new ApplicationInfo();
4328 when(admin1Context.resources.getColor(anyInt(), anyObject())).thenReturn(Color.WHITE);
4330 // caller: device admin or delegated certificate installer
4331 callerContext.applicationInfo = new ApplicationInfo();
4332 final UserHandle callerUser = callerContext.binder.getCallingUserHandle();
4335 final DpmMockContext serviceContext = mContext;
4336 serviceContext.binder.callingUid = DpmMockContext.SYSTEM_UID;
4337 serviceContext.addPackageContext(callerUser, admin1Context);
4338 serviceContext.addPackageContext(callerUser, callerContext);
4340 // Install a CA cert as caller
4341 runAsCaller(callerContext, dpms, (dpm) -> {
4342 when(mContext.keyChainConnection.getService().installCaCertificate(caCert))
4344 assertTrue(dpm.installCaCert(callerName, caCert));
4347 // Fake the CA cert as having been installed
4348 when(serviceContext.keyChainConnection.getService().getUserCaAliases())
4349 .thenReturn(asSlice(new String[] {alias}));
4350 serviceContext.injectBroadcast(new Intent(KeyChain.ACTION_TRUST_STORE_CHANGED)
4351 .putExtra(Intent.EXTRA_USER_HANDLE, callerUser.getIdentifier()));
4354 // Removing the Profile Owner should clear the information on which CA certs were installed
4355 runAsCaller(admin1Context, dpms, (dpm) -> {
4356 dpm.clearProfileOwner(admin1);
4359 runAsCaller(serviceContext, dpms, (dpm) -> {
4360 final List<String> ownerInstalledCaCerts = dpm.getOwnerInstalledCaCerts(callerUser);
4361 assertNotNull(ownerInstalledCaCerts);
4362 assertTrue(ownerInstalledCaCerts.isEmpty());
4366 private void setUserSetupCompleteForUser(boolean isUserSetupComplete, int userhandle) {
4367 when(mContext.settings.settingsSecureGetIntForUser(Settings.Secure.USER_SETUP_COMPLETE, 0,
4368 userhandle)).thenReturn(isUserSetupComplete ? 1 : 0);
4369 dpms.notifyChangeToContentObserver(
4370 Settings.Secure.getUriFor(Settings.Secure.USER_SETUP_COMPLETE), userhandle);
4373 private void assertProvisioningAllowed(String action, boolean expected) {
4374 assertEquals("isProvisioningAllowed(" + action + ") returning unexpected result", expected,
4375 dpm.isProvisioningAllowed(action));
4378 private void assertProvisioningAllowed(String action, boolean expected, String packageName,
4380 String previousPackageName = mContext.packageName;
4381 int previousUid = mMockContext.binder.callingUid;
4383 // Call assertProvisioningAllowed with the packageName / uid passed as arguments.
4384 mContext.packageName = packageName;
4385 mMockContext.binder.callingUid = uid;
4386 assertProvisioningAllowed(action, expected);
4388 // Set the previous package name / calling uid to go back to the initial state.
4389 mContext.packageName = previousPackageName;
4390 mMockContext.binder.callingUid = previousUid;
4393 private void assertCheckProvisioningPreCondition(String action, int provisioningCondition) {
4394 assertCheckProvisioningPreCondition(action, admin1.getPackageName(), provisioningCondition);
4397 private void assertCheckProvisioningPreCondition(
4398 String action, String packageName, int provisioningCondition) {
4399 assertEquals("checkProvisioningPreCondition("
4400 + action + ", " + packageName + ") returning unexpected result",
4401 provisioningCondition, dpm.checkProvisioningPreCondition(action, packageName));
4405 * Setup a managed profile with the specified admin and its uid.
4406 * @param admin ComponentName that's visible to the test code, which doesn't have to exist.
4407 * @param adminUid uid of the admin package.
4408 * @param copyFromAdmin package information for {@code admin} will be built based on this
4409 * component's information.
4411 private void addManagedProfile(
4412 ComponentName admin, int adminUid, ComponentName copyFromAdmin) throws Exception {
4413 final int userId = UserHandle.getUserId(adminUid);
4414 mContext.addUser(userId, UserInfo.FLAG_MANAGED_PROFILE, UserHandle.USER_SYSTEM);
4415 mContext.callerPermissions.addAll(OWNER_SETUP_PERMISSIONS);
4416 setUpPackageManagerForFakeAdmin(admin, adminUid, copyFromAdmin);
4417 dpm.setActiveAdmin(admin, false, userId);
4418 assertTrue(dpm.setProfileOwner(admin, null, userId));
4419 mContext.callerPermissions.removeAll(OWNER_SETUP_PERMISSIONS);
4423 * Convert String[] to StringParceledListSlice.
4425 private static StringParceledListSlice asSlice(String[] s) {
4426 return new StringParceledListSlice(Arrays.asList(s));
4429 private void flushTasks() throws Exception {
4430 dpms.mHandler.runWithScissors(() -> {}, 0 /*now*/);
4431 dpms.mBackgroundHandler.runWithScissors(() -> {}, 0 /*now*/);
4433 // We can't let exceptions happen on the background thread. Throw them here if they happen
4434 // so they still cause the test to fail despite being suppressed.
4435 mContext.rethrowBackgroundBroadcastExceptions();