1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.deviceandprofileowner; 18 19 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_COMPLEX; 20 import static android.app.admin.DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; 21 22 import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity; 23 import static com.android.cts.deviceandprofileowner.BaseDeviceAdminTest.ADMIN_RECEIVER_COMPONENT; 24 25 import static com.google.common.truth.Truth.assertThat; 26 27 import static org.testng.Assert.assertThrows; 28 29 import android.app.admin.DevicePolicyManager; 30 import android.content.ContentResolver; 31 import android.content.Context; 32 import android.os.Bundle; 33 import android.os.UserHandle; 34 import android.os.UserManager; 35 import android.provider.Settings; 36 import android.test.InstrumentationTestCase; 37 38 import com.google.common.collect.ImmutableSet; 39 40 import java.util.Set; 41 42 public class OrgOwnedProfileOwnerParentTest extends InstrumentationTestCase { 43 44 protected Context mContext; 45 private ContentResolver mContentResolver; 46 private DevicePolicyManager mParentDevicePolicyManager; 47 48 @Override setUp()49 protected void setUp() throws Exception { 50 super.setUp(); 51 mContext = getInstrumentation().getContext(); 52 mContentResolver = mContext.getContentResolver(); 53 54 DevicePolicyManager devicePolicyManager = (DevicePolicyManager) 55 mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); 56 assertNotNull(devicePolicyManager); 57 mParentDevicePolicyManager = 58 devicePolicyManager.getParentProfileInstance(ADMIN_RECEIVER_COMPONENT); 59 assertNotNull(mParentDevicePolicyManager); 60 61 assertTrue(devicePolicyManager.isAdminActive(ADMIN_RECEIVER_COMPONENT)); 62 assertTrue( 63 devicePolicyManager.isProfileOwnerApp(ADMIN_RECEIVER_COMPONENT.getPackageName())); 64 assertTrue(devicePolicyManager.isManagedProfile(ADMIN_RECEIVER_COMPONENT)); 65 } 66 67 private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS = 68 ImmutableSet.of( 69 UserManager.DISALLOW_CONFIG_PRIVATE_DNS, 70 UserManager.DISALLOW_CONFIG_DATE_TIME, 71 UserManager.DISALLOW_AIRPLANE_MODE); 72 73 private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS = 74 ImmutableSet.of( 75 UserManager.DISALLOW_BLUETOOTH, 76 UserManager.DISALLOW_BLUETOOTH_SHARING, 77 UserManager.DISALLOW_CONFIG_BLUETOOTH, 78 UserManager.DISALLOW_CONFIG_CELL_BROADCASTS, 79 UserManager.DISALLOW_CONFIG_LOCATION, 80 UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS, 81 UserManager.DISALLOW_CONFIG_TETHERING, 82 UserManager.DISALLOW_CONFIG_WIFI, 83 UserManager.DISALLOW_CONTENT_CAPTURE, 84 UserManager.DISALLOW_CONTENT_SUGGESTIONS, 85 UserManager.DISALLOW_DATA_ROAMING, 86 UserManager.DISALLOW_SAFE_BOOT, 87 UserManager.DISALLOW_SHARE_LOCATION, 88 UserManager.DISALLOW_SMS, 89 UserManager.DISALLOW_USB_FILE_TRANSFER, 90 UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, 91 UserManager.DISALLOW_OUTGOING_CALLS, 92 UserManager.DISALLOW_UNMUTE_MICROPHONE 93 // This restriction disables ADB, so is not used in test. 94 // UserManager.DISALLOW_DEBUGGING_FEATURES 95 ); 96 testAddGetAndClearUserRestriction_onParent()97 public void testAddGetAndClearUserRestriction_onParent() { 98 int locationMode = 1; 99 try { 100 locationMode = runWithShellPermissionIdentity( 101 () -> Settings.Secure.getIntForUser(mContentResolver, 102 Settings.Secure.LOCATION_MODE, UserHandle.USER_SYSTEM)); 103 104 for (String restriction : PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS) { 105 testAddGetAndClearUserRestriction_onParent(restriction); 106 } 107 for (String restriction : PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS) { 108 testAddGetAndClearUserRestriction_onParent(restriction); 109 } 110 } finally { 111 // Restore the location mode setting after adding and removing the 112 // DISALLOW_SHARE_LOCATION user restriction. This is because, modifying this user 113 // restriction causes the location mode setting to be turned off. 114 final int finalLocationMode = locationMode; 115 runWithShellPermissionIdentity(() -> Settings.Secure.putIntForUser(mContentResolver, 116 Settings.Secure.LOCATION_MODE, finalLocationMode, UserHandle.USER_SYSTEM)); 117 } 118 } 119 testAddGetAndClearUserRestriction_onParent(String restriction)120 private void testAddGetAndClearUserRestriction_onParent(String restriction) { 121 mParentDevicePolicyManager.addUserRestriction(ADMIN_RECEIVER_COMPONENT, restriction); 122 123 Bundle restrictions = mParentDevicePolicyManager.getUserRestrictions( 124 ADMIN_RECEIVER_COMPONENT); 125 assertThat(restrictions.get(restriction)).isNotNull(); 126 127 mParentDevicePolicyManager.clearUserRestriction(ADMIN_RECEIVER_COMPONENT, restriction); 128 129 restrictions = mParentDevicePolicyManager.getUserRestrictions(ADMIN_RECEIVER_COMPONENT); 130 assertThat(restrictions.get(restriction)).isNull(); 131 } 132 testUnableToAddAndClearBaseUserRestrictions_onParent()133 public void testUnableToAddAndClearBaseUserRestrictions_onParent() { 134 testUnableToAddBaseUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE); 135 testUnableToClearBaseUserRestriction(UserManager.DISALLOW_REMOVE_MANAGED_PROFILE); 136 testUnableToAddBaseUserRestriction(UserManager.DISALLOW_ADD_USER); 137 testUnableToClearBaseUserRestriction(UserManager.DISALLOW_ADD_USER); 138 } 139 testUnableToAddBaseUserRestriction(String restriction)140 private void testUnableToAddBaseUserRestriction(String restriction) { 141 assertThrows(SecurityException.class, 142 () -> mParentDevicePolicyManager.addUserRestriction(ADMIN_RECEIVER_COMPONENT, 143 restriction)); 144 } 145 testUnableToClearBaseUserRestriction(String restriction)146 private void testUnableToClearBaseUserRestriction(String restriction) { 147 assertThrows(SecurityException.class, 148 () -> mParentDevicePolicyManager.clearUserRestriction(ADMIN_RECEIVER_COMPONENT, 149 restriction)); 150 } 151 testCanSetPasswordQualityOnParent()152 public void testCanSetPasswordQualityOnParent() { 153 mParentDevicePolicyManager.setPasswordQuality(ADMIN_RECEIVER_COMPONENT, 154 PASSWORD_QUALITY_COMPLEX); 155 try { 156 assertThat(mParentDevicePolicyManager.getPasswordQuality( 157 ADMIN_RECEIVER_COMPONENT)).isEqualTo(PASSWORD_QUALITY_COMPLEX); 158 assertThat(mParentDevicePolicyManager.isActivePasswordSufficient()).isFalse(); 159 } finally { 160 // Cleanup 161 mParentDevicePolicyManager.setPasswordQuality(ADMIN_RECEIVER_COMPONENT, 162 PASSWORD_QUALITY_UNSPECIFIED); 163 } 164 } 165 }