1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.bedstead.harrier.annotations.enterprise; 18 19 import java.lang.annotation.ElementType; 20 import java.lang.annotation.Retention; 21 import java.lang.annotation.RetentionPolicy; 22 import java.lang.annotation.Target; 23 24 /** 25 * Used to annotate an enterprise policy for use with {@link PolicyDoesNotApplyTest} and 26 * {@link PolicyAppliesTest}. 27 */ 28 @Target(ElementType.TYPE) 29 @Retention(RetentionPolicy.RUNTIME) 30 public @interface EnterprisePolicy { 31 32 /** 33 * An enterprise policy which can be controlled using permissions. 34 */ 35 @interface Permission { 36 /** The permission required to exercise the policy. */ appliedWith()37 String appliedWith(); 38 /** Flags indicating who the policy applies to when applied in this way. */ appliesTo()39 int appliesTo(); 40 /** Additional modifiers. */ modifiers()41 int modifiers() default NO; 42 } 43 44 /** 45 * An enterprise policy which can be controlled user app ops. 46 */ 47 @interface AppOp { 48 /** The AppOp required to exercise the policy. */ appliedWith()49 String appliedWith(); 50 /** Flags indicating who the policy applies to when applied in this way. */ appliesTo()51 int appliesTo(); 52 /** Additional modifiers. */ modifiers()53 int modifiers() default NO; 54 } 55 56 /** A policy that cannot be applied. */ 57 int NO = 0; 58 59 /** A policy which applies to the user of the package which applied the policy. */ 60 int APPLIES_TO_OWN_USER = 1; 61 /** A policy which applies to unaffiliated other users. */ 62 int APPLIES_TO_UNAFFILIATED_OTHER_USERS = 1 << 1; 63 /** A policy which applies to affiliated other users. */ 64 int APPLIES_TO_AFFILIATED_OTHER_USERS = 1 << 2; 65 /** A policy which applies to unaffiliated profiles of the user of the package which applied the policy. */ 66 int APPLIES_TO_UNAFFILIATED_CHILD_PROFILES = 1 << 3; 67 /** A policy which applies to affiliated profiles of the user of the package which applied the policy. */ 68 int APPLIES_TO_AFFILIATED_CHILD_PROFILES = 1 << 4; 69 /** A policy that applies to the parent of the profile of the package which applied the policy. */ 70 int APPLIES_TO_PARENT = 1 << 5; 71 72 /** A policy that applies to affiliated or unaffiliate profiles of the package which applied the policy. */ 73 int APPLIES_TO_CHILD_PROFILES = 74 APPLIES_TO_UNAFFILIATED_CHILD_PROFILES | APPLIES_TO_AFFILIATED_CHILD_PROFILES; 75 /** A policy that applies to affiliated or unaffiliated other users. */ 76 int APPLIES_TO_OTHER_USERS = 77 APPLIES_TO_UNAFFILIATED_OTHER_USERS | APPLIES_TO_AFFILIATED_OTHER_USERS; 78 79 /** A policy that applies to all users on the device. */ 80 int APPLIES_GLOBALLY = APPLIES_TO_OWN_USER | APPLIES_TO_OTHER_USERS | APPLIES_TO_CHILD_PROFILES; 81 82 83 // Applied by 84 85 /** A policy that can be applied by a device owner. */ 86 int APPLIED_BY_DEVICE_OWNER = 1 << 6; 87 /** A policy that can be applied by a profile owner of an unaffiliated profile. */ 88 int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_PROFILE = 1 << 7; 89 /** A policy that can be applied by a profile owner of an affiliated profile */ 90 int APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE = 1 << 8; 91 /** A policy that can be applied by a profile owner of a cope profile */ 92 int APPLIED_BY_COPE_PROFILE_OWNER = 1 << 9; 93 94 /** A policy that can be applied by a profile owner of an affiliated or unaffiliated profile. 95 * This does not include cope profiles. */ 96 int APPLIED_BY_PROFILE_OWNER_PROFILE = 97 APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_PROFILE 98 | APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE; 99 /** 100 * A policy that can be applied by a Profile Owner for a User (not Profile) with no Device 101 * Owner. 102 */ 103 int APPLIED_BY_PROFILE_OWNER_USER_WITH_NO_DO = 1 << 10; 104 /** 105 * A policy that can be applied by an unaffiliated Profile Owner for a User (not Profile) with 106 * a Device Owner. 107 */ 108 int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER_WITH_DO = 1 << 11; 109 /** A policy that can be applied by a profile owner of an unaffiliated user. */ 110 int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER = 111 APPLIED_BY_PROFILE_OWNER_USER_WITH_NO_DO 112 | APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER_WITH_DO; 113 /** A policy that can be applied by a profile owner of an affiliated user. */ 114 int APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER = 1 << 12; 115 /** A policy that can be applied by an affiliated or unaffiliated profile owner on a User (not Profile). */ 116 int APPLIED_BY_PROFILE_OWNER_USER = 117 APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER | APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER; 118 /** A policy that can be applied by an affiliated profile owner on a user or profile. */ 119 int APPLIED_BY_AFFILIATED_PROFILE_OWNER = APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE | APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER; 120 /** A policy that can be applied by a profile owner, affiliate or unaffiliated, running on a user or profile. */ 121 int APPLIED_BY_PROFILE_OWNER = 122 APPLIED_BY_PROFILE_OWNER_PROFILE 123 | APPLIED_BY_PROFILE_OWNER_USER; 124 125 int APPLIED_BY_PARENT_INSTANCE_OF_NON_COPE_PROFILE_OWNER_PROFILE = 1 << 13; 126 int APPLIED_BY_PARENT_INSTANCE_OF_COPE_PROFILE_OWNER_PROFILE = 1 << 14; 127 128 int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_PROFILE = 129 APPLIED_BY_PARENT_INSTANCE_OF_NON_COPE_PROFILE_OWNER_PROFILE | APPLIED_BY_PARENT_INSTANCE_OF_COPE_PROFILE_OWNER_PROFILE; 130 131 int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_USER = 1 << 15; 132 133 int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER = 134 APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_USER 135 | APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_PROFILE; 136 137 // Modifiers 138 /** Internal use only. Do not use */ 139 // This is to be used to mark specific annotations as not generating PolicyDoesNotApply tests 140 int DO_NOT_APPLY_TO_POLICY_DOES_NOT_APPLY_TESTS = 1 << 16; 141 142 /** 143 * A policy which applies even when the user is not in the foreground. 144 * 145 * <p>Note that lacking this flag does not mean a policy does not apply - to indicate that use 146 * {@link DOES_NOT_APPLY_IN_BACKGROUND}. */ 147 int APPLIES_IN_BACKGROUND = 1 << 17 | (DO_NOT_APPLY_TO_POLICY_DOES_NOT_APPLY_TESTS); 148 /** 149 * A policy which does not apply when the user is not in the foreground. 150 * 151 * <p>At present this does not generate any additional tests but may do in future. 152 * 153 * <p>Note that lacking this flag does not mean a policy does apply - to indicate that use 154 * {@link APPLIES_IN_BACKGROUND}. */ 155 int DOES_NOT_APPLY_IN_BACKGROUND = 1 << 18; 156 157 158 /** 159 * A policy which can be applied by a delegate. 160 * 161 * See {@link #delegatedScopes()} for the scopes which enable this. 162 */ 163 int CAN_BE_DELEGATED = 1 << 19; 164 165 /** Flags indicating DPC states which can set the policy. */ dpc()166 int[] dpc() default {}; 167 168 /** 169 * {@link Permission} indicating which permissions can control the policy. 170 * 171 * <p>Note that this currently does not generate any additional tests but may do in future. 172 */ permissions()173 Permission[] permissions() default {}; 174 175 /** 176 * {@link AppOp} indicating which AppOps can control the policy. 177 * 178 * <p>Note that this currently does not generate any additional tests but may do in future. 179 */ appOps()180 AppOp[] appOps() default {}; 181 182 /** 183 * Which delegated scopes can control the policy. 184 * 185 * <p>This applies to {@link #dpc()} entries with the {@link #CAN_BE_DELEGATED} flag. 186 */ delegatedScopes()187 String[] delegatedScopes() default {}; 188 } 189