• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.bedstead.harrier.annotations.enterprise;
18 
19 import java.lang.annotation.ElementType;
20 import java.lang.annotation.Retention;
21 import java.lang.annotation.RetentionPolicy;
22 import java.lang.annotation.Target;
23 
24 /**
25  * Used to annotate an enterprise policy for use with {@link PolicyDoesNotApplyTest} and
26  * {@link PolicyAppliesTest}.
27  */
28 @Target(ElementType.TYPE)
29 @Retention(RetentionPolicy.RUNTIME)
30 public @interface EnterprisePolicy {
31 
32     /**
33      * An enterprise policy which can be controlled using permissions.
34      */
35     @interface Permission {
36         /** The permission required to exercise the policy. */
appliedWith()37         String appliedWith();
38         /** Flags indicating who the policy applies to when applied in this way. */
appliesTo()39         int appliesTo();
40         /** Additional modifiers. */
modifiers()41         int modifiers() default NO;
42     }
43 
44     /**
45      * An enterprise policy which can be controlled user app ops.
46      */
47     @interface AppOp {
48         /** The AppOp required to exercise the policy. */
appliedWith()49         String appliedWith();
50         /** Flags indicating who the policy applies to when applied in this way. */
appliesTo()51         int appliesTo();
52         /** Additional modifiers. */
modifiers()53         int modifiers() default NO;
54     }
55 
56     /** A policy that cannot be applied. */
57     int NO = 0;
58 
59     /** A policy which applies to the user of the package which applied the policy. */
60     int APPLIES_TO_OWN_USER = 1;
61     /** A policy which applies to unaffiliated other users. */
62     int APPLIES_TO_UNAFFILIATED_OTHER_USERS = 1 << 1;
63     /** A policy which applies to affiliated other users. */
64     int APPLIES_TO_AFFILIATED_OTHER_USERS = 1 << 2;
65     /** A policy which applies to unaffiliated profiles of the user of the package which applied the policy. */
66     int APPLIES_TO_UNAFFILIATED_CHILD_PROFILES_WITHOUT_INHERITANCE = 1 << 3;
67 
68     /** A policy that is inherited by child profiles if applied on parent. */
69     int INHERITABLE = 1 << 4;
70 
71     int APPLIES_TO_UNAFFILIATED_CHILD_PROFILES = APPLIES_TO_UNAFFILIATED_CHILD_PROFILES_WITHOUT_INHERITANCE | INHERITABLE;
72 
73     /** A policy which applies to affiliated profiles of the user of the package which applied the policy. */
74     int APPLIES_TO_AFFILIATED_CHILD_PROFILES = 1 << 5;
75     /** A policy that applies to the parent of the profile of the package which applied the policy. */
76     int APPLIES_TO_PARENT = 1 << 6;
77 
78     /** A policy that applies to affiliated or unaffiliate profiles of the package which applied the policy. */
79     int APPLIES_TO_CHILD_PROFILES =
80             APPLIES_TO_UNAFFILIATED_CHILD_PROFILES | APPLIES_TO_AFFILIATED_CHILD_PROFILES;
81     /** A policy that applies to affiliated or unaffiliated other users. */
82     int APPLIES_TO_OTHER_USERS =
83             APPLIES_TO_UNAFFILIATED_OTHER_USERS | APPLIES_TO_AFFILIATED_OTHER_USERS;
84 
85     /** A policy that applies to all users on the device. */
86     int APPLIES_GLOBALLY = APPLIES_TO_OWN_USER | APPLIES_TO_OTHER_USERS
87             | APPLIES_TO_CHILD_PROFILES | APPLIES_TO_PARENT;
88 
89 
90     // Applied by
91 
92     /** A policy that can be applied by a device owner. */
93     int APPLIED_BY_DEVICE_OWNER = 1 << 7;
94     /** A policy that can be applied by a profile owner of an unaffiliated profile. */
95     int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_PROFILE = 1 << 8;
96     /** A policy that can be applied by a profile owner of an affiliated profile */
97     int APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE = 1 << 9;
98     /** A policy that can be applied by a profile owner of an organization owned profile */
99     int APPLIED_BY_ORGANIZATION_OWNED_PROFILE_OWNER_PROFILE = 1 << 10;
100 
101     /** A policy that can be applied by a profile owner of an affiliated or unaffiliated profile. */
102     int APPLIED_BY_PROFILE_OWNER_PROFILE =
103             APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_PROFILE
104                     | APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE
105                     | APPLIED_BY_ORGANIZATION_OWNED_PROFILE_OWNER_PROFILE;
106     /**
107      * A policy that can be applied by a Profile Owner for a User (not Profile) with no Device
108      * Owner.
109      */
110     int APPLIED_BY_PROFILE_OWNER_USER_WITH_NO_DO = 1 << 11;
111     /**
112      * A policy that can be applied by an unaffiliated Profile Owner for a User (not Profile) with
113      * a Device Owner.
114      */
115     int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER_WITH_DO = 1 << 12;
116     /** A policy that can be applied by a profile owner of an unaffiliated user. */
117     int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER =
118             APPLIED_BY_PROFILE_OWNER_USER_WITH_NO_DO
119                     | APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER_WITH_DO;
120     /** A policy that can be applied by a profile owner of an affiliated user. */
121     int APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER = 1 << 13;
122     /** A policy that can be applied by an affiliated or unaffiliated profile owner on a User (not Profile). */
123     int APPLIED_BY_PROFILE_OWNER_USER =
124             APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER | APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER;
125     /** A policy that can be applied by an affiliated profile owner on a user or profile. */
126     int APPLIED_BY_AFFILIATED_PROFILE_OWNER = APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE | APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER;
127     /** A policy that can be applied by a profile owner, affiliate or unaffiliated, running on a user or profile. */
128     int APPLIED_BY_PROFILE_OWNER =
129             APPLIED_BY_PROFILE_OWNER_PROFILE
130             | APPLIED_BY_PROFILE_OWNER_USER;
131 
132     int APPLIED_BY_PARENT_INSTANCE_OF_NON_ORGANIZATIONAL_OWNED_PROFILE_OWNER_PROFILE = 1 << 14;
133     int APPLIED_BY_PARENT_INSTANCE_OF_ORGANIZATIONAL_OWNED_PROFILE_OWNER_PROFILE = 1 << 15;
134 
135     int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_PROFILE =
136             APPLIED_BY_PARENT_INSTANCE_OF_NON_ORGANIZATIONAL_OWNED_PROFILE_OWNER_PROFILE | APPLIED_BY_PARENT_INSTANCE_OF_ORGANIZATIONAL_OWNED_PROFILE_OWNER_PROFILE;
137 
138     // Modifiers
139     /** Internal use only. Do not use */
140     // This is to be used to mark specific annotations as not generating PolicyDoesNotApply tests
141     int DO_NOT_APPLY_TO_POLICY_DOES_NOT_APPLY_TESTS = 1 << 16;
142 
143     /** Internal use only. Do not use */
144     // This is to be used to mark specific annotations as not generating PolicyDoesNotApply tests
145     int DO_NOT_APPLY_TO_CANNOT_SET_POLICY_TESTS = 1 << 17;
146 
147     /** A policy that the DPM Role Holder has permission access to */
148     int APPLIED_BY_DPM_ROLE_HOLDER = 1 << 18 | (DO_NOT_APPLY_TO_CANNOT_SET_POLICY_TESTS);
149 
150     /**
151      * A policy which applies even when the user is not in the foreground.
152      *
153      * <p>Note that lacking this flag does not mean a policy does not apply - to indicate that use
154      * {@link DOES_NOT_APPLY_IN_BACKGROUND}. */
155     int APPLIES_IN_BACKGROUND = 1 << 19 | (DO_NOT_APPLY_TO_POLICY_DOES_NOT_APPLY_TESTS);
156     /**
157      * A policy which does not apply when the user is not in the foreground.
158      *
159      * <p>At present this does not generate any additional tests but may do in future.
160      *
161      * <p>Note that lacking this flag does not mean a policy does apply - to indicate that use
162      * {@link APPLIES_IN_BACKGROUND}. */
163     int DOES_NOT_APPLY_IN_BACKGROUND = 1 << 20;
164 
165 
166     /**
167      * A policy which can be applied by a delegate.
168      *
169      * See {@link #delegatedScopes()} for the scopes which enable this.
170      */
171     int CAN_BE_DELEGATED = 1 << 21;
172 
173     /** A policy that can be applied by a financed device owner. */
174     int APPLIED_BY_FINANCED_DEVICE_OWNER = 1 << 22;
175 
176     /** A policy that has not yet been migrated to allow for DPM Role holder access. */
177     int CANNOT_BE_APPLIED_BY_ROLE_HOLDER = 1 << 23;
178 
179     /** Flags indicating DPC states which can set the policy. */
dpc()180     int[] dpc() default {};
181 
182     /**
183      * {@link Permission} indicating which permissions can control the policy.
184      *
185      * <p>Note that this currently does not generate any additional tests but may do in future.
186      */
permissions()187     Permission[] permissions() default {};
188 
189     /**
190      * {@link AppOp} indicating which AppOps can control the policy.
191      *
192      * <p>Note that this currently does not generate any additional tests but may do in future.
193      */
appOps()194     AppOp[] appOps() default {};
195 
196     /**
197      * Which delegated scopes can control the policy.
198      *
199      * <p>This applies to {@link #dpc()} entries with the {@link #CAN_BE_DELEGATED} flag.
200      */
delegatedScopes()201     String[] delegatedScopes() default {};
202 }
203