1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.settingslib; 18 19 import static android.app.admin.DevicePolicyManager.EXTRA_RESTRICTION; 20 import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; 21 import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT; 22 import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_REMOTE_INPUT; 23 import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS; 24 import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY; 25 26 import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; 27 28 import static com.google.common.truth.Truth.assertThat; 29 import static com.google.common.truth.Truth.assertWithMessage; 30 31 import static org.mockito.ArgumentMatchers.any; 32 import static org.mockito.ArgumentMatchers.eq; 33 import static org.mockito.Mockito.doReturn; 34 import static org.mockito.Mockito.verify; 35 import static org.mockito.Mockito.when; 36 37 import android.app.admin.Authority; 38 import android.app.admin.DeviceAdminAuthority; 39 import android.app.admin.DevicePolicyManager; 40 import android.app.admin.DpcAuthority; 41 import android.app.admin.EnforcingAdmin; 42 import android.app.admin.RoleAuthority; 43 import android.app.admin.UnknownAuthority; 44 import android.content.ComponentName; 45 import android.content.Context; 46 import android.content.Intent; 47 import android.content.pm.PackageManager; 48 import android.content.pm.UserInfo; 49 import android.os.UserHandle; 50 import android.os.UserManager; 51 import android.platform.test.annotations.RequiresFlagsDisabled; 52 import android.platform.test.annotations.RequiresFlagsEnabled; 53 import android.platform.test.flag.junit.CheckFlagsRule; 54 import android.platform.test.flag.junit.DeviceFlagsValueProvider; 55 56 import org.junit.Before; 57 import org.junit.Rule; 58 import org.junit.Test; 59 import org.junit.runner.RunWith; 60 import org.mockito.Answers; 61 import org.mockito.ArgumentCaptor; 62 import org.mockito.Mock; 63 import org.mockito.MockitoAnnotations; 64 import org.robolectric.RobolectricTestRunner; 65 66 import java.util.Arrays; 67 import java.util.Collections; 68 69 @RunWith(RobolectricTestRunner.class) 70 public class RestrictedLockUtilsTest { 71 @Rule 72 public final CheckFlagsRule mCheckFlagsRule = DeviceFlagsValueProvider.createCheckFlagsRule(); 73 74 @Mock 75 private Context mContext; 76 @Mock 77 private DevicePolicyManager mDevicePolicyManager; 78 @Mock 79 private UserManager mUserManager; 80 @Mock 81 private PackageManager mPackageManager; 82 @Mock(answer = Answers.RETURNS_DEEP_STUBS) 83 private RestrictedLockUtilsInternal.Proxy mProxy; 84 85 private final int mUserId = 194; 86 private final int mProfileId = 160; 87 private final String mPackage = "test.pkg"; 88 private final ComponentName mAdmin1 = new ComponentName("admin1", "admin1class"); 89 private final ComponentName mAdmin2 = new ComponentName("admin2", "admin2class"); 90 91 @Before setUp()92 public void setUp() { 93 MockitoAnnotations.initMocks(this); 94 95 when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)) 96 .thenReturn(mDevicePolicyManager); 97 when(mContext.getSystemService(DevicePolicyManager.class)) 98 .thenReturn(mDevicePolicyManager); 99 when(mContext.getSystemService(Context.USER_SERVICE)) 100 .thenReturn(mUserManager); 101 when(mContext.getPackageManager()) 102 .thenReturn(mPackageManager); 103 104 RestrictedLockUtilsInternal.sProxy = mProxy; 105 } 106 107 @RequiresFlagsDisabled(android.security.Flags.FLAG_AAPM_API) 108 @Test checkIfRestrictionEnforced_deviceOwner()109 public void checkIfRestrictionEnforced_deviceOwner() 110 throws PackageManager.NameNotFoundException { 111 UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId, 112 UserManager.RESTRICTION_SOURCE_DEVICE_OWNER); 113 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 114 when(mUserManager.getUserRestrictionSources(userRestriction, 115 UserHandle.of(mUserId))). 116 thenReturn(Collections.singletonList(enforcingUser)); 117 118 when(mContext.createPackageContextAsUser(any(), eq(0), 119 eq(UserHandle.of(mUserId)))) 120 .thenReturn(mContext); 121 122 setUpDeviceOwner(mAdmin1, mUserId); 123 124 EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 125 .checkIfRestrictionEnforced(mContext, userRestriction, mUserId); 126 127 assertThat(enforcedAdmin).isNotNull(); 128 assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction); 129 assertThat(enforcedAdmin.component).isEqualTo(mAdmin1); 130 } 131 132 @RequiresFlagsDisabled(android.security.Flags.FLAG_AAPM_API) 133 @Test checkIfRestrictionEnforced_profileOwner()134 public void checkIfRestrictionEnforced_profileOwner() 135 throws PackageManager.NameNotFoundException { 136 UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId, 137 UserManager.RESTRICTION_SOURCE_PROFILE_OWNER); 138 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 139 when(mUserManager.getUserRestrictionSources(userRestriction, 140 UserHandle.of(mUserId))). 141 thenReturn(Collections.singletonList(enforcingUser)); 142 143 when(mContext.createPackageContextAsUser(any(), eq(0), 144 eq(UserHandle.of(mUserId)))) 145 .thenReturn(mContext); 146 147 setUpProfileOwner(mAdmin1); 148 149 EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 150 .checkIfRestrictionEnforced(mContext, userRestriction, mUserId); 151 152 assertThat(enforcedAdmin).isNotNull(); 153 assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction); 154 assertThat(enforcedAdmin.component).isEqualTo(mAdmin1); 155 } 156 157 @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API) 158 @Test checkIfRestrictionEnforced_getEnforcingAdminExists()159 public void checkIfRestrictionEnforced_getEnforcingAdminExists() { 160 UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId, 161 UserManager.RESTRICTION_SOURCE_PROFILE_OWNER); 162 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 163 final EnforcingAdmin enforcingAdmin = new EnforcingAdmin(mPackage, 164 UnknownAuthority.UNKNOWN_AUTHORITY, UserHandle.of(mUserId), mAdmin1); 165 166 when(mUserManager.getUserRestrictionSources(userRestriction, 167 UserHandle.of(mUserId))) 168 .thenReturn(Collections.singletonList(enforcingUser)); 169 when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction)) 170 .thenReturn(enforcingAdmin); 171 172 EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal.checkIfRestrictionEnforced( 173 mContext, userRestriction, mUserId); 174 175 assertThat(enforcedAdmin).isNotNull(); 176 assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction); 177 assertThat(enforcedAdmin.component).isEqualTo(enforcingAdmin.getComponentName()); 178 assertThat(enforcedAdmin.user).isEqualTo(enforcingAdmin.getUserHandle()); 179 } 180 181 @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API) 182 @Test checkIfRestrictionEnforced_getEnforcingAdminReturnsNull_deviceOwner()183 public void checkIfRestrictionEnforced_getEnforcingAdminReturnsNull_deviceOwner() 184 throws PackageManager.NameNotFoundException { 185 UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId, 186 UserManager.RESTRICTION_SOURCE_DEVICE_OWNER); 187 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 188 189 when(mUserManager.getUserRestrictionSources(userRestriction, 190 UserHandle.of(mUserId))) 191 .thenReturn(Collections.singletonList(enforcingUser)); 192 when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction)) 193 .thenReturn(null); 194 when(mContext.createPackageContextAsUser(any(), eq(0), 195 eq(UserHandle.of(mUserId)))) 196 .thenReturn(mContext); 197 198 setUpDeviceOwner(mAdmin1, mUserId); 199 200 EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 201 .checkIfRestrictionEnforced(mContext, userRestriction, mUserId); 202 203 assertThat(enforcedAdmin).isNotNull(); 204 assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction); 205 assertThat(enforcedAdmin.component).isEqualTo(mAdmin1); 206 } 207 208 @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API) 209 @Test checkIfRestrictionEnforced_getEnforcingAdminReturnsNull_profileOwner()210 public void checkIfRestrictionEnforced_getEnforcingAdminReturnsNull_profileOwner() 211 throws PackageManager.NameNotFoundException { 212 UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId, 213 UserManager.RESTRICTION_SOURCE_PROFILE_OWNER); 214 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 215 216 when(mUserManager.getUserRestrictionSources(userRestriction, 217 UserHandle.of(mUserId))) 218 .thenReturn(Collections.singletonList(enforcingUser)); 219 when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction)) 220 .thenReturn(null); 221 when(mContext.createPackageContextAsUser(any(), eq(0), 222 eq(UserHandle.of(mUserId)))) 223 .thenReturn(mContext); 224 225 setUpProfileOwner(mAdmin1); 226 227 EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 228 .checkIfRestrictionEnforced(mContext, userRestriction, mUserId); 229 230 assertThat(enforcedAdmin).isNotNull(); 231 assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction); 232 assertThat(enforcedAdmin.component).isEqualTo(mAdmin1); 233 } 234 235 @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API) 236 @Test isPolicyEnforcedByAdvancedProtection_notEnforced_returnsFalse()237 public void isPolicyEnforcedByAdvancedProtection_notEnforced_returnsFalse() { 238 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 239 final Authority[] allNonAdvancedProtectionAuthorities = new Authority[] { 240 UnknownAuthority.UNKNOWN_AUTHORITY, 241 DeviceAdminAuthority.DEVICE_ADMIN_AUTHORITY, 242 DpcAuthority.DPC_AUTHORITY, 243 new RoleAuthority(Collections.singleton("some-role")) 244 }; 245 246 for (Authority authority : allNonAdvancedProtectionAuthorities) { 247 final EnforcingAdmin enforcingAdmin = new EnforcingAdmin(mPackage, authority, 248 UserHandle.of(mUserId), mAdmin1); 249 250 when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction)) 251 .thenReturn(enforcingAdmin); 252 253 assertWithMessage(authority + " is not an advanced protection authority") 254 .that(RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection( 255 mContext, userRestriction, mUserId)) 256 .isFalse(); 257 } 258 } 259 260 @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API) 261 @Test isPolicyEnforcedByAdvancedProtection_enforced_returnsTrue()262 public void isPolicyEnforcedByAdvancedProtection_enforced_returnsTrue() { 263 final Authority advancedProtectionAuthority = new UnknownAuthority( 264 ADVANCED_PROTECTION_SYSTEM_ENTITY); 265 final EnforcingAdmin advancedProtectionEnforcingAdmin = new EnforcingAdmin(mPackage, 266 advancedProtectionAuthority, UserHandle.of(mUserId), mAdmin1); 267 final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS; 268 269 when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction)) 270 .thenReturn(advancedProtectionEnforcingAdmin); 271 272 assertThat(RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(mContext, 273 userRestriction, mUserId)).isTrue(); 274 } 275 276 @Test checkIfDevicePolicyServiceDisabled_noEnforceAdminForManagedProfile()277 public void checkIfDevicePolicyServiceDisabled_noEnforceAdminForManagedProfile() { 278 when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)).thenReturn(null); 279 final EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 280 .checkIfAccountManagementDisabled(mContext, "account_type", mUserId); 281 282 assertThat(enforcedAdmin).isEqualTo(null); 283 } 284 285 @Test checkIfDeviceAdminFeatureDisabled_noEnforceAdminForManagedProfile()286 public void checkIfDeviceAdminFeatureDisabled_noEnforceAdminForManagedProfile() { 287 when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN)) 288 .thenReturn(false); 289 final EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 290 .checkIfAccountManagementDisabled(mContext, "account_type", mUserId); 291 292 assertThat(enforcedAdmin).isEqualTo(null); 293 } 294 295 @Test checkIfKeyguardFeaturesDisabled_noEnforcedAdminForManagedProfile()296 public void checkIfKeyguardFeaturesDisabled_noEnforcedAdminForManagedProfile() { 297 setUpManagedProfile(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); 298 299 final EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 300 .checkIfKeyguardFeaturesDisabled(mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); 301 302 assertThat(enforcedAdmin).isEqualTo(null); 303 } 304 305 @Test checkIfKeyguardFeaturesDisabled_oneEnforcedAdminForManagedProfile()306 public void checkIfKeyguardFeaturesDisabled_oneEnforcedAdminForManagedProfile() { 307 setUpManagedProfile(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); 308 309 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) 310 .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); 311 312 final EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 313 .checkIfKeyguardFeaturesDisabled(mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); 314 315 assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, UserHandle.of(mUserId))); 316 } 317 318 @Test checkIfKeyguardFeaturesDisabled_multipleEnforcedAdminForManagedProfile()319 public void checkIfKeyguardFeaturesDisabled_multipleEnforcedAdminForManagedProfile() { 320 setUpManagedProfile(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); 321 322 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) 323 .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); 324 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mUserId)) 325 .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); 326 327 final EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal 328 .checkIfKeyguardFeaturesDisabled(mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId); 329 330 assertThat(enforcedAdmin).isEqualTo(EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN); 331 } 332 333 @Test checkIfKeyguardFeaturesAreDisabled_doesMatchAllowedFeature_unifiedManagedProfile()334 public void checkIfKeyguardFeaturesAreDisabled_doesMatchAllowedFeature_unifiedManagedProfile() { 335 UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); 336 UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); 337 when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(userInfo, profileInfo)); 338 339 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) 340 .thenReturn(KEYGUARD_DISABLE_FEATURES_NONE); 341 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mProfileId)) 342 .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); 343 344 // Querying the parent should return the policy, since it affects the parent. 345 EnforcedAdmin parent = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 346 mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); 347 assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); 348 349 // Querying the child should return that too. 350 EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 351 mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); 352 assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); 353 354 // Querying for some unrelated feature should return nothing. Nothing! 355 assertThat(RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 356 mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId)).isNull(); 357 assertThat(RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 358 mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mProfileId)).isNull(); 359 } 360 361 @Test checkIfKeyguardFeaturesAreDisabled_notMatchOtherFeatures_unifiedManagedProfile()362 public void checkIfKeyguardFeaturesAreDisabled_notMatchOtherFeatures_unifiedManagedProfile() { 363 UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); 364 UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); 365 when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(userInfo, profileInfo)); 366 367 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) 368 .thenReturn(KEYGUARD_DISABLE_FEATURES_NONE); 369 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mProfileId)) 370 .thenReturn(KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS); 371 372 // Querying the parent should not return the policy, because it's not a policy that should 373 // affect parents even when the lock screen is unified. 374 EnforcedAdmin primary = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 375 mContext, KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS, mUserId); 376 assertThat(primary).isNull(); 377 378 // Querying the child should still return the policy. 379 EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 380 mContext, KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS, mProfileId); 381 assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); 382 } 383 384 @Test checkIfKeyguardFeaturesAreDisabled_onlyMatchesProfile_separateManagedProfile()385 public void checkIfKeyguardFeaturesAreDisabled_onlyMatchesProfile_separateManagedProfile() { 386 UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); 387 UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); 388 when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(userInfo, profileInfo)); 389 390 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) 391 .thenReturn(KEYGUARD_DISABLE_FEATURES_NONE); 392 when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mProfileId)) 393 .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); 394 395 // Crucially for this test, isSeparateWorkChallengeEnabled => true. 396 doReturn(true).when(mProxy).isSeparateProfileChallengeEnabled(any(), eq(mProfileId)); 397 398 // Querying the parent should not return the policy, even though it's shared by default, 399 // because the parent doesn't share a lock screen with the profile any more. 400 EnforcedAdmin parent = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 401 mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); 402 assertThat(parent).isNull(); 403 404 // Querying the child should still return the policy. 405 EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 406 mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); 407 assertThat(profile).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); 408 } 409 410 /** 411 * This test works great. The real world implementation is sketchy though. 412 * <p> 413 * DevicePolicyManager.getParentProfileInstance(UserInfo) does not do what it looks like it does 414 * (which would be to get an instance for the parent of the user that's passed in to it.) 415 * <p> 416 * Instead it just always returns a parent instance for the current user. 417 * <p> 418 * Still, the test works. 419 */ 420 @Test checkIfKeyguardFeaturesAreDisabled_onlyMatchesParent_profileParentPolicy()421 public void checkIfKeyguardFeaturesAreDisabled_onlyMatchesParent_profileParentPolicy() { 422 UserInfo userInfo = setUpUser(mUserId, new ComponentName[] {mAdmin1}); 423 UserInfo profileInfo = setUpManagedProfile(mProfileId, new ComponentName[] {mAdmin2}); 424 when(mUserManager.getProfiles(mUserId)).thenReturn(Arrays.asList(userInfo, profileInfo)); 425 426 when(mProxy.getParentProfileInstance(any(DevicePolicyManager.class), any()) 427 .getKeyguardDisabledFeatures(mAdmin2, mProfileId)) 428 .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); 429 430 // Parent should get the policy. 431 EnforcedAdmin parent = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 432 mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); 433 assertThat(parent).isEqualTo(new EnforcedAdmin(mAdmin2, UserHandle.of(mProfileId))); 434 435 // Profile should not get the policy. 436 EnforcedAdmin profile = RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 437 mContext, KEYGUARD_DISABLE_FINGERPRINT, mProfileId); 438 assertThat(profile).isNull(); 439 } 440 441 @Test sendShowAdminSupportDetailsIntent_extraRestrictionProvided()442 public void sendShowAdminSupportDetailsIntent_extraRestrictionProvided() { 443 EnforcedAdmin enforcedAdmin = new EnforcedAdmin(); 444 enforcedAdmin.enforcedRestriction = "Fake"; 445 RestrictedLockUtils.sendShowAdminSupportDetailsIntent(mContext, enforcedAdmin); 446 447 ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class); 448 verify(mContext).startActivityAsUser(intentCaptor.capture(), any()); 449 assertThat(intentCaptor.getValue().getExtra(EXTRA_RESTRICTION)).isEqualTo("Fake"); 450 } 451 452 @Test sendShowAdminSupportDetailsIntent_noExtraRestriction()453 public void sendShowAdminSupportDetailsIntent_noExtraRestriction() { 454 RestrictedLockUtils.sendShowAdminSupportDetailsIntent(mContext, null); 455 456 ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class); 457 verify(mContext).startActivityAsUser(intentCaptor.capture(), any()); 458 assertThat(intentCaptor.getValue().getExtra(EXTRA_RESTRICTION)).isNull(); 459 } 460 461 /** See b/386971405. Ensure that the code does not crash when the user is not found. */ 462 @Test checkIfKeyguardFeaturesDisabled_returnsNull_whenUserDoesNotExist()463 public void checkIfKeyguardFeaturesDisabled_returnsNull_whenUserDoesNotExist() { 464 when(mUserManager.getUserInfo(mUserId)).thenReturn(null); 465 assertThat( 466 RestrictedLockUtilsInternal.checkIfKeyguardFeaturesDisabled( 467 mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId)) 468 .isNull(); 469 } 470 setUpUser(int userId, ComponentName[] admins)471 private UserInfo setUpUser(int userId, ComponentName[] admins) { 472 UserInfo userInfo = new UserInfo(userId, "primary", 0); 473 when(mUserManager.getUserInfo(userId)).thenReturn(userInfo); 474 setUpActiveAdmins(userId, admins); 475 return userInfo; 476 } 477 setUpManagedProfile(int userId, ComponentName[] admins)478 private UserInfo setUpManagedProfile(int userId, ComponentName[] admins) { 479 UserInfo userInfo = new UserInfo(userId, "profile", UserInfo.FLAG_MANAGED_PROFILE); 480 when(mUserManager.getUserInfo(userId)).thenReturn(userInfo); 481 setUpActiveAdmins(userId, admins); 482 return userInfo; 483 } 484 setUpActiveAdmins(int userId, ComponentName[] activeAdmins)485 private void setUpActiveAdmins(int userId, ComponentName[] activeAdmins) { 486 when(mDevicePolicyManager.getActiveAdminsAsUser(userId)) 487 .thenReturn(Arrays.asList(activeAdmins)); 488 } 489 setUpDeviceOwner(ComponentName admin, int userId)490 private void setUpDeviceOwner(ComponentName admin, int userId) { 491 when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser()).thenReturn(admin); 492 when(mDevicePolicyManager.getDeviceOwnerUser()).thenReturn(UserHandle.of(userId)); 493 } 494 setUpProfileOwner(ComponentName admin)495 private void setUpProfileOwner(ComponentName admin) { 496 when(mDevicePolicyManager.getProfileOwner()).thenReturn(admin); 497 } 498 } 499