xref: /cts/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/PermissionLockdownTestActivity.java

/*
 * Copyright (C) 2015 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.android.cts.verifier.managedprovisioning;

import static android.os.UserHandle.myUserId;

import android.app.admin.DevicePolicyManager;
import android.content.ActivityNotFoundException;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
import android.net.Uri;
import android.os.Bundle;
import android.os.UserManager;
import android.provider.Settings;
import android.util.Log;
import android.view.View;
import android.view.ViewGroup;
import android.widget.Button;
import android.widget.ImageView;
import android.widget.RadioGroup;
import android.widget.TextView;
import android.widget.Toast;

import com.android.cts.verifier.PassFailButtons;
import com.android.cts.verifier.R;

import java.util.Arrays;

public class PermissionLockdownTestActivity extends PassFailButtons.Activity
        implements RadioGroup.OnCheckedChangeListener {

    private static final String TAG = PermissionLockdownTestActivity.class.getSimpleName();

    private static final String PERMISSION_APP_PACKAGE = "com.android.cts.permissionapp";

    // Alias used for starting the activity from ByodFlowTestActivity (Managed profile tests).
    static final String ACTIVITY_ALIAS
            = "com.android.cts.verifier.managedprovisioning" +
                    ".ManagedProfilePermissionLockdownTestActivity";

    private static final String MANAGED_PROVISIONING_ACTION_PREFIX
            = "com.android.cts.verifier.managedprovisioning.action.";
    // Indicates that activity is started for device owner case.
    static final String ACTION_CHECK_PERMISSION_LOCKDOWN
            = MANAGED_PROVISIONING_ACTION_PREFIX + "CHECK_PERMISSION_LOCKDOWN";
    // Indicates that activity is started for profile owner case.
    static final String ACTION_MANAGED_PROFILE_CHECK_PERMISSION_LOCKDOWN
            = MANAGED_PROVISIONING_ACTION_PREFIX + "MANAGED_PROFILE_CHECK_PERMISSION_LOCKDOWN";

    // Permission grant states will be set on these permissions.
    private static final String[] CONTACTS_PERMISSIONS = new String[] {
            android.Manifest.permission.READ_CONTACTS, android.Manifest.permission.WRITE_CONTACTS
    };

    private boolean mDeviceOwnerTest;
    private DevicePolicyManager mDevicePolicyManager;
    private ComponentName mAdmin;

    @Override
    public void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.permission_lockdown);

        Log.d(TAG, "created on user " + myUserId());

        mDevicePolicyManager =
                (DevicePolicyManager) getSystemService(Context.DEVICE_POLICY_SERVICE);
        mAdmin = DeviceAdminTestReceiver.getReceiverComponentName();

        mDeviceOwnerTest =
                ACTION_CHECK_PERMISSION_LOCKDOWN.equals(getIntent().getAction()) ? true : false;
        // Return immediately if we are neither profile nor device owner.
        if (!isProfileOrDeviceOwner()) {
            setTestResultAndFinish(false);
            return;
        }

        buildLayout();
    }

    private void buildLayout() {
        PackageManager packageManager = getPackageManager();
        ApplicationInfo applicationInfo = null;
        try {
            // We need to make sure that the CtsPermissionApp is installed on the device or
            // work profile.
            applicationInfo = packageManager.getApplicationInfo(
                    PERMISSION_APP_PACKAGE, 0 /* flags */);
        } catch (PackageManager.NameNotFoundException e) {
            showToast(getString(R.string.package_not_found, PERMISSION_APP_PACKAGE));
            setTestResultAndFinish(false);
            return;
        }

        ImageView packageIconImageView = (ImageView) findViewById(R.id.package_icon);
        packageIconImageView.setImageDrawable(packageManager.getApplicationIcon(applicationInfo));
        TextView packageNameTextView = (TextView) findViewById(R.id.package_name);
        packageNameTextView.setText(packageManager.getApplicationLabel(applicationInfo));

        TextView permissionNameTextView = (TextView) findViewById(R.id.permission_name);
        permissionNameTextView.setText(Arrays.toString(CONTACTS_PERMISSIONS));

        // Get the current permission grant state for initializing the RadioGroup.
        int readPermissionState = mDevicePolicyManager.getPermissionGrantState(mAdmin,
                    PERMISSION_APP_PACKAGE, CONTACTS_PERMISSIONS[0]);
        int writePermissionState = mDevicePolicyManager.getPermissionGrantState(mAdmin,
                PERMISSION_APP_PACKAGE, CONTACTS_PERMISSIONS[1]);
        int currentPermissionState;
        if (readPermissionState == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED ||
        writePermissionState == DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED) {
            currentPermissionState = DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED;
        } else if (readPermissionState == DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED ||
                    writePermissionState == DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED) {
            currentPermissionState = DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
        } else {
            currentPermissionState = readPermissionState;
        }
        RadioGroup permissionRadioGroup = (RadioGroup) findViewById(R.id.permission_group);
        switch (currentPermissionState) {
            case DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED: {
                permissionRadioGroup.check(R.id.permission_allow);
            } break;
            case DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT: {
                permissionRadioGroup.check(R.id.permission_default);
            } break;
            case  DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED: {
                permissionRadioGroup.check(R.id.permission_deny);
            } break;
        }
        permissionRadioGroup.setOnCheckedChangeListener(this);

        addFinishOrPassFailButtons();
    }

    private void addFinishOrPassFailButtons() {
        // In case of device owner, we include the pass-fail buttons where as in case of profile
        // owner, we add a finish button.
        ViewGroup parentView = (ViewGroup) findViewById(R.id.permission_lockdown_activity);
        if (mDeviceOwnerTest) {
            parentView.addView(
                    getLayoutInflater().inflate(R.layout.pass_fail_buttons, parentView, false));
            setInfoResources(R.string.device_profile_owner_permission_lockdown_test,
                    R.string.device_owner_permission_lockdown_test_info, 0);
            setPassFailButtonClickListeners();
        } else {
            Button finishButton = new Button(this);
            finishButton.setText(R.string.finish_button_label);
            finishButton.setOnClickListener(new View.OnClickListener() {
                @Override
                public void onClick(View v) {
                    PermissionLockdownTestActivity.this.setTestResultAndFinish(false);
                }
            });
            parentView.addView(finishButton);
        }
    }

    // Dispatches an intent to open the Settings screen for CtsPermissionApp.
    public void openSettings(View v) {
        Intent intent = new Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS)
                .setData(Uri.fromParts("package", PERMISSION_APP_PACKAGE, null))
                .setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
        try {
            startActivity(intent);
        } catch (ActivityNotFoundException e) {
            showToast(getString(R.string.activity_not_found, intent));
        }
    }

    @Override
    public void onCheckedChanged(RadioGroup radioGroup, int checkedId) {
        int permissionGrantState = -1;
        switch (checkedId) {
            case R.id.permission_allow: {
                permissionGrantState = DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED;
            } break;
            case R.id.permission_default: {
                permissionGrantState = DevicePolicyManager.PERMISSION_GRANT_STATE_DEFAULT;
            } break;
            case R.id.permission_deny: {
                permissionGrantState = DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED;
            } break;
        }
        mDevicePolicyManager.setPermissionGrantState(mAdmin, PERMISSION_APP_PACKAGE,
                CONTACTS_PERMISSIONS[0], permissionGrantState);
        mDevicePolicyManager.setPermissionGrantState(mAdmin, PERMISSION_APP_PACKAGE,
                CONTACTS_PERMISSIONS[1], permissionGrantState);
    }

    private boolean isProfileOrDeviceOwner() {
        String adminPackage = mAdmin.getPackageName();
        // On headless system user mode, permissions are set in the current user, which is not
        // device owner, but affiliated profile owner
        boolean expectDeviceOwner = mDeviceOwnerTest && !UserManager.isHeadlessSystemUserMode();

        boolean isDeviceOwner = mDevicePolicyManager.isDeviceOwnerApp(adminPackage);
        boolean isProfileOwner = mDevicePolicyManager.isProfileOwnerApp(adminPackage);
        Log.d(TAG, "isProfileOrDeviceOwner(): userId=" + myUserId()
                + ", mDeviceOwnerTest=" + mDeviceOwnerTest
                + ", expectDeviceOwner=" + expectDeviceOwner
                + ", isDeviceOwner=" + isDeviceOwner
                + ", isProfileOwner=" + isProfileOwner);

        if (expectDeviceOwner) {
            if (!isDeviceOwner) {
                showToast(getString(R.string.not_device_owner, adminPackage));
                return false;
            }
            return true;
        }
        if (!isProfileOwner) {
            showToast(getString(R.string.not_profile_owner, adminPackage));
            return false;
        }
        return true;
    }

    private void showToast(String toast) {
        Log.d(TAG, "showToast(" + toast + ")");
        Toast.makeText(this, toast, Toast.LENGTH_LONG).show();
    }
}