1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.bedstead.harrier.annotations.enterprise;
18 
19 import java.lang.annotation.ElementType;
20 import java.lang.annotation.Retention;
21 import java.lang.annotation.RetentionPolicy;
22 import java.lang.annotation.Target;
23 
24 /**
25  * Used to annotate an enterprise policy for use with {@link NegativePolicyTest} and
26  * {@link PositivePolicyTest}.
27  */
28 @Target(ElementType.TYPE)
29 @Retention(RetentionPolicy.RUNTIME)
30 public @interface EnterprisePolicy {
31 
32     /**
33      * An enterprise policy which can be controlled using permissions.
34      */
35     @interface Permission {
36         /** The permission required to exercise the policy. */
appliedWith()37         String appliedWith();
38         /** Flags indicating who the policy applies to when applied in this way. */
appliesTo()39         int appliesTo();
40         /** Additional modifiers. */
modifiers()41         int modifiers() default NO;
42     }
43 
44     /**
45      * An enterprise policy which can be controlled user app ops.
46      */
47     @interface AppOp {
48         /** The AppOp required to exercise the policy. */
appliedWith()49         String appliedWith();
50         /** Flags indicating who the policy applies to when applied in this way. */
appliesTo()51         int appliesTo();
52         /** Additional modifiers. */
modifiers()53         int modifiers() default NO;
54     }
55 
56     /**
57      * An enterprise policy which can be controlled by an app with a particular delegated scope.
58      */
59     @interface DelegatedScope {
60          /** The delegated scope required to exercise the policy. */
scope()61         String scope();
62         /** Flags indicating who the policy applies to when applied in this way. */
appliesTo()63         int appliesTo();
64         /** Additional modifiers. */
modifiers()65         int modifiers() default NO;
66     }
67 
68     /** A policy that cannot be applied. */
69     int NO = 0;
70 
71     /** A policy which applies to the user of the package which applied the policy. */
72     int APPLIES_TO_OWN_USER = 1;
73     /** A policy which applies to unaffiliated other users. */
74     int APPLIES_TO_UNAFFILIATED_OTHER_USERS = 1 << 1;
75     /** A policy which applies to affiliated other users. */
76     int APPLIES_TO_AFFILIATED_OTHER_USERS = 1 << 2;
77     /** A policy which applies to unaffiliated profiles of the user of the package which applied the policy. */
78     int APPLIES_TO_UNAFFILIATED_CHILD_PROFILES = 1 << 3;
79     /** A policy which applies to affiliated profiles of the user of the package which applied the policy. */
80     int APPLIES_TO_AFFILIATED_CHILD_PROFILES = 1 << 4;
81     /** A policy that applies to the parent of the profile of the package which applied the policy. */
82     int APPLIES_TO_PARENT = 1 << 5;
83 
84     /** A policy that applies to affiliated or unaffiliate profiles of the package which applied the policy. */
85     int APPLIES_TO_CHILD_PROFILES =
86             APPLIES_TO_UNAFFILIATED_CHILD_PROFILES | APPLIES_TO_AFFILIATED_CHILD_PROFILES;
87     /** A policy that applies to affiliated or unaffiliated other users. */
88     int APPLIES_TO_OTHER_USERS =
89             APPLIES_TO_UNAFFILIATED_OTHER_USERS | APPLIES_TO_AFFILIATED_OTHER_USERS;
90 
91     /** A policy that applies to all users on the device. */
92     int APPLIES_GLOBALLY = APPLIES_TO_OWN_USER | APPLIES_TO_OTHER_USERS | APPLIES_TO_CHILD_PROFILES;
93 
94 
95     // Applied by
96 
97     /** A policy that can be applied by a device owner. */
98     int APPLIED_BY_DEVICE_OWNER = 1 << 6;
99     /** A policy that can be applied by a profile owner of an unaffiliated profile. */
100     int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_PROFILE = 1 << 7;
101     /** A policy that can be applied by a profile owner of an affiliated profile */
102     int APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE = 1 << 8;
103     /** A policy that can be applied by a profile owner of a cope profile */
104     int APPLIED_BY_COPE_PROFILE_OWNER = 1 << 9;
105 
106     /** A policy that can be applied by a profile owner of an affiliated or unaffiliated profile.
107      * This does not include cope profiles. */
108     int APPLIED_BY_PROFILE_OWNER_PROFILE =
109             APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_PROFILE
110                     | APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE;
111     /**
112      * A policy that can be applied by a Profile Owner for a User (not Profile) with no Device
113      * Owner.
114      */
115     int APPLIED_BY_PROFILE_OWNER_USER_WITH_NO_DO = 1 << 10;
116     /**
117      * A policy that can be applied by an unaffiliated Profile Owner for a User (not Profile) with
118      * a Device Owner.
119      */
120     int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER_WITH_DO = 1 << 11;
121     /** A policy that can be applied by a profile owner of an unaffiliated user. */
122     int APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER =
123             APPLIED_BY_PROFILE_OWNER_USER_WITH_NO_DO
124                     | APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER_WITH_DO;
125     /** A policy that can be applied by a profile owner of an affiliated user. */
126     int APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER = 1 << 12;
127     /** A policy that can be applied by an affiliated or unaffiliated profile owner on a User (not Profile). */
128     int APPLIED_BY_PROFILE_OWNER_USER =
129             APPLIED_BY_UNAFFILIATED_PROFILE_OWNER_USER | APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER;
130     /** A policy that can be applied by an affiliated profile owner on a user or profile. */
131     int APPLIED_BY_AFFILIATED_PROFILE_OWNER = APPLIED_BY_AFFILIATED_PROFILE_OWNER_PROFILE | APPLIED_BY_AFFILIATED_PROFILE_OWNER_USER;
132     /** A policy that can be applied by a profile owner, affiliate or unaffiliated, running on a user or profile. */
133     int APPLIED_BY_PROFILE_OWNER =
134             APPLIED_BY_PROFILE_OWNER_PROFILE
135             | APPLIED_BY_PROFILE_OWNER_USER;
136 
137     int APPLIED_BY_PARENT_INSTANCE_OF_NON_COPE_PROFILE_OWNER_PROFILE = 1 << 13;
138     int APPLIED_BY_PARENT_INSTANCE_OF_COPE_PROFILE_OWNER_PROFILE = 1 << 14;
139 
140     int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_PROFILE =
141             APPLIED_BY_PARENT_INSTANCE_OF_NON_COPE_PROFILE_OWNER_PROFILE | APPLIED_BY_PARENT_INSTANCE_OF_COPE_PROFILE_OWNER_PROFILE;
142 
143     int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_USER = 1 << 15;
144 
145     int APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER =
146             APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_USER
147                     | APPLIED_BY_PARENT_INSTANCE_OF_PROFILE_OWNER_PROFILE;
148 
149     // Modifiers
150     /** Internal use only. Do not use */
151     // This is to be used to mark specific annotations as not generating negative tests
152     int DO_NOT_APPLY_TO_NEGATIVE_TESTS = 1 << 16;
153 
154     /**
155      * A policy which applies even when the user is not in the foreground.
156      *
157      * <p>Note that lacking this flag does not mean a policy does not apply - to indicate that use
158      * {@link DOES_NOT_APPLY_IN_BACKGROUND}. */
159     int APPLIES_IN_BACKGROUND = 1 << 17 | (DO_NOT_APPLY_TO_NEGATIVE_TESTS);
160     /**
161      * A policy which does not apply when the user is not in the foreground.
162      *
163      * <p>At present this does not generate any additional tests but may do in future.
164      *
165      * <p>Note that lacking this flag does not mean a policy does apply - to indicate that use
166      * {@link APPLIES_IN_BACKGROUND}. */
167     int DOES_NOT_APPLY_IN_BACKGROUND = 1 << 18;
168 
169 
170     /**
171      * A policy which can be applied by a delegate.
172      *
173      * See {@link #delegatedScopes()} for the scopes which enable this.
174      */
175     int CAN_BE_DELEGATED = 1 << 19;
176 
177     /** Flags indicating DPC states which can set the policy. */
dpc()178     int[] dpc() default {};
179 
180     /**
181      * {@link Permission} indicating which permissions can control the policy.
182      *
183      * <p>Note that this currently does not generate any additional tests but may do in future.
184      */
permissions()185     Permission[] permissions() default {};
186 
187     /**
188      * {@link AppOp} indicating which AppOps can control the policy.
189      *
190      * <p>Note that this currently does not generate any additional tests but may do in future.
191      */
appOps()192     AppOp[] appOps() default {};
193 
194     /**
195      * {@link DelegatedScope} indicating which delegated scopes can control the policy.
196      *
197      * <p>This applies to {@link #dpc()} entries with the {@link #CAN_BE_DELEGATED} flag.
198      */
delegatedScopes()199     String[] delegatedScopes() default {};
200 }
201