1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.devicepolicy.cts; 18 19 import static android.app.admin.DevicePolicyIdentifiers.getIdentifierForUserRestriction; 20 import static android.app.admin.TargetUser.GLOBAL_USER_ID; 21 import static android.app.admin.flags.Flags.FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED; 22 23 import static com.android.bedstead.nene.userrestrictions.CommonUserRestrictions.DISALLOW_AIRPLANE_MODE; 24 import static com.android.bedstead.nene.users.UserType.MANAGED_PROFILE_TYPE_NAME; 25 26 import static com.google.common.truth.Truth.assertThat; 27 28 import static org.junit.Assert.assertThrows; 29 30 import android.app.admin.DevicePolicyManager; 31 import android.app.admin.DpcAuthority; 32 import android.app.admin.EnforcingAdmin; 33 import android.app.admin.PolicyState; 34 import android.app.admin.PolicyUpdateResult; 35 import android.app.admin.UserRestrictionPolicyKey; 36 import android.content.Context; 37 import android.devicepolicy.cts.utils.PolicyEngineUtils; 38 import android.devicepolicy.cts.utils.PolicySetResultUtils; 39 import android.os.Bundle; 40 import android.os.UserHandle; 41 42 import com.android.bedstead.flags.annotations.RequireFlagsEnabled; 43 import com.android.bedstead.harrier.BedsteadJUnit4; 44 import com.android.bedstead.harrier.DeviceState; 45 import com.android.bedstead.enterprise.annotations.EnsureHasWorkProfile; 46 import com.android.bedstead.harrier.annotations.Postsubmit; 47 import com.android.bedstead.enterprise.annotations.CanSetPolicyTest; 48 import com.android.bedstead.enterprise.annotations.EnsureHasDeviceOwner; 49 import com.android.bedstead.enterprise.annotations.EnsureHasNoDpc; 50 import com.android.bedstead.harrier.policies.DisallowAirplaneMode; 51 import com.android.bedstead.nene.TestApis; 52 import com.android.bedstead.nene.users.UserReference; 53 import com.android.bedstead.permissions.CommonPermissions; 54 import com.android.bedstead.permissions.annotations.EnsureDoesNotHavePermission; 55 import com.android.bedstead.permissions.annotations.EnsureHasPermission; 56 import com.android.compatibility.common.util.ApiTest; 57 import com.android.xts.root.annotations.RequireRootInstrumentation; 58 59 import org.junit.ClassRule; 60 import org.junit.Rule; 61 import org.junit.Test; 62 import org.junit.runner.RunWith; 63 64 /** 65 * Tests should only be added to this class if there is nowhere else they could reasonably 66 * go. 67 */ 68 @RunWith(BedsteadJUnit4.class) 69 public final class DevicePolicyManagerTest { 70 @ClassRule @Rule 71 public static final DeviceState sDeviceState = new DeviceState(); 72 73 private static final Context sContext = TestApis.context().instrumentedContext(); 74 private static final DevicePolicyManager sDevicePolicyManager = 75 sContext.getSystemService(DevicePolicyManager.class); 76 77 private static final String MANAGE_PROFILE_AND_DEVICE_OWNERS = 78 "android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS"; 79 private static final String MANAGE_DEVICE_ADMINS = "android.permission.MANAGE_DEVICE_ADMINS"; 80 81 private static final int NO_LIMIT = -1; 82 83 @EnsureHasDeviceOwner 84 @EnsureDoesNotHavePermission(MANAGE_DEVICE_ADMINS) 85 @Test 86 @ApiTest(apis = "android.app.admin.DevicePolicyManager#removeActiveAdmin") removeActiveAdmin_adminPassedDoesNotBelongToCaller_throwsException()87 public void removeActiveAdmin_adminPassedDoesNotBelongToCaller_throwsException() { 88 assertThrows(SecurityException.class, () -> sDevicePolicyManager.removeActiveAdmin( 89 sDeviceState.deviceOwner().componentName())); 90 } 91 92 @EnsureHasDeviceOwner 93 @EnsureHasPermission(MANAGE_DEVICE_ADMINS) 94 @Test 95 @ApiTest(apis = "android.app.admin.DevicePolicyManager#removeActiveAdmin") removeActiveAdmin_adminPassedDoesNotBelongToCaller_manageDeviceAdminsPermission_noException()96 public void removeActiveAdmin_adminPassedDoesNotBelongToCaller_manageDeviceAdminsPermission_noException() { 97 sDevicePolicyManager.removeActiveAdmin( 98 sDeviceState.deviceOwner().componentName()); 99 } 100 101 @Test 102 @ApiTest(apis = "android.app.admin.DevicePolicyManager#getDevicePolicyManagementRoleHolderPackage") getDeviceManagerRoleHolderPackageName_doesNotCrash()103 public void getDeviceManagerRoleHolderPackageName_doesNotCrash() { 104 sDevicePolicyManager.getDevicePolicyManagementRoleHolderPackage(); 105 } 106 107 @Postsubmit(reason = "new test") 108 @Test 109 @EnsureHasNoDpc 110 @EnsureHasPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 111 @ApiTest(apis = "android.app.admin.DevicePolicyManager#getPolicyManagedProfiles") getPolicyManagedProfiles_noManagedProfiles_returnsEmptyList()112 public void getPolicyManagedProfiles_noManagedProfiles_returnsEmptyList() { 113 assertThat(sDevicePolicyManager.getPolicyManagedProfiles( 114 TestApis.context().instrumentationContext().getUser())).isEmpty(); 115 } 116 117 @Postsubmit(reason = "new test") 118 @Test 119 @EnsureHasWorkProfile 120 @EnsureHasPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 121 @ApiTest(apis = "android.app.admin.DevicePolicyManager#getPolicyManagedProfiles") getPolicyManagedProfiles_hasWorkProfile_returnsWorkProfileUser()122 public void getPolicyManagedProfiles_hasWorkProfile_returnsWorkProfileUser() { 123 assertThat(sDevicePolicyManager.getPolicyManagedProfiles( 124 TestApis.context().instrumentationContext().getUser())) 125 .containsExactly(sDeviceState.workProfile().userHandle()); 126 } 127 128 @Postsubmit(reason = "new test") 129 @Test 130 @EnsureHasNoDpc 131 @EnsureHasPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 132 @ApiTest(apis = "android.app.admin.DevicePolicyManager#getPolicyManagedProfiles") getPolicyManagedProfiles_hasManagedProfileNoProfileOwner_returnsEmptyList()133 public void getPolicyManagedProfiles_hasManagedProfileNoProfileOwner_returnsEmptyList() { 134 try (UserReference user = TestApis.users().createUser().type(MANAGED_PROFILE_TYPE_NAME) 135 .parent(TestApis.users().instrumented()).create()) { 136 assertThat(sDevicePolicyManager.getPolicyManagedProfiles( 137 TestApis.context().instrumentationContext().getUser())) 138 .isEmpty(); 139 } 140 } 141 142 @Postsubmit(reason = "new test") 143 @Test 144 @EnsureHasNoDpc 145 @EnsureDoesNotHavePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 146 @ApiTest(apis = "android.app.admin.DevicePolicyManager#getPolicyManagedProfiles") getPolicyManagedProfiles_noPermission_returnsEmptyList()147 public void getPolicyManagedProfiles_noPermission_returnsEmptyList() { 148 assertThrows(SecurityException.class, () -> sDevicePolicyManager.getPolicyManagedProfiles( 149 TestApis.context().instrumentationContext().getUser())); 150 } 151 152 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 153 @Postsubmit(reason = "new test") 154 @Test 155 @EnsureHasPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 156 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") setMaxPolicyStorageLimit_setsLimit()157 public void setMaxPolicyStorageLimit_setsLimit() { 158 int currentLimit = sDevicePolicyManager.getMaxPolicyStorageLimit(); 159 try { 160 sDevicePolicyManager.setMaxPolicyStorageLimit(NO_LIMIT); 161 162 assertThat(sDevicePolicyManager.getMaxPolicyStorageLimit()).isEqualTo(NO_LIMIT); 163 164 } finally { 165 sDevicePolicyManager.setMaxPolicyStorageLimit(currentLimit); 166 } 167 } 168 169 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 170 @Postsubmit(reason = "new test") 171 @Test 172 @EnsureHasPermission({ 173 CommonPermissions.MANAGE_PROFILE_AND_DEVICE_OWNERS, 174 CommonPermissions.MANAGE_DEVICE_POLICY_STORAGE_LIMIT}) 175 @EnsureHasDeviceOwner 176 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") 177 @CanSetPolicyTest(policy = DisallowAirplaneMode.class) 178 @RequireRootInstrumentation(reason = "Use of root only test API " 179 + "DPM#forceSetMaxPolicyStorageLimit") setMaxPolicyStorageLimit_limitReached_doesNotSetPolicy()180 public void setMaxPolicyStorageLimit_limitReached_doesNotSetPolicy() { 181 int currentLimit = sDevicePolicyManager.getMaxPolicyStorageLimit(); 182 try { 183 // Set the limit to the current size of policies set by the admin. setting any new 184 // policy should hit the size limit. 185 int newLimit = TestApis.devicePolicy().getPolicySizeForAdmin( 186 new EnforcingAdmin( 187 sDeviceState.dpc().packageName(), 188 DpcAuthority.DPC_AUTHORITY, 189 sDeviceState.dpc().user().userHandle())); 190 TestApis.devicePolicy().setMaxPolicySize(newLimit); 191 sDeviceState.dpc().devicePolicyManager().clearUserRestriction( 192 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 193 194 sDeviceState.dpc().devicePolicyManager().addUserRestriction( 195 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 196 197 PolicySetResultUtils.assertPolicySetResultReceived(sDeviceState, 198 getIdentifierForUserRestriction(DISALLOW_AIRPLANE_MODE), 199 PolicyUpdateResult.RESULT_FAILURE_STORAGE_LIMIT_REACHED, GLOBAL_USER_ID, 200 new Bundle()); 201 PolicyState<Boolean> policyState = PolicyEngineUtils.getBooleanPolicyState( 202 new UserRestrictionPolicyKey( 203 getIdentifierForUserRestriction(DISALLOW_AIRPLANE_MODE), 204 DISALLOW_AIRPLANE_MODE), 205 UserHandle.ALL); 206 assertThat(policyState == null || policyState.getCurrentResolvedPolicy() == null) 207 .isTrue(); 208 209 } finally { 210 sDeviceState.dpc().devicePolicyManager().clearUserRestriction( 211 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 212 sDevicePolicyManager.setMaxPolicyStorageLimit(currentLimit); 213 } 214 } 215 216 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 217 @Postsubmit(reason = "new test") 218 @Test 219 @EnsureHasPermission(CommonPermissions.MANAGE_PROFILE_AND_DEVICE_OWNERS) 220 @EnsureHasDeviceOwner 221 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") 222 @CanSetPolicyTest(policy = DisallowAirplaneMode.class) 223 @RequireRootInstrumentation(reason = "Use of root only test API " 224 + "DPM#forceSetMaxPolicyStorageLimit") setMaxPolicyStorageLimit_policySet_sizeIncreases()225 public void setMaxPolicyStorageLimit_policySet_sizeIncreases() { 226 int currentLimit = sDevicePolicyManager.getMaxPolicyStorageLimit(); 227 try { 228 EnforcingAdmin admin = new EnforcingAdmin( 229 sDeviceState.dpc().packageName(), 230 DpcAuthority.DPC_AUTHORITY, 231 sDeviceState.dpc().user().userHandle(), 232 sDeviceState.dpc().componentName()); 233 int currentSize = TestApis.devicePolicy().getPolicySizeForAdmin(admin); 234 TestApis.devicePolicy().setMaxPolicySize(NO_LIMIT); 235 236 sDeviceState.dpc().devicePolicyManager().addUserRestriction( 237 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 238 239 assertThat(TestApis.devicePolicy().getPolicySizeForAdmin(admin)) 240 .isGreaterThan(currentSize); 241 242 } finally { 243 sDeviceState.dpc().devicePolicyManager().clearUserRestriction( 244 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 245 sDevicePolicyManager.setMaxPolicyStorageLimit(currentLimit); 246 } 247 } 248 249 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 250 @Postsubmit(reason = "new test") 251 @Test 252 @EnsureHasPermission(CommonPermissions.MANAGE_PROFILE_AND_DEVICE_OWNERS) 253 @EnsureHasDeviceOwner 254 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") 255 @CanSetPolicyTest(policy = DisallowAirplaneMode.class) 256 @RequireRootInstrumentation(reason = "Use of root only test API " 257 + "DPM#forceSetMaxPolicyStorageLimit") setMaxPolicyStorageLimit_policySetThenUnset_sizeResets()258 public void setMaxPolicyStorageLimit_policySetThenUnset_sizeResets() { 259 int currentLimit = sDevicePolicyManager.getMaxPolicyStorageLimit(); 260 try { 261 EnforcingAdmin admin = new EnforcingAdmin( 262 sDeviceState.dpc().packageName(), 263 DpcAuthority.DPC_AUTHORITY, 264 sDeviceState.dpc().user().userHandle(), 265 sDeviceState.dpc().componentName()); 266 int currentSize = TestApis.devicePolicy().getPolicySizeForAdmin(admin); 267 TestApis.devicePolicy().setMaxPolicySize(NO_LIMIT); 268 269 sDeviceState.dpc().devicePolicyManager().addUserRestriction( 270 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 271 sDeviceState.dpc().devicePolicyManager().clearUserRestriction( 272 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 273 274 assertThat(TestApis.devicePolicy().getPolicySizeForAdmin(admin)).isEqualTo(currentSize); 275 276 } finally { 277 sDeviceState.dpc().devicePolicyManager().clearUserRestriction( 278 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 279 sDevicePolicyManager.setMaxPolicyStorageLimit(currentLimit); 280 } 281 } 282 283 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 284 @Postsubmit(reason = "new test") 285 @Test 286 @EnsureHasPermission(CommonPermissions.MANAGE_PROFILE_AND_DEVICE_OWNERS) 287 @EnsureHasDeviceOwner 288 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") 289 @CanSetPolicyTest(policy = DisallowAirplaneMode.class) 290 @RequireRootInstrumentation(reason = "Use of root only test API " 291 + "DPM#forceSetMaxPolicyStorageLimit") setMaxPolicyStorageLimit_setSamePolicyTwice_sizeDoesNotIncrease()292 public void setMaxPolicyStorageLimit_setSamePolicyTwice_sizeDoesNotIncrease() { 293 int currentLimit = sDevicePolicyManager.getMaxPolicyStorageLimit(); 294 try { 295 EnforcingAdmin admin = new EnforcingAdmin( 296 sDeviceState.dpc().packageName(), 297 DpcAuthority.DPC_AUTHORITY, 298 sDeviceState.dpc().user().userHandle(), 299 sDeviceState.dpc().componentName()); 300 TestApis.devicePolicy().setMaxPolicySize(NO_LIMIT); 301 sDeviceState.dpc().devicePolicyManager().addUserRestriction( 302 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 303 int currentSize = TestApis.devicePolicy().getPolicySizeForAdmin(admin); 304 305 sDeviceState.dpc().devicePolicyManager().addUserRestriction( 306 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 307 308 assertThat(TestApis.devicePolicy().getPolicySizeForAdmin(admin)).isEqualTo(currentSize); 309 310 } finally { 311 sDeviceState.dpc().devicePolicyManager().clearUserRestriction( 312 sDeviceState.dpc().componentName(), DISALLOW_AIRPLANE_MODE); 313 sDevicePolicyManager.setMaxPolicyStorageLimit(currentLimit); 314 } 315 } 316 317 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 318 @Postsubmit(reason = "new test") 319 @Test 320 @EnsureDoesNotHavePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 321 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") setMaxPolicyStorageLimit_noPermission_throwsException()322 public void setMaxPolicyStorageLimit_noPermission_throwsException() { 323 assertThrows( 324 SecurityException.class, () -> sDevicePolicyManager.setMaxPolicyStorageLimit(-1)); 325 } 326 327 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 328 @Postsubmit(reason = "new test") 329 @Test 330 @EnsureDoesNotHavePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS) 331 @ApiTest(apis = "android.app.admin.DevicePolicyManager#getMaxPolicyStorageLimit") getMaxPolicyStorageLimit_noPermission_throwsException()332 public void getMaxPolicyStorageLimit_noPermission_throwsException() { 333 assertThrows( 334 SecurityException.class, () -> sDevicePolicyManager.getMaxPolicyStorageLimit()); 335 } 336 337 @RequireFlagsEnabled(FLAG_DEVICE_POLICY_SIZE_TRACKING_INTERNAL_BUG_FIX_ENABLED) 338 @Postsubmit(reason = "new test") 339 @Test 340 @EnsureHasPermission(CommonPermissions.MANAGE_PROFILE_AND_DEVICE_OWNERS) 341 @RequireRootInstrumentation(reason = "Use of root only test API " 342 + "DPM#forceSetMaxPolicyStorageLimit") 343 @ApiTest(apis = "android.app.admin.DevicePolicyManager#setMaxPolicyStorageLimit") getMaxPolicyStorageLimit_getsLimit()344 public void getMaxPolicyStorageLimit_getsLimit() { 345 int currentLimit = sDevicePolicyManager.getMaxPolicyStorageLimit(); 346 try { 347 int newLimit = 10; 348 TestApis.devicePolicy().setMaxPolicySize(newLimit); 349 350 assertThat(sDevicePolicyManager.getMaxPolicyStorageLimit()).isEqualTo(newLimit); 351 352 } finally { 353 sDevicePolicyManager.setMaxPolicyStorageLimit(currentLimit); 354 } 355 } 356 357 } 358