Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07ad125f authored by Azhara Assanova's avatar Azhara Assanova
Browse files

[AAPM] RestrictedPreference tests for advanced protection 

Bug: 372083546
Test: atest RestrictedLockUtilsTest
Test: atest RestrictedPreferenceHelperTest
Flag: TEST_ONLY
Change-Id: If47938c6d2a4f3b3ac132f1cfc4c748ae7f34153
parent eb0a8e60

packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java

+140 −0
Original line number Diff line number Diff line
@@ -21,15 +21,26 @@ import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NO 
import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT;

import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_REMOTE_INPUT;

import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_UNREDACTED_NOTIFICATIONS;

import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY;



import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;



import static com.google.common.truth.Truth.assertThat;

import static com.google.common.truth.Truth.assertWithMessage;



import static org.mockito.ArgumentMatchers.any;

import static org.mockito.ArgumentMatchers.eq;

import static org.mockito.Mockito.doReturn;

import static org.mockito.Mockito.verify;

import static org.mockito.Mockito.when;



import android.app.admin.Authority;

import android.app.admin.DeviceAdminAuthority;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DpcAuthority;

import android.app.admin.EnforcingAdmin;

import android.app.admin.RoleAuthority;

import android.app.admin.UnknownAuthority;

import android.content.ComponentName;

import android.content.Context;

import android.content.Intent;
@@ -37,8 +48,13 @@ import android.content.pm.PackageManager; 
import android.content.pm.UserInfo;

import android.os.UserHandle;

import android.os.UserManager;

import android.platform.test.annotations.RequiresFlagsDisabled;

import android.platform.test.annotations.RequiresFlagsEnabled;

import android.platform.test.flag.junit.CheckFlagsRule;

import android.platform.test.flag.junit.DeviceFlagsValueProvider;



import org.junit.Before;

import org.junit.Rule;

import org.junit.Test;

import org.junit.runner.RunWith;

import org.mockito.Answers;
@@ -52,6 +68,8 @@ import java.util.Collections; 


@RunWith(RobolectricTestRunner.class)

public class RestrictedLockUtilsTest {

    @Rule

    public final CheckFlagsRule mCheckFlagsRule = DeviceFlagsValueProvider.createCheckFlagsRule();



    @Mock

    private Context mContext;
@@ -66,6 +84,7 @@ public class RestrictedLockUtilsTest { 


    private final int mUserId = 194;

    private final int mProfileId = 160;

    private final String mPackage = "test.pkg";

    private final ComponentName mAdmin1 = new ComponentName("admin1", "admin1class");

    private final ComponentName mAdmin2 = new ComponentName("admin2", "admin2class");
@@ -85,6 +104,7 @@ public class RestrictedLockUtilsTest { 
        RestrictedLockUtilsInternal.sProxy = mProxy;

    }



    @RequiresFlagsDisabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void checkIfRestrictionEnforced_deviceOwner()

            throws PackageManager.NameNotFoundException {
@@ -109,6 +129,7 @@ public class RestrictedLockUtilsTest { 
        assertThat(enforcedAdmin.component).isEqualTo(mAdmin1);

    }



    @RequiresFlagsDisabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void checkIfRestrictionEnforced_profileOwner()

            throws PackageManager.NameNotFoundException {
@@ -133,6 +154,125 @@ public class RestrictedLockUtilsTest { 
        assertThat(enforcedAdmin.component).isEqualTo(mAdmin1);

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void checkIfRestrictionEnforced_getEnforcingAdminExists() {

        UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId,

                UserManager.RESTRICTION_SOURCE_PROFILE_OWNER);

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;

        final EnforcingAdmin enforcingAdmin = new EnforcingAdmin(mPackage,

                UnknownAuthority.UNKNOWN_AUTHORITY, UserHandle.of(mUserId), mAdmin1);



        when(mUserManager.getUserRestrictionSources(userRestriction,

                UserHandle.of(mUserId)))

                .thenReturn(Collections.singletonList(enforcingUser));

        when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction))

                .thenReturn(enforcingAdmin);



        EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal.checkIfRestrictionEnforced(

                mContext, userRestriction, mUserId);



        assertThat(enforcedAdmin).isNotNull();

        assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction);

        assertThat(enforcedAdmin.component).isEqualTo(enforcingAdmin.getComponentName());

        assertThat(enforcedAdmin.user).isEqualTo(enforcingAdmin.getUserHandle());

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void checkIfRestrictionEnforced_getEnforcingAdminReturnsNull_deviceOwner()

            throws PackageManager.NameNotFoundException {

        UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId,

                UserManager.RESTRICTION_SOURCE_DEVICE_OWNER);

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;



        when(mUserManager.getUserRestrictionSources(userRestriction,

                UserHandle.of(mUserId)))

                .thenReturn(Collections.singletonList(enforcingUser));

        when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction))

                .thenReturn(null);

        when(mContext.createPackageContextAsUser(any(), eq(0),

                eq(UserHandle.of(mUserId))))

                .thenReturn(mContext);



        setUpDeviceOwner(mAdmin1, mUserId);



        EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal

                .checkIfRestrictionEnforced(mContext, userRestriction, mUserId);



        assertThat(enforcedAdmin).isNotNull();

        assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction);

        assertThat(enforcedAdmin.component).isEqualTo(mAdmin1);

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void checkIfRestrictionEnforced_getEnforcingAdminReturnsNull_profileOwner()

            throws PackageManager.NameNotFoundException {

        UserManager.EnforcingUser enforcingUser = new UserManager.EnforcingUser(mUserId,

                UserManager.RESTRICTION_SOURCE_PROFILE_OWNER);

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;



        when(mUserManager.getUserRestrictionSources(userRestriction,

                UserHandle.of(mUserId)))

                .thenReturn(Collections.singletonList(enforcingUser));

        when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction))

                .thenReturn(null);

        when(mContext.createPackageContextAsUser(any(), eq(0),

                eq(UserHandle.of(mUserId))))

                .thenReturn(mContext);



        setUpProfileOwner(mAdmin1);



        EnforcedAdmin enforcedAdmin = RestrictedLockUtilsInternal

                .checkIfRestrictionEnforced(mContext, userRestriction, mUserId);



        assertThat(enforcedAdmin).isNotNull();

        assertThat(enforcedAdmin.enforcedRestriction).isEqualTo(userRestriction);

        assertThat(enforcedAdmin.component).isEqualTo(mAdmin1);

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void isPolicyEnforcedByAdvancedProtection_notEnforced_returnsFalse() {

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;

        final Authority[] allNonAdvancedProtectionAuthorities = new Authority[] {

                UnknownAuthority.UNKNOWN_AUTHORITY,

                DeviceAdminAuthority.DEVICE_ADMIN_AUTHORITY,

                DpcAuthority.DPC_AUTHORITY,

                new RoleAuthority(Collections.singleton("some-role"))

        };



        for (Authority authority : allNonAdvancedProtectionAuthorities) {

            final EnforcingAdmin enforcingAdmin = new EnforcingAdmin(mPackage, authority,

                    UserHandle.of(mUserId), mAdmin1);



            when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction))

                    .thenReturn(enforcingAdmin);



            assertWithMessage(authority + " is not an advanced protection authority")

                    .that(RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(

                            mContext, userRestriction, mUserId))

                    .isFalse();

        }

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void isPolicyEnforcedByAdvancedProtection_enforced_returnsTrue() {

        final Authority advancedProtectionAuthority = new UnknownAuthority(

                ADVANCED_PROTECTION_SYSTEM_ENTITY);

        final EnforcingAdmin advancedProtectionEnforcingAdmin = new EnforcingAdmin(mPackage,

                advancedProtectionAuthority, UserHandle.of(mUserId), mAdmin1);

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;



        when(mDevicePolicyManager.getEnforcingAdmin(mUserId, userRestriction))

                .thenReturn(advancedProtectionEnforcingAdmin);



        assertThat(RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(mContext,

                userRestriction, mUserId)).isTrue();

    }



    @Test

    public void checkIfDevicePolicyServiceDisabled_noEnforceAdminForManagedProfile() {

        when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)).thenReturn(null);

packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedPreferenceHelperTest.java

+148 −0
Original line number Diff line number Diff line
@@ -16,7 +16,10 @@ 


package com.android.settingslib;



import static android.security.advancedprotection.AdvancedProtectionManager.ADVANCED_PROTECTION_SYSTEM_ENTITY;



import static com.google.common.truth.Truth.assertThat;

import static com.google.common.truth.Truth.assertWithMessage;



import static org.mockito.ArgumentMatchers.any;

import static org.mockito.Mockito.RETURNS_DEEP_STUBS;
@@ -26,10 +29,23 @@ import static org.mockito.Mockito.never; 
import static org.mockito.Mockito.verify;

import static org.mockito.Mockito.when;



import android.app.admin.Authority;

import android.app.admin.DeviceAdminAuthority;

import android.app.admin.DevicePolicyManager;

import android.app.admin.DevicePolicyResourcesManager;

import android.app.admin.DpcAuthority;

import android.app.admin.EnforcingAdmin;

import android.app.admin.RoleAuthority;

import android.app.admin.UnknownAuthority;

import android.content.ComponentName;

import android.content.Context;

import android.content.Intent;

import android.os.UserHandle;

import android.os.UserManager;

import android.platform.test.annotations.RequiresFlagsDisabled;

import android.platform.test.annotations.RequiresFlagsEnabled;

import android.platform.test.flag.junit.CheckFlagsRule;

import android.platform.test.flag.junit.DeviceFlagsValueProvider;

import android.view.View;

import android.widget.TextView;
@@ -37,14 +53,19 @@ import androidx.preference.Preference; 
import androidx.preference.PreferenceViewHolder;



import org.junit.Before;

import org.junit.Rule;

import org.junit.Test;

import org.junit.runner.RunWith;

import org.mockito.Mock;

import org.mockito.MockitoAnnotations;

import org.robolectric.RobolectricTestRunner;



import java.util.Collections;



@RunWith(RobolectricTestRunner.class)

public class RestrictedPreferenceHelperTest {

    @Rule

    public final CheckFlagsRule mCheckFlagsRule = DeviceFlagsValueProvider.createCheckFlagsRule();



    @Mock

    private Context mContext;
@@ -57,6 +78,11 @@ public class RestrictedPreferenceHelperTest { 
    @Mock

    private RestrictedTopLevelPreference mRestrictedTopLevelPreference;



    private final String mPackage = "test.pkg";

    private final ComponentName mAdmin = new ComponentName("admin", "adminclass");

    private final Authority mAdvancedProtectionAuthority = new UnknownAuthority(

            ADVANCED_PROTECTION_SYSTEM_ENTITY);



    private PreferenceViewHolder mViewHolder;

    private RestrictedPreferenceHelper mHelper;
@@ -71,6 +97,7 @@ public class RestrictedPreferenceHelperTest { 
        mHelper = new RestrictedPreferenceHelper(mContext, mPreference, null);

    }



    @RequiresFlagsDisabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void bindPreference_disabled_shouldDisplayDisabledSummary() {

        final TextView summaryView = mock(TextView.class, RETURNS_DEEP_STUBS);
@@ -101,6 +128,57 @@ public class RestrictedPreferenceHelperTest { 
        verify(summaryView, never()).setVisibility(View.GONE);

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void bindPreference_disabled_byAdvancedProtection_shouldDisplayDisabledSummary() {

        final TextView summaryView = mock(TextView.class, RETURNS_DEEP_STUBS);

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;

        final RestrictedLockUtils.EnforcedAdmin enforcedAdmin = new RestrictedLockUtils

                .EnforcedAdmin(/* component */ null, userRestriction, UserHandle.of(

                        UserHandle.myUserId()));

        final EnforcingAdmin advancedProtectionEnforcingAdmin = new EnforcingAdmin(mPackage,

                mAdvancedProtectionAuthority, UserHandle.of(UserHandle.myUserId()), mAdmin);



        when(mViewHolder.itemView.findViewById(android.R.id.summary))

                .thenReturn(summaryView);

        when(mDevicePolicyManager.getEnforcingAdmin(UserHandle.myUserId(), userRestriction))

                .thenReturn(advancedProtectionEnforcingAdmin);

        when(mContext.getString(

                com.android.settingslib.widget.restricted.R.string.disabled_by_advanced_protection))

                .thenReturn("advanced_protection");



        mHelper.useAdminDisabledSummary(true);

        mHelper.setDisabledByAdmin(enforcedAdmin);

        mHelper.onBindViewHolder(mViewHolder);



        verify(summaryView).setText("advanced_protection");

        verify(summaryView, never()).setVisibility(View.GONE);

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void bindPreference_disabled_byAdmin_shouldDisplayDisabledSummary() {

        final TextView summaryView = mock(TextView.class, RETURNS_DEEP_STUBS);

        final EnforcingAdmin nonAdvancedProtectionEnforcingAdmin = new EnforcingAdmin(mPackage,

                UnknownAuthority.UNKNOWN_AUTHORITY, UserHandle.of(UserHandle.myUserId()), mAdmin);

        final String userRestriction = UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY;



        when(mViewHolder.itemView.findViewById(android.R.id.summary))

                .thenReturn(summaryView);

        when(mDevicePolicyManager.getEnforcingAdmin(UserHandle.myUserId(), userRestriction))

                .thenReturn(nonAdvancedProtectionEnforcingAdmin);

        when(mContext.getString(R.string.disabled_by_admin_summary_text))

                .thenReturn("test");

        when(mDevicePolicyResourcesManager.getString(any(), any())).thenReturn("test");



        mHelper.useAdminDisabledSummary(true);

        mHelper.setDisabledByAdmin(new RestrictedLockUtils.EnforcedAdmin());

        mHelper.onBindViewHolder(mViewHolder);



        verify(summaryView).setText("test");

        verify(summaryView, never()).setVisibility(View.GONE);

    }



    @Test

    public void bindPreference_notDisabled_shouldNotHideSummary() {

        final TextView summaryView = mock(TextView.class, RETURNS_DEEP_STUBS);
@@ -157,4 +235,74 @@ public class RestrictedPreferenceHelperTest { 


        assertThat(mHelper.isDisabledByAdmin()).isTrue();

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void setDisabledByAdmin_previousAndCurrentAdminsAreTheSame_returnsFalse() {

        RestrictedLockUtils.EnforcedAdmin enforcedAdmin =

                new RestrictedLockUtils.EnforcedAdmin(/* component */ null,

                        /* enforcedRestriction */ "some_restriction", /* userHandle */ null);



        mHelper.setDisabledByAdmin(enforcedAdmin);



        assertThat(mHelper.setDisabledByAdmin(enforcedAdmin)).isFalse();

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void setDisabledByAdmin_previousAndCurrentAdminsAreDifferent_returnsTrue() {

        RestrictedLockUtils.EnforcedAdmin enforcedAdmin1 =

                new RestrictedLockUtils.EnforcedAdmin(/* component */ null,

                        /* enforcedRestriction */ "some_restriction", /* userHandle */ null);

        RestrictedLockUtils.EnforcedAdmin enforcedAdmin2 =

                new RestrictedLockUtils.EnforcedAdmin(new ComponentName("pkg", "cls"),

                        /* enforcedRestriction */ "some_restriction", /* userHandle */ null);



        mHelper.setDisabledByAdmin(enforcedAdmin1);



        assertThat(mHelper.setDisabledByAdmin(enforcedAdmin2)).isTrue();

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void isRestrictionEnforcedByAdvancedProtection_notEnforced_returnsFalse() {

        final Authority[] allNonAdvancedProtectionAuthorities = new Authority[] {

                UnknownAuthority.UNKNOWN_AUTHORITY,

                DeviceAdminAuthority.DEVICE_ADMIN_AUTHORITY,

                DpcAuthority.DPC_AUTHORITY,

                new RoleAuthority(Collections.singleton("some-role"))

        };

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;



        for (Authority authority : allNonAdvancedProtectionAuthorities) {

            final EnforcingAdmin enforcingAdmin = new EnforcingAdmin(mPackage, authority,

                    UserHandle.of(UserHandle.myUserId()), mAdmin);



            when(mDevicePolicyManager.getEnforcingAdmin(UserHandle.myUserId(), userRestriction))

                    .thenReturn(enforcingAdmin);



            mHelper.setDisabledByAdmin(new RestrictedLockUtils.EnforcedAdmin(/* component */ null,

                    userRestriction, UserHandle.of(UserHandle.myUserId())));



            assertWithMessage(authority + " is not an advanced protection authority")

                    .that(mHelper.isRestrictionEnforcedByAdvancedProtection())

                    .isFalse();

        }

    }



    @RequiresFlagsEnabled(android.security.Flags.FLAG_AAPM_API)

    @Test

    public void isRestrictionEnforcedByAdvancedProtection_enforced_returnsTrue() {

        final EnforcingAdmin advancedProtectionEnforcingAdmin = new EnforcingAdmin(mPackage,

                mAdvancedProtectionAuthority, UserHandle.of(UserHandle.myUserId()), mAdmin);

        final String userRestriction = UserManager.DISALLOW_UNINSTALL_APPS;



        when(mDevicePolicyManager.getEnforcingAdmin(UserHandle.myUserId(), userRestriction))

                .thenReturn(advancedProtectionEnforcingAdmin);



        mHelper.setDisabledByAdmin(new RestrictedLockUtils.EnforcedAdmin(/* component */ null,

                userRestriction, UserHandle.of(UserHandle.myUserId())));



        assertThat(mHelper.isRestrictionEnforcedByAdvancedProtection()).isTrue();

    }

}