Merge "Consolidate checking of superivsion configs." into tm-dev am: 58bda6d5 am: 79a0d4a8

                    return poComponent;

                    return poComponent;

                }

                }

            }

            }

            final String supervisor = mContext.getResources().getString(

                    com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);

            // Check profile owner first as that is what most likely is set.

            if (supervisor == null) {

            if (isSupervisionComponent(poComponent)) {

                return null;

                return poComponent;

            }

            }

            final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor);

            if (supervisorComponent == null) {

            if (isSupervisionComponent(doComponent)) {

                return null;

                return doComponent;

            }

            }

            if (supervisorComponent.equals(doComponent) || supervisorComponent.equals(

                    poComponent)) {

                return supervisorComponent;

            } else {

            return null;

            return null;

        }

        }

    }

    }

    private boolean isSupervisionComponent(@Nullable ComponentName who) {

        if (who == null) {

            return false;

        }

        final String configComponent = mContext.getResources().getString(

                com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);

        if (configComponent != null) {

            final ComponentName componentName = ComponentName.unflattenFromString(configComponent);

            if (who.equals(componentName)) {

                return true;

            }

        }

        // Check the system supervision role.

        final String configPackage = mContext.getResources().getString(

                com.android.internal.R.string.config_systemSupervision);

        return who.getPackageName().equals(configPackage);

    }

    }

    @Override

    @Override

                    "Cannot set the profile owner on a user which is already set-up");

                    "Cannot set the profile owner on a user which is already set-up");

            if (!mIsWatch) {

            if (!mIsWatch) {

                final String supervisionRolePackage = mContext.getResources().getString(

                if (!isSupervisionComponent(owner)) {

                        com.android.internal.R.string.config_systemSupervision);

                // Only the default supervision profile owner or supervision role holder

                // can be set as profile owner after SUW

                final String supervisor = mContext.getResources().getString(

                        com.android.internal.R.string

                                .config_defaultSupervisionProfileOwnerComponent);

                if (supervisor == null && supervisionRolePackage == null) {

                    throw new IllegalStateException("Unable to set profile owner post-setup, no"

                            + "default supervisor profile owner defined");

                }

                final ComponentName supervisorComponent = ComponentName.unflattenFromString(

                        supervisor);

                if (!owner.equals(supervisorComponent)

                        && !owner.getPackageName().equals(supervisionRolePackage)) {

                    throw new IllegalStateException("Unable to set non-default profile owner"

                    throw new IllegalStateException("Unable to set non-default profile owner"

                            + " post-setup " + owner);

                            + " post-setup " + owner);

                }

                }

        synchronized (getLockObject()) {

        synchronized (getLockObject()) {

            // Allow testOnly admins to bypass supervision config requirement.

            // Allow testOnly admins to bypass supervision config requirement.

            Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId())

            Preconditions.checkCallAuthorization(isAdminTestOnlyLocked(who, caller.getUserId())

                    || isDefaultSupervisor(caller), "Admin %s is not the "

                    || isSupervisionComponent(caller.getComponentName()), "Admin %s is not the "

                    + "default supervision component", caller.getComponentName());

                    + "default supervision component", caller.getComponentName());

            DevicePolicyData policy = getUserData(caller.getUserId());

            DevicePolicyData policy = getUserData(caller.getUserId());

            policy.mSecondaryLockscreenEnabled = enabled;

            policy.mSecondaryLockscreenEnabled = enabled;

        return isProfileOwner(caller) && isManagedProfile(caller.getUserId());

        return isProfileOwner(caller) && isManagedProfile(caller.getUserId());

    }

    }

    private boolean isDefaultSupervisor(CallerIdentity caller) {

        final String supervisor = mContext.getResources().getString(

                com.android.internal.R.string.config_defaultSupervisionProfileOwnerComponent);

        if (supervisor == null) {

            return false;

        }

        final ComponentName supervisorComponent = ComponentName.unflattenFromString(supervisor);

        return caller.getComponentName().equals(supervisorComponent);

    }

    @Override

    @Override

    public void setPreferentialNetworkServiceConfigs(

    public void setPreferentialNetworkServiceConfigs(

            List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) {

            List<PreferentialNetworkServiceConfig> preferentialNetworkServiceConfigs) {

                    return false;

                    return false;

                }

                }

                final String supervisionString = mContext.getResources().getString(

                return isSupervisionComponent(admin.info.getComponent());

                        com.android.internal.R.string

                                .config_defaultSupervisionProfileOwnerComponent);

                if (supervisionString == null) {

                    return false;

                }

                final ComponentName supervisorComponent = ComponentName.unflattenFromString(

                        supervisionString);

                return admin.info.getComponent().equals(supervisorComponent);

            }

            }

        }

        }

    }

    }

    @Test

    @Test

    public void testIsActiveSupervisionApp() throws Exception {

    public void testSupervisionConfig() throws Exception {

        when(mServiceContext.resources

        final int uid = UserHandle.getUid(15, 19436);

                .getString(R.string.config_defaultSupervisionProfileOwnerComponent))

        addManagedProfile(admin1, uid, admin1);

                .thenReturn(admin1.flattenToString());

        mContext.binder.callingUid = uid;

        final int PROFILE_USER = 15;

        verifySupervisionConfig(uid, null, null);

        final int PROFILE_ADMIN = UserHandle.getUid(PROFILE_USER, 19436);

        verifySupervisionConfig(uid, "", null);

        addManagedProfile(admin1, PROFILE_ADMIN, admin1);

        verifySupervisionConfig(uid, null, "");

        mContext.binder.callingUid = PROFILE_ADMIN;

        verifySupervisionConfig(uid, "", "");

        verifySupervisionConfig(uid, admin1.flattenToString(), null);

        verifySupervisionConfig(uid, admin1.flattenToString(), "");

        verifySupervisionConfig(uid, null, admin1.getPackageName());

        verifySupervisionConfig(uid, "", admin1.getPackageName());

    }

    private void verifySupervisionConfig(

            int uid , String configComponentName, String configPackageName) {

        final boolean isAdmin = admin1.flattenToString().equals(configComponentName)

                || admin1.getPackageName().equals(configPackageName);

        final UserHandle user = UserHandle.getUserHandleForUid(uid);

        final DevicePolicyManagerInternal dpmi =

        final DevicePolicyManagerInternal dpmi =

                LocalServices.getService(DevicePolicyManagerInternal.class);

                LocalServices.getService(DevicePolicyManagerInternal.class);

        assertThat(dpmi.isActiveSupervisionApp(PROFILE_ADMIN)).isTrue();

        when(mServiceContext.resources

                .getString(R.string.config_defaultSupervisionProfileOwnerComponent))

                .thenReturn(configComponentName);

        when(mServiceContext.resources

                .getString(R.string.config_systemSupervision))

                .thenReturn(configPackageName);

        if (isAdmin) {

            assertThat(dpmi.isActiveSupervisionApp(uid)).isTrue();

            assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user))

                        .isEqualTo(admin1);

        } else {

            assertThat(dpmi.isActiveSupervisionApp(uid)).isFalse();

            assertThat(dpm.getProfileOwnerOrDeviceOwnerSupervisionComponent(user)).isNull();

        }

    }

    }

    // Test if lock timeout on managed profile is handled correctly depending on whether profile

    // Test if lock timeout on managed profile is handled correctly depending on whether profile