Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a30fb7ea authored by Azhara Assanova's avatar Azhara Assanova
Browse files

[AAPM] Update SPA settings to show advanced protection strings 

Note that the logic for disabling the toggle is handled by
RestrictedLockUtilsInternal#checkIfRestrictionEnforced in Change-Id
If931dcddad508f88aac1280b587da4767b937875.

Bug: 369361373
Test: manual
Test: RestrictedModeTest
Test: TogglePermissionAppListPageTest
Flag: android.security.aapm_api
Change-Id: Ie03348b392fb4da3d3ae4960b2f1afb078a74f90
parent e9727237

packages/SettingsLib/SpaPrivileged/src/com/android/settingslib/spaprivileged/model/enterprise/EnterpriseRepository.kt

+19 −0
Original line number Diff line number Diff line
@@ -22,10 +22,14 @@ import android.app.admin.DevicePolicyResources.Strings.Settings.WORK_CATEGORY_HE 
import android.content.Context

import android.content.pm.UserInfo

import com.android.settingslib.R

import com.android.settingslib.RestrictedLockUtils

import com.android.settingslib.RestrictedLockUtilsInternal

import com.android.settingslib.spaprivileged.framework.common.devicePolicyManager



interface IEnterpriseRepository {

    fun getEnterpriseString(updatableStringId: String, resId: Int): String

    fun getAdminSummaryString(advancedProtectionStringId: Int, updatableStringId: String,

        resId: Int, enforcedAdmin: RestrictedLockUtils.EnforcedAdmin?, userId: Int): String

}



class EnterpriseRepository(private val context: Context) : IEnterpriseRepository {
@@ -34,6 +38,21 @@ class EnterpriseRepository(private val context: Context) : IEnterpriseRepository 
    override fun getEnterpriseString(updatableStringId: String, resId: Int): String =

        checkNotNull(resources.getString(updatableStringId) { context.getString(resId) })



    override fun getAdminSummaryString(

        advancedProtectionStringId: Int,

        updatableStringId: String,

        resId: Int,

        enforcedAdmin: RestrictedLockUtils.EnforcedAdmin?,

        userId: Int

    ): String {

        return if (RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(context,

                enforcedAdmin?.enforcedRestriction, userId)) {

            context.getString(advancedProtectionStringId)

        } else {

            getEnterpriseString(updatableStringId, resId)

        }

    }



    fun getProfileTitle(userInfo: UserInfo): String = if (userInfo.isManagedProfile) {

        getEnterpriseString(WORK_CATEGORY_HEADER, R.string.category_work)

    } else if (userInfo.isPrivateProfile) {

packages/SettingsLib/SpaPrivileged/src/com/android/settingslib/spaprivileged/model/enterprise/RestrictedMode.kt

+9 −3
Original line number Diff line number Diff line
@@ -37,21 +37,27 @@ interface BlockedByEcm : RestrictedMode { 
    fun showRestrictedSettingsDetails()

}





internal data class BlockedByAdminImpl(

    private val context: Context,

    private val enforcedAdmin: RestrictedLockUtils.EnforcedAdmin,

    private val userId: Int,

    private val enterpriseRepository: IEnterpriseRepository = EnterpriseRepository(context),

) : BlockedByAdmin {

    override fun getSummary(checked: Boolean?) = when (checked) {

        true -> enterpriseRepository.getEnterpriseString(

        true -> enterpriseRepository.getAdminSummaryString(

            advancedProtectionStringId = R.string.enabled_by_advanced_protection,

            updatableStringId = Settings.ENABLED_BY_ADMIN_SWITCH_SUMMARY,

            resId = R.string.enabled_by_admin,

            enforcedAdmin = enforcedAdmin,

            userId = userId,

        )



        false -> enterpriseRepository.getEnterpriseString(

        false -> enterpriseRepository.getAdminSummaryString(

            advancedProtectionStringId = R.string.disabled_by_advanced_protection,

            updatableStringId = Settings.DISABLED_BY_ADMIN_SWITCH_SUMMARY,

            resId = R.string.disabled_by_admin,

            enforcedAdmin = enforcedAdmin,

            userId = userId,

        )



        else -> ""

packages/SettingsLib/SpaPrivileged/src/com/android/settingslib/spaprivileged/model/enterprise/RestrictionsProvider.kt

+5 −1
Original line number Diff line number Diff line
@@ -84,7 +84,11 @@ internal class RestrictionsProviderImpl( 
        for (key in restrictions.keys) {

            RestrictedLockUtilsInternal

                .checkIfRestrictionEnforced(context, key, restrictions.userId)

                ?.let { return BlockedByAdminImpl(context = context, enforcedAdmin = it) }

                ?.let { return BlockedByAdminImpl(

                    context = context,

                    enforcedAdmin = it,

                    userId = restrictions.userId

                ) }

        }



        restrictions.enhancedConfirmation?.let { ec ->

packages/SettingsLib/SpaPrivileged/tests/src/com/android/settingslib/spaprivileged/model/enterprise/RestrictedModeTest.kt

+143 −2
Original line number Diff line number Diff line
@@ -16,19 +16,49 @@ 


package com.android.settingslib.spaprivileged.model.enterprise



import android.app.admin.DevicePolicyManager

import android.app.admin.DevicePolicyResources.Strings.Settings

import android.app.admin.EnforcingAdmin

import android.content.Context

import android.platform.test.annotations.RequiresFlagsDisabled

import android.platform.test.annotations.RequiresFlagsEnabled

import android.platform.test.flag.junit.CheckFlagsRule

import android.platform.test.flag.junit.DeviceFlagsValueProvider

import android.security.Flags

import androidx.test.core.app.ApplicationProvider

import androidx.test.ext.junit.runners.AndroidJUnit4

import com.android.settingslib.RestrictedLockUtils

import com.android.settingslib.RestrictedLockUtilsInternal

import com.android.settingslib.spaprivileged.framework.common.devicePolicyManager

import com.android.settingslib.spaprivileged.tests.testutils.getEnforcingAdminAdvancedProtection

import com.android.settingslib.spaprivileged.tests.testutils.getEnforcingAdminNotAdvancedProtection

import com.android.settingslib.widget.restricted.R

import com.google.common.truth.Truth.assertThat

import org.junit.Before

import org.junit.Rule

import org.junit.Test

import org.junit.runner.RunWith

import org.mockito.Mock

import org.mockito.Spy

import org.mockito.junit.MockitoJUnit

import org.mockito.junit.MockitoRule

import org.mockito.kotlin.whenever



@RunWith(AndroidJUnit4::class)

class RestrictedModeTest {

    @Rule

    @JvmField

    val mCheckFlagsRule: CheckFlagsRule = DeviceFlagsValueProvider.createCheckFlagsRule()



    @get:Rule

    val mockito: MockitoRule = MockitoJUnit.rule()



    @Spy

    private val context: Context = ApplicationProvider.getApplicationContext()



    @Mock

    private lateinit var devicePolicyManager: DevicePolicyManager



    private val fakeEnterpriseRepository = object : IEnterpriseRepository {

        override fun getEnterpriseString(updatableStringId: String, resId: Int): String =

            when (updatableStringId) {
@@ -36,20 +66,123 @@ class RestrictedModeTest { 
                Settings.DISABLED_BY_ADMIN_SWITCH_SUMMARY -> DISABLED_BY_ADMIN

                else -> ""

            }



        override fun getAdminSummaryString(

            advancedProtectionStringId: Int,

            updatableStringId: String,

            resId: Int,

            enforcedAdmin: RestrictedLockUtils.EnforcedAdmin?,

            userId: Int

        ): String {

            if (RestrictedLockUtilsInternal.isPolicyEnforcedByAdvancedProtection(context,

                    RESTRICTION, userId)) {

                return when (advancedProtectionStringId) {

                    R.string.enabled_by_advanced_protection -> ENABLED_BY_ADVANCED_PROTECTION

                    R.string.disabled_by_advanced_protection -> DISABLED_BY_ADVANCED_PROTECTION

                    else -> ""

                }

            }

            return getEnterpriseString(updatableStringId, resId)

        }

    }



    @Before

    fun setUp() {

        whenever(context.devicePolicyManager).thenReturn(devicePolicyManager)

    }



    @RequiresFlagsDisabled(Flags.FLAG_AAPM_API)

    @Test

    fun blockedByAdmin_getSummaryWhenChecked() {

        val blockedByAdmin = BlockedByAdminImpl(context, ENFORCED_ADMIN, fakeEnterpriseRepository)

        val blockedByAdmin = BlockedByAdminImpl(context, ENFORCED_ADMIN, USER_ID,

            fakeEnterpriseRepository)



        val summary = blockedByAdmin.getSummary(true)



        assertThat(summary).isEqualTo(ENABLED_BY_ADMIN)

    }



    @RequiresFlagsDisabled(Flags.FLAG_AAPM_API)

    @Test

    fun blockedByAdmin_getSummaryNotWhenChecked() {

        val blockedByAdmin = BlockedByAdminImpl(context, ENFORCED_ADMIN, fakeEnterpriseRepository)

        val blockedByAdmin = BlockedByAdminImpl(context, ENFORCED_ADMIN, USER_ID,

            fakeEnterpriseRepository)



        val summary = blockedByAdmin.getSummary(false)



        assertThat(summary).isEqualTo(DISABLED_BY_ADMIN)

    }



    @RequiresFlagsEnabled(Flags.FLAG_AAPM_API)

    @Test

    fun blockedByAdmin_disabledByAdvancedProtection_getSummaryWhenChecked() {

        val blockedByAdmin =

            BlockedByAdminImpl(

                context = context,

                enforcedAdmin = ENFORCED_ADMIN,

                enterpriseRepository = fakeEnterpriseRepository,

                userId = USER_ID,

            )



        whenever(devicePolicyManager.getEnforcingAdmin(USER_ID, RESTRICTION))

            .thenReturn(ENFORCING_ADMIN_ADVANCED_PROTECTION)



        val summary = blockedByAdmin.getSummary(true)



        assertThat(summary).isEqualTo(ENABLED_BY_ADVANCED_PROTECTION)

    }



    @RequiresFlagsEnabled(Flags.FLAG_AAPM_API)

    @Test

    fun blockedByAdmin_disabledByAdvancedProtection_getSummaryWhenNotChecked() {

        val blockedByAdmin =

            BlockedByAdminImpl(

                context = context,

                enforcedAdmin = ENFORCED_ADMIN,

                enterpriseRepository = fakeEnterpriseRepository,

                userId = USER_ID,

            )



        whenever(devicePolicyManager.getEnforcingAdmin(USER_ID, RESTRICTION))

            .thenReturn(ENFORCING_ADMIN_ADVANCED_PROTECTION)



        val summary = blockedByAdmin.getSummary(false)



        assertThat(summary).isEqualTo(DISABLED_BY_ADVANCED_PROTECTION)

    }



    @RequiresFlagsEnabled(Flags.FLAG_AAPM_API)

    @Test

    fun blockedByAdmin_notDisabledByAdvancedProtection_getSummaryWhenChecked() {

        val blockedByAdmin =

            BlockedByAdminImpl(

                context = context,

                enforcedAdmin = ENFORCED_ADMIN,

                enterpriseRepository = fakeEnterpriseRepository,

                userId = USER_ID,

            )



        whenever(devicePolicyManager.getEnforcingAdmin(USER_ID, RESTRICTION))

            .thenReturn(ENFORCING_ADMIN_NOT_ADVANCED_PROTECTION)



        val summary = blockedByAdmin.getSummary(true)



        assertThat(summary).isEqualTo(ENABLED_BY_ADMIN)

    }



    @RequiresFlagsEnabled(Flags.FLAG_AAPM_API)

    @Test

    fun blockedByAdmin_notDisabledByAdvancedProtection_getSummaryWhenNotChecked() {

        val blockedByAdmin =

            BlockedByAdminImpl(

                context = context,

                enforcedAdmin = ENFORCED_ADMIN,

                enterpriseRepository = fakeEnterpriseRepository,

                userId = USER_ID,

            )



        whenever(devicePolicyManager.getEnforcingAdmin(USER_ID, RESTRICTION))

            .thenReturn(ENFORCING_ADMIN_NOT_ADVANCED_PROTECTION)



        val summary = blockedByAdmin.getSummary(false)
@@ -57,11 +190,19 @@ class RestrictedModeTest { 
    }



    private companion object {

        const val PACKAGE_NAME = "package.name"

        const val RESTRICTION = "restriction"

        const val USER_ID = 0

        val ENFORCED_ADMIN: RestrictedLockUtils.EnforcedAdmin =

            RestrictedLockUtils.EnforcedAdmin.createDefaultEnforcedAdminWithRestriction(RESTRICTION)

        val ENFORCING_ADMIN_ADVANCED_PROTECTION: EnforcingAdmin =

            getEnforcingAdminAdvancedProtection(PACKAGE_NAME, USER_ID)

        val ENFORCING_ADMIN_NOT_ADVANCED_PROTECTION: EnforcingAdmin =

            getEnforcingAdminNotAdvancedProtection(PACKAGE_NAME, USER_ID)



        const val ENABLED_BY_ADMIN = "Enabled by admin"

        const val DISABLED_BY_ADMIN = "Disabled by admin"

        const val ENABLED_BY_ADVANCED_PROTECTION = "Enabled by advanced protection"

        const val DISABLED_BY_ADVANCED_PROTECTION = "Disabled by advanced protection"

    }

}

packages/SettingsLib/SpaPrivileged/tests/src/com/android/settingslib/spaprivileged/template/app/TogglePermissionAppListPageTest.kt

+101 −1
Original line number Diff line number Diff line
@@ -16,8 +16,17 @@ 


package com.android.settingslib.spaprivileged.template.app



import android.app.admin.DevicePolicyManager

import android.app.admin.DevicePolicyResources.Strings.Settings

import android.app.admin.DevicePolicyResourcesManager

import android.app.admin.EnforcingAdmin

import android.content.Context

import android.content.pm.ApplicationInfo

import android.platform.test.annotations.RequiresFlagsDisabled

import android.platform.test.annotations.RequiresFlagsEnabled

import android.platform.test.flag.junit.CheckFlagsRule

import android.platform.test.flag.junit.DeviceFlagsValueProvider

import android.security.Flags

import androidx.compose.runtime.CompositionLocalProvider

import androidx.compose.ui.platform.LocalContext

import androidx.compose.ui.test.assertIsDisplayed
@@ -29,28 +38,59 @@ import androidx.test.ext.junit.runners.AndroidJUnit4 
import com.android.settingslib.RestrictedLockUtils

import com.android.settingslib.spa.testutils.FakeNavControllerWrapper

import com.android.settingslib.spaprivileged.R

import com.android.settingslib.spaprivileged.framework.common.devicePolicyManager

import com.android.settingslib.spaprivileged.framework.compose.getPlaceholder

import com.android.settingslib.spaprivileged.model.enterprise.BlockedByAdminImpl

import com.android.settingslib.spaprivileged.model.enterprise.NoRestricted

import com.android.settingslib.spaprivileged.tests.testutils.FakeRestrictionsProvider

import com.android.settingslib.spaprivileged.tests.testutils.TestAppRecord

import com.android.settingslib.spaprivileged.tests.testutils.TestTogglePermissionAppListModel

import com.android.settingslib.spaprivileged.tests.testutils.getEnforcingAdminAdvancedProtection

import com.android.settingslib.spaprivileged.tests.testutils.getEnforcingAdminNotAdvancedProtection

import com.google.common.truth.Truth.assertThat

import org.junit.Before

import org.junit.Rule

import org.junit.Test

import org.junit.runner.RunWith

import org.mockito.Mock

import org.mockito.Spy

import org.mockito.junit.MockitoJUnit

import org.mockito.junit.MockitoRule

import org.mockito.kotlin.any

import org.mockito.kotlin.eq

import org.mockito.kotlin.whenever



@RunWith(AndroidJUnit4::class)

class TogglePermissionAppListPageTest {

    @Rule

    @JvmField

    val mCheckFlagsRule: CheckFlagsRule = DeviceFlagsValueProvider.createCheckFlagsRule()



    @get:Rule

    val composeTestRule = createComposeRule()



    @get:Rule

    val mockito: MockitoRule = MockitoJUnit.rule()



    @Mock

    private lateinit var devicePolicyManager: DevicePolicyManager



    @Mock

    private lateinit var devicePolicyResourcesManager: DevicePolicyResourcesManager



    @Spy

    private val context: Context = ApplicationProvider.getApplicationContext()



    private val fakeNavControllerWrapper = FakeNavControllerWrapper()



    private val fakeRestrictionsProvider = FakeRestrictionsProvider()



    @Before

    fun setUp() {

        whenever(context.devicePolicyManager).thenReturn(devicePolicyManager)

        whenever(devicePolicyManager.resources).thenReturn(devicePolicyResourcesManager)

    }



    @Test

    fun pageTitle() {

        val listModel = TestTogglePermissionAppListModel()
@@ -98,10 +138,65 @@ class TogglePermissionAppListPageTest { 
        assertThat(summary).isEqualTo(context.getPlaceholder())

    }



    @RequiresFlagsDisabled(Flags.FLAG_AAPM_API)

    @Test

    fun summary_whenAllowedButAdminOverrideToNotAllowed() {

        fakeRestrictionsProvider.restrictedMode =

            BlockedByAdminImpl(context = context, enforcedAdmin = ENFORCED_ADMIN)

            BlockedByAdminImpl(context = context, enforcedAdmin = ENFORCED_ADMIN, userId = USER_ID)

        val listModel =

            TestTogglePermissionAppListModel(

                isAllowed = true,

                switchifBlockedByAdminOverrideCheckedValueTo = false,

            )



        val summary = getSummary(listModel)



        assertThat(summary)

            .isEqualTo(

                context.getString(

                    com.android.settingslib.widget.restricted.R.string.disabled_by_admin

                )

            )

    }



    @RequiresFlagsEnabled(Flags.FLAG_AAPM_API)

    @Test

    fun summary_disabledByAdvancedProtection_whenAllowedButAdminOverrideToNotAllowed() {

        whenever(devicePolicyManager.getEnforcingAdmin(USER_ID, RESTRICTION))

            .thenReturn(ENFORCING_ADMIN_ADVANCED_PROTECTION)



        fakeRestrictionsProvider.restrictedMode =

            BlockedByAdminImpl(context = context, enforcedAdmin = ENFORCED_ADMIN, userId = USER_ID)

        val listModel =

            TestTogglePermissionAppListModel(

                isAllowed = true,

                switchifBlockedByAdminOverrideCheckedValueTo = false,

            )



        val summary = getSummary(listModel)



        assertThat(summary)

            .isEqualTo(

                context.getString(

                    com.android.settingslib.widget.restricted.R.string

                        .disabled_by_advanced_protection

                )

            )

    }



    @RequiresFlagsEnabled(Flags.FLAG_AAPM_API)

    @Test

    fun summary_notDisabledByAdvancedProtection_whenAllowedButAdminOverrideToNotAllowed() {

        val disabledByAdminText = context.getString(

            com.android.settingslib.widget.restricted.R.string.disabled_by_admin

        )

        whenever(devicePolicyManager.getEnforcingAdmin(USER_ID, RESTRICTION))

            .thenReturn(ENFORCING_ADMIN_NOT_ADVANCED_PROTECTION)

        whenever(devicePolicyResourcesManager.getString(

            eq(Settings.DISABLED_BY_ADMIN_SWITCH_SUMMARY), any())).thenReturn(disabledByAdminText)



        fakeRestrictionsProvider.restrictedMode =

            BlockedByAdminImpl(context = context, enforcedAdmin = ENFORCED_ADMIN, userId = USER_ID)

        val listModel =

            TestTogglePermissionAppListModel(

                isAllowed = true,
@@ -186,7 +281,12 @@ class TogglePermissionAppListPageTest { 
        const val SUMMARY = "Summary"

        val APP = ApplicationInfo().apply { packageName = PACKAGE_NAME }

        const val RESTRICTION = "restriction"

        const val USER_ID = 0

        val ENFORCED_ADMIN: RestrictedLockUtils.EnforcedAdmin =

            RestrictedLockUtils.EnforcedAdmin.createDefaultEnforcedAdminWithRestriction(RESTRICTION)

        val ENFORCING_ADMIN_ADVANCED_PROTECTION: EnforcingAdmin =

            getEnforcingAdminAdvancedProtection(PACKAGE_NAME, USER_ID)

        val ENFORCING_ADMIN_NOT_ADVANCED_PROTECTION: EnforcingAdmin =

            getEnforcingAdminNotAdvancedProtection(PACKAGE_NAME, USER_ID)

    }

}