Loading packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java +78 −89 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.settingslib; import android.annotation.UserIdInt; import android.app.AppGlobals; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; Loading Loading @@ -118,21 +119,25 @@ public class RestrictedLockUtils { */ public static EnforcedAdmin checkIfKeyguardFeaturesDisabled(Context context, int keyguardFeatures, int userId) { final LockSettingCheck check = (DevicePolicyManager dpm, ComponentName admin, @UserIdInt int checkUser) -> (dpm.getKeyguardDisabledFeatures(admin, checkUser) & keyguardFeatures) != 0; final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { return null; } final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE); LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; if (um.getUserInfo(userId).isManagedProfile()) { final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId); if (admins == null) { return null; } EnforcedAdmin enforcedAdmin = null; for (ComponentName admin : admins) { if ((dpm.getKeyguardDisabledFeatures(admin, userId) & keyguardFeatures) != 0) { if (check.isEnforcing(dpm, admin, userId)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userId); } else { Loading @@ -140,50 +145,11 @@ public class RestrictedLockUtils { } } } return enforcedAdmin; } else { // Consider all admins for this user and the profiles that are visible from this // user that do not use a separate work challenge. for (UserInfo userInfo : um.getProfiles(userId)) { final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id); if (admins == null) { continue; } final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id); for (ComponentName admin : admins) { if (!isSeparateProfileChallengeEnabled) { if ((dpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } // This same admins could have set policies both on the managed profile // and on the parent. So, if the admin has set the policy on the // managed profile here, we don't need to further check if that admin // has set policy on the parent admin. continue; } } if (userInfo.isManagedProfile()) { // If userInfo.id is a managed profile, we also need to look at // the policies set on the parent. DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if ((parentDpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; return checkForLockSetting(context, userId, check); } } } } } } return enforcedAdmin; } public static EnforcedAdmin checkIfUninstallBlocked(Context context, String packageName, int userId) { Loading Loading @@ -383,6 +349,11 @@ public class RestrictedLockUtils { * */ public static EnforcedAdmin checkIfPasswordQualityIsSet(Context context, int userId) { final LockSettingCheck check = (DevicePolicyManager dpm, ComponentName admin, @UserIdInt int checkUser) -> dpm.getPasswordQuality(admin, checkUser) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { Loading @@ -390,7 +361,6 @@ public class RestrictedLockUtils { } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; if (lockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { // userId is managed profile and has a separate challenge, only consider // the admins in that user. Loading @@ -398,9 +368,9 @@ public class RestrictedLockUtils { if (admins == null) { return null; } EnforcedAdmin enforcedAdmin = null; for (ComponentName admin : admins) { if (dpm.getPasswordQuality(admin, userId) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { if (check.isEnforcing(dpm, admin, userId)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userId); } else { Loading @@ -408,21 +378,42 @@ public class RestrictedLockUtils { } } } return enforcedAdmin; } else { // Return all admins for this user and the profiles that are visible from this // user that do not use a separate work challenge. final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE); for (UserInfo userInfo : um.getProfiles(userId)) { return checkForLockSetting(context, userId, check); } } /** * Checks if any admin has set maximum time to lock. * * @return EnforcedAdmin Object containing the enforced admin component and admin user details, * or {@code null} if no admin has set this restriction. If multiple admins has set this, then * the admin component will be set to {@code null} and userId to {@link UserHandle#USER_NULL} */ public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) { final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { return null; } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; final int userId = UserHandle.myUserId(); final UserManager um = UserManager.get(context); final List<UserInfo> profiles = um.getProfiles(userId); final int profilesSize = profiles.size(); // As we do not have a separate screen lock timeout settings for work challenge, // we need to combine all profiles maximum time to lock even work challenge is // enabled. for (int i = 0; i < profilesSize; i++) { final UserInfo userInfo = profiles.get(i); final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id); if (admins == null) { continue; } final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id); for (ComponentName admin : admins) { if (!isSeparateProfileChallengeEnabled) { if (dpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { if (dpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading @@ -434,13 +425,11 @@ public class RestrictedLockUtils { // has set policy on the parent admin. continue; } } if (userInfo.isManagedProfile()) { // If userInfo.id is a managed profile, we also need to look at // the policies set on the parent. DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if (parentDpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if (parentDpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading @@ -450,40 +439,39 @@ public class RestrictedLockUtils { } } } } return enforcedAdmin; } private interface LockSettingCheck { boolean isEnforcing(DevicePolicyManager dpm, ComponentName admin, @UserIdInt int userId); } /** * Checks if any admin has set maximum time to lock. * * @return EnforcedAdmin Object containing the enforced admin component and admin user details, * or {@code null} if no admin has set this restriction. If multiple admins has set this, then * the admin component will be set to {@code null} and userId to {@link UserHandle#USER_NULL} * Checks whether any of the user's profiles enforce the lock setting. A managed profile is only * included if it does not have a separate challenege but the settings for it's parent (i.e. the * user being checked) are always included. */ public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) { private static EnforcedAdmin checkForLockSetting( Context context, @UserIdInt int userId, LockSettingCheck check) { final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { return null; } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); final LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; final int userId = UserHandle.myUserId(); final UserManager um = UserManager.get(context); final List<UserInfo> profiles = um.getProfiles(userId); final int profilesSize = profiles.size(); // As we do not have a separate screen lock timeout settings for work challenge, // we need to combine all profiles maximum time to lock even work challenge is // enabled. for (int i = 0; i < profilesSize; i++) { final UserInfo userInfo = profiles.get(i); // Return all admins for this user and the profiles that are visible from this // user that do not use a separate work challenge. for (UserInfo userInfo : UserManager.get(context).getProfiles(userId)) { final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id); if (admins == null) { continue; } final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id); for (ComponentName admin : admins) { if (dpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (!isSeparateProfileChallengeEnabled) { if (check.isEnforcing(dpm, admin, userInfo.id)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading @@ -495,11 +483,12 @@ public class RestrictedLockUtils { // has set policy on the parent admin. continue; } } if (userInfo.isManagedProfile()) { // If userInfo.id is a managed profile, we also need to look at // the policies set on the parent. final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if (parentDpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (check.isEnforcing(parentDpm, admin, userInfo.id)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java 0 → 100644 +120 −0 Original line number Diff line number Diff line /* * Copyright (C) 2016 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.settingslib; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; import android.content.Context; import android.content.pm.UserInfo; import android.os.UserManager; import com.android.internal.util.ArrayUtils; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.robolectric.RobolectricTestRunner; import org.robolectric.annotation.Config; import java.util.Arrays; import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT; import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_REMOTE_INPUT; import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; import static com.google.common.truth.Truth.assertThat; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.when; @RunWith(RobolectricTestRunner.class) @Config(manifest = TestConfig.MANIFEST_PATH, sdk = TestConfig.SDK_VERSION) public class RestrictedLockUtilsTest { @Mock private Context mContext; @Mock private DevicePolicyManager mDevicePolicyManager; @Mock private UserManager mUserManager; private static final int mUserId = 194; private static final ComponentName mAdmin1 = new ComponentName("admin1", "admin1class"); private static final ComponentName mAdmin2 = new ComponentName("admin2", "admin2class"); @Before public void setUp() { MockitoAnnotations.initMocks(this); when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)) .thenReturn(mDevicePolicyManager); when(mContext.getSystemService(Context.USER_SERVICE)) .thenReturn(mUserManager); } @Test public void checkIfKeyguardFeaturesDisabled_noEnforcedAdminForManagedProfile() { setUpManagedProfile(mUserId); setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); assertThat(enforcedAdmin).isEqualTo(null); } @Test public void checkIfKeyguardFeaturesDisabled_oneEnforcedAdminForManagedProfile() { setUpManagedProfile(mUserId); setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, mUserId)); } @Test public void checkIfKeyguardFeaturesDisabled_multipleEnforcedAdminForManagedProfile() { setUpManagedProfile(mUserId); setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mUserId)) .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId); assertThat(enforcedAdmin).isEqualTo(EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN); } private UserInfo setUpManagedProfile(int userId) { final UserInfo userInfo = new UserInfo(userId, "myuser", UserInfo.FLAG_MANAGED_PROFILE); when(mUserManager.getUserInfo(userId)).thenReturn(userInfo); return userInfo; } private void setUpActiveAdmins(int userId, ComponentName[] activeAdmins) { when(mDevicePolicyManager.getActiveAdminsAsUser(userId)) .thenReturn(Arrays.asList(activeAdmins)); } } Loading
packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java +78 −89 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ package com.android.settingslib; import android.annotation.UserIdInt; import android.app.AppGlobals; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; Loading Loading @@ -118,21 +119,25 @@ public class RestrictedLockUtils { */ public static EnforcedAdmin checkIfKeyguardFeaturesDisabled(Context context, int keyguardFeatures, int userId) { final LockSettingCheck check = (DevicePolicyManager dpm, ComponentName admin, @UserIdInt int checkUser) -> (dpm.getKeyguardDisabledFeatures(admin, checkUser) & keyguardFeatures) != 0; final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { return null; } final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE); LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; if (um.getUserInfo(userId).isManagedProfile()) { final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId); if (admins == null) { return null; } EnforcedAdmin enforcedAdmin = null; for (ComponentName admin : admins) { if ((dpm.getKeyguardDisabledFeatures(admin, userId) & keyguardFeatures) != 0) { if (check.isEnforcing(dpm, admin, userId)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userId); } else { Loading @@ -140,50 +145,11 @@ public class RestrictedLockUtils { } } } return enforcedAdmin; } else { // Consider all admins for this user and the profiles that are visible from this // user that do not use a separate work challenge. for (UserInfo userInfo : um.getProfiles(userId)) { final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id); if (admins == null) { continue; } final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id); for (ComponentName admin : admins) { if (!isSeparateProfileChallengeEnabled) { if ((dpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; } // This same admins could have set policies both on the managed profile // and on the parent. So, if the admin has set the policy on the // managed profile here, we don't need to further check if that admin // has set policy on the parent admin. continue; } } if (userInfo.isManagedProfile()) { // If userInfo.id is a managed profile, we also need to look at // the policies set on the parent. DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if ((parentDpm.getKeyguardDisabledFeatures(admin, userInfo.id) & keyguardFeatures) != 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN; return checkForLockSetting(context, userId, check); } } } } } } return enforcedAdmin; } public static EnforcedAdmin checkIfUninstallBlocked(Context context, String packageName, int userId) { Loading Loading @@ -383,6 +349,11 @@ public class RestrictedLockUtils { * */ public static EnforcedAdmin checkIfPasswordQualityIsSet(Context context, int userId) { final LockSettingCheck check = (DevicePolicyManager dpm, ComponentName admin, @UserIdInt int checkUser) -> dpm.getPasswordQuality(admin, checkUser) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED; final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { Loading @@ -390,7 +361,6 @@ public class RestrictedLockUtils { } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; if (lockPatternUtils.isSeparateProfileChallengeEnabled(userId)) { // userId is managed profile and has a separate challenge, only consider // the admins in that user. Loading @@ -398,9 +368,9 @@ public class RestrictedLockUtils { if (admins == null) { return null; } EnforcedAdmin enforcedAdmin = null; for (ComponentName admin : admins) { if (dpm.getPasswordQuality(admin, userId) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { if (check.isEnforcing(dpm, admin, userId)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userId); } else { Loading @@ -408,21 +378,42 @@ public class RestrictedLockUtils { } } } return enforcedAdmin; } else { // Return all admins for this user and the profiles that are visible from this // user that do not use a separate work challenge. final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE); for (UserInfo userInfo : um.getProfiles(userId)) { return checkForLockSetting(context, userId, check); } } /** * Checks if any admin has set maximum time to lock. * * @return EnforcedAdmin Object containing the enforced admin component and admin user details, * or {@code null} if no admin has set this restriction. If multiple admins has set this, then * the admin component will be set to {@code null} and userId to {@link UserHandle#USER_NULL} */ public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) { final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { return null; } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; final int userId = UserHandle.myUserId(); final UserManager um = UserManager.get(context); final List<UserInfo> profiles = um.getProfiles(userId); final int profilesSize = profiles.size(); // As we do not have a separate screen lock timeout settings for work challenge, // we need to combine all profiles maximum time to lock even work challenge is // enabled. for (int i = 0; i < profilesSize; i++) { final UserInfo userInfo = profiles.get(i); final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id); if (admins == null) { continue; } final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id); for (ComponentName admin : admins) { if (!isSeparateProfileChallengeEnabled) { if (dpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { if (dpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading @@ -434,13 +425,11 @@ public class RestrictedLockUtils { // has set policy on the parent admin. continue; } } if (userInfo.isManagedProfile()) { // If userInfo.id is a managed profile, we also need to look at // the policies set on the parent. DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if (parentDpm.getPasswordQuality(admin, userInfo.id) > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if (parentDpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading @@ -450,40 +439,39 @@ public class RestrictedLockUtils { } } } } return enforcedAdmin; } private interface LockSettingCheck { boolean isEnforcing(DevicePolicyManager dpm, ComponentName admin, @UserIdInt int userId); } /** * Checks if any admin has set maximum time to lock. * * @return EnforcedAdmin Object containing the enforced admin component and admin user details, * or {@code null} if no admin has set this restriction. If multiple admins has set this, then * the admin component will be set to {@code null} and userId to {@link UserHandle#USER_NULL} * Checks whether any of the user's profiles enforce the lock setting. A managed profile is only * included if it does not have a separate challenege but the settings for it's parent (i.e. the * user being checked) are always included. */ public static EnforcedAdmin checkIfMaximumTimeToLockIsSet(Context context) { private static EnforcedAdmin checkForLockSetting( Context context, @UserIdInt int userId, LockSettingCheck check) { final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService( Context.DEVICE_POLICY_SERVICE); if (dpm == null) { return null; } LockPatternUtils lockPatternUtils = new LockPatternUtils(context); final LockPatternUtils lockPatternUtils = new LockPatternUtils(context); EnforcedAdmin enforcedAdmin = null; final int userId = UserHandle.myUserId(); final UserManager um = UserManager.get(context); final List<UserInfo> profiles = um.getProfiles(userId); final int profilesSize = profiles.size(); // As we do not have a separate screen lock timeout settings for work challenge, // we need to combine all profiles maximum time to lock even work challenge is // enabled. for (int i = 0; i < profilesSize; i++) { final UserInfo userInfo = profiles.get(i); // Return all admins for this user and the profiles that are visible from this // user that do not use a separate work challenge. for (UserInfo userInfo : UserManager.get(context).getProfiles(userId)) { final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id); if (admins == null) { continue; } final boolean isSeparateProfileChallengeEnabled = lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id); for (ComponentName admin : admins) { if (dpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (!isSeparateProfileChallengeEnabled) { if (check.isEnforcing(dpm, admin, userInfo.id)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading @@ -495,11 +483,12 @@ public class RestrictedLockUtils { // has set policy on the parent admin. continue; } } if (userInfo.isManagedProfile()) { // If userInfo.id is a managed profile, we also need to look at // the policies set on the parent. final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo); if (parentDpm.getMaximumTimeToLock(admin, userInfo.id) > 0) { if (check.isEnforcing(parentDpm, admin, userInfo.id)) { if (enforcedAdmin == null) { enforcedAdmin = new EnforcedAdmin(admin, userInfo.id); } else { Loading
packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java 0 → 100644 +120 −0 Original line number Diff line number Diff line /* * Copyright (C) 2016 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.settingslib; import android.app.admin.DevicePolicyManager; import android.content.ComponentName; import android.content.Context; import android.content.pm.UserInfo; import android.os.UserManager; import com.android.internal.util.ArrayUtils; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import org.robolectric.RobolectricTestRunner; import org.robolectric.annotation.Config; import java.util.Arrays; import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT; import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_REMOTE_INPUT; import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin; import static com.google.common.truth.Truth.assertThat; import static org.mockito.Matchers.eq; import static org.mockito.Mockito.when; @RunWith(RobolectricTestRunner.class) @Config(manifest = TestConfig.MANIFEST_PATH, sdk = TestConfig.SDK_VERSION) public class RestrictedLockUtilsTest { @Mock private Context mContext; @Mock private DevicePolicyManager mDevicePolicyManager; @Mock private UserManager mUserManager; private static final int mUserId = 194; private static final ComponentName mAdmin1 = new ComponentName("admin1", "admin1class"); private static final ComponentName mAdmin2 = new ComponentName("admin2", "admin2class"); @Before public void setUp() { MockitoAnnotations.initMocks(this); when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)) .thenReturn(mDevicePolicyManager); when(mContext.getSystemService(Context.USER_SERVICE)) .thenReturn(mUserManager); } @Test public void checkIfKeyguardFeaturesDisabled_noEnforcedAdminForManagedProfile() { setUpManagedProfile(mUserId); setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); assertThat(enforcedAdmin).isEqualTo(null); } @Test public void checkIfKeyguardFeaturesDisabled_oneEnforcedAdminForManagedProfile() { setUpManagedProfile(mUserId); setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) .thenReturn(KEYGUARD_DISABLE_FINGERPRINT); final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId); assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, mUserId)); } @Test public void checkIfKeyguardFeaturesDisabled_multipleEnforcedAdminForManagedProfile() { setUpManagedProfile(mUserId); setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2}); when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId)) .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mUserId)) .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT); final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled( mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId); assertThat(enforcedAdmin).isEqualTo(EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN); } private UserInfo setUpManagedProfile(int userId) { final UserInfo userInfo = new UserInfo(userId, "myuser", UserInfo.FLAG_MANAGED_PROFILE); when(mUserManager.getUserInfo(userId)).thenReturn(userInfo); return userInfo; } private void setUpActiveAdmins(int userId, ComponentName[] activeAdmins) { when(mDevicePolicyManager.getActiveAdminsAsUser(userId)) .thenReturn(Arrays.asList(activeAdmins)); } }
