DevicePolicyManagerServiceMigrationTest.java revision feffb056e8d0f22db630f7d768bd78c349420cb6
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16package com.android.server.devicepolicy; 17 18import com.android.server.LocalServices; 19import com.android.server.SystemService; 20import com.android.server.devicepolicy.DevicePolicyManagerServiceTestable.OwnersTestable; 21 22import android.app.admin.DevicePolicyManager; 23import android.app.admin.DevicePolicyManagerInternal; 24import android.content.pm.PackageManager; 25import android.content.pm.UserInfo; 26import android.os.Bundle; 27import android.os.UserHandle; 28import android.os.UserManager; 29import android.util.Pair; 30 31import org.mockito.invocation.InvocationOnMock; 32import org.mockito.stubbing.Answer; 33 34import java.io.File; 35import java.util.HashMap; 36import java.util.Map; 37 38import static org.mockito.Matchers.any; 39import static org.mockito.Matchers.anyInt; 40import static org.mockito.Matchers.eq; 41import static org.mockito.Mockito.doAnswer; 42import static org.mockito.Mockito.when; 43 44public class DevicePolicyManagerServiceMigrationTest extends DpmTestBase { 45 private DpmMockContext mContext; 46 47 @Override 48 protected void setUp() throws Exception { 49 super.setUp(); 50 51 mContext = getContext(); 52 53 when(mContext.packageManager.hasSystemFeature(eq(PackageManager.FEATURE_DEVICE_ADMIN))) 54 .thenReturn(true); 55 } 56 57 public void testMigration() throws Exception { 58 final File user10dir = mMockContext.addUser(10, 0); 59 final File user11dir = mMockContext.addUser(11, UserInfo.FLAG_MANAGED_PROFILE); 60 final File user12dir = mMockContext.addUser(12, 0); 61 62 setUpPackageManagerForAdmin(admin1, DpmMockContext.CALLER_SYSTEM_USER_UID); 63 setUpPackageManagerForAdmin(admin2, UserHandle.getUid(10, 123)); 64 setUpPackageManagerForAdmin(admin3, UserHandle.getUid(11, 456)); 65 66 // Create the legacy owners & policies file. 67 DpmTestUtils.writeToFile( 68 (new File(mContext.dataDir, OwnersTestable.LEGACY_FILE)).getAbsoluteFile(), 69 DpmTestUtils.readAsset(mRealTestContext, 70 "DevicePolicyManagerServiceMigrationTest/legacy_device_owner.xml")); 71 72 DpmTestUtils.writeToFile( 73 (new File(mContext.systemUserDataDir, "device_policies.xml")).getAbsoluteFile(), 74 DpmTestUtils.readAsset(mRealTestContext, 75 "DevicePolicyManagerServiceMigrationTest/legacy_device_policies.xml")); 76 77 DpmTestUtils.writeToFile( 78 (new File(user10dir, "device_policies.xml")).getAbsoluteFile(), 79 DpmTestUtils.readAsset(mRealTestContext, 80 "DevicePolicyManagerServiceMigrationTest/legacy_device_policies_10.xml")); 81 DpmTestUtils.writeToFile( 82 (new File(user11dir, "device_policies.xml")).getAbsoluteFile(), 83 DpmTestUtils.readAsset(mRealTestContext, 84 "DevicePolicyManagerServiceMigrationTest/legacy_device_policies_11.xml")); 85 86 // Set up UserManager 87 when(mMockContext.userManagerInternal.getBaseUserRestrictions( 88 eq(UserHandle.USER_SYSTEM))).thenReturn(DpmTestUtils.newRestrictions( 89 UserManager.DISALLOW_ADD_USER, 90 UserManager.DISALLOW_RECORD_AUDIO)); 91 92 when(mMockContext.userManagerInternal.getBaseUserRestrictions( 93 eq(10))).thenReturn(DpmTestUtils.newRestrictions( 94 UserManager.DISALLOW_REMOVE_USER, 95 UserManager.DISALLOW_ADD_USER, 96 UserManager.DISALLOW_SMS, 97 UserManager.DISALLOW_OUTGOING_CALLS, 98 UserManager.DISALLOW_WALLPAPER, 99 UserManager.DISALLOW_RECORD_AUDIO)); 100 101 when(mMockContext.userManagerInternal.getBaseUserRestrictions( 102 eq(11))).thenReturn(DpmTestUtils.newRestrictions( 103 UserManager.DISALLOW_REMOVE_USER, 104 UserManager.DISALLOW_ADD_USER, 105 UserManager.DISALLOW_SMS, 106 UserManager.DISALLOW_OUTGOING_CALLS, 107 UserManager.DISALLOW_WALLPAPER, 108 UserManager.DISALLOW_RECORD_AUDIO)); 109 110 final Map<Integer, Bundle> newBaseRestrictions = new HashMap<>(); 111 112 doAnswer(new Answer<Void>() { 113 @Override 114 public Void answer(InvocationOnMock invocation) throws Throwable { 115 Integer userId = (Integer) invocation.getArguments()[0]; 116 Bundle bundle = (Bundle) invocation.getArguments()[1]; 117 118 newBaseRestrictions.put(userId, bundle); 119 120 return null; 121 } 122 }).when(mContext.userManagerInternal).setBaseUserRestrictionsByDpmsForMigration( 123 anyInt(), any(Bundle.class)); 124 125 // Initialize DPM/DPMS and let it migrate the persisted information. 126 // (Need clearCallingIdentity() to pass permission checks.) 127 128 final DevicePolicyManagerServiceTestable dpms; 129 130 final long ident = mContext.binder.clearCallingIdentity(); 131 try { 132 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class); 133 134 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir); 135 136 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY); 137 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED); 138 } finally { 139 mContext.binder.restoreCallingIdentity(ident); 140 } 141 142 assertTrue(dpms.mOwners.hasDeviceOwner()); 143 assertFalse(dpms.mOwners.hasProfileOwner(UserHandle.USER_SYSTEM)); 144 assertTrue(dpms.mOwners.hasProfileOwner(10)); 145 assertTrue(dpms.mOwners.hasProfileOwner(11)); 146 assertFalse(dpms.mOwners.hasProfileOwner(12)); 147 148 // Now all information should be migrated. 149 assertFalse(dpms.mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); 150 assertFalse(dpms.mOwners.getProfileOwnerUserRestrictionsNeedsMigration( 151 UserHandle.USER_SYSTEM)); 152 assertFalse(dpms.mOwners.getProfileOwnerUserRestrictionsNeedsMigration(10)); 153 assertFalse(dpms.mOwners.getProfileOwnerUserRestrictionsNeedsMigration(11)); 154 assertFalse(dpms.mOwners.getProfileOwnerUserRestrictionsNeedsMigration(12)); 155 156 // Check the new base restrictions. 157 DpmTestUtils.assertRestrictions( 158 DpmTestUtils.newRestrictions( 159 UserManager.DISALLOW_RECORD_AUDIO 160 ), 161 newBaseRestrictions.get(UserHandle.USER_SYSTEM)); 162 163 DpmTestUtils.assertRestrictions( 164 DpmTestUtils.newRestrictions( 165 UserManager.DISALLOW_ADD_USER, 166 UserManager.DISALLOW_SMS, 167 UserManager.DISALLOW_OUTGOING_CALLS, 168 UserManager.DISALLOW_RECORD_AUDIO, 169 UserManager.DISALLOW_WALLPAPER 170 ), 171 newBaseRestrictions.get(10)); 172 173 DpmTestUtils.assertRestrictions( 174 DpmTestUtils.newRestrictions( 175 UserManager.DISALLOW_ADD_USER, 176 UserManager.DISALLOW_SMS, 177 UserManager.DISALLOW_OUTGOING_CALLS, 178 UserManager.DISALLOW_WALLPAPER, 179 UserManager.DISALLOW_RECORD_AUDIO 180 ), 181 newBaseRestrictions.get(11)); 182 183 // Check the new owner restrictions. 184 DpmTestUtils.assertRestrictions( 185 DpmTestUtils.newRestrictions( 186 UserManager.DISALLOW_ADD_USER, 187 UserManager.DISALLOW_ADD_MANAGED_PROFILE 188 ), 189 dpms.getDeviceOwnerAdminLocked().ensureUserRestrictions()); 190 191 DpmTestUtils.assertRestrictions( 192 DpmTestUtils.newRestrictions( 193 UserManager.DISALLOW_REMOVE_USER 194 ), 195 dpms.getProfileOwnerAdminLocked(10).ensureUserRestrictions()); 196 197 DpmTestUtils.assertRestrictions( 198 DpmTestUtils.newRestrictions( 199 UserManager.DISALLOW_REMOVE_USER 200 ), 201 dpms.getProfileOwnerAdminLocked(11).ensureUserRestrictions()); 202 } 203 204 public void testMigration2_profileOwnerOnUser0() throws Exception { 205 setUpPackageManagerForAdmin(admin2, DpmMockContext.CALLER_SYSTEM_USER_UID); 206 207 // Create the legacy owners & policies file. 208 DpmTestUtils.writeToFile( 209 (new File(mContext.dataDir, OwnersTestable.LEGACY_FILE)).getAbsoluteFile(), 210 DpmTestUtils.readAsset(mRealTestContext, 211 "DevicePolicyManagerServiceMigrationTest2/legacy_device_owner.xml")); 212 213 DpmTestUtils.writeToFile( 214 (new File(mContext.systemUserDataDir, "device_policies.xml")).getAbsoluteFile(), 215 DpmTestUtils.readAsset(mRealTestContext, 216 "DevicePolicyManagerServiceMigrationTest2/legacy_device_policies.xml")); 217 218 // Set up UserManager 219 when(mMockContext.userManagerInternal.getBaseUserRestrictions( 220 eq(UserHandle.USER_SYSTEM))).thenReturn(DpmTestUtils.newRestrictions( 221 UserManager.DISALLOW_ADD_USER, 222 UserManager.DISALLOW_RECORD_AUDIO, 223 UserManager.DISALLOW_SMS, 224 UserManager.DISALLOW_OUTGOING_CALLS)); 225 226 final Map<Integer, Bundle> newBaseRestrictions = new HashMap<>(); 227 228 doAnswer(new Answer<Void>() { 229 @Override 230 public Void answer(InvocationOnMock invocation) throws Throwable { 231 Integer userId = (Integer) invocation.getArguments()[0]; 232 Bundle bundle = (Bundle) invocation.getArguments()[1]; 233 234 newBaseRestrictions.put(userId, bundle); 235 236 return null; 237 } 238 }).when(mContext.userManagerInternal).setBaseUserRestrictionsByDpmsForMigration( 239 anyInt(), any(Bundle.class)); 240 241 // Initialize DPM/DPMS and let it migrate the persisted information. 242 // (Need clearCallingIdentity() to pass permission checks.) 243 244 final DevicePolicyManagerServiceTestable dpms; 245 246 final long ident = mContext.binder.clearCallingIdentity(); 247 try { 248 LocalServices.removeServiceForTest(DevicePolicyManagerInternal.class); 249 250 dpms = new DevicePolicyManagerServiceTestable(mContext, dataDir); 251 252 dpms.systemReady(SystemService.PHASE_LOCK_SETTINGS_READY); 253 dpms.systemReady(SystemService.PHASE_BOOT_COMPLETED); 254 } finally { 255 mContext.binder.restoreCallingIdentity(ident); 256 } 257 assertFalse(dpms.mOwners.hasDeviceOwner()); 258 assertTrue(dpms.mOwners.hasProfileOwner(UserHandle.USER_SYSTEM)); 259 260 // Now all information should be migrated. 261 assertFalse(dpms.mOwners.getDeviceOwnerUserRestrictionsNeedsMigration()); 262 assertFalse(dpms.mOwners.getProfileOwnerUserRestrictionsNeedsMigration( 263 UserHandle.USER_SYSTEM)); 264 265 // Check the new base restrictions. 266 DpmTestUtils.assertRestrictions( 267 DpmTestUtils.newRestrictions( 268 UserManager.DISALLOW_RECORD_AUDIO 269 ), 270 newBaseRestrictions.get(UserHandle.USER_SYSTEM)); 271 272 // Check the new owner restrictions. 273 DpmTestUtils.assertRestrictions( 274 DpmTestUtils.newRestrictions( 275 UserManager.DISALLOW_ADD_USER, 276 UserManager.DISALLOW_SMS, 277 UserManager.DISALLOW_OUTGOING_CALLS 278 ), 279 dpms.getProfileOwnerAdminLocked(UserHandle.USER_SYSTEM).ensureUserRestrictions()); 280 } 281} 282