Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Update per-profile user restrictions" into rvc-dev

Browse Source
This commit is contained in:
Alex Johnston
2020-04-16 14:44:21 +00:00
committed by Android (Google) Code Review
parent f9e220f03d ac42b16c7d
commit 229e237e11
2 changed files with 43 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
services/core/java/com/android/server/pm/UserRestrictionsUtils.java
View File

@@ -211,24 +211,16 @@ public class UserRestrictionsUtils {
UserManager.DISALLOW_ADD_USER,
UserManager.DISALLOW_BLUETOOTH,
UserManager.DISALLOW_BLUETOOTH_SHARING,
UserManager.DISALLOW_CONFIG_BLUETOOTH,
UserManager.DISALLOW_CONFIG_CELL_BROADCASTS,
UserManager.DISALLOW_CONFIG_LOCATION,
UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS,
UserManager.DISALLOW_CONFIG_PRIVATE_DNS,
UserManager.DISALLOW_CONFIG_TETHERING,
UserManager.DISALLOW_CONFIG_WIFI,
UserManager.DISALLOW_CONTENT_CAPTURE,
UserManager.DISALLOW_CONTENT_SUGGESTIONS,
UserManager.DISALLOW_DATA_ROAMING,
UserManager.DISALLOW_DEBUGGING_FEATURES,
UserManager.DISALLOW_SAFE_BOOT,
UserManager.DISALLOW_SHARE_LOCATION,
UserManager.DISALLOW_SMS,
UserManager.DISALLOW_USB_FILE_TRANSFER,
UserManager.DISALLOW_AIRPLANE_MODE,
UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA,
UserManager.DISALLOW_OUTGOING_CALLS,
UserManager.DISALLOW_UNMUTE_MICROPHONE
);
@@ -237,7 +229,16 @@ public class UserRestrictionsUtils {
* set on the parent profile instance to apply them on the personal profile.
*/
private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS =
Sets.newArraySet();
Sets.newArraySet(
UserManager.DISALLOW_CONFIG_BLUETOOTH,
UserManager.DISALLOW_CONFIG_LOCATION,
UserManager.DISALLOW_CONFIG_WIFI,
UserManager.DISALLOW_CONTENT_CAPTURE,
UserManager.DISALLOW_CONTENT_SUGGESTIONS,
UserManager.DISALLOW_DEBUGGING_FEATURES,
UserManager.DISALLOW_SHARE_LOCATION,
UserManager.DISALLOW_OUTGOING_CALLS
);
/**
* User restrictions that default to {@code true} for managed profile owners.

44
services/tests/servicestests/src/com/android/server/devicepolicy/DevicePolicyManagerTest.java
View File

@@ -1986,29 +1986,32 @@ public class DevicePolicyManagerTest extends DpmTestBase {
Sets.newSet(
UserManager.DISALLOW_CONFIG_DATE_TIME,
UserManager.DISALLOW_ADD_USER,
UserManager.DISALLOW_BLUETOOTH,
UserManager.DISALLOW_BLUETOOTH_SHARING,
UserManager.DISALLOW_CONFIG_BLUETOOTH,
UserManager.DISALLOW_CONFIG_CELL_BROADCASTS,
UserManager.DISALLOW_CONFIG_LOCATION,
UserManager.DISALLOW_CONFIG_MOBILE_NETWORKS,
UserManager.DISALLOW_CONFIG_PRIVATE_DNS,
UserManager.DISALLOW_CONFIG_TETHERING,
UserManager.DISALLOW_CONFIG_WIFI,
UserManager.DISALLOW_CONTENT_CAPTURE,
UserManager.DISALLOW_CONTENT_SUGGESTIONS,
UserManager.DISALLOW_DATA_ROAMING,
UserManager.DISALLOW_DEBUGGING_FEATURES,
UserManager.DISALLOW_SAFE_BOOT,
UserManager.DISALLOW_SHARE_LOCATION,
UserManager.DISALLOW_SMS,
UserManager.DISALLOW_USB_FILE_TRANSFER,
UserManager.DISALLOW_AIRPLANE_MODE,
UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA,
UserManager.DISALLOW_OUTGOING_CALLS,
UserManager.DISALLOW_UNMUTE_MICROPHONE
);
private static final Set<String> PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS =
Sets.newSet(
UserManager.DISALLOW_CONFIG_BLUETOOTH,
UserManager.DISALLOW_CONFIG_LOCATION,
UserManager.DISALLOW_CONFIG_WIFI,
UserManager.DISALLOW_CONTENT_CAPTURE,
UserManager.DISALLOW_CONTENT_SUGGESTIONS,
UserManager.DISALLOW_DEBUGGING_FEATURES,
UserManager.DISALLOW_SHARE_LOCATION,
UserManager.DISALLOW_OUTGOING_CALLS
);
public void testSetUserRestriction_asPoOfOrgOwnedDevice() throws Exception {
final int MANAGED_PROFILE_ADMIN_UID =
UserHandle.getUid(DpmMockContext.CALLER_USER_HANDLE, DpmMockContext.SYSTEM_UID);
@@ -2021,7 +2024,10 @@ public class DevicePolicyManagerTest extends DpmTestBase {
.thenReturn(new UserInfo(UserHandle.USER_SYSTEM, "user system", 0));
for (String restriction : PROFILE_OWNER_ORGANIZATION_OWNED_GLOBAL_RESTRICTIONS) {
addAndRemoveUserRestrictionOnParentDpm(restriction);
addAndRemoveGlobalUserRestrictionOnParentDpm(restriction);
}
for (String restriction : PROFILE_OWNER_ORGANIZATION_OWNED_LOCAL_RESTRICTIONS) {
addAndRemoveLocalUserRestrictionOnParentDpm(restriction);
}
parentDpm.setCameraDisabled(admin1, true);
@@ -2047,7 +2053,7 @@ public class DevicePolicyManagerTest extends DpmTestBase {
reset(getServices().userManagerInternal);
}
private void addAndRemoveUserRestrictionOnParentDpm(String restriction) {
private void addAndRemoveGlobalUserRestrictionOnParentDpm(String restriction) {
parentDpm.addUserRestriction(admin1, restriction);
verify(getServices().userManagerInternal).setDevicePolicyUserRestrictions(
eq(DpmMockContext.CALLER_USER_HANDLE),
@@ -2063,6 +2069,22 @@ public class DevicePolicyManagerTest extends DpmTestBase {
);
}
private void addAndRemoveLocalUserRestrictionOnParentDpm(String restriction) {
parentDpm.addUserRestriction(admin1, restriction);
verify(getServices().userManagerInternal).setDevicePolicyUserRestrictions(
eq(DpmMockContext.CALLER_USER_HANDLE),
MockUtils.checkUserRestrictions(),
MockUtils.checkUserRestrictions(UserHandle.USER_SYSTEM, restriction),
eq(false));
parentDpm.clearUserRestriction(admin1, restriction);
DpmTestUtils.assertRestrictions(
DpmTestUtils.newRestrictions(),
dpms.getProfileOwnerAdminLocked(DpmMockContext.CALLER_USER_HANDLE)
.getParentActiveAdmin()
.getEffectiveRestrictions()
);
}
public void testNoDefaultEnabledUserRestrictions() throws Exception {
mContext.callerPermissions.add(permission.MANAGE_DEVICE_ADMINS);
mContext.callerPermissions.add(permission.MANAGE_USERS);