Merge changes from topic "retailDemo" into tm-dev
* changes:
Add cts tests to cover provisioning demo devices
Add new permission PROVISION_DEMO_DEVICE
diff --git a/tests/devicepolicy/src/android/devicepolicy/cts/DevicePolicyManagerTest.java b/tests/devicepolicy/src/android/devicepolicy/cts/DevicePolicyManagerTest.java
index 4c9b3a1..eb7b731 100644
--- a/tests/devicepolicy/src/android/devicepolicy/cts/DevicePolicyManagerTest.java
+++ b/tests/devicepolicy/src/android/devicepolicy/cts/DevicePolicyManagerTest.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.INTERACT_ACROSS_USERS;
import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
+import static android.Manifest.permission.PROVISION_DEMO_DEVICE;
import static android.app.AppOpsManager.MODE_ALLOWED;
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_COMPONENT_NAME;
import static android.app.admin.DevicePolicyManager.EXTRA_PROVISIONING_DEVICE_ADMIN_PACKAGE_NAME;
@@ -63,6 +64,7 @@
import android.os.PersistableBundle;
import android.os.UserHandle;
import android.os.UserManager;
+import android.provider.Settings;
import androidx.test.core.app.ApplicationProvider;
@@ -686,6 +688,123 @@
}
}
+ @Postsubmit(reason = "New test")
+ @RequireRunOnPrimaryUser
+ @EnsureHasNoDpc
+ @RequireFeature(FEATURE_DEVICE_ADMIN)
+ @EnsureHasPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)
+ @Test
+ public void newlyProvisionedFullyManagedDevice_setsDeviceAsDemoDeviceWhenRequested()
+ throws Exception {
+ boolean setupComplete = TestApis.users().current().getSetupComplete();
+ TestApis.users().current().setSetupComplete(false);
+ // TODO(b/222499341): replace with annotations
+ int demoDevice = TestApis.settings().global().getInt(Settings.Global.DEVICE_DEMO_MODE, 0);
+ TestApis.settings().global().putInt(Settings.Global.DEVICE_DEMO_MODE, 0);
+ try {
+ FullyManagedDeviceProvisioningParams params =
+ createDefaultManagedDeviceProvisioningParamsBuilder()
+ .setDemoDevice(true)
+ .build();
+ sDevicePolicyManager.provisionFullyManagedDevice(params);
+
+ assertThat(TestApis.settings().global().getInt(Settings.Global.DEVICE_DEMO_MODE, 0))
+ .isEqualTo(1);
+ } finally {
+ TestApis.users().current().setSetupComplete(setupComplete);
+ TestApis.settings().global().putInt(Settings.Global.DEVICE_DEMO_MODE, demoDevice);
+ }
+ }
+
+ @Postsubmit(reason = "New test")
+ @RequireRunOnPrimaryUser
+ @EnsureHasNoDpc
+ @RequireFeature(FEATURE_DEVICE_ADMIN)
+ @EnsureHasPermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)
+ @Test
+ public void newlyProvisionedFullyManagedDevice_setsProvisioningStateWhenDemoDeviceIsRequested()
+ throws Exception {
+ boolean setupComplete = TestApis.users().current().getSetupComplete();
+ TestApis.users().current().setSetupComplete(false);
+ // TODO(b/222499341): replace with annotations
+ int demoDevice = TestApis.settings().global().getInt(Settings.Global.DEVICE_DEMO_MODE, 0);
+ try {
+ FullyManagedDeviceProvisioningParams params =
+ createDefaultManagedDeviceProvisioningParamsBuilder()
+ .setDemoDevice(true)
+ .build();
+ sDevicePolicyManager.provisionFullyManagedDevice(params);
+
+ assertThat(sDevicePolicyManager.getUserProvisioningState())
+ .isEqualTo(DevicePolicyManager.STATE_USER_SETUP_FINALIZED);
+ } finally {
+ TestApis.users().current().setSetupComplete(setupComplete);
+ TestApis.settings().global().putInt(Settings.Global.DEVICE_DEMO_MODE, demoDevice);
+ }
+ }
+
+ @Postsubmit(reason = "New test")
+ @RequireRunOnPrimaryUser
+ @EnsureHasNoDpc
+ @RequireFeature(FEATURE_DEVICE_ADMIN)
+ @EnsureHasPermission(PROVISION_DEMO_DEVICE)
+ @EnsureDoesNotHavePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)
+ @Test
+ public void newlyProvisionedFullyManagedDevice_withProvisionDemoDevicePermission_throwsSecurityException()
+ throws Exception {
+ FullyManagedDeviceProvisioningParams params =
+ createDefaultManagedDeviceProvisioningParamsBuilder()
+ .build();
+
+ assertThrows(SecurityException.class, () ->
+ sDevicePolicyManager.provisionFullyManagedDevice(params));
+ }
+
+ @Postsubmit(reason = "New test")
+ @RequireRunOnPrimaryUser
+ @EnsureHasNoDpc
+ @RequireFeature(FEATURE_DEVICE_ADMIN)
+ @EnsureHasPermission(PROVISION_DEMO_DEVICE)
+ @EnsureDoesNotHavePermission(MANAGE_PROFILE_AND_DEVICE_OWNERS)
+ @Test
+ public void newlyProvisionedFullyManagedDevice_withProvisionDemoDevicePermissionForDemoDevice_doesNotThrowException()
+ throws Exception {
+ boolean setupComplete = TestApis.users().current().getSetupComplete();
+ TestApis.users().current().setSetupComplete(false);
+ // TODO(b/222499341): replace with annotations
+ int demoDevice = TestApis.settings().global().getInt(Settings.Global.DEVICE_DEMO_MODE, 0);
+ try {
+ FullyManagedDeviceProvisioningParams params =
+ createDefaultManagedDeviceProvisioningParamsBuilder()
+ .setDemoDevice(true)
+ .build();
+
+ sDevicePolicyManager.provisionFullyManagedDevice(params);
+
+ } finally {
+ TestApis.users().current().setSetupComplete(setupComplete);
+ TestApis.settings().global().putInt(Settings.Global.DEVICE_DEMO_MODE, demoDevice);
+ }
+ }
+
+ @Postsubmit(reason = "New test")
+ @RequireRunOnPrimaryUser
+ @EnsureHasNoDpc
+ @RequireFeature(FEATURE_DEVICE_ADMIN)
+ @EnsureDoesNotHavePermission({
+ PROVISION_DEMO_DEVICE,
+ MANAGE_PROFILE_AND_DEVICE_OWNERS})
+ @Test
+ public void newlyProvisionedFullyManagedDevice_withoutRequiredPermissionsForDemoDevice_throwsSecurityException()
+ throws Exception {
+ FullyManagedDeviceProvisioningParams params =
+ createDefaultManagedDeviceProvisioningParamsBuilder()
+ .setDemoDevice(true)
+ .build();
+
+ assertThrows(SecurityException.class, () ->
+ sDevicePolicyManager.provisionFullyManagedDevice(params));
+ }
@RequireDoesNotHaveFeature(PackageManager.FEATURE_AUTOMOTIVE)
@EnsureHasPermission(MANAGE_DEVICE_ADMINS)
diff --git a/tests/tests/permission2/res/raw/android_manifest.xml b/tests/tests/permission2/res/raw/android_manifest.xml
index fc564ea7..c26ab8d 100644
--- a/tests/tests/permission2/res/raw/android_manifest.xml
+++ b/tests/tests/permission2/res/raw/android_manifest.xml
@@ -2928,7 +2928,7 @@
<!-- @SystemApi @hide Allows an application to set the profile owners and the device owner.
This permission is not available to third party applications.-->
<permission android:name="android.permission.MANAGE_PROFILE_AND_DEVICE_OWNERS"
- android:protectionLevel="signature|role|setup"
+ android:protectionLevel="signature|role"
android:label="@string/permlab_manageProfileAndDeviceOwners"
android:description="@string/permdesc_manageProfileAndDeviceOwners" />
@@ -2937,6 +2937,10 @@
<permission android:name="android.permission.QUERY_ADMIN_POLICY"
android:protectionLevel="signature|role" />
+ <!-- @SystemApi @hide Allows an application to set a device owner on retail demo devices.-->
+ <permission android:name="android.permission.PROVISION_DEMO_DEVICE"
+ android:protectionLevel="signature|setup" />
+
<!-- @TestApi @hide Allows an application to reset the record of previous system update freeze
periods. -->
<permission android:name="android.permission.CLEAR_FREEZE_PERIOD"
