tests/devicepolicy/src/android/devicepolicy/cts/UserRestrictionsTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2022 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.devicepolicy.cts;

 import static com.google.common.truth.Truth.assertThat;

 import static org.junit.Assume.assumeFalse;
 import static org.testng.Assert.assertThrows;

 import com.android.bedstead.harrier.BedsteadJUnit4;
 import com.android.bedstead.harrier.DeviceState;
 import com.android.bedstead.harrier.annotations.Postsubmit;
 import com.android.bedstead.harrier.annotations.StringTestParameter;
 import com.android.bedstead.harrier.annotations.enterprise.CanSetPolicyTest;
 import com.android.bedstead.harrier.annotations.enterprise.CannotSetPolicyTest;
 import com.android.bedstead.harrier.annotations.enterprise.PolicyAppliesTest;
 import com.android.bedstead.harrier.annotations.parameterized.IncludeRunOnDeviceOwnerUser;
 import com.android.bedstead.harrier.annotations.parameterized.IncludeRunOnUnaffiliatedProfileOwnerSecondaryUser;
 import com.android.bedstead.harrier.policies.AffiliatedProfileOwnerOnlyUserRestrictions;
 import com.android.bedstead.harrier.policies.UserRestrictions;
 import com.android.bedstead.nene.TestApis;
 import com.android.bedstead.nene.devicepolicy.DeviceOwner;
 import com.android.bedstead.nene.devicepolicy.DeviceOwnerType;
 import com.android.bedstead.nene.userrestrictions.CommonUserRestrictions;
 import com.android.compatibility.common.util.BlockingBroadcastReceiver;

 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;

 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;

 @RunWith(BedsteadJUnit4.class)
 public final class UserRestrictionsTest {

     @StringTestParameter({
             CommonUserRestrictions.DISALLOW_USB_FILE_TRANSFER,
             CommonUserRestrictions.DISALLOW_CONFIG_TETHERING,
             CommonUserRestrictions.DISALLOW_NETWORK_RESET,
             CommonUserRestrictions.DISALLOW_FACTORY_RESET,
             CommonUserRestrictions.DISALLOW_ADD_USER,
             CommonUserRestrictions.DISALLOW_CONFIG_CELL_BROADCASTS,
             CommonUserRestrictions.DISALLOW_CONFIG_MOBILE_NETWORKS,
             CommonUserRestrictions.DISALLOW_MOUNT_PHYSICAL_MEDIA,
             CommonUserRestrictions.DISALLOW_SMS,
             CommonUserRestrictions.DISALLOW_FUN,
             CommonUserRestrictions.DISALLOW_SAFE_BOOT,
             CommonUserRestrictions.DISALLOW_CREATE_WINDOWS,
             CommonUserRestrictions.DISALLOW_DATA_ROAMING,
             CommonUserRestrictions.DISALLOW_BLUETOOTH})
     @Retention(RetentionPolicy.RUNTIME)
     private @interface DeviceOwnerOnlyUserRestrictions {
     }

     @StringTestParameter({
             CommonUserRestrictions.DISALLOW_MODIFY_ACCOUNTS,
             CommonUserRestrictions.DISALLOW_INSTALL_APPS,
             CommonUserRestrictions.DISALLOW_UNINSTALL_APPS,
             CommonUserRestrictions.DISALLOW_CONFIG_BLUETOOTH,
             CommonUserRestrictions.DISALLOW_CONFIG_CREDENTIALS,
             CommonUserRestrictions.DISALLOW_REMOVE_USER,
             CommonUserRestrictions.DISALLOW_CONFIG_VPN,
             CommonUserRestrictions.DISALLOW_APPS_CONTROL,
             CommonUserRestrictions.DISALLOW_UNMUTE_MICROPHONE,
             CommonUserRestrictions.DISALLOW_ADJUST_VOLUME,
             CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
             CommonUserRestrictions.DISALLOW_SYSTEM_ERROR_DIALOGS,
             CommonUserRestrictions.DISALLOW_CROSS_PROFILE_COPY_PASTE,
             CommonUserRestrictions.DISALLOW_OUTGOING_BEAM,
             CommonUserRestrictions.ALLOW_PARENT_PROFILE_APP_LINKING,
             CommonUserRestrictions.DISALLOW_SET_USER_ICON,
             CommonUserRestrictions.DISALLOW_AUTOFILL,
             CommonUserRestrictions.DISALLOW_CONTENT_CAPTURE,
             CommonUserRestrictions.DISALLOW_CONTENT_SUGGESTIONS,
             CommonUserRestrictions.DISALLOW_UNIFIED_PASSWORD
     })
     @Retention(RetentionPolicy.RUNTIME)
     private @interface AllDpcAllowedUserRestrictions {
     }

     @StringTestParameter(value = {
             CommonUserRestrictions.DISALLOW_CONFIG_WIFI,
             CommonUserRestrictions.DISALLOW_CONFIG_LOCALE,
             CommonUserRestrictions.DISALLOW_MODIFY_ACCOUNTS,
             CommonUserRestrictions.DISALLOW_INSTALL_APPS,
             CommonUserRestrictions.DISALLOW_UNINSTALL_APPS,
             CommonUserRestrictions.DISALLOW_SHARE_LOCATION,
             CommonUserRestrictions.DISALLOW_INSTALL_UNKNOWN_SOURCES,
             CommonUserRestrictions.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
             CommonUserRestrictions.DISALLOW_CONFIG_BLUETOOTH,
             CommonUserRestrictions.DISALLOW_BLUETOOTH,
             CommonUserRestrictions.DISALLOW_BLUETOOTH_SHARING,
             CommonUserRestrictions.DISALLOW_USB_FILE_TRANSFER,
             CommonUserRestrictions.DISALLOW_CONFIG_CREDENTIALS,
             CommonUserRestrictions.DISALLOW_REMOVE_USER,
             CommonUserRestrictions.DISALLOW_REMOVE_MANAGED_PROFILE,
             CommonUserRestrictions.DISALLOW_DEBUGGING_FEATURES,
             CommonUserRestrictions.DISALLOW_CONFIG_VPN,
             CommonUserRestrictions.DISALLOW_CONFIG_DATE_TIME,
             CommonUserRestrictions.DISALLOW_CONFIG_TETHERING,
             CommonUserRestrictions.DISALLOW_NETWORK_RESET,
             CommonUserRestrictions.DISALLOW_FACTORY_RESET,
             CommonUserRestrictions.DISALLOW_ADD_USER,
             CommonUserRestrictions.DISALLOW_ADD_MANAGED_PROFILE,
             CommonUserRestrictions.DISALLOW_ADD_CLONE_PROFILE,
             CommonUserRestrictions.ENSURE_VERIFY_APPS,
             CommonUserRestrictions.DISALLOW_CONFIG_CELL_BROADCASTS,
             CommonUserRestrictions.DISALLOW_CONFIG_MOBILE_NETWORKS,
             CommonUserRestrictions.DISALLOW_APPS_CONTROL,
             CommonUserRestrictions.DISALLOW_MOUNT_PHYSICAL_MEDIA,
             CommonUserRestrictions.DISALLOW_UNMUTE_MICROPHONE,
             CommonUserRestrictions.DISALLOW_ADJUST_VOLUME,
             CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
             CommonUserRestrictions.DISALLOW_SMS,
             CommonUserRestrictions.DISALLOW_FUN,
             CommonUserRestrictions.DISALLOW_CREATE_WINDOWS,
             CommonUserRestrictions.DISALLOW_SYSTEM_ERROR_DIALOGS,
             CommonUserRestrictions.DISALLOW_CROSS_PROFILE_COPY_PASTE,
             CommonUserRestrictions.DISALLOW_OUTGOING_BEAM,
             CommonUserRestrictions.DISALLOW_WALLPAPER,
             CommonUserRestrictions.DISALLOW_SAFE_BOOT,
             CommonUserRestrictions.ALLOW_PARENT_PROFILE_APP_LINKING,
             CommonUserRestrictions.DISALLOW_RECORD_AUDIO,
             CommonUserRestrictions.DISALLOW_CAMERA,
             CommonUserRestrictions.DISALLOW_RUN_IN_BACKGROUND,
             CommonUserRestrictions.DISALLOW_DATA_ROAMING,
             CommonUserRestrictions.DISALLOW_SET_USER_ICON,
             CommonUserRestrictions.DISALLOW_SET_WALLPAPER,
             CommonUserRestrictions.DISALLOW_OEM_UNLOCK,
             CommonUserRestrictions.DISALLOW_UNMUTE_DEVICE,
             CommonUserRestrictions.DISALLOW_AUTOFILL,
             CommonUserRestrictions.DISALLOW_CONTENT_CAPTURE,
             CommonUserRestrictions.DISALLOW_CONTENT_SUGGESTIONS,
             CommonUserRestrictions.DISALLOW_USER_SWITCH,
             CommonUserRestrictions.DISALLOW_UNIFIED_PASSWORD,
             CommonUserRestrictions.DISALLOW_CONFIG_LOCATION,
             CommonUserRestrictions.DISALLOW_AIRPLANE_MODE,
             CommonUserRestrictions.DISALLOW_CONFIG_BRIGHTNESS,
             CommonUserRestrictions.DISALLOW_SHARE_INTO_MANAGED_PROFILE,
             CommonUserRestrictions.DISALLOW_AMBIENT_DISPLAY,
             CommonUserRestrictions.DISALLOW_CONFIG_SCREEN_TIMEOUT,
             CommonUserRestrictions.DISALLOW_PRINTING,
             CommonUserRestrictions.DISALLOW_CONFIG_PRIVATE_DNS,
             CommonUserRestrictions.DISALLOW_MICROPHONE_TOGGLE,
             CommonUserRestrictions.DISALLOW_CAMERA_TOGGLE,
             CommonUserRestrictions.DISALLOW_CHANGE_WIFI_STATE,
             CommonUserRestrictions.DISALLOW_WIFI_TETHERING,
             CommonUserRestrictions.DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI,
             CommonUserRestrictions.DISALLOW_WIFI_DIRECT,
             CommonUserRestrictions.DISALLOW_ADD_WIFI_CONFIG
     })
     @Retention(RetentionPolicy.RUNTIME)
     private @interface AllUserRestrictions {
     }

     @StringTestParameter({
             CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
             CommonUserRestrictions.DISALLOW_SMS
     })
     @Retention(RetentionPolicy.RUNTIME)
     private @interface DefaultSecondaryUserRestrictions {
     }

     private static final String ANY_USER_RESTRICTION = CommonUserRestrictions.DISALLOW_CONFIG_WIFI;

     @ClassRule
     @Rule
     public static final DeviceState sDeviceState = new DeviceState();

     @Test
     @IncludeRunOnDeviceOwnerUser
     @IncludeRunOnUnaffiliatedProfileOwnerSecondaryUser
     @Postsubmit(reason = "new test")
     public void getUserRestrictions_allDefaultUserRestrictions_returnFalse(
             @AllUserRestrictions String restriction) {
         assertThat(sDeviceState.dpc().devicePolicyManager()
                 .getUserRestrictions(sDeviceState.dpc().componentName())
                 .getBoolean(restriction))
                 .isFalse();
     }

     @CanSetPolicyTest(policy = UserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void getUserRestrictions_containsAddedRestriction(
             @AllDpcAllowedUserRestrictions String restriction) {
         boolean hasRestrictionOriginally = sDeviceState.dpc()
                 .userManager().hasUserRestriction(restriction);

         try {
             sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             assertThat(sDeviceState.dpc().devicePolicyManager()
                     .getUserRestrictions(sDeviceState.dpc().componentName())
                     .getBoolean(restriction))
                     .isTrue();
         } finally {
             if (!hasRestrictionOriginally) {
                 sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             }
         }
     }

     @CanSetPolicyTest(policy = UserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void hasUserRestriction_containsAddedRestriction(
             @AllDpcAllowedUserRestrictions String restriction) {
         boolean hasRestrictionOriginally = sDeviceState.dpc()
                 .userManager().hasUserRestriction(restriction);

         try {
             sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction)).isTrue();
         } finally {
             if (!hasRestrictionOriginally) {
                 sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             }
         }
     }

     @CanSetPolicyTest(
             policy = com.android.bedstead.harrier.policies.DeviceOwnerOnlyUserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void hasUserRestriction_clearUserRestriction_restrictionIsRemoved(
             @AllDpcAllowedUserRestrictions String restriction) {
         boolean hasRestrictionOriginally = sDeviceState.dpc()
                 .userManager().hasUserRestriction(restriction);

         try {
             sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction))
                     .isFalse();
         } finally {
             if (hasRestrictionOriginally) {
                 sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             } else {
                 sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             }
         }
     }

     @CanSetPolicyTest(policy = AffiliatedProfileOwnerOnlyUserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void clearDefaultUserRestriction_restrictionIsNotRemoved(
             @DefaultSecondaryUserRestrictions String restriction) {
         boolean hasRestrictionOriginally = sDeviceState.dpc()
                 .userManager().hasUserRestriction(restriction);

         try {
             assertThat(hasRestrictionOriginally).isTrue();
             sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction))
                     .isTrue();
         } catch (SecurityException e) {
             // expect an exception for restrictions that cannot be set by a profile owner
             assertThat(e.getMessage())
                     .isEqualTo("Profile owner cannot set user restriction " + restriction);
         } finally {
             if (hasRestrictionOriginally) {
                 try {
                     sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                             sDeviceState.dpc().componentName(), restriction);
                 } catch (SecurityException e) {
                     // expect an exception for restrictions that cannot be set by a profile owner
                 }
             }
         }
     }

     @CanSetPolicyTest(policy = UserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void getUserRestriction_clearUserRestriction_restrictionIsRemoved(
             @AllDpcAllowedUserRestrictions String restriction) {
         boolean hasRestrictionOriginally = sDeviceState.dpc()
                 .userManager().hasUserRestriction(restriction);

         try {
             sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                     sDeviceState.dpc().componentName(), restriction);

             assertThat(sDeviceState.dpc().devicePolicyManager()
                     .getUserRestrictions(sDeviceState.dpc().componentName())
                     .getBoolean(restriction))
                     .isFalse();
         } finally {
             if (hasRestrictionOriginally) {
                 sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             } else {
                 sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             }
         }
     }

     @CannotSetPolicyTest(
             policy = com.android.bedstead.harrier.policies.DeviceOwnerOnlyUserRestrictions.class,
             includeNonDeviceAdminStates = false)
     @Postsubmit(reason = "new test")
     public void addUserRestriction_deviceOwnerOnlyRestriction_throwsSecurityException(
             @DeviceOwnerOnlyUserRestrictions String restriction) {
         skipTestForFinancedDevice();

         try {
             assertThrows(SecurityException.class, () -> {
                 sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             });
         } finally {
             try {
                 sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                         sDeviceState.dpc().componentName(), restriction);
             } catch (SecurityException e) {
                 // Expected exception if the dpc is not able to change user restrictions
             }
         }
     }

     @PolicyAppliesTest(policy = UserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void addUserRestriction_sendsBroadcastToReceiversInUser() {
         try (BlockingBroadcastReceiver broadcastReceiver =
                      sDeviceState.registerBroadcastReceiver(
                              CommonUserRestrictions.ACTION_USER_RESTRICTIONS_CHANGED)) {
             sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                     sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
             broadcastReceiver.awaitForBroadcastOrFail();
         } finally {
             sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                     sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
         }
     }

     @PolicyAppliesTest(policy = UserRestrictions.class)
     @Postsubmit(reason = "new test")
     public void clearUserRestriction_sendsBroadcastToReceiversInUser() {
         sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                 sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
         try (BlockingBroadcastReceiver broadcastReceiver =
                      sDeviceState.registerBroadcastReceiver(
                              CommonUserRestrictions.ACTION_USER_RESTRICTIONS_CHANGED)) {

             sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                     sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
             broadcastReceiver.awaitForBroadcastOrFail();
         }
     }

     private void skipTestForFinancedDevice() {
         DeviceOwner deviceOwner = TestApis.devicePolicy().getDeviceOwner();

         // TODO(): Determine a pattern to special case states so that they are not considered in
         //  tests.
         assumeFalse(deviceOwner != null && deviceOwner.getType() == DeviceOwnerType.FINANCED);
     }
 }
	/*
	* Copyright (C) 2022 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.devicepolicy.cts;

	import static com.google.common.truth.Truth.assertThat;

	import static org.junit.Assume.assumeFalse;
	import static org.testng.Assert.assertThrows;

	import com.android.bedstead.harrier.BedsteadJUnit4;
	import com.android.bedstead.harrier.DeviceState;
	import com.android.bedstead.harrier.annotations.Postsubmit;
	import com.android.bedstead.harrier.annotations.StringTestParameter;
	import com.android.bedstead.harrier.annotations.enterprise.CanSetPolicyTest;
	import com.android.bedstead.harrier.annotations.enterprise.CannotSetPolicyTest;
	import com.android.bedstead.harrier.annotations.enterprise.PolicyAppliesTest;
	import com.android.bedstead.harrier.annotations.parameterized.IncludeRunOnDeviceOwnerUser;
	import com.android.bedstead.harrier.annotations.parameterized.IncludeRunOnUnaffiliatedProfileOwnerSecondaryUser;
	import com.android.bedstead.harrier.policies.AffiliatedProfileOwnerOnlyUserRestrictions;
	import com.android.bedstead.harrier.policies.UserRestrictions;
	import com.android.bedstead.nene.TestApis;
	import com.android.bedstead.nene.devicepolicy.DeviceOwner;
	import com.android.bedstead.nene.devicepolicy.DeviceOwnerType;
	import com.android.bedstead.nene.userrestrictions.CommonUserRestrictions;
	import com.android.compatibility.common.util.BlockingBroadcastReceiver;

	import org.junit.ClassRule;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.runner.RunWith;

	import java.lang.annotation.Retention;
	import java.lang.annotation.RetentionPolicy;

	@RunWith(BedsteadJUnit4.class)
	public final class UserRestrictionsTest {

	@StringTestParameter({
	CommonUserRestrictions.DISALLOW_USB_FILE_TRANSFER,
	CommonUserRestrictions.DISALLOW_CONFIG_TETHERING,
	CommonUserRestrictions.DISALLOW_NETWORK_RESET,
	CommonUserRestrictions.DISALLOW_FACTORY_RESET,
	CommonUserRestrictions.DISALLOW_ADD_USER,
	CommonUserRestrictions.DISALLOW_CONFIG_CELL_BROADCASTS,
	CommonUserRestrictions.DISALLOW_CONFIG_MOBILE_NETWORKS,
	CommonUserRestrictions.DISALLOW_MOUNT_PHYSICAL_MEDIA,
	CommonUserRestrictions.DISALLOW_SMS,
	CommonUserRestrictions.DISALLOW_FUN,
	CommonUserRestrictions.DISALLOW_SAFE_BOOT,
	CommonUserRestrictions.DISALLOW_CREATE_WINDOWS,
	CommonUserRestrictions.DISALLOW_DATA_ROAMING,
	CommonUserRestrictions.DISALLOW_BLUETOOTH})
	@Retention(RetentionPolicy.RUNTIME)
	private @interface DeviceOwnerOnlyUserRestrictions {
	}

	@StringTestParameter({
	CommonUserRestrictions.DISALLOW_MODIFY_ACCOUNTS,
	CommonUserRestrictions.DISALLOW_INSTALL_APPS,
	CommonUserRestrictions.DISALLOW_UNINSTALL_APPS,
	CommonUserRestrictions.DISALLOW_CONFIG_BLUETOOTH,
	CommonUserRestrictions.DISALLOW_CONFIG_CREDENTIALS,
	CommonUserRestrictions.DISALLOW_REMOVE_USER,
	CommonUserRestrictions.DISALLOW_CONFIG_VPN,
	CommonUserRestrictions.DISALLOW_APPS_CONTROL,
	CommonUserRestrictions.DISALLOW_UNMUTE_MICROPHONE,
	CommonUserRestrictions.DISALLOW_ADJUST_VOLUME,
	CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
	CommonUserRestrictions.DISALLOW_SYSTEM_ERROR_DIALOGS,
	CommonUserRestrictions.DISALLOW_CROSS_PROFILE_COPY_PASTE,
	CommonUserRestrictions.DISALLOW_OUTGOING_BEAM,
	CommonUserRestrictions.ALLOW_PARENT_PROFILE_APP_LINKING,
	CommonUserRestrictions.DISALLOW_SET_USER_ICON,
	CommonUserRestrictions.DISALLOW_AUTOFILL,
	CommonUserRestrictions.DISALLOW_CONTENT_CAPTURE,
	CommonUserRestrictions.DISALLOW_CONTENT_SUGGESTIONS,
	CommonUserRestrictions.DISALLOW_UNIFIED_PASSWORD
	})
	@Retention(RetentionPolicy.RUNTIME)
	private @interface AllDpcAllowedUserRestrictions {
	}

	@StringTestParameter(value = {
	CommonUserRestrictions.DISALLOW_CONFIG_WIFI,
	CommonUserRestrictions.DISALLOW_CONFIG_LOCALE,
	CommonUserRestrictions.DISALLOW_MODIFY_ACCOUNTS,
	CommonUserRestrictions.DISALLOW_INSTALL_APPS,
	CommonUserRestrictions.DISALLOW_UNINSTALL_APPS,
	CommonUserRestrictions.DISALLOW_SHARE_LOCATION,
	CommonUserRestrictions.DISALLOW_INSTALL_UNKNOWN_SOURCES,
	CommonUserRestrictions.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
	CommonUserRestrictions.DISALLOW_CONFIG_BLUETOOTH,
	CommonUserRestrictions.DISALLOW_BLUETOOTH,
	CommonUserRestrictions.DISALLOW_BLUETOOTH_SHARING,
	CommonUserRestrictions.DISALLOW_USB_FILE_TRANSFER,
	CommonUserRestrictions.DISALLOW_CONFIG_CREDENTIALS,
	CommonUserRestrictions.DISALLOW_REMOVE_USER,
	CommonUserRestrictions.DISALLOW_REMOVE_MANAGED_PROFILE,
	CommonUserRestrictions.DISALLOW_DEBUGGING_FEATURES,
	CommonUserRestrictions.DISALLOW_CONFIG_VPN,
	CommonUserRestrictions.DISALLOW_CONFIG_DATE_TIME,
	CommonUserRestrictions.DISALLOW_CONFIG_TETHERING,
	CommonUserRestrictions.DISALLOW_NETWORK_RESET,
	CommonUserRestrictions.DISALLOW_FACTORY_RESET,
	CommonUserRestrictions.DISALLOW_ADD_USER,
	CommonUserRestrictions.DISALLOW_ADD_MANAGED_PROFILE,
	CommonUserRestrictions.DISALLOW_ADD_CLONE_PROFILE,
	CommonUserRestrictions.ENSURE_VERIFY_APPS,
	CommonUserRestrictions.DISALLOW_CONFIG_CELL_BROADCASTS,
	CommonUserRestrictions.DISALLOW_CONFIG_MOBILE_NETWORKS,
	CommonUserRestrictions.DISALLOW_APPS_CONTROL,
	CommonUserRestrictions.DISALLOW_MOUNT_PHYSICAL_MEDIA,
	CommonUserRestrictions.DISALLOW_UNMUTE_MICROPHONE,
	CommonUserRestrictions.DISALLOW_ADJUST_VOLUME,
	CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
	CommonUserRestrictions.DISALLOW_SMS,
	CommonUserRestrictions.DISALLOW_FUN,
	CommonUserRestrictions.DISALLOW_CREATE_WINDOWS,
	CommonUserRestrictions.DISALLOW_SYSTEM_ERROR_DIALOGS,
	CommonUserRestrictions.DISALLOW_CROSS_PROFILE_COPY_PASTE,
	CommonUserRestrictions.DISALLOW_OUTGOING_BEAM,
	CommonUserRestrictions.DISALLOW_WALLPAPER,
	CommonUserRestrictions.DISALLOW_SAFE_BOOT,
	CommonUserRestrictions.ALLOW_PARENT_PROFILE_APP_LINKING,
	CommonUserRestrictions.DISALLOW_RECORD_AUDIO,
	CommonUserRestrictions.DISALLOW_CAMERA,
	CommonUserRestrictions.DISALLOW_RUN_IN_BACKGROUND,
	CommonUserRestrictions.DISALLOW_DATA_ROAMING,
	CommonUserRestrictions.DISALLOW_SET_USER_ICON,
	CommonUserRestrictions.DISALLOW_SET_WALLPAPER,
	CommonUserRestrictions.DISALLOW_OEM_UNLOCK,
	CommonUserRestrictions.DISALLOW_UNMUTE_DEVICE,
	CommonUserRestrictions.DISALLOW_AUTOFILL,
	CommonUserRestrictions.DISALLOW_CONTENT_CAPTURE,
	CommonUserRestrictions.DISALLOW_CONTENT_SUGGESTIONS,
	CommonUserRestrictions.DISALLOW_USER_SWITCH,
	CommonUserRestrictions.DISALLOW_UNIFIED_PASSWORD,
	CommonUserRestrictions.DISALLOW_CONFIG_LOCATION,
	CommonUserRestrictions.DISALLOW_AIRPLANE_MODE,
	CommonUserRestrictions.DISALLOW_CONFIG_BRIGHTNESS,
	CommonUserRestrictions.DISALLOW_SHARE_INTO_MANAGED_PROFILE,
	CommonUserRestrictions.DISALLOW_AMBIENT_DISPLAY,
	CommonUserRestrictions.DISALLOW_CONFIG_SCREEN_TIMEOUT,
	CommonUserRestrictions.DISALLOW_PRINTING,
	CommonUserRestrictions.DISALLOW_CONFIG_PRIVATE_DNS,
	CommonUserRestrictions.DISALLOW_MICROPHONE_TOGGLE,
	CommonUserRestrictions.DISALLOW_CAMERA_TOGGLE,
	CommonUserRestrictions.DISALLOW_CHANGE_WIFI_STATE,
	CommonUserRestrictions.DISALLOW_WIFI_TETHERING,
	CommonUserRestrictions.DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI,
	CommonUserRestrictions.DISALLOW_WIFI_DIRECT,
	CommonUserRestrictions.DISALLOW_ADD_WIFI_CONFIG
	})
	@Retention(RetentionPolicy.RUNTIME)
	private @interface AllUserRestrictions {
	}

	@StringTestParameter({
	CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
	CommonUserRestrictions.DISALLOW_SMS
	})
	@Retention(RetentionPolicy.RUNTIME)
	private @interface DefaultSecondaryUserRestrictions {
	}

	private static final String ANY_USER_RESTRICTION = CommonUserRestrictions.DISALLOW_CONFIG_WIFI;

	@ClassRule
	@Rule
	public static final DeviceState sDeviceState = new DeviceState();

	@Test
	@IncludeRunOnDeviceOwnerUser
	@IncludeRunOnUnaffiliatedProfileOwnerSecondaryUser
	@Postsubmit(reason = "new test")
	public void getUserRestrictions_allDefaultUserRestrictions_returnFalse(
	@AllUserRestrictions String restriction) {
	assertThat(sDeviceState.dpc().devicePolicyManager()
	.getUserRestrictions(sDeviceState.dpc().componentName())
	.getBoolean(restriction))
	.isFalse();
	}

	@CanSetPolicyTest(policy = UserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void getUserRestrictions_containsAddedRestriction(
	@AllDpcAllowedUserRestrictions String restriction) {
	boolean hasRestrictionOriginally = sDeviceState.dpc()
	.userManager().hasUserRestriction(restriction);

	try {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	assertThat(sDeviceState.dpc().devicePolicyManager()
	.getUserRestrictions(sDeviceState.dpc().componentName())
	.getBoolean(restriction))
	.isTrue();
	} finally {
	if (!hasRestrictionOriginally) {
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	}
	}
	}

	@CanSetPolicyTest(policy = UserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void hasUserRestriction_containsAddedRestriction(
	@AllDpcAllowedUserRestrictions String restriction) {
	boolean hasRestrictionOriginally = sDeviceState.dpc()
	.userManager().hasUserRestriction(restriction);

	try {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction)).isTrue();
	} finally {
	if (!hasRestrictionOriginally) {
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	}
	}
	}

	@CanSetPolicyTest(
	policy = com.android.bedstead.harrier.policies.DeviceOwnerOnlyUserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void hasUserRestriction_clearUserRestriction_restrictionIsRemoved(
	@AllDpcAllowedUserRestrictions String restriction) {
	boolean hasRestrictionOriginally = sDeviceState.dpc()
	.userManager().hasUserRestriction(restriction);

	try {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction))
	.isFalse();
	} finally {
	if (hasRestrictionOriginally) {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	} else {
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	}
	}
	}

	@CanSetPolicyTest(policy = AffiliatedProfileOwnerOnlyUserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void clearDefaultUserRestriction_restrictionIsNotRemoved(
	@DefaultSecondaryUserRestrictions String restriction) {
	boolean hasRestrictionOriginally = sDeviceState.dpc()
	.userManager().hasUserRestriction(restriction);

	try {
	assertThat(hasRestrictionOriginally).isTrue();
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction))
	.isTrue();
	} catch (SecurityException e) {
	// expect an exception for restrictions that cannot be set by a profile owner
	assertThat(e.getMessage())
	.isEqualTo("Profile owner cannot set user restriction " + restriction);
	} finally {
	if (hasRestrictionOriginally) {
	try {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	} catch (SecurityException e) {
	// expect an exception for restrictions that cannot be set by a profile owner
	}
	}
	}
	}

	@CanSetPolicyTest(policy = UserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void getUserRestriction_clearUserRestriction_restrictionIsRemoved(
	@AllDpcAllowedUserRestrictions String restriction) {
	boolean hasRestrictionOriginally = sDeviceState.dpc()
	.userManager().hasUserRestriction(restriction);

	try {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);

	assertThat(sDeviceState.dpc().devicePolicyManager()
	.getUserRestrictions(sDeviceState.dpc().componentName())
	.getBoolean(restriction))
	.isFalse();
	} finally {
	if (hasRestrictionOriginally) {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	} else {
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	}
	}
	}

	@CannotSetPolicyTest(
	policy = com.android.bedstead.harrier.policies.DeviceOwnerOnlyUserRestrictions.class,
	includeNonDeviceAdminStates = false)
	@Postsubmit(reason = "new test")
	public void addUserRestriction_deviceOwnerOnlyRestriction_throwsSecurityException(
	@DeviceOwnerOnlyUserRestrictions String restriction) {
	skipTestForFinancedDevice();

	try {
	assertThrows(SecurityException.class, () -> {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	});
	} finally {
	try {
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), restriction);
	} catch (SecurityException e) {
	// Expected exception if the dpc is not able to change user restrictions
	}
	}
	}

	@PolicyAppliesTest(policy = UserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void addUserRestriction_sendsBroadcastToReceiversInUser() {
	try (BlockingBroadcastReceiver broadcastReceiver =
	sDeviceState.registerBroadcastReceiver(
	CommonUserRestrictions.ACTION_USER_RESTRICTIONS_CHANGED)) {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
	broadcastReceiver.awaitForBroadcastOrFail();
	} finally {
	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
	}
	}

	@PolicyAppliesTest(policy = UserRestrictions.class)
	@Postsubmit(reason = "new test")
	public void clearUserRestriction_sendsBroadcastToReceiversInUser() {
	sDeviceState.dpc().devicePolicyManager().addUserRestriction(
	sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
	try (BlockingBroadcastReceiver broadcastReceiver =
	sDeviceState.registerBroadcastReceiver(
	CommonUserRestrictions.ACTION_USER_RESTRICTIONS_CHANGED)) {

	sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
	sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
	broadcastReceiver.awaitForBroadcastOrFail();
	}
	}

	private void skipTestForFinancedDevice() {
	DeviceOwner deviceOwner = TestApis.devicePolicy().getDeviceOwner();

	// TODO(): Determine a pattern to special case states so that they are not considered in
	// tests.
	assumeFalse(deviceOwner != null && deviceOwner.getType() == DeviceOwnerType.FINANCED);
	}
	}