/*
 * Copyright (C) 2022 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.devicepolicy.cts;

import static com.google.common.truth.Truth.assertThat;

import static org.junit.Assume.assumeFalse;
import static org.testng.Assert.assertThrows;

import com.android.bedstead.harrier.BedsteadJUnit4;
import com.android.bedstead.harrier.DeviceState;
import com.android.bedstead.harrier.annotations.Postsubmit;
import com.android.bedstead.harrier.annotations.StringTestParameter;
import com.android.bedstead.harrier.annotations.enterprise.CanSetPolicyTest;
import com.android.bedstead.harrier.annotations.enterprise.CannotSetPolicyTest;
import com.android.bedstead.harrier.annotations.enterprise.PolicyAppliesTest;
import com.android.bedstead.harrier.annotations.parameterized.IncludeRunOnDeviceOwnerUser;
import com.android.bedstead.harrier.annotations.parameterized.IncludeRunOnUnaffiliatedProfileOwnerSecondaryUser;
import com.android.bedstead.harrier.policies.AffiliatedProfileOwnerOnlyUserRestrictions;
import com.android.bedstead.harrier.policies.UserRestrictions;
import com.android.bedstead.nene.TestApis;
import com.android.bedstead.nene.devicepolicy.DeviceOwner;
import com.android.bedstead.nene.devicepolicy.DeviceOwnerType;
import com.android.bedstead.nene.userrestrictions.CommonUserRestrictions;
import com.android.compatibility.common.util.BlockingBroadcastReceiver;

import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;

import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;

@RunWith(BedsteadJUnit4.class)
public final class UserRestrictionsTest {

    @StringTestParameter({
            CommonUserRestrictions.DISALLOW_USB_FILE_TRANSFER,
            CommonUserRestrictions.DISALLOW_CONFIG_TETHERING,
            CommonUserRestrictions.DISALLOW_NETWORK_RESET,
            CommonUserRestrictions.DISALLOW_FACTORY_RESET,
            CommonUserRestrictions.DISALLOW_ADD_USER,
            CommonUserRestrictions.DISALLOW_CONFIG_CELL_BROADCASTS,
            CommonUserRestrictions.DISALLOW_CONFIG_MOBILE_NETWORKS,
            CommonUserRestrictions.DISALLOW_MOUNT_PHYSICAL_MEDIA,
            CommonUserRestrictions.DISALLOW_SMS,
            CommonUserRestrictions.DISALLOW_FUN,
            CommonUserRestrictions.DISALLOW_SAFE_BOOT,
            CommonUserRestrictions.DISALLOW_CREATE_WINDOWS,
            CommonUserRestrictions.DISALLOW_DATA_ROAMING,
            CommonUserRestrictions.DISALLOW_BLUETOOTH})
    @Retention(RetentionPolicy.RUNTIME)
    private @interface DeviceOwnerOnlyUserRestrictions {
    }

    @StringTestParameter({
            CommonUserRestrictions.DISALLOW_MODIFY_ACCOUNTS,
            CommonUserRestrictions.DISALLOW_INSTALL_APPS,
            CommonUserRestrictions.DISALLOW_UNINSTALL_APPS,
            CommonUserRestrictions.DISALLOW_CONFIG_BLUETOOTH,
            CommonUserRestrictions.DISALLOW_CONFIG_CREDENTIALS,
            CommonUserRestrictions.DISALLOW_REMOVE_USER,
            CommonUserRestrictions.DISALLOW_CONFIG_VPN,
            CommonUserRestrictions.DISALLOW_APPS_CONTROL,
            CommonUserRestrictions.DISALLOW_UNMUTE_MICROPHONE,
            CommonUserRestrictions.DISALLOW_ADJUST_VOLUME,
            CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
            CommonUserRestrictions.DISALLOW_SYSTEM_ERROR_DIALOGS,
            CommonUserRestrictions.DISALLOW_CROSS_PROFILE_COPY_PASTE,
            CommonUserRestrictions.DISALLOW_OUTGOING_BEAM,
            CommonUserRestrictions.ALLOW_PARENT_PROFILE_APP_LINKING,
            CommonUserRestrictions.DISALLOW_SET_USER_ICON,
            CommonUserRestrictions.DISALLOW_AUTOFILL,
            CommonUserRestrictions.DISALLOW_CONTENT_CAPTURE,
            CommonUserRestrictions.DISALLOW_CONTENT_SUGGESTIONS,
            CommonUserRestrictions.DISALLOW_UNIFIED_PASSWORD
    })
    @Retention(RetentionPolicy.RUNTIME)
    private @interface AllDpcAllowedUserRestrictions {
    }

    @StringTestParameter(value = {
            CommonUserRestrictions.DISALLOW_CONFIG_WIFI,
            CommonUserRestrictions.DISALLOW_CONFIG_LOCALE,
            CommonUserRestrictions.DISALLOW_MODIFY_ACCOUNTS,
            CommonUserRestrictions.DISALLOW_INSTALL_APPS,
            CommonUserRestrictions.DISALLOW_UNINSTALL_APPS,
            CommonUserRestrictions.DISALLOW_SHARE_LOCATION,
            CommonUserRestrictions.DISALLOW_INSTALL_UNKNOWN_SOURCES,
            CommonUserRestrictions.DISALLOW_INSTALL_UNKNOWN_SOURCES_GLOBALLY,
            CommonUserRestrictions.DISALLOW_CONFIG_BLUETOOTH,
            CommonUserRestrictions.DISALLOW_BLUETOOTH,
            CommonUserRestrictions.DISALLOW_BLUETOOTH_SHARING,
            CommonUserRestrictions.DISALLOW_USB_FILE_TRANSFER,
            CommonUserRestrictions.DISALLOW_CONFIG_CREDENTIALS,
            CommonUserRestrictions.DISALLOW_REMOVE_USER,
            CommonUserRestrictions.DISALLOW_REMOVE_MANAGED_PROFILE,
            CommonUserRestrictions.DISALLOW_DEBUGGING_FEATURES,
            CommonUserRestrictions.DISALLOW_CONFIG_VPN,
            CommonUserRestrictions.DISALLOW_CONFIG_DATE_TIME,
            CommonUserRestrictions.DISALLOW_CONFIG_TETHERING,
            CommonUserRestrictions.DISALLOW_NETWORK_RESET,
            CommonUserRestrictions.DISALLOW_FACTORY_RESET,
            CommonUserRestrictions.DISALLOW_ADD_USER,
            CommonUserRestrictions.DISALLOW_ADD_MANAGED_PROFILE,
            CommonUserRestrictions.DISALLOW_ADD_CLONE_PROFILE,
            CommonUserRestrictions.ENSURE_VERIFY_APPS,
            CommonUserRestrictions.DISALLOW_CONFIG_CELL_BROADCASTS,
            CommonUserRestrictions.DISALLOW_CONFIG_MOBILE_NETWORKS,
            CommonUserRestrictions.DISALLOW_APPS_CONTROL,
            CommonUserRestrictions.DISALLOW_MOUNT_PHYSICAL_MEDIA,
            CommonUserRestrictions.DISALLOW_UNMUTE_MICROPHONE,
            CommonUserRestrictions.DISALLOW_ADJUST_VOLUME,
            CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
            CommonUserRestrictions.DISALLOW_SMS,
            CommonUserRestrictions.DISALLOW_FUN,
            CommonUserRestrictions.DISALLOW_CREATE_WINDOWS,
            CommonUserRestrictions.DISALLOW_SYSTEM_ERROR_DIALOGS,
            CommonUserRestrictions.DISALLOW_CROSS_PROFILE_COPY_PASTE,
            CommonUserRestrictions.DISALLOW_OUTGOING_BEAM,
            CommonUserRestrictions.DISALLOW_WALLPAPER,
            CommonUserRestrictions.DISALLOW_SAFE_BOOT,
            CommonUserRestrictions.ALLOW_PARENT_PROFILE_APP_LINKING,
            CommonUserRestrictions.DISALLOW_RECORD_AUDIO,
            CommonUserRestrictions.DISALLOW_CAMERA,
            CommonUserRestrictions.DISALLOW_RUN_IN_BACKGROUND,
            CommonUserRestrictions.DISALLOW_DATA_ROAMING,
            CommonUserRestrictions.DISALLOW_SET_USER_ICON,
            CommonUserRestrictions.DISALLOW_SET_WALLPAPER,
            CommonUserRestrictions.DISALLOW_OEM_UNLOCK,
            CommonUserRestrictions.DISALLOW_UNMUTE_DEVICE,
            CommonUserRestrictions.DISALLOW_AUTOFILL,
            CommonUserRestrictions.DISALLOW_CONTENT_CAPTURE,
            CommonUserRestrictions.DISALLOW_CONTENT_SUGGESTIONS,
            CommonUserRestrictions.DISALLOW_USER_SWITCH,
            CommonUserRestrictions.DISALLOW_UNIFIED_PASSWORD,
            CommonUserRestrictions.DISALLOW_CONFIG_LOCATION,
            CommonUserRestrictions.DISALLOW_AIRPLANE_MODE,
            CommonUserRestrictions.DISALLOW_CONFIG_BRIGHTNESS,
            CommonUserRestrictions.DISALLOW_SHARE_INTO_MANAGED_PROFILE,
            CommonUserRestrictions.DISALLOW_AMBIENT_DISPLAY,
            CommonUserRestrictions.DISALLOW_CONFIG_SCREEN_TIMEOUT,
            CommonUserRestrictions.DISALLOW_PRINTING,
            CommonUserRestrictions.DISALLOW_CONFIG_PRIVATE_DNS,
            CommonUserRestrictions.DISALLOW_MICROPHONE_TOGGLE,
            CommonUserRestrictions.DISALLOW_CAMERA_TOGGLE,
            CommonUserRestrictions.DISALLOW_CHANGE_WIFI_STATE,
            CommonUserRestrictions.DISALLOW_WIFI_TETHERING,
            CommonUserRestrictions.DISALLOW_SHARING_ADMIN_CONFIGURED_WIFI,
            CommonUserRestrictions.DISALLOW_WIFI_DIRECT,
            CommonUserRestrictions.DISALLOW_ADD_WIFI_CONFIG
    })
    @Retention(RetentionPolicy.RUNTIME)
    private @interface AllUserRestrictions {
    }

    @StringTestParameter({
            CommonUserRestrictions.DISALLOW_OUTGOING_CALLS,
            CommonUserRestrictions.DISALLOW_SMS
    })
    @Retention(RetentionPolicy.RUNTIME)
    private @interface DefaultSecondaryUserRestrictions {
    }

    private static final String ANY_USER_RESTRICTION = CommonUserRestrictions.DISALLOW_CONFIG_WIFI;

    @ClassRule
    @Rule
    public static final DeviceState sDeviceState = new DeviceState();

    @Test
    @IncludeRunOnDeviceOwnerUser
    @IncludeRunOnUnaffiliatedProfileOwnerSecondaryUser
    @Postsubmit(reason = "new test")
    public void getUserRestrictions_allDefaultUserRestrictions_returnFalse(
            @AllUserRestrictions String restriction) {
        assertThat(sDeviceState.dpc().devicePolicyManager()
                .getUserRestrictions(sDeviceState.dpc().componentName())
                .getBoolean(restriction))
                .isFalse();
    }

    @CanSetPolicyTest(policy = UserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void getUserRestrictions_containsAddedRestriction(
            @AllDpcAllowedUserRestrictions String restriction) {
        boolean hasRestrictionOriginally = sDeviceState.dpc()
                .userManager().hasUserRestriction(restriction);

        try {
            sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            assertThat(sDeviceState.dpc().devicePolicyManager()
                    .getUserRestrictions(sDeviceState.dpc().componentName())
                    .getBoolean(restriction))
                    .isTrue();
        } finally {
            if (!hasRestrictionOriginally) {
                sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            }
        }
    }

    @CanSetPolicyTest(policy = UserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void hasUserRestriction_containsAddedRestriction(
            @AllDpcAllowedUserRestrictions String restriction) {
        boolean hasRestrictionOriginally = sDeviceState.dpc()
                .userManager().hasUserRestriction(restriction);

        try {
            sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction)).isTrue();
        } finally {
            if (!hasRestrictionOriginally) {
                sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            }
        }
    }

    @CanSetPolicyTest(
            policy = com.android.bedstead.harrier.policies.DeviceOwnerOnlyUserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void hasUserRestriction_clearUserRestriction_restrictionIsRemoved(
            @AllDpcAllowedUserRestrictions String restriction) {
        boolean hasRestrictionOriginally = sDeviceState.dpc()
                .userManager().hasUserRestriction(restriction);

        try {
            sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction))
                    .isFalse();
        } finally {
            if (hasRestrictionOriginally) {
                sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            } else {
                sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            }
        }
    }

    @CanSetPolicyTest(policy = AffiliatedProfileOwnerOnlyUserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void clearDefaultUserRestriction_restrictionIsNotRemoved(
            @DefaultSecondaryUserRestrictions String restriction) {
        boolean hasRestrictionOriginally = sDeviceState.dpc()
                .userManager().hasUserRestriction(restriction);

        try {
            assertThat(hasRestrictionOriginally).isTrue();
            sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            assertThat(sDeviceState.dpc().userManager().hasUserRestriction(restriction))
                    .isTrue();
        } catch (SecurityException e) {
            // expect an exception for restrictions that cannot be set by a profile owner
            assertThat(e.getMessage())
                    .isEqualTo("Profile owner cannot set user restriction " + restriction);
        } finally {
            if (hasRestrictionOriginally) {
                try {
                    sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                            sDeviceState.dpc().componentName(), restriction);
                } catch (SecurityException e) {
                    // expect an exception for restrictions that cannot be set by a profile owner
                }
            }
        }
    }

    @CanSetPolicyTest(policy = UserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void getUserRestriction_clearUserRestriction_restrictionIsRemoved(
            @AllDpcAllowedUserRestrictions String restriction) {
        boolean hasRestrictionOriginally = sDeviceState.dpc()
                .userManager().hasUserRestriction(restriction);

        try {
            sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                    sDeviceState.dpc().componentName(), restriction);

            assertThat(sDeviceState.dpc().devicePolicyManager()
                    .getUserRestrictions(sDeviceState.dpc().componentName())
                    .getBoolean(restriction))
                    .isFalse();
        } finally {
            if (hasRestrictionOriginally) {
                sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            } else {
                sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            }
        }
    }

    @CannotSetPolicyTest(
            policy = com.android.bedstead.harrier.policies.DeviceOwnerOnlyUserRestrictions.class,
            includeNonDeviceAdminStates = false)
    @Postsubmit(reason = "new test")
    public void addUserRestriction_deviceOwnerOnlyRestriction_throwsSecurityException(
            @DeviceOwnerOnlyUserRestrictions String restriction) {
        skipTestForFinancedDevice();

        try {
            assertThrows(SecurityException.class, () -> {
                sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            });
        } finally {
            try {
                sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                        sDeviceState.dpc().componentName(), restriction);
            } catch (SecurityException e) {
                // Expected exception if the dpc is not able to change user restrictions
            }
        }
    }

    @PolicyAppliesTest(policy = UserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void addUserRestriction_sendsBroadcastToReceiversInUser() {
        try (BlockingBroadcastReceiver broadcastReceiver =
                     sDeviceState.registerBroadcastReceiver(
                             CommonUserRestrictions.ACTION_USER_RESTRICTIONS_CHANGED)) {
            sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                    sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
            broadcastReceiver.awaitForBroadcastOrFail();
        } finally {
            sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                    sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
        }
    }

    @PolicyAppliesTest(policy = UserRestrictions.class)
    @Postsubmit(reason = "new test")
    public void clearUserRestriction_sendsBroadcastToReceiversInUser() {
        sDeviceState.dpc().devicePolicyManager().addUserRestriction(
                sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
        try (BlockingBroadcastReceiver broadcastReceiver =
                     sDeviceState.registerBroadcastReceiver(
                             CommonUserRestrictions.ACTION_USER_RESTRICTIONS_CHANGED)) {

            sDeviceState.dpc().devicePolicyManager().clearUserRestriction(
                    sDeviceState.dpc().componentName(), ANY_USER_RESTRICTION);
            broadcastReceiver.awaitForBroadcastOrFail();
        }
    }

    private void skipTestForFinancedDevice() {
        DeviceOwner deviceOwner = TestApis.devicePolicy().getDeviceOwner();

        // TODO(): Determine a pattern to special case states so that they are not considered in
        //  tests.
        assumeFalse(deviceOwner != null && deviceOwner.getType() == DeviceOwnerType.FINANCED);
    }
}