| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package com.android.cts.delegate; |
| |
| import static android.app.admin.DevicePolicyManager.DELEGATION_PERMISSION_GRANT; |
| import static android.app.admin.DevicePolicyManager.PERMISSION_GRANT_STATE_DENIED; |
| import static android.app.admin.DevicePolicyManager.PERMISSION_GRANT_STATE_GRANTED; |
| import static android.app.admin.DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY; |
| import static android.app.admin.DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT; |
| |
| import static com.android.cts.delegate.DelegateTestUtils.assertExpectException; |
| |
| import android.app.admin.DevicePolicyManager; |
| |
| import java.util.List; |
| |
| /** |
| * Test that an app given the {@link DevicePolicyManager#DELEGATION_PERMISSION_GRANT} scope via |
| * {@link DevicePolicyManager#setDelegatedScopes} can grant permissions and check permission grant |
| * state. |
| */ |
| public class PermissionGrantDelegateTest extends BaseJUnit3TestCase { |
| |
| private static final String TEST_APP_PKG = "com.android.cts.launcherapps.simpleapp"; |
| private static final String TEST_PERMISSION = "android.permission.READ_CONTACTS"; |
| |
| public void testCannotAccessApis() { |
| assertFalse("DelegateApp should not be a permisssion grant delegate", |
| amIPermissionGrantDelegate()); |
| |
| // Exercise setPermissionPolicy. |
| assertExpectException(SecurityException.class, |
| "Calling identity is not authorized", () -> { |
| mDpm.setPermissionPolicy(null, PERMISSION_POLICY_AUTO_GRANT); |
| }); |
| assertFalse("Permission policy should not have been set", |
| PERMISSION_POLICY_AUTO_GRANT == mDpm.getPermissionPolicy(null)); |
| |
| // Exercise setPermissionGrantState. |
| assertExpectException(SecurityException.class, |
| "Calling identity is not authorized", () -> { |
| mDpm.setPermissionGrantState(null, TEST_APP_PKG, TEST_PERMISSION, |
| PERMISSION_GRANT_STATE_GRANTED); |
| }); |
| |
| // Exercise getPermissionGrantState. |
| assertExpectException(SecurityException.class, |
| "Calling identity is not authorized", () -> { |
| mDpm.getPermissionGrantState(null, TEST_APP_PKG, TEST_PERMISSION); |
| }); |
| } |
| |
| public void testCanAccessApis() { |
| assertTrue("DelegateApp is not a permission grant delegate", |
| amIPermissionGrantDelegate()); |
| |
| // Exercise setPermissionPolicy. |
| mDpm.setPermissionPolicy(null, PERMISSION_POLICY_AUTO_DENY); |
| assertTrue("Permission policy was not set", |
| PERMISSION_POLICY_AUTO_DENY == mDpm.getPermissionPolicy(null)); |
| |
| // Exercise setPermissionGrantState. |
| assertTrue("Permission grant state was not set successfully", |
| mDpm.setPermissionGrantState(null, TEST_APP_PKG, TEST_PERMISSION, |
| PERMISSION_GRANT_STATE_DENIED)); |
| |
| // Exercise getPermissionGrantState. |
| assertEquals("Permission grant state is not denied", PERMISSION_GRANT_STATE_DENIED, |
| mDpm.getPermissionGrantState(null, TEST_APP_PKG, TEST_PERMISSION)); |
| } |
| |
| private boolean amIPermissionGrantDelegate() { |
| final String packageName = getInstrumentation().getContext().getPackageName(); |
| final List<String> scopes = mDpm.getDelegatedScopes(null, packageName); |
| return scopes.contains(DELEGATION_PERMISSION_GRANT); |
| } |
| } |
