packages/SystemUI/tests/src/com/android/systemui/statusbar/policy/SecurityControllerTest.java - platform/frameworks/base - Git at Google

 /*
  * Copyright (C) 2016 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.systemui.statusbar.policy;

 import static android.app.admin.DevicePolicyManager.DEVICE_OWNER_TYPE_FINANCED;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyInt;
 import static org.mockito.Matchers.anyObject;
 import static org.mockito.Matchers.argThat;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;

 import android.app.admin.DevicePolicyManager;
 import android.content.BroadcastReceiver;
 import android.content.ComponentName;
 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.StringParceledListSlice;
 import android.content.pm.UserInfo;
 import android.net.ConnectivityManager;
 import android.net.ConnectivityManager.NetworkCallback;
 import android.net.NetworkRequest;
 import android.os.Handler;
 import android.os.UserManager;
 import android.security.IKeyChainService;
 import android.test.suitebuilder.annotation.SmallTest;

 import androidx.test.runner.AndroidJUnit4;

 import com.android.systemui.SysuiTestCase;
 import com.android.systemui.broadcast.BroadcastDispatcher;
 import com.android.systemui.util.concurrency.FakeExecutor;
 import com.android.systemui.util.time.FakeSystemClock;

 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.ArgumentCaptor;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;

 @SmallTest
 @RunWith(AndroidJUnit4.class)
 public class SecurityControllerTest extends SysuiTestCase {
     private static final ComponentName DEVICE_OWNER_COMPONENT =
             new ComponentName("com.android.foo", "bar");

     private final DevicePolicyManager mDevicePolicyManager = mock(DevicePolicyManager.class);
     private final IKeyChainService.Stub mKeyChainService = mock(IKeyChainService.Stub.class);
     private final UserManager mUserManager = mock(UserManager.class);
     private final BroadcastDispatcher mBroadcastDispatcher = mock(BroadcastDispatcher.class);
     private final Handler mHandler = mock(Handler.class);
     private SecurityControllerImpl mSecurityController;
     private ConnectivityManager mConnectivityManager = mock(ConnectivityManager.class);
     private FakeExecutor mBgExecutor;
     private BroadcastReceiver mBroadcastReceiver;

     @Before
     public void setUp() throws Exception {
         mContext.addMockSystemService(Context.DEVICE_POLICY_SERVICE, mDevicePolicyManager);
         mContext.addMockSystemService(Context.USER_SERVICE, mUserManager);
         mContext.addMockSystemService(Context.CONNECTIVITY_SERVICE, mConnectivityManager);

         Intent intent = new Intent(IKeyChainService.class.getName());
         ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);
         mContext.addMockService(comp, mKeyChainService);

         when(mUserManager.getUserInfo(anyInt())).thenReturn(new UserInfo());
         when(mUserManager.isUserUnlocked(any())).thenReturn(true);

         when(mKeyChainService.getUserCaAliases())
                 .thenReturn(new StringParceledListSlice(new ArrayList<String>()));
         // Without this line, mKeyChainService gets wrapped in a proxy when Stub.asInterface() is
         // used on it, and the mocking above does not work.
         when(mKeyChainService.queryLocalInterface("android.security.IKeyChainService"))
                 .thenReturn(mKeyChainService);

         ArgumentCaptor<BroadcastReceiver> brCaptor =
                 ArgumentCaptor.forClass(BroadcastReceiver.class);

         mBgExecutor = new FakeExecutor(new FakeSystemClock());
         mSecurityController = new SecurityControllerImpl(
                 mContext,
                 mHandler,
                 mBroadcastDispatcher,
                 mBgExecutor);

         verify(mBroadcastDispatcher).registerReceiverWithHandler(
                 brCaptor.capture(),
                 anyObject(),
                 anyObject(),
                 anyObject());

         mBroadcastReceiver = brCaptor.getValue();
     }

     @Test
     public void testIsDeviceManaged() {
         when(mDevicePolicyManager.isDeviceManaged()).thenReturn(true);
         assertTrue(mSecurityController.isDeviceManaged());

         when(mDevicePolicyManager.isDeviceManaged()).thenReturn(false);
         assertFalse(mSecurityController.isDeviceManaged());
     }

     @Test
     public void testGetDeviceOwnerOrganizationName() {
         when(mDevicePolicyManager.getDeviceOwnerOrganizationName()).thenReturn("organization");
         assertEquals("organization", mSecurityController.getDeviceOwnerOrganizationName());
     }

     @Test
     public void testGetDeviceOwnerComponentOnAnyUser() {
         when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser())
                 .thenReturn(DEVICE_OWNER_COMPONENT);
         assertEquals(mSecurityController.getDeviceOwnerComponentOnAnyUser(),
                 DEVICE_OWNER_COMPONENT);
     }

     @Test
     public void testGetDeviceOwnerType() {
         when(mDevicePolicyManager.getDeviceOwnerType(DEVICE_OWNER_COMPONENT))
                 .thenReturn(DEVICE_OWNER_TYPE_FINANCED);
         assertEquals(mSecurityController.getDeviceOwnerType(DEVICE_OWNER_COMPONENT),
                 DEVICE_OWNER_TYPE_FINANCED);
     }

     @Test
     public void testWorkAccount() throws Exception {
         assertFalse(mSecurityController.hasCACertInCurrentUser());

         final int PRIMARY_USER_ID = 0;
         final int MANAGED_USER_ID = 1;
         List<UserInfo> profiles = Arrays.asList(new UserInfo(PRIMARY_USER_ID, "Primary",
                                                              UserInfo.FLAG_PRIMARY),
                                                 new UserInfo(MANAGED_USER_ID, "Working",
                                                              UserInfo.FLAG_MANAGED_PROFILE));
         when(mUserManager.getProfiles(anyInt())).thenReturn(profiles);
         assertTrue(mSecurityController.hasWorkProfile());
         assertFalse(mSecurityController.hasCACertInWorkProfile());

         when(mKeyChainService.getUserCaAliases())
                 .thenReturn(new StringParceledListSlice(Arrays.asList("One CA Alias")));

         refreshCACerts(MANAGED_USER_ID);
         mBgExecutor.runAllReady();

         assertTrue(mSecurityController.hasCACertInWorkProfile());
     }

     @Test
     public void testCaCertLoader() throws Exception {
         assertFalse(mSecurityController.hasCACertInCurrentUser());

         // With a CA cert
         when(mKeyChainService.getUserCaAliases())
                 .thenReturn(new StringParceledListSlice(Arrays.asList("One CA Alias")));

         refreshCACerts(0);
         mBgExecutor.runAllReady();

         assertTrue(mSecurityController.hasCACertInCurrentUser());

         // Exception
         when(mKeyChainService.getUserCaAliases())
                 .thenThrow(new AssertionError("Test AssertionError"))
                 .thenReturn(new StringParceledListSlice(new ArrayList<String>()));

         refreshCACerts(0);
         mBgExecutor.runAllReady();

         assertTrue(mSecurityController.hasCACertInCurrentUser());

         refreshCACerts(0);
         mBgExecutor.runAllReady();

         assertFalse(mSecurityController.hasCACertInCurrentUser());
     }

     @Test
     public void testNetworkRequest() {
         verify(mConnectivityManager, times(1)).registerNetworkCallback(argThat(
                 (NetworkRequest request) ->
                         request.equals(new NetworkRequest.Builder().clearCapabilities().build())
                 ), any(NetworkCallback.class));
     }

     /**
      * refresh CA certs by sending a user unlocked broadcast for the desired user
      */
     private void refreshCACerts(int userId) {
         Intent intent = new Intent(Intent.ACTION_USER_UNLOCKED);
         intent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
         mBroadcastReceiver.onReceive(mContext, intent);
     }
 }
	/*
	* Copyright (C) 2016 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.systemui.statusbar.policy;

	import static android.app.admin.DevicePolicyManager.DEVICE_OWNER_TYPE_FINANCED;

	import static org.junit.Assert.assertEquals;
	import static org.junit.Assert.assertFalse;
	import static org.junit.Assert.assertTrue;
	import static org.mockito.Matchers.any;
	import static org.mockito.Matchers.anyInt;
	import static org.mockito.Matchers.anyObject;
	import static org.mockito.Matchers.argThat;
	import static org.mockito.Mockito.mock;
	import static org.mockito.Mockito.times;
	import static org.mockito.Mockito.verify;
	import static org.mockito.Mockito.when;

	import android.app.admin.DevicePolicyManager;
	import android.content.BroadcastReceiver;
	import android.content.ComponentName;
	import android.content.Context;
	import android.content.Intent;
	import android.content.pm.StringParceledListSlice;
	import android.content.pm.UserInfo;
	import android.net.ConnectivityManager;
	import android.net.ConnectivityManager.NetworkCallback;
	import android.net.NetworkRequest;
	import android.os.Handler;
	import android.os.UserManager;
	import android.security.IKeyChainService;
	import android.test.suitebuilder.annotation.SmallTest;

	import androidx.test.runner.AndroidJUnit4;

	import com.android.systemui.SysuiTestCase;
	import com.android.systemui.broadcast.BroadcastDispatcher;
	import com.android.systemui.util.concurrency.FakeExecutor;
	import com.android.systemui.util.time.FakeSystemClock;

	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.mockito.ArgumentCaptor;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.List;

	@SmallTest
	@RunWith(AndroidJUnit4.class)
	public class SecurityControllerTest extends SysuiTestCase {
	private static final ComponentName DEVICE_OWNER_COMPONENT =
	new ComponentName("com.android.foo", "bar");

	private final DevicePolicyManager mDevicePolicyManager = mock(DevicePolicyManager.class);
	private final IKeyChainService.Stub mKeyChainService = mock(IKeyChainService.Stub.class);
	private final UserManager mUserManager = mock(UserManager.class);
	private final BroadcastDispatcher mBroadcastDispatcher = mock(BroadcastDispatcher.class);
	private final Handler mHandler = mock(Handler.class);
	private SecurityControllerImpl mSecurityController;
	private ConnectivityManager mConnectivityManager = mock(ConnectivityManager.class);
	private FakeExecutor mBgExecutor;
	private BroadcastReceiver mBroadcastReceiver;

	@Before
	public void setUp() throws Exception {
	mContext.addMockSystemService(Context.DEVICE_POLICY_SERVICE, mDevicePolicyManager);
	mContext.addMockSystemService(Context.USER_SERVICE, mUserManager);
	mContext.addMockSystemService(Context.CONNECTIVITY_SERVICE, mConnectivityManager);

	Intent intent = new Intent(IKeyChainService.class.getName());
	ComponentName comp = intent.resolveSystemService(mContext.getPackageManager(), 0);
	mContext.addMockService(comp, mKeyChainService);

	when(mUserManager.getUserInfo(anyInt())).thenReturn(new UserInfo());
	when(mUserManager.isUserUnlocked(any())).thenReturn(true);

	when(mKeyChainService.getUserCaAliases())
	.thenReturn(new StringParceledListSlice(new ArrayList<String>()));
	// Without this line, mKeyChainService gets wrapped in a proxy when Stub.asInterface() is
	// used on it, and the mocking above does not work.
	when(mKeyChainService.queryLocalInterface("android.security.IKeyChainService"))
	.thenReturn(mKeyChainService);

	ArgumentCaptor<BroadcastReceiver> brCaptor =
	ArgumentCaptor.forClass(BroadcastReceiver.class);

	mBgExecutor = new FakeExecutor(new FakeSystemClock());
	mSecurityController = new SecurityControllerImpl(
	mContext,
	mHandler,
	mBroadcastDispatcher,
	mBgExecutor);

	verify(mBroadcastDispatcher).registerReceiverWithHandler(
	brCaptor.capture(),
	anyObject(),
	anyObject(),
	anyObject());

	mBroadcastReceiver = brCaptor.getValue();
	}

	@Test
	public void testIsDeviceManaged() {
	when(mDevicePolicyManager.isDeviceManaged()).thenReturn(true);
	assertTrue(mSecurityController.isDeviceManaged());

	when(mDevicePolicyManager.isDeviceManaged()).thenReturn(false);
	assertFalse(mSecurityController.isDeviceManaged());
	}

	@Test
	public void testGetDeviceOwnerOrganizationName() {
	when(mDevicePolicyManager.getDeviceOwnerOrganizationName()).thenReturn("organization");
	assertEquals("organization", mSecurityController.getDeviceOwnerOrganizationName());
	}

	@Test
	public void testGetDeviceOwnerComponentOnAnyUser() {
	when(mDevicePolicyManager.getDeviceOwnerComponentOnAnyUser())
	.thenReturn(DEVICE_OWNER_COMPONENT);
	assertEquals(mSecurityController.getDeviceOwnerComponentOnAnyUser(),
	DEVICE_OWNER_COMPONENT);
	}

	@Test
	public void testGetDeviceOwnerType() {
	when(mDevicePolicyManager.getDeviceOwnerType(DEVICE_OWNER_COMPONENT))
	.thenReturn(DEVICE_OWNER_TYPE_FINANCED);
	assertEquals(mSecurityController.getDeviceOwnerType(DEVICE_OWNER_COMPONENT),
	DEVICE_OWNER_TYPE_FINANCED);
	}

	@Test
	public void testWorkAccount() throws Exception {
	assertFalse(mSecurityController.hasCACertInCurrentUser());

	final int PRIMARY_USER_ID = 0;
	final int MANAGED_USER_ID = 1;
	List<UserInfo> profiles = Arrays.asList(new UserInfo(PRIMARY_USER_ID, "Primary",
	UserInfo.FLAG_PRIMARY),
	new UserInfo(MANAGED_USER_ID, "Working",
	UserInfo.FLAG_MANAGED_PROFILE));
	when(mUserManager.getProfiles(anyInt())).thenReturn(profiles);
	assertTrue(mSecurityController.hasWorkProfile());
	assertFalse(mSecurityController.hasCACertInWorkProfile());

	when(mKeyChainService.getUserCaAliases())
	.thenReturn(new StringParceledListSlice(Arrays.asList("One CA Alias")));

	refreshCACerts(MANAGED_USER_ID);
	mBgExecutor.runAllReady();

	assertTrue(mSecurityController.hasCACertInWorkProfile());
	}

	@Test
	public void testCaCertLoader() throws Exception {
	assertFalse(mSecurityController.hasCACertInCurrentUser());

	// With a CA cert
	when(mKeyChainService.getUserCaAliases())
	.thenReturn(new StringParceledListSlice(Arrays.asList("One CA Alias")));

	refreshCACerts(0);
	mBgExecutor.runAllReady();

	assertTrue(mSecurityController.hasCACertInCurrentUser());

	// Exception
	when(mKeyChainService.getUserCaAliases())
	.thenThrow(new AssertionError("Test AssertionError"))
	.thenReturn(new StringParceledListSlice(new ArrayList<String>()));

	refreshCACerts(0);
	mBgExecutor.runAllReady();

	assertTrue(mSecurityController.hasCACertInCurrentUser());

	refreshCACerts(0);
	mBgExecutor.runAllReady();

	assertFalse(mSecurityController.hasCACertInCurrentUser());
	}

	@Test
	public void testNetworkRequest() {
	verify(mConnectivityManager, times(1)).registerNetworkCallback(argThat(
	(NetworkRequest request) ->
	request.equals(new NetworkRequest.Builder().clearCapabilities().build())
	), any(NetworkCallback.class));
	}

	/**
	* refresh CA certs by sending a user unlocked broadcast for the desired user
	*/
	private void refreshCACerts(int userId) {
	Intent intent = new Intent(Intent.ACTION_USER_UNLOCKED);
	intent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
	mBroadcastReceiver.onReceive(mContext, intent);
	}
	}