Adding car specific default guest restrictions.
Fixes: 109697763
Test: atest CarUserManagerHelperTest
Change-Id: I6b5c70b9e2975198f5db90604604f68eb4e757bf
diff --git a/car-lib/src/android/car/user/CarUserManagerHelper.java b/car-lib/src/android/car/user/CarUserManagerHelper.java
index 94c701d..e7df92c 100644
--- a/car-lib/src/android/car/user/CarUserManagerHelper.java
+++ b/car-lib/src/android/car/user/CarUserManagerHelper.java
@@ -28,6 +28,7 @@
import android.graphics.Bitmap;
import android.graphics.drawable.BitmapDrawable;
import android.graphics.drawable.Drawable;
+import android.os.Bundle;
import android.os.SystemProperties;
import android.os.UserHandle;
import android.os.UserManager;
@@ -62,6 +63,18 @@
private static final Set<String> DEFAULT_NON_ADMIN_RESTRICTIONS = Sets.newArraySet(
UserManager.DISALLOW_FACTORY_RESET
);
+ /**
+ * Default set of restrictions for Guest users.
+ */
+ private static final Set<String> DEFAULT_GUEST_RESTRICTIONS = Sets.newArraySet(
+ UserManager.DISALLOW_FACTORY_RESET,
+ UserManager.DISALLOW_REMOVE_USER,
+ UserManager.DISALLOW_MODIFY_ACCOUNTS,
+ UserManager.DISALLOW_OUTGOING_CALLS,
+ UserManager.DISALLOW_SMS,
+ UserManager.DISALLOW_INSTALL_APPS,
+ UserManager.DISALLOW_UNINSTALL_APPS
+ );
private final Context mContext;
private final UserManager mUserManager;
@@ -216,6 +229,19 @@
}
/**
+ * Sets default guest restrictions that will be applied every time a Guest user is created.
+ *
+ * <p> Restrictions are written to disk and persistent across boots.
+ */
+ public void initDefaultGuestRestrictions() {
+ Bundle defaultGuestRestrictions = new Bundle();
+ for (String restriction : DEFAULT_GUEST_RESTRICTIONS) {
+ defaultGuestRestrictions.putBoolean(restriction, true);
+ }
+ mUserManager.setDefaultGuestRestrictions(defaultGuestRestrictions);
+ }
+
+ /**
* Returns {@code true} if the system is in the headless user 0 model.
*
* @return {@boolean true} if headless system user.
diff --git a/service/src/com/android/car/user/CarUserService.java b/service/src/com/android/car/user/CarUserService.java
index 3898e74..c63a2fd 100644
--- a/service/src/com/android/car/user/CarUserService.java
+++ b/service/src/com/android/car/user/CarUserService.java
@@ -93,6 +93,7 @@
if (Intent.ACTION_LOCKED_BOOT_COMPLETED.equals(intent.getAction())) {
if (mCarUserManagerHelper.getAllUsers().size() == 0) {
setSystemUserRestrictions();
+ mCarUserManagerHelper.initDefaultGuestRestrictions();
// On very first boot, create an admin user and switch to that user.
UserInfo admin = mCarUserManagerHelper.createNewAdminUser(OWNER_NAME);
mCarUserManagerHelper.switchToUser(admin);
diff --git a/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java b/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java
index da7cc2c..cc4defa 100644
--- a/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/CarUserManagerHelperTest.java
@@ -34,6 +34,7 @@
import android.content.pm.UserInfo;
import android.graphics.Bitmap;
import android.graphics.drawable.Drawable;
+import android.os.Bundle;
import android.os.Handler;
import android.os.SystemProperties;
import android.os.UserHandle;
@@ -547,6 +548,26 @@
}
@Test
+ public void testDefaultGuestRestrictions() {
+ int guestRestrictionsExpectedCount = 7;
+
+ ArgumentCaptor<Bundle> bundleCaptor = ArgumentCaptor.forClass(Bundle.class);
+ mCarUserManagerHelper.initDefaultGuestRestrictions();
+
+ verify(mUserManager).setDefaultGuestRestrictions(bundleCaptor.capture());
+ Bundle guestRestrictions = bundleCaptor.getValue();
+
+ assertThat(guestRestrictions.keySet()).hasSize(guestRestrictionsExpectedCount);
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_FACTORY_RESET)).isTrue();
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_REMOVE_USER)).isTrue();
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_MODIFY_ACCOUNTS)).isTrue();
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_OUTGOING_CALLS)).isTrue();
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_SMS)).isTrue();
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_INSTALL_APPS)).isTrue();
+ assertThat(guestRestrictions.getBoolean(UserManager.DISALLOW_UNINSTALL_APPS)).isTrue();
+ }
+
+ @Test
public void testAssigningAdminPrivilegesRemovesNonAdminRestrictions() {
int testUserId = 30;
boolean restrictionEnabled = false;
diff --git a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
index 710b847..48d447b 100644
--- a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
@@ -32,9 +32,6 @@
import android.os.UserManager;
import android.support.test.runner.AndroidJUnit4;
-import java.util.ArrayList;
-import java.util.List;
-
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -42,6 +39,9 @@
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
+import java.util.ArrayList;
+import java.util.List;
+
/**
* This class contains unit tests for the {@link CarUserService}.
*
@@ -71,12 +71,14 @@
* Initialize all of the objects with the @Mock annotation.
*/
@Before
- public void setUp() throws Exception {
+ public void setUpMocks() throws Exception {
MockitoAnnotations.initMocks(this);
doReturn(mApplicationContext).when(mMockContext).getApplicationContext();
doReturn(mLocationManager).when(mMockContext).getSystemService(Context.LOCATION_SERVICE);
mCarUserService = new CarUserService(mMockContext, mCarUserManagerHelper);
+
+ doReturn(new ArrayList<>()).when(mCarUserManagerHelper).getAllUsers();
}
/**
@@ -109,13 +111,7 @@
*/
@Test
public void testStartsSecondaryAdminUserOnFirstRun() {
- List<UserInfo> users = new ArrayList<>();
-
- int adminUserId = 10;
- UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
- doReturn(users).when(mCarUserManagerHelper).getAllUsers();
- doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+ UserInfo admin = mockAdmin(/* adminId= */ 10);
mCarUserService.onReceive(mMockContext,
new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
@@ -129,16 +125,12 @@
*/
@Test
public void testDisableModifyAccountsForSystemUserOnFirstRun() {
- List<UserInfo> users = new ArrayList<>();
-
+ // Mock system user.
UserInfo systemUser = new UserInfo();
systemUser.id = UserHandle.USER_SYSTEM;
- int adminUserId = 10;
- UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
- doReturn(users).when(mCarUserManagerHelper).getAllUsers();
doReturn(systemUser).when(mCarUserManagerHelper).getSystemUserInfo();
- doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+
+ mockAdmin(10);
mCarUserService.onReceive(mMockContext,
new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
@@ -152,22 +144,13 @@
*/
@Test
public void testDisableLocationForSystemUserOnFirstRun() {
- List<UserInfo> users = new ArrayList<>();
-
- UserInfo systemUser = new UserInfo();
- systemUser.id = UserHandle.USER_SYSTEM;
- int adminUserId = 10;
- UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
- doReturn(users).when(mCarUserManagerHelper).getAllUsers();
- doReturn(systemUser).when(mCarUserManagerHelper).getSystemUserInfo();
- doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+ mockAdmin(/* adminId= */ 10);
mCarUserService.onReceive(mMockContext,
new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
- verify(mLocationManager)
- .setLocationEnabledForUser(/* enabled= */ false, UserHandle.of(systemUser.id));
+ verify(mLocationManager).setLocationEnabledForUser(
+ /* enabled= */ false, UserHandle.of(UserHandle.USER_SYSTEM));
}
/**
@@ -176,21 +159,13 @@
*/
@Test
public void testUpdateLastActiveUserOnFirstRun() {
- List<UserInfo> users = new ArrayList<>();
-
- UserInfo systemUser = new UserInfo();
- systemUser.id = UserHandle.USER_SYSTEM;
- int adminUserId = 10;
- UserInfo admin = new UserInfo(adminUserId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
-
- doReturn(users).when(mCarUserManagerHelper).getAllUsers();
- doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+ UserInfo admin = mockAdmin(/* adminId= */ 10);
mCarUserService.onReceive(mMockContext,
new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
verify(mCarUserManagerHelper)
- .setLastActiveUser(adminUserId, /* skipGlobalSetting= */ false);
+ .setLastActiveUser(admin.id, /* skipGlobalSetting= */ false);
}
/**
@@ -236,4 +211,23 @@
verify(mCarUserManagerHelper).setLastActiveUser(
lastActiveUserId, /* skipGlobalSetting= */ false);
}
+
+ /**
+ * Test that the {@link CarUserService} sets default guest restrictions on first boot.
+ */
+ @Test
+ public void testInitializeGuestRestrictionsOnFirstRun() {
+ mockAdmin(/* adminId= */ 10);
+
+ mCarUserService.onReceive(mMockContext,
+ new Intent(Intent.ACTION_LOCKED_BOOT_COMPLETED));
+
+ verify(mCarUserManagerHelper).initDefaultGuestRestrictions();
+ }
+
+ private UserInfo mockAdmin(int adminId) {
+ UserInfo admin = new UserInfo(adminId, CarUserService.OWNER_NAME, UserInfo.FLAG_ADMIN);
+ doReturn(admin).when(mCarUserManagerHelper).createNewAdminUser(CarUserService.OWNER_NAME);
+ return admin;
+ }
}
