Extract checking profiles for restrictions into a shared method.

Test: m RunSettingsLibRoboTests
Change-Id: Ie8fd3121771a7a2213ee441aef5a0746ad09a6c9

2 files changed, 198 insertions, 89 deletions

diff --git a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java
index 6bd8a879dabb..99d7f1e20f95 100644
--- a/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java
+++ b/packages/SettingsLib/src/com/android/settingslib/RestrictedLockUtils.java
@@ -16,6 +16,7 @@
 
 package com.android.settingslib;
 
+import android.annotation.UserIdInt;
 import android.app.AppGlobals;
 import android.app.admin.DevicePolicyManager;
 import android.content.ComponentName;
@@ -118,21 +119,25 @@ public class RestrictedLockUtils {
      */
     public static EnforcedAdmin checkIfKeyguardFeaturesDisabled(Context context,
             int keyguardFeatures, int userId) {
+        final LockSettingCheck check =
+                (DevicePolicyManager dpm, ComponentName admin, @UserIdInt int checkUser) ->
+                        (dpm.getKeyguardDisabledFeatures(admin, checkUser) & keyguardFeatures) != 0;
+
         final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(
                 Context.DEVICE_POLICY_SERVICE);
         if (dpm == null) {
             return null;
         }
+
         final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
-        LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
-        EnforcedAdmin enforcedAdmin = null;
         if (um.getUserInfo(userId).isManagedProfile()) {
             final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userId);
             if (admins == null) {
                 return null;
             }
+            EnforcedAdmin enforcedAdmin = null;
             for (ComponentName admin : admins) {
-                if ((dpm.getKeyguardDisabledFeatures(admin, userId) & keyguardFeatures) != 0) {
+                if (check.isEnforcing(dpm, admin, userId)) {
                     if (enforcedAdmin == null) {
                         enforcedAdmin = new EnforcedAdmin(admin, userId);
                     } else {
@@ -140,49 +145,10 @@ public class RestrictedLockUtils {
                     }
                 }
             }
+            return enforcedAdmin;
         } else {
-            // Consider all admins for this user and the profiles that are visible from this
-            // user that do not use a separate work challenge.
-            for (UserInfo userInfo : um.getProfiles(userId)) {
-                final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
-                if (admins == null) {
-                    continue;
-                }
-                final boolean isSeparateProfileChallengeEnabled =
-                        lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
-                for (ComponentName admin : admins) {
-                    if (!isSeparateProfileChallengeEnabled) {
-                        if ((dpm.getKeyguardDisabledFeatures(admin, userInfo.id)
-                                    & keyguardFeatures) != 0) {
-                            if (enforcedAdmin == null) {
-                                enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
-                            } else {
-                                return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
-                            }
-                            // This same admins could have set policies both on the managed profile
-                            // and on the parent. So, if the admin has set the policy on the
-                            // managed profile here, we don't need to further check if that admin
-                            // has set policy on the parent admin.
-                            continue;
-                        }
-                    }
-                    if (userInfo.isManagedProfile()) {
-                        // If userInfo.id is a managed profile, we also need to look at
-                        // the policies set on the parent.
-                        DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
-                        if ((parentDpm.getKeyguardDisabledFeatures(admin, userInfo.id)
-                                & keyguardFeatures) != 0) {
-                            if (enforcedAdmin == null) {
-                                enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
-                            } else {
-                                return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
-                            }
-                        }
-                    }
-                }
-            }
+            return checkForLockSetting(context, userId, check);
         }
-        return enforcedAdmin;
     }
 
     public static EnforcedAdmin checkIfUninstallBlocked(Context context,
@@ -383,6 +349,11 @@ public class RestrictedLockUtils {
      *
      */
     public static EnforcedAdmin checkIfPasswordQualityIsSet(Context context, int userId) {
+        final LockSettingCheck check =
+                (DevicePolicyManager dpm, ComponentName admin, @UserIdInt int checkUser) ->
+                        dpm.getPasswordQuality(admin, checkUser)
+                                > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED;
+
         final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(
                 Context.DEVICE_POLICY_SERVICE);
         if (dpm == null) {
@@ -390,7 +361,6 @@ public class RestrictedLockUtils {
         }
 
         LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
-        EnforcedAdmin enforcedAdmin = null;
         if (lockPatternUtils.isSeparateProfileChallengeEnabled(userId)) {
             // userId is managed profile and has a separate challenge, only consider
             // the admins in that user.
@@ -398,9 +368,9 @@ public class RestrictedLockUtils {
             if (admins == null) {
                 return null;
             }
+            EnforcedAdmin enforcedAdmin = null;
             for (ComponentName admin : admins) {
-                if (dpm.getPasswordQuality(admin, userId)
-                        > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
+                if (check.isEnforcing(dpm, admin, userId)) {
                     if (enforcedAdmin == null) {
                         enforcedAdmin = new EnforcedAdmin(admin, userId);
                     } else {
@@ -408,50 +378,10 @@ public class RestrictedLockUtils {
                     }
                 }
             }
+            return enforcedAdmin;
         } else {
-            // Return all admins for this user and the profiles that are visible from this
-            // user that do not use a separate work challenge.
-            final UserManager um = (UserManager) context.getSystemService(Context.USER_SERVICE);
-            for (UserInfo userInfo : um.getProfiles(userId)) {
-                final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
-                if (admins == null) {
-                    continue;
-                }
-                final boolean isSeparateProfileChallengeEnabled =
-                        lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
-                for (ComponentName admin : admins) {
-                    if (!isSeparateProfileChallengeEnabled) {
-                        if (dpm.getPasswordQuality(admin, userInfo.id)
-                                > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
-                            if (enforcedAdmin == null) {
-                                enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
-                            } else {
-                                return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
-                            }
-                            // This same admins could have set policies both on the managed profile
-                            // and on the parent. So, if the admin has set the policy on the
-                            // managed profile here, we don't need to further check if that admin
-                            // has set policy on the parent admin.
-                            continue;
-                        }
-                    }
-                    if (userInfo.isManagedProfile()) {
-                        // If userInfo.id is a managed profile, we also need to look at
-                        // the policies set on the parent.
-                        DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
-                        if (parentDpm.getPasswordQuality(admin, userInfo.id)
-                                > DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) {
-                            if (enforcedAdmin == null) {
-                                enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
-                            } else {
-                                return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
-                            }
-                        }
-                    }
-                }
-            }
+            return checkForLockSetting(context, userId, check);
         }
-        return enforcedAdmin;
     }
 
     /**
@@ -512,6 +442,65 @@ public class RestrictedLockUtils {
         return enforcedAdmin;
     }
 
+    private interface LockSettingCheck {
+        boolean isEnforcing(DevicePolicyManager dpm, ComponentName admin, @UserIdInt int userId);
+    }
+
+    /**
+     * Checks whether any of the user's profiles enforce the lock setting. A managed profile is only
+     * included if it does not have a separate challenege but the settings for it's parent (i.e. the
+     * user being checked) are always included.
+     */
+    private static EnforcedAdmin checkForLockSetting(
+            Context context, @UserIdInt int userId, LockSettingCheck check) {
+        final DevicePolicyManager dpm = (DevicePolicyManager) context.getSystemService(
+                Context.DEVICE_POLICY_SERVICE);
+        if (dpm == null) {
+            return null;
+        }
+        final LockPatternUtils lockPatternUtils = new LockPatternUtils(context);
+        EnforcedAdmin enforcedAdmin = null;
+        // Return all admins for this user and the profiles that are visible from this
+        // user that do not use a separate work challenge.
+        for (UserInfo userInfo : UserManager.get(context).getProfiles(userId)) {
+            final List<ComponentName> admins = dpm.getActiveAdminsAsUser(userInfo.id);
+            if (admins == null) {
+                continue;
+            }
+            final boolean isSeparateProfileChallengeEnabled =
+                    lockPatternUtils.isSeparateProfileChallengeEnabled(userInfo.id);
+            for (ComponentName admin : admins) {
+                if (!isSeparateProfileChallengeEnabled) {
+                    if (check.isEnforcing(dpm, admin, userInfo.id)) {
+                        if (enforcedAdmin == null) {
+                            enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
+                        } else {
+                            return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
+                        }
+                        // This same admins could have set policies both on the managed profile
+                        // and on the parent. So, if the admin has set the policy on the
+                        // managed profile here, we don't need to further check if that admin
+                        // has set policy on the parent admin.
+                        continue;
+                    }
+                }
+                if (userInfo.isManagedProfile()) {
+                    // If userInfo.id is a managed profile, we also need to look at
+                    // the policies set on the parent.
+                    final DevicePolicyManager parentDpm = dpm.getParentProfileInstance(userInfo);
+                    if (check.isEnforcing(parentDpm, admin, userInfo.id)) {
+                        if (enforcedAdmin == null) {
+                            enforcedAdmin = new EnforcedAdmin(admin, userInfo.id);
+                        } else {
+                            return EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN;
+                        }
+                    }
+                }
+            }
+        }
+        return enforcedAdmin;
+    }
+
     public static EnforcedAdmin getProfileOrDeviceOwner(Context context, int userId) {
         if (userId == UserHandle.USER_NULL) {
             return null;
diff --git a/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java
new file mode 100644
index 000000000000..025bbc2ffd92
--- /dev/null
+++ b/packages/SettingsLib/tests/robotests/src/com/android/settingslib/RestrictedLockUtilsTest.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.settingslib;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.os.UserManager;
+
+import com.android.internal.util.ArrayUtils;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+import org.robolectric.RobolectricTestRunner;
+import org.robolectric.annotation.Config;
+
+import java.util.Arrays;
+
+import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT;
+import static android.app.admin.DevicePolicyManager.KEYGUARD_DISABLE_REMOTE_INPUT;
+import static com.android.settingslib.RestrictedLockUtils.EnforcedAdmin;
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Matchers.eq;
+import static org.mockito.Mockito.when;
+
+@RunWith(RobolectricTestRunner.class)
+@Config(manifest = TestConfig.MANIFEST_PATH, sdk = TestConfig.SDK_VERSION)
+public class RestrictedLockUtilsTest {
+
+    @Mock
+    private Context mContext;
+    @Mock
+    private DevicePolicyManager mDevicePolicyManager;
+    @Mock
+    private UserManager mUserManager;
+
+    private static final int mUserId = 194;
+    private static final ComponentName mAdmin1 = new ComponentName("admin1", "admin1class");
+    private static final ComponentName mAdmin2 = new ComponentName("admin2", "admin2class");
+
+    @Before
+    public void setUp() {
+        MockitoAnnotations.initMocks(this);
+
+        when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE))
+                .thenReturn(mDevicePolicyManager);
+        when(mContext.getSystemService(Context.USER_SERVICE))
+                .thenReturn(mUserManager);
+    }
+
+    @Test
+    public void checkIfKeyguardFeaturesDisabled_noEnforcedAdminForManagedProfile() {
+        setUpManagedProfile(mUserId);
+        setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2});
+
+        final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled(
+                mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId);
+
+        assertThat(enforcedAdmin).isEqualTo(null);
+    }
+
+    @Test
+    public void checkIfKeyguardFeaturesDisabled_oneEnforcedAdminForManagedProfile() {
+        setUpManagedProfile(mUserId);
+        setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2});
+
+        when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId))
+                .thenReturn(KEYGUARD_DISABLE_FINGERPRINT);
+
+        final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled(
+                mContext, KEYGUARD_DISABLE_FINGERPRINT, mUserId);
+
+        assertThat(enforcedAdmin).isEqualTo(new EnforcedAdmin(mAdmin1, mUserId));
+    }
+
+    @Test
+    public void checkIfKeyguardFeaturesDisabled_multipleEnforcedAdminForManagedProfile() {
+        setUpManagedProfile(mUserId);
+        setUpActiveAdmins(mUserId, new ComponentName[] {mAdmin1, mAdmin2});
+
+        when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin1, mUserId))
+                .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT);
+        when(mDevicePolicyManager.getKeyguardDisabledFeatures(mAdmin2, mUserId))
+                .thenReturn(KEYGUARD_DISABLE_REMOTE_INPUT);
+
+        final EnforcedAdmin enforcedAdmin = RestrictedLockUtils.checkIfKeyguardFeaturesDisabled(
+                mContext, KEYGUARD_DISABLE_REMOTE_INPUT, mUserId);
+
+        assertThat(enforcedAdmin).isEqualTo(EnforcedAdmin.MULTIPLE_ENFORCED_ADMIN);
+    }
+
+    private UserInfo setUpManagedProfile(int userId) {
+        final UserInfo userInfo = new UserInfo(userId, "myuser", UserInfo.FLAG_MANAGED_PROFILE);
+        when(mUserManager.getUserInfo(userId)).thenReturn(userInfo);
+        return userInfo;
+    }
+
+    private void setUpActiveAdmins(int userId, ComponentName[] activeAdmins) {
+        when(mDevicePolicyManager.getActiveAdminsAsUser(userId))
+                .thenReturn(Arrays.asList(activeAdmins));
+    }
+}