Add multiuser tests for profilegroup exclusivity

Add multiuser tests for rolemanager get/setActiveUserForRole API LOW_COVERAGE_REASON=TEST_ONLY Relnote: N/A Flag: com.android.permission.flags.cross_user_role_enabled Test: atest RoleManagerMultiUserTest Bug: 378965769 Change-Id: I0fefdc6388fbed0c7bc57bb23621e06f0266623b
author: Richard MacGregor <rmacgregor@google.com> 2024-11-14 15:04:18 -0800
committer: Richard MacGregor <rmacgregor@google.com> 2024-11-21 21:21:00 +0000
commit: 5d56352edd1d4ff80bcffda3c0dc42488a7633da (patch)
tree: 033d21d3c029f7b1bb40ca481fba61828d79511e
parent: 44285ae6089a9b8d554dc9cfffc65dc8fff9abe4 (diff)
5 files changed, 366 insertions, 0 deletions
diff --git a/tests/cts/rolemultiuser/Android.bp b/tests/cts/rolemultiuser/Android.bp
new file mode 100644
index 000000000..13fbf28ff
--- /dev/null
+++ b/tests/cts/rolemultiuser/Android.bp
@@ -0,0 +1,47 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test {
+    name: "CtsRoleMultiUserTestCases",
+    defaults: ["mts-target-sdk-version-current"],
+    sdk_version: "test_current",
+    min_sdk_version: "30",
+
+    srcs: [
+        "src/**/*.java",
+        "src/**/*.kt",
+    ],
+
+    static_libs: [
+        "bedstead-flags",
+        "bedstead-multiuser",
+        "com.android.permission.flags-aconfig-java-export",
+        "ctstestrunner-axt",
+        "Harrier",
+        "flag-junit",
+        "Nene",
+        "truth",
+    ],
+
+    test_suites: [
+        "cts",
+        "general-tests",
+        "mts-permission",
+        "mcts-permission",
+    ],
+}
diff --git a/tests/cts/rolemultiuser/AndroidManifest.xml b/tests/cts/rolemultiuser/AndroidManifest.xml
new file mode 100644
index 000000000..1524c5703
--- /dev/null
+++ b/tests/cts/rolemultiuser/AndroidManifest.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<manifest
+    xmlns:android="http://schemas.android.com/apk/res/android"
+    package="android.app.rolemultiuser.cts">
+
+    <application>
+        <uses-library android:name="android.test.runner" />
+    </application>
+
+    <instrumentation
+        android:name="androidx.test.runner.AndroidJUnitRunner"
+        android:targetPackage="android.app.rolemultiuser.cts"
+        android:label="CTS multi-user tests of android.app.role">
+    </instrumentation>
+</manifest>
diff --git a/tests/cts/rolemultiuser/AndroidTest.xml b/tests/cts/rolemultiuser/AndroidTest.xml
new file mode 100644
index 000000000..00f4c0993
--- /dev/null
+++ b/tests/cts/rolemultiuser/AndroidTest.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+  ~ Copyright (C) 2024 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<configuration description="Config for CTS role multi-user test cases">
+
+    <option name="test-suite-tag" value="cts" />
+    <option name="config-descriptor:metadata" key="component" value="permissions" />
+    <option name="config-descriptor:metadata" key="parameter" value="all_foldable_states" />
+    <option name="config-descriptor:metadata" key="parameter" value="not_instant_app" />
+    <option name="config-descriptor:metadata" key="parameter" value="not_multi_abi" />
+    <option name="config-descriptor:metadata" key="parameter" value="multiuser" />
+    <option name="config-descriptor:metadata" key="parameter" value="secondary_user" />
+    <option name="config-descriptor:metadata" key="parameter" value="run_on_sdk_sandbox" />
+    <option name="config-descriptor:metadata" key="mainline-param" value="com.google.android.permission.apex" />
+    <object type="module_controller" class="com.android.tradefed.testtype.suite.module.Sdk30ModuleController" />
+
+    <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+        <option name="cleanup-apks" value="true" />
+        <option name="test-file-name" value="CtsRoleMultiUserTestCases.apk" />
+    </target_preparer>
+
+    <target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
+        <option name="run-command" value="mkdir -p /data/local/tmp/cts-role" />
+        <option name="teardown-command" value="rm -rf /data/local/tmp/cts-role"/>
+    </target_preparer>
+
+    <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
+        <option name="package" value="android.app.rolemultiuser.cts" />
+        <option name="exclude-annotation" value="com.android.bedstead.enterprise.annotations.RequireRunOnWorkProfile" />
+        <option name="exclude-annotation" value="com.android.bedstead.multiuser.annotations.RequireRunOnSecondaryUser" />
+        <option name="runtime-hint" value="5m" />
+    </test>
+</configuration>
diff --git a/tests/cts/rolemultiuser/TEST_MAPPING b/tests/cts/rolemultiuser/TEST_MAPPING
new file mode 100644
index 000000000..323e3094c
--- /dev/null
+++ b/tests/cts/rolemultiuser/TEST_MAPPING
@@ -0,0 +1,12 @@
+{
+    "postsubmit": [
+        {
+            "name": "CtsRoleMultiUserTestCases"
+        }
+    ],
+    "mainline-postsubmit": [
+        {
+            "name": "CtsRoleMultiUserTestCases[com.google.android.permission.apex]"
+        }
+    ]
+}
diff --git a/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt b/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt
new file mode 100644
index 000000000..d1bf5284c
--- /dev/null
+++ b/tests/cts/rolemultiuser/src/android/app/rolemultiuser/cts/RoleManagerMultiUserTest.kt
@@ -0,0 +1,227 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.app.rolemultiuser.cts
+
+import android.app.role.RoleManager
+import android.content.Context
+import android.os.Build
+import android.os.Process
+import androidx.test.filters.SdkSuppress
+import com.android.bedstead.enterprise.annotations.EnsureHasWorkProfile
+import com.android.bedstead.enterprise.workProfile
+import com.android.bedstead.flags.annotations.RequireFlagsEnabled
+import com.android.bedstead.harrier.BedsteadJUnit4
+import com.android.bedstead.harrier.DeviceState
+import com.android.bedstead.multiuser.annotations.EnsureHasAdditionalUser
+import com.android.bedstead.multiuser.annotations.EnsureHasPrivateProfile
+import com.android.bedstead.multiuser.annotations.EnsureHasSecondaryUser
+import com.android.bedstead.multiuser.annotations.RequireRunNotOnSecondaryUser
+import com.android.bedstead.multiuser.privateProfile
+import com.android.bedstead.multiuser.secondaryUser
+import com.android.bedstead.nene.TestApis.context
+import com.android.bedstead.nene.TestApis.users
+import com.android.bedstead.nene.types.OptionalBoolean
+import com.android.bedstead.permissions.CommonPermissions.INTERACT_ACROSS_USERS_FULL
+import com.android.bedstead.permissions.CommonPermissions.MANAGE_DEFAULT_APPLICATIONS
+import com.android.bedstead.permissions.CommonPermissions.MANAGE_ROLE_HOLDERS
+import com.android.bedstead.permissions.annotations.EnsureDoesNotHavePermission
+import com.android.bedstead.permissions.annotations.EnsureHasPermission
+import com.google.common.truth.Truth.assertThat
+import org.junit.Assert.assertThrows
+import org.junit.Assume.assumeFalse
+import org.junit.ClassRule
+import org.junit.Rule
+import org.junit.Test
+import org.junit.runner.RunWith
+
+@SdkSuppress(minSdkVersion = Build.VERSION_CODES.VANILLA_ICE_CREAM)
+@RunWith(BedsteadJUnit4::class)
+class RoleManagerMultiUserTest {
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @Test
+    @Throws(Exception::class)
+    fun cannotGetActiveUserForNonCrossUserRole() {
+        assertThrows(IllegalArgumentException::class.java) {
+            roleManager.getActiveUserForRole(RoleManager.ROLE_SYSTEM_ACTIVITY_RECOGNIZER)
+        }
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(MANAGE_ROLE_HOLDERS)
+    @EnsureDoesNotHavePermission(INTERACT_ACROSS_USERS_FULL)
+    @Test
+    @Throws(Exception::class)
+    fun cannotGetActiveUserForRoleWithoutInteractAcrossUserPermission() {
+        assertThrows(SecurityException::class.java) {
+            roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)
+        }
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL)
+    @EnsureDoesNotHavePermission(MANAGE_ROLE_HOLDERS, MANAGE_DEFAULT_APPLICATIONS)
+    @Test
+    @Throws(Exception::class)
+    fun cannotGetActiveUserForRoleWithoutManageRoleAndManageDefaultApplicationsPermission() {
+        assertThrows(SecurityException::class.java) {
+            roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME)
+        }
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @Test
+    @Throws(Exception::class)
+    fun cannotSetActiveUserForNonCrossUserRole() {
+        assertThrows(IllegalArgumentException::class.java) {
+            roleManager.setActiveUserForRole(
+                RoleManager.ROLE_SYSTEM_ACTIVITY_RECOGNIZER,
+                Process.myUserHandle(),
+                0,
+            )
+        }
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(MANAGE_ROLE_HOLDERS)
+    @EnsureDoesNotHavePermission(INTERACT_ACROSS_USERS_FULL)
+    @Test
+    @Throws(Exception::class)
+    fun cannotSetActiveUserForRoleWithoutInteractAcrossUserPermission() {
+        assertThrows(SecurityException::class.java) {
+            roleManager.setActiveUserForRole(
+                PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME,
+                Process.myUserHandle(),
+                0,
+            )
+        }
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL)
+    @EnsureDoesNotHavePermission(MANAGE_ROLE_HOLDERS, MANAGE_DEFAULT_APPLICATIONS)
+    @Test
+    @Throws(Exception::class)
+    fun cannotSetActiveUserForRoleWithoutManageRoleAndManageDefaultApplicationsPermission() {
+        assertThrows(SecurityException::class.java) {
+            roleManager.setActiveUserForRole(
+                PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME,
+                Process.myUserHandle(),
+                0,
+            )
+        }
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @Test
+    @Throws(Exception::class)
+    fun cannotSetActiveUserForRoleToNonExistentUser() {
+        val targetActiveUser = users().nonExisting().userHandle()
+        roleManager.setActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME, targetActiveUser, 0)
+
+        assertThat(roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME))
+            .isNotEqualTo(targetActiveUser)
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @EnsureHasPrivateProfile(installInstrumentedApp = OptionalBoolean.TRUE)
+    @Test
+    @Throws(Exception::class)
+    fun cannotSetActiveUserForRoleToPrivateProfileUser() {
+        val targetActiveUser = deviceState.privateProfile().userHandle()
+        roleManager.setActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME, targetActiveUser, 0)
+
+        assertThat(roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME))
+            .isNotEqualTo(targetActiveUser)
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @EnsureHasAdditionalUser(installInstrumentedApp = OptionalBoolean.TRUE)
+    @EnsureHasSecondaryUser
+    @RequireRunNotOnSecondaryUser
+    @Test
+    @Throws(Exception::class)
+    fun cannotSetActiveUserForRoleToUserNotInProfileGroup() {
+        val targetActiveUser = deviceState.secondaryUser().userHandle()
+        roleManager.setActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME, targetActiveUser, 0)
+
+        assertThat(roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME))
+            .isNotEqualTo(targetActiveUser)
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @EnsureDoesNotHavePermission(MANAGE_DEFAULT_APPLICATIONS)
+    @EnsureHasWorkProfile(installInstrumentedApp = OptionalBoolean.TRUE)
+    @Test
+    @Throws(Exception::class)
+    fun setAndGetActiveUserForRoleSetCurrentUserWithManageRoleHoldersPermission() {
+        assumeFalse(
+            "setActiveUser not supported for private profile",
+            users().current().type().name() == PRIVATE_PROFILE_TYPE_NAME,
+        )
+
+        val targetActiveUser = users().current().userHandle()
+        roleManager.setActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME, targetActiveUser, 0)
+        assertThat(roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME))
+            .isEqualTo(targetActiveUser)
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_DEFAULT_APPLICATIONS)
+    @EnsureDoesNotHavePermission(MANAGE_ROLE_HOLDERS)
+    @EnsureHasWorkProfile(installInstrumentedApp = OptionalBoolean.TRUE)
+    @Test
+    @Throws(Exception::class)
+    fun setAndGetActiveUserForRoleSetCurrentUserWithManageDefaultApplicationPermission() {
+        assumeFalse(
+            "setActiveUser not supported for private profile",
+            users().current().type().name() == PRIVATE_PROFILE_TYPE_NAME,
+        )
+
+        val targetActiveUser = users().current().userHandle()
+        roleManager.setActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME, targetActiveUser, 0)
+        assertThat(roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME))
+            .isEqualTo(targetActiveUser)
+    }
+
+    @RequireFlagsEnabled(com.android.permission.flags.Flags.FLAG_CROSS_USER_ROLE_ENABLED)
+    @EnsureHasPermission(INTERACT_ACROSS_USERS_FULL, MANAGE_ROLE_HOLDERS)
+    @EnsureHasWorkProfile(installInstrumentedApp = OptionalBoolean.TRUE)
+    @Test
+    @Throws(Exception::class)
+    fun setAndGetActiveUserForRoleSetWorkProfile() {
+        val targetActiveUser = deviceState.workProfile().userHandle()
+        roleManager.setActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME, targetActiveUser, 0)
+
+        assertThat(roleManager.getActiveUserForRole(PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME))
+            .isEqualTo(targetActiveUser)
+    }
+
+    companion object {
+        private const val PROFILE_GROUP_EXCLUSIVITY_ROLE_NAME =
+            RoleManager.ROLE_RESERVED_FOR_TESTING_PROFILE_GROUP_EXCLUSIVITY
+        private const val PRIVATE_PROFILE_TYPE_NAME = "android.os.usertype.profile.PRIVATE"
+        private val context: Context = context().instrumentedContext()
+        private val roleManager: RoleManager = context.getSystemService(RoleManager::class.java)
+
+        @JvmField @ClassRule @Rule val deviceState = DeviceState()
+    }
+}
author	Richard MacGregor <rmacgregor@google.com>	2024-11-14 15:04:18 -0800
committer	Richard MacGregor <rmacgregor@google.com>	2024-11-21 21:21:00 +0000
commit	5d56352edd1d4ff80bcffda3c0dc42488a7633da (patch)
tree	033d21d3c029f7b1bb40ca481fba61828d79511e
parent	44285ae6089a9b8d554dc9cfffc65dc8fff9abe4 (diff)