diff --git a/src/com/android/settings/Utils.java b/src/com/android/settings/Utils.java index a06efb73529..7089736ab30 100644 --- a/src/com/android/settings/Utils.java +++ b/src/com/android/settings/Utils.java @@ -98,6 +98,7 @@ import androidx.annotation.ColorInt; import androidx.annotation.NonNull; import androidx.annotation.Nullable; import androidx.annotation.StringRes; +import androidx.annotation.VisibleForTesting; import androidx.core.graphics.drawable.IconCompat; import androidx.core.graphics.drawable.RoundedBitmapDrawable; import androidx.core.graphics.drawable.RoundedBitmapDrawableFactory; @@ -704,23 +705,26 @@ public final class Utils extends com.android.settingslib.Utils { && bundle.getBoolean(ChooseLockSettingsHelper.EXTRA_KEY_ALLOW_ANY_USER, false); final int userId = bundle.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId()); if (userId == LockPatternUtils.USER_FRP) { - return allowAnyUser ? userId : enforceSystemUser(context, userId); + return allowAnyUser ? userId : checkUserOwnsFrpCredential(context, userId); } else { return allowAnyUser ? userId : enforceSameOwner(context, userId); } } /** - * Returns the given user id if the current user is the system user. + * Returns the given user id if the current user owns frp credential. * - * @throws SecurityException if the current user is not the system user. + * @throws SecurityException if the current user do not own the frp credential. */ - public static int enforceSystemUser(Context context, int userId) { - if (UserHandle.myUserId() == UserHandle.USER_SYSTEM) { + @VisibleForTesting + static int checkUserOwnsFrpCredential(Context context, int userId) { + final UserManager um = context.getSystemService(UserManager.class); + if (LockPatternUtils.userOwnsFrpCredential(context, + um.getUserInfo(UserHandle.myUserId()))) { return userId; } - throw new SecurityException("Given user id " + userId + " must only be used from " - + "USER_SYSTEM, but current user is " + UserHandle.myUserId()); + throw new SecurityException("Current user id " + UserHandle.myUserId() + + " does not own frp credential."); } /** diff --git a/tests/robotests/src/com/android/settings/UtilsTest.java b/tests/robotests/src/com/android/settings/UtilsTest.java index 0ef1f3aa18a..7303b74772a 100644 --- a/tests/robotests/src/com/android/settings/UtilsTest.java +++ b/tests/robotests/src/com/android/settings/UtilsTest.java @@ -18,6 +18,7 @@ package com.android.settings; import static com.google.common.truth.Truth.assertThat; +import static org.junit.Assert.assertThrows; import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.eq; @@ -59,6 +60,9 @@ import android.widget.TextView; import androidx.core.graphics.drawable.IconCompat; import androidx.fragment.app.FragmentActivity; +import com.android.settings.testutils.shadow.ShadowLockPatternUtils; + +import org.junit.After; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -67,6 +71,7 @@ import org.mockito.MockitoAnnotations; import org.robolectric.Robolectric; import org.robolectric.RobolectricTestRunner; import org.robolectric.RuntimeEnvironment; +import org.robolectric.annotation.Config; import org.robolectric.shadows.ShadowBinder; import java.net.InetAddress; @@ -74,6 +79,7 @@ import java.util.ArrayList; import java.util.List; @RunWith(RobolectricTestRunner.class) +@Config(shadows = ShadowLockPatternUtils.class) public class UtilsTest { private static final String PACKAGE_NAME = "com.android.app"; @@ -88,7 +94,7 @@ public class UtilsTest { @Mock private DevicePolicyManager mDevicePolicyManager; @Mock - private UserManager mUserManager; + private UserManager mMockUserManager; @Mock private PackageManager mPackageManager; @Mock @@ -96,18 +102,27 @@ public class UtilsTest { @Mock private ApplicationInfo mApplicationInfo; private Context mContext; + private UserManager mUserManager; + private static final int FLAG_SYSTEM = 0x00000000; + private static final int FLAG_MAIN = 0x00004000; @Before public void setUp() { MockitoAnnotations.initMocks(this); mContext = spy(RuntimeEnvironment.application); + mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE); when(mContext.getSystemService(WifiManager.class)).thenReturn(wifiManager); when(mContext.getSystemService(Context.CONNECTIVITY_SERVICE)) .thenReturn(connectivityManager); when(mContext.getPackageManager()).thenReturn(mPackageManager); } + @After + public void tearDown() { + ShadowLockPatternUtils.reset(); + } + @Test public void getWifiIpAddresses_succeeds() throws Exception { when(wifiManager.getCurrentNetwork()).thenReturn(network); @@ -173,8 +188,9 @@ public class UtilsTest { public void isProfileOrDeviceOwner_deviceOwnerApp_returnTrue() { when(mDevicePolicyManager.isDeviceOwnerAppOnAnyUser(PACKAGE_NAME)).thenReturn(true); - assertThat(Utils.isProfileOrDeviceOwner(mUserManager, mDevicePolicyManager, PACKAGE_NAME)) - .isTrue(); + assertThat( + Utils.isProfileOrDeviceOwner(mMockUserManager, mDevicePolicyManager, PACKAGE_NAME)) + .isTrue(); } @Test @@ -182,12 +198,13 @@ public class UtilsTest { final List userInfos = new ArrayList<>(); userInfos.add(new UserInfo()); - when(mUserManager.getUsers()).thenReturn(userInfos); + when(mMockUserManager.getUsers()).thenReturn(userInfos); when(mDevicePolicyManager.getProfileOwnerAsUser(userInfos.get(0).id)) .thenReturn(new ComponentName(PACKAGE_NAME, "")); - assertThat(Utils.isProfileOrDeviceOwner(mUserManager, mDevicePolicyManager, PACKAGE_NAME)) - .isTrue(); + assertThat( + Utils.isProfileOrDeviceOwner(mMockUserManager, mDevicePolicyManager, PACKAGE_NAME)) + .isTrue(); } @Test @@ -339,4 +356,20 @@ public class UtilsTest { assertThat(Utils.canCurrentUserDream(mockContext)).isFalse(); } + + @Test + public void checkUserOwnsFrpCredential_userOwnsFrpCredential_returnUserId() { + ShadowLockPatternUtils.setUserOwnsFrpCredential(true); + + assertThat(Utils.checkUserOwnsFrpCredential(mContext, 123)).isEqualTo(123); + } + + @Test + public void checkUserOwnsFrpCredential_userNotOwnsFrpCredential_returnUserId() { + ShadowLockPatternUtils.setUserOwnsFrpCredential(false); + + assertThrows( + SecurityException.class, + () -> Utils.checkUserOwnsFrpCredential(mContext, 123)); + } } diff --git a/tests/robotests/src/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java b/tests/robotests/src/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java index 74e39715062..157c2187673 100644 --- a/tests/robotests/src/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java +++ b/tests/robotests/src/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java @@ -19,6 +19,8 @@ package com.android.settings.testutils.shadow; import android.app.admin.DevicePolicyManager; import android.app.admin.PasswordMetrics; import android.content.ComponentName; +import android.content.Context; +import android.content.pm.UserInfo; import android.os.UserHandle; import com.android.internal.widget.LockPatternUtils; @@ -42,6 +44,8 @@ public class ShadowLockPatternUtils { private static Map sUserToProfileMetricsMap = new HashMap<>(); private static Map sUserToIsSecureMap = new HashMap<>(); + private static boolean sIsUserOwnsFrpCredential; + @Resetter public static void reset() { sUserToComplexityMap.clear(); @@ -50,6 +54,7 @@ public class ShadowLockPatternUtils { sUserToProfileMetricsMap.clear(); sUserToIsSecureMap.clear(); sDeviceEncryptionEnabled = false; + sIsUserOwnsFrpCredential = false; } @Implementation @@ -122,6 +127,15 @@ public class ShadowLockPatternUtils { return complexity; } + @Implementation + public static boolean userOwnsFrpCredential(Context context, UserInfo info) { + return sIsUserOwnsFrpCredential; + } + + public static void setUserOwnsFrpCredential(boolean isUserOwnsFrpCredential) { + sIsUserOwnsFrpCredential = isUserOwnsFrpCredential; + } + public static void setRequiredPasswordComplexity(int userHandle, int complexity) { sUserToComplexityMap.put(userHandle, complexity); }