PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Check current user owns a frp credential"

Browse Source
This commit is contained in:
TreeHugger Robot
2023-02-08 07:13:12 +00:00
committed by Android (Google) Code Review
parent c98030bc2f 4175f40fca
commit cb099dfc5e
3 changed files with 64 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/com/android/settings/Utils.java
View File

@@ -98,6 +98,7 @@ import androidx.annotation.ColorInt;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.StringRes;
import androidx.annotation.VisibleForTesting;
import androidx.core.graphics.drawable.IconCompat;
import androidx.core.graphics.drawable.RoundedBitmapDrawable;
import androidx.core.graphics.drawable.RoundedBitmapDrawableFactory;
@@ -704,23 +705,26 @@ public final class Utils extends com.android.settingslib.Utils {
&& bundle.getBoolean(ChooseLockSettingsHelper.EXTRA_KEY_ALLOW_ANY_USER, false);
final int userId = bundle.getInt(Intent.EXTRA_USER_ID, UserHandle.myUserId());
if (userId == LockPatternUtils.USER_FRP) {
return allowAnyUser ? userId : enforceSystemUser(context, userId);
return allowAnyUser ? userId : checkUserOwnsFrpCredential(context, userId);
} else {
return allowAnyUser ? userId : enforceSameOwner(context, userId);
}
}
/**
* Returns the given user id if the current user is the system user.
* Returns the given user id if the current user owns frp credential.
*
* @throws SecurityException if the current user is not the system user.
* @throws SecurityException if the current user do not own the frp credential.
*/
public static int enforceSystemUser(Context context, int userId) {
if (UserHandle.myUserId() == UserHandle.USER_SYSTEM) {
@VisibleForTesting
static int checkUserOwnsFrpCredential(Context context, int userId) {
final UserManager um = context.getSystemService(UserManager.class);
if (LockPatternUtils.userOwnsFrpCredential(context,
um.getUserInfo(UserHandle.myUserId()))) {
return userId;
}
throw new SecurityException("Given user id " + userId + " must only be used from "
+ "USER_SYSTEM, but current user is " + UserHandle.myUserId());
throw new SecurityException("Current user id " + UserHandle.myUserId()
+ " does not own frp credential.");
}
/**

41
tests/robotests/src/com/android/settings/UtilsTest.java
View File

@@ -18,6 +18,7 @@ package com.android.settings;
import static com.google.common.truth.Truth.assertThat;
import static org.junit.Assert.assertThrows;
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
@@ -59,6 +60,9 @@ import android.widget.TextView;
import androidx.core.graphics.drawable.IconCompat;
import androidx.fragment.app.FragmentActivity;
import com.android.settings.testutils.shadow.ShadowLockPatternUtils;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -67,6 +71,7 @@ import org.mockito.MockitoAnnotations;
import org.robolectric.Robolectric;
import org.robolectric.RobolectricTestRunner;
import org.robolectric.RuntimeEnvironment;
import org.robolectric.annotation.Config;
import org.robolectric.shadows.ShadowBinder;
import java.net.InetAddress;
@@ -74,6 +79,7 @@ import java.util.ArrayList;
import java.util.List;
@RunWith(RobolectricTestRunner.class)
@Config(shadows = ShadowLockPatternUtils.class)
public class UtilsTest {
private static final String PACKAGE_NAME = "com.android.app";
@@ -88,7 +94,7 @@ public class UtilsTest {
@Mock
private DevicePolicyManager mDevicePolicyManager;
@Mock
private UserManager mUserManager;
private UserManager mMockUserManager;
@Mock
private PackageManager mPackageManager;
@Mock
@@ -96,18 +102,27 @@ public class UtilsTest {
@Mock
private ApplicationInfo mApplicationInfo;
private Context mContext;
private UserManager mUserManager;
private static final int FLAG_SYSTEM = 0x00000000;
private static final int FLAG_MAIN = 0x00004000;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
mContext = spy(RuntimeEnvironment.application);
mUserManager = (UserManager) mContext.getSystemService(Context.USER_SERVICE);
when(mContext.getSystemService(WifiManager.class)).thenReturn(wifiManager);
when(mContext.getSystemService(Context.CONNECTIVITY_SERVICE))
.thenReturn(connectivityManager);
when(mContext.getPackageManager()).thenReturn(mPackageManager);
}
@After
public void tearDown() {
ShadowLockPatternUtils.reset();
}
@Test
public void getWifiIpAddresses_succeeds() throws Exception {
when(wifiManager.getCurrentNetwork()).thenReturn(network);
@@ -173,7 +188,8 @@ public class UtilsTest {
public void isProfileOrDeviceOwner_deviceOwnerApp_returnTrue() {
when(mDevicePolicyManager.isDeviceOwnerAppOnAnyUser(PACKAGE_NAME)).thenReturn(true);
assertThat(Utils.isProfileOrDeviceOwner(mUserManager, mDevicePolicyManager, PACKAGE_NAME))
assertThat(
Utils.isProfileOrDeviceOwner(mMockUserManager, mDevicePolicyManager, PACKAGE_NAME))
.isTrue();
}
@@ -182,11 +198,12 @@ public class UtilsTest {
final List<UserInfo> userInfos = new ArrayList<>();
userInfos.add(new UserInfo());
when(mUserManager.getUsers()).thenReturn(userInfos);
when(mMockUserManager.getUsers()).thenReturn(userInfos);
when(mDevicePolicyManager.getProfileOwnerAsUser(userInfos.get(0).id))
.thenReturn(new ComponentName(PACKAGE_NAME, ""));
assertThat(Utils.isProfileOrDeviceOwner(mUserManager, mDevicePolicyManager, PACKAGE_NAME))
assertThat(
Utils.isProfileOrDeviceOwner(mMockUserManager, mDevicePolicyManager, PACKAGE_NAME))
.isTrue();
}
@@ -339,4 +356,20 @@ public class UtilsTest {
assertThat(Utils.canCurrentUserDream(mockContext)).isFalse();
}
@Test
public void checkUserOwnsFrpCredential_userOwnsFrpCredential_returnUserId() {
ShadowLockPatternUtils.setUserOwnsFrpCredential(true);
assertThat(Utils.checkUserOwnsFrpCredential(mContext, 123)).isEqualTo(123);
}
@Test
public void checkUserOwnsFrpCredential_userNotOwnsFrpCredential_returnUserId() {
ShadowLockPatternUtils.setUserOwnsFrpCredential(false);
assertThrows(
SecurityException.class,
() -> Utils.checkUserOwnsFrpCredential(mContext, 123));
}
}

14
tests/robotests/src/com/android/settings/testutils/shadow/ShadowLockPatternUtils.java
View File

@@ -19,6 +19,8 @@ package com.android.settings.testutils.shadow;
import android.app.admin.DevicePolicyManager;
import android.app.admin.PasswordMetrics;
import android.content.ComponentName;
import android.content.Context;
import android.content.pm.UserInfo;
import android.os.UserHandle;
import com.android.internal.widget.LockPatternUtils;
@@ -42,6 +44,8 @@ public class ShadowLockPatternUtils {
private static Map<Integer, PasswordMetrics> sUserToProfileMetricsMap = new HashMap<>();
private static Map<Integer, Boolean> sUserToIsSecureMap = new HashMap<>();
private static boolean sIsUserOwnsFrpCredential;
@Resetter
public static void reset() {
sUserToComplexityMap.clear();
@@ -50,6 +54,7 @@ public class ShadowLockPatternUtils {
sUserToProfileMetricsMap.clear();
sUserToIsSecureMap.clear();
sDeviceEncryptionEnabled = false;
sIsUserOwnsFrpCredential = false;
}
@Implementation
@@ -122,6 +127,15 @@ public class ShadowLockPatternUtils {
return complexity;
}
@Implementation
public static boolean userOwnsFrpCredential(Context context, UserInfo info) {
return sIsUserOwnsFrpCredential;
}
public static void setUserOwnsFrpCredential(boolean isUserOwnsFrpCredential) {
sIsUserOwnsFrpCredential = isUserOwnsFrpCredential;
}
public static void setRequiredPasswordComplexity(int userHandle, int complexity) {
sUserToComplexityMap.put(userHandle, complexity);
}