CTS for the new account check before installing PO/DO.
- Non-test-only PO/DO must not be installable when there are
accounts.
- Test-only PO/DO must be installable when there are only
"compatible" accounts, but not when there are "incompatible"
accounts.
Bug 28928996
Change-Id: I9cdc9d59e45500e454b4c5de01fb0626cf236488
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/Android.mk b/hostsidetests/devicepolicy/app/AccountCheck/Android.mk
new file mode 100644
index 0000000..41a41d0
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/Android.mk
@@ -0,0 +1,17 @@
+#
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include $(call all-subdir-makefiles)
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/Auth/Android.mk b/hostsidetests/devicepolicy/app/AccountCheck/Auth/Android.mk
new file mode 100644
index 0000000..207b875
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/Auth/Android.mk
@@ -0,0 +1,34 @@
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts
+
+LOCAL_PACKAGE_NAME := CtsAccountCheckAuthApp
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
+
+LOCAL_SRC_FILES := $(call all-java-files-under, src)
+
+LOCAL_STATIC_JAVA_LIBRARIES := android-support-v4 ctstestrunner ub-uiautomator android-support-test
+
+LOCAL_SDK_VERSION := current
+
+include $(BUILD_CTS_PACKAGE)
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/Auth/AndroidManifest.xml b/hostsidetests/devicepolicy/app/AccountCheck/Auth/AndroidManifest.xml
new file mode 100644
index 0000000..1f488e5
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/Auth/AndroidManifest.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.cts.devicepolicy.accountcheck.auth"
+ android:sharedUserId="com.android.cts.devicepolicy.accountcheck.uid">
+
+ <!-- GET_ACCOUNTS may stop working. Targeting at 25 may prevent it. -->
+ <uses-sdk android:minSdkVersion="25" android:targetSdkVersion="25" />
+
+ <uses-permission android:name="android.permission.GET_ACCOUNTS" />
+ <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
+ <uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
+
+ <application>
+ <service android:name="com.android.cts.devicepolicy.accountcheck.TestAuthenticator"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.accounts.AccountAuthenticator" />
+ </intent-filter>
+
+ <meta-data android:name="android.accounts.AccountAuthenticator"
+ android:resource="@xml/authenticator" />
+ </service>
+ </application>
+
+ <instrumentation
+ android:name="android.support.test.runner.AndroidJUnitRunner"
+ android:targetPackage="com.android.cts.devicepolicy.accountcheck.auth" />
+</manifest>
+
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/Auth/res/xml/authenticator.xml b/hostsidetests/devicepolicy/app/AccountCheck/Auth/res/xml/authenticator.xml
new file mode 100644
index 0000000..ad963d7
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/Auth/res/xml/authenticator.xml
@@ -0,0 +1,20 @@
+<!-- Copyright (C) 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<!-- The attributes in this XML file provide configuration information -->
+<!-- for the Account Manager. -->
+
+<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
+ android:accountType="com.android.cts.devicepolicy.accountcheck" />
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/Auth/src/com/android/cts/devicepolicy/accountcheck/AccountCheckTest.java b/hostsidetests/devicepolicy/app/AccountCheck/Auth/src/com/android/cts/devicepolicy/accountcheck/AccountCheckTest.java
new file mode 100644
index 0000000..73c18af
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/Auth/src/com/android/cts/devicepolicy/accountcheck/AccountCheckTest.java
@@ -0,0 +1,171 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.cts.devicepolicy.accountcheck;
+
+import android.accounts.Account;
+import android.accounts.AccountManager;
+import android.app.admin.DevicePolicyManager;
+import android.content.ComponentName;
+import android.os.Bundle;
+import android.os.SystemClock;
+import android.test.AndroidTestCase;
+import android.util.Log;
+
+public class AccountCheckTest extends AndroidTestCase {
+ private static final String TAG = "AccountCheckTest";
+
+ private static final String ACCOUNT_TYPE = "com.android.cts.devicepolicy.accountcheck";
+ private static final String ACCOUNT_FEATURE_ALLOWED =
+ "android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED";
+ private static final String ACCOUNT_FEATURE_DISALLOWED =
+ "android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED";
+
+ private DevicePolicyManager mDevicePolicyManager;
+ private AccountManager mAccountManager;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ mDevicePolicyManager = getContext().getSystemService(DevicePolicyManager.class);
+ mAccountManager = getContext().getSystemService(AccountManager.class);
+ }
+
+ /**
+ * Remove all test accounts.
+ */
+ public void testRemoveAllAccounts() throws Exception {
+ for (Account account : mAccountManager.getAccountsByType(ACCOUNT_TYPE)) {
+ Log.i(TAG, "Removing account: " + account);
+ mAccountManager.removeAccountExplicitly(account);
+ }
+ }
+
+ private void addAccount(String... features) throws Exception {
+ final Bundle result = mAccountManager.addAccount(
+ ACCOUNT_TYPE,
+ null, // tokentype
+ features,
+ null, // options
+ null, // activity
+ null, // callback
+ null // handler
+ ).getResult();
+ assertEquals(ACCOUNT_TYPE, result.getString(AccountManager.KEY_ACCOUNT_TYPE));
+ }
+
+ /**
+ * Add an incompatible account, type A.
+ */
+ public void testAddIncompatibleA() throws Exception {
+ addAccount();
+ }
+
+ /**
+ * Add an incompatible account, type B.
+ */
+ public void testAddIncompatibleB() throws Exception {
+ addAccount(ACCOUNT_FEATURE_DISALLOWED);
+ }
+
+ /**
+ * Add an incompatible account, type C.
+ */
+ public void testAddIncompatibleC() throws Exception {
+ addAccount(ACCOUNT_FEATURE_ALLOWED, ACCOUNT_FEATURE_DISALLOWED);
+ }
+
+ /**
+ * Add a compatible account.
+ */
+ public void testAddCompatible() throws Exception {
+ addAccount(ACCOUNT_FEATURE_ALLOWED);
+ }
+
+ /**
+ * Remove the non-test-only (profile|device) owner. Note this package and the test-only owner
+ * have the same UID, so we can call clearXxX() from this package.
+ */
+ public void testCleanUpNonTestOwner() throws Exception {
+ final ComponentName admin = new ComponentName(
+ "com.android.cts.devicepolicy.accountcheck.nontestonly",
+ "com.android.cts.devicepolicy.accountcheck.owner.AdminReceiver");
+
+ if (mDevicePolicyManager.isDeviceOwnerApp(admin.getPackageName())) {
+ Log.i(TAG, "testCleanUpNonTestOwner: Removing as DO");
+ mDevicePolicyManager.clearDeviceOwnerApp(admin.getPackageName());
+ }
+
+ if (mDevicePolicyManager.isProfileOwnerApp(admin.getPackageName())) {
+ Log.i(TAG, "testCleanUpNonTestOwner: Removing as PO");
+ mDevicePolicyManager.clearProfileOwner(admin);
+ }
+
+ if (mDevicePolicyManager.isAdminActive(admin)) {
+ Log.i(TAG, "testCleanUpNonTestOwner: Removing as DA");
+ mDevicePolicyManager.removeActiveAdmin(admin);
+
+ final long timeout = SystemClock.elapsedRealtime() + 60 * 1000;
+ while (SystemClock.elapsedRealtime() < timeout
+ && mDevicePolicyManager.isAdminActive(admin)) {
+ Thread.sleep(100);
+ }
+ }
+ // Give the system a breath.
+ Thread.sleep(5000);
+ }
+
+ /**
+ * Test there are no preconfigured accounts that don't accept DO/PO.
+ */
+ public void testCheckPreconfiguredAccountFeatures() {
+ final AccountManager am = AccountManager.get(mContext);
+ final Account accounts[] = am.getAccounts();
+ if (accounts.length == 0) {
+ Log.v(TAG, "No preconfigured accounts found.");
+ return; // pass.
+ }
+ final String[] feature_allow =
+ {"android.account.DEVICE_OR_PROFILE_OWNER_ALLOWED"};
+ final String[] feature_disallow =
+ {"android.account.DEVICE_OR_PROFILE_OWNER_DISALLOWED"};
+
+ // Even if we find incompatible accounts along the way, we still check all accounts
+ // for logging.
+ final StringBuilder error = new StringBuilder();
+ for (Account account : accounts) {
+ Log.v(TAG, "Checking " + account);
+ if (hasAccountFeatures(am, account, feature_disallow)) {
+ error.append(account + " has " + feature_disallow[0] + "\n");
+ }
+ if (!hasAccountFeatures(am, account, feature_allow)) {
+ error.append(account + " doesn't have " + feature_allow[0] + "\n");
+ }
+ }
+ if (error.length() > 0) {
+ fail(error.toString());
+ }
+ }
+
+ private boolean hasAccountFeatures(AccountManager am, Account account, String[] features) {
+ try {
+ return am.hasFeatures(account, features, null, null).getResult();
+ } catch (Exception e) {
+ Log.w(TAG, "Failed to get account feature", e);
+ return false;
+ }
+ }
+}
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/Auth/src/com/android/cts/devicepolicy/accountcheck/TestAuthenticator.java b/hostsidetests/devicepolicy/app/AccountCheck/Auth/src/com/android/cts/devicepolicy/accountcheck/TestAuthenticator.java
new file mode 100644
index 0000000..31c79d7
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/Auth/src/com/android/cts/devicepolicy/accountcheck/TestAuthenticator.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.cts.devicepolicy.accountcheck;
+
+import android.accounts.AbstractAccountAuthenticator;
+import android.accounts.Account;
+import android.accounts.AccountAuthenticatorResponse;
+import android.accounts.AccountManager;
+import android.accounts.NetworkErrorException;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.os.SystemClock;
+import android.text.TextUtils;
+import android.util.Log;
+
+import java.util.Arrays;
+import java.util.List;
+
+public class TestAuthenticator extends Service {
+ private static final String TAG = "TestAuthenticator";
+
+ private static Authenticator sInstance;
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ if (sInstance == null) {
+ sInstance = new Authenticator(getApplicationContext());
+
+ }
+ return sInstance.getIBinder();
+ }
+
+ public static class Authenticator extends AbstractAccountAuthenticator {
+
+ private final Context mContxet;
+
+ public Authenticator(Context context) {
+ super(context);
+ mContxet = context;
+ }
+
+ @Override
+ public Bundle addAccount(AccountAuthenticatorResponse response, String accountType,
+ String authTokenType, String[] requiredFeatures, Bundle options)
+ throws NetworkErrorException {
+
+ // Create an account whose name is:
+ // [current time] + ":" + [all requested features concatenated with , ]
+
+ if (requiredFeatures == null) {
+ requiredFeatures = new String[0];
+ }
+
+ final String name = SystemClock.elapsedRealtimeNanos()
+ + ":" + TextUtils.join(",", requiredFeatures);
+
+ Log.v(TAG, "Adding account '" + name + "' for " + accountType
+ + "... " + Arrays.asList(requiredFeatures));
+
+ Bundle result = new Bundle();
+ result.putString(AccountManager.KEY_ACCOUNT_TYPE, accountType);
+ result.putString(AccountManager.KEY_ACCOUNT_NAME, name);
+
+ mContxet.getSystemService(AccountManager.class).addAccountExplicitly(
+ new Account(name, accountType), "password", new Bundle());
+
+ return result;
+ }
+
+ @Override
+ public Bundle editProperties(AccountAuthenticatorResponse response, String accountType) {
+ return new Bundle();
+ }
+
+ @Override
+ public Bundle updateCredentials(AccountAuthenticatorResponse response, Account account,
+ String authTokenType, Bundle options) throws NetworkErrorException {
+ return new Bundle();
+ }
+
+ @Override
+ public Bundle confirmCredentials(AccountAuthenticatorResponse response, Account account,
+ Bundle options) throws NetworkErrorException {
+ return new Bundle();
+ }
+
+ @Override
+ public Bundle getAuthToken(AccountAuthenticatorResponse response, Account account,
+ String authTokenType, Bundle options) throws NetworkErrorException {
+ return new Bundle();
+ }
+
+ @Override
+ public String getAuthTokenLabel(String authTokenType) {
+ return "token_label";
+ }
+
+ @Override
+ public Bundle hasFeatures(AccountAuthenticatorResponse response, Account account,
+ String[] features) throws NetworkErrorException {
+
+ final int p = account.name.indexOf(':');
+
+ boolean hasAll = true;
+ final List<String> hasFeatures =
+ Arrays.asList(TextUtils.split(account.name.substring(p + 1), ","));
+ for (String requested : features) {
+ if (!hasFeatures.contains(requested)) {
+ hasAll = false;
+ break;
+ }
+ }
+
+ Bundle result = new Bundle();
+ result.putBoolean(AccountManager.KEY_BOOLEAN_RESULT, hasAll);
+ return result;
+ }
+ }
+}
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/Android.mk b/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/Android.mk
new file mode 100644
index 0000000..26e6dca
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/Android.mk
@@ -0,0 +1,34 @@
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts
+
+LOCAL_PACKAGE_NAME := CtsAccountCheckNonTestOnlyOwnerApp
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
+
+LOCAL_SRC_FILES := $(call all-java-files-under, ../src-owner)
+
+LOCAL_STATIC_JAVA_LIBRARIES := android-support-v4 ctstestrunner ub-uiautomator android-support-test
+
+LOCAL_SDK_VERSION := current
+
+include $(BUILD_CTS_PACKAGE)
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/AndroidManifest.xml b/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/AndroidManifest.xml
new file mode 100644
index 0000000..6b130b5
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/AndroidManifest.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.cts.devicepolicy.accountcheck.nontestonly"
+ android:sharedUserId="com.android.cts.devicepolicy.accountcheck.uid">
+
+ <application android:testOnly="false">
+ <receiver
+ android:name="com.android.cts.devicepolicy.accountcheck.owner.AdminReceiver"
+ android:permission="android.permission.BIND_DEVICE_ADMIN">
+ <meta-data android:name="android.app.device_admin"
+ android:resource="@xml/device_admin" />
+ <intent-filter>
+ <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
+ </intent-filter>
+ </receiver>
+ </application>
+ <!--
+ Don't need instrumentation. All the three device side apps have the same UID, so we're able
+ to run all tests from the Auth package.
+ -->
+</manifest>
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/res/xml/device_admin.xml b/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/res/xml/device_admin.xml
new file mode 100644
index 0000000..98e7028
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/NonTestOnlyOwner/res/xml/device_admin.xml
@@ -0,0 +1,16 @@
+<!-- Copyright (C) 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<device-admin xmlns:android="http://schemas.android.com/apk/res/android" android:visible="false">
+</device-admin>
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/Android.mk b/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/Android.mk
new file mode 100644
index 0000000..eeba939
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/Android.mk
@@ -0,0 +1,34 @@
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts
+
+LOCAL_PACKAGE_NAME := CtsAccountCheckTestOnlyOwnerApp
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
+
+LOCAL_SRC_FILES := $(call all-java-files-under, ../src-owner)
+
+LOCAL_STATIC_JAVA_LIBRARIES := android-support-v4 ctstestrunner ub-uiautomator android-support-test
+
+LOCAL_SDK_VERSION := current
+
+include $(BUILD_CTS_PACKAGE)
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/AndroidManifest.xml b/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/AndroidManifest.xml
new file mode 100644
index 0000000..a9673e9
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/AndroidManifest.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.cts.devicepolicy.accountcheck.testonly"
+ android:sharedUserId="com.android.cts.devicepolicy.accountcheck.uid">
+
+ <application android:testOnly="true">
+ <receiver
+ android:name="com.android.cts.devicepolicy.accountcheck.owner.AdminReceiver"
+ android:permission="android.permission.BIND_DEVICE_ADMIN">
+ <meta-data android:name="android.app.device_admin"
+ android:resource="@xml/device_admin" />
+ <intent-filter>
+ <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
+ </intent-filter>
+ </receiver>
+ </application>
+ <!--
+ Don't need instrumentation. All the three device side apps have the same UID, so we're able
+ to run all tests from the Auth package.
+ -->
+</manifest>
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/res/xml/device_admin.xml b/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/res/xml/device_admin.xml
new file mode 100644
index 0000000..98e7028
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/TestOnlyOwner/res/xml/device_admin.xml
@@ -0,0 +1,16 @@
+<!-- Copyright (C) 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<device-admin xmlns:android="http://schemas.android.com/apk/res/android" android:visible="false">
+</device-admin>
diff --git a/hostsidetests/devicepolicy/app/AccountCheck/src-owner/com/android/cts/devicepolicy/accountcheck/owner/AdminReceiver.java b/hostsidetests/devicepolicy/app/AccountCheck/src-owner/com/android/cts/devicepolicy/accountcheck/owner/AdminReceiver.java
new file mode 100644
index 0000000..bf2ec17
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/AccountCheck/src-owner/com/android/cts/devicepolicy/accountcheck/owner/AdminReceiver.java
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.cts.devicepolicy.accountcheck.owner;
+
+import android.app.admin.DeviceAdminReceiver;
+
+public class AdminReceiver extends DeviceAdminReceiver {
+}
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/AccountCheckHostSideTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/AccountCheckHostSideTest.java
new file mode 100644
index 0000000..80142cf
--- /dev/null
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/AccountCheckHostSideTest.java
@@ -0,0 +1,212 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.devicepolicy;
+
+import com.android.tradefed.device.DeviceNotAvailableException;
+import com.android.tradefed.log.LogUtil.CLog;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class AccountCheckHostSideTest extends BaseDevicePolicyTest {
+ private static final String APK_NON_TEST_ONLY = "CtsAccountCheckNonTestOnlyOwnerApp.apk";
+ private static final String APK_TEST_ONLY = "CtsAccountCheckTestOnlyOwnerApp.apk";
+ private static final String APK_AUTH = "CtsAccountCheckAuthApp.apk";
+
+ private static final String PACKAGE_NON_TEST_ONLY =
+ "com.android.cts.devicepolicy.accountcheck.nontestonly";
+ private static final String PACKAGE_TEST_ONLY =
+ "com.android.cts.devicepolicy.accountcheck.testonly";
+ private static final String PACKAGE_AUTH = "com.android.cts.devicepolicy.accountcheck.auth";
+
+ private static final String OWNER_TEST_ONLY = PACKAGE_TEST_ONLY
+ + "/com.android.cts.devicepolicy.accountcheck.owner.AdminReceiver";
+ private static final String OWNER_NON_TEST_ONLY = PACKAGE_NON_TEST_ONLY
+ + "/com.android.cts.devicepolicy.accountcheck.owner.AdminReceiver";
+
+ private static final String TEST_CLASS =
+ "com.android.cts.devicepolicy.accountcheck.AccountCheckTest";
+
+ @Override
+ protected void tearDown() throws Exception {
+ if (mHasFeature) {
+ runCleanupTestOnlyOwner();
+ runCleanupNonTestOnlyOwner();
+
+ // This shouldn't be needed since we're uninstalling the authenticator, but sometimes
+ // the account manager fails to clean up?
+ removeAllAccounts();
+
+ getDevice().uninstallPackage(PACKAGE_AUTH);
+ getDevice().uninstallPackage(PACKAGE_TEST_ONLY);
+ getDevice().uninstallPackage(PACKAGE_NON_TEST_ONLY);
+ }
+ super.tearDown();
+ }
+
+ private void runTest(String method) throws Exception {
+ assertTrue(runDeviceTests(PACKAGE_AUTH, TEST_CLASS, method));
+ }
+
+ private void runCleanupTestOnlyOwner() throws Exception {
+ removeAdmin(OWNER_TEST_ONLY, mPrimaryUserId);
+ }
+
+ private void runCleanupNonTestOnlyOwner() throws Exception {
+ runTest("testCleanUpNonTestOwner");
+ }
+
+ private void removeAllAccounts() throws Exception {
+ runTest("testRemoveAllAccounts");
+ }
+
+ private void assertTestOnlyInstallable() throws Exception {
+ setDeviceOwnerOrFail(OWNER_TEST_ONLY, mPrimaryUserId);
+ runCleanupTestOnlyOwner();
+
+ setProfileOwnerOrFail(OWNER_TEST_ONLY, mPrimaryUserId);
+ runCleanupTestOnlyOwner();
+ }
+
+ private void assertNonTestOnlyInstallable() throws Exception {
+ setDeviceOwnerOrFail(OWNER_NON_TEST_ONLY, mPrimaryUserId);
+ runCleanupNonTestOnlyOwner();
+
+ setProfileOwnerOrFail(OWNER_NON_TEST_ONLY, mPrimaryUserId);
+ runCleanupNonTestOnlyOwner();
+ }
+
+ private void assertTestOnlyNotInstallable() throws Exception {
+ setDeviceOwnerExpectingFailure(OWNER_TEST_ONLY, mPrimaryUserId);
+ runCleanupTestOnlyOwner();
+
+ setProfileOwnerExpectingFailure(OWNER_TEST_ONLY, mPrimaryUserId);
+ runCleanupTestOnlyOwner();
+ }
+
+ private void assertNonTestOnlyNotInstallable() throws Exception {
+ setDeviceOwnerExpectingFailure(OWNER_NON_TEST_ONLY, mPrimaryUserId);
+ runCleanupNonTestOnlyOwner();
+
+ setProfileOwnerExpectingFailure(OWNER_NON_TEST_ONLY, mPrimaryUserId);
+ runCleanupNonTestOnlyOwner();
+ }
+
+ private boolean hasAccounts() throws Exception {
+ final String accountDump = getDevice().executeShellCommand("dumpsys account");
+
+ final Pattern p = Pattern.compile("^\\s*Accounts\\:\\s*(\\d+)", Pattern.MULTILINE);
+ final Matcher m = p.matcher(accountDump);
+ if (!m.find()) {
+ fail("Unable to obtain # of accounts");
+ return true;
+ }
+ final String count = m.group(1);
+
+ CLog.i("# of preconfigured accounts=" + count);
+
+ return Integer.parseInt(count) > 0;
+ }
+
+ public void testAccountCheck() throws Exception {
+ if (!mHasFeature) {
+ return;
+ }
+ installAppAsUser(APK_AUTH, mPrimaryUserId);
+ installAppAsUser(APK_NON_TEST_ONLY, mPrimaryUserId);
+ installAppAsUser(APK_TEST_ONLY, mPrimaryUserId);
+
+ runCleanupTestOnlyOwner();
+ runCleanupNonTestOnlyOwner();
+ removeAllAccounts();
+ try {
+ runTest("testCheckPreconfiguredAccountFeatures");
+
+ final boolean hasPreconfiguredAccounts = hasAccounts();
+
+ // All pre-configured accounts must be "compatible", so the test-only owner can be
+ // installed.
+ assertTestOnlyInstallable();
+
+ if (hasPreconfiguredAccounts) {
+ assertNonTestOnlyNotInstallable();
+ } else {
+ assertNonTestOnlyInstallable();
+ }
+
+ // Incompatible, type A.
+ runTest("testAddIncompatibleA");
+
+ assertTestOnlyNotInstallable();
+ assertNonTestOnlyNotInstallable();
+
+ // Incompatible, type B.
+ removeAllAccounts();
+ runTest("testAddIncompatibleB");
+
+ assertTestOnlyNotInstallable();
+ assertNonTestOnlyNotInstallable();
+
+ // Incompatible, type C.
+ removeAllAccounts();
+ runTest("testAddIncompatibleC");
+
+ assertTestOnlyNotInstallable();
+ assertNonTestOnlyNotInstallable();
+
+ // Compatible.
+ removeAllAccounts();
+ runTest("testAddCompatible");
+
+ assertTestOnlyInstallable(); // Now test-only owner can be accepted.
+ assertNonTestOnlyNotInstallable();
+
+ // 2 compatible accounts.
+ removeAllAccounts();
+ runTest("testAddCompatible");
+ runTest("testAddCompatible");
+
+ assertTestOnlyInstallable(); // Now test-only owner can be accepted.
+
+ assertNonTestOnlyNotInstallable();
+
+ // 2 compatible accounts + 1 incompatible.
+ removeAllAccounts();
+ runTest("testAddIncompatibleA");
+ runTest("testAddCompatible");
+ runTest("testAddCompatible");
+
+ assertTestOnlyNotInstallable();
+ assertNonTestOnlyNotInstallable();
+
+ // 2 compatible accounts + 1 incompatible, different order.
+ removeAllAccounts();
+ runTest("testAddCompatible");
+ runTest("testAddCompatible");
+ runTest("testAddIncompatibleB");
+
+ assertTestOnlyNotInstallable();
+ assertNonTestOnlyNotInstallable();
+ } catch (Throwable th) {
+ CLog.w("Tests failed; current accounts are:");
+ CLog.w(getDevice().executeShellCommand("dumpsys account"));
+
+ // Dump accounts
+ throw th;
+ }
+ }
+}
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/BaseDevicePolicyTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/BaseDevicePolicyTest.java
index a5008e5..aef1ec0 100644
--- a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/BaseDevicePolicyTest.java
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/BaseDevicePolicyTest.java
@@ -17,8 +17,6 @@
package com.android.cts.devicepolicy;
import com.android.cts.migration.MigrationHelper;
-import com.android.ddmlib.Log.LogLevel;
-import com.android.ddmlib.testrunner.InstrumentationResultParser;
import com.android.ddmlib.testrunner.RemoteAndroidTestRunner;
import com.android.ddmlib.testrunner.TestIdentifier;
import com.android.ddmlib.testrunner.TestResult;
@@ -26,21 +24,17 @@
import com.android.ddmlib.testrunner.TestRunResult;
import com.android.tradefed.build.IBuildInfo;
import com.android.tradefed.device.DeviceNotAvailableException;
-import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.log.LogUtil.CLog;
import com.android.tradefed.result.CollectingTestListener;
import com.android.tradefed.testtype.DeviceTestCase;
import com.android.tradefed.testtype.IBuildReceiver;
-import java.io.File;
import java.io.FileNotFoundException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
import javax.annotation.Nullable;
@@ -229,6 +223,12 @@
return runDeviceTestsAsUser(pkgName, testClassName, testMethodName, userId, params);
}
+ protected boolean runDeviceTests(
+ String pkgName, @Nullable String testClassName, String testMethodName)
+ throws DeviceNotAvailableException {
+ return runDeviceTestsAsUser(pkgName, testClassName, testMethodName, mPrimaryUserId);
+ }
+
protected boolean runDeviceTestsAsUser(String pkgName, @Nullable String testClassName,
@Nullable String testMethodName, int userId,
Map<String, String> params) throws DeviceNotAvailableException {
@@ -404,11 +404,23 @@
protected void setProfileOwnerOrFail(String componentName, int userId)
throws Exception {
if (!setProfileOwner(componentName, userId, /*expectFailure*/ false)) {
- removeUser(userId);
+ if (userId != 0) { // don't remove system user.
+ removeUser(userId);
+ }
fail("Failed to set profile owner");
}
}
+ protected void setProfileOwnerExpectingFailure(String componentName, int userId)
+ throws Exception {
+ if (setProfileOwner(componentName, userId, /* expectFailure =*/ true)) {
+ if (userId != 0) { // don't remove system user.
+ removeUser(userId);
+ }
+ fail("Setting profile owner should have failed.");
+ }
+ }
+
private String setDeviceAdminInner(String componentName, int userId)
throws DeviceNotAvailableException {
String command = "dpm set-active-admin --user " + userId + " '" + componentName + "'";
@@ -448,6 +460,16 @@
return success;
}
+ protected void setDeviceOwnerOrFail(String componentName, int userId)
+ throws Exception {
+ assertTrue(setDeviceOwner(componentName, userId, /* expectFailure =*/ false));
+ }
+
+ protected void setDeviceOwnerExpectingFailure(String componentName, int userId)
+ throws Exception {
+ assertFalse(setDeviceOwner(componentName, userId, /* expectFailure =*/ true));
+ }
+
protected String getSettings(String namespace, String name, int userId)
throws DeviceNotAvailableException {
String command = "settings --user " + userId + " get " + namespace + " " + name;
