Google Git
Sign in
android / platform / cts / acebc997c98 / . / hostsidetests / devicepolicy / app / DelegateApp / src / com / android / cts / delegate / WorkProfileSecurityLoggingDelegateTest.java
blob: e660d1bdd9bc7892ef0729191fa27d4e6f7c0a1a [file] [log] [blame]
/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.cts.delegate;
import static com.android.cts.delegate.DelegateTestUtils.assertExpectException;
import static com.google.common.truth.Truth.assertThat;
import android.app.admin.DevicePolicyManager;
import android.app.admin.SecurityLog.SecurityEvent;
import android.content.Context;
import androidx.test.InstrumentationRegistry;
import androidx.test.runner.AndroidJUnit4;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import java.util.List;
@RunWith(AndroidJUnit4.class)
public class WorkProfileSecurityLoggingDelegateTest {
private static final String TAG = "WorkProfileSecurityLoggingDelegateTest";
private static final String CTS_APP_PACKAGE_NAME = "com.android.cts.delegate";
private static final String GENERATED_KEY_ALIAS = "generated_key_alias";
private Context mContext;
private DevicePolicyManager mDpm;
@Before
public void setUp() {
mContext = InstrumentationRegistry.getContext();
mDpm = mContext.getSystemService(DevicePolicyManager.class);
}
@Test
public void testCannotAccessApis() {
assertExpectException(SecurityException.class, null,
() -> mDpm.isSecurityLoggingEnabled(null));
assertExpectException(SecurityException.class, null,
() -> mDpm.setSecurityLoggingEnabled(null, true));
assertExpectException(SecurityException.class, null,
() -> mDpm.retrieveSecurityLogs(null));
}
/**
* Test: Test enabling security logging.
* This test has a side effect: security logging is enabled after its execution.
*/
@Test
public void testEnablingSecurityLogging() {
mDpm.setSecurityLoggingEnabled(null, true);
assertThat(mDpm.isSecurityLoggingEnabled(null)).isTrue();
}
/**
* Generates security events related to Keystore
*/
@Test
public void testGenerateLogs() throws Exception {
try {
DelegateTestUtils.testGenerateKey(GENERATED_KEY_ALIAS);
} finally {
DelegateTestUtils.deleteKey(GENERATED_KEY_ALIAS);
}
}
/**
* Test: retrieves security logs and verifies that all events generated as a result of host
* side actions and by {@link #testGenerateLogs()} are there.
*/
@Test
public void testVerifyGeneratedLogs() throws Exception {
final List<SecurityEvent> events = DelegateTestUtils.getSecurityEvents(mDpm);
DelegateTestUtils.verifyKeystoreEventsPresent(GENERATED_KEY_ALIAS, events);
}
/**
* Test: retrieving security logs should be rate limited - subsequent attempts should return
* null.
*/
@Test
public void testSecurityLoggingRetrievalRateLimited() {
final List<SecurityEvent> logs = mDpm.retrieveSecurityLogs(null);
// if logs is null it means that that attempt was rate limited => test PASS
if (logs != null) {
assertThat(mDpm.retrieveSecurityLogs(null)).isNull();
assertThat(mDpm.retrieveSecurityLogs(null)).isNull();
}
}
/**
* Test: Test disaling security logging.
* This test has a side effect: security logging is disabled after its execution.
*/
@Test
public void testDisablingSecurityLogging() {
mDpm.setSecurityLoggingEnabled(null, false);
assertThat(mDpm.isSecurityLoggingEnabled(null)).isFalse();
}
}