Google Git
Sign in
android / platform / cts / refs/tags/android-security-12.0.0_r45 / . / hostsidetests / devicepolicy / src / com / android / cts / devicepolicy / DeviceOwnerPlusProfileOwnerTest.java
blob: e2b701d9dfaa7b2226c87e5fd15fa72567feb684 [file] [log] [blame]
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.cts.devicepolicy;
import static com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.FEATURE_MANAGED_USERS;
import static com.android.cts.devicepolicy.metrics.DevicePolicyEventLogVerifier.assertMetricsLogged;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import android.platform.test.annotations.FlakyTest;
import android.platform.test.annotations.LargeTest;
import android.stats.devicepolicy.EventId;
import com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.RequiresAdditionalFeatures;
import com.android.cts.devicepolicy.metrics.DevicePolicyEventWrapper;
import com.android.cts.devicepolicy.metrics.DevicePolicyEventWrapper.Builder;
import org.junit.Ignore;
import org.junit.Test;
import java.util.List;
/**
* Tests for device owner and profile owner as well as multiple users. Device owner is setup
* {@link #setUp()} and it is always the {@link #COMP_DPC_PKG}. Each test is required to call
* {@link #setupManagedSecondaryUser} to create another user on each test case.
* As combining a profile owner with a device owner is not supported, this class contains
* negative test cases to ensure this combination cannot be set up.
*/
// We need managed user to be supported in order to create a profile of the user owner.
@RequiresAdditionalFeatures({FEATURE_MANAGED_USERS})
public class DeviceOwnerPlusProfileOwnerTest extends BaseDevicePolicyTest {
private static final String BIND_DEVICE_ADMIN_SERVICE_GOOD_SETUP_TEST =
"com.android.cts.comp.BindDeviceAdminServiceGoodSetupTest";
private static final String MANAGED_PROFILE_PROVISIONING_TEST =
"com.android.cts.comp.provisioning.ManagedProfileProvisioningTest";
private static final String BIND_DEVICE_ADMIN_SERVICE_FAILS_TEST =
"com.android.cts.comp.BindDeviceAdminServiceFailsTest";
private static final String DEVICE_WIDE_LOGGING_TEST =
"com.android.cts.comp.DeviceWideLoggingFeaturesTest";
private static final String AFFILIATION_TEST =
"com.android.cts.comp.provisioning.AffiliationTest";
private static final String USER_RESTRICTION_TEST =
"com.android.cts.comp.provisioning.UserRestrictionTest";
private static final String MANAGEMENT_TEST =
"com.android.cts.comp.ManagementTest";
private static final String COMP_DPC_PKG = "com.android.cts.comp";
private static final DevicePolicyEventWrapper WIPE_DATA_WITH_REASON_DEVICE_POLICY_EVENT =
new Builder(EventId.WIPE_DATA_WITH_REASON_VALUE)
.setAdminPackageName(COMP_DPC_PKG)
.setInt(0)
.setStrings("notCalledFromParent")
.build();
private static final String COMP_DPC_APK = "CtsCorpOwnedManagedProfile.apk";
private static final String COMP_DPC_ADMIN =
COMP_DPC_PKG + "/com.android.cts.comp.AdminReceiver";
private static final String COMP_DPC_PKG2 = "com.android.cts.comp2";
private static final String COMP_DPC_APK2 = "CtsCorpOwnedManagedProfile2.apk";
private static final String COMP_DPC_ADMIN2 =
COMP_DPC_PKG2 + "/com.android.cts.comp.AdminReceiver";
@Override
public void setUp() throws Exception {
super.setUp();
// Set device owner.
installAppAsUser(COMP_DPC_APK, mPrimaryUserId);
if (!setDeviceOwner(COMP_DPC_ADMIN, mPrimaryUserId, /*expectFailure*/ false)) {
removeAdmin(COMP_DPC_ADMIN, mPrimaryUserId);
fail("Failed to set device owner");
}
runDeviceTestsAsUser(
COMP_DPC_PKG,
MANAGEMENT_TEST,
"testIsDeviceOwner",
mPrimaryUserId);
}
@Override
public void tearDown() throws Exception {
assertTrue("Failed to remove device owner.", removeAdmin(COMP_DPC_ADMIN, mPrimaryUserId));
super.tearDown();
}
/**
* Both device owner and profile are the same package ({@link #COMP_DPC_PKG}).
*/
@LargeTest
@Test
public void testCannotAddManagedProfileWithDeviceOwner() throws Exception {
assertCannotCreateManagedProfile(mPrimaryUserId);
}
/**
* DISABLED: Test currently disabled because of a bug in managed provisioning.
* TODO: Re-enable once b/146048940 is fixed.
* Same as {@link #testCannotAddManagedProfileWithDeviceOwner} except
* creating managed profile through ManagedProvisioning like normal flow
*/
@FlakyTest
@Test
@Ignore("b/183395856 Migrate to a device side test.")
public void testCannotAddManagedProfileViaManagedProvisioning()
throws Exception {
int profileUserId = provisionCorpOwnedManagedProfile();
assertFalse(profileUserId >= 0);
}
/**
* Test that isProvisioningAllowed returns false when called with
* ACTION_PROVISION_MANAGED_PROFILE when there's a device owner.
*/
@Test
public void testProvisioningNotAllowedWithDeviceOwner() throws Exception {
assertProvisionManagedProfileNotAllowed(COMP_DPC_PKG);
}
/**
* Both device owner and profile are the same package ({@link #COMP_DPC_PKG}), as setup
* by createAndManagedUser.
*/
@FlakyTest
@Test
public void testBindDeviceAdminServiceAsUser_secondaryUser() throws Exception {
assumeCanCreateAdditionalUsers(1);
int secondaryUserId = setupManagedSecondaryUser();
installAppAsUser(COMP_DPC_APK2, mPrimaryUserId);
installAppAsUser(COMP_DPC_APK2, secondaryUserId);
// Shouldn't be possible to bind to each other, as they are not affiliated.
verifyBindDeviceAdminServiceAsUserFails(secondaryUserId);
// Set the same affiliation ids, and check that DO and PO can now bind to each other.
setSameAffiliationId(secondaryUserId);
verifyBindDeviceAdminServiceAsUser(secondaryUserId);
}
@FlakyTest(bugId = 141161038)
@Test
public void testCannotRemoveUserIfRestrictionSet() throws Exception {
assumeCanCreateAdditionalUsers(1);
int secondaryUserId = setupManagedSecondaryUser();
addDisallowRemoveUserRestriction();
assertFalse(getDevice().removeUser(secondaryUserId));
clearDisallowRemoveUserRestriction();
assertTrue(getDevice().removeUser(secondaryUserId));
}
@Test
public void testCannotAddProfileIfRestrictionSet() throws Exception {
// by default, disallow add managed profile users restriction is set.
assertCannotCreateManagedProfile(mPrimaryUserId);
}
private void sendWipeProfileBroadcast(int userId) throws Exception {
final String cmd = "am broadcast --receiver-foreground --user " + userId
+ " -a com.android.cts.comp.WIPE_DATA"
+ " com.android.cts.comp/.WipeDataReceiver";
getDevice().executeShellCommand(cmd);
}
@Test
public void testWipeData_secondaryUser() throws Exception {
assumeCanCreateAdditionalUsers(1);
int secondaryUserId = setupManagedSecondaryUser();
addDisallowRemoveUserRestriction();
// The PO of the managed user should be allowed to delete it, even though the disallow
// remove user restriction is set.
sendWipeProfileBroadcast(secondaryUserId);
waitUntilUserRemoved(secondaryUserId);
}
@Test
public void testWipeData_secondaryUserLogged() throws Exception {
assumeCanCreateAdditionalUsers(1);
int secondaryUserId = setupManagedSecondaryUser();
addDisallowRemoveUserRestriction();
assertMetricsLogged(getDevice(), () -> {
sendWipeProfileBroadcast(secondaryUserId);
waitUntilUserRemoved(secondaryUserId);
}, WIPE_DATA_WITH_REASON_DEVICE_POLICY_EVENT);
}
@Test
public void testNetworkAndSecurityLoggingAvailableIfAffiliated() throws Exception {
assumeCanCreateAdditionalUsers(2);
// If secondary users are allowed, create an affiliated one, to check that this still
// works if having both an affiliated user and an affiliated managed profile.
final int secondaryUserId = setupManagedSecondaryUser();
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testEnablingNetworkAndSecurityLogging",
mPrimaryUserId);
try {
// No affiliation ids have been set on the profile, the features shouldn't be available.
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testRetrievingLogsThrowsSecurityException",
mPrimaryUserId);
// Affiliate the DO and the secondary user.
setSameAffiliationId(secondaryUserId);
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testRetrievingLogsDoesNotThrowException",
mPrimaryUserId);
setDifferentAffiliationId(secondaryUserId);
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testRetrievingLogsThrowsSecurityException",
mPrimaryUserId);
} finally {
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testDisablingNetworkAndSecurityLogging",
mPrimaryUserId);
}
}
@FlakyTest
@Test
public void testRequestBugreportAvailableIfAffiliated() throws Exception {
assumeCanCreateAdditionalUsers(2);
final int secondaryUserId = setupManagedSecondaryUser();
// No affiliation ids have been set on the secondary user, the feature shouldn't be
// available.
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testRequestBugreportThrowsSecurityException",
mPrimaryUserId);
// Affiliate the DO and the secondary user.
setSameAffiliationId(secondaryUserId);
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testRequestBugreportDoesNotThrowException",
mPrimaryUserId);
setDifferentAffiliationId(secondaryUserId, COMP_DPC_PKG);
runDeviceTestsAsUser(
COMP_DPC_PKG,
DEVICE_WIDE_LOGGING_TEST,
"testRequestBugreportThrowsSecurityException",
mPrimaryUserId);
}
private void verifyBindDeviceAdminServiceAsUser(int profileOwnerUserId) throws Exception {
// Installing a non managing app (neither device owner nor profile owner).
installAppAsUser(COMP_DPC_APK2, mPrimaryUserId);
installAppAsUser(COMP_DPC_APK2, profileOwnerUserId);
// Testing device owner -> profile owner.
runDeviceTestsAsUser(
COMP_DPC_PKG,
BIND_DEVICE_ADMIN_SERVICE_GOOD_SETUP_TEST,
mPrimaryUserId);
// Testing profile owner -> device owner.
runDeviceTestsAsUser(
COMP_DPC_PKG,
BIND_DEVICE_ADMIN_SERVICE_GOOD_SETUP_TEST,
profileOwnerUserId);
}
private void verifyBindDeviceAdminServiceAsUserFails(int profileOwnerUserId) throws Exception {
// Installing a non managing app (neither device owner nor profile owner).
installAppAsUser(COMP_DPC_APK2, mPrimaryUserId);
installAppAsUser(COMP_DPC_APK2, profileOwnerUserId);
// Testing device owner -> profile owner.
runDeviceTestsAsUser(
COMP_DPC_PKG,
BIND_DEVICE_ADMIN_SERVICE_FAILS_TEST,
mPrimaryUserId);
// Testing profile owner -> device owner.
runDeviceTestsAsUser(
COMP_DPC_PKG,
BIND_DEVICE_ADMIN_SERVICE_FAILS_TEST,
profileOwnerUserId);
}
private void setSameAffiliationId(
int profileOwnerUserId, String profileOwnerPackage) throws Exception {
runDeviceTestsAsUser(
COMP_DPC_PKG,
AFFILIATION_TEST,
"testSetAffiliationId1",
mPrimaryUserId);
runDeviceTestsAsUser(
profileOwnerPackage,
AFFILIATION_TEST,
"testSetAffiliationId1",
profileOwnerUserId);
}
private void setSameAffiliationId(int profileOwnerUserId) throws Exception {
setSameAffiliationId(profileOwnerUserId, COMP_DPC_PKG);
}
private void setDifferentAffiliationId(
int profileOwnerUserId, String profileOwnerPackage) throws Exception {
runDeviceTestsAsUser(
COMP_DPC_PKG,
AFFILIATION_TEST,
"testSetAffiliationId1",
mPrimaryUserId);
runDeviceTestsAsUser(
profileOwnerPackage,
AFFILIATION_TEST,
"testSetAffiliationId2",
profileOwnerUserId);
}
private void setDifferentAffiliationId(int profileOwnerUserId) throws Exception {
setDifferentAffiliationId(profileOwnerUserId, COMP_DPC_PKG);
}
private void assertProvisionManagedProfileNotAllowed(String packageName) throws Exception {
runDeviceTestsAsUser(
packageName,
MANAGEMENT_TEST,
"testProvisionManagedProfileNotAllowed",
mPrimaryUserId);
}
/** Returns the user id of the newly created managed profile */
private int setupManagedProfile(String apkName, String packageName,
String adminReceiverClassName) throws Exception {
final int userId = createManagedProfile(mPrimaryUserId);
installAppAsUser(apkName, userId);
setProfileOwnerOrFail(adminReceiverClassName, userId);
startUserAndWait(userId);
runDeviceTestsAsUser(
packageName,
MANAGEMENT_TEST,
"testIsManagedProfile",
userId);
return userId;
}
/** Returns the user id of the newly created secondary user */
private int setupManagedSecondaryUser() throws Exception {
assertTrue("Cannot create 1 additional user", canCreateAdditionalUsers(1));
runDeviceTestsAsUser(
COMP_DPC_PKG,
MANAGEMENT_TEST,
"testCreateSecondaryUser",
mPrimaryUserId);
List<Integer> newUsers = getUsersCreatedByTests();
assertEquals(1, newUsers.size());
int secondaryUserId = newUsers.get(0);
getDevice().startUser(secondaryUserId, /* waitFlag= */ true);
return secondaryUserId;
}
/** Returns the user id of the newly created secondary user */
private int provisionCorpOwnedManagedProfile() throws Exception {
runDeviceTestsAsUser(
COMP_DPC_PKG,
MANAGED_PROFILE_PROVISIONING_TEST,
"testProvisioningCorpOwnedManagedProfile",
mPrimaryUserId);
return getFirstManagedProfileUserId();
}
/**
* Add {@link android.os.UserManager#DISALLOW_REMOVE_USER}.
*/
private void addDisallowRemoveUserRestriction() throws Exception {
runDeviceTestsAsUser(
COMP_DPC_PKG,
USER_RESTRICTION_TEST,
"testAddDisallowRemoveUserRestriction",
mPrimaryUserId);
}
/**
* Clear {@link android.os.UserManager#DISALLOW_REMOVE_USER}.
*/
private void clearDisallowRemoveUserRestriction() throws Exception {
runDeviceTestsAsUser(
COMP_DPC_PKG,
USER_RESTRICTION_TEST,
"testClearDisallowRemoveUserRestriction",
mPrimaryUserId);
}
private void assertOtherProfilesEqualsBindTargetUsers(int otherProfileUserId) throws Exception {
runDeviceTestsAsUser(
COMP_DPC_PKG,
MANAGEMENT_TEST,
"testOtherProfilesEqualsBindTargetUsers",
mPrimaryUserId);
runDeviceTestsAsUser(
COMP_DPC_PKG,
MANAGEMENT_TEST,
"testOtherProfilesEqualsBindTargetUsers",
otherProfileUserId);
}
}