1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.devicepolicy; 18 19 import static com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.FEATURE_MANAGED_USERS; 20 import static com.android.cts.devicepolicy.metrics.DevicePolicyEventLogVerifier.assertMetricsLogged; 21 22 import static org.junit.Assert.assertEquals; 23 import static org.junit.Assert.assertFalse; 24 import static org.junit.Assert.assertTrue; 25 import static org.junit.Assert.fail; 26 27 import android.platform.test.annotations.FlakyTest; 28 import android.platform.test.annotations.LargeTest; 29 import android.stats.devicepolicy.EventId; 30 31 import com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.RequiresAdditionalFeatures; 32 import com.android.cts.devicepolicy.metrics.DevicePolicyEventWrapper; 33 import com.android.cts.devicepolicy.metrics.DevicePolicyEventWrapper.Builder; 34 35 import org.junit.Ignore; 36 import org.junit.Test; 37 38 import java.util.List; 39 40 /** 41 * Tests for device owner and profile owner as well as multiple users. Device owner is setup 42 * {@link #setUp()} and it is always the {@link #COMP_DPC_PKG}. Each test is required to call 43 * {@link #setupManagedSecondaryUser} to create another user on each test case. 44 * As combining a profile owner with a device owner is not supported, this class contains 45 * negative test cases to ensure this combination cannot be set up. 46 */ 47 // We need managed user to be supported in order to create a profile of the user owner. 48 @RequiresAdditionalFeatures({FEATURE_MANAGED_USERS}) 49 public final class DeviceOwnerPlusProfileOwnerTest extends BaseDevicePolicyTest { 50 private static final String BIND_DEVICE_ADMIN_SERVICE_GOOD_SETUP_TEST = 51 "com.android.cts.comp.BindDeviceAdminServiceGoodSetupTest"; 52 private static final String MANAGED_PROFILE_PROVISIONING_TEST = 53 "com.android.cts.comp.provisioning.ManagedProfileProvisioningTest"; 54 private static final String BIND_DEVICE_ADMIN_SERVICE_FAILS_TEST = 55 "com.android.cts.comp.BindDeviceAdminServiceFailsTest"; 56 private static final String AFFILIATION_TEST = 57 "com.android.cts.comp.provisioning.AffiliationTest"; 58 private static final String USER_RESTRICTION_TEST = 59 "com.android.cts.comp.provisioning.UserRestrictionTest"; 60 private static final String MANAGEMENT_TEST = 61 "com.android.cts.comp.ManagementTest"; 62 63 private static final String COMP_DPC_PKG = "com.android.cts.comp"; 64 private static final DevicePolicyEventWrapper WIPE_DATA_WITH_REASON_DEVICE_POLICY_EVENT = 65 new Builder(EventId.WIPE_DATA_WITH_REASON_VALUE) 66 .setAdminPackageName(COMP_DPC_PKG) 67 .setInt(0) 68 .setStrings("notCalledFromParent") 69 .build(); 70 private static final String COMP_DPC_APK = "CtsCorpOwnedManagedProfile.apk"; 71 private static final String COMP_DPC_ADMIN = 72 COMP_DPC_PKG + "/com.android.cts.comp.AdminReceiver"; 73 private static final String COMP_DPC_PKG2 = "com.android.cts.comp2"; 74 private static final String COMP_DPC_APK2 = "CtsCorpOwnedManagedProfile2.apk"; 75 private static final String COMP_DPC_ADMIN2 = 76 COMP_DPC_PKG2 + "/com.android.cts.comp.AdminReceiver"; 77 78 @Override setUp()79 public void setUp() throws Exception { 80 super.setUp(); 81 82 // Set device owner. 83 installAppAsUser(COMP_DPC_APK, mDeviceOwnerUserId); 84 if (!setDeviceOwner(COMP_DPC_ADMIN, mDeviceOwnerUserId, /*expectFailure*/ false)) { 85 removeAdmin(COMP_DPC_ADMIN, mDeviceOwnerUserId); 86 fail("Failed to set device owner"); 87 } 88 runDeviceTestsAsUser( 89 COMP_DPC_PKG, 90 MANAGEMENT_TEST, 91 "testIsDeviceOwner", 92 mDeviceOwnerUserId); 93 } 94 95 @Override tearDown()96 public void tearDown() throws Exception { 97 assertTrue("Failed to remove device owner.", removeAdmin(COMP_DPC_ADMIN, mDeviceOwnerUserId)); 98 99 super.tearDown(); 100 } 101 102 /** 103 * Both device owner and profile are the same package ({@link #COMP_DPC_PKG}). 104 */ 105 @LargeTest 106 @Test testCannotAddManagedProfileWithDeviceOwner()107 public void testCannotAddManagedProfileWithDeviceOwner() throws Exception { 108 assertCannotCreateManagedProfile(mPrimaryUserId); 109 } 110 111 /** 112 * DISABLED: Test currently disabled because of a bug in managed provisioning. 113 * TODO: Re-enable once b/146048940 is fixed. 114 * Same as {@link #testCannotAddManagedProfileWithDeviceOwner} except 115 * creating managed profile through ManagedProvisioning like normal flow 116 */ 117 @FlakyTest 118 @Test 119 @Ignore("b/183395856 Migrate to a device side test.") testCannotAddManagedProfileViaManagedProvisioning()120 public void testCannotAddManagedProfileViaManagedProvisioning() 121 throws Exception { 122 int profileUserId = provisionCorpOwnedManagedProfile(); 123 assertFalse(profileUserId >= 0); 124 } 125 126 /** 127 * Test that isProvisioningAllowed returns false when called with 128 * ACTION_PROVISION_MANAGED_PROFILE when there's a device owner. 129 */ 130 @Test testProvisioningNotAllowedWithDeviceOwner()131 public void testProvisioningNotAllowedWithDeviceOwner() throws Exception { 132 assertProvisionManagedProfileNotAllowed(COMP_DPC_PKG); 133 } 134 135 /** 136 * Both device owner and profile are the same package ({@link #COMP_DPC_PKG}), as setup 137 * by createAndManagedUser. 138 */ 139 @FlakyTest 140 @Test testBindDeviceAdminServiceAsUser_secondaryUser()141 public void testBindDeviceAdminServiceAsUser_secondaryUser() throws Exception { 142 assumeCanCreateAdditionalUsers(1); 143 144 int secondaryUserId = setupManagedSecondaryUser(); 145 146 installAppAsUser(COMP_DPC_APK2, mDeviceOwnerUserId); 147 installAppAsUser(COMP_DPC_APK2, secondaryUserId); 148 149 // Shouldn't be possible to bind to each other, as they are not affiliated. 150 verifyBindDeviceAdminServiceAsUserFails(secondaryUserId); 151 152 // Set the same affiliation ids, and check that DO and PO can now bind to each other. 153 setSameAffiliationId(secondaryUserId); 154 verifyBindDeviceAdminServiceAsUser(secondaryUserId); 155 } 156 sendWipeProfileBroadcast(int userId)157 private void sendWipeProfileBroadcast(int userId) throws Exception { 158 final String cmd = "am broadcast --receiver-foreground --user " + userId 159 + " -a com.android.cts.comp.WIPE_DATA" 160 + " com.android.cts.comp/.WipeDataReceiver"; 161 getDevice().executeShellCommand(cmd); 162 } 163 164 @Test testWipeData_secondaryUser()165 public void testWipeData_secondaryUser() throws Exception { 166 assumeCanCreateAdditionalUsers(1); 167 168 int secondaryUserId = setupManagedSecondaryUser(); 169 addDisallowRemoveUserRestriction(); 170 // The PO of the managed user should be allowed to delete it, even though the disallow 171 // remove user restriction is set. 172 sendWipeProfileBroadcast(secondaryUserId); 173 waitUntilUserRemoved(secondaryUserId); 174 } 175 176 @Test testWipeData_secondaryUserLogged()177 public void testWipeData_secondaryUserLogged() throws Exception { 178 assumeCanCreateAdditionalUsers(1); 179 180 int secondaryUserId = setupManagedSecondaryUser(); 181 addDisallowRemoveUserRestriction(); 182 assertMetricsLogged(getDevice(), () -> { 183 sendWipeProfileBroadcast(secondaryUserId); 184 waitUntilUserRemoved(secondaryUserId); 185 }, WIPE_DATA_WITH_REASON_DEVICE_POLICY_EVENT); 186 } 187 verifyBindDeviceAdminServiceAsUser(int profileOwnerUserId)188 private void verifyBindDeviceAdminServiceAsUser(int profileOwnerUserId) throws Exception { 189 // Installing a non managing app (neither device owner nor profile owner). 190 installAppAsUser(COMP_DPC_APK2, mPrimaryUserId); 191 installAppAsUser(COMP_DPC_APK2, profileOwnerUserId); 192 193 // Testing device owner -> profile owner. 194 runDeviceTestsAsUser( 195 COMP_DPC_PKG, 196 BIND_DEVICE_ADMIN_SERVICE_GOOD_SETUP_TEST, 197 mDeviceOwnerUserId); 198 // Testing profile owner -> device owner. 199 runDeviceTestsAsUser( 200 COMP_DPC_PKG, 201 BIND_DEVICE_ADMIN_SERVICE_GOOD_SETUP_TEST, 202 profileOwnerUserId); 203 } 204 verifyBindDeviceAdminServiceAsUserFails(int profileOwnerUserId)205 private void verifyBindDeviceAdminServiceAsUserFails(int profileOwnerUserId) throws Exception { 206 // Installing a non managing app (neither device owner nor profile owner). 207 installAppAsUser(COMP_DPC_APK2, mPrimaryUserId); 208 installAppAsUser(COMP_DPC_APK2, profileOwnerUserId); 209 210 // Testing device owner -> profile owner. 211 runDeviceTestsAsUser( 212 COMP_DPC_PKG, 213 BIND_DEVICE_ADMIN_SERVICE_FAILS_TEST, 214 mPrimaryUserId); 215 // Testing profile owner -> device owner. 216 runDeviceTestsAsUser( 217 COMP_DPC_PKG, 218 BIND_DEVICE_ADMIN_SERVICE_FAILS_TEST, 219 profileOwnerUserId); 220 } 221 setSameAffiliationId( int profileOwnerUserId, String profileOwnerPackage)222 private void setSameAffiliationId( 223 int profileOwnerUserId, String profileOwnerPackage) throws Exception { 224 runDeviceTestsAsUser( 225 COMP_DPC_PKG, 226 AFFILIATION_TEST, 227 "testSetAffiliationId1", 228 mDeviceOwnerUserId); 229 runDeviceTestsAsUser( 230 profileOwnerPackage, 231 AFFILIATION_TEST, 232 "testSetAffiliationId1", 233 profileOwnerUserId); 234 } 235 setSameAffiliationId(int profileOwnerUserId)236 private void setSameAffiliationId(int profileOwnerUserId) throws Exception { 237 setSameAffiliationId(profileOwnerUserId, COMP_DPC_PKG); 238 } 239 setDifferentAffiliationId( int profileOwnerUserId, String profileOwnerPackage)240 private void setDifferentAffiliationId( 241 int profileOwnerUserId, String profileOwnerPackage) throws Exception { 242 runDeviceTestsAsUser( 243 COMP_DPC_PKG, 244 AFFILIATION_TEST, 245 "testSetAffiliationId1", 246 mPrimaryUserId); 247 runDeviceTestsAsUser( 248 profileOwnerPackage, 249 AFFILIATION_TEST, 250 "testSetAffiliationId2", 251 profileOwnerUserId); 252 } 253 setDifferentAffiliationId(int profileOwnerUserId)254 private void setDifferentAffiliationId(int profileOwnerUserId) throws Exception { 255 setDifferentAffiliationId(profileOwnerUserId, COMP_DPC_PKG); 256 } 257 assertProvisionManagedProfileNotAllowed(String packageName)258 private void assertProvisionManagedProfileNotAllowed(String packageName) throws Exception { 259 runDeviceTestsAsUser( 260 packageName, 261 MANAGEMENT_TEST, 262 "testProvisionManagedProfileNotAllowed", 263 mPrimaryUserId); 264 } 265 266 /** Returns the user id of the newly created managed profile */ setupManagedProfile(String apkName, String packageName, String adminReceiverClassName)267 private int setupManagedProfile(String apkName, String packageName, 268 String adminReceiverClassName) throws Exception { 269 final int userId = createManagedProfile(mPrimaryUserId); 270 installAppAsUser(apkName, userId); 271 setProfileOwnerOrFail(adminReceiverClassName, userId); 272 startUserAndWait(userId); 273 runDeviceTestsAsUser( 274 packageName, 275 MANAGEMENT_TEST, 276 "testIsManagedProfile", 277 userId); 278 return userId; 279 } 280 281 /** Returns the user id of the newly created secondary user */ setupManagedSecondaryUser()282 private int setupManagedSecondaryUser() throws Exception { 283 assertTrue("Cannot create 1 additional user", canCreateAdditionalUsers(1)); 284 285 runDeviceTestsAsUser( 286 COMP_DPC_PKG, 287 MANAGEMENT_TEST, 288 "testCreateSecondaryUser", 289 mDeviceOwnerUserId); 290 List<Integer> newUsers = getUsersCreatedByTests(); 291 assertEquals(1, newUsers.size()); 292 int secondaryUserId = newUsers.get(0); 293 getDevice().startUser(secondaryUserId, /* waitFlag= */ true); 294 return secondaryUserId; 295 } 296 297 /** Returns the user id of the newly created secondary user */ provisionCorpOwnedManagedProfile()298 private int provisionCorpOwnedManagedProfile() throws Exception { 299 runDeviceTestsAsUser( 300 COMP_DPC_PKG, 301 MANAGED_PROFILE_PROVISIONING_TEST, 302 "testProvisioningCorpOwnedManagedProfile", 303 mPrimaryUserId); 304 return getFirstManagedProfileUserId(); 305 } 306 307 /** 308 * Add {@link android.os.UserManager#DISALLOW_REMOVE_USER}. 309 */ addDisallowRemoveUserRestriction()310 private void addDisallowRemoveUserRestriction() throws Exception { 311 runDeviceTestsAsUser( 312 COMP_DPC_PKG, 313 USER_RESTRICTION_TEST, 314 "testAddDisallowRemoveUserRestriction", 315 mDeviceOwnerUserId); 316 } 317 318 /** 319 * Clear {@link android.os.UserManager#DISALLOW_REMOVE_USER}. 320 */ clearDisallowRemoveUserRestriction()321 private void clearDisallowRemoveUserRestriction() throws Exception { 322 runDeviceTestsAsUser( 323 COMP_DPC_PKG, 324 USER_RESTRICTION_TEST, 325 "testClearDisallowRemoveUserRestriction", 326 mDeviceOwnerUserId); 327 } 328 assertOtherProfilesEqualsBindTargetUsers(int otherProfileUserId)329 private void assertOtherProfilesEqualsBindTargetUsers(int otherProfileUserId) throws Exception { 330 runDeviceTestsAsUser( 331 COMP_DPC_PKG, 332 MANAGEMENT_TEST, 333 "testOtherProfilesEqualsBindTargetUsers", 334 mPrimaryUserId); 335 runDeviceTestsAsUser( 336 COMP_DPC_PKG, 337 MANAGEMENT_TEST, 338 "testOtherProfilesEqualsBindTargetUsers", 339 otherProfileUserId); 340 } 341 } 342