1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.devicepolicy; 18 19 import static com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.FEATURE_MANAGED_USERS; 20 import static com.android.cts.devicepolicy.DeviceAndProfileOwnerTest.DEVICE_ADMIN_COMPONENT_FLATTENED; 21 import static com.android.cts.devicepolicy.metrics.DevicePolicyEventLogVerifier.assertMetricsLogged; 22 23 import static com.google.common.truth.Truth.assertThat; 24 25 import static org.junit.Assert.assertTrue; 26 import static org.junit.Assert.fail; 27 28 import android.platform.test.annotations.LargeTest; 29 import android.stats.devicepolicy.EventId; 30 31 import com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.RequiresAdditionalFeatures; 32 import com.android.cts.devicepolicy.metrics.DevicePolicyEventWrapper; 33 import com.android.tradefed.device.DeviceNotAvailableException; 34 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; 35 import com.android.tradefed.util.RunUtil; 36 37 import org.junit.Ignore; 38 import org.junit.Rule; 39 import org.junit.Test; 40 41 import java.util.concurrent.TimeUnit; 42 43 /** 44 * Tests for organization-owned Profile Owner. 45 */ 46 // We need managed users to be supported in order to create a profile of the user owner. 47 @RequiresAdditionalFeatures({FEATURE_MANAGED_USERS}) 48 public final class OrgOwnedProfileOwnerTest extends BaseDevicePolicyTest { 49 private static final String DEVICE_ADMIN_PKG = DeviceAndProfileOwnerTest.DEVICE_ADMIN_PKG; 50 private static final String DEVICE_ADMIN_APK = DeviceAndProfileOwnerTest.DEVICE_ADMIN_APK; 51 private static final String CERT_INSTALLER_PKG = DeviceAndProfileOwnerTest.CERT_INSTALLER_PKG; 52 private static final String CERT_INSTALLER_APK = DeviceAndProfileOwnerTest.CERT_INSTALLER_APK; 53 private static final String DELEGATE_APP_PKG = DeviceAndProfileOwnerTest.DELEGATE_APP_PKG; 54 private static final String DELEGATE_APP_APK = DeviceAndProfileOwnerTest.DELEGATE_APP_APK; 55 private static final String LOG_TAG_PROFILE_OWNER = "profile-owner"; 56 57 private static final String ADMIN_RECEIVER_TEST_CLASS = 58 DeviceAndProfileOwnerTest.ADMIN_RECEIVER_TEST_CLASS; 59 private static final String ACTION_WIPE_DATA = 60 "com.android.cts.deviceandprofileowner.WIPE_DATA"; 61 62 private static final String TEST_IME_APK = "TestIme.apk"; 63 private static final String TEST_IME_PKG = "com.android.cts.testime"; 64 private static final String TEST_IME_COMPONENT = TEST_IME_PKG + "/.TestIme"; 65 66 private static final String USER_IS_NOT_STARTED = "User is not started"; 67 private static final long USER_STOP_TIMEOUT_SEC = 60; 68 69 protected int mUserId; 70 private static final String DISALLOW_CONFIG_LOCATION = "no_config_location"; 71 private static final String CALLED_FROM_PARENT = "calledFromParent"; 72 73 @Rule 74 public DeviceJUnit4ClassRunner.TestLogData mLogger = new DeviceJUnit4ClassRunner.TestLogData(); 75 76 @Override setUp()77 public void setUp() throws Exception { 78 super.setUp(); 79 80 removeTestUsers(); 81 createManagedProfile(); 82 } 83 createManagedProfile()84 private void createManagedProfile() throws Exception { 85 mUserId = createManagedProfile(mPrimaryUserId); 86 switchUser(mPrimaryUserId); 87 startUserAndWait(mUserId); 88 89 installAppAsUser(DEVICE_ADMIN_APK, mUserId); 90 setProfileOwnerOrFail(DEVICE_ADMIN_PKG + "/" + ADMIN_RECEIVER_TEST_CLASS, mUserId); 91 startUserAndWait(mUserId); 92 restrictManagedProfileRemoval(); 93 } 94 95 @Override tearDown()96 public void tearDown() throws Exception { 97 // Managed profile and other test users will be removed by BaseDevicePolicyTest.tearDown() 98 super.tearDown(); 99 } 100 restrictManagedProfileRemoval()101 private void restrictManagedProfileRemoval() throws DeviceNotAvailableException { 102 getDevice().executeShellCommand( 103 String.format("dpm mark-profile-owner-on-organization-owned-device --user %d '%s'", 104 mUserId, DEVICE_ADMIN_PKG + "/" + ADMIN_RECEIVER_TEST_CLASS)); 105 } 106 107 @Test testCanRelinquishControlOverDevice()108 public void testCanRelinquishControlOverDevice() throws Exception { 109 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".LockScreenInfoTest", "testSetAndGetLockInfo", 110 mUserId); 111 112 removeOrgOwnedProfile(); 113 assertHasNoUser(mUserId); 114 115 try { 116 installAppAsUser(DEVICE_ADMIN_APK, /* userId= */ 0); 117 assertTrue(setDeviceOwner(DEVICE_ADMIN_COMPONENT_FLATTENED, 118 /* userId= */ 0, /*expectFailure*/false)); 119 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".LockScreenInfoTest", "testLockInfoIsNull", 120 /* userId= */ 0); 121 } finally { 122 removeAdmin(DEVICE_ADMIN_COMPONENT_FLATTENED, /* userId= */ 0); 123 getDevice().uninstallPackage(DEVICE_ADMIN_PKG); 124 } 125 } 126 127 @Test testLockScreenInfo()128 public void testLockScreenInfo() throws Exception { 129 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".LockScreenInfoTest", mUserId); 130 } 131 132 @Test testProfileOwnerCanGetDeviceIdentifiers()133 public void testProfileOwnerCanGetDeviceIdentifiers() throws Exception { 134 // The Profile Owner should have access to all device identifiers. 135 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DeviceIdentifiersTest", 136 "testProfileOwnerCanGetDeviceIdentifiersWithPermission", mUserId); 137 } 138 139 @Test testDevicePolicyManagerParentSupport()140 public void testDevicePolicyManagerParentSupport() throws Exception { 141 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".OrgOwnedProfileOwnerParentTest", mUserId); 142 } 143 144 @Test testUserRestrictionSetOnParentLogged()145 public void testUserRestrictionSetOnParentLogged() throws Exception { 146 assertMetricsLogged(getDevice(), () -> { 147 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DevicePolicyLoggingParentTest", 148 "testUserRestrictionLogged", mUserId); 149 }, new DevicePolicyEventWrapper.Builder(EventId.ADD_USER_RESTRICTION_VALUE) 150 .setAdminPackageName(DEVICE_ADMIN_PKG) 151 .setStrings(DISALLOW_CONFIG_LOCATION, CALLED_FROM_PARENT) 152 .build(), 153 new DevicePolicyEventWrapper.Builder(EventId.REMOVE_USER_RESTRICTION_VALUE) 154 .setAdminPackageName(DEVICE_ADMIN_PKG) 155 .setStrings(DISALLOW_CONFIG_LOCATION, CALLED_FROM_PARENT) 156 .build()); 157 } 158 159 @Test testUserRestrictionsSetOnParentAreNotPersisted()160 public void testUserRestrictionsSetOnParentAreNotPersisted() throws Exception { 161 assumeCanCreateAdditionalUsers(1); 162 163 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 164 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 165 "testAddUserRestrictionDisallowConfigDateTime_onParent", mUserId); 166 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 167 "testHasUserRestrictionDisallowConfigDateTime", mPrimaryUserId); 168 removeOrgOwnedProfile(); 169 assertHasNoUser(mUserId); 170 171 // User restrictions are not persist after organization-owned profile owner is removed 172 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 173 "testUserRestrictionDisallowConfigDateTimeIsNotPersisted", mPrimaryUserId); 174 } 175 176 @Test testPerProfileUserRestrictionOnParent()177 public void testPerProfileUserRestrictionOnParent() throws Exception { 178 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 179 "testPerProfileUserRestriction_onParent", mUserId); 180 } 181 182 @Test testPerDeviceUserRestrictionOnParent()183 public void testPerDeviceUserRestrictionOnParent() throws Exception { 184 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 185 "testPerDeviceUserRestriction_onParent", mUserId); 186 } 187 188 @Test testCameraDisabledOnParentIsEnforced()189 public void testCameraDisabledOnParentIsEnforced() throws Exception { 190 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 191 try { 192 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 193 "testAddUserRestrictionCameraDisabled_onParent", mUserId); 194 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 195 "testCannotOpenCamera", mPrimaryUserId); 196 } finally { 197 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 198 "testRemoveUserRestrictionCameraEnabled_onParent", mUserId); 199 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".UserRestrictionsParentTest", 200 "testCanOpenCamera", mPrimaryUserId); 201 } 202 } 203 204 @Test testCameraDisabledOnParentLogged()205 public void testCameraDisabledOnParentLogged() throws Exception { 206 assertMetricsLogged(getDevice(), () -> { 207 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DevicePolicyLoggingParentTest", 208 "testCameraDisabledLogged", mUserId); 209 }, new DevicePolicyEventWrapper.Builder(EventId.SET_CAMERA_DISABLED_VALUE) 210 .setAdminPackageName(DEVICE_ADMIN_PKG) 211 .setBoolean(true) 212 .setStrings(CALLED_FROM_PARENT) 213 .build(), 214 new DevicePolicyEventWrapper.Builder(EventId.SET_CAMERA_DISABLED_VALUE) 215 .setAdminPackageName(DEVICE_ADMIN_PKG) 216 .setBoolean(false) 217 .setStrings(CALLED_FROM_PARENT) 218 .build()); 219 } 220 221 @Test testSecurityLogging()222 public void testSecurityLogging() throws Exception { 223 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 224 testSecurityLoggingOnWorkProfile(DEVICE_ADMIN_PKG, ".SecurityLoggingTest"); 225 } 226 227 @Test testSecurityLoggingDelegate()228 public void testSecurityLoggingDelegate() throws Exception { 229 installAppAsUser(DELEGATE_APP_APK, mUserId); 230 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 231 try { 232 runDeviceTestsAsUser(DELEGATE_APP_PKG, ".SecurityLoggingDelegateTest", 233 "testCannotAccessApis", mUserId); 234 // Set security logging delegate 235 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".SecurityLoggingTest", 236 "testSetDelegateScope_delegationSecurityLogging", mUserId); 237 238 testSecurityLoggingOnWorkProfile(DELEGATE_APP_PKG, 239 ".SecurityLoggingDelegateTest"); 240 } finally { 241 // Remove security logging delegate 242 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".SecurityLoggingTest", 243 "testSetDelegateScope_noDelegation", mUserId); 244 } 245 } 246 testSecurityLoggingOnWorkProfile(String packageName, String testClassName)247 private void testSecurityLoggingOnWorkProfile(String packageName, String testClassName) 248 throws Exception { 249 // Backup stay awake setting because testGenerateLogs() will turn it off. 250 final String stayAwake = getDevice().getSetting("global", "stay_on_while_plugged_in"); 251 try { 252 // Turn logging on. 253 runDeviceTestsAsUser(packageName, testClassName, 254 "testEnablingSecurityLogging", mUserId); 255 256 // Ensure user is initialized before rebooting, otherwise it won't start. 257 waitForUserInitialized(mUserId); 258 // Wait until idle so that the flag is persisted to disk. 259 waitForBroadcastIdle(); 260 // Reboot to ensure ro.organization_owned is set to true in logd and logging is on. 261 rebootAndWaitUntilReady(); 262 waitForUserUnlock(mUserId); 263 264 // Generate various types of events on device side and check that they are logged. 265 runDeviceTestsAsUser(packageName, testClassName, "testGenerateLogs", mUserId); 266 getDevice().executeShellCommand("whoami"); // Generate adb command securty event 267 runDeviceTestsAsUser(packageName, testClassName, "testVerifyGeneratedLogs", mUserId); 268 269 // Immediately attempting to fetch events again should fail. 270 runDeviceTestsAsUser(packageName, testClassName, 271 "testSecurityLoggingRetrievalRateLimited", mUserId); 272 } finally { 273 // Turn logging off. 274 runDeviceTestsAsUser(packageName, testClassName, 275 "testDisablingSecurityLogging", mUserId); 276 // Restore stay awake setting. 277 if (stayAwake != null) { 278 getDevice().setSetting("global", "stay_on_while_plugged_in", stayAwake); 279 } 280 } 281 } 282 waitForUserInitialized(int userId)283 private void waitForUserInitialized(int userId) throws Exception { 284 final long start = System.nanoTime(); 285 final long deadline = start + TimeUnit.MINUTES.toNanos(5); 286 while ((getUserFlags(userId) & FLAG_INITIALIZED) == 0) { 287 if (System.nanoTime() > deadline) { 288 fail("Timed out waiting for user to become initialized"); 289 } 290 RunUtil.getDefault().sleep(100); 291 } 292 } 293 294 @LargeTest 295 @Test 296 @Ignore("b/145932189") testSystemUpdatePolicy()297 public void testSystemUpdatePolicy() throws Exception { 298 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".systemupdate.SystemUpdatePolicyTest", mUserId); 299 } 300 301 @Test testInstallUpdate()302 public void testInstallUpdate() throws Exception { 303 pushUpdateFileToDevice("notZip.zi"); 304 pushUpdateFileToDevice("empty.zip"); 305 pushUpdateFileToDevice("wrongPayload.zip"); 306 pushUpdateFileToDevice("wrongHash.zip"); 307 pushUpdateFileToDevice("wrongSize.zip"); 308 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".systemupdate.InstallUpdateTest", mUserId); 309 } 310 311 @Test testIsDeviceOrganizationOwnedWithManagedProfile()312 public void testIsDeviceOrganizationOwnedWithManagedProfile() throws Exception { 313 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DeviceOwnershipTest", 314 "testCallingIsOrganizationOwnedWithManagedProfileExpectingTrue", 315 mUserId); 316 317 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 318 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DeviceOwnershipTest", 319 "testCallingIsOrganizationOwnedWithManagedProfileExpectingTrue", 320 mPrimaryUserId); 321 } 322 323 @Test testCommonCriteriaMode()324 public void testCommonCriteriaMode() throws Exception { 325 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".CommonCriteriaModeTest", mUserId); 326 } 327 removeOrgOwnedProfile()328 private void removeOrgOwnedProfile() throws Exception { 329 sendWipeProfileBroadcast(mUserId); 330 waitUntilUserRemoved(mUserId); 331 } 332 sendWipeProfileBroadcast(int userId)333 private void sendWipeProfileBroadcast(int userId) throws Exception { 334 final String cmd = "am broadcast --receiver-foreground --user " + userId 335 + " -a " + ACTION_WIPE_DATA 336 + " com.android.cts.deviceandprofileowner/.WipeDataReceiver"; 337 getDevice().executeShellCommand(cmd); 338 } 339 setPersonalAppsSuspended(boolean suspended)340 private void setPersonalAppsSuspended(boolean suspended) throws DeviceNotAvailableException { 341 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 342 suspended ? "testSuspendPersonalApps" : "testUnsuspendPersonalApps", mUserId); 343 } 344 345 @Test testPersonalAppsSuspensionIme()346 public void testPersonalAppsSuspensionIme() throws Exception { 347 installAppAsUser(TEST_IME_APK, mPrimaryUserId); 348 setupIme(TEST_IME_COMPONENT, mPrimaryUserId); 349 setPersonalAppsSuspended(true); 350 // Active IME should not be suspended. 351 assertCanStartPersonalApp(TEST_IME_PKG, true); 352 setPersonalAppsSuspended(false); 353 } 354 355 @Test testPermittedInputMethods()356 public void testPermittedInputMethods() throws Exception { 357 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".InputMethodsTest", mUserId); 358 } 359 360 @Test testPermittedInputMethodsLogged()361 public void testPermittedInputMethodsLogged() throws Exception { 362 assertMetricsLogged(getDevice(), () -> 363 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".InputMethodsTest", 364 "testPermittedInputMethodsOnParent", mUserId), 365 new DevicePolicyEventWrapper.Builder(EventId.SET_PERMITTED_INPUT_METHODS_VALUE) 366 .setAdminPackageName(DEVICE_ADMIN_PKG) 367 .setStrings(CALLED_FROM_PARENT, new String[0]) 368 .build(), 369 new DevicePolicyEventWrapper.Builder(EventId.SET_PERMITTED_INPUT_METHODS_VALUE) 370 .setAdminPackageName(DEVICE_ADMIN_PKG) 371 .setStrings(CALLED_FROM_PARENT, new String[0]) 372 .build()); 373 } 374 setupIme(String imeComponent, int userId)375 private void setupIme(String imeComponent, int userId) throws Exception { 376 // Wait until IMS service is registered by the system. 377 waitForOutput("Failed waiting for IME to become available", 378 String.format("ime list --user %d -s -a", userId), 379 s -> s.contains(imeComponent), 100 /* seconds */); 380 381 executeShellCommand("ime enable " + imeComponent); 382 executeShellCommand("ime set " + imeComponent); 383 } 384 assertCanStartPersonalApp(String packageName, boolean canStart)385 private void assertCanStartPersonalApp(String packageName, boolean canStart) 386 throws DeviceNotAvailableException { 387 runDeviceTestsAsUser(packageName, "com.android.cts.suspensionchecker.ActivityLaunchTest", 388 canStart ? "testCanStartActivity" : "testCannotStartActivity", mPrimaryUserId); 389 } 390 assertHasNoUser(int userId)391 private void assertHasNoUser(int userId) throws DeviceNotAvailableException { 392 int numWaits = 0; 393 final int MAX_NUM_WAITS = 15; 394 while (listUsers().contains(userId) && (numWaits < MAX_NUM_WAITS)) { 395 RunUtil.getDefault().sleep(1000); 396 numWaits += 1; 397 } 398 399 assertThat(listUsers()).doesNotContain(userId); 400 } 401 402 @Test testSetPersonalAppsSuspendedLogged()403 public void testSetPersonalAppsSuspendedLogged() throws Exception { 404 assertMetricsLogged(getDevice(), () -> { 405 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DevicePolicyLoggingTest", 406 "testSetPersonalAppsSuspendedLogged", mUserId); 407 }, new DevicePolicyEventWrapper.Builder(EventId.SET_PERSONAL_APPS_SUSPENDED_VALUE) 408 .setAdminPackageName(DEVICE_ADMIN_PKG) 409 .setBoolean(true) 410 .build(), 411 new DevicePolicyEventWrapper.Builder(EventId.SET_PERSONAL_APPS_SUSPENDED_VALUE) 412 .setAdminPackageName(DEVICE_ADMIN_PKG) 413 .setBoolean(false) 414 .build()); 415 } 416 417 @Test testSetManagedProfileMaximumTimeOffLogged()418 public void testSetManagedProfileMaximumTimeOffLogged() throws Exception { 419 assertMetricsLogged(getDevice(), () -> { 420 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 421 "testSetManagedProfileMaximumTimeOff", mUserId); 422 }, new DevicePolicyEventWrapper.Builder( 423 EventId.SET_MANAGED_PROFILE_MAXIMUM_TIME_OFF_VALUE) 424 .setAdminPackageName(DEVICE_ADMIN_PKG) 425 .setTimePeriod(123456789) 426 .build(), 427 new DevicePolicyEventWrapper.Builder( 428 EventId.SET_MANAGED_PROFILE_MAXIMUM_TIME_OFF_VALUE) 429 .setAdminPackageName(DEVICE_ADMIN_PKG) 430 .setTimePeriod(0) 431 .build()); 432 } 433 434 @Test testWorkProfileMaximumTimeOff_complianceRequiredBroadcastDefault()435 public void testWorkProfileMaximumTimeOff_complianceRequiredBroadcastDefault() 436 throws Exception { 437 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 438 // Very long timeout, won't be triggered 439 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 440 "testSetManagedProfileMaximumTimeOff1Year", mUserId); 441 442 try { 443 toggleQuietMode(true); 444 waitForBroadcastIdle(); 445 toggleQuietMode(false); 446 // Ensure the DPC has handled the broadcast 447 waitForBroadcastIdle(); 448 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 449 "testComplianceAcknowledgementRequiredReceived", mUserId); 450 451 // Ensure that the default onComplianceAcknowledgementRequired acknowledged compliance. 452 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 453 "testComplianceAcknowledgementNotRequired", mUserId); 454 455 } finally { 456 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 457 "testClearComplianceSharedPreference", mUserId); 458 } 459 } 460 461 @Test testWorkProfileMaximumTimeOff_complianceRequiredBroadcastOverride()462 public void testWorkProfileMaximumTimeOff_complianceRequiredBroadcastOverride() 463 throws Exception { 464 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 465 // Very long timeout, won't be triggered 466 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 467 "testSetManagedProfileMaximumTimeOff1Year", mUserId); 468 // Set shared preference that instructs the receiver to NOT call default implementation. 469 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 470 "testSetOverrideOnComplianceAcknowledgementRequired", mUserId); 471 472 try { 473 toggleQuietMode(true); 474 waitForBroadcastIdle(); 475 toggleQuietMode(false); 476 // Ensure the DPC has handled the broadcast 477 waitForBroadcastIdle(); 478 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 479 "testComplianceAcknowledgementRequiredReceived", mUserId); 480 481 // Ensure compliance wasn't acknowledged automatically, acknowledge explicitly. 482 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 483 "testAcknowledgeCompliance", mUserId); 484 } finally { 485 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 486 "testClearComplianceSharedPreference", mUserId); 487 } 488 } 489 490 @Test testDelegatedCertInstallerDeviceIdAttestation()491 public void testDelegatedCertInstallerDeviceIdAttestation() throws Exception { 492 installAppAsUser(CERT_INSTALLER_APK, mUserId); 493 494 try { 495 runDeviceTestsAsUser( 496 DEVICE_ADMIN_PKG, 497 ".DelegatedCertInstallerHelper", 498 "testManualSetCertInstallerDelegate", 499 mUserId); 500 501 runDeviceTestsAsUser( 502 CERT_INSTALLER_PKG, 503 ".DelegatedDeviceIdAttestationTest", 504 "testGenerateKeyPairWithDeviceIdAttestationExpectingSuccess", 505 mUserId); 506 } finally { 507 runDeviceTestsAsUser( 508 DEVICE_ADMIN_PKG, 509 ".DelegatedCertInstallerHelper", 510 "testManualClearCertInstallerDelegate", 511 mUserId); 512 } 513 } 514 515 @Test testDeviceIdAttestationForProfileOwner()516 public void testDeviceIdAttestationForProfileOwner() throws Exception { 517 // Test that Device ID attestation works for org-owned profile owner. 518 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DeviceIdAttestationTest", 519 "testSucceedsWithProfileOwnerIdsGrant", mUserId); 520 521 } 522 523 @Test testNetworkLogging()524 public void testNetworkLogging() throws Exception { 525 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 526 testNetworkLoggingOnWorkProfile(DEVICE_ADMIN_PKG, ".NetworkLoggingTest"); 527 } 528 529 @Test testNetworkLoggingDelegate()530 public void testNetworkLoggingDelegate() throws Exception { 531 installAppAsUser(DELEGATE_APP_APK, mUserId); 532 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 533 try { 534 runDeviceTestsAsUser(DELEGATE_APP_PKG, ".WorkProfileNetworkLoggingDelegateTest", 535 "testCannotAccessApis", mUserId); 536 // Set network logging delegate 537 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".NetworkLoggingTest", 538 "testSetDelegateScope_delegationNetworkLogging", mUserId); 539 540 testNetworkLoggingOnWorkProfile(DELEGATE_APP_PKG, 541 ".WorkProfileNetworkLoggingDelegateTest"); 542 } finally { 543 // Remove network logging delegate 544 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".NetworkLoggingTest", 545 "testSetDelegateScope_noDelegation", mUserId); 546 } 547 } 548 testNetworkLoggingOnWorkProfile(String packageName, String testClassName)549 private void testNetworkLoggingOnWorkProfile(String packageName, String testClassName) 550 throws Exception { 551 try { 552 // Turn network logging on. 553 runDeviceTestsAsUser(packageName, testClassName, 554 "testSetNetworkLogsEnabled_true", mUserId); 555 556 // Connect to websites from work profile, should be logged. 557 runDeviceTestsAsUser(packageName, testClassName, 558 "testConnectToWebsites_shouldBeLogged", mUserId); 559 // Connect to websites from personal profile, should not be logged. 560 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".NetworkLoggingTest", 561 "testConnectToWebsites_shouldNotBeLogged", mPrimaryUserId); 562 563 // Verify all work profile network logs have been received. 564 runDeviceTestsAsUser(packageName, testClassName, 565 "testRetrieveNetworkLogs_forceNetworkLogs_receiveNetworkLogs", mUserId); 566 } finally { 567 // Turn network logging off. 568 runDeviceTestsAsUser(packageName, testClassName, 569 "testSetNetworkLogsEnabled_false", mUserId); 570 } 571 } 572 573 @Test testNetworkLoggingLogged()574 public void testNetworkLoggingLogged() throws Exception { 575 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 576 assertMetricsLogged(getDevice(), () -> { 577 testNetworkLoggingOnWorkProfile(DEVICE_ADMIN_PKG, ".NetworkLoggingTest"); 578 }, new DevicePolicyEventWrapper.Builder(EventId.SET_NETWORK_LOGGING_ENABLED_VALUE) 579 .setAdminPackageName(DEVICE_ADMIN_PKG) 580 .setBoolean(false) 581 .setInt(1) 582 .setStrings(LOG_TAG_PROFILE_OWNER) 583 .build(), 584 new DevicePolicyEventWrapper.Builder(EventId.RETRIEVE_NETWORK_LOGS_VALUE) 585 .setAdminPackageName(DEVICE_ADMIN_PKG) 586 .setBoolean(false) 587 .setStrings(LOG_TAG_PROFILE_OWNER) 588 .build(), 589 new DevicePolicyEventWrapper.Builder(EventId.SET_NETWORK_LOGGING_ENABLED_VALUE) 590 .setAdminPackageName(DEVICE_ADMIN_PKG) 591 .setBoolean(false) 592 .setInt(0) 593 .setStrings(LOG_TAG_PROFILE_OWNER) 594 .build()); 595 } 596 toggleQuietMode(boolean quietModeEnable)597 private void toggleQuietMode(boolean quietModeEnable) throws Exception { 598 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".PersonalAppsSuspensionTest", 599 quietModeEnable ? "testEnableQuietMode" : "testDisableQuietMode", mPrimaryUserId); 600 601 boolean keepProfilesRunning = executeShellCommand("dumpsys device_policy") 602 .contains("Keep profiles running: true"); 603 if (!keepProfilesRunning) { 604 if (quietModeEnable) { 605 waitForUserStopped(mUserId); 606 } else { 607 waitForUserUnlock(mUserId); 608 } 609 } 610 } 611 waitForUserStopped(int userId)612 private void waitForUserStopped(int userId) throws Exception { 613 waitForOutput("User is not unlocked.", 614 String.format("am get-started-user-state %d", userId), 615 s -> s.startsWith(USER_IS_NOT_STARTED), USER_STOP_TIMEOUT_SEC); 616 } 617 } 618