• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1page.title=Testing Device Administration
2@jd:body
3
4<!--
5    Copyright 2015 The Android Open Source Project
6
7    Licensed under the Apache License, Version 2.0 (the "License");
8    you may not use this file except in compliance with the License.
9    You may obtain a copy of the License at
10
11        http://www.apache.org/licenses/LICENSE-2.0
12
13    Unless required by applicable law or agreed to in writing, software
14    distributed under the License is distributed on an "AS IS" BASIS,
15    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16    See the License for the specific language governing permissions and
17    limitations under the License.
18-->
19<div id="qv-wrapper">
20  <div id="qv">
21    <h2>In this document</h2>
22    <ol id="auto-toc">
23    </ol>
24  </div>
25</div>
26
27<p>To ensure minimal support for managed profiles, OEM devices must contain the
28following essential elements:</p>
29
30<ul>
31  <li>Profile owner (as described in
32  <a href="https://developer.android.com/training/enterprise/app-compatibility.html">Ensuring
33  Compatibility with Managed Profiles</a>)</li>
34  <li>Device owner</li>
35  <li>Activation code provisioning</li>
36  </ul>
37
38<p>For a complete list of requirements, see
39<a href="{@docRoot}devices/tech/admin/implement.html">Implementing Device
40Administration</a>.</p>
41
42<p>To test device administration features, device owners can use the TestDPC
43application (described below); consider also working directly with other
44enterprise mobility management (EMM) providers.</p>
45
46<h2 id=set_up_the_device_owner_for_testing>Set up device owner for testing</h2>
47<p>Use the following instructions to set up a device owner testing environment.</p>
48
49<ol>
50  <li>Set up the device:
51  <ol>
52  <li style="list-style-type: lower-alpha">Ensure the device uses a
53  <strong>userdebug</strong> or <strong>eng</strong> build.</li>
54  <li style="list-style-type: lower-alpha">Factory reset the target device.</li>
55  </ol></li>
56  <li>Set up the testing application using one of the following methods:
57  <ul>
58  <li><a href="https://play.google.com/store/apps/details?id=com.afwsamples.testdpc&hl=en">Download
59  the TestDPC application</a> (available from Google Play).</li>
60  <li><a href="https://github.com/googlesamples/android-testdpc/">Build
61  the TestDPC application</a> (available from github.com).</li>
62  </ul>
63  </li>
64  <li>Set the TestDPC app as the device owner using the following command:<br>
65  <pre>$ adb shell dpm set-device-owner "com.afwsamples.testdpc/.DeviceAdminReceiver"</pre>
66  </li>
67  <li>Go through device owner setup on the device (encrypt, select Wi-Fi, etc.)</li>
68</ol>
69
70<h2 id=verify_the_device_owner_was_correctly_setup>Verify device owner setup</h2>
71<p>To verify the device owner was correctly setup, go to <em>Settings >
72Security > Device Administrators</em> and confirm TestDPC is in the
73list. Verify it cannot be disabled (this signifies it is a device owner).</p>
74
75<h2 id=automate>Automated provisioning testing</h2>
76<p>To automate the testing of enterprise provisioning processes, use
77the Android for Work (AfW) Test Harness. For details, see
78<a href="{@docRoot}devices/tech/admin/testing-provision.html">Testing Device
79Provisioning</a>.</p>
80
81<h2 id="troubleshooting">Bug reports and logs</h2>
82<p>In Android 7.0, device owner Device Policy Client (DPCs) can get bug reports
83and view logs for enterprise processes on a managed device.</p>
84
85<p>To trigger a bug report (i.e., the equivalent data collected by <code>adb
86bugreport</code> containing dumpsys, dumpstate, and logcat data), use
87<code>DevicePolicyController.requestBugReport</code>. After the bug report is
88collected, the user is prompted to give consent to send the bug report data.
89Results are received by
90<code>DeviceAdminReceiver.onBugreport[Failed|Shared|SharingDeclined]</code>. For
91details on bug report contents, see
92<a href="{@docRoot}source/read-bug-reports.html">Reading Bug Reports</a>.
93
94<p>In addition, device owner DPCs can also collect logs related to actions a
95user has taken on a managed device. Enterprise process logging is required for
96all devices that report device_admin and enabled by a new log security buffer
97readable only by the system server (i.e., <code>adb logcat -b security</code>
98cannot read the buffer). ActivityManager service and Keyguard components log the
99following events to the security buffer:</p>
100
101<ul>
102<li>Application processes starting</li>
103<li>Keyguard actions (e.g., unlock failure and success)</li>
104<li><code>adb</code> commands issued to the device</li>
105</ul>
106
107<p>To optionally retain logs across reboots (not cold boot) and make these logs
108available to device owner DPCs, a device must have a kernel with
109<code>pstore</code> and <code>pmsg</code> enabled, and DRAM powered and
110refreshed through all stages of reboot to avoid corruption to the logs retained
111in memory. To enable support, use the
112<code>config_supportPreRebootSecurityLogs</code> setting in
113<code>frameworks/base/core/res/res/values/config.xml</code>.</p>
114