1 /* 2 * Copyright (C) 2011 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.admin.cts; 18 19 import android.app.admin.DevicePolicyManager; 20 import android.content.ComponentName; 21 import android.content.Context; 22 import android.content.Intent; 23 import android.content.IntentFilter; 24 import android.content.pm.ApplicationInfo; 25 import android.content.pm.PackageManager; 26 import android.content.pm.PackageManager.NameNotFoundException; 27 import android.content.pm.ResolveInfo; 28 import android.os.Build; 29 import android.os.UserManager; 30 import android.provider.Settings; 31 import android.test.AndroidTestCase; 32 import android.test.suitebuilder.annotation.Suppress; 33 import android.util.Log; 34 35 import java.util.List; 36 37 /** 38 * TODO: Make sure DO APIs are not called by PO. 39 * Test that exercises {@link DevicePolicyManager}. The test requires that the 40 * CtsDeviceAdminReceiver be installed via the CtsDeviceAdmin.apk and be 41 * activated via "Settings > Location & security > Select device administrators". 42 */ 43 public class DevicePolicyManagerTest extends AndroidTestCase { 44 45 private static final String TAG = DevicePolicyManagerTest.class.getSimpleName(); 46 47 private DevicePolicyManager mDevicePolicyManager; 48 private ComponentName mComponent; 49 private boolean mDeviceAdmin; 50 private boolean mManagedProfiles; 51 private PackageManager mPackageManager; 52 53 private static final String TEST_CA_STRING1 = 54 "-----BEGIN CERTIFICATE-----\n" + 55 "MIICVzCCAgGgAwIBAgIJAMvnLHnnfO/IMA0GCSqGSIb3DQEBBQUAMIGGMQswCQYD\n" + 56 "VQQGEwJJTjELMAkGA1UECAwCQVAxDDAKBgNVBAcMA0hZRDEVMBMGA1UECgwMSU1G\n" + 57 "TCBQVlQgTFREMRAwDgYDVQQLDAdJTUZMIE9VMRIwEAYDVQQDDAlJTUZMLklORk8x\n" + 58 "HzAdBgkqhkiG9w0BCQEWEHJhbWVzaEBpbWZsLmluZm8wHhcNMTMwODI4MDk0NDA5\n" + 59 "WhcNMjMwODI2MDk0NDA5WjCBhjELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAkFQMQww\n" + 60 "CgYDVQQHDANIWUQxFTATBgNVBAoMDElNRkwgUFZUIExURDEQMA4GA1UECwwHSU1G\n" + 61 "TCBPVTESMBAGA1UEAwwJSU1GTC5JTkZPMR8wHQYJKoZIhvcNAQkBFhByYW1lc2hA\n" + 62 "aW1mbC5pbmZvMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ738cbTQlNIO7O6nV/f\n" + 63 "DJTMvWbPkyHYX8CQ7yXiAzEiZ5bzKJjDJmpRAkUrVinljKns2l6C4++l/5A7pFOO\n" + 64 "33kCAwEAAaNQME4wHQYDVR0OBBYEFOdbZP7LaMbgeZYPuds2CeSonmYxMB8GA1Ud\n" + 65 "IwQYMBaAFOdbZP7LaMbgeZYPuds2CeSonmYxMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n" + 66 "hvcNAQEFBQADQQBdrk6J9koyylMtl/zRfiMAc2zgeC825fgP6421NTxs1rjLs1HG\n" + 67 "VcUyQ1/e7WQgOaBHi9TefUJi+4PSVSluOXon\n" + 68 "-----END CERTIFICATE-----"; 69 70 private static final String MANAGED_PROVISIONING_PKG = "com.android.managedprovisioning"; 71 72 @Override setUp()73 protected void setUp() throws Exception { 74 super.setUp(); 75 mDevicePolicyManager = (DevicePolicyManager) 76 mContext.getSystemService(Context.DEVICE_POLICY_SERVICE); 77 mComponent = DeviceAdminInfoTest.getReceiverComponent(); 78 mPackageManager = mContext.getPackageManager(); 79 mDeviceAdmin = mPackageManager.hasSystemFeature(PackageManager.FEATURE_DEVICE_ADMIN); 80 mManagedProfiles = mDeviceAdmin 81 && mPackageManager.hasSystemFeature(PackageManager.FEATURE_MANAGED_USERS); 82 } 83 testGetActiveAdmins()84 public void testGetActiveAdmins() { 85 if (!mDeviceAdmin) { 86 Log.w(TAG, "Skipping testGetActiveAdmins"); 87 return; 88 } 89 List<ComponentName> activeAdmins = mDevicePolicyManager.getActiveAdmins(); 90 assertFalse(activeAdmins.isEmpty()); 91 assertTrue(activeAdmins.contains(mComponent)); 92 assertTrue(mDevicePolicyManager.isAdminActive(mComponent)); 93 } 94 testKeyguardDisabledFeatures()95 public void testKeyguardDisabledFeatures() { 96 if (!mDeviceAdmin) { 97 Log.w(TAG, "Skipping testKeyguardDisabledFeatures"); 98 return; 99 } 100 int originalValue = mDevicePolicyManager.getKeyguardDisabledFeatures(mComponent); 101 try { 102 for (int which = DevicePolicyManager.KEYGUARD_DISABLE_FEATURES_NONE; 103 which < 2 * DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT; ++which) { 104 mDevicePolicyManager.setKeyguardDisabledFeatures(mComponent, which); 105 assertEquals(which, mDevicePolicyManager.getKeyguardDisabledFeatures(mComponent)); 106 } 107 } finally { 108 mDevicePolicyManager.setKeyguardDisabledFeatures(mComponent, originalValue); 109 } 110 } 111 testRequestRemoteBugreport_failIfNotDeviceOwner()112 public void testRequestRemoteBugreport_failIfNotDeviceOwner() { 113 if (!mDeviceAdmin) { 114 Log.w(TAG, "Skipping testRequestRemoteBugreport_failIfNotDeviceOwner"); 115 return; 116 } 117 try { 118 mDevicePolicyManager.requestBugreport(mComponent); 119 fail("did not throw expected SecurityException"); 120 } catch (SecurityException e) { 121 assertDeviceOwnerMessage(e.getMessage()); 122 } 123 } 124 testSetSecurityLoggingEnabled_failIfNotDeviceOwner()125 public void testSetSecurityLoggingEnabled_failIfNotDeviceOwner() { 126 if (!mDeviceAdmin) { 127 Log.w(TAG, "Skipping testSetSecurityLoggingEnabled_failIfNotDeviceOwner"); 128 return; 129 } 130 try { 131 mDevicePolicyManager.setSecurityLoggingEnabled(mComponent, true); 132 fail("did not throw expected SecurityException"); 133 } catch (SecurityException e) { 134 assertDeviceOwnerMessage(e.getMessage()); 135 } 136 } 137 testIsSecurityLoggingEnabled_failIfNotDeviceOwner()138 public void testIsSecurityLoggingEnabled_failIfNotDeviceOwner() { 139 if (!mDeviceAdmin) { 140 Log.w(TAG, "Skipping testIsSecurityLoggingEnabled_failIfNotDeviceOwner"); 141 return; 142 } 143 try { 144 mDevicePolicyManager.isSecurityLoggingEnabled(mComponent); 145 fail("did not throw expected SecurityException"); 146 } catch (SecurityException e) { 147 assertDeviceOwnerMessage(e.getMessage()); 148 } 149 } 150 testRetrieveSecurityLogs_failIfNotDeviceOwner()151 public void testRetrieveSecurityLogs_failIfNotDeviceOwner() { 152 if (!mDeviceAdmin) { 153 Log.w(TAG, "Skipping testRetrieveSecurityLogs_failIfNotDeviceOwner"); 154 return; 155 } 156 try { 157 mDevicePolicyManager.retrieveSecurityLogs(mComponent); 158 fail("did not throw expected SecurityException"); 159 } catch (SecurityException e) { 160 assertDeviceOwnerMessage(e.getMessage()); 161 } 162 } 163 testRetrievePreRebootSecurityLogs_failIfNotDeviceOwner()164 public void testRetrievePreRebootSecurityLogs_failIfNotDeviceOwner() { 165 if (!mDeviceAdmin) { 166 Log.w(TAG, "Skipping testRetrievePreRebootSecurityLogs_failIfNotDeviceOwner"); 167 return; 168 } 169 try { 170 mDevicePolicyManager.retrievePreRebootSecurityLogs(mComponent); 171 fail("did not throw expected SecurityException"); 172 } catch (SecurityException e) { 173 assertDeviceOwnerMessage(e.getMessage()); 174 } 175 } 176 testRemoveUser_failIfNotDeviceOwner()177 public void testRemoveUser_failIfNotDeviceOwner() { 178 if (!mDeviceAdmin) { 179 Log.w(TAG, "Skipping testRemoveUser_failIfNotDeviceOwner"); 180 return; 181 } 182 try { 183 mDevicePolicyManager.removeUser(mComponent, null); 184 fail("did not throw expected SecurityException"); 185 } catch (SecurityException e) { 186 assertDeviceOwnerMessage(e.getMessage()); 187 } 188 } 189 testSetApplicationHidden_failIfNotDeviceOrProfileOwner()190 public void testSetApplicationHidden_failIfNotDeviceOrProfileOwner() { 191 if (!mDeviceAdmin) { 192 Log.w(TAG, "Skipping testSetApplicationHidden_failIfNotDeviceOrProfileOwner"); 193 return; 194 } 195 try { 196 mDevicePolicyManager.setApplicationHidden(mComponent, "com.google.anything", true); 197 fail("did not throw expected SecurityException"); 198 } catch (SecurityException e) { 199 assertProfileOwnerMessage(e.getMessage()); 200 } 201 } 202 testIsApplicationHidden_failIfNotDeviceOrProfileOwner()203 public void testIsApplicationHidden_failIfNotDeviceOrProfileOwner() { 204 if (!mDeviceAdmin) { 205 Log.w(TAG, "Skipping testIsApplicationHidden_failIfNotDeviceOrProfileOwner"); 206 return; 207 } 208 try { 209 mDevicePolicyManager.isApplicationHidden(mComponent, "com.google.anything"); 210 fail("did not throw expected SecurityException"); 211 } catch (SecurityException e) { 212 assertProfileOwnerMessage(e.getMessage()); 213 } 214 } 215 testSetGlobalSetting_failIfNotDeviceOwner()216 public void testSetGlobalSetting_failIfNotDeviceOwner() { 217 if (!mDeviceAdmin) { 218 Log.w(TAG, "Skipping testSetGlobalSetting_failIfNotDeviceOwner"); 219 return; 220 } 221 try { 222 mDevicePolicyManager.setGlobalSetting(mComponent, 223 Settings.Global.WIFI_NETWORKS_AVAILABLE_NOTIFICATION_ON, "1"); 224 fail("did not throw expected SecurityException"); 225 } catch (SecurityException e) { 226 assertDeviceOwnerMessage(e.getMessage()); 227 } 228 } 229 testSetSecureSetting_failIfNotDeviceOrProfileOwner()230 public void testSetSecureSetting_failIfNotDeviceOrProfileOwner() { 231 if (!mDeviceAdmin) { 232 Log.w(TAG, "Skipping testSetSecureSetting_failIfNotDeviceOrProfileOwner"); 233 return; 234 } 235 try { 236 mDevicePolicyManager.setSecureSetting(mComponent, 237 Settings.Secure.INSTALL_NON_MARKET_APPS, "1"); 238 fail("did not throw expected SecurityException"); 239 } catch (SecurityException e) { 240 assertProfileOwnerMessage(e.getMessage()); 241 } 242 } 243 testSetMasterVolumeMuted_failIfNotDeviceOrProfileOwner()244 public void testSetMasterVolumeMuted_failIfNotDeviceOrProfileOwner() { 245 if (!mDeviceAdmin) { 246 Log.w(TAG, "Skipping testSetMasterVolumeMuted_failIfNotDeviceOrProfileOwner"); 247 return; 248 } 249 try { 250 mDevicePolicyManager.setMasterVolumeMuted(mComponent, true); 251 fail("did not throw expected SecurityException"); 252 } catch (SecurityException e) { 253 assertProfileOwnerMessage(e.getMessage()); 254 } 255 } 256 testIsMasterVolumeMuted_failIfNotDeviceOrProfileOwner()257 public void testIsMasterVolumeMuted_failIfNotDeviceOrProfileOwner() { 258 if (!mDeviceAdmin) { 259 Log.w(TAG, "Skipping testSetMasterVolumeMuted_failIfNotDeviceOrProfileOwner"); 260 return; 261 } 262 try { 263 mDevicePolicyManager.isMasterVolumeMuted(mComponent); 264 fail("did not throw expected SecurityException"); 265 } catch (SecurityException e) { 266 assertProfileOwnerMessage(e.getMessage()); 267 } 268 } 269 testSetRecommendedGlobalProxy_failIfNotDeviceOwner()270 public void testSetRecommendedGlobalProxy_failIfNotDeviceOwner() { 271 if (!mDeviceAdmin) { 272 Log.w(TAG, "Skipping testSetRecommendedGlobalProxy_failIfNotDeviceOwner"); 273 return; 274 } 275 try { 276 mDevicePolicyManager.setRecommendedGlobalProxy(mComponent, null); 277 fail("did not throw expected SecurityException"); 278 } catch (SecurityException e) { 279 assertDeviceOwnerMessage(e.getMessage()); 280 } 281 } 282 testSetLockTaskPackages_failIfNotDeviceOwner()283 public void testSetLockTaskPackages_failIfNotDeviceOwner() { 284 if (!mDeviceAdmin) { 285 Log.w(TAG, "Skipping testSetLockTaskPackages_failIfNotDeviceOwner"); 286 return; 287 } 288 try { 289 mDevicePolicyManager.setLockTaskPackages(mComponent, new String[] {"package"}); 290 fail("did not throw expected SecurityException"); 291 } catch (SecurityException e) { 292 } 293 } 294 295 // This test registers itself as DO, so this is no longer testable. We do a positive test 296 // for clearDeviceOwnerApp() 297 @Suppress testClearDeviceOwnerApp_failIfNotDeviceOwner()298 public void testClearDeviceOwnerApp_failIfNotDeviceOwner() { 299 if (!mDeviceAdmin) { 300 Log.w(TAG, "Skipping testClearDeviceOwnerApp_failIfNotDeviceOwner"); 301 return; 302 } 303 try { 304 mDevicePolicyManager.clearDeviceOwnerApp("android.admin.app"); 305 fail("did not throw expected SecurityException"); 306 } catch (SecurityException e) { 307 assertDeviceOwnerMessage(e.getMessage()); 308 } 309 } 310 testSwitchUser_failIfNotDeviceOwner()311 public void testSwitchUser_failIfNotDeviceOwner() { 312 if (!mDeviceAdmin) { 313 Log.w(TAG, "Skipping testSwitchUser_failIfNotDeviceOwner"); 314 return; 315 } 316 try { 317 mDevicePolicyManager.switchUser(mComponent, null); 318 fail("did not throw expected SecurityException"); 319 } catch (SecurityException e) { 320 assertDeviceOwnerMessage(e.getMessage()); 321 } 322 } 323 testCreateAndManageUser_failIfNotDeviceOwner()324 public void testCreateAndManageUser_failIfNotDeviceOwner() { 325 if (!mDeviceAdmin) { 326 Log.w(TAG, "Skipping testCreateAndManageUser_failIfNotDeviceOwner"); 327 return; 328 } 329 try { 330 mDevicePolicyManager.createAndManageUser(mComponent, "name", mComponent, null, 0); 331 fail("did not throw expected SecurityException"); 332 } catch (SecurityException e) { 333 assertDeviceOwnerMessage(e.getMessage()); 334 } 335 } 336 testInstallCaCert_failIfNotProfileOwner()337 public void testInstallCaCert_failIfNotProfileOwner() { 338 if (!mDeviceAdmin) { 339 Log.w(TAG, "Skipping testInstallCaCert_failIfNotProfileOwner"); 340 return; 341 } 342 try { 343 mDevicePolicyManager.installCaCert(mComponent, 344 TEST_CA_STRING1.getBytes()); 345 fail("did not throw expected SecurityException"); 346 } catch (SecurityException e) { 347 assertProfileOwnerMessage(e.getMessage()); 348 } 349 } 350 testInstallCaCert_failIfNotCertInstaller()351 public void testInstallCaCert_failIfNotCertInstaller() { 352 if (!mDeviceAdmin) { 353 Log.w(TAG, "Skipping testInstallCaCert_failIfNotCertInstaller"); 354 return; 355 } 356 try { 357 // Delegated cert installer is identified by using null as the first argument. 358 mDevicePolicyManager.installCaCert(null, TEST_CA_STRING1.getBytes()); 359 fail("did not throw expected SecurityException"); 360 } catch (SecurityException expected) { 361 } 362 } 363 testUninstallCaCert_failIfNotProfileOwner()364 public void testUninstallCaCert_failIfNotProfileOwner() { 365 if (!mDeviceAdmin) { 366 Log.w(TAG, "Skipping testUninstallCaCert_failIfNotProfileOwner"); 367 return; 368 } 369 try { 370 mDevicePolicyManager.uninstallCaCert(mComponent, 371 TEST_CA_STRING1.getBytes()); 372 fail("did not throw expected SecurityException"); 373 } catch (SecurityException e) { 374 assertProfileOwnerMessage(e.getMessage()); 375 } 376 } 377 testUninstallCaCert_failIfNotCertInstaller()378 public void testUninstallCaCert_failIfNotCertInstaller() { 379 if (!mDeviceAdmin) { 380 Log.w(TAG, "Skipping testUninstallCaCert_failIfNotCertInstaller"); 381 return; 382 } 383 try { 384 // Delegated cert installer is identified by using null as the first argument. 385 mDevicePolicyManager.uninstallCaCert(null, TEST_CA_STRING1.getBytes()); 386 fail("did not throw expected SecurityException"); 387 } catch (SecurityException expected) { 388 } 389 } 390 testGetInstalledCaCerts_failIfNotProfileOwner()391 public void testGetInstalledCaCerts_failIfNotProfileOwner() { 392 if (!mDeviceAdmin) { 393 Log.w(TAG, "Skipping testGetInstalledCaCerts_failIfNotProfileOwner"); 394 return; 395 } 396 try { 397 mDevicePolicyManager.getInstalledCaCerts(mComponent); 398 fail("did not throw expected SecurityException"); 399 } catch (SecurityException e) { 400 assertProfileOwnerMessage(e.getMessage()); 401 } 402 } 403 testGetInstalledCaCerts_failIfNotCertInstaller()404 public void testGetInstalledCaCerts_failIfNotCertInstaller() { 405 if (!mDeviceAdmin) { 406 Log.w(TAG, "Skipping testGetInstalledCaCerts_failIfNotCertInstaller"); 407 return; 408 } 409 try { 410 // Delegated cert installer is identified by using null as the first argument. 411 mDevicePolicyManager.getInstalledCaCerts(null); 412 fail("did not throw expected SecurityException"); 413 } catch (SecurityException expected) { 414 } 415 } 416 testHasCaCertInstalled_failIfNotProfileOwner()417 public void testHasCaCertInstalled_failIfNotProfileOwner() { 418 if (!mDeviceAdmin) { 419 Log.w(TAG, "Skipping testHasCaCertInstalled_failIfNotProfileOwner"); 420 return; 421 } 422 try { 423 mDevicePolicyManager.hasCaCertInstalled(mComponent, 424 TEST_CA_STRING1.getBytes()); 425 fail("did not throw expected SecurityException"); 426 } catch (SecurityException e) { 427 assertProfileOwnerMessage(e.getMessage()); 428 } 429 } 430 testHasCaCertInstalled_failIfNotCertInstaller()431 public void testHasCaCertInstalled_failIfNotCertInstaller() { 432 if (!mDeviceAdmin) { 433 Log.w(TAG, "Skipping testHasCaCertInstalled_failIfNotCertInstaller"); 434 return; 435 } 436 try { 437 // Delegated cert installer is identified by using null as the first argument. 438 mDevicePolicyManager.hasCaCertInstalled(null, TEST_CA_STRING1.getBytes()); 439 fail("did not throw expected SecurityException"); 440 } catch (SecurityException expected) { 441 } 442 } 443 testUninstallAllUserCaCerts_failIfNotProfileOwner()444 public void testUninstallAllUserCaCerts_failIfNotProfileOwner() { 445 if (!mDeviceAdmin) { 446 Log.w(TAG, "Skipping testUninstallAllUserCaCerts_failIfNotProfileOwner"); 447 return; 448 } 449 try { 450 mDevicePolicyManager.uninstallAllUserCaCerts(mComponent); 451 fail("did not throw expected SecurityException"); 452 } catch (SecurityException e) { 453 assertProfileOwnerMessage(e.getMessage()); 454 } 455 } 456 testUninstallAllUserCaCerts_failIfNotCertInstaller()457 public void testUninstallAllUserCaCerts_failIfNotCertInstaller() { 458 if (!mDeviceAdmin) { 459 Log.w(TAG, "Skipping testUninstallAllUserCaCerts_failIfNotCertInstaller"); 460 return; 461 } 462 try { 463 // Delegated cert installer is identified by using null as the first argument. 464 mDevicePolicyManager.uninstallAllUserCaCerts(null); 465 fail("did not throw expected SecurityException"); 466 } catch (SecurityException expected) { 467 } 468 } 469 testSetScreenCaptureDisabled_failIfNotProfileOwner()470 public void testSetScreenCaptureDisabled_failIfNotProfileOwner() { 471 if (!mDeviceAdmin) { 472 Log.w(TAG, "Skipping testSetScreenCaptureDisabled_failIfNotProfileOwner"); 473 return; 474 } 475 try { 476 mDevicePolicyManager.setScreenCaptureDisabled(mComponent, true); 477 fail("did not throw expected SecurityException"); 478 } catch (SecurityException e) { 479 assertProfileOwnerMessage(e.getMessage()); 480 } 481 } 482 testSetAutoTimeRequired_failIfNotDeviceOwner()483 public void testSetAutoTimeRequired_failIfNotDeviceOwner() { 484 if (!mDeviceAdmin) { 485 Log.w(TAG, "Skipping testSetAutoTimeRequired_failIfNotDeviceOwner"); 486 return; 487 } 488 try { 489 mDevicePolicyManager.setAutoTimeRequired(mComponent, true); 490 fail("did not throw expected SecurityException"); 491 } catch (SecurityException e) { 492 assertDeviceOwnerMessage(e.getMessage()); 493 } 494 } 495 testAddPersistentPreferredActivity_failIfNotProfileOwner()496 public void testAddPersistentPreferredActivity_failIfNotProfileOwner() { 497 if (!mDeviceAdmin) { 498 Log.w(TAG, "Skipping testAddPersistentPreferredActivity_failIfNotProfileOwner"); 499 return; 500 } 501 try { 502 mDevicePolicyManager.addPersistentPreferredActivity(mComponent, 503 new IntentFilter(Intent.ACTION_MAIN), 504 new ComponentName("android.admin.cts", "dummy")); 505 fail("did not throw expected SecurityException"); 506 } catch (SecurityException e) { 507 assertProfileOwnerMessage(e.getMessage()); 508 } 509 } 510 testClearPackagePersistentPreferredActivities_failIfNotProfileOwner()511 public void testClearPackagePersistentPreferredActivities_failIfNotProfileOwner() { 512 if (!mDeviceAdmin) { 513 Log.w(TAG, "Skipping testClearPackagePersistentPreferredActivities_failIfNotProfileOwner"); 514 return; 515 } 516 try { 517 mDevicePolicyManager.clearPackagePersistentPreferredActivities(mComponent, 518 "android.admin.cts"); 519 fail("did not throw expected SecurityException"); 520 } catch (SecurityException e) { 521 assertProfileOwnerMessage(e.getMessage()); 522 } 523 } 524 testSetApplicationRestrictions_failIfNotProfileOwner()525 public void testSetApplicationRestrictions_failIfNotProfileOwner() { 526 if (!mDeviceAdmin) { 527 Log.w(TAG, "Skipping testSetApplicationRestrictions_failIfNotProfileOwner"); 528 return; 529 } 530 try { 531 mDevicePolicyManager.setApplicationRestrictions(mComponent, 532 "android.admin.cts", null); 533 fail("did not throw expected SecurityException"); 534 } catch (SecurityException e) { 535 assertProfileOwnerMessage(e.getMessage()); 536 } 537 } 538 testAddUserRestriction_failIfNotProfileOwner()539 public void testAddUserRestriction_failIfNotProfileOwner() { 540 if (!mDeviceAdmin) { 541 Log.w(TAG, "Skipping testAddUserRestriction_failIfNotProfileOwner"); 542 return; 543 } 544 try { 545 mDevicePolicyManager.addUserRestriction(mComponent, 546 UserManager.DISALLOW_SMS); 547 fail("did not throw expected SecurityException"); 548 } catch (SecurityException e) { 549 assertProfileOwnerMessage(e.getMessage()); 550 } 551 } 552 testSetAccountManagementDisabled_failIfNotProfileOwner()553 public void testSetAccountManagementDisabled_failIfNotProfileOwner() { 554 if (!mDeviceAdmin) { 555 Log.w(TAG, "Skipping testSetAccountManagementDisabled_failIfNotProfileOwner"); 556 return; 557 } 558 try { 559 mDevicePolicyManager.setAccountManagementDisabled(mComponent, 560 "dummy", true); 561 fail("did not throw expected SecurityException"); 562 } catch (SecurityException e) { 563 assertProfileOwnerMessage(e.getMessage()); 564 } 565 } 566 testSetRestrictionsProvider_failIfNotProfileOwner()567 public void testSetRestrictionsProvider_failIfNotProfileOwner() { 568 if (!mDeviceAdmin) { 569 Log.w(TAG, "Skipping testSetRestrictionsProvider_failIfNotProfileOwner"); 570 return; 571 } 572 try { 573 mDevicePolicyManager.setRestrictionsProvider(mComponent, 574 new ComponentName("android.admin.cts", "dummy")); 575 fail("did not throw expected SecurityException"); 576 } catch (SecurityException e) { 577 assertProfileOwnerMessage(e.getMessage()); 578 } 579 } 580 testSetUninstallBlocked_failIfNotProfileOwner()581 public void testSetUninstallBlocked_failIfNotProfileOwner() { 582 if (!mDeviceAdmin) { 583 Log.w(TAG, "Skipping testSetUninstallBlocked_failIfNotProfileOwner"); 584 return; 585 } 586 try { 587 mDevicePolicyManager.setUninstallBlocked(mComponent, 588 "android.admin.cts", true); 589 fail("did not throw expected SecurityException"); 590 } catch (SecurityException e) { 591 assertProfileOwnerMessage(e.getMessage()); 592 } 593 } 594 testSetPermittedAccessibilityServices_failIfNotProfileOwner()595 public void testSetPermittedAccessibilityServices_failIfNotProfileOwner() { 596 if (!mDeviceAdmin) { 597 Log.w(TAG, "Skipping testSetPermittedAccessibilityServices_failIfNotProfileOwner"); 598 return; 599 } 600 try { 601 mDevicePolicyManager.setPermittedAccessibilityServices(mComponent, null); 602 fail("did not throw expected SecurityException"); 603 } catch (SecurityException e) { 604 assertProfileOwnerMessage(e.getMessage()); 605 } 606 } 607 testSetCrossProfileContactsSearchDisabled_failIfNotProfileOwner()608 public void testSetCrossProfileContactsSearchDisabled_failIfNotProfileOwner() { 609 if (!mDeviceAdmin) { 610 Log.w(TAG, "Skipping testSetCrossProfileContactsSearchDisabled_failIfNotProfileOwner"); 611 return; 612 } 613 try { 614 mDevicePolicyManager.setCrossProfileContactsSearchDisabled(mComponent, true); 615 fail("did not throw expected SecurityException"); 616 } catch (SecurityException e) { 617 assertProfileOwnerMessage(e.getMessage()); 618 } 619 } 620 testSetBluetoothContactSharingDisabled_failIfNotProfileOwner()621 public void testSetBluetoothContactSharingDisabled_failIfNotProfileOwner() { 622 if (!mDeviceAdmin) { 623 Log.w(TAG, "Skipping testSetBluetoothContactSharingDisabled_failIfNotProfileOwner"); 624 return; 625 } 626 try { 627 mDevicePolicyManager.setBluetoothContactSharingDisabled(mComponent, true); 628 fail("did not throw expected SecurityException"); 629 } catch (SecurityException e) { 630 assertProfileOwnerMessage(e.getMessage()); 631 } 632 } 633 testSetPermittedInputMethods_failIfNotProfileOwner()634 public void testSetPermittedInputMethods_failIfNotProfileOwner() { 635 if (!mDeviceAdmin) { 636 Log.w(TAG, "Skipping testSetPermittedInputMethods_failIfNotProfileOwner"); 637 return; 638 } 639 try { 640 mDevicePolicyManager.setPermittedInputMethods(mComponent, null); 641 fail("did not throw expected SecurityException"); 642 } catch (SecurityException e) { 643 assertProfileOwnerMessage(e.getMessage()); 644 } 645 } 646 647 /** 648 * Test whether the version of the pre-installed launcher is at least L. This is needed for 649 * managed profile support. 650 */ testLauncherVersionAtLeastL()651 public void testLauncherVersionAtLeastL() throws Exception { 652 if (!mManagedProfiles) { 653 return; 654 } 655 656 Intent intent = new Intent(Intent.ACTION_MAIN); 657 intent.addCategory(Intent.CATEGORY_HOME); 658 List<ResolveInfo> resolveInfos = mPackageManager.queryIntentActivities(intent, 659 0 /* default flags */); 660 assertFalse("No launcher present", resolveInfos.isEmpty()); 661 662 for (ResolveInfo resolveInfo : resolveInfos) { 663 ApplicationInfo launcherAppInfo = mPackageManager.getApplicationInfo( 664 resolveInfo.activityInfo.packageName, 0 /* default flags */); 665 if ((launcherAppInfo.flags & ApplicationInfo.FLAG_SYSTEM) != 0 && 666 launcherAppInfo.targetSdkVersion >= Build.VERSION_CODES.LOLLIPOP) { 667 return; 668 } 669 } 670 fail("No system launcher with version L+ present present on device."); 671 } 672 673 /** 674 * Test that managed provisioning is pre-installed if and only if the device declares the 675 * device admin feature. 676 */ testManagedProvisioningPreInstalled()677 public void testManagedProvisioningPreInstalled() throws Exception { 678 assertEquals(mDeviceAdmin, isPackageInstalledOnSystemImage(MANAGED_PROVISIONING_PKG)); 679 } 680 assertDeviceOwnerMessage(String message)681 private void assertDeviceOwnerMessage(String message) { 682 assertTrue("message is: "+ message, message.contains("does not own the device") 683 || message.contains("can only be called by the device owner")); 684 } 685 assertProfileOwnerMessage(String message)686 private void assertProfileOwnerMessage(String message) { 687 assertTrue("message is: "+ message, 688 message.contains("does not own the profile")); 689 } 690 testSetDelegatedCertInstaller_failIfNotProfileOwner()691 public void testSetDelegatedCertInstaller_failIfNotProfileOwner() { 692 if (!mDeviceAdmin) { 693 Log.w(TAG, "Skipping testSetDelegatedCertInstaller_failIfNotProfileOwner"); 694 return; 695 } 696 try { 697 mDevicePolicyManager.setCertInstallerPackage(mComponent, "com.test.package"); 698 fail("did not throw expected SecurityException"); 699 } catch (SecurityException e) { 700 assertProfileOwnerMessage(e.getMessage()); 701 } 702 } 703 testGetDelegatedCertInstaller_failIfNotProfileOwner()704 public void testGetDelegatedCertInstaller_failIfNotProfileOwner() { 705 if (!mDeviceAdmin) { 706 Log.w(TAG, "Skipping testGetDelegatedCertInstaller_failIfNotProfileOwner"); 707 return; 708 } 709 try { 710 mDevicePolicyManager.getCertInstallerPackage(mComponent); 711 fail("did not throw expected SecurityException"); 712 } catch (SecurityException e) { 713 assertProfileOwnerMessage(e.getMessage()); 714 } 715 } 716 testSetSystemUpdatePolicy_failIfNotDeviceOwner()717 public void testSetSystemUpdatePolicy_failIfNotDeviceOwner() { 718 if (!mDeviceAdmin) { 719 Log.w(TAG, "Skipping testSetSystemUpdatePolicy_failIfNotDeviceOwner"); 720 return; 721 } 722 try { 723 mDevicePolicyManager.setSystemUpdatePolicy(mComponent, null); 724 fail("did not throw expected SecurityException"); 725 } catch (SecurityException e) { 726 assertDeviceOwnerMessage(e.getMessage()); 727 } 728 } 729 isPackageInstalledOnSystemImage(String packagename)730 private boolean isPackageInstalledOnSystemImage(String packagename) { 731 try { 732 ApplicationInfo info = mPackageManager.getApplicationInfo(packagename, 733 0 /* default flags */); 734 return (info.flags & ApplicationInfo.FLAG_SYSTEM) != 0; 735 } catch (NameNotFoundException e) { 736 return false; 737 } 738 } 739 testReboot_failIfNotDeviceOwner()740 public void testReboot_failIfNotDeviceOwner() { 741 if (!mDeviceAdmin) { 742 Log.w(TAG, "Skipping testReboot_failIfNotDeviceOwner"); 743 return; 744 } 745 try { 746 mDevicePolicyManager.reboot(mComponent); 747 fail("did not throw expected SecurityException"); 748 } catch (SecurityException e) { 749 assertDeviceOwnerMessage(e.getMessage()); 750 } 751 } 752 753 } 754