1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.cts.verifier.managedprovisioning;
18 
19 import android.app.Activity;
20 import android.app.admin.DevicePolicyManager;
21 import android.content.ComponentName;
22 import android.content.Context;
23 import android.os.Bundle;
24 import android.util.Log;
25 
26 /**
27  * A helper activity that executes commands sent from CtsVerifier in the primary user to the managed
28  * profile in COMP mode.
29  *
30  * Note: We have to use a dummy activity because cross-profile intents only work for activities.
31  */
32 public class CompHelperActivity extends Activity {
33 
34     public static final String TAG = "CompHelperActivity";
35 
36     // Set always-on VPN.
37     public static final String ACTION_SET_ALWAYS_ON_VPN
38             = "com.android.cts.verifier.managedprovisioning.COMP_SET_ALWAYS_ON_VPN";
39     // Install trusted CA cert.
40     public static final String ACTION_INSTALL_CA_CERT
41             = "com.android.cts.verifier.managedprovisioning.COMP_INSTALL_CA_CERT";
42     // Set the number of login failures after which the managed profile is wiped.
43     public static final String ACTION_SET_MAXIMUM_PASSWORD_ATTEMPTS
44             = "com.android.cts.verifier.managedprovisioning.COMP_SET_MAXIMUM_PASSWORD_ATTEMPTS";
45 
46     /*
47      * The CA cert below is the content of cacert.pem as generated by:
48      *
49      * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem
50      */
51     private static final String TEST_CA =
52             "-----BEGIN CERTIFICATE-----\n" +
53             "MIIDXTCCAkWgAwIBAgIJAK9Tl/F9V8kSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" +
54             "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" +
55             "aWRnaXRzIFB0eSBMdGQwHhcNMTUwMzA2MTczMjExWhcNMjUwMzAzMTczMjExWjBF\n" +
56             "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" +
57             "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" +
58             "CgKCAQEAvItOutsE75WBTgTyNAHt4JXQ3JoseaGqcC3WQij6vhrleWi5KJ0jh1/M\n" +
59             "Rpry7Fajtwwb4t8VZa0NuM2h2YALv52w1xivql88zce/HU1y7XzbXhxis9o6SCI+\n" +
60             "oVQSbPeXRgBPppFzBEh3ZqYTVhAqw451XhwdA4Aqs3wts7ddjwlUzyMdU44osCUg\n" +
61             "kVg7lfPf9sTm5IoHVcfLSCWH5n6Nr9sH3o2ksyTwxuOAvsN11F/a0mmUoPciYPp+\n" +
62             "q7DzQzdi7akRG601DZ4YVOwo6UITGvDyuAAdxl5isovUXqe6Jmz2/myTSpAKxGFs\n" +
63             "jk9oRoG6WXWB1kni490GIPjJ1OceyQIDAQABo1AwTjAdBgNVHQ4EFgQUH1QIlPKL\n" +
64             "p2OQ/AoLOjKvBW4zK3AwHwYDVR0jBBgwFoAUH1QIlPKLp2OQ/AoLOjKvBW4zK3Aw\n" +
65             "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcMi4voMMJHeQLjtq8Oky\n" +
66             "Azpyk8moDwgCd4llcGj7izOkIIFqq/lyqKdtykVKUWz2bSHO5cLrtaOCiBWVlaCV\n" +
67             "DYAnnVLM8aqaA6hJDIfaGs4zmwz0dY8hVMFCuCBiLWuPfiYtbEmjHGSmpQTG6Qxn\n" +
68             "ZJlaK5CZyt5pgh5EdNdvQmDEbKGmu0wpCq9qjZImwdyAul1t/B0DrsWApZMgZpeI\n" +
69             "d2od0VBrCICB1K4p+C51D93xyQiva7xQcCne+TAnGNy9+gjQ/MyR8MRpwRLv5ikD\n" +
70             "u0anJCN8pXo6IMglfMAsoton1J6o5/ae5uhC6caQU8bNUsCK570gpNfjkzo6rbP0\n" +
71             "wQ==\n" +
72             "-----END CERTIFICATE-----";
73 
74     @Override
onCreate(Bundle savedInstanceState)75     protected void onCreate(Bundle savedInstanceState) {
76         super.onCreate(savedInstanceState);
77 
78         final ComponentName admin = CompDeviceAdminTestReceiver.getReceiverComponentName();
79         final DevicePolicyManager dpm = (DevicePolicyManager) getSystemService(
80                 Context.DEVICE_POLICY_SERVICE);
81 
82         final String action = getIntent().getAction();
83         if (ACTION_SET_ALWAYS_ON_VPN.equals(action)) {
84             try {
85                 dpm.setAlwaysOnVpnPackage(admin, getPackageName(), false /* lockdownEnabled */);
86             } catch (Exception e) {
87                 Log.e(TAG, "Unable to set always-on VPN", e);
88             }
89         } else if (ACTION_INSTALL_CA_CERT.equals(action)) {
90             dpm.installCaCert(admin, TEST_CA.getBytes());
91         } else if (ACTION_SET_MAXIMUM_PASSWORD_ATTEMPTS.equals(action)) {
92             dpm.setMaximumFailedPasswordsForWipe(admin, 100);
93         }
94         finish();
95     }
96 }
97