1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package com.android.cts.deviceowner;
17 
18 import android.app.admin.SecurityLog.SecurityEvent;
19 import android.os.Parcel;
20 import android.os.SystemClock;
21 
22 import java.util.Arrays;
23 import java.util.List;
24 import java.util.concurrent.TimeUnit;
25 
26 public class SecurityLoggingTest extends BaseDeviceOwnerTest {
27 
28     /**
29      * Test: retrieving security logs can only be done if there's one user on the device or all
30      * secondary users / profiles are affiliated.
31      */
testRetrievingSecurityLogsThrowsSecurityException()32     public void testRetrievingSecurityLogsThrowsSecurityException() {
33         try {
34             mDevicePolicyManager.retrieveSecurityLogs(getWho());
35             fail("did not throw expected SecurityException");
36         } catch (SecurityException expected) {
37         }
38     }
39 
40     /**
41      * Test: retrieving previous security logs can only be done if there's one user on the device or
42      * all secondary users / profiles are affiliated.
43      */
testRetrievingPreviousSecurityLogsThrowsSecurityException()44     public void testRetrievingPreviousSecurityLogsThrowsSecurityException() {
45         try {
46             mDevicePolicyManager.retrievePreRebootSecurityLogs(getWho());
47             fail("did not throw expected SecurityException");
48         } catch (SecurityException expected) {
49         }
50     }
51 
52     /**
53      * Test: retrieving security logs. This test has should be called when security logging is
54      * enabled and directly after reboot with device owner installed so that security logging
55      * actually takes place and fetching the logs isn't subject to rate limiting.
56      */
testGetSecurityLogs()57     public void testGetSecurityLogs() {
58         List<SecurityEvent> events = mDevicePolicyManager.retrieveSecurityLogs(getWho());
59 
60         // There must be at least some events, e.g. PackageManager logs all process launches.
61         assertTrue("Unable to get events", events != null && events.size() > 0);
62 
63         // We don't know much about the events, so just call public API methods.
64         for (int i = 0; i < events.size(); i++) {
65             SecurityEvent event = events.get(i);
66 
67             // Test parcelling: flatten to a parcel.
68             Parcel p = Parcel.obtain();
69             event.writeToParcel(p, 0);
70             p.setDataPosition(0);
71 
72             // Restore from parcel and check contents.
73             SecurityEvent restored = SecurityEvent.CREATOR.createFromParcel(p);
74             p.recycle();
75 
76             // For some events data is encapsulated into Object array.
77             if (event.getData() instanceof Object[]) {
78                 assertTrue("Parcelling changed the array returned by getData",
79                         Arrays.equals((Object[]) event.getData(), (Object[]) restored.getData()));
80             } else {
81                 assertEquals("Parcelling changed the result of getData",
82                         event.getData(), restored.getData());
83             }
84             assertEquals("Parcelling changed the result of getTag",
85                     event.getTag(), restored.getTag());
86             assertEquals("Parcelling changed the result of getTimeNanos",
87                     event.getTimeNanos(), restored.getTimeNanos());
88             assertEquals("Parcelling changed the result of describeContents",
89                     event.describeContents(), restored.describeContents());
90         }
91     }
92 
93     /**
94      * Test: Test enabling security logging. This test should be executed after installing a device
95      * owner so that we check that logging is not enabled by default. This test has a side effect:
96      * security logging is enabled after its execution.
97      */
testEnablingSecurityLogging()98     public void testEnablingSecurityLogging() {
99         assertFalse(mDevicePolicyManager.isSecurityLoggingEnabled(getWho()));
100         mDevicePolicyManager.setSecurityLoggingEnabled(getWho(), true);
101         assertTrue(mDevicePolicyManager.isSecurityLoggingEnabled(getWho()));
102     }
103 
104     /**
105      * Test: Test disabling security logging. This test has a side effect: security logging is
106      * disabled after its execution.
107      */
testDisablingSecurityLogging()108     public void testDisablingSecurityLogging() {
109         mDevicePolicyManager.setSecurityLoggingEnabled(getWho(), false);
110         assertFalse(mDevicePolicyManager.isSecurityLoggingEnabled(getWho()));
111     }
112 
113     /**
114      * Test: retrieving security logs should be rate limited - subsequent attempts should return
115      * null.
116      */
testRetrievingSecurityLogsNotPossibleImmediatelyAfterPreviousSuccessfulRetrieval()117     public void testRetrievingSecurityLogsNotPossibleImmediatelyAfterPreviousSuccessfulRetrieval() {
118         List<SecurityEvent> logs = mDevicePolicyManager.retrieveSecurityLogs(getWho());
119         // if logs is null it means that that attempt was rate limited => test PASS
120         if (logs != null) {
121             assertNull(mDevicePolicyManager.retrieveSecurityLogs(getWho()));
122             assertNull(mDevicePolicyManager.retrieveSecurityLogs(getWho()));
123         }
124     }
125 }
126