1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.devicepolicy; 18 19 import android.platform.test.annotations.RequiresDevice; 20 21 import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper; 22 import com.android.tradefed.device.DeviceNotAvailableException; 23 import com.android.tradefed.log.LogUtil.CLog; 24 25 import java.io.File; 26 import java.io.FileNotFoundException; 27 import java.util.ArrayList; 28 import java.util.Arrays; 29 import java.util.List; 30 31 /** 32 * Set of tests for use cases that apply to profile and device owner. 33 * This class is the base class of MixedProfileOwnerTest, MixedDeviceOwnerTest and 34 * MixedManagedProfileOwnerTest and is abstract to avoid running spurious tests. 35 * 36 * NOTE: Not all tests are executed in the subclasses. Sometimes, if a test is not applicable to 37 * a subclass, they override it with an empty method. 38 */ 39 public abstract class DeviceAndProfileOwnerTest extends BaseDevicePolicyTest { 40 41 protected static final String DEVICE_ADMIN_PKG = "com.android.cts.deviceandprofileowner"; 42 protected static final String DEVICE_ADMIN_APK = "CtsDeviceAndProfileOwnerApp.apk"; 43 protected static final String ADMIN_RECEIVER_TEST_CLASS 44 = ".BaseDeviceAdminTest$BasicAdminReceiver"; 45 46 private static final String INTENT_RECEIVER_PKG = "com.android.cts.intent.receiver"; 47 private static final String INTENT_RECEIVER_APK = "CtsIntentReceiverApp.apk"; 48 49 private static final String INTENT_SENDER_PKG = "com.android.cts.intent.sender"; 50 private static final String INTENT_SENDER_APK = "CtsIntentSenderApp.apk"; 51 52 private static final String PERMISSIONS_APP_PKG = "com.android.cts.permissionapp"; 53 private static final String PERMISSIONS_APP_APK = "CtsPermissionApp.apk"; 54 55 private static final String SIMPLE_PRE_M_APP_PKG = "com.android.cts.launcherapps.simplepremapp"; 56 private static final String SIMPLE_PRE_M_APP_APK = "CtsSimplePreMApp.apk"; 57 58 private static final String APP_RESTRICTIONS_TARGET_APP_PKG 59 = "com.android.cts.apprestrictions.targetapp"; 60 private static final String APP_RESTRICTIONS_TARGET_APP_APK = "CtsAppRestrictionsTargetApp.apk"; 61 62 private static final String CERT_INSTALLER_PKG = "com.android.cts.certinstaller"; 63 private static final String CERT_INSTALLER_APK = "CtsCertInstallerApp.apk"; 64 65 private static final String DELEGATE_APP_PKG = "com.android.cts.delegate"; 66 private static final String DELEGATE_APP_APK = "CtsDelegateApp.apk"; 67 private static final String DELEGATION_CERT_INSTALL = "delegation-cert-install"; 68 private static final String DELEGATION_APP_RESTRICTIONS = "delegation-app-restrictions"; 69 private static final String DELEGATION_BLOCK_UNINSTALL = "delegation-block-uninstall"; 70 71 private static final String TEST_APP_APK = "CtsSimpleApp.apk"; 72 private static final String TEST_APP_PKG = "com.android.cts.launcherapps.simpleapp"; 73 private static final String TEST_APP_LOCATION = "/data/local/tmp/"; 74 75 private static final String PACKAGE_INSTALLER_PKG = "com.android.cts.packageinstaller"; 76 private static final String PACKAGE_INSTALLER_APK = "CtsPackageInstallerApp.apk"; 77 78 private static final String ACCOUNT_MANAGEMENT_PKG 79 = "com.android.cts.devicepolicy.accountmanagement"; 80 private static final String ACCOUNT_MANAGEMENT_APK = "CtsAccountManagementDevicePolicyApp.apk"; 81 82 private static final String VPN_APP_PKG = "com.android.cts.vpnfirewall"; 83 private static final String VPN_APP_APK = "CtsVpnFirewallApp.apk"; 84 85 private static final String COMMAND_BLOCK_ACCOUNT_TYPE = "block-accounttype"; 86 private static final String COMMAND_UNBLOCK_ACCOUNT_TYPE = "unblock-accounttype"; 87 88 private static final String DISALLOW_MODIFY_ACCOUNTS = "no_modify_accounts"; 89 private static final String DISALLOW_REMOVE_USER = "no_remove_user"; 90 private static final String ACCOUNT_TYPE 91 = "com.android.cts.devicepolicy.accountmanagement.account.type"; 92 93 private static final String CUSTOMIZATION_APP_PKG = "com.android.cts.customizationapp"; 94 private static final String CUSTOMIZATION_APP_APK = "CtsCustomizationApp.apk"; 95 96 private static final String AUTOFILL_APP_PKG = "com.android.cts.devicepolicy.autofillapp"; 97 private static final String AUTOFILL_APP_APK = "CtsDevicePolicyAutofillApp.apk"; 98 99 protected static final String ASSIST_APP_PKG = "com.android.cts.devicepolicy.assistapp"; 100 protected static final String ASSIST_APP_APK = "CtsDevicePolicyAssistApp.apk"; 101 102 private static final String ENABLED_NOTIFICATION_POLICY_ACCESS_PACKAGES 103 = "enabled_notification_policy_access_packages"; 104 105 protected static final String ASSIST_INTERACTION_SERVICE = 106 ASSIST_APP_PKG + "/.MyInteractionService"; 107 108 // ID of the user all tests are run as. For device owner this will be the primary user, for 109 // profile owner it is the user id of the created profile. 110 protected int mUserId; 111 112 @Override tearDown()113 protected void tearDown() throws Exception { 114 if (mHasFeature) { 115 getDevice().uninstallPackage(DEVICE_ADMIN_PKG); 116 getDevice().uninstallPackage(PERMISSIONS_APP_PKG); 117 getDevice().uninstallPackage(SIMPLE_PRE_M_APP_PKG); 118 getDevice().uninstallPackage(APP_RESTRICTIONS_TARGET_APP_PKG); 119 getDevice().uninstallPackage(CERT_INSTALLER_PKG); 120 getDevice().uninstallPackage(DELEGATE_APP_PKG); 121 getDevice().uninstallPackage(ACCOUNT_MANAGEMENT_PKG); 122 getDevice().uninstallPackage(VPN_APP_PKG); 123 getDevice().uninstallPackage(INTENT_RECEIVER_PKG); 124 getDevice().uninstallPackage(INTENT_SENDER_PKG); 125 getDevice().uninstallPackage(CUSTOMIZATION_APP_PKG); 126 getDevice().uninstallPackage(AUTOFILL_APP_APK); 127 getDevice().uninstallPackage(TEST_APP_PKG); 128 129 // Press the HOME key to close any alart dialog that may be shown. 130 getDevice().executeShellCommand("input keyevent 3"); 131 } 132 super.tearDown(); 133 } 134 testCaCertManagement()135 public void testCaCertManagement() throws Exception { 136 if (!mHasFeature) { 137 return; 138 } 139 executeDeviceTestClass(".CaCertManagementTest"); 140 } 141 testApplicationRestrictions()142 public void testApplicationRestrictions() throws Exception { 143 if (!mHasFeature) { 144 return; 145 } 146 147 installAppAsUser(DELEGATE_APP_APK, mUserId); 148 installAppAsUser(APP_RESTRICTIONS_TARGET_APP_APK, mUserId); 149 150 try { 151 // Only the DPC can manage app restrictions by default. 152 executeDeviceTestClass(".ApplicationRestrictionsTest"); 153 executeAppRestrictionsManagingPackageTest("testCannotAccessApis"); 154 155 // Letting the DELEGATE_APP_PKG manage app restrictions too. 156 changeApplicationRestrictionsManagingPackage(DELEGATE_APP_PKG); 157 executeAppRestrictionsManagingPackageTest("testCanAccessApis"); 158 runDeviceTestsAsUser(DELEGATE_APP_PKG, ".GeneralDelegateTest", 159 "testSettingAdminComponentNameThrowsException", mUserId); 160 161 // The DPC should still be able to manage app restrictions normally. 162 executeDeviceTestClass(".ApplicationRestrictionsTest"); 163 164 // The app shouldn't be able to manage app restrictions for other users. 165 int parentUserId = getPrimaryUser(); 166 if (parentUserId != mUserId) { 167 installAppAsUser(DELEGATE_APP_APK, parentUserId); 168 installAppAsUser(APP_RESTRICTIONS_TARGET_APP_APK, parentUserId); 169 runDeviceTestsAsUser(DELEGATE_APP_PKG, ".AppRestrictionsDelegateTest", 170 "testCannotAccessApis", parentUserId); 171 } 172 173 // Revoking the permission for DELEGAYE_APP_PKG to manage restrictions. 174 changeApplicationRestrictionsManagingPackage(null); 175 executeAppRestrictionsManagingPackageTest("testCannotAccessApis"); 176 177 // The DPC should still be able to manage app restrictions normally. 178 executeDeviceTestClass(".ApplicationRestrictionsTest"); 179 } finally { 180 changeApplicationRestrictionsManagingPackage(null); 181 } 182 } 183 testDelegation()184 public void testDelegation() throws Exception { 185 if (!mHasFeature) { 186 return; 187 } 188 189 final String delegationTests[] = { 190 ".AppRestrictionsDelegateTest", 191 ".CertInstallDelegateTest", 192 ".BlockUninstallDelegateTest" 193 }; 194 195 // Set a device lockscreen password (precondition for installing private key pairs). 196 changeUserCredential("1234", null, mPrimaryUserId); 197 198 // Install relevant apps. 199 installAppAsUser(DELEGATE_APP_APK, mUserId); 200 installAppAsUser(TEST_APP_APK, mUserId); 201 installAppAsUser(APP_RESTRICTIONS_TARGET_APP_APK, mUserId); 202 203 try { 204 // APIs are not accessible by default. 205 executeDelegationTests(delegationTests, false /* negative result */); 206 207 // Granting the appropriate delegation scopes makes APIs accessible. 208 setDelegatedScopes(DELEGATE_APP_PKG, Arrays.asList( 209 DELEGATION_APP_RESTRICTIONS, 210 DELEGATION_CERT_INSTALL, 211 DELEGATION_BLOCK_UNINSTALL)); 212 runDeviceTestsAsUser(DELEGATE_APP_PKG, ".GeneralDelegateTest", mUserId); 213 executeDelegationTests(delegationTests, true /* positive result */); 214 215 // APIs are not accessible after revoking delegations. 216 setDelegatedScopes(DELEGATE_APP_PKG, null); 217 executeDelegationTests(delegationTests, false /* negative result */); 218 219 // Additional delegation tests. 220 executeDeviceTestClass(".DelegationTest"); 221 222 } finally { 223 // Clear lockscreen password previously set for installing private key pairs (DO only). 224 changeUserCredential(null, "1234", mPrimaryUserId); 225 // Remove any remaining delegations. 226 setDelegatedScopes(DELEGATE_APP_PKG, null); 227 } 228 } 229 testPermissionGrant()230 public void testPermissionGrant() throws Exception { 231 if (!mHasFeature) { 232 return; 233 } 234 installAppPermissionAppAsUser(); 235 executeDeviceTestMethod(".PermissionsTest", "testPermissionGrantState"); 236 } 237 238 /** 239 * Require a device for tests that use the network stack. Headless Androids running in 240 * data centres might need their network rules un-tampered-with in order to keep the ADB / VNC 241 * connection alive. 242 * 243 * This is only a problem on device owner / profile owner running on USER_SYSTEM, because 244 * network rules for this user will affect UID 0. 245 */ 246 @RequiresDevice testAlwaysOnVpn()247 public void testAlwaysOnVpn() throws Exception { 248 if (!mHasFeature) { 249 return; 250 } 251 installAppAsUser(VPN_APP_APK, mUserId); 252 executeDeviceTestClass(".AlwaysOnVpnTest"); 253 } 254 255 @RequiresDevice testAlwaysOnVpnLockDown()256 public void testAlwaysOnVpnLockDown() throws Exception { 257 if (!mHasFeature) { 258 return; 259 } 260 261 installAppAsUser(VPN_APP_APK, mUserId); 262 try { 263 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testAlwaysOnSet"); 264 forceStopPackageForUser(VPN_APP_PKG, mUserId); 265 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testNetworkBlocked"); 266 } finally { 267 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testCleanup"); 268 } 269 } 270 271 @RequiresDevice testAlwaysOnVpnPackageUninstalled()272 public void testAlwaysOnVpnPackageUninstalled() throws Exception { 273 if (!mHasFeature) { 274 return; 275 } 276 277 installAppAsUser(VPN_APP_APK, mUserId); 278 try { 279 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testAlwaysOnSet"); 280 getDevice().uninstallPackage(VPN_APP_PKG); 281 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testAlwaysOnVpnDisabled"); 282 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testSetNonExistingPackage"); 283 } finally { 284 executeDeviceTestMethod(".AlwaysOnVpnMultiStageTest", "testCleanup"); 285 } 286 } 287 testPermissionPolicy()288 public void testPermissionPolicy() throws Exception { 289 if (!mHasFeature) { 290 return; 291 } 292 installAppPermissionAppAsUser(); 293 executeDeviceTestMethod(".PermissionsTest", "testPermissionPolicy"); 294 } 295 testPermissionMixedPolicies()296 public void testPermissionMixedPolicies() throws Exception { 297 if (!mHasFeature) { 298 return; 299 } 300 installAppPermissionAppAsUser(); 301 executeDeviceTestMethod(".PermissionsTest", "testPermissionMixedPolicies"); 302 } 303 304 // Test flakey; suppressed. 305 // public void testPermissionPrompts() throws Exception { 306 // if (!mHasFeature) { 307 // return; 308 // } 309 // installAppPermissionAppAsUser(); 310 // executeDeviceTestMethod(".PermissionsTest", "testPermissionPrompts"); 311 // } 312 testPermissionAppUpdate()313 public void testPermissionAppUpdate() throws Exception { 314 if (!mHasFeature) { 315 return; 316 } 317 installAppPermissionAppAsUser(); 318 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_setDeniedState"); 319 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkDenied"); 320 installAppPermissionAppAsUser(); 321 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkDenied"); 322 323 assertNull(getDevice().uninstallPackage(PERMISSIONS_APP_PKG)); 324 installAppPermissionAppAsUser(); 325 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_setGrantedState"); 326 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkGranted"); 327 installAppPermissionAppAsUser(); 328 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkGranted"); 329 330 assertNull(getDevice().uninstallPackage(PERMISSIONS_APP_PKG)); 331 installAppPermissionAppAsUser(); 332 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_setAutoDeniedPolicy"); 333 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkDenied"); 334 installAppPermissionAppAsUser(); 335 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkDenied"); 336 337 assertNull(getDevice().uninstallPackage(PERMISSIONS_APP_PKG)); 338 installAppPermissionAppAsUser(); 339 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_setAutoGrantedPolicy"); 340 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkGranted"); 341 installAppPermissionAppAsUser(); 342 executeDeviceTestMethod(".PermissionsTest", "testPermissionUpdate_checkGranted"); 343 } 344 testPermissionGrantPreMApp()345 public void testPermissionGrantPreMApp() throws Exception { 346 if (!mHasFeature) { 347 return; 348 } 349 installAppAsUser(SIMPLE_PRE_M_APP_APK, mUserId); 350 executeDeviceTestMethod(".PermissionsTest", "testPermissionGrantStatePreMApp"); 351 } 352 testPersistentIntentResolving()353 public void testPersistentIntentResolving() throws Exception { 354 if (!mHasFeature) { 355 return; 356 } 357 executeDeviceTestClass(".PersistentIntentResolvingTest"); 358 } 359 testScreenCaptureDisabled()360 public void testScreenCaptureDisabled() throws Exception { 361 if (!mHasFeature) { 362 return; 363 } 364 // We need to ensure that the policy is deactivated for the device owner case, so making 365 // sure the second test is run even if the first one fails 366 try { 367 setScreenCaptureDisabled(mUserId, true); 368 } finally { 369 setScreenCaptureDisabled(mUserId, false); 370 } 371 } 372 testScreenCaptureDisabled_assist()373 public void testScreenCaptureDisabled_assist() throws Exception { 374 if (!mHasFeature) { 375 return; 376 } 377 try { 378 // Install and enable assistant, notice that profile can't have assistant. 379 installAppAsUser(ASSIST_APP_APK, mPrimaryUserId); 380 setVoiceInteractionService(ASSIST_INTERACTION_SERVICE); 381 setScreenCaptureDisabled_assist(mUserId, true /* disabled */); 382 } finally { 383 setScreenCaptureDisabled_assist(mUserId, false /* disabled */); 384 clearVoiceInteractionService(); 385 } 386 } 387 testSupportMessage()388 public void testSupportMessage() throws Exception { 389 if (!mHasFeature) { 390 return; 391 } 392 executeDeviceTestClass(".SupportMessageTest"); 393 } 394 testApplicationHidden()395 public void testApplicationHidden() throws Exception { 396 if (!mHasFeature) { 397 return; 398 } 399 installAppPermissionAppAsUser(); 400 executeDeviceTestClass(".ApplicationHiddenTest"); 401 } 402 testAccountManagement_deviceAndProfileOwnerAlwaysAllowed()403 public void testAccountManagement_deviceAndProfileOwnerAlwaysAllowed() throws Exception { 404 if (!mHasFeature) { 405 return; 406 } 407 408 installAppAsUser(ACCOUNT_MANAGEMENT_APK, mUserId); 409 executeDeviceTestClass(".DpcAllowedAccountManagementTest"); 410 } 411 testAccountManagement_userRestrictionAddAccount()412 public void testAccountManagement_userRestrictionAddAccount() throws Exception { 413 if (!mHasFeature) { 414 return; 415 } 416 417 installAppAsUser(ACCOUNT_MANAGEMENT_APK, mUserId); 418 try { 419 changeUserRestrictionOrFail(DISALLOW_MODIFY_ACCOUNTS, true, mUserId); 420 executeAccountTest("testAddAccount_blocked"); 421 } finally { 422 // Ensure we clear the user restriction 423 changeUserRestrictionOrFail(DISALLOW_MODIFY_ACCOUNTS, false, mUserId); 424 } 425 executeAccountTest("testAddAccount_allowed"); 426 } 427 testAccountManagement_userRestrictionRemoveAccount()428 public void testAccountManagement_userRestrictionRemoveAccount() throws Exception { 429 if (!mHasFeature) { 430 return; 431 } 432 433 installAppAsUser(ACCOUNT_MANAGEMENT_APK, mUserId); 434 try { 435 changeUserRestrictionOrFail(DISALLOW_MODIFY_ACCOUNTS, true, mUserId); 436 executeAccountTest("testRemoveAccount_blocked"); 437 } finally { 438 // Ensure we clear the user restriction 439 changeUserRestrictionOrFail(DISALLOW_MODIFY_ACCOUNTS, false, mUserId); 440 } 441 executeAccountTest("testRemoveAccount_allowed"); 442 } 443 testAccountManagement_disabledAddAccount()444 public void testAccountManagement_disabledAddAccount() throws Exception { 445 if (!mHasFeature) { 446 return; 447 } 448 449 installAppAsUser(ACCOUNT_MANAGEMENT_APK, mUserId); 450 try { 451 changeAccountManagement(COMMAND_BLOCK_ACCOUNT_TYPE, ACCOUNT_TYPE, mUserId); 452 executeAccountTest("testAddAccount_blocked"); 453 } finally { 454 // Ensure we remove account management policies 455 changeAccountManagement(COMMAND_UNBLOCK_ACCOUNT_TYPE, ACCOUNT_TYPE, mUserId); 456 } 457 executeAccountTest("testAddAccount_allowed"); 458 } 459 testAccountManagement_disabledRemoveAccount()460 public void testAccountManagement_disabledRemoveAccount() throws Exception { 461 if (!mHasFeature) { 462 return; 463 } 464 465 installAppAsUser(ACCOUNT_MANAGEMENT_APK, mUserId); 466 try { 467 changeAccountManagement(COMMAND_BLOCK_ACCOUNT_TYPE, ACCOUNT_TYPE, mUserId); 468 executeAccountTest("testRemoveAccount_blocked"); 469 } finally { 470 // Ensure we remove account management policies 471 changeAccountManagement(COMMAND_UNBLOCK_ACCOUNT_TYPE, ACCOUNT_TYPE, mUserId); 472 } 473 executeAccountTest("testRemoveAccount_allowed"); 474 } 475 testDelegatedCertInstaller()476 public void testDelegatedCertInstaller() throws Exception { 477 if (!mHasFeature) { 478 return; 479 } 480 481 installAppAsUser(CERT_INSTALLER_APK, mUserId); 482 483 boolean isManagedProfile = (mPrimaryUserId != mUserId); 484 485 try { 486 // Set a non-empty device lockscreen password, which is a precondition for installing 487 // private key pairs. 488 changeUserCredential("1234", null, mUserId); 489 490 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DelegatedCertInstallerTest", mUserId); 491 } finally { 492 if (!isManagedProfile) { 493 // Skip managed profile as dpm doesn't allow clear password 494 changeUserCredential(null, "1234", mUserId); 495 } 496 } 497 } 498 499 // Sets restrictions and launches non-admin app, that tries to set wallpaper. 500 // Non-admin apps must not violate any user restriction. testSetWallpaper_disallowed()501 public void testSetWallpaper_disallowed() throws Exception { 502 // UserManager.DISALLOW_SET_WALLPAPER 503 final String DISALLOW_SET_WALLPAPER = "no_set_wallpaper"; 504 if (!mHasFeature) { 505 return; 506 } 507 508 installAppAsUser(CUSTOMIZATION_APP_APK, mUserId); 509 try { 510 changeUserRestrictionOrFail(DISALLOW_SET_WALLPAPER, true, mUserId); 511 runDeviceTestsAsUser(CUSTOMIZATION_APP_PKG, ".CustomizationTest", 512 "testSetWallpaper_disallowed", mUserId); 513 } finally { 514 changeUserRestrictionOrFail(DISALLOW_SET_WALLPAPER, false, mUserId); 515 } 516 } 517 518 // Runs test with admin privileges. The test methods set all the tested restrictions 519 // inside. But these restrictions must have no effect on the device/profile owner behavior. testDisallowSetWallpaper_allowed()520 public void testDisallowSetWallpaper_allowed() throws Exception { 521 if (!mHasFeature) { 522 return; 523 } 524 executeDeviceTestMethod(".CustomizationRestrictionsTest", 525 "testDisallowSetWallpaper_allowed"); 526 } 527 testDisallowSetUserIcon_allowed()528 public void testDisallowSetUserIcon_allowed() throws Exception { 529 if (!mHasFeature) { 530 return; 531 } 532 executeDeviceTestMethod(".CustomizationRestrictionsTest", 533 "testDisallowSetUserIcon_allowed"); 534 } 535 testDisallowAutofill_allowed()536 public void testDisallowAutofill_allowed() throws Exception { 537 if (!mHasFeature) { 538 return; 539 } 540 installAppAsUser(AUTOFILL_APP_APK, mUserId); 541 542 executeDeviceTestMethod(".AutofillRestrictionsTest", 543 "testDisallowAutofill_allowed"); 544 } 545 testPackageInstallUserRestrictions()546 public void testPackageInstallUserRestrictions() throws Exception { 547 if (!mHasFeature) { 548 return; 549 } 550 boolean mIsWatch = hasDeviceFeature("android.hardware.type.watch"); 551 if (mIsWatch) { 552 return; 553 } 554 // UserManager.DISALLOW_INSTALL_UNKNOWN_SOURCES 555 final String DISALLOW_INSTALL_UNKNOWN_SOURCES = "no_install_unknown_sources"; 556 final String PACKAGE_VERIFIER_USER_CONSENT_SETTING = "package_verifier_user_consent"; 557 final String PACKAGE_VERIFIER_ENABLE_SETTING = "package_verifier_enable"; 558 final String SECURE_SETTING_CATEGORY = "secure"; 559 final String GLOBAL_SETTING_CATEGORY = "global"; 560 CompatibilityBuildHelper buildHelper = new CompatibilityBuildHelper(mCtsBuild); 561 final File apk = buildHelper.getTestFile(TEST_APP_APK); 562 String packageVerifierEnableSetting = null; 563 String packageVerifierUserConsentSetting = null; 564 try { 565 // Install the test and prepare the test apk. 566 installAppAsUser(PACKAGE_INSTALLER_APK, mUserId); 567 assertTrue(getDevice().pushFile(apk, TEST_APP_LOCATION + apk.getName())); 568 setInstallPackageAppOps(PACKAGE_INSTALLER_PKG, true, mUserId); 569 570 // Add restrictions and test if we can install the apk. 571 getDevice().uninstallPackage(TEST_APP_PKG); 572 changeUserRestrictionOrFail(DISALLOW_INSTALL_UNKNOWN_SOURCES, true, mUserId); 573 runDeviceTestsAsUser(PACKAGE_INSTALLER_PKG, ".ManualPackageInstallTest", 574 "testManualInstallBlocked", mUserId); 575 576 // Clear restrictions and test if we can install the apk. 577 changeUserRestrictionOrFail(DISALLOW_INSTALL_UNKNOWN_SOURCES, false, mUserId); 578 579 // Disable verifier. 580 packageVerifierUserConsentSetting = getSettings(SECURE_SETTING_CATEGORY, 581 PACKAGE_VERIFIER_USER_CONSENT_SETTING, mUserId); 582 packageVerifierEnableSetting = getSettings(GLOBAL_SETTING_CATEGORY, 583 PACKAGE_VERIFIER_ENABLE_SETTING, mUserId); 584 585 putSettings(SECURE_SETTING_CATEGORY, PACKAGE_VERIFIER_USER_CONSENT_SETTING, "-1", 586 mUserId); 587 putSettings(GLOBAL_SETTING_CATEGORY, PACKAGE_VERIFIER_ENABLE_SETTING, "0", mUserId); 588 // Skip verifying above setting values as some of them may be overrided. 589 runDeviceTestsAsUser(PACKAGE_INSTALLER_PKG, ".ManualPackageInstallTest", 590 "testManualInstallSucceeded", mUserId); 591 } finally { 592 setInstallPackageAppOps(PACKAGE_INSTALLER_PKG, false, mUserId); 593 String command = "rm " + TEST_APP_LOCATION + apk.getName(); 594 getDevice().executeShellCommand(command); 595 getDevice().uninstallPackage(TEST_APP_PKG); 596 getDevice().uninstallPackage(PACKAGE_INSTALLER_PKG); 597 if (packageVerifierEnableSetting != null) { 598 putSettings(GLOBAL_SETTING_CATEGORY, PACKAGE_VERIFIER_ENABLE_SETTING, 599 packageVerifierEnableSetting, mUserId); 600 } 601 if (packageVerifierUserConsentSetting != null) { 602 putSettings(SECURE_SETTING_CATEGORY, PACKAGE_VERIFIER_USER_CONSENT_SETTING, 603 packageVerifierUserConsentSetting, mUserId); 604 } 605 } 606 } 607 testAudioRestriction()608 public void testAudioRestriction() throws Exception { 609 if (!mHasFeature) { 610 return; 611 } 612 // This package may need to toggle zen mode for this test, so allow it to do so. 613 allowNotificationPolicyAccess(DEVICE_ADMIN_PKG, mUserId); 614 try { 615 executeDeviceTestClass(".AudioRestrictionTest"); 616 } finally { 617 disallowNotificationPolicyAccess(DEVICE_ADMIN_PKG, mUserId); 618 } 619 } 620 testSuspendPackage()621 public void testSuspendPackage() throws Exception { 622 if (!mHasFeature) { 623 return; 624 } 625 installAppAsUser(INTENT_SENDER_APK, mUserId); 626 installAppAsUser(INTENT_RECEIVER_APK, mUserId); 627 // Suspend a testing package. 628 executeDeviceTestMethod(".SuspendPackageTest", "testSetPackagesSuspended"); 629 // Verify that the package is suspended. 630 executeSuspendPackageTestMethod("testPackageSuspended"); 631 // Undo the suspend. 632 executeDeviceTestMethod(".SuspendPackageTest", "testSetPackagesNotSuspended"); 633 // Verify that the package is not suspended. 634 executeSuspendPackageTestMethod("testPackageNotSuspended"); 635 // Verify we cannot suspend not suspendable packages. 636 executeDeviceTestMethod(".SuspendPackageTest", "testSuspendNotSuspendablePackages"); 637 } 638 testTrustAgentInfo()639 public void testTrustAgentInfo() throws Exception { 640 if (!mHasFeature) { 641 return; 642 } 643 executeDeviceTestClass(".TrustAgentInfoTest"); 644 } 645 testCannotRemoveUserIfRestrictionSet()646 public void testCannotRemoveUserIfRestrictionSet() throws Exception { 647 // Outside of the primary user, setting DISALLOW_REMOVE_USER would not work. 648 if (!mHasFeature || !canCreateAdditionalUsers(1) || mUserId != getPrimaryUser()) { 649 return; 650 } 651 final int userId = createUser(); 652 try { 653 changeUserRestrictionOrFail(DISALLOW_REMOVE_USER, true, mUserId); 654 assertFalse(getDevice().removeUser(userId)); 655 } finally { 656 changeUserRestrictionOrFail(DISALLOW_REMOVE_USER, false, mUserId); 657 assertTrue(getDevice().removeUser(userId)); 658 } 659 } 660 testCannotEnableOrDisableDeviceOwnerOrProfileOwner()661 public void testCannotEnableOrDisableDeviceOwnerOrProfileOwner() throws Exception { 662 if (!mHasFeature) { 663 return; 664 } 665 // Try to disable a component in device owner/ profile owner. 666 String result = disableComponentOrPackage( 667 mUserId, DEVICE_ADMIN_PKG + "/.SetPolicyActivity"); 668 assertTrue("Should throw SecurityException", 669 result.contains("java.lang.SecurityException")); 670 // Try to disable the device owner/ profile owner package. 671 result = disableComponentOrPackage(mUserId, DEVICE_ADMIN_PKG); 672 assertTrue("Should throw SecurityException", 673 result.contains("java.lang.SecurityException")); 674 // Try to enable a component in device owner/ profile owner. 675 result = enableComponentOrPackage( 676 mUserId, DEVICE_ADMIN_PKG + "/.SetPolicyActivity"); 677 assertTrue("Should throw SecurityException", 678 result.contains("java.lang.SecurityException")); 679 // Try to enable the device owner/ profile owner package. 680 result = enableComponentOrPackage(mUserId, DEVICE_ADMIN_PKG); 681 assertTrue("Should throw SecurityException", 682 result.contains("java.lang.SecurityException")); 683 684 } 685 testRequiredStrongAuthTimeout()686 public void testRequiredStrongAuthTimeout() throws Exception { 687 if (!mHasFeature) { 688 return; 689 } 690 executeDeviceTestClass(".RequiredStrongAuthTimeoutTest"); 691 } 692 testCreateAdminSupportIntent()693 public void testCreateAdminSupportIntent() throws Exception { 694 if (!mHasFeature) { 695 return; 696 } 697 executeDeviceTestClass(".PolicyTransparencyTest"); 698 } 699 testResetPasswordWithToken()700 public void testResetPasswordWithToken() throws Exception { 701 if (!mHasFeature) { 702 return; 703 } 704 executeDeviceTestMethod(".ResetPasswordWithTokenTest", "testResetPasswordWithToken"); 705 } 706 executeDeviceTestClass(String className)707 protected void executeDeviceTestClass(String className) throws Exception { 708 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, className, mUserId); 709 } 710 executeDeviceTestMethod(String className, String testName)711 protected void executeDeviceTestMethod(String className, String testName) throws Exception { 712 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, className, testName, mUserId); 713 } 714 installAppPermissionAppAsUser()715 private void installAppPermissionAppAsUser() 716 throws FileNotFoundException, DeviceNotAvailableException { 717 installAppAsUser(PERMISSIONS_APP_APK, false, mUserId); 718 } 719 executeSuspendPackageTestMethod(String testName)720 private void executeSuspendPackageTestMethod(String testName) throws Exception { 721 runDeviceTestsAsUser(INTENT_SENDER_PKG, ".SuspendPackageTest", 722 testName, mUserId); 723 } 724 executeAccountTest(String testName)725 private void executeAccountTest(String testName) throws DeviceNotAvailableException { 726 runDeviceTestsAsUser(ACCOUNT_MANAGEMENT_PKG, ".AccountManagementTest", 727 testName, mUserId); 728 // Send a home intent to dismiss an error dialog. 729 String command = "am start -a android.intent.action.MAIN" 730 + " -c android.intent.category.HOME"; 731 CLog.i("Output for command " + command + ": " + getDevice().executeShellCommand(command)); 732 } 733 executeAppRestrictionsManagingPackageTest(String testName)734 private void executeAppRestrictionsManagingPackageTest(String testName) throws Exception { 735 runDeviceTestsAsUser(DELEGATE_APP_PKG, 736 ".AppRestrictionsDelegateTest", testName, mUserId); 737 } 738 executeDelegationTests(String[] delegationTests, boolean positive)739 private void executeDelegationTests(String[] delegationTests, boolean positive) 740 throws Exception { 741 for (String delegationTestClass : delegationTests) { 742 runDeviceTestsAsUser(DELEGATE_APP_PKG, delegationTestClass, 743 positive ? "testCanAccessApis" : "testCannotAccessApis", mUserId); 744 } 745 } 746 changeUserRestrictionOrFail(String key, boolean value, int userId)747 private void changeUserRestrictionOrFail(String key, boolean value, int userId) 748 throws DeviceNotAvailableException { 749 changeUserRestrictionOrFail(key, value, userId, DEVICE_ADMIN_PKG); 750 } 751 changeAccountManagement(String command, String accountType, int userId)752 private void changeAccountManagement(String command, String accountType, int userId) 753 throws DeviceNotAvailableException { 754 changePolicyOrFail(command, "--es extra-account-type " + accountType, userId); 755 } 756 changeApplicationRestrictionsManagingPackage(String packageName)757 private void changeApplicationRestrictionsManagingPackage(String packageName) 758 throws DeviceNotAvailableException { 759 String packageNameExtra = (packageName != null) 760 ? "--es extra-package-name " + packageName : ""; 761 changePolicyOrFail("set-app-restrictions-manager", packageNameExtra, mUserId); 762 } 763 setDelegatedScopes(String packageName, List<String> scopes)764 private void setDelegatedScopes(String packageName, List<String> scopes) 765 throws DeviceNotAvailableException { 766 final String packageNameExtra = "--es extra-package-name " + packageName; 767 String scopesExtra = ""; 768 if (scopes != null && scopes.size() > 0) { 769 scopesExtra = "--esa extra-scopes-list " + scopes.get(0); 770 for (int i = 1; i < scopes.size(); ++i) { 771 scopesExtra += "," + scopes.get(i); 772 } 773 } 774 final String extras = packageNameExtra + " " + scopesExtra; 775 776 changePolicyOrFail("set-delegated-scopes", extras, mUserId); 777 } 778 setInstallPackageAppOps(String packageName, boolean allowed, int userId)779 private void setInstallPackageAppOps(String packageName, boolean allowed, int userId) 780 throws DeviceNotAvailableException { 781 String command = "appops set --user " + userId + " " + packageName + " " + 782 "REQUEST_INSTALL_PACKAGES " 783 + (allowed ? "allow" : "default"); 784 CLog.d("Output for command " + command + ": " + getDevice().executeShellCommand(command)); 785 } 786 changePolicyOrFail(String command, String extras, int userId)787 private void changePolicyOrFail(String command, String extras, int userId) 788 throws DeviceNotAvailableException { 789 changePolicyOrFail(command, extras, userId, DEVICE_ADMIN_PKG); 790 } 791 792 /** 793 * Start SimpleActivity synchronously in a particular user. 794 */ startSimpleActivityAsUser(int userId)795 protected void startSimpleActivityAsUser(int userId) throws Exception { 796 installAppAsUser(TEST_APP_APK, userId); 797 wakeupAndDismissKeyguard(); 798 String command = "am start -W --user " + userId + " " + TEST_APP_PKG + "/" 799 + TEST_APP_PKG + ".SimpleActivity"; 800 getDevice().executeShellCommand(command); 801 } 802 setScreenCaptureDisabled(int userId, boolean disabled)803 protected void setScreenCaptureDisabled(int userId, boolean disabled) throws Exception { 804 String testMethodName = disabled 805 ? "testSetScreenCaptureDisabled_true" 806 : "testSetScreenCaptureDisabled_false"; 807 executeDeviceTestMethod(".ScreenCaptureDisabledTest", testMethodName); 808 startSimpleActivityAsUser(userId); 809 testMethodName = disabled 810 ? "testScreenCaptureImpossible" 811 : "testScreenCapturePossible"; 812 executeDeviceTestMethod(".ScreenCaptureDisabledTest", testMethodName); 813 } 814 setScreenCaptureDisabled_assist(int userId, boolean disabled)815 protected void setScreenCaptureDisabled_assist(int userId, boolean disabled) throws Exception { 816 // Set the policy. 817 String testMethodName = disabled 818 ? "testSetScreenCaptureDisabled_true" 819 : "testSetScreenCaptureDisabled_false"; 820 executeDeviceTestMethod(".ScreenCaptureDisabledTest", testMethodName); 821 // Make sure the foreground activity is from the target user. 822 startSimpleActivityAsUser(userId); 823 // Check whether the VoiceInteractionService can retrieve the screenshot. 824 testMethodName = disabled 825 ? "testScreenCaptureImpossible_assist" 826 : "testScreenCapturePossible_assist"; 827 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 828 runDeviceTestsAsUser( 829 DEVICE_ADMIN_PKG, 830 ".AssistScreenCaptureDisabledTest", 831 testMethodName, 832 mPrimaryUserId); 833 } 834 835 /** 836 * Allows packageName to manage notification policy configuration, which 837 * includes toggling zen mode. 838 */ allowNotificationPolicyAccess(String packageName, int userId)839 private void allowNotificationPolicyAccess(String packageName, int userId) 840 throws DeviceNotAvailableException { 841 List<String> enabledPackages = getEnabledNotificationPolicyPackages(userId); 842 if (!enabledPackages.contains(packageName)) { 843 enabledPackages.add(packageName); 844 setEnabledNotificationPolicyPackages(enabledPackages, userId); 845 } 846 } 847 848 /** 849 * Disallows packageName to manage notification policy configuration, which 850 * includes toggling zen mode. 851 */ disallowNotificationPolicyAccess(String packageName, int userId)852 private void disallowNotificationPolicyAccess(String packageName, int userId) 853 throws DeviceNotAvailableException { 854 List<String> enabledPackages = getEnabledNotificationPolicyPackages(userId); 855 if (enabledPackages.contains(packageName)) { 856 enabledPackages.remove(packageName); 857 setEnabledNotificationPolicyPackages(enabledPackages, userId); 858 } 859 } 860 setEnabledNotificationPolicyPackages(List<String> packages, int userId)861 private void setEnabledNotificationPolicyPackages(List<String> packages, int userId) 862 throws DeviceNotAvailableException { 863 getDevice().setSetting(userId, "secure", ENABLED_NOTIFICATION_POLICY_ACCESS_PACKAGES, 864 String.join(":", packages)); 865 } 866 getEnabledNotificationPolicyPackages(int userId)867 private List<String> getEnabledNotificationPolicyPackages(int userId) 868 throws DeviceNotAvailableException { 869 String settingValue = getDevice().getSetting(userId, "secure", 870 ENABLED_NOTIFICATION_POLICY_ACCESS_PACKAGES); 871 if (settingValue == null) { 872 return new ArrayList<String>(); 873 } 874 return new ArrayList<String>(Arrays.asList(settingValue.split(":|\n"))); 875 } 876 setVoiceInteractionService(String componentName)877 protected void setVoiceInteractionService(String componentName) 878 throws DeviceNotAvailableException { 879 getDevice().setSetting( 880 mPrimaryUserId, "secure", "voice_interaction_service", componentName); 881 getDevice().setSetting(mPrimaryUserId, "secure", "assist_structure_enabled", "1"); 882 getDevice().setSetting(mPrimaryUserId, "secure", "assist_screenshot_enabled", "1"); 883 } 884 clearVoiceInteractionService()885 protected void clearVoiceInteractionService() throws DeviceNotAvailableException { 886 getDevice().executeShellCommand("settings delete secure voice_interaction_service"); 887 } 888 } 889