1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.devicepolicy; 18 19 import static com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.FEATURE_MANAGED_USERS; 20 21 import android.platform.test.annotations.FlakyTest; 22 import android.platform.test.annotations.LargeTest; 23 import android.stats.devicepolicy.EventId; 24 25 import com.android.cts.devicepolicy.DeviceAdminFeaturesCheckerRule.RequiresAdditionalFeatures; 26 import com.android.cts.devicepolicy.annotations.LockSettingsTest; 27 import com.android.cts.devicepolicy.annotations.PermissionsTest; 28 import com.android.cts.devicepolicy.metrics.DevicePolicyEventLogVerifier; 29 import com.android.cts.devicepolicy.metrics.DevicePolicyEventWrapper; 30 31 import org.junit.Test; 32 33 /** 34 * Set of tests for managed profile owner use cases that also apply to device owners. 35 * Tests that should be run identically in both cases are added in DeviceAndProfileOwnerTest. 36 */ 37 // We need managed users to be supported in order to create a profile of the user owner. 38 @RequiresAdditionalFeatures({FEATURE_MANAGED_USERS}) 39 public final class MixedManagedProfileOwnerTest extends DeviceAndProfileOwnerTest { 40 41 private static final String CLEAR_PROFILE_OWNER_NEGATIVE_TEST_CLASS = 42 DEVICE_ADMIN_PKG + ".ClearProfileOwnerNegativeTest"; 43 44 private static final String DELEGATION_NETWORK_LOGGING = "delegation-network-logging"; 45 46 private int mParentUserId = -1; 47 48 @Override setUp()49 public void setUp() throws Exception { 50 super.setUp(); 51 52 removeTestUsers(); 53 mParentUserId = mPrimaryUserId; 54 createManagedProfile(); 55 } 56 createManagedProfile()57 private void createManagedProfile() throws Exception { 58 mUserId = createManagedProfile(mParentUserId); 59 switchUser(mParentUserId); 60 startUserAndWait(mUserId); 61 62 installAppAsUser(DEVICE_ADMIN_APK, mUserId); 63 setProfileOwnerOrFail(DEVICE_ADMIN_PKG + "/" + ADMIN_RECEIVER_TEST_CLASS, mUserId); 64 startUserAndWait(mUserId); 65 } 66 67 @Override tearDown()68 public void tearDown() throws Exception { 69 removeUser(mUserId); 70 71 super.tearDown(); 72 } 73 74 // Most tests for this class are defined in DeviceAndProfileOwnerTest 75 76 @FlakyTest 77 @Test testScreenCaptureDisabled_assist_allowedPrimaryUser()78 public void testScreenCaptureDisabled_assist_allowedPrimaryUser() throws Exception { 79 // disable screen capture in profile 80 executeDeviceTestMethod(".ScreenCaptureDisabledTest", "testSetScreenCaptureDisabled_true"); 81 try { 82 // Install and enable assistant in personal side. 83 installAppAsUser(ASSIST_APP_APK, mParentUserId); 84 waitForBroadcastIdle(); 85 setVoiceInteractionService(ASSIST_INTERACTION_SERVICE); 86 87 // Start an activity in parent user. 88 installAppAsUser(DEVICE_ADMIN_APK, mParentUserId); 89 waitForBroadcastIdle(); 90 startSimpleActivityAsUser(mParentUserId); 91 92 // Verify assistant app can't take a screenshot. 93 runDeviceTestsAsUser( 94 DEVICE_ADMIN_PKG, 95 ".AssistScreenCaptureDisabledTest", 96 "testScreenCapturePossible_assist", 97 mPrimaryUserId); 98 } finally { 99 // enable screen capture in profile 100 executeDeviceTestMethod( 101 ".ScreenCaptureDisabledTest", 102 "testSetScreenCaptureDisabled_false"); 103 clearVoiceInteractionService(); 104 } 105 } 106 107 @Override 108 @Test testDisallowSetWallpaper_allowed()109 public void testDisallowSetWallpaper_allowed() throws Exception { 110 // Managed profile doesn't have wallpaper. 111 } 112 113 @Override 114 @Test testAudioRestriction()115 public void testAudioRestriction() throws Exception { 116 // DISALLOW_UNMUTE_MICROPHONE and DISALLOW_ADJUST_VOLUME can only be set by device owners 117 // and profile owners on the primary user. 118 } 119 120 @Test testSetGetPreferentialNetworkServiceStatus()121 public void testSetGetPreferentialNetworkServiceStatus() throws Exception { 122 executeDeviceTestMethod(".PreferentialNetworkServiceStatusTest", 123 "testGetSetPreferentialNetworkServiceStatus"); 124 } 125 126 @Test testSetPreferentialNetworkServiceStatusLogged()127 public void testSetPreferentialNetworkServiceStatusLogged() throws Exception { 128 DevicePolicyEventLogVerifier.assertMetricsLogged(getDevice(), () -> { 129 executeDeviceTestMethod(".DevicePolicyLoggingTest", 130 "testSetPreferentialNetworkServiceEnabledLogged"); 131 }, new DevicePolicyEventWrapper.Builder( 132 EventId.SET_PREFERENTIAL_NETWORK_SERVICE_ENABLED_VALUE) 133 .setBoolean(true) 134 .build(), 135 new DevicePolicyEventWrapper.Builder( 136 EventId.SET_PREFERENTIAL_NETWORK_SERVICE_ENABLED_VALUE) 137 .setBoolean(false) 138 .build()); 139 } 140 141 /** VPN tests don't require physical device for managed profile, thus overriding. */ 142 @FlakyTest 143 @Override 144 @Test testAlwaysOnVpn()145 public void testAlwaysOnVpn() throws Exception { 146 super.testAlwaysOnVpn(); 147 } 148 149 /** VPN tests don't require physical device for managed profile, thus overriding. */ 150 @Override 151 @Test testAlwaysOnVpnLockDown()152 public void testAlwaysOnVpnLockDown() throws Exception { 153 super.testAlwaysOnVpnLockDown(); 154 } 155 156 /** VPN tests don't require physical device for managed profile, thus overriding. */ 157 @Override 158 @LargeTest 159 @Test testAlwaysOnVpnAcrossReboot()160 public void testAlwaysOnVpnAcrossReboot() throws Exception { 161 super.testAlwaysOnVpnAcrossReboot(); 162 } 163 164 /** VPN tests don't require physical device for managed profile, thus overriding. */ 165 @Override 166 @Test testAlwaysOnVpnPackageUninstalled()167 public void testAlwaysOnVpnPackageUninstalled() throws Exception { 168 super.testAlwaysOnVpnPackageUninstalled(); 169 } 170 171 /** VPN tests don't require physical device for managed profile, thus overriding. */ 172 @Override 173 @Test testAlwaysOnVpnUnsupportedPackage()174 public void testAlwaysOnVpnUnsupportedPackage() throws Exception { 175 super.testAlwaysOnVpnUnsupportedPackage(); 176 } 177 178 /** VPN tests don't require physical device for managed profile, thus overriding. */ 179 @Override 180 @Test testAlwaysOnVpnUnsupportedPackageReplaced()181 public void testAlwaysOnVpnUnsupportedPackageReplaced() throws Exception { 182 super.testAlwaysOnVpnUnsupportedPackageReplaced(); 183 } 184 185 @Override 186 @Test testSetSystemSetting()187 public void testSetSystemSetting() { 188 // Managed profile owner cannot set currently allowlisted system settings. 189 } 190 191 @Test testCannotClearProfileOwner()192 public void testCannotClearProfileOwner() throws Exception { 193 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, CLEAR_PROFILE_OWNER_NEGATIVE_TEST_CLASS, mUserId); 194 } 195 196 @Test testDelegatedCertInstallerDeviceIdAttestation()197 public void testDelegatedCertInstallerDeviceIdAttestation() throws Exception { 198 setUpDelegatedCertInstallerAndRunTests(() -> { 199 runDeviceTestsAsUser("com.android.cts.certinstaller", 200 ".DelegatedDeviceIdAttestationTest", 201 "testGenerateKeyPairWithDeviceIdAttestationExpectingFailure", mUserId); 202 // Positive test case lives in 203 // OrgOwnedProfileOwnerTest#testDelegatedCertInstallerDeviceIdAttestation 204 }); 205 } 206 207 @Test testDeviceIdAttestationForProfileOwner()208 public void testDeviceIdAttestationForProfileOwner() throws Exception { 209 // Test that Device ID attestation for the profile owner does not work without grant. 210 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".DeviceIdAttestationTest", 211 "testFailsWithoutProfileOwnerIdsGrant", mUserId); 212 // Positive test case lives in 213 // OrgOwnedProfileOwnerTest#testDeviceIdAttestationForProfileOwner 214 } 215 216 @Test 217 @Override testSetKeyguardDisabledSecureCameraLogged()218 public void testSetKeyguardDisabledSecureCameraLogged() { 219 // Managed profiles are not allowed to set keyguard disabled secure camera 220 } 221 222 @FlakyTest 223 @Override 224 @Test testDelegatedCertInstaller()225 public void testDelegatedCertInstaller() throws Exception { 226 super.testDelegatedCertInstaller(); 227 } 228 229 @FlakyTest 230 @Override 231 @Test testPackageInstallUserRestrictions()232 public void testPackageInstallUserRestrictions() throws Exception { 233 super.testPackageInstallUserRestrictions(); 234 } 235 236 @FlakyTest 237 @Override 238 @Test testScreenCaptureDisabled_assist()239 public void testScreenCaptureDisabled_assist() throws Exception { 240 super.testScreenCaptureDisabled_assist(); 241 } 242 243 @FlakyTest 244 @Override 245 @PermissionsTest 246 @Test testPermissionPolicy()247 public void testPermissionPolicy() throws Exception { 248 super.testPermissionPolicy(); 249 } 250 251 @FlakyTest 252 @Override 253 @Test testSetMeteredDataDisabledPackages()254 public void testSetMeteredDataDisabledPackages() throws Exception { 255 super.testSetMeteredDataDisabledPackages(); 256 } 257 258 @FlakyTest 259 @Override 260 @PermissionsTest 261 @Test testPermissionAppUpdate()262 public void testPermissionAppUpdate() throws Exception { 263 super.testPermissionAppUpdate(); 264 } 265 266 @Override 267 @PermissionsTest 268 @Test testPermissionGrantPreMApp()269 public void testPermissionGrantPreMApp() throws Exception { 270 super.testPermissionGrantPreMApp(); 271 } 272 273 @Override 274 @PermissionsTest 275 @Test testPermissionGrantOfDisallowedPermissionWhileOtherPermIsGranted()276 public void testPermissionGrantOfDisallowedPermissionWhileOtherPermIsGranted() 277 throws Exception { 278 super.testPermissionGrantOfDisallowedPermissionWhileOtherPermIsGranted(); 279 } 280 281 @Override 282 @Test testLockTaskAfterReboot()283 public void testLockTaskAfterReboot() { 284 // Managed profiles are not allowed to use lock task 285 } 286 287 @Override 288 @Test testLockTaskAfterReboot_tryOpeningSettings()289 public void testLockTaskAfterReboot_tryOpeningSettings() { 290 // Managed profiles are not allowed to use lock task 291 } 292 293 @Override 294 @LockSettingsTest 295 @Test testSecondaryLockscreen()296 public void testSecondaryLockscreen() throws Exception { 297 // Managed profiles cannot have secondary lockscreens set. 298 } 299 300 @Test testNetworkLogging()301 public void testNetworkLogging() throws Exception { 302 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 303 testNetworkLoggingOnWorkProfile(DEVICE_ADMIN_PKG, ".NetworkLoggingTest"); 304 } 305 306 @Test testNetworkLoggingDelegate()307 public void testNetworkLoggingDelegate() throws Exception { 308 installAppAsUser(DELEGATE_APP_APK, mUserId); 309 installAppAsUser(DEVICE_ADMIN_APK, mPrimaryUserId); 310 try { 311 runDeviceTestsAsUser(DELEGATE_APP_PKG, ".WorkProfileNetworkLoggingDelegateTest", 312 "testCannotAccessApis", mUserId); 313 // Set network logging delegate 314 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".NetworkLoggingTest", 315 "testSetDelegateScope_delegationNetworkLogging", mUserId); 316 317 testNetworkLoggingOnWorkProfile(DELEGATE_APP_PKG, 318 ".WorkProfileNetworkLoggingDelegateTest"); 319 } finally { 320 // Remove network logging delegate 321 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".NetworkLoggingTest", 322 "testSetDelegateScope_noDelegation", mUserId); 323 } 324 } 325 testNetworkLoggingOnWorkProfile(String packageName, String testClassName)326 private void testNetworkLoggingOnWorkProfile(String packageName, String testClassName) 327 throws Exception { 328 try { 329 // Turn network logging on. 330 runDeviceTestsAsUser(packageName, testClassName, 331 "testSetNetworkLogsEnabled_true", mUserId); 332 333 // Connect to websites from work profile, should be logged. 334 runDeviceTestsAsUser(packageName, testClassName, 335 "testConnectToWebsites_shouldBeLogged", mUserId); 336 // Connect to websites from personal profile, should not be logged. 337 runDeviceTestsAsUser(DEVICE_ADMIN_PKG, ".NetworkLoggingTest", 338 "testConnectToWebsites_shouldNotBeLogged", mPrimaryUserId); 339 340 // Verify all work profile network logs have been received. 341 runDeviceTestsAsUser(packageName, testClassName, 342 "testRetrieveNetworkLogs_forceNetworkLogs_receiveNetworkLogs", mUserId); 343 } finally { 344 // Turn network logging off. 345 runDeviceTestsAsUser(packageName, testClassName, 346 "testSetNetworkLogsEnabled_false", mUserId); 347 } 348 } 349 } 350