1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.trust.test 18 19 import android.content.pm.PackageManager 20 import android.platform.test.annotations.RequiresFlagsDisabled 21 import android.platform.test.annotations.RequiresFlagsEnabled 22 import android.platform.test.flag.junit.DeviceFlagsValueProvider 23 import android.service.trust.GrantTrustResult 24 import android.trust.BaseTrustAgentService 25 import android.trust.TrustTestActivity 26 import android.trust.test.lib.LockStateTrackingRule 27 import android.trust.test.lib.ScreenLockRule 28 import android.trust.test.lib.TrustAgentRule 29 import androidx.test.ext.junit.rules.ActivityScenarioRule 30 import androidx.test.ext.junit.runners.AndroidJUnit4 31 import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation 32 import androidx.test.uiautomator.UiDevice 33 import com.android.server.testutils.mock 34 import org.junit.Assume.assumeFalse 35 import org.junit.Before 36 import org.junit.Rule 37 import org.junit.Test 38 import org.junit.rules.RuleChain 39 import org.junit.runner.RunWith 40 import org.mockito.Mockito.verifyZeroInteractions 41 42 /** 43 * Test for testing revokeTrust & grantTrust for non-renewable trust. 44 * 45 * atest TrustTests:GrantAndRevokeTrustTest 46 */ 47 @RunWith(AndroidJUnit4::class) 48 class GrantAndRevokeTrustTest { 49 private val uiDevice = UiDevice.getInstance(getInstrumentation()) 50 private val activityScenarioRule = ActivityScenarioRule(TrustTestActivity::class.java) 51 private val lockStateTrackingRule = LockStateTrackingRule() 52 private val trustAgentRule = TrustAgentRule<GrantAndRevokeTrustAgent>() 53 private val packageManager = getInstrumentation().getTargetContext().getPackageManager() 54 55 @get:Rule 56 val rule: RuleChain = RuleChain 57 .outerRule(activityScenarioRule) 58 .around(ScreenLockRule()) 59 .around(lockStateTrackingRule) 60 .around(trustAgentRule) 61 .around(DeviceFlagsValueProvider.createCheckFlagsRule()) 62 63 @Before manageTrustnull64 fun manageTrust() { 65 trustAgentRule.agent.setManagingTrust(true) 66 } 67 68 // This test serves a baseline for Grant tests, verifying that the default behavior of the 69 // device is to lock when put to sleep 70 @Test sleepingDeviceWithoutGrantLocksDevicenull71 fun sleepingDeviceWithoutGrantLocksDevice() { 72 uiDevice.sleep() 73 74 lockStateTrackingRule.assertLocked() 75 } 76 77 @Test grantKeepsDeviceUnlockednull78 fun grantKeepsDeviceUnlocked() { 79 trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 10000, 0) {} 80 uiDevice.sleep() 81 82 lockStateTrackingRule.assertUnlockedAndTrusted() 83 } 84 85 @Test grantKeepsDeviceUnlocked_untilRevokednull86 fun grantKeepsDeviceUnlocked_untilRevoked() { 87 trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 0, 0) {} 88 await() 89 uiDevice.sleep() 90 trustAgentRule.agent.revokeTrust() 91 92 lockStateTrackingRule.assertLocked() 93 } 94 95 @Test 96 @RequiresFlagsEnabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) grantCannotActivelyUnlockDevicenull97 fun grantCannotActivelyUnlockDevice() { 98 // On automotive, trust agents can actively unlock the device. 99 assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) 100 101 // Lock the device. 102 uiDevice.sleep() 103 lockStateTrackingRule.assertLocked() 104 105 // Grant trust. 106 trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 10000, 0) {} 107 108 // The grant should not have unlocked the device. Wait a bit so that 109 // TrustManagerService probably will have finished processing the grant. 110 await() 111 lockStateTrackingRule.assertLocked() 112 113 // Turn the screen on and off to cause TrustManagerService to refresh 114 // its deviceLocked state. Then verify the state is still locked. This 115 // part failed before the fix for b/296464083. 116 uiDevice.wakeUp() 117 uiDevice.sleep() 118 await() 119 lockStateTrackingRule.assertLocked() 120 } 121 122 @Test 123 @RequiresFlagsDisabled(android.security.Flags.FLAG_FIX_UNLOCKED_DEVICE_REQUIRED_KEYS_V2) grantCouldCauseWrongDeviceLockedStateDueToBugnull124 fun grantCouldCauseWrongDeviceLockedStateDueToBug() { 125 // On automotive, trust agents can actively unlock the device. 126 assumeFalse(packageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) 127 128 // Verify that b/296464083 exists. That is, when the device is locked 129 // and a trust agent grants trust, the deviceLocked state incorrectly 130 // becomes false even though the device correctly remains locked. 131 uiDevice.sleep() 132 lockStateTrackingRule.assertLocked() 133 trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 10000, 0) {} 134 uiDevice.wakeUp() 135 uiDevice.sleep() 136 await() 137 lockStateTrackingRule.assertUnlockedButNotReally() 138 } 139 140 @Test grantDoesNotCallBacknull141 fun grantDoesNotCallBack() { 142 val callback = mock<(GrantTrustResult) -> Unit>() 143 trustAgentRule.agent.grantTrust(GRANT_MESSAGE, 0, 0, callback) 144 await() 145 146 verifyZeroInteractions(callback) 147 } 148 149 companion object { 150 private const val TAG = "GrantAndRevokeTrustTest" 151 private const val GRANT_MESSAGE = "granted by test" awaitnull152 private fun await() = Thread.sleep(250) 153 } 154 } 155 156 class GrantAndRevokeTrustAgent : BaseTrustAgentService() 157