1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.trust.test
18 
19 import android.service.trust.GrantTrustResult
20 import android.service.trust.GrantTrustResult.STATUS_UNLOCKED_BY_GRANT
21 import android.service.trust.TrustAgentService.FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE
22 import android.trust.BaseTrustAgentService
23 import android.trust.TrustTestActivity
24 import android.trust.test.lib.LockStateTrackingRule
25 import android.trust.test.lib.ScreenLockRule
26 import android.trust.test.lib.TrustAgentRule
27 import android.util.Log
28 import androidx.test.ext.junit.rules.ActivityScenarioRule
29 import androidx.test.ext.junit.runners.AndroidJUnit4
30 import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation
31 import androidx.test.uiautomator.UiDevice
32 import android.trust.test.lib.wait
33 import org.junit.Before
34 import org.junit.Rule
35 import org.junit.Test
36 import org.junit.rules.RuleChain
37 import org.junit.runner.RunWith
38 
39 /**
40  * Test for testing revokeTrust & grantTrust for renewable trust.
41  *
42  * atest TrustTests:TemporaryAndRenewableTrustTest
43  */
44 @RunWith(AndroidJUnit4::class)
45 class TemporaryAndRenewableTrustTest {
46     private val uiDevice = UiDevice.getInstance(getInstrumentation())
47     private val activityScenarioRule = ActivityScenarioRule(TrustTestActivity::class.java)
48     private val lockStateTrackingRule = LockStateTrackingRule()
49     private val trustAgentRule = TrustAgentRule<TemporaryAndRenewableTrustAgent>()
50 
51     @get:Rule
52     val rule: RuleChain = RuleChain
53         .outerRule(activityScenarioRule)
54         .around(ScreenLockRule())
55         .around(lockStateTrackingRule)
56         .around(trustAgentRule)
57 
58     @Before
manageTrustnull59     fun manageTrust() {
60         trustAgentRule.agent.setManagingTrust(true)
61     }
62 
63     // This test serves a baseline for Grant tests, verifying that the default behavior of the
64     // device is to lock when put to sleep
65     @Test
sleepingDeviceWithoutGrantLocksDevicenull66     fun sleepingDeviceWithoutGrantLocksDevice() {
67         uiDevice.sleep()
68 
69         lockStateTrackingRule.assertLocked()
70     }
71 
72     @Test
grantTrustLockedDevice_deviceStaysLockednull73     fun grantTrustLockedDevice_deviceStaysLocked() {
74         uiDevice.sleep()
75         lockStateTrackingRule.assertLocked()
76 
77         uiDevice.wakeUp()
78         trustAgentRule.agent.grantTrust(
79             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
80 
81         lockStateTrackingRule.assertLocked()
82     }
83 
84     @Test
grantTrustUnlockedDevice_deviceLocksOnScreenOffnull85     fun grantTrustUnlockedDevice_deviceLocksOnScreenOff() {
86         trustAgentRule.agent.grantTrust(
87             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
88         uiDevice.sleep()
89 
90         lockStateTrackingRule.assertLocked()
91     }
92 
93     @Test
grantTrustLockedDevice_grantTrustOnLockedDeviceUnlocksDevicenull94     fun grantTrustLockedDevice_grantTrustOnLockedDeviceUnlocksDevice() {
95         trustAgentRule.agent.grantTrust(
96             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
97         uiDevice.sleep()
98 
99         lockStateTrackingRule.assertLocked()
100 
101         uiDevice.wakeUp()
102         trustAgentRule.agent.grantTrust(
103             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
104 
105         lockStateTrackingRule.assertUnlockedAndTrusted()
106     }
107 
108     @Test
grantTrustLockedDevice_callsBackWhenUnlockednull109     fun grantTrustLockedDevice_callsBackWhenUnlocked() {
110         Log.i(TAG, "Granting renewable trust while unlocked")
111         trustAgentRule.agent.grantTrust(
112             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
113         await(1000)
114 
115         Log.i(TAG, "Locking device")
116         uiDevice.sleep()
117 
118         lockStateTrackingRule.assertLocked()
119         uiDevice.wakeUp()
120 
121         Log.i(TAG, "Renewing trust and unlocking")
122         var result: GrantTrustResult? = null
123         trustAgentRule.agent.grantTrust(
124                 GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {
125             Log.i(TAG, "Callback received; status=${it.status}")
126             result = it
127         }
128         lockStateTrackingRule.assertUnlockedAndTrusted()
129 
130         wait("callback triggered") { result?.status == STATUS_UNLOCKED_BY_GRANT }
131     }
132 
133     @Test
grantTrustLockedDevice_revokeTrustPreventsSubsequentUnlocknull134     fun grantTrustLockedDevice_revokeTrustPreventsSubsequentUnlock() {
135         trustAgentRule.agent.grantTrust(
136             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
137         uiDevice.sleep()
138 
139         lockStateTrackingRule.assertLocked()
140 
141         trustAgentRule.agent.revokeTrust()
142         await(500)
143         uiDevice.wakeUp()
144 
145         trustAgentRule.agent.grantTrust(
146             GRANT_MESSAGE, 0, FLAG_GRANT_TRUST_TEMPORARY_AND_RENEWABLE) {}
147 
148         lockStateTrackingRule.assertLocked()
149     }
150 
151     companion object {
152         private const val TAG = "TemporaryAndRenewableTrustTest"
153         private const val GRANT_MESSAGE = "granted by test"
awaitnull154         private fun await(millis: Long) = Thread.sleep(millis)
155     }
156 }
157 
158 class TemporaryAndRenewableTrustAgent : BaseTrustAgentService()
159