1 <html devsite> 2 <head> 3 <title>Testing Device Administration</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p>To ensure minimal support for managed profiles, OEM devices must contain the 27 following essential elements:</p> 28 29 <ul> 30 <li>Profile owner (as described in 31 <a href="https://developer.android.com/training/enterprise/app-compatibility.html">Ensuring 32 Compatibility with Managed Profiles</a>)</li> 33 <li>Device owner</li> 34 </ul> 35 36 <p>For a complete list of requirements, see 37 <a href="/devices/tech/admin/implement.html">Implementing Device 38 Administration</a>.</p> 39 40 <p>To test device administration features, device owners can use the TestDPC 41 application (described below); consider also working directly with other 42 enterprise mobility management (EMM) providers.</p> 43 44 <h2 id=set_up_the_device_owner_for_testing>Set up device owner for testing</h2> 45 <p>Use the following instructions to set up a device owner testing environment.</p> 46 47 <ol> 48 <li>Set up the device: 49 <ol> 50 <li style="list-style-type: lower-alpha">Factory reset the target device.</li> 51 <li style="list-style-type: lower-alpha">Ensure you do not add any user accounts 52 (e.g. those used to log into online services) to the device. 53 This can be checked in <em>Settings->Accounts</em>.</li> 54 </ol></li> 55 <li>Set up the testing application using one of the following methods: 56 <ul> 57 <li><a href="https://play.google.com/store/apps/details?id=com.afwsamples.testdpc&hl=en">Download 58 the TestDPC application</a> (available from Google Play).</li> 59 <li><a href="https://github.com/googlesamples/android-testdpc/">Build 60 the TestDPC application</a> (available from github.com).</li> 61 </ul> 62 </li> 63 <li>Set the TestDPC app as the device owner using the following command:<br> 64 <pre class="devsite-terminal devsite-click-to-copy"> 65 adb shell dpm set-device-owner "com.afwsamples.testdpc/.DeviceAdminReceiver" 66 </pre> 67 </li> 68 <li>Go through device owner setup on the device (encrypt, select Wi-Fi, etc.)</li> 69 </ol> 70 71 <h2 id=verify_the_device_owner_was_correctly_setup>Verify device owner setup</h2> 72 <p>To verify the device owner was correctly setup, go to <em>Settings > 73 Security > Device Administrators</em> and confirm TestDPC is in the 74 list. Verify it cannot be disabled (this signifies it is a device owner).</p> 75 76 <h2 id=automate>Automated provisioning testing</h2> 77 <p>To automate the testing of enterprise provisioning processes, use 78 the Android for Work (AfW) Test Harness. For details, see 79 <a href="/devices/tech/admin/testing-provision.html">Testing Device 80 Provisioning</a>.</p> 81 82 <h2 id="troubleshooting">Bug reports and logs</h2> 83 <p>In Android 7.0, device owner Device Policy Client (DPCs) can get bug reports 84 and view logs for enterprise processes on a managed device.</p> 85 86 <p>To trigger a bug report (i.e., the equivalent data collected by <code>adb 87 bugreport</code> containing dumpsys, dumpstate, and logcat data), use 88 <code>DevicePolicyController.requestBugReport</code>. After the bug report is 89 collected, the user is prompted to give consent to send the bug report data. 90 Results are received by 91 <code>DeviceAdminReceiver.onBugreport[Failed|Shared|SharingDeclined]</code>. For 92 details on bug report contents, see 93 <a href="/source/read-bug-reports.html">Reading Bug Reports</a>. 94 95 <p>In addition, device owner DPCs can also collect logs related to actions a 96 user has taken on a managed device. Enterprise process logging is required for 97 all devices that report device_admin and enabled by a new log security buffer 98 readable only by the system server (i.e., <code>adb logcat -b security</code> 99 cannot read the buffer). ActivityManager service and Keyguard components log the 100 following events to the security buffer:</p> 101 102 <ul> 103 <li>Application processes starting</li> 104 <li>Keyguard actions (e.g., unlock failure and success)</li> 105 <li><code>adb</code> commands issued to the device</li> 106 </ul> 107 108 <p>To optionally retain logs across reboots (not cold boot) and make these logs 109 available to device owner DPCs, a device must have a kernel with 110 <code>pstore</code> and <code>pmsg</code> enabled, and DRAM powered and 111 refreshed through all stages of reboot to avoid corruption to the logs retained 112 in memory. To enable support, use the 113 <code>config_supportPreRebootSecurityLogs</code> setting in 114 <code>frameworks/base/core/res/res/values/config.xml</code>.</p> 115 116 </body> 117 </html> 118
