1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package com.android.cts.deviceowner; 17 18 import android.app.admin.DevicePolicyManager; 19 import android.content.ContentResolver; 20 import android.content.Context; 21 import android.os.Process; 22 import android.provider.Settings; 23 24 import java.io.ByteArrayInputStream; 25 import java.security.KeyStore; 26 import java.security.cert.Certificate; 27 import java.security.cert.CertificateFactory; 28 import java.util.List; 29 30 public class AdminActionBookkeepingTest extends BaseDeviceOwnerTest { 31 /* 32 * The CA cert below is the content of cacert.pem as generated by: 33 * 34 * openssl req -new -x509 -days 3650 -extensions v3_ca -keyout cakey.pem -out cacert.pem 35 */ 36 private static final String TEST_CA = 37 "-----BEGIN CERTIFICATE-----\n" + 38 "MIIDXTCCAkWgAwIBAgIJAK9Tl/F9V8kSMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV\n" + 39 "BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX\n" + 40 "aWRnaXRzIFB0eSBMdGQwHhcNMTUwMzA2MTczMjExWhcNMjUwMzAzMTczMjExWjBF\n" + 41 "MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50\n" + 42 "ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 43 "CgKCAQEAvItOutsE75WBTgTyNAHt4JXQ3JoseaGqcC3WQij6vhrleWi5KJ0jh1/M\n" + 44 "Rpry7Fajtwwb4t8VZa0NuM2h2YALv52w1xivql88zce/HU1y7XzbXhxis9o6SCI+\n" + 45 "oVQSbPeXRgBPppFzBEh3ZqYTVhAqw451XhwdA4Aqs3wts7ddjwlUzyMdU44osCUg\n" + 46 "kVg7lfPf9sTm5IoHVcfLSCWH5n6Nr9sH3o2ksyTwxuOAvsN11F/a0mmUoPciYPp+\n" + 47 "q7DzQzdi7akRG601DZ4YVOwo6UITGvDyuAAdxl5isovUXqe6Jmz2/myTSpAKxGFs\n" + 48 "jk9oRoG6WXWB1kni490GIPjJ1OceyQIDAQABo1AwTjAdBgNVHQ4EFgQUH1QIlPKL\n" + 49 "p2OQ/AoLOjKvBW4zK3AwHwYDVR0jBBgwFoAUH1QIlPKLp2OQ/AoLOjKvBW4zK3Aw\n" + 50 "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAcMi4voMMJHeQLjtq8Oky\n" + 51 "Azpyk8moDwgCd4llcGj7izOkIIFqq/lyqKdtykVKUWz2bSHO5cLrtaOCiBWVlaCV\n" + 52 "DYAnnVLM8aqaA6hJDIfaGs4zmwz0dY8hVMFCuCBiLWuPfiYtbEmjHGSmpQTG6Qxn\n" + 53 "ZJlaK5CZyt5pgh5EdNdvQmDEbKGmu0wpCq9qjZImwdyAul1t/B0DrsWApZMgZpeI\n" + 54 "d2od0VBrCICB1K4p+C51D93xyQiva7xQcCne+TAnGNy9+gjQ/MyR8MRpwRLv5ikD\n" + 55 "u0anJCN8pXo6IMglfMAsoton1J6o5/ae5uhC6caQU8bNUsCK570gpNfjkzo6rbP0\n" + 56 "wQ==\n" + 57 "-----END CERTIFICATE-----"; 58 59 @Override 60 protected void tearDown() throws Exception { 61 mDevicePolicyManager.setSecurityLoggingEnabled(getWho(), false); 62 mDevicePolicyManager.setNetworkLoggingEnabled(getWho(), false); 63 mDevicePolicyManager.uninstallCaCert(getWho(), TEST_CA.getBytes()); 64 65 super.tearDown(); 66 } 67 68 /** 69 * Test: Retrieving security logs should update the corresponding timestamp. 70 */ 71 public void testRetrieveSecurityLogs() throws Exception { 72 Thread.sleep(1); 73 final long previousTimestamp = mDevicePolicyManager.getLastSecurityLogRetrievalTime(); 74 75 mDevicePolicyManager.setSecurityLoggingEnabled(getWho(), true); 76 77 long timeBefore = System.currentTimeMillis(); 78 mDevicePolicyManager.retrieveSecurityLogs(getWho()); 79 long timeAfter = System.currentTimeMillis(); 80 81 final long firstTimestamp = mDevicePolicyManager.getLastSecurityLogRetrievalTime(); 82 assertTrue(firstTimestamp > previousTimestamp); 83 assertTrue(firstTimestamp >= timeBefore); 84 assertTrue(firstTimestamp <= timeAfter); 85 86 Thread.sleep(2); 87 timeBefore = System.currentTimeMillis(); 88 final boolean preBootSecurityLogsRetrieved = 89 mDevicePolicyManager.retrievePreRebootSecurityLogs(getWho()) != null; 90 timeAfter = System.currentTimeMillis(); 91 92 final long secondTimestamp = mDevicePolicyManager.getLastSecurityLogRetrievalTime(); 93 if (preBootSecurityLogsRetrieved) { 94 // If the device supports pre-boot security logs, verify that retrieving them updates 95 // the timestamp. 96 assertTrue(secondTimestamp > firstTimestamp); 97 assertTrue(secondTimestamp >= timeBefore); 98 assertTrue(secondTimestamp <= timeAfter); 99 } else { 100 // If the device does not support pre-boot security logs, verify that the attempt to 101 // retrieve them does not update the timestamp. 102 assertEquals(firstTimestamp, secondTimestamp); 103 } 104 } 105 106 /** 107 * Test: Requesting a bug report should update the corresponding timestamp. 108 */ 109 public void testRequestBugreport() throws Exception { 110 Thread.sleep(1); 111 final long previousTimestamp = mDevicePolicyManager.getLastBugReportRequestTime(); 112 113 final long timeBefore = System.currentTimeMillis(); 114 mDevicePolicyManager.requestBugreport(getWho()); 115 final long timeAfter = System.currentTimeMillis(); 116 117 final long newTimestamp = mDevicePolicyManager.getLastBugReportRequestTime(); 118 assertTrue(newTimestamp > previousTimestamp); 119 assertTrue(newTimestamp >= timeBefore); 120 assertTrue(newTimestamp <= timeAfter); 121 } 122 123 /** 124 * Test: Retrieving network logs should update the corresponding timestamp. 125 */ 126 public void testGetLastNetworkLogRetrievalTime() throws Exception { 127 Thread.sleep(1); 128 final long previousTimestamp = mDevicePolicyManager.getLastSecurityLogRetrievalTime(); 129 130 mDevicePolicyManager.setNetworkLoggingEnabled(getWho(), true); 131 132 long timeBefore = System.currentTimeMillis(); 133 mDevicePolicyManager.retrieveNetworkLogs(getWho(), 0 /* batchToken */); 134 long timeAfter = System.currentTimeMillis(); 135 136 final long newTimestamp = mDevicePolicyManager.getLastNetworkLogRetrievalTime(); 137 assertTrue(newTimestamp > previousTimestamp); 138 assertTrue(newTimestamp >= timeBefore); 139 assertTrue(newTimestamp <= timeAfter); 140 } 141 142 /** 143 * Test: The Device Owner should be able to set and retrieve the name of the organization 144 * managing the device. 145 */ 146 public void testDeviceOwnerOrganizationName() throws Exception { 147 mDevicePolicyManager.setOrganizationName(getWho(), null); 148 assertNull(mDevicePolicyManager.getDeviceOwnerOrganizationName()); 149 150 mDevicePolicyManager.setOrganizationName(getWho(), "organization"); 151 assertEquals("organization", mDevicePolicyManager.getDeviceOwnerOrganizationName()); 152 153 mDevicePolicyManager.setOrganizationName(getWho(), null); 154 assertNull(mDevicePolicyManager.getDeviceOwnerOrganizationName()); 155 } 156 157 /** 158 * Test: When a Device Owner is set, isDeviceManaged() should return true. 159 */ 160 public void testIsDeviceManaged() throws Exception { 161 assertTrue(mDevicePolicyManager.isDeviceManaged()); 162 } 163 164 /** 165 * Test: It should be recored whether the Device Owner or the user set the current IME. 166 */ 167 public void testIsDefaultInputMethodSet() throws Exception { 168 final String setting = Settings.Secure.DEFAULT_INPUT_METHOD; 169 final ContentResolver resolver = getContext().getContentResolver(); 170 final String ime = Settings.Secure.getString(resolver, setting); 171 172 Settings.Secure.putString(resolver, setting, "com.test.1"); 173 Thread.sleep(500); 174 assertFalse(mDevicePolicyManager.isCurrentInputMethodSetByOwner()); 175 176 mDevicePolicyManager.setSecureSetting(getWho(), setting, "com.test.2"); 177 Thread.sleep(500); 178 assertTrue(mDevicePolicyManager.isCurrentInputMethodSetByOwner()); 179 180 Settings.Secure.putString(resolver, setting, ime); 181 Thread.sleep(500); 182 assertFalse(mDevicePolicyManager.isCurrentInputMethodSetByOwner()); 183 } 184 185 /** 186 * Test: It should be recored whether the Device Owner or the user installed a CA cert. 187 */ 188 public void testGetPolicyInstalledCaCerts() throws Exception { 189 final byte[] rawCert = TEST_CA.getBytes(); 190 final Certificate cert = CertificateFactory.getInstance("X.509") 191 .generateCertificate(new ByteArrayInputStream(rawCert)); 192 193 // Install a CA cert. 194 KeyStore keyStore = KeyStore.getInstance("AndroidCAStore"); 195 keyStore.load(null, null); 196 assertNull(keyStore.getCertificateAlias(cert)); 197 assertTrue(mDevicePolicyManager.installCaCert(getWho(), rawCert)); 198 final String alias = keyStore.getCertificateAlias(cert); 199 assertNotNull(alias); 200 201 // Verify that the CA cert was marked as installed by the Device Owner. 202 verifyOwnerInstalledStatus(alias, true); 203 204 // Uninstall the CA cert. 205 mDevicePolicyManager.uninstallCaCert(getWho(), rawCert); 206 207 // Verify that the CA cert is no longer marked as installed by the Device Owner. 208 verifyOwnerInstalledStatus(alias, false); 209 } 210 211 private void verifyOwnerInstalledStatus(String alias, boolean expectOwnerInstalled) { 212 final List<String> ownerInstalledCerts = 213 mDevicePolicyManager.getOwnerInstalledCaCerts(Process.myUserHandle()); 214 assertNotNull(ownerInstalledCerts); 215 assertEquals(expectOwnerInstalled, ownerInstalledCerts.contains(alias)); 216 } 217 } 218
