Merge "Add an initial set of tests for Trust." into tm-dev am: 35a3b959

// Copyright (C) 2022 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//      http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.

package {

    default_applicable_licenses: ["Android-Apache-2.0"],

}

android_test {

    name: "TrustTests",

    srcs: [

        "src/**/*.kt",

    ],

    static_libs: [

        "androidx.test.rules",

        "androidx.test.ext.junit",

        "androidx.test.uiautomator",

        "truth-prebuilt",

    ],

    libs: [

        "android.test.runner",

        "android.test.base",

    ],

    test_suites: [

        "device-tests",

    ],

    platform_apis: true,

    certificate: "platform",

}

<?xml version="1.0" encoding="utf-8"?>

<!--

  ~ Copyright (C) 2022 The Android Open Source Project

  ~

  ~ Licensed under the Apache License, Version 2.0 (the "License");

  ~ you may not use this file except in compliance with the License.

  ~ You may obtain a copy of the License at

  ~

  ~      http://www.apache.org/licenses/LICENSE-2.0

  ~

  ~ Unless required by applicable law or agreed to in writing, software

  ~ distributed under the License is distributed on an "AS IS" BASIS,

  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  ~ See the License for the specific language governing permissions and

  ~ limitations under the License.

  -->

<manifest xmlns:android="http://schemas.android.com/apk/res/android"

          package="android.trust.test"

          android:targetSandboxVersion="2">

    <uses-permission android:name="android.permission.ACCESS_KEYGUARD_SECURE_STORAGE" />

    <uses-permission android:name="android.permission.BIND_DEVICE_ADMIN" />

    <uses-permission android:name="android.permission.CONTROL_KEYGUARD" />

    <uses-permission android:name="android.permission.DEVICE_POWER" />

    <uses-permission android:name="android.permission.INTERACT_ACROSS_USERS_FULL" />

    <uses-permission android:name="android.permission.PROVIDE_TRUST_AGENT" />

    <uses-permission android:name="android.permission.TRUST_LISTENER" />

    <application>

        <uses-library android:name="android.test.runner"/>

        <activity android:name="android.trust.TrustTestActivity"

                  android:exported="true">

            <intent-filter>

                <action android:name="android.intent.action.MAIN"/>

                <category android:name="android.intent.category.LAUNCHER"/>

            </intent-filter>

        </activity>

        <service

            android:name=".UserUnlockRequestTrustAgent"

            android:exported="true"

            android:label="Test Agent"

            android:permission="android.permission.BIND_TRUST_AGENT">

            <intent-filter>

                <action android:name="android.service.trust.TrustAgentService" />

            </intent-filter>

        </service>

        <service

            android:name=".LockUserTrustAgent"

            android:exported="true"

            android:label="Test Agent"

            android:permission="android.permission.BIND_TRUST_AGENT">

            <intent-filter>

                <action android:name="android.service.trust.TrustAgentService" />

            </intent-filter>

        </service>

        <service

            android:name=".GrantAndRevokeTrustAgent"

            android:exported="true"

            android:label="Test Agent"

            android:permission="android.permission.BIND_TRUST_AGENT">

            <intent-filter>

                <action android:name="android.service.trust.TrustAgentService" />

            </intent-filter>

        </service>

    </application>

    <!--  self-instrumenting test package. -->

    <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"

                     android:targetPackage="android.trust.test">

    </instrumentation>

</manifest>

<?xml version="1.0" encoding="utf-8"?>

<!--

  ~ Copyright (C) 2022 The Android Open Source Project

  ~

  ~ Licensed under the Apache License, Version 2.0 (the "License");

  ~ you may not use this file except in compliance with the License.

  ~ You may obtain a copy of the License at

  ~

  ~      http://www.apache.org/licenses/LICENSE-2.0

  ~

  ~ Unless required by applicable law or agreed to in writing, software

  ~ distributed under the License is distributed on an "AS IS" BASIS,

  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  ~ See the License for the specific language governing permissions and

  ~ limitations under the License.

  -->

<configuration description="TrustTests configuration">

    <option name="test-tag" value="TrustTests" />

    <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">

        <option name="cleanup-apks" value="true" />

        <option name="test-file-name" value="TrustTests.apk" />

    </target_preparer>

    <test class="com.android.tradefed.testtype.AndroidJUnitTest" >

        <option name="package" value="android.trust.test" />

        <option name="runner" value="androidx.test.runner.AndroidJUnitRunner" />

        <option name="hidden-api-checks" value="false" />

    </test>

</configuration>

# TrustTests framework tests

These tests test the "trust" part of the platform primarily implemented via TrustManagerService in

the system server and TrustAgentService in system apps.

Tests are separated into separate files based on major groupings. When creating new tests, find a

_closely_ matching existing test file or create a new test file. Prefer many test files over large

test files.

Each test file has its own trust agent. To create a new trust agent:

1. Create a new class extending from `BaseTrustAgentService` class in your test file

2. Add a new `<service>` stanza to `AndroidManifest.xml` in this directory for the new agent

   following the pattern fo the existing agents.

To run:

```atest TrustTests```

## Testing approach:

1. Test the agent service as a black box; avoid inspecting internal state of the service or

   modifying the system code outside of this directory.

2. The primary interface to the system is through these three points:

    1. `TrustAgentService`, your agent created by the `TrustAgentRule` and accessible via

       the `agent` property of the rule.

        1. Call command methods (e.g. `grantTrust`) directly on the agent

        2. Listen to events (e.g. `onUserRequestedUnlock`) by implementing the method in

           your test's agent class and tracking invocations. See `UserUnlockRequestTest` for an

           example.

    2. `TrustManager` which is the interface the rest of the system (e.g. SystemUI) has to the

       service.

        1. Through this API, simulate system events that the service cares about

           (e.g. `reportUnlockAttempt`).

    3. `TrustListener` which is the interface the rest of the system (e.g. SystemUI) uses to receive

       events from the service.

        1. Through this, verify behavior that affects the rest of the system. For example,

           see `LockStateTrackingRule`.

3. To re-use code between tests, prefer creating new rules alongside the existing rules or adding

   functionality to a _closely_ matching existing rule.

/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.trust

import android.service.trust.TrustAgentService

import android.util.Log

import kotlin.reflect.KClass

/**

 * Base class for test trust agents.

 */

abstract class BaseTrustAgentService : TrustAgentService() {

    override fun onCreate() {

        super.onCreate()

        Log.d(TAG, "${this::class.simpleName} created")

        instances[this::class] = this

    }

    override fun onDestroy() {

        super.onDestroy()

        instances.remove(this::class)

    }

    companion object {

        private val instances =

            mutableMapOf<KClass<out BaseTrustAgentService>, BaseTrustAgentService>()

        private const val TAG = "BaseTrustAgentService"

        fun instance(serviceClass: KClass<out BaseTrustAgentService>): BaseTrustAgentService? {

            return instances[serviceClass]!!

        }

    }

}