Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / cts / b5b8cca3824850ebc6aefec7a23d7b9bae9a033f
commitb5b8cca3824850ebc6aefec7a23d7b9bae9a033f[log] [tgz]
authorEran Messeri <eranm@google.com>Fri Oct 19 12:11:38 2018 +0100
committerEran Messeri <eranm@google.com>Thu Nov 15 10:33:43 2018 +0000
tree38b3d0bf588d28ead8c6bd1bf0a103b6441e5930
parentd07b7c955c6f02dedd73e3b2ce635ca995bd4e04 [diff]
Device ID attestation for profile owner: tests

Test that the profile owner can generate a key that includes the device
identifiers in the key attestation record if and only if the profile
owner was granted access to the identifiers explicitly.

Also test that when a delegated certificate installer is trying to
generate keys with attestation record, the same properties hold as for
the profile owner.

Testing matrix: Due to the different combinations, the table below
should help figuring out which state is tested by which test.

States: Device Owner (DO), Profile Owner (PO)
Delegated cert installer being tested? YES, NO
Has device id access been granted? Y, N, N/A
Is key generation including device id attestation expected to succeed? YES, NO

+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| MODE | DEL | ID ACC | SUC | HOST-SIDE TEST CLASS                                                       | DEVICE-SIDE TEST CLASS                                                                      |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| DO   | NO  | N/A    | YES | DeviceAndProfileOwnerTest#testKeyManagement                                | KeyManagementTest#assertAllVariantsOfDeviceIdAttestation                                    |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| DO   | YES | N/A    | YES | MixedDeviceOwnerTest#testDelegatedCertInstallerDeviceIdAttestation         | DelegatedDeviceIdAttestationTest#testGenerateKeyPairWithDeviceIdAttestationExpectingSuccess |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| PO   | NO  | NO     | NO  | MixedManagedProfileOwnerTest#testDeviceIdAttestationForProfileOwner        | DeviceIdAttestationTest#testFailsWithoutProfileOwnerIdsGrant                                |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| PO   | NO  | NO     | NO  | DeviceAndProfileOwnerTest#testKeyManagement                                | KeyManagementTest testProfileOwnerCannotAttestDeviceUniqueIds                               | * REDUNDANT TEST
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| PO   | YES | NO     | NO  | MixedManagedProfileOwnerTest#testDelegatedCertInstallerDeviceIdAttestation | DelegatedDeviceIdAttestationTest#testGenerateKeyPairWithDeviceIdAttestationExpectingFailure |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| PO   | NO  | YES    | YES | MixedManagedProfileOwnerTest#testDeviceIdAttestationForProfileOwner        | DeviceIdAttestationTest#testSucceedsWithProfileOwnerIdsGrant                                |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+
| PO   | YES | YES    | YES | MixedManagedProfileOwnerTest#testDelegatedCertInstallerDeviceIdAttestation | DelegatedDeviceIdAttestationTest testGenerateKeyPairWithDeviceIdAttestationExpectingSuccess |
+------+-----+--------+-----+----------------------------------------------------------------------------+---------------------------------------------------------------------------------------------+

Bug: 111335970
Bug: 71421376
Test: atest com.android.cts.devicepolicy.MixedProfileOwnerTest#testKeyManagement
Test: atest com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testKeyManagement
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDeviceIdAttestationForProfileOwner
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testDelegatedCertInstallerDeviceIdAttestation
Test: atest CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.MixedDeviceOwnerTest#testDelegatedCertInstallerDeviceIdAttestation
Change-Id: I2758020cb573b6e17d7d520e59ed8d4a5ca17f0c
12 files changed
tree: 38b3d0bf588d28ead8c6bd1bf0a103b6441e5930
  1. apps/
  2. build/
  3. common/
  4. development/
  5. hostsidetests/
  6. libs/
  7. suite/
  8. tests/
  9. tools/
  10. .gitignore
  11. Android.bp
  12. Android.mk
  13. CleanSpec.mk
  14. CtsCoverage.mk
  15. error_prone_rules.mk
  16. error_prone_rules_tests.mk
  17. PREUPLOAD.cfg
  18. run_unit_tests.sh
  19. test_defs.sh