to top

Testing Device Administration

In this document

To ensure minimal support for managed profiles, OEM devices must contain the following essential elements:

For a complete list of requirements, see Implementing Device Administration.

To test device administration features, device owners can use the TestDPC application (described below); consider also working directly with other enterprise mobility management (EMM) providers.

Set up device owner for testing

Use the following instructions to set up a device owner testing environment.

  1. Set up the device:
    1. Factory reset the target device.
    2. Ensure you do not add any user accounts (e.g. those used to log into online services) to the device. This can be checked in Settings->Accounts.
  2. Set up the testing application using one of the following methods:
  3. Set the TestDPC app as the device owner using the following command:
    $ adb shell dpm set-device-owner "com.afwsamples.testdpc/.DeviceAdminReceiver"
  4. Go through device owner setup on the device (encrypt, select Wi-Fi, etc.)

Verify device owner setup

To verify the device owner was correctly setup, go to Settings > Security > Device Administrators and confirm TestDPC is in the list. Verify it cannot be disabled (this signifies it is a device owner).

Automated provisioning testing

To automate the testing of enterprise provisioning processes, use the Android for Work (AfW) Test Harness. For details, see Testing Device Provisioning.

Bug reports and logs

In Android 7.0, device owner Device Policy Client (DPCs) can get bug reports and view logs for enterprise processes on a managed device.

To trigger a bug report (i.e., the equivalent data collected by adb bugreport containing dumpsys, dumpstate, and logcat data), use DevicePolicyController.requestBugReport. After the bug report is collected, the user is prompted to give consent to send the bug report data. Results are received by DeviceAdminReceiver.onBugreport[Failed|Shared|SharingDeclined]. For details on bug report contents, see Reading Bug Reports.

In addition, device owner DPCs can also collect logs related to actions a user has taken on a managed device. Enterprise process logging is required for all devices that report device_admin and enabled by a new log security buffer readable only by the system server (i.e., adb logcat -b security cannot read the buffer). ActivityManager service and Keyguard components log the following events to the security buffer:

  • Application processes starting
  • Keyguard actions (e.g., unlock failure and success)
  • adb commands issued to the device

To optionally retain logs across reboots (not cold boot) and make these logs available to device owner DPCs, a device must have a kernel with pstore and pmsg enabled, and DRAM powered and refreshed through all stages of reboot to avoid corruption to the logs retained in memory. To enable support, use the config_supportPreRebootSecurityLogs setting in frameworks/base/core/res/res/values/config.xml.