The following is a description of the elements, types, and attributes that compose the Android specific tests found in Open Vulnerability and Assessment Language (OVAL). Each test is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here. The OVAL Schema is maintained by The MITRE Corporation and developed by the public OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.mitre.org. Android Definition 5.10 4/8/2014 08:13:00 PM Copyright (c) 2002-2014, The MITRE Corporation. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at http://oval.mitre.org/oval/about/termsofuse.html. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included. The app_manager_test is used to verify the applications installed on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a app_manager_object and the optional state element specifies the data to check. app_manager_test app_manager_object app_manager_state app_manager_item - the object child element of an app_manager_test must reference an app_manager_object - the state child element of an app_manager_test must reference an app_manager_state The app_manager_object element is used by a app_manager_test to define the required application properties to verify. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. State referenced in filter for '' is of the wrong type. Name of the package. Hexadecimal string of the signing certificate corresponding with the key used to sign the application package. Only the actual signing certificate should be included, not CA certificates in the chain (if applicable). The app_manager_state element defines the application settings. Name of the application. Linux userid assigned to the application. (In some cases multiple applications can share a userid.) One element for each group id that the application belongs to. Name of the package. Data directory assigned to the application. Application version. True if the application is enabled. One element for each permission granted to the application. Directory where the application's native libraries (if any) have been installed. Hexadecimal string of the signing certificate corresponding with the key used to sign the application package. Only the actual signing certificate should be included, not CA certificates in the chain (if applicable). Time at which the app was first installed, expressed in milliseconds since January 1, 1970 00:00:00 UTC. Time at which the app was last updated, expressed in milliseconds since January 1, 1970 00:00:00 UTC. From ApplicationInfo.sourceDir, the full path to the location of the publicly available parts of the application package. The bluetooth_test is used to check the status of bluetooth settings on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a bluetooth_object and the optional state element specifies the data to check. bluetooth_test bluetooth_object bluetooth_state bluetooth_item - the object child element of an bluetooth_test must reference an bluetooth_object - the state child element of an bluetooth_test must reference an bluetooth_state The bluetooth_object element is used by a bluetooth test to define those objects to be evaluated based on a specified state. Any OVAL Test written to check bluetooth settings status will reference the same bluetooth_object which is basically an empty object element. The bluetooth_state element defines the bluetooth general settings status. True if device Bluetooth is currently in discoverable mode. True if device Bluetooth is currently enabled. The camera_test is used to check camera-related information. camera_test camera_object camera_state camera_item - the object child element of a camera_test must reference a camera_object - the state child element of a camera_test must reference a camera_state The camera_object element is used by a camera test to define those objects to evaluate based on a camera state. The camera_state element contains a single entity that is used to check the status of the camera. If true, then a policy is being enforced disabling use of the camera. The policy is only available in Android 4.0 and up (and potentially on older Android devices if specifically added by the device vendor). The certificate_test is used to check the certificates installed on the device. certificate_test certificate_object certificate_state certificate_item - the object child element of a certificate_test must reference a certificate_object - the state child element of a certificate_test must reference a certificate_state The certificate_object element is used by a certificate test to define those objects to evaluate based on a certificate state. The certificate_state element contains a single entity that is used to check the status of the certificates. Hexadecimal string of each certificate in the OS's trusted certificate store, including both certificates installed by the system and by users. System trusted certificates that were disabled by the user are not included here. The device_settings_test is used to check the status of various settings on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a device_settings_object and the optional state element specifies the data to check. device_settings_test device_settings_object device_settings_state device_settings_item - the object child element of an device_settings_test must reference an device_settings_object - the state child element of an network_test must reference an network_state The device_settings_object element is used by a device settings test to define those objects to be evaluated based on a specified state. Any OVAL Test written to check device settings will reference the same device_settings_object which is basically an empty object element. The device_settings_state element defines the device settings. True if Android Debug Bridge (USB debugging) is enabled. True if mock locations and location provider status can be injected into Android's Location Manager. True if applications can be installed from "unknown sources". One element per application that holds device administrator access. Contains the application's package name. True if the user prefers the date and time to be automatically fetched from the network. True if the user prefers the time zone to be automatically fetched from the network. True if USB mass storage is enabled on the device, otherwise false. The encryption_test is used to check the encryption status on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a encryption_object and the optional state element references a encryption_state that specifies the information to check. encryption_test encryption_object encryption_state encryption_item - the object child element of a encryption_test must reference a encryption_object - the state child element of a encryption_test must reference a encryption_state The encryption_object element is used by a encryption test to define those objects to evaluated based on a specified state. Any OVAL Test written to check password policy will reference the same password_object which is basically an empty object element. The encryption_state element defines the encryption settings configured on the device. True if a policy is in place requiring the device storage to be encrypted. (android.app.admin.DevicePolicyManager.getStorageEncryption()) The current status of device encryption. (android.app.admin.DevicePolicyManager.getStorageEncryptionStatus()) Either ENCRYPTION_STATUS_UNSUPPORTED, ENCRYPTION_STATUS_INACTIVE, ENCRYPTION_STATUS_ACTIVATING, or ENCRYPTION_STATUS_ACTIVE as documented in the Android SDK's DevicePolicyManager class. The location_service_test is used to check the status of location based services. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a location_service_object and the optional state element specifies the data to check. location_service_test location_service_object location_service_state location_service_item - the object child element of an location_service_test must reference an location_service_object - the state child element of an location_service_test must reference an location_service_state The location_service_object element is used by a location service test to define those objects to evaluated based on a specified state. Any OVAL Test written to check location based services status will reference the same location_service_object which is basically an empty object element. The location_service_state element defines the location based services status. A boolean value indicating whether the GPS location provider is enabled. A boolean value indicating whether the network location provider is enabled. The network_test is used to check the status of network preferences on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a network_object and the optional state element specifies the data to check. network_test network_object network_state network_item - the object child element of an network_test must reference an network_object - the state child element of an network_test must reference an network_state The network_object element is used by a network test to define those objects to be evaluated based on a specified state. Any OVAL Test written to check network preference will reference the same network_object which is basically an empty object element. The network_state element defines the network preferences. True if airplane mode is enabled on the device. True if NFC is enabled on the device. The password test is used to check specific policy associated with passwords and the device screen lock. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a password_object and the optional state element specifies the metadata to check. password_test password_object password_state password_item - the object child element of a password_test must reference a password_object - the state child element of a password_test must reference a password_state The password_object element is used by a password test to define those objects to evaluated based on a specified state. Any OVAL Test written to check password policy will reference the same password_object which is basically an empty object element. The password_state element specifies the various policies associated with passwords and the device screen lock. A password test will reference a specific instance of this state that defines the exact settings that need to be evaluated. Maximum number of failed user authentications before device wipe. Zero means there is no policy in place. Specifies the length of password history maintained (passwords in the history cannot be reused). Zero means there is no policy in place. The current minimum required password quality required by device policy. Represented as a string corresponding with a valid Android password quality, currently one of: PASSWORD_QUALITY_ALPHABETIC PASSWORD_QUALITY_ALPHANUMERIC PASSWORD_QUALITY_BIOMETRIC_WEAK PASSWORD_QUALITY_COMPLEX PASSWORD_QUALITY_NUMERIC PASSWORD_QUALITY_SOMETHING PASSWORD_QUALITY_UNSPECIFIED Minimum length of characters password must have. This constraint is only imposed if the password quality is one of PASSWORD_QUALITY_NUMERIC, PASSWORD_QUALITY_ALPHABETIC, PASSWORD_QUALITY_ALPHANUMERIC, or PASSWORD_QUALITY_COMPLEX. Minimum number of letters password must have. This constraint is only imposed if the password quality is PASSWORD_QUALITY_COMPLEX. Minimum number of lower case letters password must have. This constraint is only imposed if the password quality is PASSWORD_QUALITY_COMPLEX. Minimum number of non-letter characters password must have. This constraint is only imposed if the password quality is PASSWORD_QUALITY_COMPLEX. Minimum number of numeric characters password must have. This constraint is only imposed if the password quality is PASSWORD_QUALITY_COMPLEX. Minimum number of symbol characters password must have. This constraint is only imposed if the password quality is PASSWORD_QUALITY_COMPLEX. Minimum number of upper case letters password must have. This constraint is only imposed if the password quality is PASSWORD_QUALITY_COMPLEX. Gets the current password expiration timeout policy, in milliseconds. Zero means there is no policy in place. When true, the most recently keyed in password character is shown to the user on the screen (the previously entered characters are masked out). When false, all keyed in password characters are immediately masked out. This setting is manageable by the device user through the device settings. When true, the current device password is compliant with the password policy. (If the policy was recently established, it is possible that a password compliant with the policy may not yet be in place.) The number of times the user has failed at entering a password since the last successful password entry. The current policy for the highest screen lock timeout the user is allowed to specify. 0 indicates no restriction. (The user may still specify lower values in the device settings.) The current policy for lockscreen widgets as retrieved by DevicePolicyManager.getKeyguardDisabledFeatures. May be set to one of KEYGUARD_DISABLE_FEATURES_ALL, KEYGUARD_DISABLED_FEATURES_NONE, KEYGUARD_DISABLE_SECURE_CAMERA, or KEYGUARD_DISABLE_WIDGETS_ALL. Only available in Android 4.2 and up. The syste_details test is used to get system hardware and operating system information. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a system_details_object and the optional state element specifies the data to check. system_details_test system_details_object system_details_state system_details_item - the object child element of system_details_test must reference system_details_object - the state child element of an system_details_test must reference an system_details_state The system_details_object element is used by a system_details test to define the object to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The system_details_state element defines the information about the hardware and the operating system. Please refer to the individual elements in the schema for more details about what each represents. The hardware model, as provided by android.os.Build.HARDWARE using the Android SDK. The device manufacturer, as provided by android.os.Build.MANUFACTURER using the Android SDK. The device model identifier, as provided by android.os.Build.MODEL using the Android SDK. The product name, as provided by android.os.Build.PRODUCT using the Android SDK. The name of the instruction set of native code, as provided by android.os.Build.CPU_ABI using the Android SDK. The name of the second instruction set of native code, as provided by android.os.Build.CPU_ABI2 using the Android SDK. Build fingerprint, as provided by android.os.Build.FINGERPRINT using the Android SDK. Operating system version code, as provided by android.os.Build.VERSION.CODENAME using the Android SDK. Operating system build number, as provided by android.os.Build.VERSION.INCREMENTAL using the Android SDK. Operating system release name, as provided by android.os.Build.VERSION.RELEASE using the Android SDK. Operating system SDK number, as provided by android.os.Build.VERSION.SDK_INT using the Android SDK. True if the device provides a hardware backed cryptographic keystore (a hardware keystore prevents exporting private keys or directly exposing private keys to the OS), otherwise false. The wifi_test is used to check the status of general Wi-Fi settings on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wifi_object and the optional state element specifies the data to check. wifi_test wifi_object wifi_state wifi_item - the object child element of an wifi_test must reference an wifi_object - the state child element of an wifi_test must reference an wifi_state The wifi_object element is used by a wifi test to define those objects to evaluated based on a specified state. Any OVAL Test written to check wifi settings status will reference the same wifi_object which is basically an empty object element. The wifi_state element defines the wifi general settings status. True if Wi-Fi is currently enabled on the device. True if the Wi-Fi network availability notification setting is currently enabled on the device. The wifi_network_test is used to check information about the configured Wi-Fi networks on the device. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a wifi_network_object and the optional state element specifies the data to check. wifi_network_test wifi_network_object wifi_network_state wifi_network_item - the object child element of an wifi_network_test must reference an wifi_network_object - the state child element of an wifi_network_test must reference an wifi_network_state The wifi_network_object element is used by a wifi_network_test to define the SSID of the Wi-Fi to verify security settings. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. State referenced in filter for '' is of the wrong type. The network's SSID to check. The wifi_network_state element defines the Wi-Fi network settings status. The network's SSID. BSSID. The value is a string in the format of an Ethernet MAC address. The set of authentication protocols supported by this configuration. The set of group ciphers supported by this configuration. The set of key management protocols supported by this configuration. The set of pairwise ciphers for WPA supported by this configuration. The set of security protocols supported by this configuration. This is a network that does not broadcast its SSID. The ID number that the supplicant uses to identify this network configuration entry. Priority determines the preference given to a network by wpa_supplicant when choosing an access point with which to associate. The current status of this network configuration entry. The telephony_test is used to check Telephony characteristics of system. telephony_test telephony_object telephony_state telephony_item - the object child element of a telephony_test must reference a telephony_object - the state child element of a telephony_test must reference a telephony_state The telephony_object element is used by a telephony test to define those objects to evaluate based on a telephony manager state. The telephony_state element contains a single entity that is used to check the status of the telephony manager state. Value indicates the radio technology(network type) currently in use, for data transmission. The ISO country code equivalent for the SIM provider's country code. The MCC+MNC(mobile country code + mobile network code) of the provider of the SIM. It contains 5 or 6 decimal digits. The EntityStateWifiAuthAlgorithmType complex type restricts a string value to a specific set of values that name WiFi authentication algorithms. The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. LEAP/Network EAP (only used with LEAP) Open System authentication (required for WPA/WPA2) Shared Key authentication (requires static WEP keys) The EntityStateWifiGroupCipherType complex type restricts a string value to a specific set of values that name Wi-Fi group ciphers (android.net.wifi.WifiConfiguration.GroupCipher). The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0]; Constant Value: 3 (0x00000003) Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]; Constant Value: 2 (0x00000002) WEP (Wired Equivalent Privacy) with 104-bit key; Constant Value: 1 (0x00000001) WEP (Wired Equivalent Privacy) with 40-bit key (original 802.11); Constant Value: 0 (0x00000000) The EntityStateWifiKeyMgmtType complex type restricts a string value to a specific set of values that name Wi-Fi key management schemes (from android.net.wifi.WifiConfiguration.KeyMgmt). The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. IEEE 802.1X using EAP authentication and (optionally) dynamically generated WEP keys. WPA is not used; plaintext or static WEP could be used. WPA using EAP authentication. WPA pre-shared key. The EntityStateWifiPairwiseCipherType complex type restricts a string value to a specific set of values that name Wi-Fi recognized pairwise ciphers for WPA (from android.net.wifi.WifiConfiguration.PairwiseCipher). The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] Use only Group keys (deprecated) Temporal Key Integrity Protocol [IEEE802.11i/D7.0] The EntityStateWifiProtocolType complex type restricts a string value to a specific set of values that name Wi-Fi recognized security protocols (from android.net.wifi.WifiConfiguration.Protocol). The empty string is also allowed to support empty element associated with variable references. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. WPA2/IEEE 802.11i WPA/IEEE 802.11i/D3.0 The EntityStateEncryptionStatusType complex type restricts a string value to a specific set of values. Encryption is not supported Encryption is active. Encryption is supported but is not currently active. Encryption is not currently active, but is currently being activated. The EntityStatePasswordQualityType complex type restricts a string value to a specific set of values. The password must contain alphabetic (or other symbol) characters The password must contain both numeric and alphabetic (or other symbol) characters This policy allows for low-security biometric recognition technology The password must contain at least a letter, a numerical digit, and a special symbol The password must contain at least numeric characters This policy requires some kind of password, but doesn't care what it is There are no password policy requirements The EntityStateKeyguardDisabledFeaturesType complex type restricts a string value to a specific set of values. Widgets are enabled in keyguard Disable all keyguard widgets Disable the camera on secure keyguard screens (e.g. PIN/Pattern/Password) Disable all current and future keyguard customizations The EntityStateNetworkType complex type restricts a string value to a specific set of values. The network type is unknown Current network is GPRS Current network is EDGE Current network is UMTS Current network is CDMA Current network is EVDO-0 Current network is EVDO-A Current network is 1xRTT Current network is HSDPA Current network is HSUPA Current network is HSPA Current network is IDEN Current network is EVDO-B Current network is LTE Current network is EHRPD Current network is HSPAP The EntityStateWifiCurrentStatusType complex type restricts a string value to a specific set of values. The network we are currently connected to Supplicant will not attempt to use this network Supplicant will consider this network available for association