frameworks/base
Revision | cd35d79a7cd3594c58d244fa595cf87a9ea5063d (tree) |
---|---|
Time | 2020-01-09 14:59:27 |
Author | Automerger Merge Worker <android-build-automerger-merge-worker@syst...> |
Commiter | Automerger Merge Worker |
Merge "Fix PermissionMonitor issues" into qt-dev am: 97baed2635
Change-Id: Ia955c4304c2e623b291c111615c65f012b7c3028
@@ -229,22 +229,22 @@ public class PermissionMonitor { | ||
229 | 229 | } |
230 | 230 | |
231 | 231 | @VisibleForTesting |
232 | - boolean hasPermission(PackageInfo app, String permission) { | |
233 | - if (app.requestedPermissions != null) { | |
234 | - for (String p : app.requestedPermissions) { | |
235 | - if (permission.equals(p)) { | |
236 | - return true; | |
237 | - } | |
238 | - } | |
232 | + boolean hasPermission(@NonNull final PackageInfo app, @NonNull final String permission) { | |
233 | + if (app.requestedPermissions == null || app.requestedPermissionsFlags == null) { | |
234 | + return false; | |
239 | 235 | } |
240 | - return false; | |
236 | + final int index = ArrayUtils.indexOf(app.requestedPermissions, permission); | |
237 | + if (index < 0 || index >= app.requestedPermissionsFlags.length) return false; | |
238 | + return (app.requestedPermissionsFlags[index] & REQUESTED_PERMISSION_GRANTED) != 0; | |
241 | 239 | } |
242 | 240 | |
243 | - private boolean hasNetworkPermission(PackageInfo app) { | |
241 | + @VisibleForTesting | |
242 | + boolean hasNetworkPermission(@NonNull final PackageInfo app) { | |
244 | 243 | return hasPermission(app, CHANGE_NETWORK_STATE); |
245 | 244 | } |
246 | 245 | |
247 | - private boolean hasRestrictedNetworkPermission(PackageInfo app) { | |
246 | + @VisibleForTesting | |
247 | + boolean hasRestrictedNetworkPermission(@NonNull final PackageInfo app) { | |
248 | 248 | // TODO : remove this check in the future(b/31479477). All apps should just |
249 | 249 | // request the appropriate permission for their use case since android Q. |
250 | 250 | if (app.applicationInfo != null) { |
@@ -260,33 +260,18 @@ public class PermissionMonitor { | ||
260 | 260 | } |
261 | 261 | } |
262 | 262 | return hasPermission(app, CONNECTIVITY_INTERNAL) |
263 | - || hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS); | |
264 | - } | |
265 | - | |
266 | - private boolean hasUseBackgroundNetworksPermission(PackageInfo app) { | |
267 | - // This function defines what it means to hold the permission to use | |
268 | - // background networks. | |
269 | - return hasPermission(app, CHANGE_NETWORK_STATE) | |
270 | 263 | || hasPermission(app, NETWORK_STACK) |
271 | - || hasRestrictedNetworkPermission(app); | |
264 | + || hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS); | |
272 | 265 | } |
273 | 266 | |
274 | - public boolean hasUseBackgroundNetworksPermission(int uid) { | |
275 | - final String[] names = mPackageManager.getPackagesForUid(uid); | |
276 | - if (null == names || names.length == 0) return false; | |
277 | - try { | |
278 | - // Only using the first package name. There may be multiple names if multiple | |
279 | - // apps share the same UID, but in that case they also share permissions so | |
280 | - // querying with any of the names will return the same results. | |
281 | - int userId = UserHandle.getUserId(uid); | |
282 | - final PackageInfo app = mPackageManager.getPackageInfoAsUser( | |
283 | - names[0], GET_PERMISSIONS, userId); | |
284 | - return hasUseBackgroundNetworksPermission(app); | |
285 | - } catch (NameNotFoundException e) { | |
286 | - // App not found. | |
287 | - loge("NameNotFoundException " + names[0], e); | |
288 | - return false; | |
289 | - } | |
267 | + /** Returns whether the given uid has using background network permission. */ | |
268 | + public synchronized boolean hasUseBackgroundNetworksPermission(final int uid) { | |
269 | + // Apps with any of the CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_INTERNAL or | |
270 | + // CONNECTIVITY_USE_RESTRICTED_NETWORKS permission has the permission to use background | |
271 | + // networks. mApps contains the result of checks for both hasNetworkPermission and | |
272 | + // hasRestrictedNetworkPermission. If uid is in the mApps list that means uid has one of | |
273 | + // permissions at least. | |
274 | + return mApps.containsKey(uid); | |
290 | 275 | } |
291 | 276 | |
292 | 277 | private int[] toIntArray(Collection<Integer> list) { |
@@ -16,6 +16,9 @@ | ||
16 | 16 | |
17 | 17 | package com.android.server; |
18 | 18 | |
19 | +import static android.Manifest.permission.CHANGE_NETWORK_STATE; | |
20 | +import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS; | |
21 | +import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED; | |
19 | 22 | import static android.content.pm.PackageManager.GET_PERMISSIONS; |
20 | 23 | import static android.content.pm.PackageManager.MATCH_ANY_USER; |
21 | 24 | import static android.net.ConnectivityManager.ACTION_CAPTIVE_PORTAL_SIGN_IN; |
@@ -2333,9 +2336,17 @@ public class ConnectivityServiceTest { | ||
2333 | 2336 | mCm.unregisterNetworkCallback(trackDefaultCallback); |
2334 | 2337 | } |
2335 | 2338 | |
2339 | + private void grantUsingBackgroundNetworksPermissionForUid(final int uid) throws Exception { | |
2340 | + final String testPackageName = mContext.getPackageName(); | |
2341 | + when(mPackageManager.getPackageInfo(eq(testPackageName), eq(GET_PERMISSIONS))) | |
2342 | + .thenReturn(buildPackageInfo(true, uid)); | |
2343 | + mService.mPermissionMonitor.onPackageAdded(testPackageName, uid); | |
2344 | + } | |
2345 | + | |
2336 | 2346 | @Test |
2337 | - public void testNetworkGoesIntoBackgroundAfterLinger() { | |
2347 | + public void testNetworkGoesIntoBackgroundAfterLinger() throws Exception { | |
2338 | 2348 | setAlwaysOnNetworks(true); |
2349 | + grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid()); | |
2339 | 2350 | NetworkRequest request = new NetworkRequest.Builder() |
2340 | 2351 | .clearCapabilities() |
2341 | 2352 | .build(); |
@@ -3416,6 +3427,7 @@ public class ConnectivityServiceTest { | ||
3416 | 3427 | // Create a background request. We can't do this ourselves because ConnectivityService |
3417 | 3428 | // doesn't have an API for it. So just turn on mobile data always on. |
3418 | 3429 | setAlwaysOnNetworks(true); |
3430 | + grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid()); | |
3419 | 3431 | final NetworkRequest request = new NetworkRequest.Builder().build(); |
3420 | 3432 | final NetworkRequest fgRequest = new NetworkRequest.Builder() |
3421 | 3433 | .addCapability(NET_CAPABILITY_FOREGROUND).build(); |
@@ -3582,6 +3594,7 @@ public class ConnectivityServiceTest { | ||
3582 | 3594 | |
3583 | 3595 | @Test |
3584 | 3596 | public void testMobileDataAlwaysOn() throws Exception { |
3597 | + grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid()); | |
3585 | 3598 | final TestNetworkCallback cellNetworkCallback = new TestNetworkCallback(); |
3586 | 3599 | final NetworkRequest cellRequest = new NetworkRequest.Builder() |
3587 | 3600 | .addTransportType(TRANSPORT_CELLULAR).build(); |
@@ -6529,7 +6542,14 @@ public class ConnectivityServiceTest { | ||
6529 | 6542 | |
6530 | 6543 | private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid) { |
6531 | 6544 | final PackageInfo packageInfo = new PackageInfo(); |
6532 | - packageInfo.requestedPermissions = new String[0]; | |
6545 | + if (hasSystemPermission) { | |
6546 | + packageInfo.requestedPermissions = new String[] { | |
6547 | + CHANGE_NETWORK_STATE, CONNECTIVITY_USE_RESTRICTED_NETWORKS }; | |
6548 | + packageInfo.requestedPermissionsFlags = new int[] { | |
6549 | + REQUESTED_PERMISSION_GRANTED, REQUESTED_PERMISSION_GRANTED }; | |
6550 | + } else { | |
6551 | + packageInfo.requestedPermissions = new String[0]; | |
6552 | + } | |
6533 | 6553 | packageInfo.applicationInfo = new ApplicationInfo(); |
6534 | 6554 | packageInfo.applicationInfo.privateFlags = 0; |
6535 | 6555 | packageInfo.applicationInfo.uid = UserHandle.getUid(UserHandle.USER_SYSTEM, |
@@ -27,6 +27,7 @@ import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_OEM; | ||
27 | 27 | import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_PRODUCT; |
28 | 28 | import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_VENDOR; |
29 | 29 | import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED; |
30 | +import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_REQUIRED; | |
30 | 31 | import static android.content.pm.PackageManager.GET_PERMISSIONS; |
31 | 32 | import static android.content.pm.PackageManager.MATCH_ANY_USER; |
32 | 33 | import static android.os.Process.SYSTEM_UID; |
@@ -36,6 +37,7 @@ import static com.android.server.connectivity.PermissionMonitor.SYSTEM; | ||
36 | 37 | |
37 | 38 | import static junit.framework.Assert.fail; |
38 | 39 | |
40 | +import static org.junit.Assert.assertEquals; | |
39 | 41 | import static org.junit.Assert.assertFalse; |
40 | 42 | import static org.junit.Assert.assertNull; |
41 | 43 | import static org.junit.Assert.assertTrue; |
@@ -102,7 +104,6 @@ public class PermissionMonitorTest { | ||
102 | 104 | private static final String MOCK_PACKAGE2 = "appName2"; |
103 | 105 | private static final String SYSTEM_PACKAGE1 = "sysName1"; |
104 | 106 | private static final String SYSTEM_PACKAGE2 = "sysName2"; |
105 | - private static final String VPN_PACKAGE = "vpnApp"; | |
106 | 107 | private static final String PARTITION_SYSTEM = "system"; |
107 | 108 | private static final String PARTITION_OEM = "oem"; |
108 | 109 | private static final String PARTITION_PRODUCT = "product"; |
@@ -145,28 +146,31 @@ public class PermissionMonitorTest { | ||
145 | 146 | mObserver = observerCaptor.getValue(); |
146 | 147 | } |
147 | 148 | |
148 | - private boolean hasBgPermission(String partition, int targetSdkVersion, int uid, | |
149 | - String... permission) throws Exception { | |
150 | - final PackageInfo packageInfo = packageInfoWithPermissions(permission, partition); | |
149 | + private boolean hasRestrictedNetworkPermission(String partition, int targetSdkVersion, int uid, | |
150 | + String... permissions) { | |
151 | + final PackageInfo packageInfo = | |
152 | + packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, permissions, partition); | |
151 | 153 | packageInfo.applicationInfo.targetSdkVersion = targetSdkVersion; |
152 | 154 | packageInfo.applicationInfo.uid = uid; |
153 | - when(mPackageManager.getPackageInfoAsUser( | |
154 | - eq(MOCK_PACKAGE1), eq(GET_PERMISSIONS), anyInt())).thenReturn(packageInfo); | |
155 | - when(mPackageManager.getPackagesForUid(anyInt())).thenReturn(new String[] {MOCK_PACKAGE1}); | |
156 | - return mPermissionMonitor.hasUseBackgroundNetworksPermission(uid); | |
155 | + return mPermissionMonitor.hasRestrictedNetworkPermission(packageInfo); | |
157 | 156 | } |
158 | 157 | |
159 | - private static PackageInfo packageInfoWithPermissions(String[] permissions, String partition) { | |
158 | + private static PackageInfo systemPackageInfoWithPermissions(String... permissions) { | |
159 | + return packageInfoWithPermissions( | |
160 | + REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM); | |
161 | + } | |
162 | + | |
163 | + private static PackageInfo vendorPackageInfoWithPermissions(String... permissions) { | |
164 | + return packageInfoWithPermissions( | |
165 | + REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_VENDOR); | |
166 | + } | |
167 | + | |
168 | + private static PackageInfo packageInfoWithPermissions(int permissionsFlags, | |
169 | + String[] permissions, String partition) { | |
160 | 170 | int[] requestedPermissionsFlags = new int[permissions.length]; |
161 | 171 | for (int i = 0; i < permissions.length; i++) { |
162 | - requestedPermissionsFlags[i] = REQUESTED_PERMISSION_GRANTED; | |
172 | + requestedPermissionsFlags[i] = permissionsFlags; | |
163 | 173 | } |
164 | - return packageInfoWithPermissions(permissions, partition, | |
165 | - requestedPermissionsFlags); | |
166 | - } | |
167 | - | |
168 | - private static PackageInfo packageInfoWithPermissions(String[] permissions, String partition, | |
169 | - int[] requestedPermissionsFlags) { | |
170 | 174 | final PackageInfo packageInfo = new PackageInfo(); |
171 | 175 | packageInfo.requestedPermissions = permissions; |
172 | 176 | packageInfo.applicationInfo = new ApplicationInfo(); |
@@ -190,12 +194,10 @@ public class PermissionMonitorTest { | ||
190 | 194 | private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid, int userId) { |
191 | 195 | final PackageInfo pkgInfo; |
192 | 196 | if (hasSystemPermission) { |
193 | - final String[] systemPermissions = new String[]{ | |
194 | - CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS | |
195 | - }; | |
196 | - pkgInfo = packageInfoWithPermissions(systemPermissions, PARTITION_SYSTEM); | |
197 | + pkgInfo = systemPackageInfoWithPermissions( | |
198 | + CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS); | |
197 | 199 | } else { |
198 | - pkgInfo = packageInfoWithPermissions(new String[] {}, ""); | |
200 | + pkgInfo = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, new String[] {}, ""); | |
199 | 201 | } |
200 | 202 | pkgInfo.applicationInfo.uid = UserHandle.getUid(userId, UserHandle.getAppId(uid)); |
201 | 203 | return pkgInfo; |
@@ -203,82 +205,151 @@ public class PermissionMonitorTest { | ||
203 | 205 | |
204 | 206 | @Test |
205 | 207 | public void testHasPermission() { |
206 | - PackageInfo app = packageInfoWithPermissions(new String[] {}, PARTITION_SYSTEM); | |
208 | + PackageInfo app = systemPackageInfoWithPermissions(); | |
207 | 209 | assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); |
208 | 210 | assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); |
209 | 211 | assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); |
210 | 212 | assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); |
211 | 213 | |
212 | - app = packageInfoWithPermissions(new String[] { | |
213 | - CHANGE_NETWORK_STATE, NETWORK_STACK | |
214 | - }, PARTITION_SYSTEM); | |
214 | + app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE, NETWORK_STACK); | |
215 | 215 | assertTrue(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); |
216 | 216 | assertTrue(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); |
217 | 217 | assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); |
218 | 218 | assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); |
219 | 219 | |
220 | - app = packageInfoWithPermissions(new String[] { | |
221 | - CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL | |
222 | - }, PARTITION_SYSTEM); | |
220 | + app = systemPackageInfoWithPermissions( | |
221 | + CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL); | |
223 | 222 | assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); |
224 | 223 | assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); |
225 | 224 | assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); |
226 | 225 | assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); |
226 | + | |
227 | + app = packageInfoWithPermissions(REQUESTED_PERMISSION_REQUIRED, new String[] { | |
228 | + CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL, NETWORK_STACK }, | |
229 | + PARTITION_SYSTEM); | |
230 | + assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); | |
231 | + assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); | |
232 | + assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
233 | + assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); | |
234 | + | |
235 | + app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE); | |
236 | + app.requestedPermissions = null; | |
237 | + assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); | |
238 | + | |
239 | + app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE); | |
240 | + app.requestedPermissionsFlags = null; | |
241 | + assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); | |
227 | 242 | } |
228 | 243 | |
229 | 244 | @Test |
230 | 245 | public void testIsVendorApp() { |
231 | - PackageInfo app = packageInfoWithPermissions(new String[] {}, PARTITION_SYSTEM); | |
246 | + PackageInfo app = systemPackageInfoWithPermissions(); | |
232 | 247 | assertFalse(mPermissionMonitor.isVendorApp(app.applicationInfo)); |
233 | - app = packageInfoWithPermissions(new String[] {}, PARTITION_OEM); | |
248 | + app = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, | |
249 | + new String[] {}, PARTITION_OEM); | |
234 | 250 | assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo)); |
235 | - app = packageInfoWithPermissions(new String[] {}, PARTITION_PRODUCT); | |
251 | + app = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, | |
252 | + new String[] {}, PARTITION_PRODUCT); | |
236 | 253 | assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo)); |
237 | - app = packageInfoWithPermissions(new String[] {}, PARTITION_VENDOR); | |
254 | + app = vendorPackageInfoWithPermissions(); | |
238 | 255 | assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo)); |
239 | 256 | } |
240 | 257 | |
241 | 258 | @Test |
242 | - public void testHasUseBackgroundNetworksPermission() throws Exception { | |
243 | - assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1)); | |
244 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE)); | |
245 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK)); | |
246 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL)); | |
247 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, | |
248 | - CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
249 | - assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE)); | |
250 | - | |
251 | - assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1)); | |
252 | - assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); | |
259 | + public void testHasNetworkPermission() { | |
260 | + PackageInfo app = systemPackageInfoWithPermissions(); | |
261 | + assertFalse(mPermissionMonitor.hasNetworkPermission(app)); | |
262 | + app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE); | |
263 | + assertTrue(mPermissionMonitor.hasNetworkPermission(app)); | |
264 | + app = systemPackageInfoWithPermissions(NETWORK_STACK); | |
265 | + assertFalse(mPermissionMonitor.hasNetworkPermission(app)); | |
266 | + app = systemPackageInfoWithPermissions(CONNECTIVITY_USE_RESTRICTED_NETWORKS); | |
267 | + assertFalse(mPermissionMonitor.hasNetworkPermission(app)); | |
253 | 268 | } |
254 | 269 | |
255 | 270 | @Test |
256 | - public void testHasUseBackgroundNetworksPermissionSystemUid() throws Exception { | |
271 | + public void testHasRestrictedNetworkPermission() { | |
272 | + assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1)); | |
273 | + assertFalse(hasRestrictedNetworkPermission( | |
274 | + PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE)); | |
275 | + assertTrue(hasRestrictedNetworkPermission( | |
276 | + PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK)); | |
277 | + assertTrue(hasRestrictedNetworkPermission( | |
278 | + PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL)); | |
279 | + assertTrue(hasRestrictedNetworkPermission( | |
280 | + PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
281 | + assertFalse(hasRestrictedNetworkPermission( | |
282 | + PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE)); | |
283 | + | |
284 | + assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1)); | |
285 | + assertFalse(hasRestrictedNetworkPermission( | |
286 | + PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); | |
287 | + } | |
288 | + | |
289 | + @Test | |
290 | + public void testHasRestrictedNetworkPermissionSystemUid() { | |
257 | 291 | doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt(); |
258 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID)); | |
259 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE)); | |
260 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, | |
261 | - CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
292 | + assertTrue(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID)); | |
293 | + assertTrue(hasRestrictedNetworkPermission( | |
294 | + PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE)); | |
295 | + assertTrue(hasRestrictedNetworkPermission( | |
296 | + PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
262 | 297 | |
263 | 298 | doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt(); |
264 | - assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID)); | |
265 | - assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE)); | |
266 | - assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, | |
267 | - CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
299 | + assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID)); | |
300 | + assertFalse(hasRestrictedNetworkPermission( | |
301 | + PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE)); | |
302 | + assertTrue(hasRestrictedNetworkPermission( | |
303 | + PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
268 | 304 | } |
269 | 305 | |
270 | 306 | @Test |
271 | - public void testHasUseBackgroundNetworksPermissionVendorApp() throws Exception { | |
272 | - assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1)); | |
273 | - assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE)); | |
274 | - assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, NETWORK_STACK)); | |
275 | - assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL)); | |
276 | - assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, | |
277 | - CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
278 | - assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE)); | |
279 | - | |
280 | - assertFalse(hasBgPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1)); | |
281 | - assertFalse(hasBgPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); | |
307 | + public void testHasRestrictedNetworkPermissionVendorApp() { | |
308 | + assertTrue(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1)); | |
309 | + assertTrue(hasRestrictedNetworkPermission( | |
310 | + PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE)); | |
311 | + assertTrue(hasRestrictedNetworkPermission( | |
312 | + PARTITION_VENDOR, VERSION_P, MOCK_UID1, NETWORK_STACK)); | |
313 | + assertTrue(hasRestrictedNetworkPermission( | |
314 | + PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL)); | |
315 | + assertTrue(hasRestrictedNetworkPermission( | |
316 | + PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); | |
317 | + assertTrue(hasRestrictedNetworkPermission( | |
318 | + PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE)); | |
319 | + | |
320 | + assertFalse(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1)); | |
321 | + assertFalse(hasRestrictedNetworkPermission( | |
322 | + PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); | |
323 | + assertFalse(hasRestrictedNetworkPermission( | |
324 | + PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_NETWORK_STATE)); | |
325 | + } | |
326 | + | |
327 | + private void assertBackgroundPermission(boolean hasPermission, String name, int uid, | |
328 | + String... permissions) throws Exception { | |
329 | + when(mPackageManager.getPackageInfo(eq(name), anyInt())) | |
330 | + .thenReturn(packageInfoWithPermissions( | |
331 | + REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM)); | |
332 | + mPermissionMonitor.onPackageAdded(name, uid); | |
333 | + assertEquals(hasPermission, mPermissionMonitor.hasUseBackgroundNetworksPermission(uid)); | |
334 | + } | |
335 | + | |
336 | + @Test | |
337 | + public void testHasUseBackgroundNetworksPermission() throws Exception { | |
338 | + assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(SYSTEM_UID)); | |
339 | + assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID); | |
340 | + assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_WIFI_STATE); | |
341 | + assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_NETWORK_STATE); | |
342 | + assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, NETWORK_STACK); | |
343 | + | |
344 | + assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID1)); | |
345 | + assertBackgroundPermission(false, MOCK_PACKAGE1, MOCK_UID1); | |
346 | + assertBackgroundPermission(true, MOCK_PACKAGE1, MOCK_UID1, | |
347 | + CONNECTIVITY_USE_RESTRICTED_NETWORKS); | |
348 | + | |
349 | + assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID2)); | |
350 | + assertBackgroundPermission(false, MOCK_PACKAGE2, MOCK_UID2); | |
351 | + assertBackgroundPermission(true, MOCK_PACKAGE2, MOCK_UID2, | |
352 | + CONNECTIVITY_INTERNAL); | |
282 | 353 | } |
283 | 354 | |
284 | 355 | private class NetdMonitor { |
@@ -563,7 +634,8 @@ public class PermissionMonitorTest { | ||
563 | 634 | |
564 | 635 | private PackageInfo addPackage(String packageName, int uid, String[] permissions) |
565 | 636 | throws Exception { |
566 | - PackageInfo packageInfo = packageInfoWithPermissions(permissions, PARTITION_SYSTEM); | |
637 | + PackageInfo packageInfo = packageInfoWithPermissions( | |
638 | + REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM); | |
567 | 639 | when(mPackageManager.getPackageInfo(eq(packageName), anyInt())).thenReturn(packageInfo); |
568 | 640 | when(mPackageManager.getPackagesForUid(eq(uid))).thenReturn(new String[]{packageName}); |
569 | 641 | mObserver.onPackageAdded(packageName, uid); |
@@ -593,7 +665,7 @@ public class PermissionMonitorTest { | ||
593 | 665 | |
594 | 666 | // Install another package with the same uid and no permissions should not cause the UID to |
595 | 667 | // lose permissions. |
596 | - PackageInfo packageInfo2 = packageInfoWithPermissions(new String[]{}, PARTITION_SYSTEM); | |
668 | + PackageInfo packageInfo2 = systemPackageInfoWithPermissions(); | |
597 | 669 | when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2); |
598 | 670 | when(mPackageManager.getPackagesForUid(MOCK_UID1)) |
599 | 671 | .thenReturn(new String[]{MOCK_PACKAGE1, MOCK_PACKAGE2}); |
@@ -641,8 +713,7 @@ public class PermissionMonitorTest { | ||
641 | 713 | | INetd.PERMISSION_UPDATE_DEVICE_STATS, new int[]{MOCK_UID1}); |
642 | 714 | |
643 | 715 | // Mock another package with the same uid but different permissions. |
644 | - PackageInfo packageInfo2 = packageInfoWithPermissions(new String[] {INTERNET}, | |
645 | - PARTITION_SYSTEM); | |
716 | + PackageInfo packageInfo2 = systemPackageInfoWithPermissions(INTERNET); | |
646 | 717 | when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2); |
647 | 718 | when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{ |
648 | 719 | MOCK_PACKAGE2}); |