1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
15 */
16
17package com.android.server.pm;
18
19import android.content.Context;
20import android.content.pm.PackageInfo;
21import android.content.pm.PackageManager;
22import android.content.pm.PermissionInfo;
23import android.platform.test.annotations.GlobalPresubmit;
24import android.support.test.InstrumentationRegistry;
25import android.support.test.filters.SmallTest;
26import android.support.test.runner.AndroidJUnit4;
27import android.util.ArraySet;
28
29import com.android.internal.os.RoSystemProperties;
30import com.android.internal.util.ArrayUtils;
31import com.android.server.SystemConfig;
32
33import org.junit.Before;
34import org.junit.Test;
35import org.junit.runner.RunWith;
36
37import java.util.List;
38
39import static android.content.pm.PackageManager.GET_PERMISSIONS;
40import static junit.framework.Assert.assertTrue;
41
42
43/**
44 * Presubmit tests for {@link PackageManager}.
45 */
46@RunWith(AndroidJUnit4.class)
47public class PackageManagerPresubmitTest {
48
49    private Context mContext;
50
51    private PackageManager mPackageManager;
52
53    @Before
54    public void setUp() {
55        mContext = InstrumentationRegistry.getContext();
56        mPackageManager = mContext.getPackageManager();
57    }
58
59    /**
60     * <p>This test ensures that all signature|privileged permissions are granted to priv-apps.
61     * If CONTROL_PRIVAPP_PERMISSIONS_ENFORCE is set, the test also verifies that
62     * granted permissions are whitelisted in {@link SystemConfig}
63     */
64    @Test
65    @SmallTest
66    @GlobalPresubmit
67    public void testPrivAppPermissions() throws PackageManager.NameNotFoundException {
68        List<PackageInfo> installedPackages = mPackageManager
69                .getInstalledPackages(PackageManager.MATCH_UNINSTALLED_PACKAGES | GET_PERMISSIONS);
70        for (PackageInfo packageInfo : installedPackages) {
71            if (!packageInfo.applicationInfo.isPrivilegedApp()
72                    || PackageManagerService.PLATFORM_PACKAGE_NAME.equals(packageInfo.packageName)) {
73                continue;
74            }
75            testPackagePrivAppPermission(packageInfo);
76        }
77
78    }
79
80    private void testPackagePrivAppPermission(PackageInfo packageInfo)
81            throws PackageManager.NameNotFoundException {
82        String packageName = packageInfo.packageName;
83        ArraySet<String> privAppPermissions = SystemConfig.getInstance()
84                .getPrivAppPermissions(packageName);
85        if (ArrayUtils.isEmpty(packageInfo.requestedPermissions)) {
86            return;
87        }
88        for (int i = 0; i < packageInfo.requestedPermissions.length; i++) {
89            String pName = packageInfo.requestedPermissions[i];
90            int protectionLevel;
91            boolean platformPermission;
92            try {
93                PermissionInfo permissionInfo = mPackageManager.getPermissionInfo(pName, 0);
94                platformPermission = PackageManagerService.PLATFORM_PACKAGE_NAME.equals(
95                        permissionInfo.packageName);
96                protectionLevel = permissionInfo.protectionLevel;
97            } catch (PackageManager.NameNotFoundException e) {
98                continue;
99            }
100            if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0) {
101                boolean granted = (packageInfo.requestedPermissionsFlags[i]
102                        & PackageInfo.REQUESTED_PERMISSION_GRANTED) != 0;
103                // if privapp permissions are enforced, platform permissions must be whitelisted
104                // in SystemConfig
105                if (platformPermission && RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) {
106                    assertTrue("Permission " + pName + " should be declared in "
107                                    + "privapp-permissions-<category>.xml file for package "
108                                    + packageName,
109                            privAppPermissions != null && privAppPermissions.contains(pName));
110                }
111                assertTrue("Permission " + pName + " should be granted to " + packageName, granted);
112            }
113        }
114    }
115}
116