1/* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License 15 */ 16 17package com.android.server.pm; 18 19import android.content.Context; 20import android.content.pm.PackageInfo; 21import android.content.pm.PackageManager; 22import android.content.pm.PermissionInfo; 23import android.platform.test.annotations.GlobalPresubmit; 24import android.support.test.InstrumentationRegistry; 25import android.support.test.filters.SmallTest; 26import android.support.test.runner.AndroidJUnit4; 27import android.util.ArraySet; 28 29import com.android.internal.os.RoSystemProperties; 30import com.android.internal.util.ArrayUtils; 31import com.android.server.SystemConfig; 32 33import org.junit.Before; 34import org.junit.Test; 35import org.junit.runner.RunWith; 36 37import java.util.List; 38 39import static android.content.pm.PackageManager.GET_PERMISSIONS; 40import static junit.framework.Assert.assertTrue; 41 42 43/** 44 * Presubmit tests for {@link PackageManager}. 45 */ 46@RunWith(AndroidJUnit4.class) 47public class PackageManagerPresubmitTest { 48 49 private Context mContext; 50 51 private PackageManager mPackageManager; 52 53 @Before 54 public void setUp() { 55 mContext = InstrumentationRegistry.getContext(); 56 mPackageManager = mContext.getPackageManager(); 57 } 58 59 /** 60 * <p>This test ensures that all signature|privileged permissions are granted to priv-apps. 61 * If CONTROL_PRIVAPP_PERMISSIONS_ENFORCE is set, the test also verifies that 62 * granted permissions are whitelisted in {@link SystemConfig} 63 */ 64 @Test 65 @SmallTest 66 @GlobalPresubmit 67 public void testPrivAppPermissions() throws PackageManager.NameNotFoundException { 68 List<PackageInfo> installedPackages = mPackageManager 69 .getInstalledPackages(PackageManager.MATCH_UNINSTALLED_PACKAGES | GET_PERMISSIONS); 70 for (PackageInfo packageInfo : installedPackages) { 71 if (!packageInfo.applicationInfo.isPrivilegedApp() 72 || PackageManagerService.PLATFORM_PACKAGE_NAME.equals(packageInfo.packageName)) { 73 continue; 74 } 75 testPackagePrivAppPermission(packageInfo); 76 } 77 78 } 79 80 private void testPackagePrivAppPermission(PackageInfo packageInfo) 81 throws PackageManager.NameNotFoundException { 82 String packageName = packageInfo.packageName; 83 ArraySet<String> privAppPermissions = SystemConfig.getInstance() 84 .getPrivAppPermissions(packageName); 85 if (ArrayUtils.isEmpty(packageInfo.requestedPermissions)) { 86 return; 87 } 88 for (int i = 0; i < packageInfo.requestedPermissions.length; i++) { 89 String pName = packageInfo.requestedPermissions[i]; 90 int protectionLevel; 91 boolean platformPermission; 92 try { 93 PermissionInfo permissionInfo = mPackageManager.getPermissionInfo(pName, 0); 94 platformPermission = PackageManagerService.PLATFORM_PACKAGE_NAME.equals( 95 permissionInfo.packageName); 96 protectionLevel = permissionInfo.protectionLevel; 97 } catch (PackageManager.NameNotFoundException e) { 98 continue; 99 } 100 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0) { 101 boolean granted = (packageInfo.requestedPermissionsFlags[i] 102 & PackageInfo.REQUESTED_PERMISSION_GRANTED) != 0; 103 // if privapp permissions are enforced, platform permissions must be whitelisted 104 // in SystemConfig 105 if (platformPermission && RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) { 106 assertTrue("Permission " + pName + " should be declared in " 107 + "privapp-permissions-<category>.xml file for package " 108 + packageName, 109 privAppPermissions != null && privAppPermissions.contains(pName)); 110 } 111 assertTrue("Permission " + pName + " should be granted to " + packageName, granted); 112 } 113 } 114 } 115} 116