Stop using SysetmConfig#getSystemPermissions on PermissionMonitor
Repalace the API with SysetmConfigManager#getSystemPermissionUids and update the design/test accordingly. Bug: 177188455 Test: atest FrameworksNetTests Test: atest FrameworksNetIntegrationTests Test: atest CtsNetTestCases Change-Id: I8b553b934252b93c60b815715680427a41620054
This commit is contained in:
paulhu
@@ -40,10 +40,10 @@ import android.net.UidRange;
|
|||||||
import android.os.Build;
|
import android.os.Build;
|
||||||
import android.os.RemoteException;
|
import android.os.RemoteException;
|
||||||
import android.os.ServiceSpecificException;
|
import android.os.ServiceSpecificException;
|
||||||
|
import android.os.SystemConfigManager;
|
||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
import android.os.UserManager;
|
import android.os.UserManager;
|
||||||
import android.system.OsConstants;
|
import android.system.OsConstants;
|
||||||
import android.util.ArraySet;
|
|
||||||
import android.util.Log;
|
import android.util.Log;
|
||||||
import android.util.SparseArray;
|
import android.util.SparseArray;
|
||||||
import android.util.SparseIntArray;
|
import android.util.SparseIntArray;
|
||||||
@@ -53,7 +53,6 @@ import com.android.internal.annotations.VisibleForTesting;
|
|||||||
import com.android.internal.util.ArrayUtils;
|
import com.android.internal.util.ArrayUtils;
|
||||||
import com.android.internal.util.IndentingPrintWriter;
|
import com.android.internal.util.IndentingPrintWriter;
|
||||||
import com.android.server.LocalServices;
|
import com.android.server.LocalServices;
|
||||||
import com.android.server.SystemConfig;
|
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
@@ -80,6 +79,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse
|
|||||||
|
|
||||||
private final PackageManager mPackageManager;
|
private final PackageManager mPackageManager;
|
||||||
private final UserManager mUserManager;
|
private final UserManager mUserManager;
|
||||||
|
private final SystemConfigManager mSystemConfigManager;
|
||||||
private final INetd mNetd;
|
private final INetd mNetd;
|
||||||
private final Dependencies mDeps;
|
private final Dependencies mDeps;
|
||||||
|
|
||||||
@@ -123,6 +123,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse
|
|||||||
@NonNull final Dependencies deps) {
|
@NonNull final Dependencies deps) {
|
||||||
mPackageManager = context.getPackageManager();
|
mPackageManager = context.getPackageManager();
|
||||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||||
|
mSystemConfigManager = context.getSystemService(SystemConfigManager.class);
|
||||||
mNetd = netd;
|
mNetd = netd;
|
||||||
mDeps = deps;
|
mDeps = deps;
|
||||||
}
|
}
|
||||||
@@ -174,20 +175,18 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse
|
|||||||
|
|
||||||
mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
|
mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
|
||||||
|
|
||||||
final SparseArray<ArraySet<String>> systemPermission =
|
final SparseArray<String> netdPermToSystemPerm = new SparseArray<>();
|
||||||
SystemConfig.getInstance().getSystemPermissions();
|
netdPermToSystemPerm.put(INetd.PERMISSION_INTERNET, INTERNET);
|
||||||
for (int i = 0; i < systemPermission.size(); i++) {
|
netdPermToSystemPerm.put(INetd.PERMISSION_UPDATE_DEVICE_STATS, UPDATE_DEVICE_STATS);
|
||||||
ArraySet<String> perms = systemPermission.valueAt(i);
|
for (int i = 0; i < netdPermToSystemPerm.size(); i++) {
|
||||||
int uid = systemPermission.keyAt(i);
|
final int netdPermission = netdPermToSystemPerm.keyAt(i);
|
||||||
int netdPermission = 0;
|
final String systemPermission = netdPermToSystemPerm.valueAt(i);
|
||||||
// Get the uids of native services that have UPDATE_DEVICE_STATS or INTERNET permission.
|
final int[] hasPermissionUids =
|
||||||
if (perms != null) {
|
mSystemConfigManager.getSystemPermissionUids(systemPermission);
|
||||||
netdPermission |= perms.contains(UPDATE_DEVICE_STATS)
|
for (int j = 0; j < hasPermissionUids.length; j++) {
|
||||||
? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0;
|
final int uid = hasPermissionUids[j];
|
||||||
netdPermission |= perms.contains(INTERNET)
|
netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission);
|
||||||
? INetd.PERMISSION_INTERNET : 0;
|
|
||||||
}
|
}
|
||||||
netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission);
|
|
||||||
}
|
}
|
||||||
log("Users: " + mUsers.size() + ", Apps: " + mApps.size());
|
log("Users: " + mUsers.size() + ", Apps: " + mApps.size());
|
||||||
update(mUsers, mApps, true);
|
update(mUsers, mApps, true);
|
||||||
|
|||||||
@@ -38,6 +38,7 @@ import android.net.metrics.IpConnectivityLog
|
|||||||
import android.os.ConditionVariable
|
import android.os.ConditionVariable
|
||||||
import android.os.IBinder
|
import android.os.IBinder
|
||||||
import android.os.INetworkManagementService
|
import android.os.INetworkManagementService
|
||||||
|
import android.os.SystemConfigManager
|
||||||
import android.os.UserHandle
|
import android.os.UserHandle
|
||||||
import android.testing.TestableContext
|
import android.testing.TestableContext
|
||||||
import android.util.Log
|
import android.util.Log
|
||||||
@@ -57,6 +58,7 @@ import org.junit.BeforeClass
|
|||||||
import org.junit.Test
|
import org.junit.Test
|
||||||
import org.junit.runner.RunWith
|
import org.junit.runner.RunWith
|
||||||
import org.mockito.AdditionalAnswers
|
import org.mockito.AdditionalAnswers
|
||||||
|
import org.mockito.ArgumentMatchers.anyString
|
||||||
import org.mockito.Mock
|
import org.mockito.Mock
|
||||||
import org.mockito.Mockito.any
|
import org.mockito.Mockito.any
|
||||||
import org.mockito.Mockito.anyInt
|
import org.mockito.Mockito.anyInt
|
||||||
@@ -94,6 +96,8 @@ class ConnectivityServiceIntegrationTest {
|
|||||||
private lateinit var netd: INetd
|
private lateinit var netd: INetd
|
||||||
@Mock
|
@Mock
|
||||||
private lateinit var dnsResolver: IDnsResolver
|
private lateinit var dnsResolver: IDnsResolver
|
||||||
|
@Mock
|
||||||
|
private lateinit var systemConfigManager: SystemConfigManager
|
||||||
@Spy
|
@Spy
|
||||||
private var context = TestableContext(realContext)
|
private var context = TestableContext(realContext)
|
||||||
|
|
||||||
@@ -151,6 +155,11 @@ class ConnectivityServiceIntegrationTest {
|
|||||||
doReturn(UserHandle.ALL).`when`(asUserCtx).user
|
doReturn(UserHandle.ALL).`when`(asUserCtx).user
|
||||||
doReturn(asUserCtx).`when`(context).createContextAsUser(eq(UserHandle.ALL), anyInt())
|
doReturn(asUserCtx).`when`(context).createContextAsUser(eq(UserHandle.ALL), anyInt())
|
||||||
doNothing().`when`(context).sendStickyBroadcast(any(), any())
|
doNothing().`when`(context).sendStickyBroadcast(any(), any())
|
||||||
|
doReturn(Context.SYSTEM_CONFIG_SERVICE).`when`(context)
|
||||||
|
.getSystemServiceName(SystemConfigManager::class.java)
|
||||||
|
doReturn(systemConfigManager).`when`(context)
|
||||||
|
.getSystemService(Context.SYSTEM_CONFIG_SERVICE)
|
||||||
|
doReturn(IntArray(0)).`when`(systemConfigManager).getSystemPermissionUids(anyString())
|
||||||
|
|
||||||
networkStackClient = TestNetworkStackClient(realContext)
|
networkStackClient = TestNetworkStackClient(realContext)
|
||||||
networkStackClient.init()
|
networkStackClient.init()
|
||||||
|
|||||||
@@ -233,6 +233,7 @@ import android.os.Process;
|
|||||||
import android.os.RemoteException;
|
import android.os.RemoteException;
|
||||||
import android.os.ServiceSpecificException;
|
import android.os.ServiceSpecificException;
|
||||||
import android.os.SystemClock;
|
import android.os.SystemClock;
|
||||||
|
import android.os.SystemConfigManager;
|
||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
import android.os.UserManager;
|
import android.os.UserManager;
|
||||||
import android.provider.Settings;
|
import android.provider.Settings;
|
||||||
@@ -424,6 +425,7 @@ public class ConnectivityServiceTest {
|
|||||||
@Mock EthernetManager mEthernetManager;
|
@Mock EthernetManager mEthernetManager;
|
||||||
@Mock NetworkPolicyManager mNetworkPolicyManager;
|
@Mock NetworkPolicyManager mNetworkPolicyManager;
|
||||||
@Mock KeyStore mKeyStore;
|
@Mock KeyStore mKeyStore;
|
||||||
|
@Mock SystemConfigManager mSystemConfigManager;
|
||||||
|
|
||||||
private ArgumentCaptor<ResolverParamsParcel> mResolverParamsParcelCaptor =
|
private ArgumentCaptor<ResolverParamsParcel> mResolverParamsParcelCaptor =
|
||||||
ArgumentCaptor.forClass(ResolverParamsParcel.class);
|
ArgumentCaptor.forClass(ResolverParamsParcel.class);
|
||||||
@@ -520,6 +522,7 @@ public class ConnectivityServiceTest {
|
|||||||
if (Context.TELEPHONY_SERVICE.equals(name)) return mTelephonyManager;
|
if (Context.TELEPHONY_SERVICE.equals(name)) return mTelephonyManager;
|
||||||
if (Context.ETHERNET_SERVICE.equals(name)) return mEthernetManager;
|
if (Context.ETHERNET_SERVICE.equals(name)) return mEthernetManager;
|
||||||
if (Context.NETWORK_POLICY_SERVICE.equals(name)) return mNetworkPolicyManager;
|
if (Context.NETWORK_POLICY_SERVICE.equals(name)) return mNetworkPolicyManager;
|
||||||
|
if (Context.SYSTEM_CONFIG_SERVICE.equals(name)) return mSystemConfigManager;
|
||||||
return super.getSystemService(name);
|
return super.getSystemService(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1426,6 +1429,7 @@ public class ConnectivityServiceTest {
|
|||||||
applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q;
|
applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q;
|
||||||
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
|
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
|
||||||
.thenReturn(applicationInfo);
|
.thenReturn(applicationInfo);
|
||||||
|
when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]);
|
||||||
|
|
||||||
// InstrumentationTestRunner prepares a looper, but AndroidJUnitRunner does not.
|
// InstrumentationTestRunner prepares a looper, but AndroidJUnitRunner does not.
|
||||||
// http://b/25897652 .
|
// http://b/25897652 .
|
||||||
|
|||||||
@@ -61,6 +61,7 @@ import android.content.pm.PackageManagerInternal;
|
|||||||
import android.net.INetd;
|
import android.net.INetd;
|
||||||
import android.net.UidRange;
|
import android.net.UidRange;
|
||||||
import android.os.Build;
|
import android.os.Build;
|
||||||
|
import android.os.SystemConfigManager;
|
||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
import android.os.UserManager;
|
import android.os.UserManager;
|
||||||
import android.util.SparseIntArray;
|
import android.util.SparseIntArray;
|
||||||
@@ -114,6 +115,7 @@ public class PermissionMonitorTest {
|
|||||||
@Mock private PackageManagerInternal mMockPmi;
|
@Mock private PackageManagerInternal mMockPmi;
|
||||||
@Mock private UserManager mUserManager;
|
@Mock private UserManager mUserManager;
|
||||||
@Mock private PermissionMonitor.Dependencies mDeps;
|
@Mock private PermissionMonitor.Dependencies mDeps;
|
||||||
|
@Mock private SystemConfigManager mSystemConfigManager;
|
||||||
|
|
||||||
private PermissionMonitor mPermissionMonitor;
|
private PermissionMonitor mPermissionMonitor;
|
||||||
|
|
||||||
@@ -124,6 +126,11 @@ public class PermissionMonitorTest {
|
|||||||
when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager);
|
when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager);
|
||||||
when(mUserManager.getUserHandles(eq(true))).thenReturn(
|
when(mUserManager.getUserHandles(eq(true))).thenReturn(
|
||||||
Arrays.asList(new UserHandle[] { MOCK_USER1, MOCK_USER2 }));
|
Arrays.asList(new UserHandle[] { MOCK_USER1, MOCK_USER2 }));
|
||||||
|
when(mContext.getSystemServiceName(SystemConfigManager.class))
|
||||||
|
.thenReturn(Context.SYSTEM_CONFIG_SERVICE);
|
||||||
|
when(mContext.getSystemService(Context.SYSTEM_CONFIG_SERVICE))
|
||||||
|
.thenReturn(mSystemConfigManager);
|
||||||
|
when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]);
|
||||||
|
|
||||||
mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps));
|
mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps));
|
||||||
|
|
||||||
@@ -747,4 +754,20 @@ public class PermissionMonitorTest {
|
|||||||
GET_PERMISSIONS | MATCH_ANY_USER);
|
GET_PERMISSIONS | MATCH_ANY_USER);
|
||||||
assertTrue(monitor.hasPermission(systemInfo, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
|
assertTrue(monitor.hasPermission(systemInfo, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testUpdateUidPermissionsFromSystemConfig() throws Exception {
|
||||||
|
final NetdServiceMonitor mNetdServiceMonitor = new NetdServiceMonitor(mNetdService);
|
||||||
|
when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(new ArrayList<>());
|
||||||
|
when(mSystemConfigManager.getSystemPermissionUids(eq(INTERNET)))
|
||||||
|
.thenReturn(new int[]{ MOCK_UID1, MOCK_UID2 });
|
||||||
|
when(mSystemConfigManager.getSystemPermissionUids(eq(UPDATE_DEVICE_STATS)))
|
||||||
|
.thenReturn(new int[]{ MOCK_UID2 });
|
||||||
|
|
||||||
|
mPermissionMonitor.startMonitoring();
|
||||||
|
mNetdServiceMonitor.expectPermission(INetd.PERMISSION_INTERNET, new int[]{ MOCK_UID1 });
|
||||||
|
mNetdServiceMonitor.expectPermission(
|
||||||
|
INetd.PERMISSION_INTERNET | INetd.PERMISSION_UPDATE_DEVICE_STATS,
|
||||||
|
new int[]{ MOCK_UID2 });
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user