Stop using SysetmConfig#getSystemPermissions on PermissionMonitor
Repalace the API with SysetmConfigManager#getSystemPermissionUids and update the design/test accordingly. Bug: 177188455 Test: atest FrameworksNetTests Test: atest FrameworksNetIntegrationTests Test: atest CtsNetTestCases Change-Id: I8b553b934252b93c60b815715680427a41620054
This commit is contained in:
paulhu
@@ -40,10 +40,10 @@ import android.net.UidRange;
|
||||
import android.os.Build;
|
||||
import android.os.RemoteException;
|
||||
import android.os.ServiceSpecificException;
|
||||
import android.os.SystemConfigManager;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.system.OsConstants;
|
||||
import android.util.ArraySet;
|
||||
import android.util.Log;
|
||||
import android.util.SparseArray;
|
||||
import android.util.SparseIntArray;
|
||||
@@ -53,7 +53,6 @@ import com.android.internal.annotations.VisibleForTesting;
|
||||
import com.android.internal.util.ArrayUtils;
|
||||
import com.android.internal.util.IndentingPrintWriter;
|
||||
import com.android.server.LocalServices;
|
||||
import com.android.server.SystemConfig;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
@@ -80,6 +79,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse
|
||||
|
||||
private final PackageManager mPackageManager;
|
||||
private final UserManager mUserManager;
|
||||
private final SystemConfigManager mSystemConfigManager;
|
||||
private final INetd mNetd;
|
||||
private final Dependencies mDeps;
|
||||
|
||||
@@ -123,6 +123,7 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse
|
||||
@NonNull final Dependencies deps) {
|
||||
mPackageManager = context.getPackageManager();
|
||||
mUserManager = (UserManager) context.getSystemService(Context.USER_SERVICE);
|
||||
mSystemConfigManager = context.getSystemService(SystemConfigManager.class);
|
||||
mNetd = netd;
|
||||
mDeps = deps;
|
||||
}
|
||||
@@ -174,21 +175,19 @@ public class PermissionMonitor implements PackageManagerInternal.PackageListObse
|
||||
|
||||
mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
|
||||
|
||||
final SparseArray<ArraySet<String>> systemPermission =
|
||||
SystemConfig.getInstance().getSystemPermissions();
|
||||
for (int i = 0; i < systemPermission.size(); i++) {
|
||||
ArraySet<String> perms = systemPermission.valueAt(i);
|
||||
int uid = systemPermission.keyAt(i);
|
||||
int netdPermission = 0;
|
||||
// Get the uids of native services that have UPDATE_DEVICE_STATS or INTERNET permission.
|
||||
if (perms != null) {
|
||||
netdPermission |= perms.contains(UPDATE_DEVICE_STATS)
|
||||
? INetd.PERMISSION_UPDATE_DEVICE_STATS : 0;
|
||||
netdPermission |= perms.contains(INTERNET)
|
||||
? INetd.PERMISSION_INTERNET : 0;
|
||||
}
|
||||
final SparseArray<String> netdPermToSystemPerm = new SparseArray<>();
|
||||
netdPermToSystemPerm.put(INetd.PERMISSION_INTERNET, INTERNET);
|
||||
netdPermToSystemPerm.put(INetd.PERMISSION_UPDATE_DEVICE_STATS, UPDATE_DEVICE_STATS);
|
||||
for (int i = 0; i < netdPermToSystemPerm.size(); i++) {
|
||||
final int netdPermission = netdPermToSystemPerm.keyAt(i);
|
||||
final String systemPermission = netdPermToSystemPerm.valueAt(i);
|
||||
final int[] hasPermissionUids =
|
||||
mSystemConfigManager.getSystemPermissionUids(systemPermission);
|
||||
for (int j = 0; j < hasPermissionUids.length; j++) {
|
||||
final int uid = hasPermissionUids[j];
|
||||
netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission);
|
||||
}
|
||||
}
|
||||
log("Users: " + mUsers.size() + ", Apps: " + mApps.size());
|
||||
update(mUsers, mApps, true);
|
||||
sendPackagePermissionsToNetd(netdPermsUids);
|
||||
|
||||
@@ -38,6 +38,7 @@ import android.net.metrics.IpConnectivityLog
|
||||
import android.os.ConditionVariable
|
||||
import android.os.IBinder
|
||||
import android.os.INetworkManagementService
|
||||
import android.os.SystemConfigManager
|
||||
import android.os.UserHandle
|
||||
import android.testing.TestableContext
|
||||
import android.util.Log
|
||||
@@ -57,6 +58,7 @@ import org.junit.BeforeClass
|
||||
import org.junit.Test
|
||||
import org.junit.runner.RunWith
|
||||
import org.mockito.AdditionalAnswers
|
||||
import org.mockito.ArgumentMatchers.anyString
|
||||
import org.mockito.Mock
|
||||
import org.mockito.Mockito.any
|
||||
import org.mockito.Mockito.anyInt
|
||||
@@ -94,6 +96,8 @@ class ConnectivityServiceIntegrationTest {
|
||||
private lateinit var netd: INetd
|
||||
@Mock
|
||||
private lateinit var dnsResolver: IDnsResolver
|
||||
@Mock
|
||||
private lateinit var systemConfigManager: SystemConfigManager
|
||||
@Spy
|
||||
private var context = TestableContext(realContext)
|
||||
|
||||
@@ -151,6 +155,11 @@ class ConnectivityServiceIntegrationTest {
|
||||
doReturn(UserHandle.ALL).`when`(asUserCtx).user
|
||||
doReturn(asUserCtx).`when`(context).createContextAsUser(eq(UserHandle.ALL), anyInt())
|
||||
doNothing().`when`(context).sendStickyBroadcast(any(), any())
|
||||
doReturn(Context.SYSTEM_CONFIG_SERVICE).`when`(context)
|
||||
.getSystemServiceName(SystemConfigManager::class.java)
|
||||
doReturn(systemConfigManager).`when`(context)
|
||||
.getSystemService(Context.SYSTEM_CONFIG_SERVICE)
|
||||
doReturn(IntArray(0)).`when`(systemConfigManager).getSystemPermissionUids(anyString())
|
||||
|
||||
networkStackClient = TestNetworkStackClient(realContext)
|
||||
networkStackClient.init()
|
||||
|
||||
@@ -233,6 +233,7 @@ import android.os.Process;
|
||||
import android.os.RemoteException;
|
||||
import android.os.ServiceSpecificException;
|
||||
import android.os.SystemClock;
|
||||
import android.os.SystemConfigManager;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.provider.Settings;
|
||||
@@ -424,6 +425,7 @@ public class ConnectivityServiceTest {
|
||||
@Mock EthernetManager mEthernetManager;
|
||||
@Mock NetworkPolicyManager mNetworkPolicyManager;
|
||||
@Mock KeyStore mKeyStore;
|
||||
@Mock SystemConfigManager mSystemConfigManager;
|
||||
|
||||
private ArgumentCaptor<ResolverParamsParcel> mResolverParamsParcelCaptor =
|
||||
ArgumentCaptor.forClass(ResolverParamsParcel.class);
|
||||
@@ -520,6 +522,7 @@ public class ConnectivityServiceTest {
|
||||
if (Context.TELEPHONY_SERVICE.equals(name)) return mTelephonyManager;
|
||||
if (Context.ETHERNET_SERVICE.equals(name)) return mEthernetManager;
|
||||
if (Context.NETWORK_POLICY_SERVICE.equals(name)) return mNetworkPolicyManager;
|
||||
if (Context.SYSTEM_CONFIG_SERVICE.equals(name)) return mSystemConfigManager;
|
||||
return super.getSystemService(name);
|
||||
}
|
||||
|
||||
@@ -1426,6 +1429,7 @@ public class ConnectivityServiceTest {
|
||||
applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q;
|
||||
when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))
|
||||
.thenReturn(applicationInfo);
|
||||
when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]);
|
||||
|
||||
// InstrumentationTestRunner prepares a looper, but AndroidJUnitRunner does not.
|
||||
// http://b/25897652 .
|
||||
|
||||
@@ -61,6 +61,7 @@ import android.content.pm.PackageManagerInternal;
|
||||
import android.net.INetd;
|
||||
import android.net.UidRange;
|
||||
import android.os.Build;
|
||||
import android.os.SystemConfigManager;
|
||||
import android.os.UserHandle;
|
||||
import android.os.UserManager;
|
||||
import android.util.SparseIntArray;
|
||||
@@ -114,6 +115,7 @@ public class PermissionMonitorTest {
|
||||
@Mock private PackageManagerInternal mMockPmi;
|
||||
@Mock private UserManager mUserManager;
|
||||
@Mock private PermissionMonitor.Dependencies mDeps;
|
||||
@Mock private SystemConfigManager mSystemConfigManager;
|
||||
|
||||
private PermissionMonitor mPermissionMonitor;
|
||||
|
||||
@@ -124,6 +126,11 @@ public class PermissionMonitorTest {
|
||||
when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager);
|
||||
when(mUserManager.getUserHandles(eq(true))).thenReturn(
|
||||
Arrays.asList(new UserHandle[] { MOCK_USER1, MOCK_USER2 }));
|
||||
when(mContext.getSystemServiceName(SystemConfigManager.class))
|
||||
.thenReturn(Context.SYSTEM_CONFIG_SERVICE);
|
||||
when(mContext.getSystemService(Context.SYSTEM_CONFIG_SERVICE))
|
||||
.thenReturn(mSystemConfigManager);
|
||||
when(mSystemConfigManager.getSystemPermissionUids(anyString())).thenReturn(new int[0]);
|
||||
|
||||
mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps));
|
||||
|
||||
@@ -747,4 +754,20 @@ public class PermissionMonitorTest {
|
||||
GET_PERMISSIONS | MATCH_ANY_USER);
|
||||
assertTrue(monitor.hasPermission(systemInfo, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUpdateUidPermissionsFromSystemConfig() throws Exception {
|
||||
final NetdServiceMonitor mNetdServiceMonitor = new NetdServiceMonitor(mNetdService);
|
||||
when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(new ArrayList<>());
|
||||
when(mSystemConfigManager.getSystemPermissionUids(eq(INTERNET)))
|
||||
.thenReturn(new int[]{ MOCK_UID1, MOCK_UID2 });
|
||||
when(mSystemConfigManager.getSystemPermissionUids(eq(UPDATE_DEVICE_STATS)))
|
||||
.thenReturn(new int[]{ MOCK_UID2 });
|
||||
|
||||
mPermissionMonitor.startMonitoring();
|
||||
mNetdServiceMonitor.expectPermission(INetd.PERMISSION_INTERNET, new int[]{ MOCK_UID1 });
|
||||
mNetdServiceMonitor.expectPermission(
|
||||
INetd.PERMISSION_INTERNET | INetd.PERMISSION_UPDATE_DEVICE_STATS,
|
||||
new int[]{ MOCK_UID2 });
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user