LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Fix hasUseBackgroundNetworksPermission issue." am: 0a6f03873a

Browse Source 
am: d47085c444

Change-Id: I8b03c9e23ffc9ff46264d6307fb841a7eda76a76
This commit is contained in:
Paul Hu
2019-11-25 06:18:10 -08:00
committed by android-build-merger
parent 61fcd4126f d47085c444
commit 36872f15f5
3 changed files with 184 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
services/core/java/com/android/server/connectivity/PermissionMonitor.java
View File

@@ -229,22 +229,22 @@ public class PermissionMonitor {
} }
@VisibleForTesting @VisibleForTesting
boolean hasPermission(PackageInfo app, String permission) { boolean hasPermission(@NonNull final PackageInfo app, @NonNull final String permission) {
if (app.requestedPermissions != null) { if (app.requestedPermissions == null || app.requestedPermissionsFlags == null) {
for (String p : app.requestedPermissions) {
if (permission.equals(p)) {
return true;
}
}
}
return false; return false;
} }
final int index = ArrayUtils.indexOf(app.requestedPermissions, permission);
if (index < 0 || index >= app.requestedPermissionsFlags.length) return false;
return (app.requestedPermissionsFlags[index] & REQUESTED_PERMISSION_GRANTED) != 0;
}
private boolean hasNetworkPermission(PackageInfo app) { @VisibleForTesting
boolean hasNetworkPermission(@NonNull final PackageInfo app) {
return hasPermission(app, CHANGE_NETWORK_STATE); return hasPermission(app, CHANGE_NETWORK_STATE);
} }
private boolean hasRestrictedNetworkPermission(PackageInfo app) { @VisibleForTesting
boolean hasRestrictedNetworkPermission(@NonNull final PackageInfo app) {
// TODO : remove this check in the future(b/31479477). All apps should just // TODO : remove this check in the future(b/31479477). All apps should just
// request the appropriate permission for their use case since android Q. // request the appropriate permission for their use case since android Q.
if (app.applicationInfo != null) { if (app.applicationInfo != null) {
@@ -260,33 +260,18 @@ public class PermissionMonitor {
} }
} }
return hasPermission(app, CONNECTIVITY_INTERNAL) return hasPermission(app, CONNECTIVITY_INTERNAL)
|| hasPermission(app, NETWORK_STACK)
|| hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS); || hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
} }
private boolean hasUseBackgroundNetworksPermission(PackageInfo app) { /** Returns whether the given uid has using background network permission. */
// This function defines what it means to hold the permission to use public synchronized boolean hasUseBackgroundNetworksPermission(final int uid) {
// background networks. // Apps with any of the CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_INTERNAL or
return hasPermission(app, CHANGE_NETWORK_STATE) // CONNECTIVITY_USE_RESTRICTED_NETWORKS permission has the permission to use background
|| hasPermission(app, NETWORK_STACK) // networks. mApps contains the result of checks for both hasNetworkPermission and
|| hasRestrictedNetworkPermission(app); // hasRestrictedNetworkPermission. If uid is in the mApps list that means uid has one of
} // permissions at least.
return mApps.containsKey(uid);
public boolean hasUseBackgroundNetworksPermission(int uid) {
final String[] names = mPackageManager.getPackagesForUid(uid);
if (null == names || names.length == 0) return false;
try {
// Only using the first package name. There may be multiple names if multiple
// apps share the same UID, but in that case they also share permissions so
// querying with any of the names will return the same results.
int userId = UserHandle.getUserId(uid);
final PackageInfo app = mPackageManager.getPackageInfoAsUser(
names[0], GET_PERMISSIONS, userId);
return hasUseBackgroundNetworksPermission(app);
} catch (NameNotFoundException e) {
// App not found.
loge("NameNotFoundException " + names[0], e);
return false;
}
} }
private int[] toIntArray(Collection<Integer> list) { private int[] toIntArray(Collection<Integer> list) {

20
tests/net/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -16,6 +16,9 @@
package com.android.server; package com.android.server;
import static android.Manifest.permission.CHANGE_NETWORK_STATE;
import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageManager.GET_PERMISSIONS; import static android.content.pm.PackageManager.GET_PERMISSIONS;
import static android.content.pm.PackageManager.MATCH_ANY_USER; import static android.content.pm.PackageManager.MATCH_ANY_USER;
import static android.net.ConnectivityManager.ACTION_CAPTIVE_PORTAL_SIGN_IN; import static android.net.ConnectivityManager.ACTION_CAPTIVE_PORTAL_SIGN_IN;
@@ -2000,9 +2003,17 @@ public class ConnectivityServiceTest {
mCm.unregisterNetworkCallback(trackDefaultCallback); mCm.unregisterNetworkCallback(trackDefaultCallback);
} }
private void grantUsingBackgroundNetworksPermissionForUid(final int uid) throws Exception {
final String testPackageName = mContext.getPackageName();
when(mPackageManager.getPackageInfo(eq(testPackageName), eq(GET_PERMISSIONS)))
.thenReturn(buildPackageInfo(true, uid));
mService.mPermissionMonitor.onPackageAdded(testPackageName, uid);
}
@Test @Test
public void testNetworkGoesIntoBackgroundAfterLinger() throws Exception { public void testNetworkGoesIntoBackgroundAfterLinger() throws Exception {
setAlwaysOnNetworks(true); setAlwaysOnNetworks(true);
grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid());
NetworkRequest request = new NetworkRequest.Builder() NetworkRequest request = new NetworkRequest.Builder()
.clearCapabilities() .clearCapabilities()
.build(); .build();
@@ -3077,6 +3088,7 @@ public class ConnectivityServiceTest {
// Create a background request. We can't do this ourselves because ConnectivityService // Create a background request. We can't do this ourselves because ConnectivityService
// doesn't have an API for it. So just turn on mobile data always on. // doesn't have an API for it. So just turn on mobile data always on.
setAlwaysOnNetworks(true); setAlwaysOnNetworks(true);
grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid());
final NetworkRequest request = new NetworkRequest.Builder().build(); final NetworkRequest request = new NetworkRequest.Builder().build();
final NetworkRequest fgRequest = new NetworkRequest.Builder() final NetworkRequest fgRequest = new NetworkRequest.Builder()
.addCapability(NET_CAPABILITY_FOREGROUND).build(); .addCapability(NET_CAPABILITY_FOREGROUND).build();
@@ -3223,6 +3235,7 @@ public class ConnectivityServiceTest {
@Test @Test
public void testMobileDataAlwaysOn() throws Exception { public void testMobileDataAlwaysOn() throws Exception {
grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid());
final TestNetworkCallback cellNetworkCallback = new TestNetworkCallback(); final TestNetworkCallback cellNetworkCallback = new TestNetworkCallback();
final NetworkRequest cellRequest = new NetworkRequest.Builder() final NetworkRequest cellRequest = new NetworkRequest.Builder()
.addTransportType(TRANSPORT_CELLULAR).build(); .addTransportType(TRANSPORT_CELLULAR).build();
@@ -6176,7 +6189,14 @@ public class ConnectivityServiceTest {
private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid) { private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid) {
final PackageInfo packageInfo = new PackageInfo(); final PackageInfo packageInfo = new PackageInfo();
if (hasSystemPermission) {
packageInfo.requestedPermissions = new String[] {
CHANGE_NETWORK_STATE, CONNECTIVITY_USE_RESTRICTED_NETWORKS };
packageInfo.requestedPermissionsFlags = new int[] {
REQUESTED_PERMISSION_GRANTED, REQUESTED_PERMISSION_GRANTED };
} else {
packageInfo.requestedPermissions = new String[0]; packageInfo.requestedPermissions = new String[0];
}
packageInfo.applicationInfo = new ApplicationInfo(); packageInfo.applicationInfo = new ApplicationInfo();
packageInfo.applicationInfo.privateFlags = 0; packageInfo.applicationInfo.privateFlags = 0;
packageInfo.applicationInfo.uid = UserHandle.getUid(UserHandle.USER_SYSTEM, packageInfo.applicationInfo.uid = UserHandle.getUid(UserHandle.USER_SYSTEM,

217
tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
View File

@@ -27,6 +27,7 @@ import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_OEM;
import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_PRODUCT; import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_PRODUCT;
import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_VENDOR; import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_VENDOR;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED; import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_REQUIRED;
import static android.content.pm.PackageManager.GET_PERMISSIONS; import static android.content.pm.PackageManager.GET_PERMISSIONS;
import static android.content.pm.PackageManager.MATCH_ANY_USER; import static android.content.pm.PackageManager.MATCH_ANY_USER;
import static android.os.Process.SYSTEM_UID; import static android.os.Process.SYSTEM_UID;
@@ -36,6 +37,7 @@ import static com.android.server.connectivity.PermissionMonitor.SYSTEM;
import static junit.framework.Assert.fail; import static junit.framework.Assert.fail;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
@@ -102,7 +104,6 @@ public class PermissionMonitorTest {
private static final String MOCK_PACKAGE2 = "appName2"; private static final String MOCK_PACKAGE2 = "appName2";
private static final String SYSTEM_PACKAGE1 = "sysName1"; private static final String SYSTEM_PACKAGE1 = "sysName1";
private static final String SYSTEM_PACKAGE2 = "sysName2"; private static final String SYSTEM_PACKAGE2 = "sysName2";
private static final String VPN_PACKAGE = "vpnApp";
private static final String PARTITION_SYSTEM = "system"; private static final String PARTITION_SYSTEM = "system";
private static final String PARTITION_OEM = "oem"; private static final String PARTITION_OEM = "oem";
private static final String PARTITION_PRODUCT = "product"; private static final String PARTITION_PRODUCT = "product";
@@ -145,28 +146,31 @@ public class PermissionMonitorTest {
mObserver = observerCaptor.getValue(); mObserver = observerCaptor.getValue();
} }
private boolean hasBgPermission(String partition, int targetSdkVersion, int uid, private boolean hasRestrictedNetworkPermission(String partition, int targetSdkVersion, int uid,
String... permission) throws Exception { String... permissions) {
final PackageInfo packageInfo = packageInfoWithPermissions(permission, partition); final PackageInfo packageInfo =
packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, permissions, partition);
packageInfo.applicationInfo.targetSdkVersion = targetSdkVersion; packageInfo.applicationInfo.targetSdkVersion = targetSdkVersion;
packageInfo.applicationInfo.uid = uid; packageInfo.applicationInfo.uid = uid;
when(mPackageManager.getPackageInfoAsUser( return mPermissionMonitor.hasRestrictedNetworkPermission(packageInfo);
eq(MOCK_PACKAGE1), eq(GET_PERMISSIONS), anyInt())).thenReturn(packageInfo);
when(mPackageManager.getPackagesForUid(anyInt())).thenReturn(new String[] {MOCK_PACKAGE1});
return mPermissionMonitor.hasUseBackgroundNetworksPermission(uid);
} }
private static PackageInfo packageInfoWithPermissions(String[] permissions, String partition) { private static PackageInfo systemPackageInfoWithPermissions(String... permissions) {
return packageInfoWithPermissions(
REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM);
}
private static PackageInfo vendorPackageInfoWithPermissions(String... permissions) {
return packageInfoWithPermissions(
REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_VENDOR);
}
private static PackageInfo packageInfoWithPermissions(int permissionsFlags,
String[] permissions, String partition) {
int[] requestedPermissionsFlags = new int[permissions.length]; int[] requestedPermissionsFlags = new int[permissions.length];
for (int i = 0; i < permissions.length; i++) { for (int i = 0; i < permissions.length; i++) {
requestedPermissionsFlags[i] = REQUESTED_PERMISSION_GRANTED; requestedPermissionsFlags[i] = permissionsFlags;
} }
return packageInfoWithPermissions(permissions, partition,
requestedPermissionsFlags);
}
private static PackageInfo packageInfoWithPermissions(String[] permissions, String partition,
int[] requestedPermissionsFlags) {
final PackageInfo packageInfo = new PackageInfo(); final PackageInfo packageInfo = new PackageInfo();
packageInfo.requestedPermissions = permissions; packageInfo.requestedPermissions = permissions;
packageInfo.applicationInfo = new ApplicationInfo(); packageInfo.applicationInfo = new ApplicationInfo();
@@ -190,12 +194,10 @@ public class PermissionMonitorTest {
private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid, int userId) { private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid, int userId) {
final PackageInfo pkgInfo; final PackageInfo pkgInfo;
if (hasSystemPermission) { if (hasSystemPermission) {
final String[] systemPermissions = new String[]{ pkgInfo = systemPackageInfoWithPermissions(
CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
};
pkgInfo = packageInfoWithPermissions(systemPermissions, PARTITION_SYSTEM);
} else { } else {
pkgInfo = packageInfoWithPermissions(new String[] {}, ""); pkgInfo = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, new String[] {}, "");
} }
pkgInfo.applicationInfo.uid = UserHandle.getUid(userId, UserHandle.getAppId(uid)); pkgInfo.applicationInfo.uid = UserHandle.getUid(userId, UserHandle.getAppId(uid));
return pkgInfo; return pkgInfo;
@@ -203,82 +205,151 @@ public class PermissionMonitorTest {
@Test @Test
public void testHasPermission() { public void testHasPermission() {
PackageInfo app = packageInfoWithPermissions(new String[] {}, PARTITION_SYSTEM); PackageInfo app = systemPackageInfoWithPermissions();
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
app = packageInfoWithPermissions(new String[] { app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE, NETWORK_STACK);
CHANGE_NETWORK_STATE, NETWORK_STACK
}, PARTITION_SYSTEM);
assertTrue(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); assertTrue(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertTrue(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); assertTrue(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
app = packageInfoWithPermissions(new String[] { app = systemPackageInfoWithPermissions(
CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL);
}, PARTITION_SYSTEM);
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE)); assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK)); assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS)); assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL)); assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
app = packageInfoWithPermissions(REQUESTED_PERMISSION_REQUIRED, new String[] {
CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL, NETWORK_STACK },
PARTITION_SYSTEM);
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE);
app.requestedPermissions = null;
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE);
app.requestedPermissionsFlags = null;
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
} }
@Test @Test
public void testIsVendorApp() { public void testIsVendorApp() {
PackageInfo app = packageInfoWithPermissions(new String[] {}, PARTITION_SYSTEM); PackageInfo app = systemPackageInfoWithPermissions();
assertFalse(mPermissionMonitor.isVendorApp(app.applicationInfo)); assertFalse(mPermissionMonitor.isVendorApp(app.applicationInfo));
app = packageInfoWithPermissions(new String[] {}, PARTITION_OEM); app = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED,
new String[] {}, PARTITION_OEM);
assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo)); assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo));
app = packageInfoWithPermissions(new String[] {}, PARTITION_PRODUCT); app = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED,
new String[] {}, PARTITION_PRODUCT);
assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo)); assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo));
app = packageInfoWithPermissions(new String[] {}, PARTITION_VENDOR); app = vendorPackageInfoWithPermissions();
assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo)); assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo));
} }
@Test
public void testHasNetworkPermission() {
PackageInfo app = systemPackageInfoWithPermissions();
assertFalse(mPermissionMonitor.hasNetworkPermission(app));
app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE);
assertTrue(mPermissionMonitor.hasNetworkPermission(app));
app = systemPackageInfoWithPermissions(NETWORK_STACK);
assertFalse(mPermissionMonitor.hasNetworkPermission(app));
app = systemPackageInfoWithPermissions(CONNECTIVITY_USE_RESTRICTED_NETWORKS);
assertFalse(mPermissionMonitor.hasNetworkPermission(app));
}
@Test
public void testHasRestrictedNetworkPermission() {
assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1));
assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));
assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
}
@Test
public void testHasRestrictedNetworkPermissionSystemUid() {
doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt();
assertTrue(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt();
assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));
assertFalse(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
}
@Test
public void testHasRestrictedNetworkPermissionVendorApp() {
assertTrue(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_P, MOCK_UID1, NETWORK_STACK));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertTrue(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
assertFalse(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));
assertFalse(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
assertFalse(hasRestrictedNetworkPermission(
PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_NETWORK_STATE));
}
private void assertBackgroundPermission(boolean hasPermission, String name, int uid,
String... permissions) throws Exception {
when(mPackageManager.getPackageInfo(eq(name), anyInt()))
.thenReturn(packageInfoWithPermissions(
REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM));
mPermissionMonitor.onPackageAdded(name, uid);
assertEquals(hasPermission, mPermissionMonitor.hasUseBackgroundNetworksPermission(uid));
}
@Test @Test
public void testHasUseBackgroundNetworksPermission() throws Exception { public void testHasUseBackgroundNetworksPermission() throws Exception {
assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1)); assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(SYSTEM_UID));
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE)); assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID);
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK)); assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_WIFI_STATE);
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL)); assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_NETWORK_STATE);
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, NETWORK_STACK);
CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1)); assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID1));
assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE)); assertBackgroundPermission(false, MOCK_PACKAGE1, MOCK_UID1);
} assertBackgroundPermission(true, MOCK_PACKAGE1, MOCK_UID1,
CONNECTIVITY_USE_RESTRICTED_NETWORKS);
@Test assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID2));
public void testHasUseBackgroundNetworksPermissionSystemUid() throws Exception { assertBackgroundPermission(false, MOCK_PACKAGE2, MOCK_UID2);
doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt(); assertBackgroundPermission(true, MOCK_PACKAGE2, MOCK_UID2,
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID)); CONNECTIVITY_INTERNAL);
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE));
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID,
CONNECTIVITY_USE_RESTRICTED_NETWORKS));
doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt();
assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));
assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE));
assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID,
CONNECTIVITY_USE_RESTRICTED_NETWORKS));
}
@Test
public void testHasUseBackgroundNetworksPermissionVendorApp() throws Exception {
assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1));
assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, NETWORK_STACK));
assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1,
CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
assertFalse(hasBgPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));
assertFalse(hasBgPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
} }
private class NetdMonitor { private class NetdMonitor {
@@ -563,7 +634,8 @@ public class PermissionMonitorTest {
private PackageInfo setPackagePermissions(String packageName, int uid, String[] permissions) private PackageInfo setPackagePermissions(String packageName, int uid, String[] permissions)
throws Exception { throws Exception {
PackageInfo packageInfo = packageInfoWithPermissions(permissions, PARTITION_SYSTEM); PackageInfo packageInfo = packageInfoWithPermissions(
REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM);
when(mPackageManager.getPackageInfo(eq(packageName), anyInt())).thenReturn(packageInfo); when(mPackageManager.getPackageInfo(eq(packageName), anyInt())).thenReturn(packageInfo);
when(mPackageManager.getPackagesForUid(eq(uid))).thenReturn(new String[]{packageName}); when(mPackageManager.getPackagesForUid(eq(uid))).thenReturn(new String[]{packageName});
return packageInfo; return packageInfo;
@@ -599,7 +671,7 @@ public class PermissionMonitorTest {
// Install another package with the same uid and no permissions should not cause the UID to // Install another package with the same uid and no permissions should not cause the UID to
// lose permissions. // lose permissions.
PackageInfo packageInfo2 = packageInfoWithPermissions(new String[]{}, PARTITION_SYSTEM); PackageInfo packageInfo2 = systemPackageInfoWithPermissions();
when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2); when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2);
when(mPackageManager.getPackagesForUid(MOCK_UID1)) when(mPackageManager.getPackagesForUid(MOCK_UID1))
.thenReturn(new String[]{MOCK_PACKAGE1, MOCK_PACKAGE2}); .thenReturn(new String[]{MOCK_PACKAGE1, MOCK_PACKAGE2});
@@ -660,8 +732,7 @@ public class PermissionMonitorTest {
| INetd.PERMISSION_UPDATE_DEVICE_STATS, new int[]{MOCK_UID1}); | INetd.PERMISSION_UPDATE_DEVICE_STATS, new int[]{MOCK_UID1});
// Mock another package with the same uid but different permissions. // Mock another package with the same uid but different permissions.
PackageInfo packageInfo2 = packageInfoWithPermissions(new String[] {INTERNET}, PackageInfo packageInfo2 = systemPackageInfoWithPermissions(INTERNET);
PARTITION_SYSTEM);
when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2); when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2);
when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{ when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{
MOCK_PACKAGE2}); MOCK_PACKAGE2});