Merge "Update allowed on restricted networks getter/setter" into sc-dev
This commit is contained in:
Lorenzo Colitti
committed by
Android (Google) Code Review
Android (Google) Code Review
commit
962e174260
@@ -48,7 +48,6 @@ package android.net {
|
||||
|
||||
public class ConnectivitySettingsManager {
|
||||
method public static void clearGlobalProxy(@NonNull android.content.Context);
|
||||
method @NonNull public static java.util.Set<java.lang.String> getAppsAllowedOnRestrictedNetworks(@NonNull android.content.Context);
|
||||
method @Nullable public static String getCaptivePortalHttpUrl(@NonNull android.content.Context);
|
||||
method public static int getCaptivePortalMode(@NonNull android.content.Context, int);
|
||||
method @NonNull public static java.time.Duration getConnectivityKeepPendingIntentDuration(@NonNull android.content.Context, @NonNull java.time.Duration);
|
||||
@@ -66,9 +65,9 @@ package android.net {
|
||||
method @NonNull public static String getPrivateDnsDefaultMode(@NonNull android.content.Context);
|
||||
method @Nullable public static String getPrivateDnsHostname(@NonNull android.content.Context);
|
||||
method public static int getPrivateDnsMode(@NonNull android.content.Context);
|
||||
method @NonNull public static java.util.Set<java.lang.Integer> getUidsAllowedOnRestrictedNetworks(@NonNull android.content.Context);
|
||||
method public static boolean getWifiAlwaysRequested(@NonNull android.content.Context, boolean);
|
||||
method @NonNull public static java.time.Duration getWifiDataActivityTimeout(@NonNull android.content.Context, @NonNull java.time.Duration);
|
||||
method public static void setAppsAllowedOnRestrictedNetworks(@NonNull android.content.Context, @NonNull java.util.Set<java.lang.String>);
|
||||
method public static void setCaptivePortalHttpUrl(@NonNull android.content.Context, @Nullable String);
|
||||
method public static void setCaptivePortalMode(@NonNull android.content.Context, int);
|
||||
method public static void setConnectivityKeepPendingIntentDuration(@NonNull android.content.Context, @NonNull java.time.Duration);
|
||||
@@ -86,6 +85,7 @@ package android.net {
|
||||
method public static void setPrivateDnsDefaultMode(@NonNull android.content.Context, @NonNull int);
|
||||
method public static void setPrivateDnsHostname(@NonNull android.content.Context, @Nullable String);
|
||||
method public static void setPrivateDnsMode(@NonNull android.content.Context, int);
|
||||
method public static void setUidsAllowedOnRestrictedNetworks(@NonNull android.content.Context, @NonNull java.util.Set<java.lang.Integer>);
|
||||
method public static void setWifiAlwaysRequested(@NonNull android.content.Context, boolean);
|
||||
method public static void setWifiDataActivityTimeout(@NonNull android.content.Context, @NonNull java.time.Duration);
|
||||
field public static final int CAPTIVE_PORTAL_MODE_AVOID = 2; // 0x2
|
||||
|
||||
@@ -374,12 +374,12 @@ public class ConnectivitySettingsManager {
|
||||
private static final String PRIVATE_DNS_MODE_PROVIDER_HOSTNAME_STRING = "hostname";
|
||||
|
||||
/**
|
||||
* A list of apps that is allowed on restricted networks.
|
||||
* A list of uids that is allowed to use restricted networks.
|
||||
*
|
||||
* @hide
|
||||
*/
|
||||
public static final String APPS_ALLOWED_ON_RESTRICTED_NETWORKS =
|
||||
"apps_allowed_on_restricted_networks";
|
||||
public static final String UIDS_ALLOWED_ON_RESTRICTED_NETWORKS =
|
||||
"uids_allowed_on_restricted_networks";
|
||||
|
||||
/**
|
||||
* Get mobile data activity timeout from {@link Settings}.
|
||||
@@ -1003,6 +1003,28 @@ public class ConnectivitySettingsManager {
|
||||
context.getContentResolver(), NETWORK_METERED_MULTIPATH_PREFERENCE, preference);
|
||||
}
|
||||
|
||||
private static Set<Integer> getUidSetFromString(@Nullable String uidList) {
|
||||
final Set<Integer> uids = new ArraySet<>();
|
||||
if (TextUtils.isEmpty(uidList)) {
|
||||
return uids;
|
||||
}
|
||||
for (String uid : uidList.split(";")) {
|
||||
uids.add(Integer.valueOf(uid));
|
||||
}
|
||||
return uids;
|
||||
}
|
||||
|
||||
private static String getUidStringFromSet(@NonNull Set<Integer> uidList) {
|
||||
final StringJoiner joiner = new StringJoiner(";");
|
||||
for (Integer uid : uidList) {
|
||||
if (uid < 0 || UserHandle.getAppId(uid) > Process.LAST_APPLICATION_UID) {
|
||||
throw new IllegalArgumentException("Invalid uid");
|
||||
}
|
||||
joiner.add(uid.toString());
|
||||
}
|
||||
return joiner.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the list of uids(from {@link Settings}) that should go on cellular networks in preference
|
||||
* even when higher-priority networks are connected.
|
||||
@@ -1015,14 +1037,7 @@ public class ConnectivitySettingsManager {
|
||||
public static Set<Integer> getMobileDataPreferredUids(@NonNull Context context) {
|
||||
final String uidList = Settings.Secure.getString(
|
||||
context.getContentResolver(), MOBILE_DATA_PREFERRED_UIDS);
|
||||
final Set<Integer> uids = new ArraySet<>();
|
||||
if (TextUtils.isEmpty(uidList)) {
|
||||
return uids;
|
||||
}
|
||||
for (String uid : uidList.split(";")) {
|
||||
uids.add(Integer.valueOf(uid));
|
||||
}
|
||||
return uids;
|
||||
return getUidSetFromString(uidList);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1035,53 +1050,41 @@ public class ConnectivitySettingsManager {
|
||||
*/
|
||||
public static void setMobileDataPreferredUids(@NonNull Context context,
|
||||
@NonNull Set<Integer> uidList) {
|
||||
final StringJoiner joiner = new StringJoiner(";");
|
||||
for (Integer uid : uidList) {
|
||||
if (uid < 0 || UserHandle.getAppId(uid) > Process.LAST_APPLICATION_UID) {
|
||||
throw new IllegalArgumentException("Invalid uid");
|
||||
}
|
||||
joiner.add(uid.toString());
|
||||
}
|
||||
Settings.Secure.putString(
|
||||
context.getContentResolver(), MOBILE_DATA_PREFERRED_UIDS, joiner.toString());
|
||||
final String uids = getUidStringFromSet(uidList);
|
||||
Settings.Secure.putString(context.getContentResolver(), MOBILE_DATA_PREFERRED_UIDS, uids);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the list of apps(from {@link Settings}) that is allowed on restricted networks.
|
||||
* Get the list of uids (from {@link Settings}) allowed to use restricted networks.
|
||||
*
|
||||
* Access to restricted networks is controlled by the (preinstalled-only)
|
||||
* CONNECTIVITY_USE_RESTRICTED_NETWORKS permission, but highly privileged
|
||||
* callers can also set a list of uids that can access restricted networks.
|
||||
*
|
||||
* This is useful for example in some jurisdictions where government apps,
|
||||
* that can't be preinstalled, must still have access to emergency services.
|
||||
*
|
||||
* @param context The {@link Context} to query the setting.
|
||||
* @return A list of apps that is allowed on restricted networks or null if no setting
|
||||
* @return A list of uids that is allowed to use restricted networks or null if no setting
|
||||
* value.
|
||||
*/
|
||||
@NonNull
|
||||
public static Set<String> getAppsAllowedOnRestrictedNetworks(@NonNull Context context) {
|
||||
final String appList = Settings.Secure.getString(
|
||||
context.getContentResolver(), APPS_ALLOWED_ON_RESTRICTED_NETWORKS);
|
||||
if (TextUtils.isEmpty(appList)) {
|
||||
return new ArraySet<>();
|
||||
}
|
||||
return new ArraySet<>(appList.split(";"));
|
||||
public static Set<Integer> getUidsAllowedOnRestrictedNetworks(@NonNull Context context) {
|
||||
final String uidList = Settings.Secure.getString(
|
||||
context.getContentResolver(), UIDS_ALLOWED_ON_RESTRICTED_NETWORKS);
|
||||
return getUidSetFromString(uidList);
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the list of apps(from {@link Settings}) that is allowed on restricted networks.
|
||||
*
|
||||
* Note: Please refer to android developer guidelines for valid app(package name).
|
||||
* https://developer.android.com/guide/topics/manifest/manifest-element.html#package
|
||||
* Set the list of uids(from {@link Settings}) that is allowed to use restricted networks.
|
||||
*
|
||||
* @param context The {@link Context} to set the setting.
|
||||
* @param list A list of apps that is allowed on restricted networks.
|
||||
* @param uidList A list of uids that is allowed to use restricted networks.
|
||||
*/
|
||||
public static void setAppsAllowedOnRestrictedNetworks(@NonNull Context context,
|
||||
@NonNull Set<String> list) {
|
||||
final StringJoiner joiner = new StringJoiner(";");
|
||||
for (String app : list) {
|
||||
if (app == null || app.contains(";")) {
|
||||
throw new IllegalArgumentException("Invalid app(package name)");
|
||||
}
|
||||
joiner.add(app);
|
||||
}
|
||||
Settings.Secure.putString(context.getContentResolver(), APPS_ALLOWED_ON_RESTRICTED_NETWORKS,
|
||||
joiner.toString());
|
||||
public static void setUidsAllowedOnRestrictedNetworks(@NonNull Context context,
|
||||
@NonNull Set<Integer> uidList) {
|
||||
final String uids = getUidStringFromSet(uidList);
|
||||
Settings.Secure.putString(context.getContentResolver(), UIDS_ALLOWED_ON_RESTRICTED_NETWORKS,
|
||||
uids);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,7 +24,7 @@ import static android.Manifest.permission.UPDATE_DEVICE_STATS;
|
||||
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
|
||||
import static android.content.pm.PackageManager.GET_PERMISSIONS;
|
||||
import static android.content.pm.PackageManager.MATCH_ANY_USER;
|
||||
import static android.net.ConnectivitySettingsManager.APPS_ALLOWED_ON_RESTRICTED_NETWORKS;
|
||||
import static android.net.ConnectivitySettingsManager.UIDS_ALLOWED_ON_RESTRICTED_NETWORKS;
|
||||
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
|
||||
import static android.os.Process.INVALID_UID;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
@@ -109,13 +109,13 @@ public class PermissionMonitor {
|
||||
@GuardedBy("this")
|
||||
private final Set<Integer> mAllApps = new HashSet<>();
|
||||
|
||||
// A set of apps which are allowed to use restricted networks. These apps can't hold the
|
||||
// CONNECTIVITY_USE_RESTRICTED_NETWORKS permission because they can't be signature|privileged
|
||||
// apps. However, these apps should still be able to use restricted networks under certain
|
||||
// conditions (e.g. government app using emergency services). So grant netd system permission
|
||||
// to uids whose package name is listed in APPS_ALLOWED_ON_RESTRICTED_NETWORKS setting.
|
||||
// A set of uids which are allowed to use restricted networks. The packages of these uids can't
|
||||
// hold the CONNECTIVITY_USE_RESTRICTED_NETWORKS permission because they can't be
|
||||
// signature|privileged apps. However, these apps should still be able to use restricted
|
||||
// networks under certain conditions (e.g. government app using emergency services). So grant
|
||||
// netd system permission to these uids which is listed in UIDS_ALLOWED_ON_RESTRICTED_NETWORKS.
|
||||
@GuardedBy("this")
|
||||
private final Set<String> mAppsAllowedOnRestrictedNetworks = new ArraySet<>();
|
||||
private final Set<Integer> mUidsAllowedOnRestrictedNetworks = new ArraySet<>();
|
||||
|
||||
private BroadcastReceiver mIntentReceiver = new BroadcastReceiver() {
|
||||
@Override
|
||||
@@ -149,10 +149,10 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
/**
|
||||
* Get apps allowed to use restricted networks via ConnectivitySettingsManager.
|
||||
* Get uids allowed to use restricted networks via ConnectivitySettingsManager.
|
||||
*/
|
||||
public Set<String> getAppsAllowedOnRestrictedNetworks(@NonNull Context context) {
|
||||
return ConnectivitySettingsManager.getAppsAllowedOnRestrictedNetworks(context);
|
||||
public Set<Integer> getUidsAllowedOnRestrictedNetworks(@NonNull Context context) {
|
||||
return ConnectivitySettingsManager.getUidsAllowedOnRestrictedNetworks(context);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -194,10 +194,10 @@ public class PermissionMonitor {
|
||||
mIntentReceiver, intentFilter, null /* broadcastPermission */,
|
||||
null /* scheduler */);
|
||||
|
||||
// Register APPS_ALLOWED_ON_RESTRICTED_NETWORKS setting observer
|
||||
// Register UIDS_ALLOWED_ON_RESTRICTED_NETWORKS setting observer
|
||||
mDeps.registerContentObserver(
|
||||
userAllContext,
|
||||
Settings.Secure.getUriFor(APPS_ALLOWED_ON_RESTRICTED_NETWORKS),
|
||||
Settings.Secure.getUriFor(UIDS_ALLOWED_ON_RESTRICTED_NETWORKS),
|
||||
false /* notifyForDescendants */,
|
||||
new ContentObserver(null) {
|
||||
@Override
|
||||
@@ -206,9 +206,9 @@ public class PermissionMonitor {
|
||||
}
|
||||
});
|
||||
|
||||
// Read APPS_ALLOWED_ON_RESTRICTED_NETWORKS setting and update
|
||||
// mAppsAllowedOnRestrictedNetworks.
|
||||
updateAppsAllowedOnRestrictedNetworks(mDeps.getAppsAllowedOnRestrictedNetworks(mContext));
|
||||
// Read UIDS_ALLOWED_ON_RESTRICTED_NETWORKS setting and update
|
||||
// mUidsAllowedOnRestrictedNetworks.
|
||||
updateUidsAllowedOnRestrictedNetworks(mDeps.getUidsAllowedOnRestrictedNetworks(mContext));
|
||||
|
||||
List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS
|
||||
| MATCH_ANY_USER);
|
||||
@@ -265,9 +265,9 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
void updateAppsAllowedOnRestrictedNetworks(final Set<String> apps) {
|
||||
mAppsAllowedOnRestrictedNetworks.clear();
|
||||
mAppsAllowedOnRestrictedNetworks.addAll(apps);
|
||||
void updateUidsAllowedOnRestrictedNetworks(final Set<Integer> uids) {
|
||||
mUidsAllowedOnRestrictedNetworks.clear();
|
||||
mUidsAllowedOnRestrictedNetworks.addAll(uids);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@@ -285,10 +285,11 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
boolean isAppAllowedOnRestrictedNetworks(@NonNull final PackageInfo app) {
|
||||
// Check whether package name is in allowed on restricted networks app list. If so, this app
|
||||
// can have netd system permission.
|
||||
return mAppsAllowedOnRestrictedNetworks.contains(app.packageName);
|
||||
boolean isUidAllowedOnRestrictedNetworks(final ApplicationInfo appInfo) {
|
||||
if (appInfo == null) return false;
|
||||
// Check whether package's uid is in allowed on restricted networks uid list. If so, this
|
||||
// uid can have netd system permission.
|
||||
return mUidsAllowedOnRestrictedNetworks.contains(appInfo.uid);
|
||||
}
|
||||
|
||||
@VisibleForTesting
|
||||
@@ -310,7 +311,8 @@ public class PermissionMonitor {
|
||||
boolean hasRestrictedNetworkPermission(@NonNull final PackageInfo app) {
|
||||
// TODO : remove carryover package check in the future(b/31479477). All apps should just
|
||||
// request the appropriate permission for their use case since android Q.
|
||||
return isCarryoverPackage(app.applicationInfo) || isAppAllowedOnRestrictedNetworks(app)
|
||||
return isCarryoverPackage(app.applicationInfo)
|
||||
|| isUidAllowedOnRestrictedNetworks(app.applicationInfo)
|
||||
|| hasPermission(app, PERMISSION_MAINLINE_NETWORK_STACK)
|
||||
|| hasPermission(app, NETWORK_STACK)
|
||||
|| hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
|
||||
@@ -770,35 +772,31 @@ public class PermissionMonitor {
|
||||
}
|
||||
|
||||
private synchronized void onSettingChanged() {
|
||||
// Step1. Update apps allowed to use restricted networks and compute the set of packages to
|
||||
// Step1. Update uids allowed to use restricted networks and compute the set of uids to
|
||||
// update.
|
||||
final Set<String> packagesToUpdate = new ArraySet<>(mAppsAllowedOnRestrictedNetworks);
|
||||
updateAppsAllowedOnRestrictedNetworks(mDeps.getAppsAllowedOnRestrictedNetworks(mContext));
|
||||
packagesToUpdate.addAll(mAppsAllowedOnRestrictedNetworks);
|
||||
final Set<Integer> uidsToUpdate = new ArraySet<>(mUidsAllowedOnRestrictedNetworks);
|
||||
updateUidsAllowedOnRestrictedNetworks(mDeps.getUidsAllowedOnRestrictedNetworks(mContext));
|
||||
uidsToUpdate.addAll(mUidsAllowedOnRestrictedNetworks);
|
||||
|
||||
final Map<Integer, Boolean> updatedApps = new HashMap<>();
|
||||
final Map<Integer, Boolean> removedApps = new HashMap<>();
|
||||
final Map<Integer, Boolean> updatedUids = new HashMap<>();
|
||||
final Map<Integer, Boolean> removedUids = new HashMap<>();
|
||||
|
||||
// Step2. For each package to update, find out its new permission.
|
||||
for (String app : packagesToUpdate) {
|
||||
final PackageInfo info = getPackageInfo(app);
|
||||
if (info == null || info.applicationInfo == null) continue;
|
||||
|
||||
final int uid = info.applicationInfo.uid;
|
||||
// Step2. For each uid to update, find out its new permission.
|
||||
for (Integer uid : uidsToUpdate) {
|
||||
final Boolean permission = highestUidNetworkPermission(uid);
|
||||
|
||||
if (null == permission) {
|
||||
removedApps.put(uid, NETWORK); // Doesn't matter which permission is set here.
|
||||
removedUids.put(uid, NETWORK); // Doesn't matter which permission is set here.
|
||||
mApps.remove(uid);
|
||||
} else {
|
||||
updatedApps.put(uid, permission);
|
||||
updatedUids.put(uid, permission);
|
||||
mApps.put(uid, permission);
|
||||
}
|
||||
}
|
||||
|
||||
// Step3. Update or revoke permission for uids with netd.
|
||||
update(mUsers, updatedApps, true /* add */);
|
||||
update(mUsers, removedApps, false /* add */);
|
||||
update(mUsers, updatedUids, true /* add */);
|
||||
update(mUsers, removedUids, false /* add */);
|
||||
}
|
||||
|
||||
/** Dump info to dumpsys */
|
||||
|
||||
@@ -30,7 +30,7 @@ import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
|
||||
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_REQUIRED;
|
||||
import static android.content.pm.PackageManager.GET_PERMISSIONS;
|
||||
import static android.content.pm.PackageManager.MATCH_ANY_USER;
|
||||
import static android.net.ConnectivitySettingsManager.APPS_ALLOWED_ON_RESTRICTED_NETWORKS;
|
||||
import static android.net.ConnectivitySettingsManager.UIDS_ALLOWED_ON_RESTRICTED_NETWORKS;
|
||||
import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
|
||||
import static android.os.Process.SYSTEM_UID;
|
||||
|
||||
@@ -142,7 +142,7 @@ public class PermissionMonitorTest {
|
||||
final Context asUserCtx = mock(Context.class, AdditionalAnswers.delegatesTo(mContext));
|
||||
doReturn(UserHandle.ALL).when(asUserCtx).getUser();
|
||||
when(mContext.createContextAsUser(eq(UserHandle.ALL), anyInt())).thenReturn(asUserCtx);
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>());
|
||||
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>());
|
||||
|
||||
mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps));
|
||||
|
||||
@@ -341,9 +341,9 @@ public class PermissionMonitorTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHasRestrictedNetworkPermissionAppAllowedOnRestrictedNetworks() {
|
||||
mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE1 }));
|
||||
public void testHasRestrictedNetworkPermissionUidAllowedOnRestrictedNetworks() {
|
||||
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new Integer[] { MOCK_UID1 }));
|
||||
assertTrue(hasRestrictedNetworkPermission(
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE1, MOCK_UID1));
|
||||
assertTrue(hasRestrictedNetworkPermission(
|
||||
@@ -352,11 +352,11 @@ public class PermissionMonitorTest {
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE1, MOCK_UID1, CONNECTIVITY_INTERNAL));
|
||||
|
||||
assertFalse(hasRestrictedNetworkPermission(
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID1));
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID2));
|
||||
assertFalse(hasRestrictedNetworkPermission(
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID1, CHANGE_NETWORK_STATE));
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID2, CHANGE_NETWORK_STATE));
|
||||
assertFalse(hasRestrictedNetworkPermission(
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID1, CONNECTIVITY_INTERNAL));
|
||||
PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID2, CONNECTIVITY_INTERNAL));
|
||||
|
||||
}
|
||||
|
||||
@@ -396,32 +396,32 @@ public class PermissionMonitorTest {
|
||||
assertFalse(wouldBeCarryoverPackage(PARTITION_PRODUCT, VERSION_Q, MOCK_UID1));
|
||||
}
|
||||
|
||||
private boolean wouldBeAppAllowedOnRestrictedNetworks(String packageName) {
|
||||
final PackageInfo packageInfo = new PackageInfo();
|
||||
packageInfo.packageName = packageName;
|
||||
return mPermissionMonitor.isAppAllowedOnRestrictedNetworks(packageInfo);
|
||||
private boolean wouldBeUidAllowedOnRestrictedNetworks(int uid) {
|
||||
final ApplicationInfo applicationInfo = new ApplicationInfo();
|
||||
applicationInfo.uid = uid;
|
||||
return mPermissionMonitor.isUidAllowedOnRestrictedNetworks(applicationInfo);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testIsAppAllowedOnRestrictedNetworks() {
|
||||
mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(new ArraySet<>());
|
||||
assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));
|
||||
assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));
|
||||
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(new ArraySet<>());
|
||||
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
|
||||
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
|
||||
|
||||
mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE1 }));
|
||||
assertTrue(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));
|
||||
assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));
|
||||
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new Integer[] { MOCK_UID1 }));
|
||||
assertTrue(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
|
||||
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
|
||||
|
||||
mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE2 }));
|
||||
assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));
|
||||
assertTrue(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));
|
||||
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new Integer[] { MOCK_UID2 }));
|
||||
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
|
||||
assertTrue(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
|
||||
|
||||
mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new String[] { "com.android.test" }));
|
||||
assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));
|
||||
assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));
|
||||
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(
|
||||
new ArraySet<>(new Integer[] { 123 }));
|
||||
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
|
||||
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
|
||||
}
|
||||
|
||||
private void assertBackgroundPermission(boolean hasPermission, String name, int uid,
|
||||
@@ -901,12 +901,12 @@ public class PermissionMonitorTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAppsAllowedOnRestrictedNetworksChanged() throws Exception {
|
||||
public void testUidsAllowedOnRestrictedNetworksChanged() throws Exception {
|
||||
final NetdMonitor mNetdMonitor = new NetdMonitor(mNetdService);
|
||||
final ArgumentCaptor<ContentObserver> captor =
|
||||
ArgumentCaptor.forClass(ContentObserver.class);
|
||||
verify(mDeps, times(1)).registerContentObserver(any(),
|
||||
argThat(uri -> uri.getEncodedPath().contains(APPS_ALLOWED_ON_RESTRICTED_NETWORKS)),
|
||||
argThat(uri -> uri.getEncodedPath().contains(UIDS_ALLOWED_ON_RESTRICTED_NETWORKS)),
|
||||
anyBoolean(), captor.capture());
|
||||
final ContentObserver contentObserver = captor.getValue();
|
||||
|
||||
@@ -924,24 +924,24 @@ public class PermissionMonitorTest {
|
||||
when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2);
|
||||
when(mPackageManager.getPackagesForUid(MOCK_UID2)).thenReturn(new String[]{MOCK_PACKAGE2});
|
||||
|
||||
// MOCK_PACKAGE1 is listed in setting that allow to use restricted networks, MOCK_UID1
|
||||
// MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1
|
||||
// should have SYSTEM permission.
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE1 }));
|
||||
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new Integer[] { MOCK_UID1 }));
|
||||
contentObserver.onChange(true /* selfChange */);
|
||||
mNetdMonitor.expectPermission(SYSTEM, new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
mNetdMonitor.expectNoPermission(new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID2});
|
||||
|
||||
// MOCK_PACKAGE2 is listed in setting that allow to use restricted networks, MOCK_UID2
|
||||
// MOCK_UID2 is listed in setting that allow to use restricted networks, MOCK_UID2
|
||||
// should have SYSTEM permission but MOCK_UID1 should revoke permission.
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE2 }));
|
||||
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new Integer[] { MOCK_UID2 }));
|
||||
contentObserver.onChange(true /* selfChange */);
|
||||
mNetdMonitor.expectPermission(SYSTEM, new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID2});
|
||||
mNetdMonitor.expectNoPermission(new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
|
||||
// No app lists in setting, should revoke permission from all uids.
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>());
|
||||
// No uid lists in setting, should revoke permission from all uids.
|
||||
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>());
|
||||
contentObserver.onChange(true /* selfChange */);
|
||||
mNetdMonitor.expectNoPermission(
|
||||
new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1, MOCK_UID2});
|
||||
@@ -953,7 +953,7 @@ public class PermissionMonitorTest {
|
||||
final ArgumentCaptor<ContentObserver> captor =
|
||||
ArgumentCaptor.forClass(ContentObserver.class);
|
||||
verify(mDeps, times(1)).registerContentObserver(any(),
|
||||
argThat(uri -> uri.getEncodedPath().contains(APPS_ALLOWED_ON_RESTRICTED_NETWORKS)),
|
||||
argThat(uri -> uri.getEncodedPath().contains(UIDS_ALLOWED_ON_RESTRICTED_NETWORKS)),
|
||||
anyBoolean(), captor.capture());
|
||||
final ContentObserver contentObserver = captor.getValue();
|
||||
|
||||
@@ -974,22 +974,15 @@ public class PermissionMonitorTest {
|
||||
addPackageForUsers(new UserHandle[]{MOCK_USER1}, MOCK_PACKAGE1, MOCK_UID1);
|
||||
mNetdMonitor.expectPermission(NETWORK, new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
|
||||
// MOCK_PACKAGE2 is listed in setting that allow to use restricted networks, MOCK_UID1
|
||||
// MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1
|
||||
// should upgrade to SYSTEM permission.
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE2 }));
|
||||
contentObserver.onChange(true /* selfChange */);
|
||||
mNetdMonitor.expectPermission(SYSTEM, new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
|
||||
// MOCK_PACKAGE1 is listed in setting that allow to use restricted networks, MOCK_UID1
|
||||
// should still have SYSTEM permission.
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new String[] { MOCK_PACKAGE1 }));
|
||||
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(
|
||||
new ArraySet<>(new Integer[] { MOCK_UID1 }));
|
||||
contentObserver.onChange(true /* selfChange */);
|
||||
mNetdMonitor.expectPermission(SYSTEM, new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
|
||||
// No app lists in setting, MOCK_UID1 should downgrade to NETWORK permission.
|
||||
when(mDeps.getAppsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>());
|
||||
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>());
|
||||
contentObserver.onChange(true /* selfChange */);
|
||||
mNetdMonitor.expectPermission(NETWORK, new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
|
||||
@@ -998,4 +991,4 @@ public class PermissionMonitorTest {
|
||||
removePackageForUsers(new UserHandle[]{MOCK_USER1}, MOCK_PACKAGE1, MOCK_UID1);
|
||||
mNetdMonitor.expectNoPermission(new UserHandle[]{MOCK_USER1}, new int[]{MOCK_UID1});
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user