LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Correct uid to app id for netd traffic permission methods"

Browse Source
This commit is contained in:
Paul Hu
2021-09-07 01:13:56 +00:00
committed by Gerrit Code Review
parent 1d04d8362f 1d4ec79020
commit 9fe8c8fc76
2 changed files with 202 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
service/src/com/android/server/connectivity/PermissionMonitor.java
View File

@@ -78,7 +78,7 @@ import java.util.Map.Entry;
import java.util.Set; import java.util.Set;
/** /**
* A utility class to inform Netd of UID permisisons. * A utility class to inform Netd of UID permissions.
* Does a mass update at boot and then monitors for app install/remove. * Does a mass update at boot and then monitors for app install/remove.
* *
* @hide * @hide
@@ -100,7 +100,7 @@ public class PermissionMonitor {
@GuardedBy("this") @GuardedBy("this")
private final Set<UserHandle> mUsers = new HashSet<>(); private final Set<UserHandle> mUsers = new HashSet<>();
// Keys are app uids. Values are true for SYSTEM permission and false for NETWORK permission. // Keys are appIds. Values are true for SYSTEM permission and false for NETWORK permission.
@GuardedBy("this") @GuardedBy("this")
private final Map<Integer, Boolean> mApps = new HashMap<>(); private final Map<Integer, Boolean> mApps = new HashMap<>();
@@ -237,31 +237,32 @@ public class PermissionMonitor {
return; return;
} }
SparseIntArray netdPermsUids = new SparseIntArray(); final SparseIntArray netdPermsAppIds = new SparseIntArray();
for (PackageInfo app : apps) { for (PackageInfo app : apps) {
int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID; int uid = app.applicationInfo != null ? app.applicationInfo.uid : INVALID_UID;
if (uid < 0) { if (uid < 0) {
continue; continue;
} }
mAllApps.add(UserHandle.getAppId(uid)); final int appId = UserHandle.getAppId(uid);
mAllApps.add(appId);
boolean isNetwork = hasNetworkPermission(app); boolean hasNetworkPermission = hasNetworkPermission(app);
boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app); boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
if (isNetwork || hasRestrictedPermission) { if (hasNetworkPermission || hasRestrictedPermission) {
Boolean permission = mApps.get(UserHandle.getAppId(uid)); final Boolean permission = mApps.get(appId);
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is). // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
if (permission == null || permission == NETWORK) { if (permission == null || permission == NETWORK) {
mApps.put(UserHandle.getAppId(uid), hasRestrictedPermission); mApps.put(appId, hasRestrictedPermission);
} }
} }
//TODO: unify the management of the permissions into one codepath. //TODO: unify the management of the permissions into one codepath.
int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions, int otherNetdPerms = getNetdPermissionMask(app.requestedPermissions,
app.requestedPermissionsFlags); app.requestedPermissionsFlags);
netdPermsUids.put(uid, netdPermsUids.get(uid) | otherNetdPerms); netdPermsAppIds.put(appId, netdPermsAppIds.get(appId) | otherNetdPerms);
} }
mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */)); mUsers.addAll(mUserManager.getUserHandles(true /* excludeDying */));
@@ -275,13 +276,13 @@ public class PermissionMonitor {
final int[] hasPermissionUids = final int[] hasPermissionUids =
mSystemConfigManager.getSystemPermissionUids(systemPermission); mSystemConfigManager.getSystemPermissionUids(systemPermission);
for (int j = 0; j < hasPermissionUids.length; j++) { for (int j = 0; j < hasPermissionUids.length; j++) {
final int uid = hasPermissionUids[j]; final int appId = UserHandle.getAppId(hasPermissionUids[j]);
netdPermsUids.put(uid, netdPermsUids.get(uid) | netdPermission); netdPermsAppIds.put(appId, netdPermsAppIds.get(appId) | netdPermission);
} }
} }
log("Users: " + mUsers.size() + ", Apps: " + mApps.size()); log("Users: " + mUsers.size() + ", Apps: " + mApps.size());
update(mUsers, mApps, true); update(mUsers, mApps, true);
sendPackagePermissionsToNetd(netdPermsUids); sendPackagePermissionsToNetd(netdPermsAppIds);
} }
@VisibleForTesting @VisibleForTesting
@@ -473,13 +474,11 @@ public class PermissionMonitor {
* @hide * @hide
*/ */
public synchronized void onPackageAdded(@NonNull final String packageName, final int uid) { public synchronized void onPackageAdded(@NonNull final String packageName, final int uid) {
// TODO: Netd is using appId for checking traffic permission. Correct the methods that are final int appId = UserHandle.getAppId(uid);
// using appId instead of uid actually sendPackagePermissionsForAppId(appId, getPermissionForUid(uid));
sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
// If multiple packages share a UID (cf: android:sharedUserId) and ask for different // If multiple packages share a UID (cf: android:sharedUserId) and ask for different
// permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is). // permissions, don't downgrade (i.e., if it's already SYSTEM, leave it as is).
final int appId = UserHandle.getAppId(uid);
final Boolean permission = highestPermissionForUid(mApps.get(appId), packageName); final Boolean permission = highestPermissionForUid(mApps.get(appId), packageName);
if (permission != mApps.get(appId)) { if (permission != mApps.get(appId)) {
mApps.put(appId, permission); mApps.put(appId, permission);
@@ -528,9 +527,8 @@ public class PermissionMonitor {
* @hide * @hide
*/ */
public synchronized void onPackageRemoved(@NonNull final String packageName, final int uid) { public synchronized void onPackageRemoved(@NonNull final String packageName, final int uid) {
// TODO: Netd is using appId for checking traffic permission. Correct the methods that are final int appId = UserHandle.getAppId(uid);
// using appId instead of uid actually sendPackagePermissionsForAppId(appId, getPermissionForUid(uid));
sendPackagePermissionsForUid(UserHandle.getAppId(uid), getPermissionForUid(uid));
// If the newly-removed package falls within some VPN's uid range, update Netd with it. // If the newly-removed package falls within some VPN's uid range, update Netd with it.
// This needs to happen before the mApps update below, since removeBypassingUids() depends // This needs to happen before the mApps update below, since removeBypassingUids() depends
@@ -545,7 +543,7 @@ public class PermissionMonitor {
} }
// If the package has been removed from all users on the device, clear it form mAllApps. // If the package has been removed from all users on the device, clear it form mAllApps.
if (mPackageManager.getNameForUid(uid) == null) { if (mPackageManager.getNameForUid(uid) == null) {
mAllApps.remove(UserHandle.getAppId(uid)); mAllApps.remove(appId);
} }
Map<Integer, Boolean> apps = new HashMap<>(); Map<Integer, Boolean> apps = new HashMap<>();
@@ -557,7 +555,6 @@ public class PermissionMonitor {
return; return;
} }
final int appId = UserHandle.getAppId(uid);
if (permission == mApps.get(appId)) { if (permission == mApps.get(appId)) {
// The permissions of this UID have not changed. Nothing to do. // The permissions of this UID have not changed. Nothing to do.
return; return;
@@ -718,27 +715,25 @@ public class PermissionMonitor {
} }
/** /**
* Called by PackageListObserver when a package is installed/uninstalled. Send the updated * Send the updated permission information to netd. Called upon package install/uninstall.
* permission information to netd.
* *
* @param uid the app uid of the package installed * @param appId the appId of the package installed
* @param permissions the permissions the app requested and netd cares about. * @param permissions the permissions the app requested and netd cares about.
* *
* @hide * @hide
*/ */
@VisibleForTesting @VisibleForTesting
void sendPackagePermissionsForUid(int uid, int permissions) { void sendPackagePermissionsForAppId(int appId, int permissions) {
SparseIntArray netdPermissionsAppIds = new SparseIntArray(); SparseIntArray netdPermissionsAppIds = new SparseIntArray();
netdPermissionsAppIds.put(uid, permissions); netdPermissionsAppIds.put(appId, permissions);
sendPackagePermissionsToNetd(netdPermissionsAppIds); sendPackagePermissionsToNetd(netdPermissionsAppIds);
} }
/** /**
* Called by packageManagerService to send IPC to netd. Grant or revoke the INTERNET * Grant or revoke the INTERNET and/or UPDATE_DEVICE_STATS permission of the appIds in array.
* and/or UPDATE_DEVICE_STATS permission of the uids in array.
* *
* @param netdPermissionsAppIds integer pairs of uids and the permission granted to it. If the * @param netdPermissionsAppIds integer pairs of appIds and the permission granted to it. If the
* permission is 0, revoke all permissions of that uid. * permission is 0, revoke all permissions of that appId.
* *
* @hide * @hide
*/ */

356
tests/unit/java/com/android/server/connectivity/PermissionMonitorTest.java
View File

@@ -55,6 +55,7 @@ import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.argThat; import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.ArgumentMatchers.eq; import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.ArgumentMatchers.intThat;
import static org.mockito.Mockito.doAnswer; import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.doCallRealMethod;
import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.doReturn;
@@ -79,7 +80,6 @@ import android.os.SystemConfigManager;
import android.os.UserHandle; import android.os.UserHandle;
import android.os.UserManager; import android.os.UserManager;
import android.provider.Settings; import android.provider.Settings;
import android.util.ArraySet;
import android.util.SparseIntArray; import android.util.SparseIntArray;
import androidx.annotation.NonNull; import androidx.annotation.NonNull;
@@ -101,11 +101,8 @@ import org.mockito.MockitoAnnotations;
import org.mockito.invocation.InvocationOnMock; import org.mockito.invocation.InvocationOnMock;
import java.lang.reflect.Array; import java.lang.reflect.Array;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
@@ -113,13 +110,19 @@ import java.util.Set;
@SmallTest @SmallTest
@DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.R) @DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.R)
public class PermissionMonitorTest { public class PermissionMonitorTest {
private static final UserHandle MOCK_USER1 = UserHandle.of(0); private static final int MOCK_USER_ID1 = 0;
private static final UserHandle MOCK_USER2 = UserHandle.of(1); private static final int MOCK_USER_ID2 = 1;
private static final int MOCK_UID1 = 10001; private static final UserHandle MOCK_USER1 = UserHandle.of(MOCK_USER_ID1);
private static final int MOCK_UID2 = 10086; private static final UserHandle MOCK_USER2 = UserHandle.of(MOCK_USER_ID2);
private static final int SYSTEM_UID1 = 1000; private static final int MOCK_APPID1 = 10001;
private static final int SYSTEM_UID2 = 1008; private static final int MOCK_APPID2 = 10086;
private static final int VPN_UID = 10002; private static final int SYSTEM_APPID1 = 1100;
private static final int SYSTEM_APPID2 = 1108;
private static final int VPN_APPID = 10002;
private static final int MOCK_UID1 = MOCK_USER1.getUid(MOCK_APPID1);
private static final int MOCK_UID2 = MOCK_USER1.getUid(MOCK_APPID2);
private static final int SYSTEM_APP_UID1 = MOCK_USER1.getUid(SYSTEM_APPID1);
private static final int VPN_UID = MOCK_USER1.getUid(VPN_APPID);
private static final String REAL_SYSTEM_PACKAGE_NAME = "android"; private static final String REAL_SYSTEM_PACKAGE_NAME = "android";
private static final String MOCK_PACKAGE1 = "appName1"; private static final String MOCK_PACKAGE1 = "appName1";
private static final String MOCK_PACKAGE2 = "appName2"; private static final String MOCK_PACKAGE2 = "appName2";
@@ -149,8 +152,7 @@ public class PermissionMonitorTest {
MockitoAnnotations.initMocks(this); MockitoAnnotations.initMocks(this);
when(mContext.getPackageManager()).thenReturn(mPackageManager); when(mContext.getPackageManager()).thenReturn(mPackageManager);
when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager); when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager);
when(mUserManager.getUserHandles(eq(true))).thenReturn( when(mUserManager.getUserHandles(eq(true))).thenReturn(List.of(MOCK_USER1, MOCK_USER2));
Arrays.asList(new UserHandle[] { MOCK_USER1, MOCK_USER2 }));
when(mContext.getSystemServiceName(SystemConfigManager.class)) when(mContext.getSystemServiceName(SystemConfigManager.class))
.thenReturn(Context.SYSTEM_CONFIG_SERVICE); .thenReturn(Context.SYSTEM_CONFIG_SERVICE);
when(mContext.getSystemService(Context.SYSTEM_CONFIG_SERVICE)) when(mContext.getSystemService(Context.SYSTEM_CONFIG_SERVICE))
@@ -163,7 +165,7 @@ public class PermissionMonitorTest {
final Context asUserCtx = mock(Context.class, AdditionalAnswers.delegatesTo(mContext)); final Context asUserCtx = mock(Context.class, AdditionalAnswers.delegatesTo(mContext));
doReturn(UserHandle.ALL).when(asUserCtx).getUser(); doReturn(UserHandle.ALL).when(asUserCtx).getUser();
when(mContext.createContextAsUser(eq(UserHandle.ALL), anyInt())).thenReturn(asUserCtx); when(mContext.createContextAsUser(eq(UserHandle.ALL), anyInt())).thenReturn(asUserCtx);
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>()); when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of());
// Set DEVICE_INITIAL_SDK_INT to Q that SYSTEM_UID won't have restricted network permission // Set DEVICE_INITIAL_SDK_INT to Q that SYSTEM_UID won't have restricted network permission
// by default. // by default.
doReturn(VERSION_Q).when(mDeps).getDeviceFirstSdkInt(); doReturn(VERSION_Q).when(mDeps).getDeviceFirstSdkInt();
@@ -460,22 +462,19 @@ public class PermissionMonitorTest {
@Test @Test
public void testIsAppAllowedOnRestrictedNetworks() { public void testIsAppAllowedOnRestrictedNetworks() {
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(new ArraySet<>()); mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(Set.of());
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1)); assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2)); assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks( mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(Set.of(MOCK_UID1));
new ArraySet<>(new Integer[] { MOCK_UID1 }));
assertTrue(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1)); assertTrue(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2)); assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks( mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(Set.of(MOCK_UID2));
new ArraySet<>(new Integer[] { MOCK_UID2 }));
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1)); assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
assertTrue(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2)); assertTrue(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks( mPermissionMonitor.updateUidsAllowedOnRestrictedNetworks(Set.of(123));
new ArraySet<>(new Integer[] { 123 }));
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1)); assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID1));
assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2)); assertFalse(wouldBeUidAllowedOnRestrictedNetworks(MOCK_UID2));
} }
@@ -592,81 +591,87 @@ public class PermissionMonitorTest {
@Test @Test
public void testUserAndPackageAddRemove() throws Exception { public void testUserAndPackageAddRemove() throws Exception {
// MOCK_UID1: MOCK_PACKAGE1 only has network permission. // MOCK_UID1: MOCK_PACKAGE1 only has network permission.
// SYSTEM_UID: SYSTEM_PACKAGE1 has system permission. // SYSTEM_APP_UID1: SYSTEM_PACKAGE1 has system permission.
// SYSTEM_UID: SYSTEM_PACKAGE2 only has network permission. // SYSTEM_APP_UID1: SYSTEM_PACKAGE2 only has network permission.
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1, CHANGE_NETWORK_STATE); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1, CHANGE_NETWORK_STATE);
buildAndMockPackageInfoWithPermissions(SYSTEM_PACKAGE1, SYSTEM_UID, buildAndMockPackageInfoWithPermissions(SYSTEM_PACKAGE1, SYSTEM_APP_UID1,
CONNECTIVITY_USE_RESTRICTED_NETWORKS); CONNECTIVITY_USE_RESTRICTED_NETWORKS);
buildAndMockPackageInfoWithPermissions(SYSTEM_PACKAGE2, SYSTEM_UID, CHANGE_NETWORK_STATE); buildAndMockPackageInfoWithPermissions(SYSTEM_PACKAGE2, SYSTEM_APP_UID1,
CHANGE_NETWORK_STATE);
// Add SYSTEM_PACKAGE2, expect only have network permission. // Add SYSTEM_PACKAGE2, expect only have network permission.
mPermissionMonitor.onUserAdded(MOCK_USER1); mPermissionMonitor.onUserAdded(MOCK_USER1);
addPackageForUsers(new UserHandle[]{MOCK_USER1}, SYSTEM_PACKAGE2, SYSTEM_UID); addPackageForUsers(new UserHandle[]{MOCK_USER1}, SYSTEM_PACKAGE2, SYSTEM_APPID1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, SYSTEM_UID); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, SYSTEM_APPID1);
// Add SYSTEM_PACKAGE1, expect permission escalate. // Add SYSTEM_PACKAGE1, expect permission upgrade.
addPackageForUsers(new UserHandle[]{MOCK_USER1}, SYSTEM_PACKAGE1, SYSTEM_UID); addPackageForUsers(new UserHandle[]{MOCK_USER1}, SYSTEM_PACKAGE1, SYSTEM_APPID1);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, SYSTEM_UID); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, SYSTEM_APPID1);
mPermissionMonitor.onUserAdded(MOCK_USER2); mPermissionMonitor.onUserAdded(MOCK_USER2);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2}, mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_UID); SYSTEM_APPID1);
// Remove SYSTEM_PACKAGE2, expect keep system permission. // Remove SYSTEM_PACKAGE2, expect keep system permission.
when(mPackageManager.getPackagesForUid(MOCK_USER1.getUid(SYSTEM_UID))) when(mPackageManager.getPackagesForUid(SYSTEM_APP_UID1))
.thenReturn(new String[]{SYSTEM_PACKAGE1}); .thenReturn(new String[]{SYSTEM_PACKAGE1});
when(mPackageManager.getPackagesForUid(MOCK_USER2.getUid(SYSTEM_UID))) when(mPackageManager.getPackagesForUid(MOCK_USER2.getUid(SYSTEM_APPID1)))
.thenReturn(new String[]{SYSTEM_PACKAGE1}); .thenReturn(new String[]{SYSTEM_PACKAGE1});
removePackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, removePackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_PACKAGE2, SYSTEM_UID); SYSTEM_PACKAGE2, SYSTEM_APPID1);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2}, mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_UID); SYSTEM_APPID1);
// Add SYSTEM_PACKAGE2, expect keep system permission. // Add SYSTEM_PACKAGE2, expect keep system permission.
addPackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, SYSTEM_PACKAGE2, SYSTEM_UID); addPackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, SYSTEM_PACKAGE2,
SYSTEM_APPID1);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2}, mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_UID); SYSTEM_APPID1);
addPackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_PACKAGE1, MOCK_UID1); addPackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_PACKAGE1, MOCK_APPID1);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2}, mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_UID); SYSTEM_APPID1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1, MOCK_USER2}, mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1, MOCK_USER2},
MOCK_UID1); MOCK_APPID1);
// Remove MOCK_UID1, expect no permission left for all user. // Remove MOCK_PACKAGE1, expect no permission left for all user.
when(mPackageManager.getPackagesForUid(MOCK_USER1.getUid(MOCK_UID1))) when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{});
when(mPackageManager.getPackagesForUid(MOCK_USER2.getUid(MOCK_APPID1)))
.thenReturn(new String[]{}); .thenReturn(new String[]{});
when(mPackageManager.getPackagesForUid(MOCK_USER2.getUid(MOCK_UID1))) removePackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_PACKAGE1, MOCK_APPID1);
.thenReturn(new String[]{}); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_APPID1);
removePackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_PACKAGE1, MOCK_UID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_UID1);
// Remove SYSTEM_PACKAGE1, expect permission downgrade. // Remove SYSTEM_PACKAGE1, expect permission downgrade.
when(mPackageManager.getPackagesForUid(anyInt())).thenReturn(new String[]{SYSTEM_PACKAGE2}); when(mPackageManager.getPackagesForUid(
intThat(uid -> UserHandle.getAppId(uid) == SYSTEM_APPID1)))
.thenReturn(new String[]{SYSTEM_PACKAGE2});
removePackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2}, removePackageForUsers(new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_PACKAGE1, SYSTEM_UID); SYSTEM_PACKAGE1, SYSTEM_APPID1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1, MOCK_USER2}, mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1, MOCK_USER2},
SYSTEM_UID); SYSTEM_APPID1);
mPermissionMonitor.onUserRemoved(MOCK_USER1); mPermissionMonitor.onUserRemoved(MOCK_USER1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER2}, SYSTEM_UID); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER2}, SYSTEM_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, SYSTEM_APPID1);
// Remove all packages, expect no permission left. // Remove all packages, expect no permission left.
when(mPackageManager.getPackagesForUid(anyInt())).thenReturn(new String[]{}); when(mPackageManager.getPackagesForUid(
removePackageForUsers(new UserHandle[]{MOCK_USER2}, SYSTEM_PACKAGE2, SYSTEM_UID); intThat(uid -> UserHandle.getAppId(uid) == SYSTEM_APPID1)))
mNetdMonitor.expectNoNetworkPerm( .thenReturn(new String[]{});
new UserHandle[]{MOCK_USER1, MOCK_USER2}, SYSTEM_UID, MOCK_UID1); removePackageForUsers(new UserHandle[]{MOCK_USER2}, SYSTEM_PACKAGE2, SYSTEM_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, SYSTEM_APPID1,
MOCK_APPID1);
// Remove last user, expect no redundant clearPermission is invoked. // Remove last user, expect no permission change.
mPermissionMonitor.onUserRemoved(MOCK_USER2); mPermissionMonitor.onUserRemoved(MOCK_USER2);
mNetdMonitor.expectNoNetworkPerm( mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, SYSTEM_APPID1,
new UserHandle[]{MOCK_USER1, MOCK_USER2}, SYSTEM_UID, MOCK_UID1); MOCK_APPID1);
} }
@Test @Test
public void testUidFilteringDuringVpnConnectDisconnectAndUidUpdates() throws Exception { public void testUidFilteringDuringVpnConnectDisconnectAndUidUpdates() throws Exception {
when(mPackageManager.getInstalledPackages(eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn( when(mPackageManager.getInstalledPackages(eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn(
List.of(buildPackageInfo(SYSTEM_PACKAGE1, SYSTEM_UID1, CHANGE_NETWORK_STATE, List.of(buildPackageInfo(SYSTEM_PACKAGE1, SYSTEM_APP_UID1, CHANGE_NETWORK_STATE,
CONNECTIVITY_USE_RESTRICTED_NETWORKS), CONNECTIVITY_USE_RESTRICTED_NETWORKS),
buildPackageInfo(MOCK_PACKAGE1, MOCK_UID1), buildPackageInfo(MOCK_PACKAGE1, MOCK_UID1),
buildPackageInfo(MOCK_PACKAGE2, MOCK_UID2), buildPackageInfo(MOCK_PACKAGE2, MOCK_UID2),
@@ -674,25 +679,22 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1);
mPermissionMonitor.startMonitoring(); mPermissionMonitor.startMonitoring();
// Every app on user 0 except MOCK_UID2 are under VPN. // Every app on user 0 except MOCK_UID2 are under VPN.
final Set<UidRange> vpnRange1 = new HashSet<>(Arrays.asList(new UidRange[] { final Set<UidRange> vpnRange1 = Set.of(
new UidRange(0, MOCK_UID2 - 1), new UidRange(0, MOCK_UID2 - 1),
new UidRange(MOCK_UID2 + 1, UserHandle.PER_USER_RANGE - 1)})); new UidRange(MOCK_UID2 + 1, UserHandle.PER_USER_RANGE - 1));
final Set<UidRange> vpnRange2 = Collections.singleton(new UidRange(MOCK_UID2, MOCK_UID2)); final Set<UidRange> vpnRange2 = Set.of(new UidRange(MOCK_UID2, MOCK_UID2));
// When VPN is connected, expect a rule to be set up for user app MOCK_UID1 // When VPN is connected, expect a rule to be set up for user app MOCK_UID1
mPermissionMonitor.onVpnUidRangesAdded("tun0", vpnRange1, VPN_UID); mPermissionMonitor.onVpnUidRangesAdded("tun0", vpnRange1, VPN_UID);
verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), aryEq(new int[]{MOCK_UID1}));
aryEq(new int[] {MOCK_UID1}));
reset(mNetdService); reset(mNetdService);
// When MOCK_UID1 package is uninstalled and reinstalled, expect Netd to be updated // When MOCK_UID1 package is uninstalled and reinstalled, expect Netd to be updated
mPermissionMonitor.onPackageRemoved( mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1);
MOCK_PACKAGE1, MOCK_USER1.getUid(MOCK_UID1)); verify(mNetdService).firewallRemoveUidInterfaceRules(aryEq(new int[]{MOCK_UID1}));
verify(mNetdService).firewallRemoveUidInterfaceRules(aryEq(new int[] {MOCK_UID1})); mPermissionMonitor.onPackageAdded(MOCK_PACKAGE1, MOCK_UID1);
mPermissionMonitor.onPackageAdded(MOCK_PACKAGE1, MOCK_USER1.getUid(MOCK_UID1)); verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), aryEq(new int[]{MOCK_UID1}));
verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"),
aryEq(new int[] {MOCK_UID1}));
reset(mNetdService); reset(mNetdService);
@@ -701,8 +703,7 @@ public class PermissionMonitorTest {
mPermissionMonitor.onVpnUidRangesRemoved("tun0", vpnRange1, VPN_UID); mPermissionMonitor.onVpnUidRangesRemoved("tun0", vpnRange1, VPN_UID);
verify(mNetdService).firewallRemoveUidInterfaceRules(aryEq(new int[] {MOCK_UID1})); verify(mNetdService).firewallRemoveUidInterfaceRules(aryEq(new int[] {MOCK_UID1}));
mPermissionMonitor.onVpnUidRangesAdded("tun0", vpnRange2, VPN_UID); mPermissionMonitor.onVpnUidRangesAdded("tun0", vpnRange2, VPN_UID);
verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), aryEq(new int[]{MOCK_UID2}));
aryEq(new int[] {MOCK_UID2}));
reset(mNetdService); reset(mNetdService);
@@ -715,23 +716,21 @@ public class PermissionMonitorTest {
@Test @Test
public void testUidFilteringDuringPackageInstallAndUninstall() throws Exception { public void testUidFilteringDuringPackageInstallAndUninstall() throws Exception {
when(mPackageManager.getInstalledPackages(eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn( when(mPackageManager.getInstalledPackages(eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn(
List.of(buildPackageInfo(SYSTEM_PACKAGE1, SYSTEM_UID1, CHANGE_NETWORK_STATE, List.of(buildPackageInfo(SYSTEM_PACKAGE1, SYSTEM_APP_UID1, CHANGE_NETWORK_STATE,
NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS), NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS),
buildPackageInfo(SYSTEM_PACKAGE2, VPN_UID))); buildPackageInfo(SYSTEM_PACKAGE2, VPN_UID)));
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1);
mPermissionMonitor.startMonitoring(); mPermissionMonitor.startMonitoring();
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(MOCK_USER1)); final Set<UidRange> vpnRange = Set.of(UidRange.createForUser(MOCK_USER1));
mPermissionMonitor.onVpnUidRangesAdded("tun0", vpnRange, VPN_UID); mPermissionMonitor.onVpnUidRangesAdded("tun0", vpnRange, VPN_UID);
// Newly-installed package should have uid rules added // Newly-installed package should have uid rules added
mPermissionMonitor.onPackageAdded(MOCK_PACKAGE1, MOCK_USER1.getUid(MOCK_UID1)); mPermissionMonitor.onPackageAdded(MOCK_PACKAGE1, MOCK_UID1);
verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), verify(mNetdService).firewallAddUidInterfaceRules(eq("tun0"), aryEq(new int[]{MOCK_UID1}));
aryEq(new int[] {MOCK_UID1}));
// Removed package should have its uid rules removed // Removed package should have its uid rules removed
mPermissionMonitor.onPackageRemoved( mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1);
MOCK_PACKAGE1, MOCK_USER1.getUid(MOCK_UID1));
verify(mNetdService).firewallRemoveUidInterfaceRules(aryEq(new int[] {MOCK_UID1})); verify(mNetdService).firewallRemoveUidInterfaceRules(aryEq(new int[] {MOCK_UID1}));
} }
@@ -739,108 +738,108 @@ public class PermissionMonitorTest {
// Normal package add/remove operations will trigger multiple intent for uids corresponding to // Normal package add/remove operations will trigger multiple intent for uids corresponding to
// each user. To simulate generic package operations, the onPackageAdded/Removed will need to be // each user. To simulate generic package operations, the onPackageAdded/Removed will need to be
// called multiple times with the uid corresponding to each user. // called multiple times with the uid corresponding to each user.
private void addPackageForUsers(UserHandle[] users, String packageName, int uid) { private void addPackageForUsers(UserHandle[] users, String packageName, int appId) {
for (final UserHandle user : users) { for (final UserHandle user : users) {
mPermissionMonitor.onPackageAdded(packageName, user.getUid(uid)); mPermissionMonitor.onPackageAdded(packageName, user.getUid(appId));
} }
} }
private void removePackageForUsers(UserHandle[] users, String packageName, int uid) { private void removePackageForUsers(UserHandle[] users, String packageName, int appId) {
for (final UserHandle user : users) { for (final UserHandle user : users) {
mPermissionMonitor.onPackageRemoved(packageName, user.getUid(uid)); mPermissionMonitor.onPackageRemoved(packageName, user.getUid(appId));
} }
} }
@Test @Test
public void testPackagePermissionUpdate() throws Exception { public void testPackagePermissionUpdate() throws Exception {
// MOCK_UID1: MOCK_PACKAGE1 only has internet permission. // MOCK_APPID1: MOCK_PACKAGE1 only has internet permission.
// MOCK_UID2: MOCK_PACKAGE2 does not have any permission. // MOCK_APPID2: MOCK_PACKAGE2 does not have any permission.
// SYSTEM_UID1: SYSTEM_PACKAGE1 has internet permission and update device stats permission. // SYSTEM_APPID1: SYSTEM_PACKAGE1 has internet permission and update device stats permission
// SYSTEM_UID2: SYSTEM_PACKAGE2 has only update device stats permission. // SYSTEM_APPID2: SYSTEM_PACKAGE2 has only update device stats permission.
SparseIntArray netdPermissionsAppIds = new SparseIntArray(); SparseIntArray netdPermissionsAppIds = new SparseIntArray();
netdPermissionsAppIds.put(MOCK_UID1, PERMISSION_INTERNET); netdPermissionsAppIds.put(MOCK_APPID1, PERMISSION_INTERNET);
netdPermissionsAppIds.put(MOCK_UID2, PERMISSION_NONE); netdPermissionsAppIds.put(MOCK_APPID2, PERMISSION_NONE);
netdPermissionsAppIds.put(SYSTEM_UID1, PERMISSION_TRAFFIC_ALL); netdPermissionsAppIds.put(SYSTEM_APPID1, PERMISSION_TRAFFIC_ALL);
netdPermissionsAppIds.put(SYSTEM_UID2, PERMISSION_UPDATE_DEVICE_STATS); netdPermissionsAppIds.put(SYSTEM_APPID2, PERMISSION_UPDATE_DEVICE_STATS);
// Send the permission information to netd, expect permission updated. // Send the permission information to netd, expect permission updated.
mPermissionMonitor.sendPackagePermissionsToNetd(netdPermissionsAppIds); mPermissionMonitor.sendPackagePermissionsToNetd(netdPermissionsAppIds);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_APPID2);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, SYSTEM_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, SYSTEM_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, SYSTEM_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, SYSTEM_APPID2);
// Update permission of MOCK_UID1, expect new permission show up. // Update permission of MOCK_APPID1, expect new permission show up.
mPermissionMonitor.sendPackagePermissionsForUid(MOCK_UID1, PERMISSION_TRAFFIC_ALL); mPermissionMonitor.sendPackagePermissionsForAppId(MOCK_APPID1, PERMISSION_TRAFFIC_ALL);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
// Change permissions of SYSTEM_UID2, expect new permission show up and old permission // Change permissions of SYSTEM_APPID2, expect new permission show up and old permission
// revoked. // revoked.
mPermissionMonitor.sendPackagePermissionsForUid(SYSTEM_UID2, PERMISSION_INTERNET); mPermissionMonitor.sendPackagePermissionsForAppId(SYSTEM_APPID2, PERMISSION_INTERNET);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, SYSTEM_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, SYSTEM_APPID2);
// Revoke permission from SYSTEM_UID1, expect no permission stored. // Revoke permission from SYSTEM_APPID1, expect no permission stored.
mPermissionMonitor.sendPackagePermissionsForUid(SYSTEM_UID1, PERMISSION_NONE); mPermissionMonitor.sendPackagePermissionsForAppId(SYSTEM_APPID1, PERMISSION_NONE);
mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, SYSTEM_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, SYSTEM_APPID1);
} }
@Test @Test
public void testPackageInstall() throws Exception { public void testPackageInstall() throws Exception {
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
addPackage(MOCK_PACKAGE2, MOCK_UID2, INTERNET); addPackage(MOCK_PACKAGE2, MOCK_UID2, INTERNET);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID2);
} }
@Test @Test
public void testPackageInstallSharedUid() throws Exception { public void testPackageInstallSharedUid() throws Exception {
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
// Install another package with the same uid and no permissions should not cause the UID to // Install another package with the same uid and no permissions should not cause the app id
// lose permissions. // to lose permissions.
addPackage(MOCK_PACKAGE2, MOCK_UID1); addPackage(MOCK_PACKAGE2, MOCK_UID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
} }
@Test @Test
public void testPackageUninstallBasic() throws Exception { public void testPackageUninstallBasic() throws Exception {
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{}); when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{});
mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1); mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_UNINSTALLED, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_UNINSTALLED, MOCK_APPID1);
} }
@Test @Test
public void testPackageRemoveThenAdd() throws Exception { public void testPackageRemoveThenAdd() throws Exception {
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{}); when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{});
mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1); mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_UNINSTALLED, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_UNINSTALLED, MOCK_APPID1);
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
} }
@Test @Test
public void testPackageUpdate() throws Exception { public void testPackageUpdate() throws Exception {
addPackage(MOCK_PACKAGE1, MOCK_UID1); addPackage(MOCK_PACKAGE1, MOCK_UID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_APPID1);
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
} }
@Test @Test
public void testPackageUninstallWithMultiplePackages() throws Exception { public void testPackageUninstallWithMultiplePackages() throws Exception {
addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS); addPackage(MOCK_PACKAGE1, MOCK_UID1, INTERNET, UPDATE_DEVICE_STATS);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
// Install another package with the same uid but different permissions. // Install another package with the same uid but different permissions.
addPackage(MOCK_PACKAGE2, MOCK_UID1, INTERNET); addPackage(MOCK_PACKAGE2, MOCK_UID1, INTERNET);
@@ -850,7 +849,7 @@ public class PermissionMonitorTest {
when(mPackageManager.getPackagesForUid(eq(MOCK_UID1))) when(mPackageManager.getPackagesForUid(eq(MOCK_UID1)))
.thenReturn(new String[]{MOCK_PACKAGE2}); .thenReturn(new String[]{MOCK_PACKAGE2});
mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1); mPermissionMonitor.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
} }
@Test @Test
@@ -867,15 +866,15 @@ public class PermissionMonitorTest {
@Test @Test
public void testUpdateUidPermissionsFromSystemConfig() throws Exception { public void testUpdateUidPermissionsFromSystemConfig() throws Exception {
when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(new ArrayList<>()); when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(List.of());
when(mSystemConfigManager.getSystemPermissionUids(eq(INTERNET))) when(mSystemConfigManager.getSystemPermissionUids(eq(INTERNET)))
.thenReturn(new int[]{ MOCK_UID1, MOCK_UID2 }); .thenReturn(new int[]{ MOCK_UID1, MOCK_UID2 });
when(mSystemConfigManager.getSystemPermissionUids(eq(UPDATE_DEVICE_STATS))) when(mSystemConfigManager.getSystemPermissionUids(eq(UPDATE_DEVICE_STATS)))
.thenReturn(new int[]{ MOCK_UID2 }); .thenReturn(new int[]{ MOCK_UID2 });
mPermissionMonitor.startMonitoring(); mPermissionMonitor.startMonitoring();
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID2);
} }
private BroadcastReceiver expectBroadcastReceiver(String... actions) { private BroadcastReceiver expectBroadcastReceiver(String... actions) {
@@ -905,15 +904,15 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1, INTERNET, buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1, INTERNET,
UPDATE_DEVICE_STATS); UPDATE_DEVICE_STATS);
receiver.onReceive(mContext, addedIntent); receiver.onReceive(mContext, addedIntent);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
// Verify receiving PACKAGE_REMOVED intent. // Verify receiving PACKAGE_REMOVED intent.
when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(null); when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{});
final Intent removedIntent = new Intent(Intent.ACTION_PACKAGE_REMOVED, final Intent removedIntent = new Intent(Intent.ACTION_PACKAGE_REMOVED,
Uri.fromParts("package", MOCK_PACKAGE1, null /* fragment */)); Uri.fromParts("package", MOCK_PACKAGE1, null /* fragment */));
removedIntent.putExtra(Intent.EXTRA_UID, MOCK_UID1); removedIntent.putExtra(Intent.EXTRA_UID, MOCK_UID1);
receiver.onReceive(mContext, removedIntent); receiver.onReceive(mContext, removedIntent);
mNetdMonitor.expectTrafficPerm(PERMISSION_UNINSTALLED, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_UNINSTALLED, MOCK_APPID1);
} }
private ContentObserver expectRegisterContentObserver(Uri expectedUri) { private ContentObserver expectRegisterContentObserver(Uri expectedUri) {
@@ -936,24 +935,22 @@ public class PermissionMonitorTest {
// MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1 // MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1
// should have SYSTEM permission. // should have SYSTEM permission.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn( when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of(MOCK_UID1));
new ArraySet<>(new Integer[] { MOCK_UID1 }));
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID2); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID2);
// MOCK_UID2 is listed in setting that allow to use restricted networks, MOCK_UID2 // MOCK_UID2 is listed in setting that allow to use restricted networks, MOCK_UID2
// should have SYSTEM permission but MOCK_UID1 should revoke permission. // should have SYSTEM permission but MOCK_UID1 should revoke permission.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn( when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of(MOCK_UID2));
new ArraySet<>(new Integer[] { MOCK_UID2 }));
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID2); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID2);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
// No uid lists in setting, should revoke permission from all uids. // No uid lists in setting, should revoke permission from all uids.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>()); when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of());
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID1, MOCK_UID2); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID1, MOCK_APPID2);
} }
@Test @Test
@@ -966,25 +963,24 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID1); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID1);
// MOCK_PACKAGE1 have CHANGE_NETWORK_STATE, MOCK_UID1 should have NETWORK permission. // MOCK_PACKAGE1 have CHANGE_NETWORK_STATE, MOCK_UID1 should have NETWORK permission.
addPackageForUsers(new UserHandle[]{MOCK_USER1}, MOCK_PACKAGE1, MOCK_UID1); addPackageForUsers(new UserHandle[]{MOCK_USER1}, MOCK_PACKAGE1, MOCK_APPID1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
// MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1 // MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1
// should upgrade to SYSTEM permission. // should upgrade to SYSTEM permission.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn( when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of(MOCK_UID1));
new ArraySet<>(new Integer[] { MOCK_UID1 }));
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
// No app lists in setting, MOCK_UID1 should downgrade to NETWORK permission. // No app lists in setting, MOCK_UID1 should downgrade to NETWORK permission.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>()); when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of());
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
// MOCK_PACKAGE1 removed, should revoke permission from MOCK_UID1. // MOCK_PACKAGE1 removed, should revoke permission from MOCK_UID1.
when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{MOCK_PACKAGE2}); when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{MOCK_PACKAGE2});
removePackageForUsers(new UserHandle[]{MOCK_USER1}, MOCK_PACKAGE1, MOCK_UID1); removePackageForUsers(new UserHandle[]{MOCK_USER1}, MOCK_PACKAGE1, MOCK_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
} }
@Test @Test
@@ -999,37 +995,39 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID2); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID2);
// MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1 // MOCK_UID1 is listed in setting that allow to use restricted networks, MOCK_UID1
// in MOCK_USER1 should have SYSTEM permission and MOCK_UID2 has no permissions. // should have SYSTEM permission and MOCK_UID2 has no permissions.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn( when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of(MOCK_UID1));
new ArraySet<>(new Integer[] { MOCK_UID1 }));
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID2); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID2);
// Add user MOCK_USER2. // Add user MOCK_USER2.
mPermissionMonitor.onUserAdded(MOCK_USER2); mPermissionMonitor.onUserAdded(MOCK_USER2);
// MOCK_UID1 in both users should all have SYSTEM permission and MOCK_UID2 has no // MOCK_APPID1 in both users should all have SYSTEM permission and MOCK_APPID2 has no
// permissions in either user. // permissions in either user.
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2},
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_UID2); MOCK_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_APPID2);
// MOCK_UID2 is listed in setting that allow to use restricted networks, MOCK_UID2 // MOCK_UID2 is listed in setting that allow to use restricted networks, MOCK_APPID2
// in both users should have SYSTEM permission and MOCK_UID1 has no permissions. // in both users should have SYSTEM permission and MOCK_APPID1 has no permissions in either
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn( // user.
new ArraySet<>(new Integer[] { MOCK_UID2 })); when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of(MOCK_UID2));
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_UID2); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1, MOCK_USER2},
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_UID1); MOCK_APPID2);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1, MOCK_USER2}, MOCK_APPID1);
// Remove user MOCK_USER1 // Remove user MOCK_USER1
mPermissionMonitor.onUserRemoved(MOCK_USER1); mPermissionMonitor.onUserRemoved(MOCK_USER1);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER2}, MOCK_UID2); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER2}, MOCK_APPID2);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER2}, MOCK_UID1); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER2}, MOCK_APPID1);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID2);
// No uid lists in setting, should revoke permission from all uids. // No uid lists in setting, should revoke permission from all uids.
when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(new ArraySet<>()); when(mDeps.getUidsAllowedOnRestrictedNetworks(any())).thenReturn(Set.of());
contentObserver.onChange(true /* selfChange */); contentObserver.onChange(true /* selfChange */);
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER2}, MOCK_UID1, MOCK_UID2); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER2}, MOCK_APPID1, MOCK_APPID2);
} }
@Test @Test
@@ -1044,8 +1042,8 @@ public class PermissionMonitorTest {
List.of(buildPackageInfo(MOCK_PACKAGE1, MOCK_UID1), List.of(buildPackageInfo(MOCK_PACKAGE1, MOCK_UID1),
buildPackageInfo(MOCK_PACKAGE2, MOCK_UID2))); buildPackageInfo(MOCK_PACKAGE2, MOCK_UID2)));
mPermissionMonitor.startMonitoring(); mPermissionMonitor.startMonitoring();
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID1, MOCK_UID2); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID1, MOCK_APPID2);
mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_UID1, MOCK_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_APPID1, MOCK_APPID2);
// Verify receiving EXTERNAL_APPLICATIONS_AVAILABLE intent and update permission to netd. // Verify receiving EXTERNAL_APPLICATIONS_AVAILABLE intent and update permission to netd.
final Intent externalIntent = new Intent(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE); final Intent externalIntent = new Intent(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE);
@@ -1056,10 +1054,10 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID2, CHANGE_NETWORK_STATE, buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID2, CHANGE_NETWORK_STATE,
UPDATE_DEVICE_STATS); UPDATE_DEVICE_STATS);
receiver.onReceive(mContext, externalIntent); receiver.onReceive(mContext, externalIntent);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_UID2); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_APPID2);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, MOCK_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, MOCK_APPID2);
} }
@Test @Test
@@ -1083,10 +1081,10 @@ public class PermissionMonitorTest {
externalIntent.putExtra(Intent.EXTRA_CHANGED_PACKAGE_LIST, externalIntent.putExtra(Intent.EXTRA_CHANGED_PACKAGE_LIST,
new String[] { MOCK_PACKAGE1 , MOCK_PACKAGE2}); new String[] { MOCK_PACKAGE1 , MOCK_PACKAGE2});
receiver.onReceive(mContext, externalIntent); receiver.onReceive(mContext, externalIntent);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_UID2); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_APPID2);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, MOCK_UID2); mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, MOCK_APPID2);
} }
@Test @Test
@@ -1102,8 +1100,8 @@ public class PermissionMonitorTest {
List.of(buildPackageInfo(MOCK_PACKAGE1, MOCK_UID1), List.of(buildPackageInfo(MOCK_PACKAGE1, MOCK_UID1),
buildPackageInfo(MOCK_PACKAGE2, MOCK_UID1))); buildPackageInfo(MOCK_PACKAGE2, MOCK_UID1)));
mPermissionMonitor.startMonitoring(); mPermissionMonitor.startMonitoring();
mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNoNetworkPerm(new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_NONE, MOCK_APPID1);
// Verify receiving EXTERNAL_APPLICATIONS_AVAILABLE intent and update permission to netd. // Verify receiving EXTERNAL_APPLICATIONS_AVAILABLE intent and update permission to netd.
final Intent externalIntent = new Intent(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE); final Intent externalIntent = new Intent(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE);
@@ -1111,8 +1109,8 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1, CHANGE_NETWORK_STATE); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE1, MOCK_UID1, CHANGE_NETWORK_STATE);
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID1, UPDATE_DEVICE_STATS); buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID1, UPDATE_DEVICE_STATS);
receiver.onReceive(mContext, externalIntent); receiver.onReceive(mContext, externalIntent);
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_UPDATE_DEVICE_STATS, MOCK_APPID1);
} }
@Test @Test
@@ -1130,8 +1128,8 @@ public class PermissionMonitorTest {
buildPackageInfo(MOCK_PACKAGE2, MOCK_UID1, CHANGE_NETWORK_STATE, buildPackageInfo(MOCK_PACKAGE2, MOCK_UID1, CHANGE_NETWORK_STATE,
INTERNET))); INTERNET)));
mPermissionMonitor.startMonitoring(); mPermissionMonitor.startMonitoring();
mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(NETWORK, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_INTERNET, MOCK_APPID1);
// Verify receiving EXTERNAL_APPLICATIONS_AVAILABLE intent and update permission to netd. // Verify receiving EXTERNAL_APPLICATIONS_AVAILABLE intent and update permission to netd.
final Intent externalIntent = new Intent(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE); final Intent externalIntent = new Intent(Intent.ACTION_EXTERNAL_APPLICATIONS_AVAILABLE);
@@ -1141,7 +1139,7 @@ public class PermissionMonitorTest {
buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID1, CHANGE_NETWORK_STATE, buildAndMockPackageInfoWithPermissions(MOCK_PACKAGE2, MOCK_UID1, CHANGE_NETWORK_STATE,
INTERNET); INTERNET);
receiver.onReceive(mContext, externalIntent); receiver.onReceive(mContext, externalIntent);
mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_UID1); mNetdMonitor.expectNetworkPerm(SYSTEM, new UserHandle[]{MOCK_USER1}, MOCK_APPID1);
mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_UID1); mNetdMonitor.expectTrafficPerm(PERMISSION_TRAFFIC_ALL, MOCK_APPID1);
} }
} }