LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Remove ConnectivityServiceTest signature perms use" am: 545f6cf95f am: 4c21d6c2a6

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/1727819

Change-Id: I7f2a05be80117dad19b5e7fafb71f562466096f9
This commit is contained in:
Remi NGUYEN VAN
2021-06-09 09:15:06 +00:00
committed by Automerger Merge Worker
parent 4b6239c2c8 4c21d6c2a6
commit e4fa2ac5ac
2 changed files with 78 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/unit/Android.bp
View File

@@ -60,7 +60,6 @@ android_test {
"java/**/*.kt",
],
test_suites: ["device-tests"],
certificate: "platform",
jarjar_rules: "jarjar-rules.txt",
static_libs: [
"androidx.test.rules",

116
tests/unit/java/com/android/server/ConnectivityServiceTest.java
View File

@@ -18,10 +18,14 @@ package com.android.server;
import static android.Manifest.permission.CHANGE_NETWORK_STATE;
import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS;
import static android.Manifest.permission.CONTROL_OEM_PAID_NETWORK_PREFERENCE;
import static android.Manifest.permission.DUMP;
import static android.Manifest.permission.GET_INTENT_SENDER_INTENT;
import static android.Manifest.permission.LOCAL_MAC_ADDRESS;
import static android.Manifest.permission.NETWORK_FACTORY;
import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.Manifest.permission.NETWORK_STACK;
import static android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD;
import static android.app.PendingIntent.FLAG_IMMUTABLE;
import static android.content.Intent.ACTION_PACKAGE_ADDED;
import static android.content.Intent.ACTION_PACKAGE_REMOVED;
@@ -130,6 +134,7 @@ import static com.android.testutils.MiscAsserts.assertLength;
import static com.android.testutils.MiscAsserts.assertRunsInAtMost;
import static com.android.testutils.MiscAsserts.assertSameElements;
import static com.android.testutils.MiscAsserts.assertThrows;
import static com.android.testutils.TestPermissionUtil.runAsShell;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
@@ -255,6 +260,7 @@ import android.net.shared.NetworkMonitorUtils;
import android.net.shared.PrivateDnsConfig;
import android.net.util.MultinetworkPolicyTracker;
import android.os.BadParcelableException;
import android.os.BatteryStatsManager;
import android.os.Binder;
import android.os.Build;
import android.os.Bundle;
@@ -463,6 +469,7 @@ public class ConnectivityServiceTest {
@Mock DeviceIdleInternal mDeviceIdleInternal;
@Mock INetworkManagementService mNetworkManagementService;
@Mock NetworkStatsManager mStatsManager;
@Mock BatteryStatsManager mBatteryStatsManager;
@Mock IDnsResolver mMockDnsResolver;
@Mock INetd mMockNetd;
@Mock NetworkStackClientBase mNetworkStack;
@@ -573,6 +580,7 @@ public class ConnectivityServiceTest {
if (Context.NETWORK_POLICY_SERVICE.equals(name)) return mNetworkPolicyManager;
if (Context.SYSTEM_CONFIG_SERVICE.equals(name)) return mSystemConfigManager;
if (Context.NETWORK_STATS_SERVICE.equals(name)) return mStatsManager;
if (Context.BATTERY_STATS_SERVICE.equals(name)) return mBatteryStatsManager;
return super.getSystemService(name);
}
@@ -653,6 +661,13 @@ public class ConnectivityServiceTest {
public void setPermission(String permission, Integer granted) {
mMockedPermissions.put(permission, granted);
}
@Override
public Intent registerReceiverForAllUsers(@Nullable BroadcastReceiver receiver,
@NonNull IntentFilter filter, @Nullable String broadcastPermission,
@Nullable Handler scheduler) {
return null;
}
}
private void waitForIdle() {
@@ -1202,7 +1217,22 @@ public class ConnectivityServiceTest {
return mDeviceIdleInternal;
}
},
mNetworkManagementService, mMockNetd, userId, mVpnProfileStore);
mNetworkManagementService, mMockNetd, userId, mVpnProfileStore,
new SystemServices(mServiceContext) {
@Override
public String settingsSecureGetStringForUser(String key, int userId) {
switch (key) {
// Settings keys not marked as @Readable are not readable from
// non-privileged apps, unless marked as testOnly=true
// (atest refuses to install testOnly=true apps), even if mocked
// in the content provider.
case Settings.Secure.ALWAYS_ON_VPN_APP:
return null;
default:
return super.settingsSecureGetStringForUser(key, userId);
}
}
}, new Ikev2SessionCreator());
}
public void setUids(Set<UidRange> uids) {
@@ -1580,6 +1610,11 @@ public class ConnectivityServiceTest {
mServiceContext = new MockContext(InstrumentationRegistry.getContext(),
new FakeSettingsProvider());
mServiceContext.setUseRegisteredHandlers(true);
mServiceContext.setPermission(NETWORK_FACTORY, PERMISSION_GRANTED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_GRANTED);
mServiceContext.setPermission(CONTROL_OEM_PAID_NETWORK_PREFERENCE, PERMISSION_GRANTED);
mServiceContext.setPermission(PACKET_KEEPALIVE_OFFLOAD, PERMISSION_GRANTED);
mServiceContext.setPermission(CONNECTIVITY_USE_RESTRICTED_NETWORKS, PERMISSION_GRANTED);
mAlarmManagerThread = new HandlerThread("TestAlarmManager");
mAlarmManagerThread.start();
@@ -1810,6 +1845,16 @@ public class ConnectivityServiceTest {
assertEmpty(mCm.getAllNetworkStateSnapshots());
}
private static PendingIntent wrapPendingIntent(final PendingIntent intent) {
final PendingIntent ret = spy(intent);
// intentFilterEquals requires GET_INTENT_SENDER_INTENT permission
doAnswer(inv -> {
final PendingIntent other = inv.getArgument(0);
return runAsShell(GET_INTENT_SENDER_INTENT, () -> intent.intentFilterEquals(other));
}).when(ret).intentFilterEquals(any());
return ret;
}
/**
* Class to simplify expecting broadcasts using BroadcastInterceptingContext.
* Ensures that the receiver is unregistered after the expected broadcast is received. This
@@ -3258,8 +3303,8 @@ public class ConnectivityServiceTest {
@Test
public void testNoMutableNetworkRequests() throws Exception {
final PendingIntent pendingIntent = PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("a"), FLAG_IMMUTABLE);
final PendingIntent pendingIntent = wrapPendingIntent(PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("a"), FLAG_IMMUTABLE));
NetworkRequest request1 = new NetworkRequest.Builder()
.addCapability(NET_CAPABILITY_VALIDATED)
.build();
@@ -4103,16 +4148,16 @@ public class ConnectivityServiceTest {
mCm.registerNetworkCallback(r, new NetworkCallback()));
assertThrows(SecurityException.class, () ->
mCm.registerNetworkCallback(r, PendingIntent.getService(
mServiceContext, 0 /* requestCode */, new Intent(), FLAG_IMMUTABLE)));
mCm.registerNetworkCallback(r, wrapPendingIntent(PendingIntent.getService(
mServiceContext, 0 /* requestCode */, new Intent(), FLAG_IMMUTABLE))));
// Requesting a Network with signal strength should get IllegalArgumentException.
assertThrows(IllegalArgumentException.class, () ->
mCm.requestNetwork(r, new NetworkCallback()));
assertThrows(IllegalArgumentException.class, () ->
mCm.requestNetwork(r, PendingIntent.getService(
mServiceContext, 0 /* requestCode */, new Intent(), FLAG_IMMUTABLE)));
mCm.requestNetwork(r, wrapPendingIntent(PendingIntent.getService(
mServiceContext, 0 /* requestCode */, new Intent(), FLAG_IMMUTABLE))));
}
@Test
@@ -5786,14 +5831,14 @@ public class ConnectivityServiceTest {
}
j = 0;
while (j++ < INTENTS / 2) {
final PendingIntent pi = PendingIntent.getBroadcast(mContext, 0 /* requestCode */,
new Intent("a" + j), FLAG_IMMUTABLE);
final PendingIntent pi = wrapPendingIntent(PendingIntent.getBroadcast(mContext,
0 /* requestCode */, new Intent("a" + j), FLAG_IMMUTABLE));
mCm.requestNetwork(networkRequest, pi);
registered.add(pi);
}
while (j++ < INTENTS) {
final PendingIntent pi = PendingIntent.getBroadcast(mContext, 0 /* requestCode */,
new Intent("b" + j), FLAG_IMMUTABLE);
final PendingIntent pi = wrapPendingIntent(PendingIntent.getBroadcast(mContext,
0 /* requestCode */, new Intent("b" + j), FLAG_IMMUTABLE));
mCm.registerNetworkCallback(networkRequest, pi);
registered.add(pi);
}
@@ -5807,13 +5852,13 @@ public class ConnectivityServiceTest {
);
assertThrows(TooManyRequestsException.class, () ->
mCm.requestNetwork(networkRequest,
PendingIntent.getBroadcast(mContext, 0 /* requestCode */,
new Intent("c"), FLAG_IMMUTABLE))
wrapPendingIntent(PendingIntent.getBroadcast(mContext, 0 /* requestCode */,
new Intent("c"), FLAG_IMMUTABLE)))
);
assertThrows(TooManyRequestsException.class, () ->
mCm.registerNetworkCallback(networkRequest,
PendingIntent.getBroadcast(mContext, 0 /* requestCode */,
new Intent("d"), FLAG_IMMUTABLE))
wrapPendingIntent(PendingIntent.getBroadcast(mContext, 0 /* requestCode */,
new Intent("d"), FLAG_IMMUTABLE)))
);
// The system gets another SYSTEM_ONLY_MAX_REQUESTS slots.
@@ -5893,16 +5938,16 @@ public class ConnectivityServiceTest {
waitForIdle();
for (int i = 0; i < MAX_REQUESTS; i++) {
final PendingIntent pendingIntent = PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("e" + i), FLAG_IMMUTABLE);
final PendingIntent pendingIntent = wrapPendingIntent(PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("e" + i), FLAG_IMMUTABLE));
mCm.requestNetwork(networkRequest, pendingIntent);
mCm.unregisterNetworkCallback(pendingIntent);
}
waitForIdle();
for (int i = 0; i < MAX_REQUESTS; i++) {
final PendingIntent pendingIntent = PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("f" + i), FLAG_IMMUTABLE);
final PendingIntent pendingIntent = wrapPendingIntent(PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("f" + i), FLAG_IMMUTABLE));
mCm.registerNetworkCallback(networkRequest, pendingIntent);
mCm.unregisterNetworkCallback(pendingIntent);
}
@@ -9345,8 +9390,7 @@ public class ConnectivityServiceTest {
mServiceContext.setPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_SETTINGS, PERMISSION_DENIED);
mServiceContext.setPermission(Manifest.permission.NETWORK_STACK,
PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(Manifest.permission.NETWORK_SETUP_WIZARD,
PERMISSION_DENIED);
}
@@ -9787,7 +9831,7 @@ public class ConnectivityServiceTest {
setupConnectionOwnerUid(vpnOwnerUid, vpnType);
// Test as VPN app
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, PERMISSION_DENIED);
}
@@ -9827,8 +9871,7 @@ public class ConnectivityServiceTest {
public void testGetConnectionOwnerUidVpnServiceNetworkStackDoesNotThrow() throws Exception {
final int myUid = Process.myUid();
setupConnectionOwnerUid(myUid, VpnManager.TYPE_VPN_SERVICE);
mServiceContext.setPermission(
android.Manifest.permission.NETWORK_STACK, PERMISSION_GRANTED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_GRANTED);
assertEquals(42, mService.getConnectionOwnerUid(getTestConnectionInfo()));
}
@@ -9996,8 +10039,7 @@ public class ConnectivityServiceTest {
public void testCheckConnectivityDiagnosticsPermissionsNetworkStack() throws Exception {
final NetworkAgentInfo naiWithoutUid = fakeMobileNai(new NetworkCapabilities());
mServiceContext.setPermission(
android.Manifest.permission.NETWORK_STACK, PERMISSION_GRANTED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_GRANTED);
assertTrue(
"NetworkStack permission not applied",
mService.checkConnectivityDiagnosticsPermissions(
@@ -10013,7 +10055,7 @@ public class ConnectivityServiceTest {
nc.setAdministratorUids(new int[] {wrongUid});
final NetworkAgentInfo naiWithUid = fakeWifiNai(nc);
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
assertFalse(
"Mismatched uid/package name should not pass the location permission check",
@@ -10023,7 +10065,7 @@ public class ConnectivityServiceTest {
private void verifyConnectivityDiagnosticsPermissionsWithNetworkAgentInfo(
NetworkAgentInfo info, boolean expectPermission) {
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
assertEquals(
"Unexpected ConnDiags permission",
@@ -10091,7 +10133,7 @@ public class ConnectivityServiceTest {
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION);
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
assertTrue(
"NetworkCapabilities administrator uid permission not applied",
@@ -10108,7 +10150,7 @@ public class ConnectivityServiceTest {
setupLocationPermissions(Build.VERSION_CODES.Q, true, AppOpsManager.OPSTR_FINE_LOCATION,
Manifest.permission.ACCESS_FINE_LOCATION);
mServiceContext.setPermission(android.Manifest.permission.NETWORK_STACK, PERMISSION_DENIED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_DENIED);
// Use wrong pid and uid
assertFalse(
@@ -10134,8 +10176,7 @@ public class ConnectivityServiceTest {
final NetworkRequest request = new NetworkRequest.Builder().build();
when(mConnectivityDiagnosticsCallback.asBinder()).thenReturn(mIBinder);
mServiceContext.setPermission(
android.Manifest.permission.NETWORK_STACK, PERMISSION_GRANTED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_GRANTED);
mService.registerConnectivityDiagnosticsCallback(
mConnectivityDiagnosticsCallback, request, mContext.getPackageName());
@@ -10154,8 +10195,7 @@ public class ConnectivityServiceTest {
final NetworkRequest request = new NetworkRequest.Builder().build();
when(mConnectivityDiagnosticsCallback.asBinder()).thenReturn(mIBinder);
mServiceContext.setPermission(
android.Manifest.permission.NETWORK_STACK, PERMISSION_GRANTED);
mServiceContext.setPermission(NETWORK_STACK, PERMISSION_GRANTED);
mService.registerConnectivityDiagnosticsCallback(
mConnectivityDiagnosticsCallback, request, mContext.getPackageName());
@@ -12886,8 +12926,8 @@ public class ConnectivityServiceTest {
@Test
public void testNetworkRequestWithSubIdsWithNetworkFactoryPermission() throws Exception {
mServiceContext.setPermission(NETWORK_FACTORY, PERMISSION_GRANTED);
final PendingIntent pendingIntent = PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("a"), FLAG_IMMUTABLE);
final PendingIntent pendingIntent = wrapPendingIntent(PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("a"), FLAG_IMMUTABLE));
final NetworkCallback networkCallback1 = new NetworkCallback();
final NetworkCallback networkCallback2 = new NetworkCallback();
@@ -12903,8 +12943,8 @@ public class ConnectivityServiceTest {
@Test
public void testNetworkRequestWithSubIdsWithoutNetworkFactoryPermission() throws Exception {
mServiceContext.setPermission(NETWORK_FACTORY, PERMISSION_DENIED);
final PendingIntent pendingIntent = PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("a"), FLAG_IMMUTABLE);
final PendingIntent pendingIntent = wrapPendingIntent(PendingIntent.getBroadcast(
mContext, 0 /* requestCode */, new Intent("a"), FLAG_IMMUTABLE));
final Class<SecurityException> expected = SecurityException.class;
assertThrows(