1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.permission.policy; 18 19 import static junit.framework.Assert.fail; 20 21 import android.content.Context; 22 import android.content.pm.PackageInfo; 23 import android.content.pm.PackageManager; 24 import android.content.pm.PermissionInfo; 25 26 import androidx.test.InstrumentationRegistry; 27 28 import org.junit.Test; 29 30 /** 31 * Tests for the platform permission policy around apps targeting API 25 32 */ 33 public class PermissionPolicyTest25 { 34 private static final String PLATFORM_PACKAGE_NAME = "android"; 35 36 @Test testNoProtectionFlagsAddedToNonSignatureProtectionPermissions()37 public void testNoProtectionFlagsAddedToNonSignatureProtectionPermissions() throws Exception { 38 final Context context = InstrumentationRegistry.getInstrumentation().getContext(); 39 final PackageInfo platformPackage = context.getPackageManager() 40 .getPackageInfo(PLATFORM_PACKAGE_NAME, PackageManager.GET_PERMISSIONS); 41 String errorMessage = null; 42 for (PermissionInfo declaredPermission : platformPackage.permissions) { 43 PermissionInfo permissionInfo = context.getPackageManager() 44 .getPermissionInfo(declaredPermission.name, 0); 45 final int protectionLevel = permissionInfo.protectionLevel 46 & (PermissionInfo.PROTECTION_NORMAL 47 | PermissionInfo.PROTECTION_DANGEROUS 48 | PermissionInfo.PROTECTION_SIGNATURE); 49 final int protectionFlags = permissionInfo.protectionLevel & ~protectionLevel; 50 if (protectionLevel == PermissionInfo.PROTECTION_NORMAL && protectionFlags != 0) { 51 errorMessage += "\nCannot add protection flags: " 52 + protectionFlagsToString(permissionInfo.protectionLevel) 53 + " to a normal protection permission: " + permissionInfo.name; 54 } 55 if (protectionLevel == PermissionInfo.PROTECTION_DANGEROUS && protectionFlags != 0) { 56 errorMessage += "\nCannot add protection flags: " 57 + protectionFlagsToString(permissionInfo.protectionLevel) 58 + " to a dangerous protection permission: " + permissionInfo.name; 59 } 60 } 61 if (errorMessage != null) { 62 fail(errorMessage); 63 } 64 } 65 protectionFlagsToString(int protectionLevel)66 private static String protectionFlagsToString(int protectionLevel) { 67 String flagsToString = ""; 68 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) != 0) { 69 flagsToString += flagsToString.isEmpty() ? "runtimeOnly" : "|runtimeOnly"; 70 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY; 71 } 72 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTANT) != 0) { 73 flagsToString += flagsToString.isEmpty() ? "ephemeral" : "|ephemeral"; 74 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_INSTANT; 75 } 76 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_APPOP) != 0) { 77 flagsToString += flagsToString.isEmpty() ? "appop" : "|appop"; 78 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_APPOP; 79 } 80 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) { 81 flagsToString += flagsToString.isEmpty() ? "development" : "|development"; 82 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_DEVELOPMENT; 83 } 84 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTALLER) != 0) { 85 flagsToString += flagsToString.isEmpty() ? "installer" : "|installer"; 86 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_INSTALLER; 87 } 88 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) != 0) { 89 flagsToString += flagsToString.isEmpty() ? "pre23" : "|pre23"; 90 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_PRE23; 91 } 92 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0) { 93 flagsToString += flagsToString.isEmpty() ? "privileged" : "|privileged"; 94 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_PRIVILEGED; 95 } 96 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0) { 97 flagsToString += flagsToString.isEmpty() ? "preinstalled" : "|preinstalled"; 98 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_PREINSTALLED; 99 } 100 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) { 101 flagsToString += flagsToString.isEmpty() ? "system" : "|system"; 102 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_SYSTEM; 103 } 104 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_SETUP) != 0) { 105 flagsToString += flagsToString.isEmpty() ? "setup" : "|setup"; 106 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_SETUP; 107 } 108 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_VERIFIER) != 0) { 109 flagsToString += flagsToString.isEmpty() ? "verifier" : "|verifier"; 110 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_VERIFIER; 111 } 112 protectionLevel &= ~(PermissionInfo.PROTECTION_NORMAL 113 | PermissionInfo.PROTECTION_DANGEROUS 114 | PermissionInfo.PROTECTION_SIGNATURE); 115 if (protectionLevel != 0) { 116 flagsToString += flagsToString.isEmpty() ? Integer.toHexString(protectionLevel) 117 : "|" + Integer.toHexString(protectionLevel); 118 } 119 return flagsToString; 120 } 121 } 122