tests/tests/telephonyprovider/src/android/telephonyprovider/cts/TelephonyProviderTest.java

/*
 * Copyright (C) 2013 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.telephonyprovider.cts;

import android.content.ContentResolver;
import android.database.Cursor;
import android.net.Uri;
import android.provider.Telephony.Carriers;
import android.test.InstrumentationTestCase;

public class TelephonyProviderTest extends InstrumentationTestCase {
    private ContentResolver mContentResolver;
    private static final String[] APN_PROJECTION = {
        Carriers.TYPE,
        Carriers.MMSC,
        Carriers.MMSPROXY,
        Carriers.MMSPORT,
        Carriers.MVNO_TYPE,
        Carriers.MVNO_MATCH_DATA
    };

    @Override
    protected void setUp() throws Exception {
        super.setUp();
        mContentResolver = getInstrumentation().getContext().getContentResolver();
    }

    // In JB MR1 access to the TelephonyProvider's Carriers table was clamped down and would
    // throw a SecurityException when queried. That was fixed in JB MR2. Verify that 3rd parties
    // can access the APN info the carriers table, after JB MR1.
    public void testAccessToApns() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL";
            String[] selectionArgs = null;
            Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
                    APN_PROJECTION, selection, selectionArgs, null);
        } catch (SecurityException e) {
            fail("No access to current APN");
        }
    }

    public void testNoAccessToPassword() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL AND "
                    + Carriers.PASSWORD + " IS NOT NULL";
            String[] selectionArgs = null;
            Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
                    APN_PROJECTION, selection, selectionArgs, null);
            fail("Expected SecurityException");
        } catch (SecurityException e) {
            // expected
        }
    }

    public void testNoAccessToPasswordThruSort() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL";
            String[] selectionArgs = null;
            String sort = "LIMIT CASE WHEN ((SELECT COUNT(*) FROM carriers WHERE"
                    + " password LIKE 'a%') > 0) THEN 1 ELSE 0 END";
            Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
                    APN_PROJECTION, selection, selectionArgs, sort);
            fail("Expected SecurityException");
        } catch (SecurityException e) {
            // expected
        }
    }

    public void testNoAccessToPasswordThruMixedCase() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL";
            String[] selectionArgs = null;
            String sort = "LIMIT CASE WHEN ((SELECT COUNT(*) FROM carriers WHERE"
                    + " PaSsWoRd LIKE 'a%') > 0) THEN 1 ELSE 0 END";
            Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
                    APN_PROJECTION, selection, selectionArgs, sort);
            fail("Expected SecurityException");
        } catch (SecurityException e) {
            // expected
        }
    }

    public void testNoAccessToUser() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL AND "
                    + Carriers.USER + " IS NOT NULL";
            String[] selectionArgs = null;
            String sort = "LIMIT CASE WHEN ((SELECT COUNT(*) FROM carriers WHERE"
                    + " user LIKE 'a%') > 0) THEN 1 ELSE 0 END";
            Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
                    APN_PROJECTION, selection, selectionArgs, sort);
            fail("Expected SecurityException");
        } catch (SecurityException e) {
            // expected
        }
    }

    public void testNoAccessViaSubqueries() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL";
            String[] selectionArgs = null;
            String sort = "LIMIT CASE WHEN ((SELECT COUNT(*) FROM carriers WHERE"
                    + " mcc LIKE 'a%') > 0) THEN 1 ELSE 0 END";
            Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
                    APN_PROJECTION, selection, selectionArgs, sort);
            fail("Expected SecurityException");
        } catch (SecurityException e) {
            // expected
        }
    }

    public void testNoAccessToUserWithDifferentUri() {
        try {
            String selection = Carriers.CURRENT + " IS NOT NULL AND "
                    + Carriers.USER + " IS NOT NULL";
            String[] selectionArgs = null;
            String sort = "LIMIT CASE WHEN ((SELECT COUNT(*) FROM carriers WHERE"
                    + " user LIKE 'a%') > 0) THEN 1 ELSE 0 END";
            Cursor cursor = mContentResolver.query(Uri.parse("content://telephony/siminfo"),
                    APN_PROJECTION, selection, selectionArgs, sort);
            fail("Expected SecurityException");
        } catch (SecurityException e) {
            // expected
        }
    }
}