common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/permissions/PermissionsTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.bedstead.nene.permissions;

 import static android.content.pm.PackageManager.PERMISSION_DENIED;
 import static android.content.pm.PackageManager.PERMISSION_GRANTED;
 import static android.os.Build.VERSION_CODES.Q;
 import static android.os.Build.VERSION_CODES.R;
 import static android.os.Build.VERSION_CODES.S;

 import static com.google.common.truth.Truth.assertThat;

 import static org.testng.Assert.assertThrows;

 import android.content.Context;

 import com.android.bedstead.harrier.BedsteadJUnit4;
 import com.android.bedstead.harrier.DeviceState;
 import com.android.bedstead.harrier.annotations.RequireSdkVersion;
 import com.android.bedstead.nene.TestApis;
 import com.android.bedstead.nene.exceptions.NeneException;
 import com.android.bedstead.nene.utils.ShellCommandUtils;

 import org.junit.ClassRule;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;

 @RunWith(BedsteadJUnit4.class)
 public class PermissionsTest {

     @ClassRule @Rule
     public static final DeviceState sDeviceState = new DeviceState();

     private static final String PERMISSION_HELD_BY_SHELL =
             "android.permission.INTERACT_ACROSS_PROFILES";
     private static final String DIFFERENT_PERMISSION_HELD_BY_SHELL =
             "android.permission.INTERACT_ACROSS_USERS_FULL";
     private static final Context sContext = TestApis.context().instrumentedContext();

     private static final String NON_EXISTING_PERMISSION = "permissionWhichDoesNotExist";

     // We expect these permissions are listed in the Manifest
     private static final String INSTALL_PERMISSION = "android.permission.CHANGE_WIFI_STATE";
     private static final String DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S =
             "android.permission.INTERNET";

     @Test
     @RequireSdkVersion(min = Q, reason = "drop shell permissions only available on Q+")
     public void default_permissionIsNotGranted() {
         ShellCommandUtils.uiAutomation().dropShellPermissionIdentity();

         assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                 .isEqualTo(PERMISSION_DENIED);
     }

     @Test
     @RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
     public void withPermission_shellPermission_permissionIsGranted() {
         try (PermissionContext p =
                      TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL)) {
             assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_GRANTED);
         }
     }

     @Test
     @RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
     public void withoutPermission_alreadyGranted_androidPreQ_throwsException() {
         assertThrows(NeneException.class,
                 () -> TestApis.permissions().withoutPermission(
                         DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S));
     }

     @Test
     @RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
     public void withoutPermission_permissionIsNotGranted() {
         try (PermissionContext p = TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL);
              PermissionContext p2 = TestApis.permissions().withoutPermission(
                      PERMISSION_HELD_BY_SHELL)) {

             assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_DENIED);
         }
     }

     @Test
     @RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
     public void autoclose_withoutPermission_permissionIsGrantedAgain() {
         try (PermissionContext p =
                      TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL)) {
             try (PermissionContext p2 =
                          TestApis.permissions().withoutPermission(PERMISSION_HELD_BY_SHELL)) {
                 // Intentionally empty as we're testing that autoclosing restores the permission
             }

             assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_GRANTED);
         }
     }

     @Test
     @RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
     public void withoutPermission_installPermission_androidPreQ_throwsException() {
         assertThrows(NeneException.class,
                 () -> TestApis.permissions().withoutPermission(INSTALL_PERMISSION));
     }

     @Test
     @RequireSdkVersion(min = Q, max = R,
             reason = "adopt shell permissions only available on Q+ - after S - all available"
                     + " permissions are held by shell")
     public void withoutPermission_permissionIsAlreadyGrantedInInstrumentedApp_permissionIsNotGranted() {
         try (PermissionContext p =
                     TestApis.permissions().withoutPermission(
                             DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S)) {
             assertThat(
                     sContext.checkSelfPermission(DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S))
                     .isEqualTo(PERMISSION_DENIED);
         }
     }

     @Test
     @RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
     public void withoutPermission_permissionIsAlreadyGrantedInInstrumentedApp_androidPreQ_throwsException() {
         assertThrows(NeneException.class,
                 () -> TestApis.permissions().withoutPermission(
                         DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S));
     }

     @Test
     public void withPermission_permissionIsAlreadyGrantedInInstrumentedApp_permissionIsGranted() {
         try (PermissionContext p =
                     TestApis.permissions().withPermission(
                             DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S)) {
             assertThat(
                     sContext.checkSelfPermission(DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S))
                     .isEqualTo(PERMISSION_GRANTED);
         }
     }

     @Test
     public void withPermission_nonExistingPermission_throwsException() {
         assertThrows(NeneException.class,
                 () -> TestApis.permissions().withPermission(NON_EXISTING_PERMISSION));
     }

     @Test
     public void withoutPermission_nonExistingPermission_doesNotThrowException() {
         try (PermissionContext p =
                      TestApis.permissions().withoutPermission(NON_EXISTING_PERMISSION)) {
             // Intentionally empty
         }
     }

     @Test
     @RequireSdkVersion(min = R)
     public void withPermissionAndWithoutPermission_bothApplied() {
         try (PermissionContext p = TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL)
                 .withoutPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL)) {

             assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_GRANTED);
             assertThat(sContext.checkSelfPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_DENIED);
         }
     }

     @Test
     @RequireSdkVersion(min = R)
     public void withoutPermissionAndWithPermission_bothApplied() {
         try (PermissionContext p = TestApis.permissions()
                 .withoutPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL)
                 .withPermission(PERMISSION_HELD_BY_SHELL)) {

             assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_GRANTED);
             assertThat(sContext.checkSelfPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_DENIED);
         }
     }

     @Test
     public void withPermissionAndWithoutPermission_contradictoryPermissions_throwsException() {
         assertThrows(NeneException.class, () -> TestApis.permissions()
                 .withPermission(PERMISSION_HELD_BY_SHELL)
                 .withoutPermission(PERMISSION_HELD_BY_SHELL));
     }

     @Test
     public void withoutPermissionAndWithPermission_contradictoryPermissions_throwsException() {
         assertThrows(NeneException.class, () -> TestApis.permissions()
                 .withoutPermission(PERMISSION_HELD_BY_SHELL)
                 .withPermission(PERMISSION_HELD_BY_SHELL));
     }

     @Test
     @RequireSdkVersion(min = S, reason = "restoring shell permissions only available on S+")
     public void withoutPermission_androidSAndAbove_restoresPreviousPermissionContext() {
         ShellCommandUtils.uiAutomation().adoptShellPermissionIdentity(PERMISSION_HELD_BY_SHELL);

         try {
             PermissionContext p =
                     TestApis.permissions()
                             .withoutPermission(PERMISSION_HELD_BY_SHELL);
             p.close();

             assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
                     .isEqualTo(PERMISSION_GRANTED);
         } finally {
             ShellCommandUtils.uiAutomation().dropShellPermissionIdentity();
         }
     }

     // TODO(scottjonathan): Once we can install the testapp without granting all runtime
     //  permissions, add a test that this works pre-Q
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.bedstead.nene.permissions;

	import static android.content.pm.PackageManager.PERMISSION_DENIED;
	import static android.content.pm.PackageManager.PERMISSION_GRANTED;
	import static android.os.Build.VERSION_CODES.Q;
	import static android.os.Build.VERSION_CODES.R;
	import static android.os.Build.VERSION_CODES.S;

	import static com.google.common.truth.Truth.assertThat;

	import static org.testng.Assert.assertThrows;

	import android.content.Context;

	import com.android.bedstead.harrier.BedsteadJUnit4;
	import com.android.bedstead.harrier.DeviceState;
	import com.android.bedstead.harrier.annotations.RequireSdkVersion;
	import com.android.bedstead.nene.TestApis;
	import com.android.bedstead.nene.exceptions.NeneException;
	import com.android.bedstead.nene.utils.ShellCommandUtils;

	import org.junit.ClassRule;
	import org.junit.Rule;
	import org.junit.Test;
	import org.junit.runner.RunWith;

	@RunWith(BedsteadJUnit4.class)
	public class PermissionsTest {

	@ClassRule @Rule
	public static final DeviceState sDeviceState = new DeviceState();

	private static final String PERMISSION_HELD_BY_SHELL =
	"android.permission.INTERACT_ACROSS_PROFILES";
	private static final String DIFFERENT_PERMISSION_HELD_BY_SHELL =
	"android.permission.INTERACT_ACROSS_USERS_FULL";
	private static final Context sContext = TestApis.context().instrumentedContext();

	private static final String NON_EXISTING_PERMISSION = "permissionWhichDoesNotExist";

	// We expect these permissions are listed in the Manifest
	private static final String INSTALL_PERMISSION = "android.permission.CHANGE_WIFI_STATE";
	private static final String DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S =
	"android.permission.INTERNET";

	@Test
	@RequireSdkVersion(min = Q, reason = "drop shell permissions only available on Q+")
	public void default_permissionIsNotGranted() {
	ShellCommandUtils.uiAutomation().dropShellPermissionIdentity();

	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_DENIED);
	}

	@Test
	@RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
	public void withPermission_shellPermission_permissionIsGranted() {
	try (PermissionContext p =
	TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL)) {
	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_GRANTED);
	}
	}

	@Test
	@RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
	public void withoutPermission_alreadyGranted_androidPreQ_throwsException() {
	assertThrows(NeneException.class,
	() -> TestApis.permissions().withoutPermission(
	DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S));
	}

	@Test
	@RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
	public void withoutPermission_permissionIsNotGranted() {
	try (PermissionContext p = TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL);
	PermissionContext p2 = TestApis.permissions().withoutPermission(
	PERMISSION_HELD_BY_SHELL)) {

	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_DENIED);
	}
	}

	@Test
	@RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
	public void autoclose_withoutPermission_permissionIsGrantedAgain() {
	try (PermissionContext p =
	TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL)) {
	try (PermissionContext p2 =
	TestApis.permissions().withoutPermission(PERMISSION_HELD_BY_SHELL)) {
	// Intentionally empty as we're testing that autoclosing restores the permission
	}

	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_GRANTED);
	}
	}

	@Test
	@RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
	public void withoutPermission_installPermission_androidPreQ_throwsException() {
	assertThrows(NeneException.class,
	() -> TestApis.permissions().withoutPermission(INSTALL_PERMISSION));
	}

	@Test
	@RequireSdkVersion(min = Q, max = R,
	reason = "adopt shell permissions only available on Q+ - after S - all available"
	+ " permissions are held by shell")
	public void withoutPermission_permissionIsAlreadyGrantedInInstrumentedApp_permissionIsNotGranted() {
	try (PermissionContext p =
	TestApis.permissions().withoutPermission(
	DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S)) {
	assertThat(
	sContext.checkSelfPermission(DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S))
	.isEqualTo(PERMISSION_DENIED);
	}
	}

	@Test
	@RequireSdkVersion(min = Q, reason = "adopt shell permissions only available on Q+")
	public void withoutPermission_permissionIsAlreadyGrantedInInstrumentedApp_androidPreQ_throwsException() {
	assertThrows(NeneException.class,
	() -> TestApis.permissions().withoutPermission(
	DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S));
	}

	@Test
	public void withPermission_permissionIsAlreadyGrantedInInstrumentedApp_permissionIsGranted() {
	try (PermissionContext p =
	TestApis.permissions().withPermission(
	DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S)) {
	assertThat(
	sContext.checkSelfPermission(DECLARED_PERMISSION_NOT_HELD_BY_SHELL_PRE_S))
	.isEqualTo(PERMISSION_GRANTED);
	}
	}

	@Test
	public void withPermission_nonExistingPermission_throwsException() {
	assertThrows(NeneException.class,
	() -> TestApis.permissions().withPermission(NON_EXISTING_PERMISSION));
	}

	@Test
	public void withoutPermission_nonExistingPermission_doesNotThrowException() {
	try (PermissionContext p =
	TestApis.permissions().withoutPermission(NON_EXISTING_PERMISSION)) {
	// Intentionally empty
	}
	}

	@Test
	@RequireSdkVersion(min = R)
	public void withPermissionAndWithoutPermission_bothApplied() {
	try (PermissionContext p = TestApis.permissions().withPermission(PERMISSION_HELD_BY_SHELL)
	.withoutPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL)) {

	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_GRANTED);
	assertThat(sContext.checkSelfPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_DENIED);
	}
	}

	@Test
	@RequireSdkVersion(min = R)
	public void withoutPermissionAndWithPermission_bothApplied() {
	try (PermissionContext p = TestApis.permissions()
	.withoutPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL)
	.withPermission(PERMISSION_HELD_BY_SHELL)) {

	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_GRANTED);
	assertThat(sContext.checkSelfPermission(DIFFERENT_PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_DENIED);
	}
	}

	@Test
	public void withPermissionAndWithoutPermission_contradictoryPermissions_throwsException() {
	assertThrows(NeneException.class, () -> TestApis.permissions()
	.withPermission(PERMISSION_HELD_BY_SHELL)
	.withoutPermission(PERMISSION_HELD_BY_SHELL));
	}

	@Test
	public void withoutPermissionAndWithPermission_contradictoryPermissions_throwsException() {
	assertThrows(NeneException.class, () -> TestApis.permissions()
	.withoutPermission(PERMISSION_HELD_BY_SHELL)
	.withPermission(PERMISSION_HELD_BY_SHELL));
	}

	@Test
	@RequireSdkVersion(min = S, reason = "restoring shell permissions only available on S+")
	public void withoutPermission_androidSAndAbove_restoresPreviousPermissionContext() {
	ShellCommandUtils.uiAutomation().adoptShellPermissionIdentity(PERMISSION_HELD_BY_SHELL);

	try {
	PermissionContext p =
	TestApis.permissions()
	.withoutPermission(PERMISSION_HELD_BY_SHELL);
	p.close();

	assertThat(sContext.checkSelfPermission(PERMISSION_HELD_BY_SHELL))
	.isEqualTo(PERMISSION_GRANTED);
	} finally {
	ShellCommandUtils.uiAutomation().dropShellPermissionIdentity();
	}
	}

	// TODO(scottjonathan): Once we can install the testapp without granting all runtime
	// permissions, add a test that this works pre-Q
	}