Google Git
Sign in
android / platform / cts / 46c031b7d8c22e66765e566558a3d633f81224c0 / . / hostsidetests / blobstore / src / com / android / cts / host / blob / BlobStoreMultiUserTest.java
blob: ec13654ffb5ce572f558b014d3f706574d2e2ef6 [file] [log] [blame]
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.cts.host.blob;
import static org.junit.Assume.assumeTrue;
import static com.google.common.truth.Truth.assertThat;
import com.android.tradefed.invoker.TestInformation;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import com.android.tradefed.testtype.junit4.AfterClassWithInfo;
import com.android.tradefed.testtype.junit4.BeforeClassWithInfo;
import com.android.tradefed.util.Pair;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import java.util.Map;
@RunWith(DeviceJUnit4ClassRunner.class)
public class BlobStoreMultiUserTest extends BaseBlobStoreHostTest {
private static final String TEST_CLASS = TARGET_PKG + ".DataCleanupTest";
private static int mPrimaryUserId;
private static int mSecondaryUserId;
@BeforeClassWithInfo
public static void setUpClass(TestInformation testInfo) throws Exception {
assumeTrue("Multi-user is not supported on this device",
isMultiUserSupported(testInfo.getDevice()));
mPrimaryUserId = testInfo.getDevice().getPrimaryUserId();
mSecondaryUserId = testInfo.getDevice().createUser("Test_User");
assertThat(testInfo.getDevice().startUser(mSecondaryUserId)).isTrue();
}
@Before
public void setUp() throws Exception {
for (String apk : new String[] {TARGET_APK, TARGET_APK_DEV}) {
installPackageAsUser(apk, true /* grantPermissions */, mPrimaryUserId, "-t");
installPackageAsUser(apk, true /* grantPermissions */, mSecondaryUserId, "-t");
}
// We would verify access with and without the app holding the assist role, so we don't
// want the ACCESS_BLOBS_ACROSS_USERS permission to be granted by default.
installPackageAsUser(TARGET_APK_ASSIST, false /* grantPermissions */, mPrimaryUserId);
installPackageAsUser(TARGET_APK_ASSIST, false /* grantPermissions */, mSecondaryUserId);
}
@AfterClassWithInfo
public static void tearDownClass(TestInformation testInfo) throws Exception {
if (mSecondaryUserId > 0) {
testInfo.getDevice().removeUser(mSecondaryUserId);
}
}
@Test
public void testCreateAndOpenSession() throws Exception {
// Create a session.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testCreateSession",
mPrimaryUserId);
final Map<String, String> args = createArgsFromLastTestRun();
// Verify that previously created session can be accessed.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenSession", args,
mPrimaryUserId);
// verify that previously created session cannot be accessed from another user.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenSession_shouldThrow", args,
mSecondaryUserId);
}
@Test
public void testCommitAndOpenBlob() throws Exception {
Map<String, String> args = createArgs(Pair.create(KEY_ALLOW_PUBLIC, String.valueOf(1)));
// Commit a blob.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testCommitBlob", args,
mPrimaryUserId);
args = createArgsFromLastTestRun();
// Verify that previously committed blob can be accessed.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob", args,
mPrimaryUserId);
// Verify that previously committed blob cannot be access from another user.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob_shouldThrow", args,
mSecondaryUserId);
}
@Test
public void testBlobAccessAcrossUsers_withTestOnlyApp() throws Exception {
Map<String, String> args = createArgs(Pair.create(KEY_ALLOW_PUBLIC, String.valueOf(1)));
// Commit a blob.
runDeviceTestAsUser(TARGET_PKG_DEV, TEST_CLASS, "testCommitBlob", args,
mPrimaryUserId);
Map<String, String> argsFromLastTestRun = createArgsFromLastTestRun();
// Verify that previously committed blob can be accessed.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob", argsFromLastTestRun,
mPrimaryUserId);
// Verify that previously committed blob cannot be access from another user.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob_shouldThrow", argsFromLastTestRun,
mSecondaryUserId);
// Verify that previously committed blob can be accessed from another user holding
// a priv permission.
runDeviceTestAsUser(TARGET_PKG_DEV, TEST_CLASS, "testOpenBlob", argsFromLastTestRun,
mSecondaryUserId);
}
@Test
public void testBlobAccessAcrossUsers_withAssistRole() throws Exception {
// TODO: make it same signature
Map<String, String> args = createArgs(Pair.create(KEY_ALLOW_SAME_SIGNATURE,
String.valueOf(1)));
try {
addAssistRoleHolder(TARGET_PKG_ASSIST, mPrimaryUserId);
// Commit a blob.
runDeviceTestAsUser(TARGET_PKG_ASSIST, TEST_CLASS, "testCommitBlob", args,
mPrimaryUserId);
Map<String, String> argsFromLastTestRun = createArgsFromLastTestRun();
// Verify that previously committed blob cannot be access from another user.
runDeviceTestAsUser(TARGET_PKG_ASSIST, TEST_CLASS, "testOpenBlob_shouldThrow",
argsFromLastTestRun, mSecondaryUserId);
// Verify that previously committed blob can be accessed from another user holding
// a priv permission.
try {
addAssistRoleHolder(TARGET_PKG_ASSIST, mSecondaryUserId);
runDeviceTestAsUser(TARGET_PKG_ASSIST, TEST_CLASS, "testOpenBlob",
argsFromLastTestRun, mSecondaryUserId);
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob_shouldThrow",
argsFromLastTestRun, mSecondaryUserId);
} finally {
removeAssistRoleHolder(TARGET_PKG_ASSIST, mSecondaryUserId);
}
} finally {
removeAssistRoleHolder(TARGET_PKG_ASSIST, mPrimaryUserId);
}
}
@Test
public void testBlobAccessAcrossUsers_recommit() throws Exception {
Map<String, String> args = createArgs(Pair.create(KEY_ALLOW_PUBLIC, String.valueOf(1)));
// Commit a blob.
runDeviceTestAsUser(TARGET_PKG_DEV, TEST_CLASS, "testCommitBlob", args,
mPrimaryUserId);
Map<String, String> argsFromLastTestRun = createArgsFromLastTestRun();
// Verify that previously committed blob cannot be access from another user.
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob_shouldThrow", argsFromLastTestRun,
mSecondaryUserId);
// Recommit the blob on another user
argsFromLastTestRun.putAll(args);
runDeviceTestAsUser(TARGET_PKG_DEV, TEST_CLASS, "testRecommitBlob", argsFromLastTestRun,
mSecondaryUserId);
// Any package on another user should be able to access the blob
runDeviceTestAsUser(TARGET_PKG, TEST_CLASS, "testOpenBlob", argsFromLastTestRun,
mSecondaryUserId);
}
@Test
public void testBlobAccessAcrossUsers_withDifferentApps() throws Exception {
Map<String, String> args = createArgs(Pair.create(KEY_ALLOW_PUBLIC,
String.valueOf(1)));
try {
addAssistRoleHolder(TARGET_PKG_ASSIST, mPrimaryUserId);
// Commit a blob.
runDeviceTestAsUser(TARGET_PKG_ASSIST, TEST_CLASS, "testCommitBlob", args,
mPrimaryUserId);
Map<String, String> argsFromLastTestRun = createArgsFromLastTestRun();
// Verify that previously committed blob cannot be access from another user.
runDeviceTestAsUser(TARGET_PKG_ASSIST, TEST_CLASS, "testOpenBlob_shouldThrow",
argsFromLastTestRun, mSecondaryUserId);
// Verify that previously committed blob can be accessed from another user holding
// a priv permission.
runDeviceTestAsUser(TARGET_PKG_DEV, TEST_CLASS, "testOpenBlob", argsFromLastTestRun,
mSecondaryUserId);
} finally {
removeAssistRoleHolder(TARGET_PKG_ASSIST, mPrimaryUserId);
}
}
}