Google Git
Sign in
android / platform / cts / 475490c2b8d3cc7dfc2865194cb14ba4d5f723e0 / . / hostsidetests / appsecurity / test-apps / UsePermissionDiffCert / src / com / android / cts / usespermissiondiffcertapp / UriGrantsServiceTest.java
blob: 7be059fd19482040343766d9c9bcdd77642de426 [file] [log] [blame]
/*
* Copyright (C) 2019 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.cts.usespermissiondiffcertapp;
import static com.android.cts.usespermissiondiffcertapp.AccessPermissionWithDiffSigTest.GRANTABLE;
import static com.android.cts.usespermissiondiffcertapp.AccessPermissionWithDiffSigTest.GRANTABLE_MODES;
import static com.android.cts.usespermissiondiffcertapp.AccessPermissionWithDiffSigTest.NOT_GRANTABLE;
import static com.android.cts.usespermissiondiffcertapp.AccessPermissionWithDiffSigTest.NOT_GRANTABLE_MODES;
import static com.android.cts.usespermissiondiffcertapp.Asserts.assertAccess;
import static com.android.cts.usespermissiondiffcertapp.UriGrantsTest.TAG;
import static com.android.cts.usespermissiondiffcertapp.Utils.grantClipUriPermission;
import static junit.framework.Assert.fail;
import android.content.ClipData;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.util.Log;
import androidx.test.InstrumentationRegistry;
import androidx.test.runner.AndroidJUnit4;
import org.junit.Test;
import org.junit.runner.RunWith;
import java.util.function.Function;
@RunWith(AndroidJUnit4.class)
public class UriGrantsServiceTest {
private static Context getContext() {
return InstrumentationRegistry.getTargetContext();
}
@Test
public void testGrantableToService() {
for (Uri uri : GRANTABLE) {
for (int mode : GRANTABLE_MODES) {
Log.d(TAG, "Testing " + uri + " " + mode);
assertGrantableToService(uri, mode, UriGrantsTest::makeSingleClipData);
assertGrantableToService(uri, mode, UriGrantsTest::makeMultiClipData);
}
}
}
private void assertGrantableToService(Uri uri, int mode, Function<Uri, ClipData> clipper) {
final Uri subUri = Uri.withAppendedPath(uri, "foo");
final Uri subSubUri = Uri.withAppendedPath(subUri, "bar");
final Uri sub2Uri = Uri.withAppendedPath(uri, "yes");
final Uri sub2SubUri = Uri.withAppendedPath(sub2Uri, "no");
ReceiveUriService.stop(getContext());
final ClipData subClip = clipper.apply(subUri);
final ClipData sub2Clip = clipper.apply(sub2Uri);
assertAccess(uri, 0);
assertAccess(subClip, 0);
assertAccess(subUri, 0);
assertAccess(subSubUri, 0);
assertAccess(sub2Clip, 0);
assertAccess(sub2Uri, 0);
assertAccess(sub2SubUri, 0);
// --------------------------------
ReceiveUriService.clearStarted();
grantClipUriPermission(subClip, mode, true);
ReceiveUriService.waitForStart();
int firstStartId = ReceiveUriService.getCurStartId();
assertAccess(uri, 0);
assertAccess(subClip, mode);
assertAccess(subUri, mode);
assertAccess(subSubUri, 0);
assertAccess(sub2Clip, 0);
assertAccess(sub2Uri, 0);
assertAccess(sub2SubUri, 0);
// --------------------------------
// Send another Intent to it.
ReceiveUriService.clearStarted();
grantClipUriPermission(sub2Clip, mode, true);
ReceiveUriService.waitForStart();
assertAccess(uri, 0);
assertAccess(subClip, mode);
assertAccess(subUri, mode);
assertAccess(subSubUri, 0);
assertAccess(sub2Clip, mode);
assertAccess(sub2Uri, mode);
assertAccess(sub2SubUri, 0);
// And make sure we can't generate a permission to a running service.
assertNotGrantableToService(Uri.withAppendedPath(uri, "hah"), mode, clipper);
// --------------------------------
// Stop the first command.
ReceiveUriService.stopCurWithId(firstStartId);
assertAccess(uri, 0);
assertAccess(subClip, 0);
assertAccess(subUri, 0);
assertAccess(subSubUri, 0);
assertAccess(sub2Clip, mode);
assertAccess(sub2Uri, mode);
assertAccess(sub2SubUri, 0);
// --------------------------------
// Dispose of service.
ReceiveUriService.stopSync(getContext());
assertAccess(uri, 0);
assertAccess(subClip, 0);
assertAccess(subUri, 0);
assertAccess(subSubUri, 0);
assertAccess(sub2Clip, 0);
assertAccess(sub2Uri, 0);
assertAccess(sub2SubUri, 0);
}
@Test
public void testNotGrantableToService() {
for (Uri uri : NOT_GRANTABLE) {
for (int mode : NOT_GRANTABLE_MODES) {
Log.d(TAG, "Testing " + uri + " " + mode);
assertNotGrantableToService(uri, mode, UriGrantsTest::makeSingleClipData);
assertNotGrantableToService(uri, mode, UriGrantsTest::makeMultiClipData);
}
}
}
private void assertNotGrantableToService(Uri uri, int mode, Function<Uri, ClipData> clipper) {
final Uri subUri = Uri.withAppendedPath(uri, "foo");
final ClipData subClip = clipper.apply(subUri);
Intent grantIntent = new Intent();
grantIntent.setClipData(subClip);
grantIntent.addFlags(mode);
grantIntent.setClass(getContext(), ReceiveUriService.class);
try {
getContext().startService(grantIntent);
fail("expected SecurityException granting " + subClip + " to service");
} catch (SecurityException e) {
// This is what we want.
}
}
}