Improved ServicePermissionsTest so it shows all failures.
Test: atest CtsSecurityTestCases:android.security.cts.ServicePermissionsTest#testDumpProtected
Bug: 143966438
Change-Id: I121752d6e748f9efcc5f620e0436c5332035d5fa
diff --git a/tests/tests/security/src/android/security/cts/ServicePermissionsTest.java b/tests/tests/security/src/android/security/cts/ServicePermissionsTest.java
index bfe1f55..60e27e6 100644
--- a/tests/tests/security/src/android/security/cts/ServicePermissionsTest.java
+++ b/tests/tests/security/src/android/security/cts/ServicePermissionsTest.java
@@ -79,6 +79,8 @@
return;
}
+ final ArrayList<String> failures = new ArrayList<>();
+
for (String service : services) {
mTempFile.delete();
@@ -109,7 +111,8 @@
} else {
// Service is throwing about something else; they're
// probably not checking for DUMP.
- throw e;
+ failures.add("Service " + service + " threw exception: " + e);
+ continue;
}
} catch (TransactionTooLargeException | DeadObjectException e) {
// SELinux likely prevented the dump - assume safe
@@ -133,19 +136,29 @@
}
if (lines.size() > 1) {
- fail("dump() for " + service + " produced several lines of output; this "
+ failures.add("dump() for " + service + " produced several lines of output; this "
+ "may be leaking sensitive data. At most, services should emit a "
+ "single line when the caller doesn't have DUMP permission.");
+ continue;
}
if (lines.size() == 1) {
String message = lines.get(0);
if (!message.contains("Permission Denial") &&
!message.contains("android.permission.DUMP")) {
- fail("dump() for " + service + " produced a single line which didn't "
+ failures.add("dump() for " + service + " produced a single line which didn't "
+ "reference a permission; it may be leaking sensitive data.");
+ continue;
}
}
}
+
+ if (!failures.isEmpty()) {
+ StringBuilder msg = new StringBuilder(failures.size() + " services failed:\n");
+ for (String failure: failures) {
+ msg.append(failure).append('\n');
+ }
+ fail(msg.toString());
+ }
}
}