Add test for permission escalation after reboot.
Bug: 168319670, 154505240
Test: atest android.appsecurity.cts.PermissionsHostTest#testNoPermissionEscalationAfterReboot
Change-Id: I757a394ae0430d885c61faede481b491dc7c5444
Merged-In: I757a394ae0430d885c61faede481b491dc7c5444
Exempt-From-Owner-Approval: patb@ approved it on behalf of toddke
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java
index d0cc258..ed424b3 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java
@@ -379,6 +379,17 @@
"testCannotEscalateNonRuntimePermissionsToRuntime");
}
+ public void testNoPermissionEscalationAfterReboot() throws Exception {
+ assertNull(getDevice().installPackage(mBuildHelper.getTestFile(
+ APK_DECLARE_NON_RUNTIME_PERMISSIONS), false, false));
+ assertNull(getDevice().installPackage(mBuildHelper.getTestFile(
+ APK_ESCLATE_TO_RUNTIME_PERMISSIONS), true, false));
+ getDevice().reboot();
+ runDeviceTests(ESCALATE_PERMISSION_PKG,
+ "com.android.cts.escalatepermission.PermissionEscalationTest",
+ "testRuntimePermissionsAreNotGranted");
+ }
+
public void testNoProtectionFlagsAddedToNonSignatureProtectionPermissions25() throws Exception {
assertNull(getDevice().installPackage(mBuildHelper.getTestFile(
APK_PERMISSION_POLICY_25), false, false));
diff --git a/hostsidetests/appsecurity/test-apps/EscalateToRuntimePermissions/src/com/android/cts/escalatepermission/PermissionEscalationTest.java b/hostsidetests/appsecurity/test-apps/EscalateToRuntimePermissions/src/com/android/cts/escalatepermission/PermissionEscalationTest.java
index cfccc78..c006c73 100644
--- a/hostsidetests/appsecurity/test-apps/EscalateToRuntimePermissions/src/com/android/cts/escalatepermission/PermissionEscalationTest.java
+++ b/hostsidetests/appsecurity/test-apps/EscalateToRuntimePermissions/src/com/android/cts/escalatepermission/PermissionEscalationTest.java
@@ -19,6 +19,7 @@
import static org.junit.Assert.assertSame;
import android.content.Context;
+import android.content.pm.PackageManager;
import android.content.pm.PermissionInfo;
import androidx.test.InstrumentationRegistry;
@@ -48,5 +49,34 @@
assertSame("Shouldn't be able to change signature permission to dangerous",
PermissionInfo.PROTECTION_SIGNATURE, (stealAudio1Permission2.protectionLevel
& PermissionInfo.PROTECTION_MASK_BASE));
- }
- }
+ }
+
+ @Test
+ public void testRuntimePermissionsAreNotGranted() throws Exception {
+ // TODO (b/172366747): It is weird that the permission cannot become a runtime permission
+ // during runtime but can become one during reboot.
+ Context context = InstrumentationRegistry.getTargetContext();
+
+ // Ensure permission is now dangerous but denied
+ PermissionInfo stealAudio1Permission1 = context.getPackageManager()
+ .getPermissionInfo(Manifest.permission.STEAL_AUDIO1, 0);
+ assertSame("Signature permission can become dangerous after reboot",
+ PermissionInfo.PROTECTION_DANGEROUS, (stealAudio1Permission1.protectionLevel
+ & PermissionInfo.PROTECTION_MASK_BASE));
+
+ assertSame("Permission should be denied",
+ context.checkSelfPermission(Manifest.permission.STEAL_AUDIO1),
+ PackageManager.PERMISSION_DENIED);
+
+ // Ensure permission is now dangerous but denied
+ PermissionInfo stealAudio1Permission2 = context.getPackageManager()
+ .getPermissionInfo(Manifest.permission.STEAL_AUDIO2, 0);
+ assertSame("Signature permission can become dangerous after reboot",
+ PermissionInfo.PROTECTION_DANGEROUS, (stealAudio1Permission2.protectionLevel
+ & PermissionInfo.PROTECTION_MASK_BASE));
+
+ assertSame("Permission should be denied",
+ context.checkSelfPermission(Manifest.permission.STEAL_AUDIO2),
+ PackageManager.PERMISSION_DENIED);
+ }
+}