Merge "CTS test for b/138650665"
diff --git a/libs/install/src/com/android/cts/install/lib/Install.java b/libs/install/src/com/android/cts/install/lib/Install.java
index 4ea91a1..11fbffe 100644
--- a/libs/install/src/com/android/cts/install/lib/Install.java
+++ b/libs/install/src/com/android/cts/install/lib/Install.java
@@ -40,6 +40,7 @@
private boolean mIsDowngrade = false;
private boolean mEnableRollback = false;
private int mSessionMode = PackageInstaller.SessionParams.MODE_FULL_INSTALL;
+ private int mInstallFlags = 0;
private Install(boolean isMultiPackage, TestApp... testApps) {
mIsMultiPackage = isMultiPackage;
@@ -124,6 +125,14 @@
}
/**
+ * Sets the session params.
+ */
+ public Install addInstallFlags(int installFlags) {
+ mInstallFlags |= installFlags;
+ return this;
+ }
+
+ /**
* Commits the install.
*
* @return the session id of the install session, if the session is successful.
@@ -193,6 +202,9 @@
}
params.setRequestDowngrade(mIsDowngrade);
params.setEnableRollback(mEnableRollback);
+ if (mInstallFlags != 0) {
+ InstallUtils.mutateInstallFlags(params, mInstallFlags);
+ }
return InstallUtils.getPackageInstaller().createSession(params);
}
@@ -227,4 +239,5 @@
private boolean isMultiPackage() {
return mIsMultiPackage;
}
+
}
diff --git a/libs/install/src/com/android/cts/install/lib/InstallUtils.java b/libs/install/src/com/android/cts/install/lib/InstallUtils.java
index 82e0cb1..6969398 100644
--- a/libs/install/src/com/android/cts/install/lib/InstallUtils.java
+++ b/libs/install/src/com/android/cts/install/lib/InstallUtils.java
@@ -32,10 +32,12 @@
import android.os.Handler;
import android.os.HandlerThread;
-
import androidx.test.InstrumentationRegistry;
+import com.google.common.annotations.VisibleForTesting;
+
import java.io.IOException;
+import java.lang.reflect.Field;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
@@ -177,6 +179,31 @@
assertThrows(expectedThrowableClass, expectedFailMessage, () -> install.commit());
}
+ /**
+ * Mutates {@code installFlags} field of {@code params} by adding {@code
+ * additionalInstallFlags} to it.
+ */
+ @VisibleForTesting
+ public static void mutateInstallFlags(PackageInstaller.SessionParams params,
+ int additionalInstallFlags) {
+ final Class<?> clazz = params.getClass();
+ Field installFlagsField;
+ try {
+ installFlagsField = clazz.getDeclaredField("installFlags");
+ } catch (NoSuchFieldException e) {
+ throw new AssertionError("Unable to reflect over SessionParams.installFlags", e);
+ }
+
+ try {
+ int flags = installFlagsField.getInt(params);
+ flags |= additionalInstallFlags;
+ installFlagsField.setAccessible(true);
+ installFlagsField.setInt(params, flags);
+ } catch (IllegalAccessException e) {
+ throw new AssertionError("Unable to reflect over SessionParams.installFlags", e);
+ }
+ }
+
private static final String NO_RESPONSE = "NO RESPONSE";
/**
diff --git a/tests/tests/security/Android.bp b/tests/tests/security/Android.bp
index b41f33d..eb35abb 100644
--- a/tests/tests/security/Android.bp
+++ b/tests/tests/security/Android.bp
@@ -22,6 +22,7 @@
"android-common",
"ctstestserver",
"ctstestrunner-axt",
+ "cts-install-lib",
"compatibility-device-util-axt",
"compatibility-common-util-devicesidelib",
"guava",
@@ -32,6 +33,9 @@
"org.apache.http.legacy",
"android.test.base.stubs",
],
+ java_resources: [
+ ":PackageInstallerTestApp",
+ ],
jni_libs: [
"libctssecurity_jni",
"libcts_jni",
@@ -58,4 +62,16 @@
"general-tests",
"sts",
],
+ certificate: ":security_cts_test_certificate",
}
+
+android_test_helper_app {
+ name: "PackageInstallerTestApp",
+ srcs: ["testdata/src/**/*.java"],
+ manifest: "testdata/packageinstallertestapp.xml",
+}
+
+android_app_certificate {
+ name: "security_cts_test_certificate",
+ certificate: "security_cts_test_cert",
+}
\ No newline at end of file
diff --git a/tests/tests/security/AndroidManifest.xml b/tests/tests/security/AndroidManifest.xml
index 54df055..0226ab73 100644
--- a/tests/tests/security/AndroidManifest.xml
+++ b/tests/tests/security/AndroidManifest.xml
@@ -58,6 +58,16 @@
<category android:name="android.intent.category.FRAMEWORK_INSTRUMENTATION_TEST"/>
</intent-filter>
</activity>
+
+ <receiver android:name="com.android.cts.install.lib.LocalIntentSender"
+ android:exported="true" />
+ <receiver android:name="android.security.cts.PackageVerificationsBroadcastReceiver"
+ android:permission="android.permission.BIND_PACKAGE_VERIFIER" >
+ <intent-filter>
+ <action android:name="android.intent.action.PACKAGE_NEEDS_VERIFICATION"/>
+ <data android:mimeType="application/vnd.android.package-archive" />
+ </intent-filter>
+ </receiver>
</application>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
diff --git a/tests/tests/security/security_cts_test_cert.pk8 b/tests/tests/security/security_cts_test_cert.pk8
new file mode 100644
index 0000000..320e18d
--- /dev/null
+++ b/tests/tests/security/security_cts_test_cert.pk8
Binary files differ
diff --git a/tests/tests/security/security_cts_test_cert.x509.pem b/tests/tests/security/security_cts_test_cert.x509.pem
new file mode 100644
index 0000000..fd10e48
--- /dev/null
+++ b/tests/tests/security/security_cts_test_cert.x509.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECzCCAvOgAwIBAgIUBCvKStYix70zHFiAKnzigdwl2z4wDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
+b2lkMRAwDgYDVQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFu
+ZHJvaWQuY29tMB4XDTE5MDgxOTIxMzcwM1oXDTQ3MDEwNDIxMzcwM1owgZQxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRyb2lkMRAwDgYD
+VQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rB8dYLa9mhYe9GICodU
+FVdjzh00SsfzpdMZ4UGIGF6VY/7D/TCdT5vjdXOdOQtsQnM/nZSgUPgBVX8RObm4
+/PRix68rdl2J58/LstcqdG6EaExb5hPUzHUuvOfd+p+IP+0SFEuRrWeGsmkzvdnx
+C2ZZjzEpE8UNDS8EtC2qULkF0cAGcHdHsjlktXRvn4FO+RN1GW6yxs8mOyCabNHA
+Se3AynYFa894Iamu99+RK51+3iyw+u4cVUeVPH3CzJ2Pu1PyqT+9l4gKUbw0gfC6
+D0/PNEfxe4RPrtn3Z8+ES8+jXPjBLLaMTpT9dFcP25kBwNLiV0MJdTOdZ3f30urt
+JQIDAQABo1MwUTAdBgNVHQ4EFgQUHUCJ6l5sn0M96xgIXBkY7dvm86MwHwYDVR0j
+BBgwFoAUHUCJ6l5sn0M96xgIXBkY7dvm86MwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAAXpJFK3Lp6HuEeSkV60YUH7KKFf9FCfIlszxAcnPb7Pu
+8LX8pI59jYXUxp6ig2IRP/3jXWyf5mFyXcfPTES9Xi1yruV/hQ3KvvhrC2FSqF99
+AXPB31NiXxyw554iPGGLqRsxLb1aeRgofiGLG6CE+16RIPX54pDS6Y+MDJ7iaRsG
+L5qPP3JyQ5b3KBHFXE9GHJFEha2mrLThv1V6740ueErt2jkP95BnELmFwo+RH4ha
+sUOe79aEbq4ERKrmKf5vZ4GGS3vHQ6MSk53qeDFrla/05pZRfzUvwu88cLs0EjSI
+o36G2JpHHjd58pH7m4xeqcBX5eUKay/EfoYef4AopA==
+-----END CERTIFICATE-----
diff --git a/tests/tests/security/src/android/security/cts/PackageInstallerTest.java b/tests/tests/security/src/android/security/cts/PackageInstallerTest.java
new file mode 100644
index 0000000..719e062
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/PackageInstallerTest.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.Manifest;
+import android.platform.test.annotations.SecurityTest;
+
+import androidx.test.platform.app.InstrumentationRegistry;
+
+import com.android.cts.install.lib.Install;
+import com.android.cts.install.lib.TestApp;
+import com.android.cts.install.lib.Uninstall;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+import java.util.concurrent.TimeUnit;
+
+@RunWith(JUnit4.class)
+@SecurityTest
+public class PackageInstallerTest {
+
+ private static final String TEST_APP_NAME = "android.security.cts.packageinstallertestapp";
+
+ private static final TestApp TEST_APP = new TestApp(
+ "PackageInstallerTestApp", TEST_APP_NAME, 1, /*isApex*/ false,
+ "PackageInstallerTestApp.apk");
+
+ @Before
+ public void setUp() {
+ InstrumentationRegistry
+ .getInstrumentation()
+ .getUiAutomation()
+ .adoptShellPermissionIdentity(Manifest.permission.INSTALL_PACKAGES,
+ Manifest.permission.DELETE_PACKAGES,
+ Manifest.permission.PACKAGE_VERIFICATION_AGENT,
+ Manifest.permission.BIND_PACKAGE_VERIFIER);
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ Uninstall.packages(TestApp.A);
+ InstrumentationRegistry.getInstrumentation().getUiAutomation()
+ .dropShellPermissionIdentity();
+ }
+
+ @Test
+ public void verificationCanNotBeDisabledByInstaller() throws Exception {
+ Install.single(TEST_APP).addInstallFlags(
+ 0x00080000 /* PackageManager.INSTALL_DISABLE_VERIFICATION */).commit();
+ String packageName = PackageVerificationsBroadcastReceiver.packages.poll(30,
+ TimeUnit.SECONDS);
+ Assert.assertNotNull("Did not receive broadcast", packageName);
+ Assert.assertEquals(TEST_APP_NAME, packageName);
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/PackageVerificationsBroadcastReceiver.java b/tests/tests/security/src/android/security/cts/PackageVerificationsBroadcastReceiver.java
new file mode 100644
index 0000000..62d409d
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/PackageVerificationsBroadcastReceiver.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static android.content.pm.PackageManager.EXTRA_VERIFICATION_PACKAGE_NAME;
+
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.util.Log;
+
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.LinkedBlockingQueue;
+
+public final class PackageVerificationsBroadcastReceiver extends BroadcastReceiver {
+
+ private static final String TAG = "PackageInstallerTest";
+
+ static final BlockingQueue<String> packages = new LinkedBlockingQueue<>();
+
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ final String packageName = intent.getStringExtra(EXTRA_VERIFICATION_PACKAGE_NAME);
+ Log.i(TAG, "Received PACKAGE_NEEDS_VERIFICATION broadcast for package " + packageName);
+ try {
+ packages.put(packageName);
+ } catch (InterruptedException e) {
+ throw new AssertionError(e);
+ }
+ }
+}
diff --git a/tests/tests/security/testdata/packageinstallertestapp.xml b/tests/tests/security/testdata/packageinstallertestapp.xml
new file mode 100644
index 0000000..7c35c11
--- /dev/null
+++ b/tests/tests/security/testdata/packageinstallertestapp.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Copyright (C) 2019 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.packageinstallertestapp"
+ android:versionCode="1"
+ android:versionName="1.0" >
+
+
+ <package-verifier android:name="android.security.cts"
+ android:publicKey="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rB8dYLa9mhYe9GICodUFVdjzh00SsfzpdMZ4UGIGF6VY/7D/TCdT5vjdXOdOQtsQnM/nZSgUPgBVX8RObm4/PRix68rdl2J58/LstcqdG6EaExb5hPUzHUuvOfd+p+IP+0SFEuRrWeGsmkzvdnxC2ZZjzEpE8UNDS8EtC2qULkF0cAGcHdHsjlktXRvn4FO+RN1GW6yxs8mOyCabNHASe3AynYFa894Iamu99+RK51+3iyw+u4cVUeVPH3CzJ2Pu1PyqT+9l4gKUbw0gfC6D0/PNEfxe4RPrtn3Z8+ES8+jXPjBLLaMTpT9dFcP25kBwNLiV0MJdTOdZ3f30urtJQIDAQAB" />
+
+ <uses-sdk android:minSdkVersion="19" />
+
+ <application android:label="PackageInstallerTest Test App">
+ <activity android:name="android.security.cts.packageinstallertestapp.MainActivity">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+ </application>
+</manifest>
diff --git a/tests/tests/security/testdata/src/android/security/cts/packageinstallertestapp/MainActivity.java b/tests/tests/security/testdata/src/android/security/cts/packageinstallertestapp/MainActivity.java
new file mode 100644
index 0000000..aeb58c5
--- /dev/null
+++ b/tests/tests/security/testdata/src/android/security/cts/packageinstallertestapp/MainActivity.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.packageinstallertestapp;
+
+import android.app.Activity;
+import android.os.Bundle;
+
+public class MainActivity extends Activity {
+
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ }
+}
+
diff --git a/tests/tests/util/src/android/util/cts/InstallUtilTest.java b/tests/tests/util/src/android/util/cts/InstallUtilTest.java
index eeac1b0..5f48f37 100644
--- a/tests/tests/util/src/android/util/cts/InstallUtilTest.java
+++ b/tests/tests/util/src/android/util/cts/InstallUtilTest.java
@@ -19,25 +19,26 @@
import static com.google.common.truth.Truth.assertThat;
import android.Manifest;
+import android.content.pm.PackageInstaller;
+import android.platform.test.annotations.AppModeFull;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
-import android.content.pm.PackageInstaller;
-import android.platform.test.annotations.AppModeFull;
import com.android.cts.install.lib.Install;
import com.android.cts.install.lib.InstallUtils;
import com.android.cts.install.lib.LocalIntentSender;
import com.android.cts.install.lib.TestApp;
import com.android.cts.install.lib.Uninstall;
-import java.io.IOException;
-
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.io.IOException;
+import java.lang.reflect.Field;
+
@SmallTest
@RunWith(AndroidJUnit4.class)
@AppModeFull(reason = "Instant apps cannot create installer sessions")
@@ -166,4 +167,17 @@
assertThat(InstallUtils.getInstalledVersion(TestApp.A)).isEqualTo(-1);
assertThat(InstallUtils.getInstalledVersion(TestApp.B)).isEqualTo(-1);
}
+
+ @Test
+ public void testMutateInstallFlags() throws Exception {
+ PackageInstaller.SessionParams params = new PackageInstaller.SessionParams(
+ PackageInstaller.SessionParams.MODE_FULL_INSTALL);
+ params.setInstallAsApex();
+ params.setStaged();
+ InstallUtils.mutateInstallFlags(params, 0x00080000);
+ final Class<?> clazz = params.getClass();
+ Field installFlagsField = clazz.getDeclaredField("installFlags");
+ int installFlags = installFlagsField.getInt(params);
+ assertThat(installFlags & 0x00080000).isEqualTo(0x00080000);
+ }
}
