Fix PermissionMonitor issues
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.
Bug: 144679405
Test: Build, flash, manual test
atest FrameworksNetTests
Change-Id: I2da730feda4d7ebed1f158b073167bb3964b3e7d
Merged-In: I8b03c9e23ffc9ff46264d6307fb841a7eda76a76
Merged-In: Ib08a940a6e5d3365c392ab7174d8484c197e0947
(cherry picked from commit 2e1da35b3b903f4aa01435c46b7014b88a41328d)
(cherry picked from commit 9352cb24b1afaec657faeffdb0d40ed96d4d912b)
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index fbe2589..c70012b 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -224,22 +224,22 @@
}
@VisibleForTesting
- boolean hasPermission(PackageInfo app, String permission) {
- if (app.requestedPermissions != null) {
- for (String p : app.requestedPermissions) {
- if (permission.equals(p)) {
- return true;
- }
- }
+ boolean hasPermission(@NonNull final PackageInfo app, @NonNull final String permission) {
+ if (app.requestedPermissions == null || app.requestedPermissionsFlags == null) {
+ return false;
}
- return false;
+ final int index = ArrayUtils.indexOf(app.requestedPermissions, permission);
+ if (index < 0 || index >= app.requestedPermissionsFlags.length) return false;
+ return (app.requestedPermissionsFlags[index] & REQUESTED_PERMISSION_GRANTED) != 0;
}
- private boolean hasNetworkPermission(PackageInfo app) {
+ @VisibleForTesting
+ boolean hasNetworkPermission(@NonNull final PackageInfo app) {
return hasPermission(app, CHANGE_NETWORK_STATE);
}
- private boolean hasRestrictedNetworkPermission(PackageInfo app) {
+ @VisibleForTesting
+ boolean hasRestrictedNetworkPermission(@NonNull final PackageInfo app) {
// TODO : remove this check in the future(b/31479477). All apps should just
// request the appropriate permission for their use case since android Q.
if (app.applicationInfo != null) {
@@ -255,33 +255,18 @@
}
}
return hasPermission(app, CONNECTIVITY_INTERNAL)
+ || hasPermission(app, NETWORK_STACK)
|| hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
}
- private boolean hasUseBackgroundNetworksPermission(PackageInfo app) {
- // This function defines what it means to hold the permission to use
- // background networks.
- return hasPermission(app, CHANGE_NETWORK_STATE)
- || hasPermission(app, NETWORK_STACK)
- || hasRestrictedNetworkPermission(app);
- }
-
- public boolean hasUseBackgroundNetworksPermission(int uid) {
- final String[] names = mPackageManager.getPackagesForUid(uid);
- if (null == names || names.length == 0) return false;
- try {
- // Only using the first package name. There may be multiple names if multiple
- // apps share the same UID, but in that case they also share permissions so
- // querying with any of the names will return the same results.
- int userId = UserHandle.getUserId(uid);
- final PackageInfo app = mPackageManager.getPackageInfoAsUser(
- names[0], GET_PERMISSIONS, userId);
- return hasUseBackgroundNetworksPermission(app);
- } catch (NameNotFoundException e) {
- // App not found.
- loge("NameNotFoundException " + names[0], e);
- return false;
- }
+ /** Returns whether the given uid has using background network permission. */
+ public synchronized boolean hasUseBackgroundNetworksPermission(final int uid) {
+ // Apps with any of the CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_INTERNAL or
+ // CONNECTIVITY_USE_RESTRICTED_NETWORKS permission has the permission to use background
+ // networks. mApps contains the result of checks for both hasNetworkPermission and
+ // hasRestrictedNetworkPermission. If uid is in the mApps list that means uid has one of
+ // permissions at least.
+ return mApps.containsKey(uid);
}
private int[] toIntArray(Collection<Integer> list) {
diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java
index 73ee7f5..e313e28 100644
--- a/tests/net/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java
@@ -16,6 +16,9 @@
package com.android.server;
+import static android.Manifest.permission.CHANGE_NETWORK_STATE;
+import static android.Manifest.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS;
+import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageManager.GET_PERMISSIONS;
import static android.content.pm.PackageManager.MATCH_ANY_USER;
import static android.net.ConnectivityManager.ACTION_CAPTIVE_PORTAL_SIGN_IN;
@@ -2332,9 +2335,17 @@
mCm.unregisterNetworkCallback(trackDefaultCallback);
}
+ private void grantUsingBackgroundNetworksPermissionForUid(final int uid) throws Exception {
+ final String testPackageName = mContext.getPackageName();
+ when(mPackageManager.getPackageInfo(eq(testPackageName), eq(GET_PERMISSIONS)))
+ .thenReturn(buildPackageInfo(true, uid));
+ mService.mPermissionMonitor.onPackageAdded(testPackageName, uid);
+ }
+
@Test
- public void testNetworkGoesIntoBackgroundAfterLinger() {
+ public void testNetworkGoesIntoBackgroundAfterLinger() throws Exception {
setAlwaysOnNetworks(true);
+ grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid());
NetworkRequest request = new NetworkRequest.Builder()
.clearCapabilities()
.build();
@@ -3415,6 +3426,7 @@
// Create a background request. We can't do this ourselves because ConnectivityService
// doesn't have an API for it. So just turn on mobile data always on.
setAlwaysOnNetworks(true);
+ grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid());
final NetworkRequest request = new NetworkRequest.Builder().build();
final NetworkRequest fgRequest = new NetworkRequest.Builder()
.addCapability(NET_CAPABILITY_FOREGROUND).build();
@@ -3581,6 +3593,7 @@
@Test
public void testMobileDataAlwaysOn() throws Exception {
+ grantUsingBackgroundNetworksPermissionForUid(Binder.getCallingUid());
final TestNetworkCallback cellNetworkCallback = new TestNetworkCallback();
final NetworkRequest cellRequest = new NetworkRequest.Builder()
.addTransportType(TRANSPORT_CELLULAR).build();
@@ -6528,7 +6541,14 @@
private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid) {
final PackageInfo packageInfo = new PackageInfo();
- packageInfo.requestedPermissions = new String[0];
+ if (hasSystemPermission) {
+ packageInfo.requestedPermissions = new String[] {
+ CHANGE_NETWORK_STATE, CONNECTIVITY_USE_RESTRICTED_NETWORKS };
+ packageInfo.requestedPermissionsFlags = new int[] {
+ REQUESTED_PERMISSION_GRANTED, REQUESTED_PERMISSION_GRANTED };
+ } else {
+ packageInfo.requestedPermissions = new String[0];
+ }
packageInfo.applicationInfo = new ApplicationInfo();
packageInfo.applicationInfo.privateFlags = 0;
packageInfo.applicationInfo.uid = UserHandle.getUid(UserHandle.USER_SYSTEM,
diff --git a/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java b/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
index cd2bd26..2e892e5 100644
--- a/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
+++ b/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
@@ -27,6 +27,7 @@
import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_PRODUCT;
import static android.content.pm.ApplicationInfo.PRIVATE_FLAG_VENDOR;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
+import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_REQUIRED;
import static android.content.pm.PackageManager.GET_PERMISSIONS;
import static android.content.pm.PackageManager.MATCH_ANY_USER;
import static android.os.Process.SYSTEM_UID;
@@ -36,6 +37,7 @@
import static junit.framework.Assert.fail;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
@@ -102,7 +104,6 @@
private static final String MOCK_PACKAGE2 = "appName2";
private static final String SYSTEM_PACKAGE1 = "sysName1";
private static final String SYSTEM_PACKAGE2 = "sysName2";
- private static final String VPN_PACKAGE = "vpnApp";
private static final String PARTITION_SYSTEM = "system";
private static final String PARTITION_OEM = "oem";
private static final String PARTITION_PRODUCT = "product";
@@ -145,28 +146,31 @@
mObserver = observerCaptor.getValue();
}
- private boolean hasBgPermission(String partition, int targetSdkVersion, int uid,
- String... permission) throws Exception {
- final PackageInfo packageInfo = packageInfoWithPermissions(permission, partition);
+ private boolean hasRestrictedNetworkPermission(String partition, int targetSdkVersion, int uid,
+ String... permissions) {
+ final PackageInfo packageInfo =
+ packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, permissions, partition);
packageInfo.applicationInfo.targetSdkVersion = targetSdkVersion;
packageInfo.applicationInfo.uid = uid;
- when(mPackageManager.getPackageInfoAsUser(
- eq(MOCK_PACKAGE1), eq(GET_PERMISSIONS), anyInt())).thenReturn(packageInfo);
- when(mPackageManager.getPackagesForUid(anyInt())).thenReturn(new String[] {MOCK_PACKAGE1});
- return mPermissionMonitor.hasUseBackgroundNetworksPermission(uid);
+ return mPermissionMonitor.hasRestrictedNetworkPermission(packageInfo);
}
- private static PackageInfo packageInfoWithPermissions(String[] permissions, String partition) {
+ private static PackageInfo systemPackageInfoWithPermissions(String... permissions) {
+ return packageInfoWithPermissions(
+ REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM);
+ }
+
+ private static PackageInfo vendorPackageInfoWithPermissions(String... permissions) {
+ return packageInfoWithPermissions(
+ REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_VENDOR);
+ }
+
+ private static PackageInfo packageInfoWithPermissions(int permissionsFlags,
+ String[] permissions, String partition) {
int[] requestedPermissionsFlags = new int[permissions.length];
for (int i = 0; i < permissions.length; i++) {
- requestedPermissionsFlags[i] = REQUESTED_PERMISSION_GRANTED;
+ requestedPermissionsFlags[i] = permissionsFlags;
}
- return packageInfoWithPermissions(permissions, partition,
- requestedPermissionsFlags);
- }
-
- private static PackageInfo packageInfoWithPermissions(String[] permissions, String partition,
- int[] requestedPermissionsFlags) {
final PackageInfo packageInfo = new PackageInfo();
packageInfo.requestedPermissions = permissions;
packageInfo.applicationInfo = new ApplicationInfo();
@@ -190,12 +194,10 @@
private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid, int userId) {
final PackageInfo pkgInfo;
if (hasSystemPermission) {
- final String[] systemPermissions = new String[]{
- CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS
- };
- pkgInfo = packageInfoWithPermissions(systemPermissions, PARTITION_SYSTEM);
+ pkgInfo = systemPackageInfoWithPermissions(
+ CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS);
} else {
- pkgInfo = packageInfoWithPermissions(new String[] {}, "");
+ pkgInfo = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, new String[] {}, "");
}
pkgInfo.applicationInfo.uid = UserHandle.getUid(userId, UserHandle.getAppId(uid));
return pkgInfo;
@@ -203,82 +205,151 @@
@Test
public void testHasPermission() {
- PackageInfo app = packageInfoWithPermissions(new String[] {}, PARTITION_SYSTEM);
+ PackageInfo app = systemPackageInfoWithPermissions();
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
- app = packageInfoWithPermissions(new String[] {
- CHANGE_NETWORK_STATE, NETWORK_STACK
- }, PARTITION_SYSTEM);
+ app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE, NETWORK_STACK);
assertTrue(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertTrue(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
- app = packageInfoWithPermissions(new String[] {
- CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL
- }, PARTITION_SYSTEM);
+ app = systemPackageInfoWithPermissions(
+ CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL);
assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
assertTrue(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
+
+ app = packageInfoWithPermissions(REQUESTED_PERMISSION_REQUIRED, new String[] {
+ CONNECTIVITY_USE_RESTRICTED_NETWORKS, CONNECTIVITY_INTERNAL, NETWORK_STACK },
+ PARTITION_SYSTEM);
+ assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
+ assertFalse(mPermissionMonitor.hasPermission(app, NETWORK_STACK));
+ assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
+ assertFalse(mPermissionMonitor.hasPermission(app, CONNECTIVITY_INTERNAL));
+
+ app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE);
+ app.requestedPermissions = null;
+ assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
+
+ app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE);
+ app.requestedPermissionsFlags = null;
+ assertFalse(mPermissionMonitor.hasPermission(app, CHANGE_NETWORK_STATE));
}
@Test
public void testIsVendorApp() {
- PackageInfo app = packageInfoWithPermissions(new String[] {}, PARTITION_SYSTEM);
+ PackageInfo app = systemPackageInfoWithPermissions();
assertFalse(mPermissionMonitor.isVendorApp(app.applicationInfo));
- app = packageInfoWithPermissions(new String[] {}, PARTITION_OEM);
+ app = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED,
+ new String[] {}, PARTITION_OEM);
assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo));
- app = packageInfoWithPermissions(new String[] {}, PARTITION_PRODUCT);
+ app = packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED,
+ new String[] {}, PARTITION_PRODUCT);
assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo));
- app = packageInfoWithPermissions(new String[] {}, PARTITION_VENDOR);
+ app = vendorPackageInfoWithPermissions();
assertTrue(mPermissionMonitor.isVendorApp(app.applicationInfo));
}
@Test
+ public void testHasNetworkPermission() {
+ PackageInfo app = systemPackageInfoWithPermissions();
+ assertFalse(mPermissionMonitor.hasNetworkPermission(app));
+ app = systemPackageInfoWithPermissions(CHANGE_NETWORK_STATE);
+ assertTrue(mPermissionMonitor.hasNetworkPermission(app));
+ app = systemPackageInfoWithPermissions(NETWORK_STACK);
+ assertFalse(mPermissionMonitor.hasNetworkPermission(app));
+ app = systemPackageInfoWithPermissions(CONNECTIVITY_USE_RESTRICTED_NETWORKS);
+ assertFalse(mPermissionMonitor.hasNetworkPermission(app));
+ }
+
+ @Test
+ public void testHasRestrictedNetworkPermission() {
+ assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1));
+ assertFalse(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
+ assertFalse(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
+
+ assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));
+ assertFalse(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
+ }
+
+ @Test
+ public void testHasRestrictedNetworkPermissionSystemUid() {
+ doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt();
+ assertTrue(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
+
+ doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt();
+ assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));
+ assertFalse(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
+ }
+
+ @Test
+ public void testHasRestrictedNetworkPermissionVendorApp() {
+ assertTrue(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_P, MOCK_UID1, NETWORK_STACK));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
+ assertTrue(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
+
+ assertFalse(hasRestrictedNetworkPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));
+ assertFalse(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
+ assertFalse(hasRestrictedNetworkPermission(
+ PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_NETWORK_STATE));
+ }
+
+ private void assertBackgroundPermission(boolean hasPermission, String name, int uid,
+ String... permissions) throws Exception {
+ when(mPackageManager.getPackageInfo(eq(name), anyInt()))
+ .thenReturn(packageInfoWithPermissions(
+ REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM));
+ mPermissionMonitor.onPackageAdded(name, uid);
+ assertEquals(hasPermission, mPermissionMonitor.hasUseBackgroundNetworksPermission(uid));
+ }
+
+ @Test
public void testHasUseBackgroundNetworksPermission() throws Exception {
- assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, NETWORK_STACK));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1,
- CONNECTIVITY_USE_RESTRICTED_NETWORKS));
- assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
+ assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(SYSTEM_UID));
+ assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID);
+ assertBackgroundPermission(false, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_WIFI_STATE);
+ assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, CHANGE_NETWORK_STATE);
+ assertBackgroundPermission(true, SYSTEM_PACKAGE1, SYSTEM_UID, NETWORK_STACK);
- assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));
- assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
- }
+ assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID1));
+ assertBackgroundPermission(false, MOCK_PACKAGE1, MOCK_UID1);
+ assertBackgroundPermission(true, MOCK_PACKAGE1, MOCK_UID1,
+ CONNECTIVITY_USE_RESTRICTED_NETWORKS);
- @Test
- public void testHasUseBackgroundNetworksPermissionSystemUid() throws Exception {
- doReturn(VERSION_P).when(mPermissionMonitor).getDeviceFirstSdkInt();
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID, CHANGE_WIFI_STATE));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID,
- CONNECTIVITY_USE_RESTRICTED_NETWORKS));
-
- doReturn(VERSION_Q).when(mPermissionMonitor).getDeviceFirstSdkInt();
- assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));
- assertFalse(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID, CHANGE_WIFI_STATE));
- assertTrue(hasBgPermission(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID,
- CONNECTIVITY_USE_RESTRICTED_NETWORKS));
- }
-
- @Test
- public void testHasUseBackgroundNetworksPermissionVendorApp() throws Exception {
- assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1));
- assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_NETWORK_STATE));
- assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, NETWORK_STACK));
- assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CONNECTIVITY_INTERNAL));
- assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1,
- CONNECTIVITY_USE_RESTRICTED_NETWORKS));
- assertTrue(hasBgPermission(PARTITION_VENDOR, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));
-
- assertFalse(hasBgPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));
- assertFalse(hasBgPermission(PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_WIFI_STATE));
+ assertFalse(mPermissionMonitor.hasUseBackgroundNetworksPermission(MOCK_UID2));
+ assertBackgroundPermission(false, MOCK_PACKAGE2, MOCK_UID2);
+ assertBackgroundPermission(true, MOCK_PACKAGE2, MOCK_UID2,
+ CONNECTIVITY_INTERNAL);
}
private class NetdMonitor {
@@ -563,7 +634,8 @@
private PackageInfo addPackage(String packageName, int uid, String[] permissions)
throws Exception {
- PackageInfo packageInfo = packageInfoWithPermissions(permissions, PARTITION_SYSTEM);
+ PackageInfo packageInfo = packageInfoWithPermissions(
+ REQUESTED_PERMISSION_GRANTED, permissions, PARTITION_SYSTEM);
when(mPackageManager.getPackageInfo(eq(packageName), anyInt())).thenReturn(packageInfo);
when(mPackageManager.getPackagesForUid(eq(uid))).thenReturn(new String[]{packageName});
mObserver.onPackageAdded(packageName, uid);
@@ -593,7 +665,7 @@
// Install another package with the same uid and no permissions should not cause the UID to
// lose permissions.
- PackageInfo packageInfo2 = packageInfoWithPermissions(new String[]{}, PARTITION_SYSTEM);
+ PackageInfo packageInfo2 = systemPackageInfoWithPermissions();
when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2);
when(mPackageManager.getPackagesForUid(MOCK_UID1))
.thenReturn(new String[]{MOCK_PACKAGE1, MOCK_PACKAGE2});
@@ -641,8 +713,7 @@
| INetd.PERMISSION_UPDATE_DEVICE_STATS, new int[]{MOCK_UID1});
// Mock another package with the same uid but different permissions.
- PackageInfo packageInfo2 = packageInfoWithPermissions(new String[] {INTERNET},
- PARTITION_SYSTEM);
+ PackageInfo packageInfo2 = systemPackageInfoWithPermissions(INTERNET);
when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE2), anyInt())).thenReturn(packageInfo2);
when(mPackageManager.getPackagesForUid(MOCK_UID1)).thenReturn(new String[]{
MOCK_PACKAGE2});
