Add partner enrollment checker Bug: 298849296 Test: atest PartnerEnrollmentCheckerTest Change-Id: Ibd04c99cad4a79fc5f5f7a1ce6abccbb9f706075

commit: d347cabc6ec882a5341506a95ad0b7f7de33e996 [log] [tgz]
author: Yanning Jia <yanning@google.com> Tue Jan 30 15:36:25 2024 +0000
committer: Yanning Jia <yanning@google.com> Wed Jan 31 21:57:33 2024 +0000
tree: 9855416c25461d3c62eb38f5a2be33980dca4026
parent: 18281d227787e21bdb19a0dab3f09da908ad5bc6 [diff]
diff --git a/src/com/android/ondevicepersonalization/services/enrollment/PartnerEnrollmentChecker.java b/src/com/android/ondevicepersonalization/services/enrollment/PartnerEnrollmentChecker.java
new file mode 100644
index 0000000..a9b4d05
--- /dev/null
+++ b/src/com/android/ondevicepersonalization/services/enrollment/PartnerEnrollmentChecker.java

@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.ondevicepersonalization.services.enrollment;
+
+import com.android.ondevicepersonalization.internal.util.LoggerFactory;
+import com.android.ondevicepersonalization.services.FlagsFactory;
+import com.android.ondevicepersonalization.services.util.AllowListUtils;
+
+/** Check if an entity is enrolled to call ODP */
+public class PartnerEnrollmentChecker {
+    private static final LoggerFactory.Logger sLogger = LoggerFactory.getLogger();
+    private static final String TAG = PartnerEnrollmentChecker.class.getSimpleName();
+
+    /** check if a caller app is enrolled based on package name */
+    public static boolean isCallerAppEnrolled(final String packageName) {
+        boolean isEnrolled = true;
+
+        // Enrollment check #1: packageName should be in allow list
+        final String callerAppAllowList = FlagsFactory.getFlags().getCallerAppAllowList();
+        boolean isCallerAppAllowListed =
+                AllowListUtils.isAllowListed(packageName, callerAppAllowList);
+        isEnrolled = isEnrolled && isCallerAppAllowListed;
+        if (!isEnrolled) {
+            sLogger.w(TAG + ": caller app " + packageName
+                    + " is not enrolled to call ODP, not in allow list");
+            return isEnrolled;
+        }
+
+        // Add more enrollment checks below
+        return isEnrolled;
+    }
+
+    /** check if an isolated service is enrolled based on package name */
+    public static boolean isIsolatedServiceEnrolled(final String packageName) {
+        boolean isEnrolled = true;
+
+        // Enrollment check #1: packageName should be in allow list
+        final String isolatedServiceAllowList =
+                FlagsFactory.getFlags().getIsolatedServiceAllowList();
+        boolean isIsolatedServiceAllowListed =
+                AllowListUtils.isAllowListed(packageName, isolatedServiceAllowList);
+        isEnrolled = isEnrolled && isIsolatedServiceAllowListed;
+        if (!isEnrolled) {
+            sLogger.w(TAG + ": isolated service " + packageName
+                    + " is not enrolled to access ODP, not in allow list");
+            return isEnrolled;
+        }
+
+        // Add more enrollment checks below
+        return isEnrolled;
+    }
+}

diff --git a/tests/servicetests/src/com/android/ondevicepersonalization/services/PhFlagsTestUtil.java b/tests/servicetests/src/com/android/ondevicepersonalization/services/PhFlagsTestUtil.java
index 25e8499..aa2176f 100644
--- a/tests/servicetests/src/com/android/ondevicepersonalization/services/PhFlagsTestUtil.java
+++ b/tests/servicetests/src/com/android/ondevicepersonalization/services/PhFlagsTestUtil.java

@@ -16,8 +16,10 @@
 
 package com.android.ondevicepersonalization.services;
 
+import static com.android.ondevicepersonalization.services.PhFlags.KEY_CALLER_APP_ALLOW_LIST;
 import static com.android.ondevicepersonalization.services.PhFlags.KEY_ENABLE_PERSONALIZATION_STATUS_OVERRIDE;
 import static com.android.ondevicepersonalization.services.PhFlags.KEY_GLOBAL_KILL_SWITCH;
+import static com.android.ondevicepersonalization.services.PhFlags.KEY_ISOLATED_SERVICE_ALLOW_LIST;
 
 import android.provider.DeviceConfig;
 
@@ -70,4 +72,26 @@
                 Boolean.toString(false),
                 /* makeDefault */ false);
     }
+
+    /**
+     * Set up caller app allow list in device config
+     */
+    public static void setCallerAppAllowList(final String callerAppAllowList) {
+        DeviceConfig.setProperty(
+                DeviceConfig.NAMESPACE_ON_DEVICE_PERSONALIZATION,
+                KEY_CALLER_APP_ALLOW_LIST,
+                callerAppAllowList,
+                /* makeDefault */ false);
+    }
+
+    /**
+     * Set up isolated service allow list in device config
+     */
+    public static void setIsolatedServiceAllowList(final String isolatedServiceAllowList) {
+        DeviceConfig.setProperty(
+                DeviceConfig.NAMESPACE_ON_DEVICE_PERSONALIZATION,
+                KEY_ISOLATED_SERVICE_ALLOW_LIST,
+                isolatedServiceAllowList,
+                /* makeDefault */ false);
+    }
 }

diff --git a/tests/servicetests/src/com/android/ondevicepersonalization/services/enrollment/PartnerEnrollmentCheckerTest.java b/tests/servicetests/src/com/android/ondevicepersonalization/services/enrollment/PartnerEnrollmentCheckerTest.java
new file mode 100644
index 0000000..876884a
--- /dev/null
+++ b/tests/servicetests/src/com/android/ondevicepersonalization/services/enrollment/PartnerEnrollmentCheckerTest.java

@@ -0,0 +1,77 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.ondevicepersonalization.services.enrollment;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import com.android.ondevicepersonalization.services.PhFlagsTestUtil;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class PartnerEnrollmentCheckerTest {
+
+    @Before
+    public void setup() throws Exception {
+        PhFlagsTestUtil.setUpDeviceConfigPermissions();
+    }
+
+    @Test
+    public void testIsCallerAppEnrolled() {
+        PhFlagsTestUtil.setCallerAppAllowList("app1,app2,app3");
+        assertTrue(PartnerEnrollmentChecker.isCallerAppEnrolled("app1"));
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled("app"));
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled("app4"));
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled(""));
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled(null));
+
+        PhFlagsTestUtil.setCallerAppAllowList("*");
+        assertTrue(PartnerEnrollmentChecker.isCallerAppEnrolled("random"));
+        assertTrue(PartnerEnrollmentChecker.isCallerAppEnrolled(""));
+        assertTrue(PartnerEnrollmentChecker.isCallerAppEnrolled(null));
+
+        PhFlagsTestUtil.setCallerAppAllowList("");
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled("random"));
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled(""));
+        assertFalse(PartnerEnrollmentChecker.isCallerAppEnrolled(null));
+    }
+
+    @Test
+    public void testIsIsolatedServiceEnrolled() {
+        PhFlagsTestUtil.setIsolatedServiceAllowList("svc1,svc2,svc3");
+        assertTrue(PartnerEnrollmentChecker.isIsolatedServiceEnrolled("svc1"));
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled("svc"));
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled("svc4"));
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled(""));
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled(null));
+
+        PhFlagsTestUtil.setIsolatedServiceAllowList("*");
+        assertTrue(PartnerEnrollmentChecker.isIsolatedServiceEnrolled("random"));
+        assertTrue(PartnerEnrollmentChecker.isIsolatedServiceEnrolled(""));
+        assertTrue(PartnerEnrollmentChecker.isIsolatedServiceEnrolled(null));
+
+        PhFlagsTestUtil.setIsolatedServiceAllowList("");
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled("random"));
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled(""));
+        assertFalse(PartnerEnrollmentChecker.isIsolatedServiceEnrolled(null));
+    }
+
+}
commit	d347cabc6ec882a5341506a95ad0b7f7de33e996	[log] [tgz]
author	Yanning Jia <yanning@google.com>	Tue Jan 30 15:36:25 2024 +0000
committer	Yanning Jia <yanning@google.com>	Wed Jan 31 21:57:33 2024 +0000
tree	9855416c25461d3c62eb38f5a2be33980dca4026
parent	18281d227787e21bdb19a0dab3f09da908ad5bc6 [diff]