Mock context for permission less app's context
HelpersTest has the same sharedUserId as DownloadsProvider,
although it does not have WRITE_EXTERNAL_STORAGE and
REQUEST_INSTALL_PACKAGES permission declared in the manifest.
Declaring permissions in manifest to get the permission or the
corresponding app-op became a requirement for Android S and above. This
test fails on Android R, as even though the test app does not declare
the permissions in the manifest, it gets them granted.
Bug: 200813547
Test: atest HelpersTest
Change-Id: I83146a4b44fb51bb2ee3eb8127fa9d20dac431a7
Merged-In: I83146a4b44fb51bb2ee3eb8127fa9d20dac431a7
(cherry picked from commit 65a9c52abe744c963cecfa8a0621c4c1be1c153f)
diff --git a/tests/src/com/android/providers/downloads/HelpersTest.java b/tests/src/com/android/providers/downloads/HelpersTest.java
index 359c8cb..793a157 100644
--- a/tests/src/com/android/providers/downloads/HelpersTest.java
+++ b/tests/src/com/android/providers/downloads/HelpersTest.java
@@ -152,65 +152,65 @@
"/storage/AAAA-FFFF/Download/dir/bar.html"));
}
- public void testCheckDestinationFilePathRestrictions_permissionLess() throws Exception {
+ public void testCheckDestinationFilePathRestrictions_noPermission() throws Exception {
// Downloading to our own private app directory should always be allowed, even for
// permission-less app
- checkDestinationFilePathRestrictions(
+ checkDestinationFilePathRestrictions_noPermission(
"/storage/emulated/0/Android/data/DownloadManagerHelpersTest/test",
/* isLegacyMode */ false);
- checkDestinationFilePathRestrictions(
+ checkDestinationFilePathRestrictions_noPermission(
"/storage/emulated/0/Android/data/DownloadManagerHelpersTest/test",
/* isLegacyMode */ true);
- checkDestinationFilePathRestrictions(
+ checkDestinationFilePathRestrictions_noPermission(
"/storage/emulated/0/Android/obb/DownloadManagerHelpersTest/test",
/* isLegacyMode */ false);
- checkDestinationFilePathRestrictions(
+ checkDestinationFilePathRestrictions_noPermission(
"/storage/emulated/0/Android/obb/DownloadManagerHelpersTest/test",
/* isLegacyMode */ true);
- checkDestinationFilePathRestrictions(
+ checkDestinationFilePathRestrictions_noPermission(
"/storage/emulated/0/Android/media/DownloadManagerHelpersTest/test",
/* isLegacyMode */ false);
- checkDestinationFilePathRestrictions(
+ checkDestinationFilePathRestrictions_noPermission(
"/storage/emulated/0/Android/media/DownloadManagerHelpersTest/test",
/* isLegacyMode */ true);
// All apps can write to Environment.STANDARD_DIRECTORIES
- checkDestinationFilePathRestrictions("/storage/emulated/0/Pictures/test",
+ checkDestinationFilePathRestrictions_noPermission("/storage/emulated/0/Pictures/test",
/* isLegacyMode */ false);
- checkDestinationFilePathRestrictions("/storage/emulated/0/Download/test",
+ checkDestinationFilePathRestrictions_noPermission("/storage/emulated/0/Download/test",
/* isLegacyMode */ false);
- checkDestinationFilePathRestrictions("/storage/emulated/0/Pictures/test",
+ checkDestinationFilePathRestrictions_noPermission("/storage/emulated/0/Pictures/test",
/* isLegacyMode */ true);
- checkDestinationFilePathRestrictions("/storage/emulated/0/Download/test",
+ checkDestinationFilePathRestrictions_noPermission("/storage/emulated/0/Download/test",
/* isLegacyMode */ true);
// Apps can never access other app's private directories (Android/data, Android/obb) paths
// (unless they are installers in which case they can access Android/obb paths)
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/data/foo/test",
- /* isLegacyMode */ false);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/data/foo/test", /* isLegacyMode */ false);
fail("Expected SecurityException as caller cannot access other app's private packages");
} catch (SecurityException expected) {
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/data/foo/test",
- /* isLegacyMode */ true);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/data/foo/test", /* isLegacyMode */ true);
fail("Expected SecurityException as caller cannot access other app's private packages"
+ " even in legacy mode");
} catch (SecurityException expected) {
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/obb/foo/test",
- /* isLegacyMode */ false);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/obb/foo/test", /* isLegacyMode */ false);
fail("Expected SecurityException as caller cannot access other app's private packages");
} catch (SecurityException expected) {
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/obb/foo/test",
- /* isLegacyMode */ true);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/obb/foo/test", /* isLegacyMode */ true);
fail("Expected SecurityException as caller cannot access other app's private packages"
+ " even in legacy mode");
} catch (SecurityException expected) {
@@ -218,22 +218,22 @@
// Non-legacy apps can never access Android/ or Android/media dirs for other packages.
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/",
+ checkDestinationFilePathRestrictions_noPermission("/storage/emulated/0/Android/",
/* isLegacyMode */ false);
fail("Expected SecurityException as caller cannot write to Android dir");
} catch (SecurityException expected) {
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/media/",
- /* isLegacyMode */ false);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/media/", /* isLegacyMode */ false);
fail("Expected SecurityException as caller cannot write to Android dir");
} catch (SecurityException expected) {
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/media/foo",
- /* isLegacyMode */ false);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/media/foo", /* isLegacyMode */ false);
fail("Expected SecurityException as caller cannot write to Android dir");
} catch (SecurityException expected) {
}
@@ -241,7 +241,7 @@
// Legacy apps require WRITE_EXTERNAL_STORAGE permission to access Android/ or Android/media
// dirs.
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/",
+ checkDestinationFilePathRestrictions_noPermission("/storage/emulated/0/Android/",
/* isLegacyMode */ true);
fail("Expected SecurityException as caller cannot write to Android/ as it does not"
+ " have WRITE_EXTERNAL_STORAGE permission");
@@ -249,16 +249,16 @@
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/media/",
- /* isLegacyMode */ true);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/media/", /* isLegacyMode */ true);
fail("Expected SecurityException as caller cannot write to Android/ as it does not"
+ " have WRITE_EXTERNAL_STORAGE permission");
} catch (SecurityException expected) {
}
try {
- checkDestinationFilePathRestrictions("/storage/emulated/0/Android/media/foo",
- /* isLegacyMode */ true);
+ checkDestinationFilePathRestrictions_noPermission(
+ "/storage/emulated/0/Android/media/foo", /* isLegacyMode */ true);
fail("Expected SecurityException as caller cannot write to Android/media as it does not"
+ " have WRITE_EXTERNAL_STORAGE permission");
} catch (SecurityException expected) {
@@ -406,14 +406,29 @@
/* isLegacyMode */ true);
}
- private void checkDestinationFilePathRestrictions(String filePath, boolean isLegacyMode) {
- final Context context = getContext();
- final AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);
+ private void checkDestinationFilePathRestrictions_noPermission(String filePath,
+ boolean isLegacyMode) {
+ final Context mockContext = mock(Context.class);
+ when(mockContext.checkCallingOrSelfPermission(
+ android.Manifest.permission.REQUEST_INSTALL_PACKAGES))
+ .thenReturn(PackageManager.PERMISSION_DENIED);
+ when(mockContext.checkCallingOrSelfPermission(
+ android.Manifest.permission.WRITE_EXTERNAL_STORAGE))
+ .thenReturn(PackageManager.PERMISSION_DENIED);
final String callingAttributionTag = "test";
+ final AppOpsManager mockAppOpsManager = mock(AppOpsManager.class);
+ final String callingPackage = TAG;
+ when(mockAppOpsManager.noteOp(AppOpsManager.OP_REQUEST_INSTALL_PACKAGES,
+ Binder.getCallingUid(), callingPackage, null, "obb_download"))
+ .thenReturn(AppOpsManager.MODE_ERRORED);
+ when(mockAppOpsManager.noteProxyOp(AppOpsManager.OP_WRITE_EXTERNAL_STORAGE,
+ callingPackage, Binder.getCallingUid(), callingAttributionTag, null))
+ .thenReturn(AppOpsManager.MODE_ERRORED);
File file = new File(filePath);
- Helpers.checkDestinationFilePathRestrictions(file, TAG, context, appOpsManager,
- callingAttributionTag, isLegacyMode, /* allowDownloadsDirOnly */ false);
+ Helpers.checkDestinationFilePathRestrictions(file, callingPackage, mockContext,
+ mockAppOpsManager, callingAttributionTag, isLegacyMode,
+ /* allowDownloadsDirOnly */ false);
}
private void checkDestinationFilePathRestrictions_installer(String filePath,
