1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.cts.permission.policy; 18 19 import static junit.framework.Assert.fail; 20 21 import android.content.Context; 22 import android.content.pm.PackageInfo; 23 import android.content.pm.PackageManager; 24 import android.content.pm.PermissionInfo; 25 import android.support.test.InstrumentationRegistry; 26 import org.junit.Test; 27 28 /** 29 * Tests for the platform permission policy around apps targeting API 25 30 */ 31 public class PermissionPolicyTest25 { 32 private static final String PLATFORM_PACKAGE_NAME = "android"; 33 34 @Test 35 public void testNoProtectionFlagsAddedToNonSignatureProtectionPermissions() throws Exception { 36 final Context context = InstrumentationRegistry.getInstrumentation().getContext(); 37 final PackageInfo platformPackage = context.getPackageManager() 38 .getPackageInfo(PLATFORM_PACKAGE_NAME, PackageManager.GET_PERMISSIONS); 39 String errorMessage = null; 40 for (PermissionInfo declaredPermission : platformPackage.permissions) { 41 PermissionInfo permissionInfo = context.getPackageManager() 42 .getPermissionInfo(declaredPermission.name, 0); 43 final int protectionLevel = permissionInfo.protectionLevel 44 & (PermissionInfo.PROTECTION_NORMAL 45 | PermissionInfo.PROTECTION_DANGEROUS 46 | PermissionInfo.PROTECTION_SIGNATURE); 47 final int protectionFlags = permissionInfo.protectionLevel & ~protectionLevel; 48 if (protectionLevel == PermissionInfo.PROTECTION_NORMAL && protectionFlags != 0) { 49 errorMessage += "\nCannot add protection flags: " 50 + protectionFlagsToString(permissionInfo.protectionLevel) 51 + " to a normal protection permission: " + permissionInfo.name; 52 } 53 if (protectionLevel == PermissionInfo.PROTECTION_DANGEROUS && protectionFlags != 0) { 54 errorMessage += "\nCannot add protection flags: " 55 + protectionFlagsToString(permissionInfo.protectionLevel) 56 + " to a dangerous protection permission: " + permissionInfo.name; 57 } 58 } 59 if (errorMessage != null) { 60 fail(errorMessage); 61 } 62 } 63 64 private static String protectionFlagsToString(int protectionLevel) { 65 String flagsToString = ""; 66 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY) != 0) { 67 flagsToString += flagsToString.isEmpty() ? "runtimeOnly" : "|runtimeOnly"; 68 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_RUNTIME_ONLY; 69 } 70 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTANT) != 0) { 71 flagsToString += flagsToString.isEmpty() ? "ephemeral" : "|ephemeral"; 72 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_INSTANT; 73 } 74 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_APPOP) != 0) { 75 flagsToString += flagsToString.isEmpty() ? "appop" : "|appop"; 76 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_APPOP; 77 } 78 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_DEVELOPMENT) != 0) { 79 flagsToString += flagsToString.isEmpty() ? "development" : "|development"; 80 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_DEVELOPMENT; 81 } 82 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_INSTALLER) != 0) { 83 flagsToString += flagsToString.isEmpty() ? "installer" : "|installer"; 84 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_INSTALLER; 85 } 86 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PRE23) != 0) { 87 flagsToString += flagsToString.isEmpty() ? "pre23" : "|pre23"; 88 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_PRE23; 89 } 90 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PRIVILEGED) != 0) { 91 flagsToString += flagsToString.isEmpty() ? "privileged" : "|privileged"; 92 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_PRIVILEGED; 93 } 94 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_PREINSTALLED) != 0) { 95 flagsToString += flagsToString.isEmpty() ? "preinstalled" : "|preinstalled"; 96 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_PREINSTALLED; 97 } 98 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_SYSTEM) != 0) { 99 flagsToString += flagsToString.isEmpty() ? "system" : "|system"; 100 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_SYSTEM; 101 } 102 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_SETUP) != 0) { 103 flagsToString += flagsToString.isEmpty() ? "setup" : "|setup"; 104 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_SETUP; 105 } 106 if ((protectionLevel & PermissionInfo.PROTECTION_FLAG_VERIFIER) != 0) { 107 flagsToString += flagsToString.isEmpty() ? "verifier" : "|verifier"; 108 protectionLevel &= ~PermissionInfo.PROTECTION_FLAG_VERIFIER; 109 } 110 protectionLevel &= ~(PermissionInfo.PROTECTION_NORMAL 111 | PermissionInfo.PROTECTION_DANGEROUS 112 | PermissionInfo.PROTECTION_SIGNATURE); 113 if (protectionLevel != 0) { 114 flagsToString += flagsToString.isEmpty() ? Integer.toHexString(protectionLevel) 115 : "|" + Integer.toHexString(protectionLevel); 116 } 117 return flagsToString; 118 } 119 } 120