Merge "Add tests for use of private and test API configurations in authenticate operations."

package com.android.server.biometrics;

import static android.Manifest.permission.MANAGE_BIOMETRIC;

import static android.Manifest.permission.TEST_BIOMETRIC;

import static android.Manifest.permission.USE_BIOMETRIC_INTERNAL;

import static android.hardware.biometrics.BiometricAuthenticator.TYPE_NONE;

import static android.hardware.biometrics.BiometricConstants.BIOMETRIC_ERROR_CANCELED;

import static android.hardware.biometrics.BiometricConstants.BIOMETRIC_SUCCESS;

import static junit.framework.Assert.assertEquals;

import static org.junit.Assert.assertThrows;

import static org.mockito.ArgumentMatchers.any;

import static org.mockito.ArgumentMatchers.anyInt;

import static org.mockito.ArgumentMatchers.anyString;

import static org.mockito.ArgumentMatchers.eq;

import static org.mockito.Mockito.doNothing;

import static org.mockito.Mockito.doThrow;

import static org.mockito.Mockito.mock;

import static org.mockito.Mockito.never;

import static org.mockito.Mockito.verify;

import static org.mockito.Mockito.when;

import com.android.internal.R;

import org.junit.Before;

import org.junit.Rule;

import org.junit.Test;

import org.mockito.ArgumentCaptor;

import org.mockito.Captor;

import org.mockito.Mock;

import org.mockito.MockitoAnnotations;

import org.mockito.junit.MockitoJUnit;

import org.mockito.junit.MockitoRule;

import org.mockito.stubbing.Stubber;

import java.util.List;

@SmallTest

public class AuthServiceTest {

    private static final String TAG = "AuthServiceTest";

    private static final String TEST_OP_PACKAGE_NAME = "test_package";

    private AuthService mAuthService;

    @Rule

    public MockitoRule mockitorule = MockitoJUnit.rule();

    @Mock

    private Context mContext;

    @Mock

    @Before

    public void setUp() {

        MockitoAnnotations.initMocks(this);

        // Placeholder test config

        final String[] config = {

                "0:2:15", // ID0:Fingerprint:Strong

        when(mInjector.getIrisService()).thenReturn(mIrisService);

        when(mInjector.getAppOps(any())).thenReturn(mAppOpsManager);

        when(mInjector.isHidlDisabled(any())).thenReturn(false);

        setInternalAndTestBiometricPermissions(mContext, false /* hasPermission */);

    }

    @Test

    public void testRegisterNullService_doesNotRegister() throws Exception {

        setInternalAndTestBiometricPermissions(mContext, true /* hasPermission */);

        // Config contains Fingerprint, Iris, Face, but services are all null

        verify(mReceiver).onError(eq(TYPE_NONE), eq(BIOMETRIC_ERROR_CANCELED), anyInt());

    }

    @Test

    public void testAuthenticate_throwsWhenUsingTestConfigurations() {

        final PromptInfo promptInfo = mock(PromptInfo.class);

        when(promptInfo.containsPrivateApiConfigurations()).thenReturn(false);

        when(promptInfo.containsTestConfigurations()).thenReturn(true);

        testAuthenticate_throwsWhenUsingTestConfigurations(promptInfo);

    }

    @Test

    public void testAuthenticate_throwsWhenUsingPrivateApis() {

        final PromptInfo promptInfo = mock(PromptInfo.class);

        when(promptInfo.containsPrivateApiConfigurations()).thenReturn(true);

        when(promptInfo.containsTestConfigurations()).thenReturn(false);

        testAuthenticate_throwsWhenUsingTestConfigurations(promptInfo);

    }

    private void testAuthenticate_throwsWhenUsingTestConfigurations(PromptInfo promptInfo) {

        mAuthService = new AuthService(mContext, mInjector);

        mAuthService.onStart();

        assertThrows(SecurityException.class, () -> {

            mAuthService.mImpl.authenticate(

                    null /* token */,

                    10 /* sessionId */,

                    2 /* userId */,

                    mReceiver,

                    TEST_OP_PACKAGE_NAME,

                    promptInfo);

            waitForIdle();

        });

    }

    @Test

    public void testCanAuthenticate_callsBiometricServiceCanAuthenticate() throws Exception {

        mAuthService = new AuthService(mContext, mInjector);

    }

    @Test

    public void testHasEnrolledBiometrics_callsBiometricServiceHasEnrolledBiometrics() throws

            Exception {

    public void testHasEnrolledBiometrics_callsBiometricServiceHasEnrolledBiometrics()

            throws Exception {

        setInternalAndTestBiometricPermissions(mContext, true /* hasPermission */);

        mAuthService = new AuthService(mContext, mInjector);

        mAuthService.onStart();

    @Test

    public void testRegisterKeyguardCallback_callsBiometricServiceRegisterKeyguardCallback()

            throws Exception {

        setInternalAndTestBiometricPermissions(mContext, true /* hasPermission */);

        mAuthService = new AuthService(mContext, mInjector);

        mAuthService.onStart();

                eq(callback), eq(UserHandle.getCallingUserId()));

    }

    private static void setInternalAndTestBiometricPermissions(

            Context context, boolean hasPermission) {

        for (String p : List.of(TEST_BIOMETRIC, MANAGE_BIOMETRIC, USE_BIOMETRIC_INTERNAL)) {

            when(context.checkCallingPermission(eq(p))).thenReturn(hasPermission

                    ? PackageManager.PERMISSION_GRANTED : PackageManager.PERMISSION_DENIED);

            when(context.checkCallingOrSelfPermission(eq(p))).thenReturn(hasPermission

                    ? PackageManager.PERMISSION_GRANTED : PackageManager.PERMISSION_DENIED);

            final Stubber doPermCheck =

                    hasPermission ? doNothing() : doThrow(SecurityException.class);

            doPermCheck.when(context).enforceCallingPermission(eq(p), any());

            doPermCheck.when(context).enforceCallingOrSelfPermission(eq(p), any());

        }

    }

    private static void waitForIdle() {

        InstrumentationRegistry.getInstrumentation().waitForIdleSync();

    }