Merge "Split query permission from update permission"

    field public static final java.lang.String PERFORM_SIM_ACTIVATION = "android.permission.PERFORM_SIM_ACTIVATION";

    field public static final java.lang.String PROVIDE_RESOLVER_RANKER_SERVICE = "android.permission.PROVIDE_RESOLVER_RANKER_SERVICE";

    field public static final java.lang.String PROVIDE_TRUST_AGENT = "android.permission.PROVIDE_TRUST_AGENT";

    field public static final java.lang.String QUERY_TIME_ZONE_RULES = "android.permission.QUERY_TIME_ZONE_RULES";

    field public static final java.lang.String READ_CONTENT_RATING_SYSTEMS = "android.permission.READ_CONTENT_RATING_SYSTEMS";

    field public static final java.lang.String READ_DREAM_STATE = "android.permission.READ_DREAM_STATE";

    field public static final java.lang.String READ_FRAME_BUFFER = "android.permission.READ_FRAME_BUFFER";

 * <p>This interface is intended for use with the default APK-based time zone rules update

 * application but it can also be used by OEMs if that mechanism is turned off using configuration.

 * All callers must possess the {@link android.Manifest.permission#UPDATE_TIME_ZONE_RULES} system

 * permission.

 * permission unless otherwise stated.

 *

 * <p>When using the default mechanism, when properly configured the Android system will send a

 * {@link RulesUpdaterContract#ACTION_TRIGGER_RULES_UPDATE_CHECK} intent with a

    /**

     * Returns information about the current time zone rules state such as the IANA version of

     * the system and any currently installed distro. This method is intended to allow clients to

     * determine if the current state can be improved; for example by passing the information to a

     * server that may provide a new distro for download.

     * the system and any currently installed distro. This method allows clients to determine the

     * current device state, perhaps to see if it can be improved; for example by passing the

     * information to a server that may provide a new distro for download.

     *

     * <p>Callers must possess the {@link android.Manifest.permission#QUERY_TIME_ZONE_RULES} system

     * permission.

     */

    public RulesState getRulesState() {

        try {

    <permission android:name="android.permission.UPDATE_CONFIG"

        android:protectionLevel="signature|privileged" />

    <!-- Allows an application to query the current time zone rules state

         on device.

         @SystemApi @hide -->

    <permission android:name="android.permission.QUERY_TIME_ZONE_RULES"

                android:protectionLevel="signature|privileged" />

    <!-- Allows a time zone rule updater application to request

         the system installs / uninstalls timezone rules.

         <p>An application requesting this permission is responsible for

    @VisibleForTesting(visibility = VisibleForTesting.Visibility.PRIVATE)

    static final String REQUIRED_UPDATER_PERMISSION =

            android.Manifest.permission.UPDATE_TIME_ZONE_RULES;

    @VisibleForTesting(visibility = VisibleForTesting.Visibility.PRIVATE)

    static final String REQUIRED_QUERY_PERMISSION =

            android.Manifest.permission.QUERY_TIME_ZONE_RULES;

    private static final File SYSTEM_TZ_DATA_FILE = new File("/system/usr/share/zoneinfo/tzdata");

    private static final File TZ_DATA_DIR = new File("/data/misc/zoneinfo");

    @Override // Binder call

    public RulesState getRulesState() {

        mPermissionHelper.enforceCallerHasPermission(REQUIRED_UPDATER_PERMISSION);

        mPermissionHelper.enforceCallerHasPermission(REQUIRED_QUERY_PERMISSION);

        return getRulesStateInternal();

    }

import libcore.io.IoUtils;

import static com.android.server.timezone.RulesManagerService.REQUIRED_QUERY_PERMISSION;

import static com.android.server.timezone.RulesManagerService.REQUIRED_UPDATER_PERMISSION;

import static org.junit.Assert.assertEquals;

import static org.junit.Assert.assertFalse;

    @Test(expected = SecurityException.class)

    public void getRulesState_noCallerPermission() throws Exception {

        configureCallerDoesNotHavePermission();

        configureCallerDoesNotHaveQueryPermission();

        mRulesManagerService.getRulesState();

    }

    @Test(expected = SecurityException.class)

    public void requestInstall_noCallerPermission() throws Exception {

        configureCallerDoesNotHavePermission();

        configureCallerDoesNotHaveUpdatePermission();

        mRulesManagerService.requestInstall(null, null, null);

    }

    @Test(expected = SecurityException.class)

    public void requestUninstall_noCallerPermission() throws Exception {

        configureCallerDoesNotHavePermission();

        configureCallerDoesNotHaveUpdatePermission();

        mRulesManagerService.requestUninstall(null, null);

    }

    @Test(expected = SecurityException.class)

    public void requestNothing_noCallerPermission() throws Exception {

        configureCallerDoesNotHavePermission();

        configureCallerDoesNotHaveUpdatePermission();

        mRulesManagerService.requestNothing(null, true);

    }

                .enforceCallerHasPermission(REQUIRED_UPDATER_PERMISSION);

    }

    private void configureCallerDoesNotHavePermission() {

    private void configureCallerDoesNotHaveUpdatePermission() {

        doThrow(new SecurityException("Simulated permission failure"))

                .when(mMockPermissionHelper)

                .enforceCallerHasPermission(REQUIRED_UPDATER_PERMISSION);

    }

    private void configureCallerDoesNotHaveQueryPermission() {

        doThrow(new SecurityException("Simulated permission failure"))

                .when(mMockPermissionHelper)

                .enforceCallerHasPermission(REQUIRED_QUERY_PERMISSION);

    }

    private void configureStageInstallExpectation(int resultCode)

            throws Exception {

        when(mMockTimeZoneDistroInstaller.stageInstallWithErrorCode(any(TimeZoneDistro.class)))