Merge "Read APPS_ALLOWED_ON_RESTRICTED_NETWORKS setting from PermissionMonitor" am: 59dc4f0a

import android.content.pm.PackageInfo;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager.NameNotFoundException;

import android.net.ConnectivitySettingsManager;

import android.net.INetd;

import android.net.UidRange;

import android.net.Uri;

import android.os.UserHandle;

import android.os.UserManager;

import android.system.OsConstants;

import android.util.ArraySet;

import android.util.Log;

import android.util.SparseArray;

import android.util.SparseIntArray;

    @GuardedBy("this")

    private final Set<Integer> mAllApps = new HashSet<>();

    // A set of apps which are allowed to use restricted networks. These apps can't hold the

    // CONNECTIVITY_USE_RESTRICTED_NETWORKS permission because they can't be signature|privileged

    // apps. However, these apps should still be able to use restricted networks under certain

    // conditions (e.g. government app using emergency services). So grant netd system permission

    // to uids whose package name is listed in APPS_ALLOWED_ON_RESTRICTED_NETWORKS setting.

    @GuardedBy("this")

    private final Set<String> mAppsAllowedOnRestrictedNetworks = new ArraySet<>();

    private BroadcastReceiver mIntentReceiver = new BroadcastReceiver() {

        @Override

        public void onReceive(Context context, Intent intent) {

                mIntentReceiver, intentFilter, null /* broadcastPermission */,

                null /* scheduler */);

        // Read APPS_ALLOWED_ON_RESTRICTED_NETWORKS setting and update

        // mAppsAllowedOnRestrictedNetworks.

        updateAppsAllowedOnRestrictedNetworks(

                ConnectivitySettingsManager.getAppsAllowedOnRestrictedNetworks(mContext));

        List<PackageInfo> apps = mPackageManager.getInstalledPackages(GET_PERMISSIONS

                | MATCH_ANY_USER);

        if (apps == null) {

        sendPackagePermissionsToNetd(netdPermsUids);

    }

    @VisibleForTesting

    void updateAppsAllowedOnRestrictedNetworks(final Set<String> apps) {

        mAppsAllowedOnRestrictedNetworks.clear();

        mAppsAllowedOnRestrictedNetworks.addAll(apps);

    }

    @VisibleForTesting

    static boolean isVendorApp(@NonNull ApplicationInfo appInfo) {

        return appInfo.isVendor() || appInfo.isOem() || appInfo.isProduct();

    }

    @VisibleForTesting

    boolean isCarryoverPackage(final ApplicationInfo appInfo) {

        if (appInfo == null) return false;

        return (appInfo.targetSdkVersion < VERSION_Q && isVendorApp(appInfo))

                // Backward compatibility for b/114245686, on devices that launched before Q daemons

                // and apps running as the system UID are exempted from this check.

                || (appInfo.uid == SYSTEM_UID && mDeps.getDeviceFirstSdkInt() < VERSION_Q);

    }

    @VisibleForTesting

    boolean isAppAllowedOnRestrictedNetworks(@NonNull final PackageInfo app) {

        // Check whether package name is in allowed on restricted networks app list. If so, this app

        // can have netd system permission.

        return mAppsAllowedOnRestrictedNetworks.contains(app.packageName);

    }

    @VisibleForTesting

    boolean hasPermission(@NonNull final PackageInfo app, @NonNull final String permission) {

        if (app.requestedPermissions == null || app.requestedPermissionsFlags == null) {

    @VisibleForTesting

    boolean hasRestrictedNetworkPermission(@NonNull final PackageInfo app) {

        // TODO : remove this check in the future(b/31479477). All apps should just

        // TODO : remove carryover package check in the future(b/31479477). All apps should just

        //  request the appropriate permission for their use case since android Q.

        if (app.applicationInfo != null) {

            // Backward compatibility for b/114245686, on devices that launched before Q daemons

            // and apps running as the system UID are exempted from this check.

            if (app.applicationInfo.uid == SYSTEM_UID && mDeps.getDeviceFirstSdkInt() < VERSION_Q) {

                return true;

            }

            if (app.applicationInfo.targetSdkVersion < VERSION_Q

                    && isVendorApp(app.applicationInfo)) {

                return true;

            }

        }

        return hasPermission(app, PERMISSION_MAINLINE_NETWORK_STACK)

        return isCarryoverPackage(app.applicationInfo) || isAppAllowedOnRestrictedNetworks(app)

                || hasPermission(app, PERMISSION_MAINLINE_NETWORK_STACK)

                || hasPermission(app, NETWORK_STACK)

                || hasPermission(app, CONNECTIVITY_USE_RESTRICTED_NETWORKS);

    }

import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_REQUIRED;

import static android.content.pm.PackageManager.GET_PERMISSIONS;

import static android.content.pm.PackageManager.MATCH_ANY_USER;

import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;

import static android.os.Process.SYSTEM_UID;

import static com.android.server.connectivity.PermissionMonitor.NETWORK;

import android.os.SystemConfigManager;

import android.os.UserHandle;

import android.os.UserManager;

import android.provider.Settings;

import android.test.mock.MockContentResolver;

import android.util.ArraySet;

import android.util.SparseIntArray;

import androidx.test.InstrumentationRegistry;

import androidx.test.filters.SmallTest;

import androidx.test.runner.AndroidJUnit4;

import com.android.internal.util.test.FakeSettingsProvider;

import org.junit.After;

import org.junit.Before;

import org.junit.Test;

import org.junit.runner.RunWith;

    @Mock private SystemConfigManager mSystemConfigManager;

    private PermissionMonitor mPermissionMonitor;

    private MockContentResolver mContentResolver;

    @Before

    public void setUp() throws Exception {

        doReturn(UserHandle.ALL).when(asUserCtx).getUser();

        when(mContext.createContextAsUser(eq(UserHandle.ALL), anyInt())).thenReturn(asUserCtx);

        FakeSettingsProvider.clearSettingsProvider();

        mContentResolver = new MockContentResolver();

        mContentResolver.addProvider(Settings.AUTHORITY, new FakeSettingsProvider());

        when(mContext.getContentResolver()).thenReturn(mContentResolver);

        mPermissionMonitor = spy(new PermissionMonitor(mContext, mNetdService, mDeps));

        when(mPackageManager.getInstalledPackages(anyInt())).thenReturn(/* empty app list */ null);

        mPermissionMonitor.startMonitoring();

    }

    @After

    public void tearDown() throws Exception {

        FakeSettingsProvider.clearSettingsProvider();

    }

    private boolean hasRestrictedNetworkPermission(String partition, int targetSdkVersion, int uid,

            String... permissions) {

        return hasRestrictedNetworkPermission(

                partition, targetSdkVersion, "" /* packageName */, uid, permissions);

    }

    private boolean hasRestrictedNetworkPermission(String partition, int targetSdkVersion,

            String packageName, int uid, String... permissions) {

        final PackageInfo packageInfo =

                packageInfoWithPermissions(REQUESTED_PERMISSION_GRANTED, permissions, partition);

        packageInfo.packageName = packageName;

        packageInfo.applicationInfo.targetSdkVersion = targetSdkVersion;

        packageInfo.applicationInfo.uid = uid;

        return mPermissionMonitor.hasRestrictedNetworkPermission(packageInfo);

                PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CONNECTIVITY_USE_RESTRICTED_NETWORKS));

        assertFalse(hasRestrictedNetworkPermission(

                PARTITION_SYSTEM, VERSION_P, MOCK_UID1, CHANGE_WIFI_STATE));

        assertTrue(hasRestrictedNetworkPermission(

                PARTITION_SYSTEM, VERSION_P, MOCK_UID1, PERMISSION_MAINLINE_NETWORK_STACK));

        assertFalse(hasRestrictedNetworkPermission(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));

        assertFalse(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_UID1, CHANGE_NETWORK_STATE));

    }

    @Test

    public void testHasRestrictedNetworkPermissionAppAllowedOnRestrictedNetworks() {

        mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(

                new ArraySet<>(new String[] { MOCK_PACKAGE1 }));

        assertTrue(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE1, MOCK_UID1));

        assertTrue(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE1, MOCK_UID1, CHANGE_NETWORK_STATE));

        assertTrue(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE1, MOCK_UID1, CONNECTIVITY_INTERNAL));

        assertFalse(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID1));

        assertFalse(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID1, CHANGE_NETWORK_STATE));

        assertFalse(hasRestrictedNetworkPermission(

                PARTITION_VENDOR, VERSION_Q, MOCK_PACKAGE2, MOCK_UID1, CONNECTIVITY_INTERNAL));

    }

    private boolean wouldBeCarryoverPackage(String partition, int targetSdkVersion, int uid) {

        final PackageInfo packageInfo = packageInfoWithPermissions(

                REQUESTED_PERMISSION_GRANTED, new String[] {}, partition);

        packageInfo.applicationInfo.targetSdkVersion = targetSdkVersion;

        packageInfo.applicationInfo.uid = uid;

        return mPermissionMonitor.isCarryoverPackage(packageInfo.applicationInfo);

    }

    @Test

    public void testIsCarryoverPackage() {

        doReturn(VERSION_P).when(mDeps).getDeviceFirstSdkInt();

        assertTrue(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID));

        assertTrue(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_P, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_P, MOCK_UID1));

        assertTrue(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_P, MOCK_UID1));

        assertTrue(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));

        assertTrue(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_Q, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));

        assertFalse(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));

        doReturn(VERSION_Q).when(mDeps).getDeviceFirstSdkInt();

        assertFalse(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_P, SYSTEM_UID));

        assertTrue(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_P, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_P, MOCK_UID1));

        assertTrue(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_P, MOCK_UID1));

        assertFalse(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_Q, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_Q, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_SYSTEM, VERSION_Q, MOCK_UID1));

        assertFalse(wouldBeCarryoverPackage(PARTITION_VENDOR, VERSION_Q, MOCK_UID1));

        assertFalse(wouldBeCarryoverPackage(PARTITION_OEM, VERSION_Q, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_PRODUCT, VERSION_Q, SYSTEM_UID));

        assertFalse(wouldBeCarryoverPackage(PARTITION_OEM, VERSION_Q, MOCK_UID1));

        assertFalse(wouldBeCarryoverPackage(PARTITION_PRODUCT, VERSION_Q, MOCK_UID1));

    }

    private boolean wouldBeAppAllowedOnRestrictedNetworks(String packageName) {

        final PackageInfo packageInfo = new PackageInfo();

        packageInfo.packageName = packageName;

        return mPermissionMonitor.isAppAllowedOnRestrictedNetworks(packageInfo);

    }

    @Test

    public void testIsAppAllowedOnRestrictedNetworks() {

        mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(new ArraySet<>());

        assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));

        assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));

        mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(

                new ArraySet<>(new String[] { MOCK_PACKAGE1 }));

        assertTrue(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));

        assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));

        mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(

                new ArraySet<>(new String[] { MOCK_PACKAGE2 }));

        assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));

        assertTrue(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));

        mPermissionMonitor.updateAppsAllowedOnRestrictedNetworks(

                new ArraySet<>(new String[] { "com.android.test" }));

        assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE1));

        assertFalse(wouldBeAppAllowedOnRestrictedNetworks(MOCK_PACKAGE2));

    }

    private void assertBackgroundPermission(boolean hasPermission, String name, int uid,

            String... permissions) throws Exception {

        when(mPackageManager.getPackageInfo(eq(name), anyInt()))