Merge "Remove unused classes in App Integrity Service" into main

import com.android.internal.R;

import com.android.internal.annotations.VisibleForTesting;

import com.android.server.LocalServices;

import com.android.server.integrity.model.RuleMetadata;

import java.io.File;

import java.nio.charset.StandardCharsets;

/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.integrity.model;

import android.annotation.Nullable;

import android.content.integrity.Rule;

import java.util.Collections;

import java.util.List;

/**

 * A class encapsulating the result from the evaluation engine after evaluating rules against app

 * install metadata.

 *

 * <p>It contains the outcome effect (whether to allow or block the install), and the rule causing

 * that effect.

 */

public final class IntegrityCheckResult {

    public enum Effect {

        ALLOW,

        DENY

    }

    private final Effect mEffect;

    private final List<Rule> mRuleList;

    private IntegrityCheckResult(Effect effect, @Nullable List<Rule> ruleList) {

        this.mEffect = effect;

        this.mRuleList = ruleList;

    }

    public Effect getEffect() {

        return mEffect;

    }

    public List<Rule> getMatchedRules() {

        return mRuleList;

    }

    /**

     * Create an ALLOW evaluation outcome.

     *

     * @return An evaluation outcome with ALLOW effect and no rule.

     */

    public static IntegrityCheckResult allow() {

        return new IntegrityCheckResult(Effect.ALLOW, Collections.emptyList());

    }

    /**

     * Create an ALLOW evaluation outcome.

     *

     * @return An evaluation outcome with ALLOW effect and rule causing that effect.

     */

    public static IntegrityCheckResult allow(List<Rule> ruleList) {

        return new IntegrityCheckResult(Effect.ALLOW, ruleList);

    }

    /**

     * Create a DENY evaluation outcome.

     *

     * @param ruleList All valid rules that cause the DENY effect.

     * @return An evaluation outcome with DENY effect and rule causing that effect.

     */

    public static IntegrityCheckResult deny(List<Rule> ruleList) {

        return new IntegrityCheckResult(Effect.DENY, ruleList);

    }

    /** Returns true when the {@code mEffect} is caused by an app certificate mismatch. */

    public boolean isCausedByAppCertRule() {

        return mRuleList.stream().anyMatch(rule -> rule.getFormula().isAppCertificateFormula());

    }

    /** Returns true when the {@code mEffect} is caused by an installer rule. */

    public boolean isCausedByInstallerRule() {

        return mRuleList.stream().anyMatch(rule -> rule.getFormula().isInstallerFormula());

    }

}

/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.integrity.model;

import android.annotation.Nullable;

/** Data class containing relevant metadata associated with a rule set. */

public class RuleMetadata {

    private final String mRuleProvider;

    private final String mVersion;

    public RuleMetadata(String ruleProvider, String version) {

        mRuleProvider = ruleProvider;

        mVersion = version;

    }

    @Nullable

    public String getRuleProvider() {

        return mRuleProvider;

    }

    @Nullable

    public String getVersion() {

        return mVersion;

    }

}

import com.android.internal.R;

import com.android.server.compat.PlatformCompat;

import com.android.server.integrity.model.IntegrityCheckResult;

import com.android.server.testutils.TestUtils;

import org.junit.After;

/*

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.server.integrity.model;

import static com.google.common.truth.Truth.assertThat;

import android.content.integrity.AtomicFormula;

import android.content.integrity.CompoundFormula;

import android.content.integrity.Rule;

import org.junit.Test;

import org.junit.runner.RunWith;

import org.junit.runners.JUnit4;

import java.util.Arrays;

import java.util.Collections;

@RunWith(JUnit4.class)

public class IntegrityCheckResultTest {

    @Test

    public void createAllowResult() {

        IntegrityCheckResult allowResult = IntegrityCheckResult.allow();

        assertThat(allowResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.ALLOW);

        assertThat(allowResult.getMatchedRules()).isEmpty();

    }

    @Test

    public void createAllowResultWithRule() {

        String packageName = "com.test.deny";

        Rule forceAllowRule =

                new Rule(

                        new AtomicFormula.StringAtomicFormula(AtomicFormula.PACKAGE_NAME,

                                packageName),

                        Rule.FORCE_ALLOW);

        IntegrityCheckResult allowResult =

                IntegrityCheckResult.allow(Collections.singletonList(forceAllowRule));

        assertThat(allowResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.ALLOW);

        assertThat(allowResult.getMatchedRules()).containsExactly(forceAllowRule);

    }

    @Test

    public void createDenyResultWithRule() {

        String packageName = "com.test.deny";

        Rule failedRule =

                new Rule(

                        new AtomicFormula.StringAtomicFormula(AtomicFormula.PACKAGE_NAME,

                                packageName),

                        Rule.DENY);

        IntegrityCheckResult denyResult =

                IntegrityCheckResult.deny(Collections.singletonList(failedRule));

        assertThat(denyResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.DENY);

        assertThat(denyResult.getMatchedRules()).containsExactly(failedRule);

    }

    @Test

    public void isDenyCausedByAppCertificate() {

        String packageName = "com.test.deny";

        String appCert = "app-cert";

        Rule failedRule =

                new Rule(

                        new CompoundFormula(

                                CompoundFormula.AND,

                                Arrays.asList(

                                        new AtomicFormula.StringAtomicFormula(

                                                AtomicFormula.PACKAGE_NAME, packageName),

                                        new AtomicFormula.StringAtomicFormula(

                                                AtomicFormula.APP_CERTIFICATE, appCert))),

                        Rule.DENY);

        Rule otherFailedRule =

                new Rule(

                        new AtomicFormula.LongAtomicFormula(AtomicFormula.VERSION_CODE,

                                AtomicFormula.EQ, 12),

                        Rule.DENY);

        IntegrityCheckResult denyResult =

                IntegrityCheckResult.deny(Arrays.asList(failedRule, otherFailedRule));

        assertThat(denyResult.isCausedByAppCertRule()).isTrue();

        assertThat(denyResult.isCausedByInstallerRule()).isFalse();

    }

    @Test

    public void isDenyCausedByInstaller() {

        String packageName = "com.test.deny";

        String appCert = "app-cert";

        Rule failedRule =

                new Rule(

                        new CompoundFormula(

                                CompoundFormula.AND,

                                Arrays.asList(

                                        new AtomicFormula.StringAtomicFormula(

                                                AtomicFormula.PACKAGE_NAME, packageName),

                                        new AtomicFormula.StringAtomicFormula(

                                                AtomicFormula.INSTALLER_CERTIFICATE, appCert))),

                        Rule.DENY);

        Rule otherFailedRule =

                new Rule(

                        new AtomicFormula.LongAtomicFormula(AtomicFormula.VERSION_CODE,

                                AtomicFormula.EQ, 12),

                        Rule.DENY);

        IntegrityCheckResult denyResult =

                IntegrityCheckResult.deny(Arrays.asList(failedRule, otherFailedRule));

        assertThat(denyResult.isCausedByAppCertRule()).isFalse();

        assertThat(denyResult.isCausedByInstallerRule()).isTrue();

    }

}