Fix the parsing of manifest rules when ADB is specified. (e515e96b) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java

+3 −0

Original line number	Diff line number	Diff line
		@@ -385,6 +385,9 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub {
		String packageName = getPackageNameNormalized(packageAndCert[0]);
		String cert = packageAndCert[1];
		packageCertMap.put(packageName, cert);
		} else if (packageAndCert.length == 1
		&& packageAndCert[0].equals(ADB_INSTALLER)) {
		packageCertMap.put(ADB_INSTALLER, INSTALLER_CERT_NOT_APPLICABLE);
		}
		}
		}

services/tests/servicestests/AndroidTest.xml

+5 −0

Original line number	Diff line number	Diff line
		@@ -26,6 +26,11 @@
		<option name="test-file-name" value="SimpleServiceTestApp.apk" />
		</target_preparer>

		<target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
		<option name="cleanup" value="true" />
		<option name="push" value="AppIntegrityManagerServiceTestApp.apk->/data/local/tmp/AppIntegrityManagerServiceTestApp.apk" />
		</target_preparer>

		<option name="test-tag" value="FrameworksServicesTests" />
		<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
		<option name="package" value="com.android.frameworks.servicestests" />

services/tests/servicestests/assets/AppIntegrityManagerServiceImplTest/test.apk

deleted100644 → 0

−1.3 MiB

File deleted.

View file

services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java

+34 −19

Original line number	Diff line number	Diff line
		@@ -32,6 +32,7 @@ import static org.mockito.ArgumentMatchers.eq;
		import static org.mockito.Mockito.doReturn;
		import static org.mockito.Mockito.doThrow;
		import static org.mockito.Mockito.mock;
		import static org.mockito.Mockito.never;
		import static org.mockito.Mockito.spy;
		import static org.mockito.Mockito.verify;
		import static org.mockito.Mockito.when;
		@@ -64,7 +65,6 @@ import com.android.server.integrity.engine.RuleEvaluationEngine;
		import com.android.server.integrity.model.IntegrityCheckResult;
		import com.android.server.testutils.TestUtils;

		import org.junit.After;
		import org.junit.Before;
		import org.junit.Test;
		import org.junit.runner.RunWith;
		@@ -75,9 +75,6 @@ import org.mockito.junit.MockitoRule;

		import java.io.File;
		import java.io.IOException;
		import java.io.InputStream;
		import java.nio.file.Files;
		import java.nio.file.StandardCopyOption;
		import java.util.Arrays;
		import java.util.HashMap;
		import java.util.List;
		@@ -86,7 +83,8 @@ import java.util.Map;
		/** Unit test for {@link com.android.server.integrity.AppIntegrityManagerServiceImpl} */
		@RunWith(AndroidJUnit4.class)
		public class AppIntegrityManagerServiceImplTest {
		private static final String TEST_DIR = "AppIntegrityManagerServiceImplTest";
		private static final String TEST_APP_PATH =
		"/data/local/tmp/AppIntegrityManagerServiceTestApp.apk";

		private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive";
		private static final String VERSION = "version";
		@@ -97,13 +95,19 @@ public class AppIntegrityManagerServiceImplTest {
		private static final String INSTALLER = TEST_FRAMEWORK_PACKAGE;
		// These are obtained by running the test and checking logcat.
		private static final String APP_CERT =
		"949ADC6CB92FF09E3784D6E9504F26F9BEAC06E60D881D55A6A81160F9CD6FD1";
		"301AA3CB081134501C45F1422ABC66C24224FD5DED5FDC8F17E697176FD866AA";
		private static final String INSTALLER_CERT =
		"301AA3CB081134501C45F1422ABC66C24224FD5DED5FDC8F17E697176FD866AA";
		// We use SHA256 for package names longer than 32 characters.
		private static final String INSTALLER_SHA256 =
		"786933C28839603EB48C50B2A688DC6BE52C833627CB2731FF8466A2AE9F94CD";

		private static final String PLAY_STORE_PKG = "com.android.vending";
		private static final String ADB_INSTALLER = "adb";
		private static final String PLAY_STORE_CERT =
		"play_store_cert";
		private static final String ADB_CERT = "";

		@org.junit.Rule public MockitoRule mMockitoRule = MockitoJUnit.rule();

		@Mock PackageManagerInternal mPackageManagerInternal;
		@@ -122,11 +126,7 @@ public class AppIntegrityManagerServiceImplTest {

		@Before
		public void setup() throws Exception {
		mTestApk = File.createTempFile("TestApk", /* suffix= */ null);
		mTestApk.deleteOnExit();
		try (InputStream inputStream = mRealContext.getAssets().open(TEST_DIR + "/test.apk")) {
		Files.copy(inputStream, mTestApk.toPath(), StandardCopyOption.REPLACE_EXISTING);
		}
		mTestApk = new File(TEST_APP_PATH);

		mService =
		new AppIntegrityManagerServiceImpl(
		@@ -141,11 +141,7 @@ public class AppIntegrityManagerServiceImplTest {
		when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager);
		when(mMockContext.getResources()).thenReturn(mMockResources);
		when(mMockResources.getStringArray(anyInt())).thenReturn(new String[] {});
		}

		@After
		public void tearDown() throws Exception {
		mTestApk.delete();
		when(mIntegrityFileManager.initialized()).thenReturn(true);
		}

		// This is not a test of the class, but more of a safeguard that we don't block any install in
		@@ -310,10 +306,10 @@ public class AppIntegrityManagerServiceImplTest {
		assertEquals(INSTALLER_CERT, appInstallMetadata.getInstallerCertificate());
		assertEquals(VERSION_CODE, appInstallMetadata.getVersionCode());
		assertFalse(appInstallMetadata.isPreInstalled());
		// These are hardcoded in the test apk
		// These are hardcoded in the test apk android manifest
		assertEquals(2, allowedInstallers.size());
		assertEquals("cert_1", allowedInstallers.get("store_1"));
		assertEquals("cert_2", allowedInstallers.get("store_2"));
		assertEquals(PLAY_STORE_CERT, allowedInstallers.get(PLAY_STORE_PKG));
		assertEquals(ADB_CERT, allowedInstallers.get(ADB_INSTALLER));
		}

		@Test
		@@ -356,6 +352,25 @@ public class AppIntegrityManagerServiceImplTest {
		1, PackageManagerInternal.INTEGRITY_VERIFICATION_REJECT);
		}

		@Test
		public void handleBroadcast_notInitialized() throws Exception {
		when(mIntegrityFileManager.initialized()).thenReturn(false);
		ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor =
		ArgumentCaptor.forClass(BroadcastReceiver.class);
		verify(mMockContext)
		.registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any());
		Intent intent = makeVerificationIntent();
		when(mRuleEvaluationEngine.evaluate(any(), any())).thenReturn(IntegrityCheckResult.allow());

		broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent);
		runJobInHandler();

		verify(mPackageManagerInternal)
		.setIntegrityVerificationResult(
		1, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW);
		verify(mSpyPackageManager, never()).getPackageArchiveInfo(any(), anyInt());
		}

		private void whitelistUsAsRuleProvider() {
		Resources mockResources = mock(Resources.class);
		when(mockResources.getStringArray(R.array.config_integrityRuleProviderPackages))

services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/Android.bp

0 → 100644

+21 −0

Original line number	Diff line number	Diff line
		// Copyright (C) 2017 The Android Open Source Project
		//
		// Licensed under the Apache License, Version 2.0 (the "License");
		// you may not use this file except in compliance with the License.
		// You may obtain a copy of the License at
		//
		// http://www.apache.org/licenses/LICENSE-2.0
		//
		// Unless required by applicable law or agreed to in writing, software
		// distributed under the License is distributed on an "AS IS" BASIS,
		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		// See the License for the specific language governing permissions and
		// limitations under the License.

		android_test_helper_app {
		name: "AppIntegrityManagerServiceTestApp",

		test_suites: ["device-tests"],

		certificate: "platform",
		}