Merge "Support featureFlag attribute in <assign-permission> tag" into main

    private void readAssignPermission(XmlPullParser parser, File permFile, boolean allowPermissions)

            throws IOException, XmlPullParserException {

        if (allowPermissions) {

            readAssignPermission(parser, permFile);

        } else {

            logNotAllowedInPartition("assign-permission", permFile, parser);

            XmlUtils.skipCurrentTag(parser);

        }

    }

    private void readAssignPermission(XmlPullParser parser, File permFile)

            throws IOException, XmlPullParserException {

        // If trunkstable feature flag disabled for this permission, skip this tag.

        if (ParsingPackageUtils.getAconfigFlags()

                .skipCurrentElement(/* pkg= */ null, parser, /* allowNoNamespace= */ true)) {

            XmlUtils.skipCurrentTag(parser);

            return;

        }

        String perm = parser.getAttributeValue(null, "name");

        if (perm == null) {

            Slog.w(TAG, "<assign-permission> without name in " + permFile

            mSystemPermissions.put(uid, perms);

        }

        perms.add(perm);

        } else {

            logNotAllowedInPartition("assign-permission", permFile, parser);

        }

        XmlUtils.skipCurrentTag(parser);

    }

import android.content.pm.Signature;

import android.content.pm.SignedPackage;

import android.os.Build;

import android.permission.PermissionManager.SplitPermissionInfo;

import android.platform.test.annotations.Presubmit;

import android.platform.test.annotations.RequiresFlagsEnabled;

import android.platform.test.flag.junit.CheckFlagsRule;

import android.util.ArrayMap;

import android.util.ArraySet;

import android.util.Log;

import android.util.SparseArray;

import android.util.Xml;

import androidx.test.filters.SmallTest;

import androidx.test.runner.AndroidJUnit4;

import com.android.internal.pm.pkg.parsing.ParsingPackageUtils;

import com.android.server.SystemConfig;

import org.junit.Before;

import java.io.FileReader;

import java.io.FileWriter;

import java.io.IOException;

import java.util.ArrayList;

import java.util.Arrays;

import java.util.List;

import java.util.Map;

import java.util.Scanner;

import java.util.Set;

public class SystemConfigTest {

    private static final String LOG_TAG = "SystemConfigTest";

    private static final String ALWAYS_ON_FLAG = "always.on.flag";

    private static final String ALWAYS_OFF_FLAG = "always.off.flag";

    private static final Map<String, Boolean> FLAG_VALUES = Map.of(

            ALWAYS_ON_FLAG, true,

            ALWAYS_OFF_FLAG, false

    );

    // From system/core/libcutils/include/private/android_filesystem_config.h

    private static final int MEDIA_UID = 1013;

    private SystemConfig mSysConfig;

    private File mFooJar;

        mSysConfig = new SystemConfigTestClass();

        mFooJar = createTempFile(

                mTemporaryFolder.getRoot().getCanonicalFile(), "foo.jar", "JAR");

        ParsingPackageUtils.getAconfigFlags().addFlagValuesForTesting(FLAG_VALUES);

    }

    /**

        assertEquals(packageTwoExpected, packageTwo);

    }

    @Test

    public void testSplitPermission_featureFlagEnabled() throws Exception {

        final String contents =

                "<permissions>"

                        + "<split-permission name=\"android.permission.FOO\""

                        + "featureFlag=\"" + ALWAYS_ON_FLAG + "\""

                        + "targetSdk=\"36\">"

                        + "<new-permission name=\"android.permission.BAR\" />"

                        + "</split-permission>"

                        + "</permissions>";

        final File folder = createTempSubfolder("folder/etc/permissions");

        createTempFile(folder, "platform.xml", contents);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        SplitPermissionInfo expectedPermission =

                new SplitPermissionInfo(

                        "android.permission.FOO", List.of("android.permission.BAR"),

                        36);

        final ArrayList<SplitPermissionInfo> permissions =

                mSysConfig.getSplitPermissions();

        assertThat(permissions.size()).isEqualTo(1);

        assertEquals(expectedPermission, permissions.getFirst());

    }

    @Test

    public void testSplitPermission_featureFlagDisabled() throws Exception {

        final String contents =

                "<permissions>"

                        + "<split-permission name=\"android.permission.FOO\""

                        + "featureFlag=\"" + ALWAYS_OFF_FLAG + "\""

                        + "targetSdk=\"36\">"

                        + "<new-permission name=\"android.permission.BAR\" />"

                        + "</split-permission>"

                        + "</permissions>";

        final File folder = createTempSubfolder("folder/etc/permissions");

        createTempFile(folder, "platform.xml", contents);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        final ArrayList<SplitPermissionInfo> permissions =

                mSysConfig.getSplitPermissions();

        assertThat(permissions).isEmpty();

    }

    @Test

    public void testAssignPermission_featureFlagEnabled() throws Exception {

        final String contents =

                "<permissions>"

                        + "<assign-permission name=\"android.permission.FOO\""

                        + "featureFlag=\"" + ALWAYS_ON_FLAG + "\""

                        + "uid=\"media\">"

                        + "</assign-permission>"

                        + "</permissions>";

        final File folder = createTempSubfolder("folder/etc/permissions");

        createTempFile(folder, "platform.xml", contents);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        final SparseArray<ArraySet<String>> permissions =

                mSysConfig.getSystemPermissions();

        assertThat(permissions.size()).isEqualTo(1);

        assertThat(permissions.get(MEDIA_UID)).containsExactly("android.permission.FOO");

    }

    @Test

    public void testAssignPermission_featureFlagDisabled() throws Exception {

        final String contents =

                "<permissions>"

                        + "<assign-permission name=\"android.permission.FOO\""

                        + "featureFlag=\"" + ALWAYS_OFF_FLAG + "\""

                        + "uid=\"media\">"

                        + "</assign-permission>"

                        + "</permissions>";

        final File folder = createTempSubfolder("folder/etc/permissions");

        createTempFile(folder, "platform.xml", contents);

        readPermissions(folder, /* Grant all permission flags */ ~0);

        final SparseArray<ArraySet<String>> permissions =

                mSysConfig.getSystemPermissions();

        assertThat(permissions.size()).isEqualTo(0);

    }

    /**

     * Tests that readPermissions works correctly with {@link SystemConfig#ALLOW_APP_CONFIGS}

     * permission flag for the tag: allowlisted-staged-installer.