Merge changes I3283d1f7,I04ccc1cb into main (f7cc6de2) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/pm/ProtectedPackages.java

+12 −2

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ package com.android.server.pm;
		import android.annotation.Nullable;
		import android.annotation.UserIdInt;
		import android.app.role.RoleManager;
		import android.app.supervision.SupervisionManager;
		import android.content.Context;
		import android.content.pm.Flags;
		import android.os.Binder;
		@@ -190,6 +191,11 @@ public class ProtectedPackages {

		/** Query the packages with supervision related roles. */
		private boolean isSupervisionPackage(@UserIdInt int userId, String packageName) {
		SupervisionManager supervisionManager = mContext.getSystemService(SupervisionManager.class);
		if (supervisionManager == null \|\| !supervisionManager.isSupervisionEnabled()) {
		Slog.w(TAG, "Supervision is not enabled.");
		return false;
		}
		final RoleManager roleManager = mContext.getSystemService(RoleManager.class);
		if (roleManager == null) {
		Slog.w(TAG, "Failed to get RoleManager. Assuming package isn't role holder.");
		@@ -197,10 +203,14 @@ public class ProtectedPackages {
		}
		return Binder.withCleanCallingIdentity(
		() -> {
		List<String> roleHolders =
		List<String> systemSupervisionHolders =
		roleManager.getRoleHoldersAsUser(
		RoleManager.ROLE_SYSTEM_SUPERVISION, UserHandle.of(userId));
		return roleHolders.contains(packageName);
		List<String> supervisionHolders =
		roleManager.getRoleHoldersAsUser(
		RoleManager.ROLE_SUPERVISION, UserHandle.of(userId));
		return systemSupervisionHolders.contains(packageName)
		\|\| supervisionHolders.contains(packageName);
		});
		}
		}

services/tests/mockingservicestests/src/com/android/server/pm/ProtectedPackagesMockedTest.kt

+52 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		package com.android.server.pm

		import android.app.role.RoleManager
		import android.app.supervision.SupervisionManager
		import android.content.pm.Flags
		import android.platform.test.annotations.DisableFlags
		import android.platform.test.annotations.EnableFlags
		@@ -48,6 +49,8 @@ open class ProtectedPackagesMockedTest {

		@Mock lateinit var roleManager: RoleManager

		@Mock lateinit var supervisionManager: SupervisionManager

		lateinit var protectedPackages: ProtectedPackages

		@Before
		@@ -56,12 +59,30 @@ open class ProtectedPackagesMockedTest {
		MockitoAnnotations.openMocks(this)
		rule.system().stageNominalSystemState()
		whenever(roleManager.getRoleHoldersAsUser(eq(RoleManager.ROLE_SYSTEM_SUPERVISION), any()))
		.thenReturn(listOf(SYSTEM_SUPERVISION_PKG))
		whenever(roleManager.getRoleHoldersAsUser(eq(RoleManager.ROLE_SUPERVISION), any()))
		.thenReturn(listOf(SUPERVISION_PKG))
		whenever(rule.mocks().context.getSystemService(RoleManager::class.java))
		.thenReturn(roleManager)
		whenever(supervisionManager.isSupervisionEnabled()).thenReturn(true)
		whenever(rule.mocks().context.getSystemService(SupervisionManager::class.java))
		.thenReturn(supervisionManager)
		protectedPackages = ProtectedPackages(rule.mocks().context)
		}

		@Test
		@Throws(Exception::class)
		@EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
		fun testIsPackageProtected_systemSupevisionPackage_flagEnabled_returnsTrue() {
		val stateProtected =
		protectedPackages.isPackageStateProtected(TEST_USER_ID, SYSTEM_SUPERVISION_PKG)
		val dataProtected =
		protectedPackages.isPackageDataProtected(TEST_USER_ID, SYSTEM_SUPERVISION_PKG)

		assertThat(stateProtected).isTrue()
		assertThat(dataProtected).isTrue()
		}

		@Test
		@Throws(Exception::class)
		@EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
		@@ -85,6 +106,20 @@ open class ProtectedPackagesMockedTest {
		assertThat(dataProtected).isFalse()
		}

		@Test
		@Throws(Exception::class)
		@EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
		fun testIsPackageProtected_supervisionDisabled_flagEnabled_returnsFalse() {
		whenever(supervisionManager.isSupervisionEnabled()).thenReturn(false)

		val stateProtected =
		protectedPackages.isPackageStateProtected(TEST_USER_ID, SUPERVISION_PKG)
		val dataProtected = protectedPackages.isPackageDataProtected(TEST_USER_ID, SUPERVISION_PKG)

		assertThat(stateProtected).isFalse()
		assertThat(dataProtected).isFalse()
		}

		@Test
		@Throws(Exception::class)
		@EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
		@@ -100,6 +135,22 @@ open class ProtectedPackagesMockedTest {
		assertThat(dataProtected).isFalse()
		}

		@Test
		@Throws(Exception::class)
		@EnableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
		/* This case should not happen. Is is covered here for completeness. */
		fun testIsPackageProtected_missingSupervisionManager_flagEnabled_returnsFalse() {
		whenever(rule.mocks().context.getSystemService(SupervisionManager::class.java))
		.thenReturn(null)

		val stateProtected =
		protectedPackages.isPackageStateProtected(TEST_USER_ID, SUPERVISION_PKG)
		val dataProtected = protectedPackages.isPackageDataProtected(TEST_USER_ID, SUPERVISION_PKG)

		assertThat(stateProtected).isFalse()
		assertThat(dataProtected).isFalse()
		}

		@Test
		@Throws(Exception::class)
		@DisableFlags(Flags.FLAG_PROTECT_SUPERVISION_PACKAGES)
		@@ -113,6 +164,7 @@ open class ProtectedPackagesMockedTest {
		}

		private companion object {
		const val SYSTEM_SUPERVISION_PKG = "com.android.system.supervision"
		const val SUPERVISION_PKG = "com.android.supervision"
		const val TEST_PKG = "com.android.stub"
		const val TEST_USER_ID = 0