Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b8b2d4bf authored by Michael Groover's avatar Michael Groover
Browse files

Update telephony dev ID tests to use new SystemAPI 

Based on feedback during the API review of the new SystemAPI for
telephony to check device identifier access the method was moved
from DevicePolicyManager to PermissionManager. This commit updates
the telephony dev ID tests to mock this new check and removes
the tests for checks that are no longer controlled by
TelephonyPermissions.

Bug: 147761267
Test: atest TelephonyPermissionsTest
Test: atest PhoneSubInfoControllerTest
Test: atest SubscriptionControllerTest
Change-Id: I69d434eec22ad8c3cb07eff3a6395e02c88f96ae
parent 05970b8d

tests/telephonytests/src/com/android/internal/telephony/PhoneSubInfoControllerTest.java

+5 −0
Original line number Diff line number Diff line
@@ -105,6 +105,7 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
        // The READ_PRIVILEGED_PHONE_STATE permission or passing a device / profile owner access

        // check is required to access device identifiers. Since neither of those are true for this

        // test each case will result in a SecurityException being thrown.

        setIdentifierAccess(false);

        doReturn("353626073736741").when(mPhone).getDeviceId();

        doReturn("353626073736742").when(mSecondPhone).getDeviceId();
@@ -188,6 +189,7 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
        // The READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, or passing a device /

        // profile owner access check is required to access subscriber identifiers. Since none of

        // those are true for this test each case will result in a SecurityException being thrown.

        setIdentifierAccess(false);

        doReturn("aaa@example.com").when(mPhone).getNai();

        doReturn("bbb@example.com").when(mSecondPhone).getNai();
@@ -270,6 +272,7 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
        // The READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, or passing a device /

        // profile owner access check is required to access device identifiers. Since none of

        // those are true for this test each case will result in a SecurityException being thrown.

        setIdentifierAccess(false);

        doReturn("990000862471854").when(mPhone).getImei();

        doReturn("990000862471855").when(mSecondPhone).getImei();
@@ -412,6 +415,7 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
        // The READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, or passing a device /

        // profile owner access check is required to access subscriber identifiers. Since none of

        // those are true for this test each case will result in a SecurityException being thrown.

        setIdentifierAccess(false);

        doReturn("310260426283121").when(mPhone).getSubscriberId();

        doReturn("310260426283122").when(mSecondPhone).getSubscriberId();
@@ -496,6 +500,7 @@ public class PhoneSubInfoControllerTest extends TelephonyTest { 
        // The READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, or passing a device /

        // profile owner access check is required to access subscriber identifiers. Since none of

        // those are true for this test each case will result in a SecurityException being thrown.

        setIdentifierAccess(false);

        doReturn("8991101200003204510").when(mPhone).getIccSerialNumber();

        doReturn("8991101200003204511").when(mSecondPhone).getIccSerialNumber();

tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java

+4 −0
Original line number Diff line number Diff line
@@ -1047,6 +1047,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        setupMocksForTelephonyPermissions();

        setIdentifierAccess(false);

        int subId = getFirstSubId();



        SubscriptionInfo subscriptionInfo = mSubscriptionControllerUT.getActiveSubscriptionInfo(
@@ -1094,6 +1095,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        setupMocksForTelephonyPermissions();

        setIdentifierAccess(false);



        SubscriptionInfo subscriptionInfo =

                mSubscriptionControllerUT.getActiveSubscriptionInfoForSimSlotIndex(0,
@@ -1139,6 +1141,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        setupMocksForTelephonyPermissions();

        setIdentifierAccess(false);



        List<SubscriptionInfo> subInfoList =

                mSubscriptionControllerUT.getActiveSubscriptionInfoList(mCallingPackage,
@@ -1189,6 +1192,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);

        setupMocksForTelephonyPermissions();

        setIdentifierAccess(false);



        List<SubscriptionInfo> subInfoList = mSubscriptionControllerUT.getSubscriptionsInGroup(

                groupUuid, mCallingPackage, mCallingFeature);

tests/telephonytests/src/com/android/internal/telephony/TelephonyPermissionsTest.java

+20 −42
Original line number Diff line number Diff line
@@ -28,7 +28,6 @@ import static org.mockito.Mockito.doThrow; 
import static org.mockito.Mockito.when;



import android.app.AppOpsManager;

import android.app.admin.DevicePolicyManager;

import android.content.Context;

import android.content.pm.ApplicationInfo;

import android.content.pm.PackageManager;
@@ -37,6 +36,7 @@ import android.os.Build; 
import android.os.Bundle;

import android.os.IBinder;

import android.os.ServiceManager;

import android.permission.PermissionManager;

import android.provider.DeviceConfig;

import android.provider.Settings;

import android.telephony.SubscriptionManager;
@@ -46,6 +46,7 @@ import android.test.mock.MockContentResolver; 
import android.test.suitebuilder.annotation.SmallTest;



import com.android.internal.util.test.FakeSettingsProvider;

import com.android.server.pm.permission.PermissionManagerService;



import org.junit.Before;

import org.junit.Test;
@@ -81,13 +82,13 @@ public class TelephonyPermissionsTest { 
    @Mock

    private ApplicationInfo mMockApplicationInfo;

    @Mock

    private DevicePolicyManager mMockDevicePolicyManager;

    @Mock

    private TelephonyManager mTelephonyManagerMock;

    @Mock

    private TelephonyManager mTelephonyManagerMockForSub1;

    @Mock

    private TelephonyManager mTelephonyManagerMockForSub2;

    @Mock

    private PermissionManagerService mMockPermissionManagerService;



    private MockContentResolver mMockContentResolver;

    private FakeSettingsConfigProvider mFakeSettingsConfigProvider;
@@ -103,11 +104,14 @@ public class TelephonyPermissionsTest { 
        when(mMockContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mMockAppOps);

        when(mMockContext.getSystemService(Context.TELEPHONY_SUBSCRIPTION_SERVICE)).thenReturn(

                mMockSubscriptionManager);

        when(mMockContext.getSystemService(Context.DEVICE_POLICY_SERVICE)).thenReturn(

                mMockDevicePolicyManager);

        when(mMockSubscriptionManager.getCompleteActiveSubscriptionIdList()).thenReturn(

                new int[]{SUB_ID});



        PermissionManager permissionManager = new PermissionManager(mMockContext, null,

                mMockPermissionManagerService);

        when(mMockContext.getSystemService(Context.PERMISSION_SERVICE)).thenReturn(

                permissionManager);



        // By default, assume we have no permissions or app-ops bits.

        doThrow(new SecurityException()).when(mMockContext)

                .enforcePermission(anyString(), eq(PID), eq(UID), eq(MSG));
@@ -123,8 +127,6 @@ public class TelephonyPermissionsTest { 
                .thenReturn(TelephonyManager.CARRIER_PRIVILEGE_STATUS_NO_ACCESS);

        when(mMockContext.checkPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE,

                PID, UID)).thenReturn(PackageManager.PERMISSION_DENIED);

        when(mMockDevicePolicyManager.hasDeviceIdentifierAccess(eq(PACKAGE), eq(PID),

                eq(UID))).thenReturn(false);

        setTelephonyMockAsService();

    }
@@ -283,9 +285,13 @@ public class TelephonyPermissionsTest { 
    }



    @Test

    public void testCheckReadDeviceIdentifiers_hasPrivilegedPermission() {

        when(mMockContext.checkPermission(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE,

                PID, UID)).thenReturn(PackageManager.PERMISSION_GRANTED);

    public void testCheckReadDeviceIdentifiers_hasPermissionManagerIdentifierAccess() {

        // The UID, privileged permission, device / profile owner, and appop checks are all now

        // performed by a SystemAPI in PermissionManager; this test verifies when this API returns

        // the calling package meets the requirements for device identifier access the telephony

        // check also returns true.

        when(mMockPermissionManagerService.checkDeviceIdentifierAccess(PACKAGE, MSG, FEATURE, PID,

                UID)).thenReturn(PackageManager.PERMISSION_GRANTED);

        assertTrue(

                TelephonyPermissions.checkCallingOrSelfReadDeviceIdentifiers(mMockContext,

                        SUB_ID, PACKAGE, FEATURE, MSG));
@@ -302,25 +308,6 @@ public class TelephonyPermissionsTest { 
                        SUB_ID, PACKAGE, FEATURE, MSG));

    }



    @Test

    public void testCheckReadDeviceIdentifiers_hasAppOp() {

        when(mMockAppOps.noteOpNoThrow(eq(AppOpsManager.OPSTR_READ_DEVICE_IDENTIFIERS), eq(UID),

                eq(PACKAGE), eq(FEATURE), nullable(String.class))).thenReturn(

                AppOpsManager.MODE_ALLOWED);

        assertTrue(

                TelephonyPermissions.checkCallingOrSelfReadDeviceIdentifiers(mMockContext,

                        SUB_ID, PACKAGE, FEATURE, MSG));

    }



    @Test

    public void testCheckReadDeviceIdentifiers_hasDPMDeviceIDAccess() {

        when(mMockDevicePolicyManager.hasDeviceIdentifierAccess(eq(PACKAGE), eq(PID),

                eq(UID))).thenReturn(true);

        assertTrue(

                TelephonyPermissions.checkCallingOrSelfReadDeviceIdentifiers(mMockContext,

                        SUB_ID, PACKAGE, FEATURE, MSG));

    }



    @Test

    public void testCheckReadDeviceIdentifiers_hasReadPhoneStateTargetQ() throws Exception {

        // if an app is targeting Q and does not meet the new requirements for device identifier
@@ -401,13 +388,6 @@ public class TelephonyPermissionsTest { 
    public void testCheckCallingOrSelfReadSubscriberIdentifiers_noPermissions() throws Exception {

        setupMocksForDeviceIdentifiersErrorPath();

        setTelephonyMockAsService();

        when(mMockContext.checkPermission(

                eq(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE),

                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_DENIED);

        when(mMockAppOps.noteOpNoThrow(anyString(), anyInt(), eq(PACKAGE))).thenReturn(

                AppOpsManager.MODE_ERRORED);

        when(mMockDevicePolicyManager.hasDeviceIdentifierAccess(eq(PACKAGE), anyInt(),

                anyInt())).thenReturn(false);

        try {

            TelephonyPermissions.checkCallingOrSelfReadSubscriberIdentifiers(mMockContext,

                    SUB_ID, PACKAGE, FEATURE, MSG);
@@ -420,10 +400,8 @@ public class TelephonyPermissionsTest { 
    @Test

    public void testCheckCallingOrSelfReadSubscriberIdentifiers_carrierPrivileges()

            throws Exception {

        setupMocksForDeviceIdentifiersErrorPath();

        setTelephonyMockAsService();

        when(mMockContext.checkPermission(

                eq(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE),

                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_DENIED);

        when(mTelephonyManagerMock.createForSubscriptionId(eq(SUB_ID))).thenReturn(

                mTelephonyManagerMockForSub1);

        when(mTelephonyManagerMockForSub1.getCarrierPrivilegeStatus(anyInt())).thenReturn(
@@ -438,9 +416,6 @@ public class TelephonyPermissionsTest { 
            throws Exception {

        setupMocksForDeviceIdentifiersErrorPath();

        setTelephonyMockAsService();

        when(mMockContext.checkPermission(

                eq(android.Manifest.permission.READ_PRIVILEGED_PHONE_STATE),

                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_DENIED);

        when(mMockSubscriptionManager.getCompleteActiveSubscriptionIdList()).thenReturn(

                new int[]{SUB_ID, SUB_ID_2});

        when(mTelephonyManagerMock.createForSubscriptionId(eq(SUB_ID_2))).thenReturn(
@@ -606,6 +581,9 @@ public class TelephonyPermissionsTest { 
                android.Manifest.permission.READ_DEVICE_CONFIG)).thenReturn(

                PackageManager.PERMISSION_GRANTED);



        when(mMockPermissionManagerService.checkDeviceIdentifierAccess(any(), any(), any(),

                anyInt(), anyInt())).thenReturn(PackageManager.PERMISSION_DENIED);



        // TelephonyPermissions queries DeviceConfig to determine if the identifier access

        // restrictions should be enabled; since DeviceConfig uses

        // Activity.currentActivity.getContentResolver as the resolver for Settings.Config.getString

tests/telephonytests/src/com/android/internal/telephony/TelephonyTest.java

+16 −6
Original line number Diff line number Diff line
@@ -50,6 +50,7 @@ import android.os.Message; 
import android.os.MessageQueue;

import android.os.RegistrantList;

import android.os.ServiceManager;

import android.permission.PermissionManager;

import android.provider.BlockedNumberContract;

import android.provider.DeviceConfig;

import android.provider.Settings;
@@ -741,12 +742,14 @@ public abstract class TelephonyTest { 
        doReturn(mApplicationInfo).when(mPackageManager).getApplicationInfoAsUser(eq(TAG), anyInt(),

                any());



        // TelephonyPermissions also checks to see if the calling package has been granted

        // identifier access via an appop; ensure this query does not allow identifier access for

        // any packages.

        doReturn(AppOpsManager.MODE_DEFAULT).when(mAppOpsManager).noteOpNoThrow(

                eq(AppOpsManager.OPSTR_READ_DEVICE_IDENTIFIERS), anyInt(), anyString(),

                nullable(String.class), nullable(String.class));

        // TelephonyPermissions uses a SystemAPI to check if the calling package meets any of the

        // generic requirements for device identifier access (currently READ_PRIVILEGED_PHONE_STATE,

        // appop, and device / profile owner checks. This sets up the PermissionManager to return

        // that access requirements are met.

        setIdentifierAccess(true);

        PermissionManager permissionManager = new PermissionManager(mContext, null,

                mMockPermissionManager);

        doReturn(permissionManager).when(mContext).getSystemService(eq(Context.PERMISSION_SERVICE));



        // TelephonyPermissions queries DeviceConfig to determine if the identifier access

        // restrictions should be enabled; this results in a NPE when DeviceConfig uses
@@ -771,6 +774,13 @@ public abstract class TelephonyTest { 
                "mContentProvider", providerHolder, iContentProvider);

    }



    protected void setIdentifierAccess(boolean hasAccess) {

        doReturn(hasAccess ? PackageManager.PERMISSION_GRANTED

                : PackageManager.PERMISSION_DENIED).when(

                mMockPermissionManager).checkDeviceIdentifierAccess(any(), any(), any(), anyInt(),

                anyInt());

    }



    protected final void waitForHandlerAction(Handler h, long timeoutMillis) {

        final CountDownLatch lock = new CountDownLatch(1);

        h.post(lock::countDown);