summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
author Khaled Abdelmohsen <khelmy@google.com> 2019-11-25 18:20:46 +0000
committer Khaled Abdelmohsen <khelmy@google.com> 2019-11-26 15:34:45 +0000
commit5809a5f28644cf7adef5d2f83da62f68594e8d95 (patch)
treed967eb345b33df70dd0eb76f9b8c1484ba7d8b95
parente60b9143e89f407b00639584ecff4ef9ff61fa9b (diff)
Add rule component validations
Bug: 141979167 Test: atest FrameworksServicesTests:RuleTest Test: atest FrameworksServicesTests:AtomicFormulaTest Test: atest FrameworksServicesTests:OpenFormulaTest Change-Id: I3411a0fba37e7f3f9b9f6bbc5b2b895203bbd701
Diffstat
-rw-r--r--services/core/java/com/android/server/integrity/model/AtomicFormula.java20
-rw-r--r--services/core/java/com/android/server/integrity/model/OpenFormula.java8
-rw-r--r--services/core/java/com/android/server/integrity/model/Rule.java7
-rw-r--r--services/tests/servicestests/src/com/android/server/integrity/model/AtomicFormulaTest.java16
-rw-r--r--services/tests/servicestests/src/com/android/server/integrity/model/OpenFormulaTest.java19
-rw-r--r--services/tests/servicestests/src/com/android/server/integrity/model/RuleTest.java8
6 files changed, 74 insertions, 4 deletions
diff --git a/services/core/java/com/android/server/integrity/model/AtomicFormula.java b/services/core/java/com/android/server/integrity/model/AtomicFormula.java
index 9a0553d7aa0c..7514da80b5fb 100644
--- a/services/core/java/com/android/server/integrity/model/AtomicFormula.java
+++ b/services/core/java/com/android/server/integrity/model/AtomicFormula.java
@@ -112,6 +112,7 @@ public abstract class AtomicFormula implements Formula {
private final @Key int mKey;
public AtomicFormula(@Key int key) {
+ checkArgument(isValidKey(key), String.format("Unknown key: %d", key));
mKey = key;
}
@@ -134,6 +135,8 @@ public abstract class AtomicFormula implements Formula {
checkArgument(
key == VERSION_CODE,
String.format("Key %s cannot be used with IntAtomicFormula", keyToString(key)));
+ checkArgument(isValidOperator(operator),
+ String.format("Unknown operator: %d", operator));
mOperator = operator;
mValue = value;
}
@@ -237,6 +240,14 @@ public abstract class AtomicFormula implements Formula {
"Unexpected key in IntAtomicFormula" + getKey());
}
}
+
+ private static boolean isValidOperator(int operator) {
+ return operator == EQ
+ || operator == LT
+ || operator == LE
+ || operator == GT
+ || operator == GE;
+ }
}
/** An {@link AtomicFormula} with a key and string value. */
@@ -486,4 +497,13 @@ public abstract class AtomicFormula implements Formula {
throw new IllegalArgumentException("Unknown operator " + op);
}
}
+
+ private static boolean isValidKey(int key) {
+ return key == PACKAGE_NAME
+ || key == APP_CERTIFICATE
+ || key == VERSION_CODE
+ || key == INSTALLER_NAME
+ || key == INSTALLER_CERTIFICATE
+ || key == PRE_INSTALLED;
+ }
}
diff --git a/services/core/java/com/android/server/integrity/model/OpenFormula.java b/services/core/java/com/android/server/integrity/model/OpenFormula.java
index 7a3600f7a4fe..f7ea9208f7fe 100644
--- a/services/core/java/com/android/server/integrity/model/OpenFormula.java
+++ b/services/core/java/com/android/server/integrity/model/OpenFormula.java
@@ -86,6 +86,8 @@ public final class OpenFormula implements Formula, Parcelable {
* for that operator (at least 2 for {@link #AND} and {@link #OR}, 1 for {@link #NOT}).
*/
public OpenFormula(@Connector int connector, @NonNull List<Formula> formulas) {
+ checkArgument(isValidConnector(connector),
+ String.format("Unknown connector: %d", connector));
validateFormulas(connector, formulas);
this.mConnector = connector;
this.mFormulas = Collections.unmodifiableList(formulas);
@@ -213,4 +215,10 @@ public final class OpenFormula implements Formula, Parcelable {
throw new IllegalArgumentException("Unknown connector " + connector);
}
}
+
+ private static boolean isValidConnector(int connector) {
+ return connector == AND
+ || connector == OR
+ || connector == NOT;
+ }
}
diff --git a/services/core/java/com/android/server/integrity/model/Rule.java b/services/core/java/com/android/server/integrity/model/Rule.java
index f87e4e875eef..3ad876292ab4 100644
--- a/services/core/java/com/android/server/integrity/model/Rule.java
+++ b/services/core/java/com/android/server/integrity/model/Rule.java
@@ -16,6 +16,7 @@
package com.android.server.integrity.model;
+import static com.android.internal.util.Preconditions.checkArgument;
import static com.android.internal.util.Preconditions.checkNotNull;
import android.annotation.IntDef;
@@ -62,6 +63,7 @@ public final class Rule implements Parcelable {
private final @Effect int mEffect;
public Rule(@NonNull Formula formula, @Effect int effect) {
+ checkArgument(isValidEffect(effect), String.format("Unknown effect: %d", effect));
this.mFormula = checkNotNull(formula);
this.mEffect = effect;
}
@@ -137,4 +139,9 @@ public final class Rule implements Parcelable {
throw new IllegalArgumentException("Unknown effect " + effect);
}
}
+
+ private static boolean isValidEffect(int effect) {
+ return effect == DENY
+ || effect == FORCE_ALLOW;
+ }
}
diff --git a/services/tests/servicestests/src/com/android/server/integrity/model/AtomicFormulaTest.java b/services/tests/servicestests/src/com/android/server/integrity/model/AtomicFormulaTest.java
index c8c5ecaed43a..1abca0cf833c 100644
--- a/services/tests/servicestests/src/com/android/server/integrity/model/AtomicFormulaTest.java
+++ b/services/tests/servicestests/src/com/android/server/integrity/model/AtomicFormulaTest.java
@@ -263,6 +263,22 @@ public class AtomicFormulaTest {
assertEquals(formula, newFormula);
}
+ @Test
+ public void testInvalidAtomicFormula_invalidKey() {
+ assertExpectException(
+ IllegalArgumentException.class,
+ /* expectedExceptionMessageRegex */ "Unknown key: -1",
+ () -> new IntAtomicFormula(/* key= */ -1, AtomicFormula.EQ, 0));
+ }
+
+ @Test
+ public void testInvalidAtomicFormula_invalidOperator() {
+ assertExpectException(
+ IllegalArgumentException.class,
+ /* expectedExceptionMessageRegex */ "Unknown operator: -1",
+ () -> new IntAtomicFormula(AtomicFormula.VERSION_CODE, /* operator= */ -1, 0));
+ }
+
/** Returns a builder with all fields filled with some dummy data. */
private AppInstallMetadata.Builder getAppInstallMetadataBuilder() {
return new AppInstallMetadata.Builder()
diff --git a/services/tests/servicestests/src/com/android/server/integrity/model/OpenFormulaTest.java b/services/tests/servicestests/src/com/android/server/integrity/model/OpenFormulaTest.java
index ecabb5276790..d15f957ef14e 100644
--- a/services/tests/servicestests/src/com/android/server/integrity/model/OpenFormulaTest.java
+++ b/services/tests/servicestests/src/com/android/server/integrity/model/OpenFormulaTest.java
@@ -53,7 +53,7 @@ public class OpenFormulaTest {
assertExpectException(
IllegalArgumentException.class,
/* expectedExceptionMessageRegex */
- String.format("Connector AND must have at least 2 formulas"),
+ "Connector AND must have at least 2 formulas",
() ->
new OpenFormula(
OpenFormula.AND, Collections.singletonList(ATOMIC_FORMULA_1)));
@@ -64,7 +64,7 @@ public class OpenFormulaTest {
assertExpectException(
IllegalArgumentException.class,
/* expectedExceptionMessageRegex */
- String.format("Connector NOT must have 1 formula only"),
+ "Connector NOT must have 1 formula only",
() ->
new OpenFormula(
OpenFormula.NOT,
@@ -73,7 +73,8 @@ public class OpenFormulaTest {
@Test
public void testIsSatisfiable_notFalse_true() {
- OpenFormula openFormula = new OpenFormula(OpenFormula.NOT, Arrays.asList(ATOMIC_FORMULA_1));
+ OpenFormula openFormula = new OpenFormula(OpenFormula.NOT,
+ Collections.singletonList(ATOMIC_FORMULA_1));
AppInstallMetadata appInstallMetadata =
getAppInstallMetadataBuilder().setPackageName("test2").build();
// validate assumptions about the metadata
@@ -84,7 +85,8 @@ public class OpenFormulaTest {
@Test
public void testIsSatisfiable_notTrue_false() {
- OpenFormula openFormula = new OpenFormula(OpenFormula.NOT, Arrays.asList(ATOMIC_FORMULA_1));
+ OpenFormula openFormula = new OpenFormula(OpenFormula.NOT,
+ Collections.singletonList(ATOMIC_FORMULA_1));
AppInstallMetadata appInstallMetadata =
getAppInstallMetadataBuilder().setPackageName("test1").build();
// validate assumptions about the metadata
@@ -209,6 +211,15 @@ public class OpenFormulaTest {
assertEquals(formula, newFormula);
}
+ @Test
+ public void testInvalidOpenFormula_invalidConnector() {
+ assertExpectException(
+ IllegalArgumentException.class,
+ /* expectedExceptionMessageRegex */ "Unknown connector: -1",
+ () -> new OpenFormula(/* connector= */ -1,
+ Arrays.asList(ATOMIC_FORMULA_1, ATOMIC_FORMULA_2)));
+ }
+
/** Returns a builder with all fields filled with some dummy data. */
private AppInstallMetadata.Builder getAppInstallMetadataBuilder() {
return new AppInstallMetadata.Builder()
diff --git a/services/tests/servicestests/src/com/android/server/integrity/model/RuleTest.java b/services/tests/servicestests/src/com/android/server/integrity/model/RuleTest.java
index e0c36fdfc546..f97e2e6da8e8 100644
--- a/services/tests/servicestests/src/com/android/server/integrity/model/RuleTest.java
+++ b/services/tests/servicestests/src/com/android/server/integrity/model/RuleTest.java
@@ -106,4 +106,12 @@ public class RuleTest {
assertEquals(newRule, rule);
}
+
+ @Test
+ public void testInvalidRule_invalidEffect() {
+ assertExpectException(
+ IllegalArgumentException.class,
+ /* expectedExceptionMessageRegex */ "Unknown effect: -1",
+ () -> new Rule(PACKAGE_NAME_ATOMIC_FORMULA, /* effect= */ -1));
+ }
}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-12-27 10:32:49 +0000