diff options
| author | 2025-03-20 12:18:06 -0700 | |
|---|---|---|
| committer | 2025-03-20 12:18:06 -0700 | |
| commit | 868062a1585c75962ab0458eec26c1fdceca882a (patch) | |
| tree | aeae09d473261e0e6685a24207277acc32973b5b | |
| parent | 0da9bb05ab19e7cd2af686f7afce42671e1e2fec (diff) | |
| parent | 5b5ac779195b2bc17955b5d2fb2fd4ab18123845 (diff) | |
Merge "Permissions: Run kotlin formatter on a few files." into main
3 files changed, 552 insertions, 530 deletions
diff --git a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt index 5a140d53a4d8..662e0c06f261 100644 --- a/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt +++ b/services/permission/java/com/android/server/permission/access/permission/AppIdPermissionPolicy.kt @@ -100,7 +100,7 @@ class AppIdPermissionPolicy : SchemePolicy() { override fun MutateStateScope.onStorageVolumeMounted( volumeUuid: String?, packageNames: List<String>, - isSystemUpdated: Boolean + isSystemUpdated: Boolean, ) { val changedPermissionNames = MutableIndexedSet<String>() packageNames.forEachIndexed { _, packageName -> @@ -173,7 +173,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.clearRestrictedPermissionImplicitExemption( packageState: PackageState, - userId: Int + userId: Int, ) { // System apps can always retain their UPGRADE_EXEMPT. if (packageState.isSystem) { @@ -198,7 +198,7 @@ class AppIdPermissionPolicy : SchemePolicy() { userId, permission, PermissionFlags.UPGRADE_EXEMPT, - 0 + 0, ) } } @@ -208,7 +208,7 @@ class AppIdPermissionPolicy : SchemePolicy() { userId: Int, permission: Permission, exemptFlagMask: Int, - exemptFlagValues: Int + exemptFlagValues: Int, ) { val permissionName = permission.name val oldFlags = getPermissionFlags(appId, userId, permissionName) @@ -236,7 +236,7 @@ class AppIdPermissionPolicy : SchemePolicy() { isSoftRestrictedPermissionExemptForPackage( it, targetSdkVersion, - permissionName + permissionName, ) } } else { @@ -257,7 +257,7 @@ class AppIdPermissionPolicy : SchemePolicy() { override fun MutateStateScope.onPackageUninstalled( packageName: String, appId: Int, - userId: Int + userId: Int, ) { resetRuntimePermissions(packageName, userId) } @@ -290,17 +290,16 @@ class AppIdPermissionPolicy : SchemePolicy() { packageState.isSystem || packageState.getUserStateOrDefault(userId).isInstalled newFlags = if ( - isSystemOrInstalled && ( - newFlags.hasBits(PermissionFlags.ROLE) || - newFlags.hasBits(PermissionFlags.PREGRANT) - ) + isSystemOrInstalled && + (newFlags.hasBits(PermissionFlags.ROLE) || + newFlags.hasBits(PermissionFlags.PREGRANT)) ) { newFlags or PermissionFlags.RUNTIME_GRANTED } else { - newFlags andInv ( - PermissionFlags.RUNTIME_GRANTED or PermissionFlags.ROLE or - PermissionFlags.PREGRANT - ) + newFlags andInv + (PermissionFlags.RUNTIME_GRANTED or + PermissionFlags.ROLE or + PermissionFlags.PREGRANT) } newFlags = newFlags andInv USER_SETTABLE_MASK if (newFlags.hasBits(PermissionFlags.LEGACY_GRANTED)) { @@ -312,7 +311,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.adoptPermissions( packageState: PackageState, - changedPermissionNames: MutableIndexedSet<String> + changedPermissionNames: MutableIndexedSet<String>, ) { val `package` = packageState.androidPackage!! `package`.adoptPermissions.forEachIndexed { _, originalPackageName -> @@ -341,7 +340,7 @@ class AppIdPermissionPolicy : SchemePolicy() { oldPermission.copy( permissionInfo = newPermissionInfo, isReconciled = false, - appId = 0 + appId = 0, ) newState .mutateSystemState() @@ -354,7 +353,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.canAdoptPermissions( packageName: String, - originalPackageName: String + originalPackageName: String, ): Boolean { val originalPackageState = newState.externalState.packageStates[originalPackageName] ?: return false @@ -362,7 +361,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Slog.w( LOG_TAG, "Unable to adopt permissions from $originalPackageName to $packageName:" + - " original package not in system partition" + " original package not in system partition", ) return false } @@ -370,7 +369,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Slog.w( LOG_TAG, "Unable to adopt permissions from $originalPackageName to $packageName:" + - " original package still exists" + " original package still exists", ) return false } @@ -386,7 +385,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Slog.w( LOG_TAG, "Ignoring permission groups declared in package" + - " ${packageState.packageName}: instant apps cannot declare permission groups" + " ${packageState.packageName}: instant apps cannot declare permission groups", ) return } @@ -394,7 +393,7 @@ class AppIdPermissionPolicy : SchemePolicy() { val newPermissionGroup = PackageInfoUtils.generatePermissionGroupInfo( parsedPermissionGroup, - PackageManager.GET_META_DATA.toLong() + PackageManager.GET_META_DATA.toLong(), )!! // TODO: Clear permission state on group take-over? val permissionGroupName = newPermissionGroup.name @@ -414,7 +413,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Ignoring permission group $permissionGroupName declared in" + " package $newPackageName: already declared in another" + - " package $oldPackageName" + " package $oldPackageName", ) return@forEachIndexed } @@ -423,7 +422,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Ignoring permission group $permissionGroupName declared in" + " system package $newPackageName: already declared in another" + - " system package $oldPackageName" + " system package $oldPackageName", ) return@forEachIndexed } @@ -431,7 +430,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Overriding permission group $permissionGroupName with" + " new declaration in system package $newPackageName: originally" + - " declared in another package $oldPackageName" + " declared in another package $oldPackageName", ) } newState.mutateSystemState().mutatePermissionGroups()[permissionGroupName] = @@ -441,7 +440,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.addPermissions( packageState: PackageState, - changedPermissionNames: MutableIndexedSet<String> + changedPermissionNames: MutableIndexedSet<String>, ) { val androidPackage = packageState.androidPackage!! // This may not be the same package as the old permission because the old permission owner @@ -454,7 +453,7 @@ class AppIdPermissionPolicy : SchemePolicy() { val newPermissionInfo = PackageInfoUtils.generatePermissionInfo( parsedPermission, - PackageManager.GET_META_DATA.toLong() + PackageManager.GET_META_DATA.toLong(), )!! val permissionName = newPermissionInfo.name val oldPermission = @@ -474,7 +473,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Ignoring permission $permissionName declared in package" + " $newPackageName: base permission tree ${permissionTree.name} is" + - " declared in another package ${permissionTree.packageName}" + " declared in another package ${permissionTree.packageName}", ) return@forEachIndexed } @@ -488,7 +487,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Ignoring permission $permissionName declared in package" + " $newPackageName: already declared in another package" + - " $oldPackageName" + " $oldPackageName", ) return@forEachIndexed } @@ -497,7 +496,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Ignoring permission $permissionName declared in system package" + " $newPackageName: already declared in another system package" + - " $oldPackageName" + " $oldPackageName", ) return@forEachIndexed } @@ -505,7 +504,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Overriding permission $permissionName with new declaration in" + " system package $newPackageName: originally declared in another" + - " package $oldPackageName" + " package $oldPackageName", ) // Remove permission state on owner change. newState.externalState.userIds.forEachIndexed { _, userId -> @@ -534,7 +533,7 @@ class AppIdPermissionPolicy : SchemePolicy() { "Revoking runtime permission $permissionName for" + " appId $appId and userId $userId as the permission" + " group changed from ${oldPermission.groupName}" + - " to ${newPermissionInfo.group}" + " to ${newPermissionInfo.group}", ) } if (isPermissionProtectionChanged) { @@ -542,7 +541,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Revoking permission $permissionName for" + " appId $appId and userId $userId as the permission" + - " protection changed." + " protection changed.", ) } setPermissionFlags(appId, userId, permissionName, 0) @@ -572,7 +571,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Permission.TYPE_MANIFEST, packageState.appId, gids, - areGidsPerUser + areGidsPerUser, ) if (parsedPermission.isTree) { @@ -599,7 +598,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.trimPermissions( packageName: String, - changedPermissionNames: MutableIndexedSet<String> + changedPermissionNames: MutableIndexedSet<String>, ) { val packageState = newState.externalState.packageStates[packageName] val androidPackage = packageState?.androidPackage @@ -675,7 +674,7 @@ class AppIdPermissionPolicy : SchemePolicy() { packageName = permissionTree.packageName }, appId = permissionTree.appId, - isReconciled = true + isReconciled = true, ) } @@ -754,7 +753,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Slog.v( LOG_TAG, "Revoking storage permission: $permissionName for appId: " + - " $appId and user: $userId" + " $appId and user: $userId", ) val newFlags = oldFlags andInv (PermissionFlags.RUNTIME_GRANTED or USER_SETTABLE_MASK) @@ -767,7 +766,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.evaluatePermissionStateForAllPackages( permissionName: String, - installedPackageState: PackageState? + installedPackageState: PackageState?, ) { val externalState = newState.externalState externalState.userIds.forEachIndexed { _, userId -> @@ -785,13 +784,13 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.evaluateAllPermissionStatesForPackage( packageState: PackageState, - installedPackageState: PackageState? + installedPackageState: PackageState?, ) { newState.externalState.userIds.forEachIndexed { _, userId -> evaluateAllPermissionStatesForPackageAndUser( packageState, userId, - installedPackageState + installedPackageState, ) } } @@ -799,14 +798,14 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.evaluateAllPermissionStatesForPackageAndUser( packageState: PackageState, userId: Int, - installedPackageState: PackageState? + installedPackageState: PackageState?, ) { packageState.androidPackage?.requestedPermissions?.forEach { permissionName -> evaluatePermissionState( packageState.appId, userId, permissionName, - installedPackageState + installedPackageState, ) } } @@ -815,7 +814,7 @@ class AppIdPermissionPolicy : SchemePolicy() { appId: Int, userId: Int, permissionName: String, - installedPackageState: PackageState? + installedPackageState: PackageState?, ) { val packageNames = newState.externalState.appIdPackageNames[appId]!! // Repeatedly checking whether a permission is requested can actually be costly, so we cache @@ -989,8 +988,7 @@ class AppIdPermissionPolicy : SchemePolicy() { "Unknown source permission $sourcePermissionName in split permissions" } !sourcePermission.isRuntime - } - ?: false + } ?: false val shouldGrantByImplicit = isLeanbackNotificationsPermission || (isImplicitPermission && isAnySourcePermissionNonRuntime) @@ -1024,7 +1022,7 @@ class AppIdPermissionPolicy : SchemePolicy() { getPermissionFlags( appId, userId, - Manifest.permission.ACCESS_BACKGROUND_LOCATION + Manifest.permission.ACCESS_BACKGROUND_LOCATION, ) shouldRetainAsNearbyDevices = PermissionFlags.isAppOpGranted(accessBackgroundLocationFlags) && @@ -1081,7 +1079,7 @@ class AppIdPermissionPolicy : SchemePolicy() { isSoftRestrictedPermissionExemptForPackage( it, targetSdkVersion, - permissionName + permissionName, ) } ) { @@ -1095,7 +1093,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Unknown protection level ${permission.protectionLevel}" + "for permission ${permission.name} while evaluating permission state" + - "for appId $appId and userId $userId" + "for appId $appId and userId $userId", ) } } @@ -1154,7 +1152,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun isCompatibilityPermissionForPackage( androidPackage: AndroidPackage, - permissionName: String + permissionName: String, ): Boolean { for (compatibilityPermission in CompatibilityPermissionInfo.COMPAT_PERMS) { if ( @@ -1164,7 +1162,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Slog.i( LOG_TAG, "Auto-granting $permissionName to old package" + - " ${androidPackage.packageName}" + " ${androidPackage.packageName}", ) return true } @@ -1174,7 +1172,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.shouldGrantPermissionBySignature( packageState: PackageState, - permission: Permission + permission: Permission, ): Boolean { // Check if the package is allowed to use this signature permission. A package is allowed // to use a signature permission if: @@ -1197,12 +1195,12 @@ class AppIdPermissionPolicy : SchemePolicy() { val hasCommonSigner = sourceSigningDetails?.hasCommonSignerWithCapability( packageSigningDetails, - SigningDetails.CertCapabilities.PERMISSION + SigningDetails.CertCapabilities.PERMISSION, ) == true || packageSigningDetails.hasAncestorOrSelf(platformSigningDetails) || platformSigningDetails.checkCapability( packageSigningDetails, - SigningDetails.CertCapabilities.PERMISSION + SigningDetails.CertCapabilities.PERMISSION, ) if (!Flags.signaturePermissionAllowlistEnabled()) { return hasCommonSigner @@ -1237,7 +1235,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Signature permission ${permission.name} for package" + " ${packageState.packageName} (${packageState.path}) not in" + - " signature permission allowlist" + " signature permission allowlist", ) if (!Build.isDebuggable() || isSignaturePermissionAllowlistForceEnforced) { return false @@ -1249,7 +1247,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.getSignaturePermissionAllowlistState( packageState: PackageState, - permissionName: String + permissionName: String, ): Boolean? { val permissionAllowlist = newState.externalState.permissionAllowlist val packageName = packageState.packageName @@ -1259,30 +1257,30 @@ class AppIdPermissionPolicy : SchemePolicy() { packageState.isProduct -> permissionAllowlist.getProductSignatureAppAllowlistState( packageName, - permissionName + permissionName, ) packageState.isSystemExt -> permissionAllowlist.getSystemExtSignatureAppAllowlistState( packageName, - permissionName + permissionName, ) else -> permissionAllowlist.getApexSignatureAppAllowlistState(packageName, permissionName) ?: permissionAllowlist.getProductSignatureAppAllowlistState( packageName, - permissionName + permissionName, ) ?: permissionAllowlist.getVendorSignatureAppAllowlistState( packageName, - permissionName + permissionName, ) ?: permissionAllowlist.getSystemExtSignatureAppAllowlistState( packageName, - permissionName + permissionName, ) ?: permissionAllowlist.getSignatureAppAllowlistState( packageName, - permissionName + permissionName, ) } } @@ -1292,13 +1290,13 @@ class AppIdPermissionPolicy : SchemePolicy() { * or for normal apps, we return true to indicate that we don't need to check the allowlist and * will let follow-up checks to decide whether we should grant the permission. * - * @return `true`, if the permission is allowlisted for system privileged apps, or if we - * don't need to check the allowlist (for platform or for normal apps). - * `false`, if the permission is not allowlisted for system privileged apps. + * @return `true`, if the permission is allowlisted for system privileged apps, or if we don't + * need to check the allowlist (for platform or for normal apps). `false`, if the permission + * is not allowlisted for system privileged apps. */ private fun MutateStateScope.checkPrivilegedPermissionAllowlistIfNeeded( packageState: PackageState, - permission: Permission + permission: Permission, ): Boolean { if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_DISABLE) { return true @@ -1330,7 +1328,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Privileged permission ${permission.name} for package" + " ${packageState.packageName} (${packageState.path}) not in" + - " privileged permission allowlist" + " privileged permission allowlist", ) if (RoSystemProperties.CONTROL_PRIVAPP_PERMISSIONS_ENFORCE) { privilegedPermissionAllowlistViolations += @@ -1348,7 +1346,7 @@ class AppIdPermissionPolicy : SchemePolicy() { */ private fun MutateStateScope.getPrivilegedPermissionAllowlistState( packageState: PackageState, - permissionName: String + permissionName: String, ): Boolean? { val permissionAllowlist = newState.externalState.permissionAllowlist val apexModuleName = packageState.apexModuleName @@ -1357,17 +1355,17 @@ class AppIdPermissionPolicy : SchemePolicy() { packageState.isVendor || packageState.isOdm -> permissionAllowlist.getVendorPrivilegedAppAllowlistState( packageName, - permissionName + permissionName, ) packageState.isProduct -> permissionAllowlist.getProductPrivilegedAppAllowlistState( packageName, - permissionName + permissionName, ) packageState.isSystemExt -> permissionAllowlist.getSystemExtPrivilegedAppAllowlistState( packageName, - permissionName + permissionName, ) apexModuleName != null -> { val nonApexAllowlistState = @@ -1379,14 +1377,14 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Package $packageName is an APK in APEX but has permission" + " allowlist on the system image, please bundle the allowlist in the" + - " $apexModuleName APEX instead" + " $apexModuleName APEX instead", ) } val apexAllowlistState = permissionAllowlist.getApexPrivilegedAppAllowlistState( apexModuleName, packageName, - permissionName + permissionName, ) apexAllowlistState ?: nonApexAllowlistState } @@ -1403,7 +1401,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun isSoftRestrictedPermissionExemptForPackage( packageState: PackageState, appIdTargetSdkVersion: Int, - permissionName: String + permissionName: String, ): Boolean = when (permissionName) { Manifest.permission.READ_EXTERNAL_STORAGE, @@ -1415,7 +1413,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.getAppIdTargetSdkVersion( appId: Int, permissionName: String?, - state: AccessState = newState + state: AccessState = newState, ): Int = reducePackageInAppId(appId, Build.VERSION_CODES.CUR_DEVELOPMENT, state) { targetSdkVersion, @@ -1431,7 +1429,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private inline fun MutateStateScope.anyPackageInAppId( appId: Int, state: AccessState = newState, - predicate: (PackageState) -> Boolean + predicate: (PackageState) -> Boolean, ): Boolean { val packageNames = state.externalState.appIdPackageNames[appId]!! return packageNames.anyIndexed { _, packageName -> @@ -1443,7 +1441,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private inline fun MutateStateScope.forEachPackageInAppId( appId: Int, state: AccessState = newState, - action: (PackageState) -> Unit + action: (PackageState) -> Unit, ) { val packageNames = state.externalState.appIdPackageNames[appId]!! packageNames.forEachIndexed { _, packageName -> @@ -1459,7 +1457,7 @@ class AppIdPermissionPolicy : SchemePolicy() { appId: Int, initialValue: Int, state: AccessState = newState, - accumulator: (Int, PackageState) -> Int + accumulator: (Int, PackageState) -> Int, ): Int { val packageNames = state.externalState.appIdPackageNames[appId]!! return packageNames.reduceIndexed(initialValue) { value, _, packageName -> @@ -1474,7 +1472,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.shouldGrantPermissionByProtectionFlags( packageState: PackageState, - permission: Permission + permission: Permission, ): Boolean { val androidPackage = packageState.androidPackage!! val knownPackages = newState.externalState.knownPackages @@ -1587,7 +1585,7 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.shouldGrantPrivilegedOrOemPermission( packageState: PackageState, - permission: Permission + permission: Permission, ): Boolean { val permissionName = permission.name val packageName = packageState.packageName @@ -1605,7 +1603,7 @@ class AppIdPermissionPolicy : SchemePolicy() { LOG_TAG, "Permission $permissionName cannot be granted to privileged" + " vendor (or odm) app $packageName because it isn't a" + - " vendorPrivileged permission" + " vendorPrivileged permission", ) return false } @@ -1617,7 +1615,7 @@ class AppIdPermissionPolicy : SchemePolicy() { val allowlistState = newState.externalState.permissionAllowlist.getOemAppAllowlistState( packageName, - permissionName + permissionName, ) checkNotNull(allowlistState) { "OEM permission $permissionName requested by package" + @@ -1688,7 +1686,7 @@ class AppIdPermissionPolicy : SchemePolicy() { fun MutateStateScope.addPermission( permission: Permission, - isSynchronousWrite: Boolean = false + isSynchronousWrite: Boolean = false, ) { val writeMode = if (isSynchronousWrite) WriteMode.SYNCHRONOUS else WriteMode.ASYNCHRONOUS newState.mutateSystemState(writeMode).mutatePermissions()[permission.name] = permission @@ -1707,14 +1705,14 @@ class AppIdPermissionPolicy : SchemePolicy() { private fun MutateStateScope.getOldStatePermissionFlags( appId: Int, userId: Int, - permissionName: String + permissionName: String, ): Int = getPermissionFlags(oldState, appId, userId, permissionName) private fun getPermissionFlags( state: AccessState, appId: Int, userId: Int, - permissionName: String + permissionName: String, ): Int = state.userStates[userId]?.appIdPermissionFlags?.get(appId).getWithDefault(permissionName, 0) @@ -1725,7 +1723,7 @@ class AppIdPermissionPolicy : SchemePolicy() { appId: Int, userId: Int, permissionName: String, - flags: Int + flags: Int, ): Boolean = updatePermissionFlags(appId, userId, permissionName, PermissionFlags.MASK_ALL, flags) @@ -1734,7 +1732,7 @@ class AppIdPermissionPolicy : SchemePolicy() { userId: Int, permissionName: String, flagMask: Int, - flagValues: Int + flagValues: Int, ): Boolean { if (userId !in newState.userStates) { // Despite that we check UserManagerInternal.exists() in PermissionService, we may still @@ -1793,7 +1791,7 @@ class AppIdPermissionPolicy : SchemePolicy() { override fun MutateStateScope.upgradePackageState( packageState: PackageState, userId: Int, - version: Int + version: Int, ) { with(upgrade) { upgradePackageState(packageState, userId, version) } } @@ -1819,7 +1817,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Manifest.permission.BLUETOOTH_ADVERTISE, Manifest.permission.BLUETOOTH_CONNECT, Manifest.permission.BLUETOOTH_SCAN, - Manifest.permission.NEARBY_WIFI_DEVICES + Manifest.permission.NEARBY_WIFI_DEVICES, ) private val NOTIFICATIONS_PERMISSIONS = indexedSetOf(Manifest.permission.POST_NOTIFICATIONS) @@ -1832,7 +1830,7 @@ class AppIdPermissionPolicy : SchemePolicy() { Manifest.permission.READ_MEDIA_VIDEO, Manifest.permission.READ_MEDIA_IMAGES, Manifest.permission.ACCESS_MEDIA_LOCATION, - Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED + Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED, ) /** Mask for all permission flags that can be set by the user */ @@ -1866,7 +1864,7 @@ class AppIdPermissionPolicy : SchemePolicy() { userId: Int, permissionName: String, oldFlags: Int, - newFlags: Int + newFlags: Int, ) /** diff --git a/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionStatesTest.kt b/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionStatesTest.kt index 6b9c9c2b4abc..bf9033981442 100644 --- a/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionStatesTest.kt +++ b/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/AppIdPermissionPolicyPermissionStatesTest.kt @@ -57,10 +57,10 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests a normal permission" + - " with an existing INSTALL_GRANTED flag, the actual permission flags $actualFlags" + - " should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a normal permission" + + " with an existing INSTALL_GRANTED flag, the actual permission flags $actualFlags" + + " should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -71,16 +71,16 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { testEvaluatePermissionState( oldFlags, PermissionInfo.PROTECTION_NORMAL, - isNewInstall = true + isNewInstall = true, ) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.INSTALL_GRANTED assertWithMessage( - "After $action is called for a package that requests a normal permission" + - " with no existing flags, the actual permission flags $actualFlags" + - " should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a normal permission" + + " with no existing flags, the actual permission flags $actualFlags" + + " should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -90,16 +90,16 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val oldFlags = PermissionFlags.ROLE or PermissionFlags.USER_SET testEvaluatePermissionState( oldFlags, - PermissionInfo.PROTECTION_NORMAL or PermissionInfo.PROTECTION_FLAG_APPOP + PermissionInfo.PROTECTION_NORMAL or PermissionInfo.PROTECTION_FLAG_APPOP, ) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.INSTALL_GRANTED or oldFlags assertWithMessage( - "After $action is called for a package that requests a normal app op" + - " permission with existing ROLE and USER_SET flags, the actual permission flags" + - " $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a normal app op" + + " permission with existing ROLE and USER_SET flags, the actual permission flags" + + " $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -115,21 +115,21 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests an internal permission" + - " with missing android package and $oldFlags flag, the actual permission flags" + - " $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests an internal permission" + + " with missing android package and $oldFlags flag, the actual permission flags" + + " $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @Test fun testEvaluatePermissionState_internalAppOpPermission_getsRoleAndUserSetFlagsPreserved() { - val oldFlags = PermissionFlags.PROTECTION_GRANTED or PermissionFlags.ROLE or - PermissionFlags.USER_SET + val oldFlags = + PermissionFlags.PROTECTION_GRANTED or PermissionFlags.ROLE or PermissionFlags.USER_SET testEvaluatePermissionState( oldFlags, - PermissionInfo.PROTECTION_INTERNAL or PermissionInfo.PROTECTION_FLAG_APPOP + PermissionInfo.PROTECTION_INTERNAL or PermissionInfo.PROTECTION_FLAG_APPOP, ) { val packageStateWithMissingPackage = mockPackageState(APP_ID_1, MISSING_ANDROID_PACKAGE) addPackageState(packageStateWithMissingPackage) @@ -138,11 +138,11 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests an internal permission" + - " with missing android package and $oldFlags flag and the permission isAppOp," + - " the actual permission flags $actualFlags should match the expected" + - " flags $expectedNewFlags" - ) + "After $action is called for a package that requests an internal permission" + + " with missing android package and $oldFlags flag and the permission isAppOp," + + " the actual permission flags $actualFlags should match the expected" + + " flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -152,7 +152,7 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val oldFlags = PermissionFlags.PROTECTION_GRANTED or PermissionFlags.RUNTIME_GRANTED testEvaluatePermissionState( oldFlags, - PermissionInfo.PROTECTION_INTERNAL or PermissionInfo.PROTECTION_FLAG_DEVELOPMENT + PermissionInfo.PROTECTION_INTERNAL or PermissionInfo.PROTECTION_FLAG_DEVELOPMENT, ) { val packageStateWithMissingPackage = mockPackageState(APP_ID_1, MISSING_ANDROID_PACKAGE) addPackageState(packageStateWithMissingPackage) @@ -161,22 +161,24 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests an internal permission" + - " with missing android package and $oldFlags flag and permission isDevelopment," + - " the actual permission flags $actualFlags should match the expected" + - " flags $expectedNewFlags" - ) + "After $action is called for a package that requests an internal permission" + + " with missing android package and $oldFlags flag and permission isDevelopment," + + " the actual permission flags $actualFlags should match the expected" + + " flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @Test fun testEvaluatePermissionState_internalRolePermission_getsRoleAndRuntimeGrantedPreserved() { - val oldFlags = PermissionFlags.PROTECTION_GRANTED or PermissionFlags.ROLE or - PermissionFlags.RUNTIME_GRANTED + val oldFlags = + PermissionFlags.PROTECTION_GRANTED or + PermissionFlags.ROLE or + PermissionFlags.RUNTIME_GRANTED testEvaluatePermissionState( oldFlags, - PermissionInfo.PROTECTION_INTERNAL or PermissionInfo.PROTECTION_FLAG_ROLE + PermissionInfo.PROTECTION_INTERNAL or PermissionInfo.PROTECTION_FLAG_ROLE, ) { val packageStateWithMissingPackage = mockPackageState(APP_ID_1, MISSING_ANDROID_PACKAGE) addPackageState(packageStateWithMissingPackage) @@ -185,11 +187,11 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests an internal permission" + - " with missing android package and $oldFlags flag and the permission isRole," + - " the actual permission flags $actualFlags should match the expected" + - " flags $expectedNewFlags" - ) + "After $action is called for a package that requests an internal permission" + + " with missing android package and $oldFlags flag and the permission isRole," + + " the actual permission flags $actualFlags should match the expected" + + " flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -205,12 +207,10 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { isInstalledPackageProduct = true, // To mock the return value of shouldGrantPrivilegedOrOemPermission() isInstalledPackageVendor = true, - isNewInstall = true + isNewInstall = true, ) { - val platformPackage = mockPackageState( - PLATFORM_APP_ID, - mockAndroidPackage(PLATFORM_PACKAGE_NAME) - ) + val platformPackage = + mockPackageState(PLATFORM_APP_ID, mockAndroidPackage(PLATFORM_PACKAGE_NAME)) setupAllowlist(PACKAGE_NAME_1, false) addPackageState(platformPackage) } @@ -218,10 +218,10 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests a signature privileged" + - " permission that's not allowlisted, the actual permission" + - " flags $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a signature privileged" + + " permission that's not allowlisted, the actual permission" + + " flags $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -237,12 +237,13 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { isInstalledPackageProduct = true, isInstalledPackageSignatureMatching = true, isInstalledPackageVendor = true, - isNewInstall = true + isNewInstall = true, ) { - val platformPackage = mockPackageState( - PLATFORM_APP_ID, - mockAndroidPackage(PLATFORM_PACKAGE_NAME, isSignatureMatching = true) - ) + val platformPackage = + mockPackageState( + PLATFORM_APP_ID, + mockAndroidPackage(PLATFORM_PACKAGE_NAME, isSignatureMatching = true), + ) setupAllowlist(PACKAGE_NAME_1, false) addPackageState(platformPackage) } @@ -250,10 +251,10 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.PROTECTION_GRANTED assertWithMessage( - "After $action is called for a package that requests a signature" + - " non-privileged permission, the actual permission" + - " flags $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a signature" + + " non-privileged permission, the actual permission" + + " flags $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -267,12 +268,10 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { isInstalledPackageSystem = true, isInstalledPackagePrivileged = true, isInstalledPackageProduct = true, - isNewInstall = true + isNewInstall = true, ) { - val platformPackage = mockPackageState( - PLATFORM_APP_ID, - mockAndroidPackage(PLATFORM_PACKAGE_NAME) - ) + val platformPackage = + mockPackageState(PLATFORM_APP_ID, mockAndroidPackage(PLATFORM_PACKAGE_NAME)) setupAllowlist(PACKAGE_NAME_1, true) addPackageState(platformPackage) } @@ -280,10 +279,10 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.PROTECTION_GRANTED assertWithMessage( - "After $action is called for a package that requests a signature privileged" + - " permission that's allowlisted and should grant by protection flags, the actual" + - " permission flags $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a signature privileged" + + " permission that's allowlisted and should grant by protection flags, the actual" + + " permission flags $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -291,32 +290,36 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { private fun setupAllowlist( packageName: String, allowlistState: Boolean, - state: MutableAccessState = oldState + state: MutableAccessState = oldState, ) { - state.mutateExternalState().setPrivilegedPermissionAllowlistPackages( - MutableIndexedListSet<String>().apply { add(packageName) } - ) - val mockAllowlist = mock<PermissionAllowlist> { - whenever( - getProductPrivilegedAppAllowlistState(packageName, PERMISSION_NAME_0) - ).thenReturn(allowlistState) - } + state + .mutateExternalState() + .setPrivilegedPermissionAllowlistPackages( + MutableIndexedListSet<String>().apply { add(packageName) } + ) + val mockAllowlist = + mock<PermissionAllowlist> { + whenever(getProductPrivilegedAppAllowlistState(packageName, PERMISSION_NAME_0)) + .thenReturn(allowlistState) + } state.mutateExternalState().setPermissionAllowlist(mockAllowlist) } @Test fun testEvaluatePermissionState_nonRuntimeFlagsOnRuntimePermissions_getsCleared() { - val oldFlags = PermissionFlags.INSTALL_GRANTED or PermissionFlags.PREGRANT or - PermissionFlags.RUNTIME_GRANTED + val oldFlags = + PermissionFlags.INSTALL_GRANTED or + PermissionFlags.PREGRANT or + PermissionFlags.RUNTIME_GRANTED testEvaluatePermissionState(oldFlags, PermissionInfo.PROTECTION_DANGEROUS) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.PREGRANT or PermissionFlags.RUNTIME_GRANTED assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " with existing $oldFlags flags, the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " with existing $oldFlags flags, the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -328,16 +331,16 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { oldFlags, PermissionInfo.PROTECTION_DANGEROUS, installedPackageTargetSdkVersion = Build.VERSION_CODES.LOLLIPOP, - isNewInstall = true + isNewInstall = true, ) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.LEGACY_GRANTED or PermissionFlags.IMPLICIT assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " with no existing flags in pre M, actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " with no existing flags in pre M, actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -348,20 +351,22 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { testEvaluatePermissionState( oldFlags, PermissionInfo.PROTECTION_DANGEROUS, - installedPackageTargetSdkVersion = Build.VERSION_CODES.LOLLIPOP + installedPackageTargetSdkVersion = Build.VERSION_CODES.LOLLIPOP, ) { setPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0, oldFlags) } val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) - val expectedNewFlags = PermissionFlags.LEGACY_GRANTED or PermissionFlags.USER_FIXED or - PermissionFlags.APP_OP_REVOKED + val expectedNewFlags = + PermissionFlags.LEGACY_GRANTED or + PermissionFlags.USER_FIXED or + PermissionFlags.APP_OP_REVOKED assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " that should be LEGACY_GRANTED or IMPLICIT_GRANTED that was previously revoked," + - " the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " that should be LEGACY_GRANTED or IMPLICIT_GRANTED that was previously revoked," + + " the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -374,11 +379,11 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = 0 assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " that used to require user review, the user review requirement should be removed" + - " if it's upgraded to post M. The actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " that used to require user review, the user review requirement should be removed" + + " if it's upgraded to post M. The actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -391,11 +396,11 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.RUNTIME_GRANTED assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " that was already reviewed by the user, the permission should be RUNTIME_GRANTED" + - " if it's upgraded to post M. The actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " that was already reviewed by the user, the permission should be RUNTIME_GRANTED" + + " if it's upgraded to post M. The actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -407,22 +412,19 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { oldFlags, PermissionInfo.PROTECTION_DANGEROUS, permissionName = PERMISSION_POST_NOTIFICATIONS, - isNewInstall = true + isNewInstall = true, ) { oldState.mutateExternalState().setLeanback(true) } - val actualFlags = getPermissionFlags( - APP_ID_1, - getUserIdEvaluated(), - PERMISSION_POST_NOTIFICATIONS - ) + val actualFlags = + getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_POST_NOTIFICATIONS) val expectedNewFlags = PermissionFlags.IMPLICIT_GRANTED assertWithMessage( - "After $action is called for a package that requests a runtime notification" + - " permission when isLeanback, the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime notification" + + " permission when isLeanback, the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -434,65 +436,73 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { oldFlags, PermissionInfo.PROTECTION_DANGEROUS, implicitPermissions = setOf(PERMISSION_NAME_0), - isNewInstall = true + isNewInstall = true, ) { - oldState.mutateExternalState().setImplicitToSourcePermissions( - MutableIndexedMap<String, IndexedListSet<String>>().apply { - put(PERMISSION_NAME_0, MutableIndexedListSet<String>().apply { - add(PERMISSION_NAME_1) - }) - } - ) + oldState + .mutateExternalState() + .setImplicitToSourcePermissions( + MutableIndexedMap<String, IndexedListSet<String>>().apply { + put( + PERMISSION_NAME_0, + MutableIndexedListSet<String>().apply { add(PERMISSION_NAME_1) }, + ) + } + ) addPermission(mockParsedPermission(PERMISSION_NAME_1, PACKAGE_NAME_0)) } val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.IMPLICIT_GRANTED or PermissionFlags.IMPLICIT assertWithMessage( - "After $action is called for a package that requests a runtime implicit" + - " permission that's source from a non-runtime permission, the actual permission" + - " flags $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime implicit" + + " permission that's source from a non-runtime permission, the actual permission" + + " flags $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } /** * For a legacy granted or implicit permission during the app upgrade, when the permission - * should no longer be legacy or implicit granted, we want to remove the APP_OP_REVOKED flag - * so that the app can request the permission. + * should no longer be legacy or implicit granted, we want to remove the APP_OP_REVOKED flag so + * that the app can request the permission. */ @Test fun testEvaluatePermissionState_noLongerLegacyOrImplicitGranted_canBeRequested() { - val oldFlags = PermissionFlags.LEGACY_GRANTED or PermissionFlags.APP_OP_REVOKED or - PermissionFlags.RUNTIME_GRANTED + val oldFlags = + PermissionFlags.LEGACY_GRANTED or + PermissionFlags.APP_OP_REVOKED or + PermissionFlags.RUNTIME_GRANTED testEvaluatePermissionState(oldFlags, PermissionInfo.PROTECTION_DANGEROUS) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = 0 assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " that is no longer LEGACY_GRANTED or IMPLICIT_GRANTED, the actual permission" + - " flags $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " that is no longer LEGACY_GRANTED or IMPLICIT_GRANTED, the actual permission" + + " flags $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @Test fun testEvaluatePermissionState_noLongerImplicit_getsRuntimeAndImplicitFlagsRemoved() { - val oldFlags = PermissionFlags.IMPLICIT or PermissionFlags.RUNTIME_GRANTED or - PermissionFlags.USER_SET or PermissionFlags.USER_FIXED + val oldFlags = + PermissionFlags.IMPLICIT or + PermissionFlags.RUNTIME_GRANTED or + PermissionFlags.USER_SET or + PermissionFlags.USER_FIXED testEvaluatePermissionState(oldFlags, PermissionInfo.PROTECTION_DANGEROUS) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = 0 assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " that is no longer implicit and we shouldn't retain as nearby device" + - " permissions, the actual permission flags $actualFlags should match the expected" + - " flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " that is no longer implicit and we shouldn't retain as nearby device" + + " permissions, the actual permission flags $actualFlags should match the expected" + + " flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -504,48 +514,45 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { oldFlags, PermissionInfo.PROTECTION_DANGEROUS, permissionName = PERMISSION_BLUETOOTH_CONNECT, - requestedPermissions = setOf( - PERMISSION_BLUETOOTH_CONNECT, - PERMISSION_ACCESS_BACKGROUND_LOCATION - ) + requestedPermissions = + setOf(PERMISSION_BLUETOOTH_CONNECT, PERMISSION_ACCESS_BACKGROUND_LOCATION), ) { setPermissionFlags( APP_ID_1, getUserIdEvaluated(), PERMISSION_ACCESS_BACKGROUND_LOCATION, - PermissionFlags.RUNTIME_GRANTED + PermissionFlags.RUNTIME_GRANTED, ) } - val actualFlags = getPermissionFlags( - APP_ID_1, - getUserIdEvaluated(), - PERMISSION_BLUETOOTH_CONNECT - ) + val actualFlags = + getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_BLUETOOTH_CONNECT) val expectedNewFlags = PermissionFlags.RUNTIME_GRANTED assertWithMessage( - "After $action is called for a package that requests a runtime nearby device" + - " permission that was granted by implicit, the actual permission flags" + - " $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime nearby device" + + " permission that was granted by implicit, the actual permission flags" + + " $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @Test fun testEvaluatePermissionState_noLongerImplicitSystemOrPolicyFixedWasGranted_runtimeGranted() { - val oldFlags = PermissionFlags.IMPLICIT_GRANTED or PermissionFlags.IMPLICIT or - PermissionFlags.SYSTEM_FIXED + val oldFlags = + PermissionFlags.IMPLICIT_GRANTED or + PermissionFlags.IMPLICIT or + PermissionFlags.SYSTEM_FIXED testEvaluatePermissionState(oldFlags, PermissionInfo.PROTECTION_DANGEROUS) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.RUNTIME_GRANTED or PermissionFlags.SYSTEM_FIXED assertWithMessage( - "After $action is called for a package that requests a runtime permission" + - " that was granted and is no longer implicit and is SYSTEM_FIXED or POLICY_FIXED," + - " the actual permission flags $actualFlags should match the expected" + - " flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime permission" + + " that was granted and is no longer implicit and is SYSTEM_FIXED or POLICY_FIXED," + + " the actual permission flags $actualFlags should match the expected" + + " flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -556,16 +563,16 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { testEvaluatePermissionState( oldFlags, PermissionInfo.PROTECTION_DANGEROUS, - permissionInfoFlags = PermissionInfo.FLAG_HARD_RESTRICTED + permissionInfoFlags = PermissionInfo.FLAG_HARD_RESTRICTED, ) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = oldFlags assertWithMessage( - "After $action is called for a package that requests a runtime hard" + - " restricted permission that is not exempted, the actual permission flags" + - " $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime hard" + + " restricted permission that is not exempted, the actual permission flags" + + " $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -576,16 +583,16 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { testEvaluatePermissionState( oldFlags, PermissionInfo.PROTECTION_DANGEROUS, - permissionInfoFlags = PermissionInfo.FLAG_SOFT_RESTRICTED + permissionInfoFlags = PermissionInfo.FLAG_SOFT_RESTRICTED, ) {} val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.UPGRADE_EXEMPT assertWithMessage( - "After $action is called for a package that requests a runtime soft" + - " restricted permission that is exempted, the actual permission flags" + - " $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a runtime soft" + + " restricted permission that is exempted, the actual permission flags" + + " $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -595,18 +602,20 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val oldImplicitPermissionFlags = PermissionFlags.USER_FIXED testInheritImplicitPermissionStates( implicitPermissionFlags = oldImplicitPermissionFlags, - isNewInstallAndNewPermission = false + isNewInstallAndNewPermission = false, ) val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) - val expectedNewFlags = oldImplicitPermissionFlags or PermissionFlags.IMPLICIT_GRANTED or - PermissionFlags.APP_OP_REVOKED + val expectedNewFlags = + oldImplicitPermissionFlags or + PermissionFlags.IMPLICIT_GRANTED or + PermissionFlags.APP_OP_REVOKED assertWithMessage( - "After $action is called for a package that requests a permission that is" + - " implicit, existing and runtime, it should not inherit the runtime flags from" + - " the source permission. Hence the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a permission that is" + + " implicit, existing and runtime, it should not inherit the runtime flags from" + + " the source permission. Hence the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -620,11 +629,11 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = PermissionFlags.INSTALL_GRANTED assertWithMessage( - "After $action is called for a package that requests a permission that is" + - " implicit, new and non-runtime, it should not inherit the runtime flags from" + - " the source permission. Hence the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a permission that is" + + " implicit, new and non-runtime, it should not inherit the runtime flags from" + + " the source permission. Hence the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -635,14 +644,14 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { testInheritImplicitPermissionStates(sourceRuntimeFlags = sourceRuntimeFlags) val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) - val expectedNewFlags = sourceRuntimeFlags or PermissionFlags.IMPLICIT_GRANTED or - PermissionFlags.IMPLICIT + val expectedNewFlags = + sourceRuntimeFlags or PermissionFlags.IMPLICIT_GRANTED or PermissionFlags.IMPLICIT assertWithMessage( - "After $action is called for a package that requests a permission that is" + - " implicit, new and runtime, it should inherit the runtime flags from" + - " the source permission. Hence the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a permission that is" + + " implicit, new and runtime, it should inherit the runtime flags from" + + " the source permission. Hence the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -653,17 +662,17 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { testInheritImplicitPermissionStates( implicitPermissionFlags = PermissionFlags.POLICY_FIXED, sourceRuntimeFlags = sourceRuntimeFlags, - isAnySourcePermissionNonRuntime = false + isAnySourcePermissionNonRuntime = false, ) val actualFlags = getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_NAME_0) val expectedNewFlags = sourceRuntimeFlags or PermissionFlags.IMPLICIT assertWithMessage( - "After $action is called for a package that requests a permission that is" + - " implicit, existing, runtime and revoked, it should only inherit runtime flags" + - " from source permission. Hence the actual permission flags $actualFlags should" + - " match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a permission that is" + + " implicit, existing, runtime and revoked, it should only inherit runtime flags" + + " from source permission. Hence the actual permission flags $actualFlags should" + + " match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -678,21 +687,18 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { val sourceRuntimeFlags = PermissionFlags.RUNTIME_GRANTED or PermissionFlags.USER_SET testInheritImplicitPermissionStates( implicitPermissionName = PERMISSION_ACCESS_MEDIA_LOCATION, - sourceRuntimeFlags = sourceRuntimeFlags + sourceRuntimeFlags = sourceRuntimeFlags, ) - val actualFlags = getPermissionFlags( - APP_ID_1, - getUserIdEvaluated(), - PERMISSION_ACCESS_MEDIA_LOCATION - ) + val actualFlags = + getPermissionFlags(APP_ID_1, getUserIdEvaluated(), PERMISSION_ACCESS_MEDIA_LOCATION) val expectedNewFlags = sourceRuntimeFlags or PermissionFlags.IMPLICIT_GRANTED assertWithMessage( - "After $action is called for a package that requests a media permission that" + - " is implicit, new and runtime, it should inherit the runtime flags from" + - " the source permission and have the IMPLICIT flag removed. Hence the actual" + - " permission flags $actualFlags should match the expected flags $expectedNewFlags" - ) + "After $action is called for a package that requests a media permission that" + + " is implicit, new and runtime, it should inherit the runtime flags from" + + " the source permission and have the IMPLICIT flag removed. Hence the actual" + + " permission flags $actualFlags should match the expected flags $expectedNewFlags" + ) .that(actualFlags) .isEqualTo(expectedNewFlags) } @@ -703,57 +709,65 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { implicitPermissionProtectionLevel: Int = PermissionInfo.PROTECTION_DANGEROUS, sourceRuntimeFlags: Int = PermissionFlags.RUNTIME_GRANTED or PermissionFlags.USER_SET, isAnySourcePermissionNonRuntime: Boolean = true, - isNewInstallAndNewPermission: Boolean = true + isNewInstallAndNewPermission: Boolean = true, ) { val userId = getUserIdEvaluated() - val implicitPermission = mockParsedPermission( - implicitPermissionName, - PACKAGE_NAME_0, - protectionLevel = implicitPermissionProtectionLevel, - ) + val implicitPermission = + mockParsedPermission( + implicitPermissionName, + PACKAGE_NAME_0, + protectionLevel = implicitPermissionProtectionLevel, + ) // For source from non-runtime in order to grant by implicit - val sourcePermission1 = mockParsedPermission( - PERMISSION_NAME_1, - PACKAGE_NAME_0, - protectionLevel = if (isAnySourcePermissionNonRuntime) { - PermissionInfo.PROTECTION_NORMAL - } else { - PermissionInfo.PROTECTION_DANGEROUS - } - ) + val sourcePermission1 = + mockParsedPermission( + PERMISSION_NAME_1, + PACKAGE_NAME_0, + protectionLevel = + if (isAnySourcePermissionNonRuntime) { + PermissionInfo.PROTECTION_NORMAL + } else { + PermissionInfo.PROTECTION_DANGEROUS + }, + ) // For inheriting runtime flags - val sourcePermission2 = mockParsedPermission( - PERMISSION_NAME_2, - PACKAGE_NAME_0, - protectionLevel = PermissionInfo.PROTECTION_DANGEROUS, - ) - val permissionOwnerPackageState = mockPackageState( - APP_ID_0, - mockAndroidPackage( + val sourcePermission2 = + mockParsedPermission( + PERMISSION_NAME_2, PACKAGE_NAME_0, - permissions = listOf(implicitPermission, sourcePermission1, sourcePermission2) + protectionLevel = PermissionInfo.PROTECTION_DANGEROUS, ) - ) - val installedPackageState = mockPackageState( - APP_ID_1, - mockAndroidPackage( - PACKAGE_NAME_1, - requestedPermissions = setOf( - implicitPermissionName, - PERMISSION_NAME_1, - PERMISSION_NAME_2 + val permissionOwnerPackageState = + mockPackageState( + APP_ID_0, + mockAndroidPackage( + PACKAGE_NAME_0, + permissions = listOf(implicitPermission, sourcePermission1, sourcePermission2), ), - implicitPermissions = setOf(implicitPermissionName) ) - ) - oldState.mutateExternalState().setImplicitToSourcePermissions( - MutableIndexedMap<String, IndexedListSet<String>>().apply { - put(implicitPermissionName, MutableIndexedListSet<String>().apply { - add(PERMISSION_NAME_1) - add(PERMISSION_NAME_2) - }) - } - ) + val installedPackageState = + mockPackageState( + APP_ID_1, + mockAndroidPackage( + PACKAGE_NAME_1, + requestedPermissions = + setOf(implicitPermissionName, PERMISSION_NAME_1, PERMISSION_NAME_2), + implicitPermissions = setOf(implicitPermissionName), + ), + ) + oldState + .mutateExternalState() + .setImplicitToSourcePermissions( + MutableIndexedMap<String, IndexedListSet<String>>().apply { + put( + implicitPermissionName, + MutableIndexedListSet<String>().apply { + add(PERMISSION_NAME_1) + add(PERMISSION_NAME_2) + }, + ) + } + ) addPackageState(permissionOwnerPackageState) addPermission(implicitPermission) addPermission(sourcePermission1) @@ -772,7 +786,7 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { userId, implicitPermissionName, implicitPermissionFlags, - newState + newState, ) } testAction(installedPackageState) @@ -781,18 +795,17 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { /** * Setup simple package states for testing evaluatePermissionState(). - * permissionOwnerPackageState is definer of permissionName with APP_ID_0. - * installedPackageState is the installed package that requests permissionName with APP_ID_1. + * permissionOwnerPackageState is definer of permissionName with APP_ID_0. installedPackageState + * is the installed package that requests permissionName with APP_ID_1. * * @param oldFlags the existing permission flags for APP_ID_1, userId, permissionName * @param protectionLevel the protectionLevel for the permission * @param permissionName the name of the permission (1) being defined (2) of the oldFlags, and - * (3) requested by installedPackageState + * (3) requested by installedPackageState * @param requestedPermissions the permissions requested by installedPackageState * @param implicitPermissions the implicit permissions of installedPackageState * @param permissionInfoFlags the flags for the permission itself * @param isInstalledPackageSystem whether installedPackageState is a system package - * * @return installedPackageState */ private fun testEvaluatePermissionState( @@ -809,33 +822,36 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { isInstalledPackageVendor: Boolean = false, installedPackageTargetSdkVersion: Int = Build.VERSION_CODES.UPSIDE_DOWN_CAKE, isNewInstall: Boolean = false, - additionalSetup: () -> Unit + additionalSetup: () -> Unit, ) { val userId = getUserIdEvaluated() - val parsedPermission = mockParsedPermission( - permissionName, - PACKAGE_NAME_0, - protectionLevel = protectionLevel, - flags = permissionInfoFlags - ) - val permissionOwnerPackageState = mockPackageState( - APP_ID_0, - mockAndroidPackage(PACKAGE_NAME_0, permissions = listOf(parsedPermission)) - ) - val installedPackageState = mockPackageState( - APP_ID_1, - mockAndroidPackage( - PACKAGE_NAME_1, - requestedPermissions = requestedPermissions, - implicitPermissions = implicitPermissions, - targetSdkVersion = installedPackageTargetSdkVersion, - isSignatureMatching = isInstalledPackageSignatureMatching - ), - isSystem = isInstalledPackageSystem, - isPrivileged = isInstalledPackagePrivileged, - isProduct = isInstalledPackageProduct, - isVendor = isInstalledPackageVendor - ) + val parsedPermission = + mockParsedPermission( + permissionName, + PACKAGE_NAME_0, + protectionLevel = protectionLevel, + flags = permissionInfoFlags, + ) + val permissionOwnerPackageState = + mockPackageState( + APP_ID_0, + mockAndroidPackage(PACKAGE_NAME_0, permissions = listOf(parsedPermission)), + ) + val installedPackageState = + mockPackageState( + APP_ID_1, + mockAndroidPackage( + PACKAGE_NAME_1, + requestedPermissions = requestedPermissions, + implicitPermissions = implicitPermissions, + targetSdkVersion = installedPackageTargetSdkVersion, + isSignatureMatching = isInstalledPackageSignatureMatching, + ), + isSystem = isInstalledPackageSystem, + isPrivileged = isInstalledPackagePrivileged, + isProduct = isInstalledPackageProduct, + isVendor = isInstalledPackageVendor, + ) addPackageState(permissionOwnerPackageState) if (!isNewInstall) { addPackageState(installedPackageState) @@ -854,26 +870,29 @@ class AppIdPermissionPolicyPermissionStatesTest : BasePermissionPolicyTest() { } } - private fun getUserIdEvaluated(): Int = when (action) { - Action.ON_USER_ADDED -> USER_ID_NEW - Action.ON_STORAGE_VOLUME_ADDED, Action.ON_PACKAGE_ADDED -> USER_ID_0 - } + private fun getUserIdEvaluated(): Int = + when (action) { + Action.ON_USER_ADDED -> USER_ID_NEW + Action.ON_STORAGE_VOLUME_ADDED, + Action.ON_PACKAGE_ADDED -> USER_ID_0 + } private fun MutateStateScope.testAction(packageState: PackageState) { with(appIdPermissionPolicy) { when (action) { Action.ON_USER_ADDED -> onUserAdded(getUserIdEvaluated()) - Action.ON_STORAGE_VOLUME_ADDED -> onStorageVolumeMounted( - null, - listOf(packageState.packageName), - true - ) + Action.ON_STORAGE_VOLUME_ADDED -> + onStorageVolumeMounted(null, listOf(packageState.packageName), true) Action.ON_PACKAGE_ADDED -> onPackageAdded(packageState) } } } - enum class Action { ON_USER_ADDED, ON_STORAGE_VOLUME_ADDED, ON_PACKAGE_ADDED } + enum class Action { + ON_USER_ADDED, + ON_STORAGE_VOLUME_ADDED, + ON_PACKAGE_ADDED, + } companion object { @Parameterized.Parameters(name = "{0}") diff --git a/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/BasePermissionPolicyTest.kt b/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/BasePermissionPolicyTest.kt index 7b3f21603c0a..207820cc3135 100644 --- a/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/BasePermissionPolicyTest.kt +++ b/services/tests/PermissionServiceMockingTests/src/com/android/server/permission/test/BasePermissionPolicyTest.kt @@ -49,32 +49,24 @@ import org.junit.Rule import org.junit.runner.RunWith import org.mockito.ArgumentMatchers.anyLong -/** - * Mocking unit test for AppIdPermissionPolicy. - */ +/** Mocking unit test for AppIdPermissionPolicy. */ @RunWith(AndroidJUnit4::class) abstract class BasePermissionPolicyTest { protected lateinit var oldState: MutableAccessState protected lateinit var newState: MutableAccessState - protected val defaultPermissionGroup = mockParsedPermissionGroup( - PERMISSION_GROUP_NAME_0, - PACKAGE_NAME_0 - ) - protected val defaultPermissionTree = mockParsedPermission( - PERMISSION_TREE_NAME, - PACKAGE_NAME_0, - isTree = true - ) + protected val defaultPermissionGroup = + mockParsedPermissionGroup(PERMISSION_GROUP_NAME_0, PACKAGE_NAME_0) + protected val defaultPermissionTree = + mockParsedPermission(PERMISSION_TREE_NAME, PACKAGE_NAME_0, isTree = true) protected val defaultPermission = mockParsedPermission(PERMISSION_NAME_0, PACKAGE_NAME_0) protected val appIdPermissionPolicy = AppIdPermissionPolicy() @Rule @JvmField - val extendedMockitoRule = ExtendedMockitoRule.Builder(this) - .spyStatic(PackageInfoUtils::class.java) - .build() + val extendedMockitoRule = + ExtendedMockitoRule.Builder(this).spyStatic(PackageInfoUtils::class.java).build() @Before fun baseSetUp() { @@ -93,65 +85,76 @@ abstract class BasePermissionPolicyTest { private fun mockPackageInfoUtilsGeneratePermissionInfo() { wheneverStatic { - PackageInfoUtils.generatePermissionInfo(any(ParsedPermission::class.java), anyLong()) - }.thenAnswer { invocation -> - val parsedPermission = invocation.getArgument<ParsedPermission>(0) - val generateFlags = invocation.getArgument<Long>(1) - PermissionInfo(parsedPermission.backgroundPermission).apply { - name = parsedPermission.name - packageName = parsedPermission.packageName - metaData = if (generateFlags.toInt().hasBits(PackageManager.GET_META_DATA)) { - parsedPermission.metaData - } else { - null + PackageInfoUtils.generatePermissionInfo( + any(ParsedPermission::class.java), + anyLong(), + ) + } + .thenAnswer { invocation -> + val parsedPermission = invocation.getArgument<ParsedPermission>(0) + val generateFlags = invocation.getArgument<Long>(1) + PermissionInfo(parsedPermission.backgroundPermission).apply { + name = parsedPermission.name + packageName = parsedPermission.packageName + metaData = + if (generateFlags.toInt().hasBits(PackageManager.GET_META_DATA)) { + parsedPermission.metaData + } else { + null + } + @Suppress("DEPRECATION") + protectionLevel = parsedPermission.protectionLevel + group = parsedPermission.group + flags = parsedPermission.flags } - @Suppress("DEPRECATION") - protectionLevel = parsedPermission.protectionLevel - group = parsedPermission.group - flags = parsedPermission.flags } - } } private fun mockPackageInfoUtilsGeneratePermissionGroupInfo() { wheneverStatic { - PackageInfoUtils.generatePermissionGroupInfo( - any(ParsedPermissionGroup::class.java), - anyLong() - ) - }.thenAnswer { invocation -> - val parsedPermissionGroup = invocation.getArgument<ParsedPermissionGroup>(0) - val generateFlags = invocation.getArgument<Long>(1) - @Suppress("DEPRECATION") - PermissionGroupInfo().apply { - name = parsedPermissionGroup.name - packageName = parsedPermissionGroup.packageName - metaData = if (generateFlags.toInt().hasBits(PackageManager.GET_META_DATA)) { - parsedPermissionGroup.metaData - } else { - null + PackageInfoUtils.generatePermissionGroupInfo( + any(ParsedPermissionGroup::class.java), + anyLong(), + ) + } + .thenAnswer { invocation -> + val parsedPermissionGroup = invocation.getArgument<ParsedPermissionGroup>(0) + val generateFlags = invocation.getArgument<Long>(1) + @Suppress("DEPRECATION") + PermissionGroupInfo().apply { + name = parsedPermissionGroup.name + packageName = parsedPermissionGroup.packageName + metaData = + if (generateFlags.toInt().hasBits(PackageManager.GET_META_DATA)) { + parsedPermissionGroup.metaData + } else { + null + } + flags = parsedPermissionGroup.flags } - flags = parsedPermissionGroup.flags } - } } - /** - * Mock an AndroidPackage with PACKAGE_NAME_0, PERMISSION_NAME_0 and PERMISSION_GROUP_NAME_0 - */ + /** Mock an AndroidPackage with PACKAGE_NAME_0, PERMISSION_NAME_0 and PERMISSION_GROUP_NAME_0 */ protected fun mockSimpleAndroidPackage(): AndroidPackage = mockAndroidPackage( PACKAGE_NAME_0, permissionGroups = listOf(defaultPermissionGroup), - permissions = listOf(defaultPermissionTree, defaultPermission) + permissions = listOf(defaultPermissionTree, defaultPermission), ) protected fun createSimplePermission(isTree: Boolean = false): Permission { - val parsedPermission = if (isTree) { defaultPermissionTree } else { defaultPermission } - val permissionInfo = PackageInfoUtils.generatePermissionInfo( - parsedPermission, - PackageManager.GET_META_DATA.toLong() - )!! + val parsedPermission = + if (isTree) { + defaultPermissionTree + } else { + defaultPermission + } + val permissionInfo = + PackageInfoUtils.generatePermissionInfo( + parsedPermission, + PackageManager.GET_META_DATA.toLong(), + )!! return Permission(permissionInfo, true, Permission.TYPE_MANIFEST, APP_ID_0) } @@ -164,13 +167,12 @@ abstract class BasePermissionPolicyTest { appId: Int, packageName: String, isSystem: Boolean = false, - ): PackageState = - mock { - whenever(this.appId).thenReturn(appId) - whenever(this.packageName).thenReturn(packageName) - whenever(androidPackage).thenReturn(null) - whenever(this.isSystem).thenReturn(isSystem) - } + ): PackageState = mock { + whenever(this.appId).thenReturn(appId) + whenever(this.packageName).thenReturn(packageName) + whenever(androidPackage).thenReturn(null) + whenever(this.isSystem).thenReturn(isSystem) + } protected fun mockPackageState( appId: Int, @@ -179,22 +181,22 @@ abstract class BasePermissionPolicyTest { isPrivileged: Boolean = false, isProduct: Boolean = false, isInstantApp: Boolean = false, - isVendor: Boolean = false - ): PackageState = - mock { - whenever(this.appId).thenReturn(appId) - whenever(this.androidPackage).thenReturn(androidPackage) - val packageName = androidPackage.packageName - whenever(this.packageName).thenReturn(packageName) - whenever(this.isSystem).thenReturn(isSystem) - whenever(this.isPrivileged).thenReturn(isPrivileged) - whenever(this.isProduct).thenReturn(isProduct) - whenever(this.isVendor).thenReturn(isVendor) - val userStates = SparseArray<PackageUserState>().apply { + isVendor: Boolean = false, + ): PackageState = mock { + whenever(this.appId).thenReturn(appId) + whenever(this.androidPackage).thenReturn(androidPackage) + val packageName = androidPackage.packageName + whenever(this.packageName).thenReturn(packageName) + whenever(this.isSystem).thenReturn(isSystem) + whenever(this.isPrivileged).thenReturn(isPrivileged) + whenever(this.isProduct).thenReturn(isProduct) + whenever(this.isVendor).thenReturn(isVendor) + val userStates = + SparseArray<PackageUserState>().apply { put(USER_ID_0, mock { whenever(this.isInstantApp).thenReturn(isInstantApp) }) } - whenever(this.userStates).thenReturn(userStates) - } + whenever(this.userStates).thenReturn(userStates) + } protected fun mockAndroidPackage( packageName: String, @@ -205,28 +207,26 @@ abstract class BasePermissionPolicyTest { requestedPermissions: Set<String> = emptySet(), permissionGroups: List<ParsedPermissionGroup> = emptyList(), permissions: List<ParsedPermission> = emptyList(), - isSignatureMatching: Boolean = false - ): AndroidPackage = - mock { - whenever(this.packageName).thenReturn(packageName) - whenever(this.targetSdkVersion).thenReturn(targetSdkVersion) - whenever(this.isRequestLegacyExternalStorage).thenReturn(isRequestLegacyExternalStorage) - whenever(this.adoptPermissions).thenReturn(adoptPermissions) - whenever(this.implicitPermissions).thenReturn(implicitPermissions) - whenever(this.requestedPermissions).thenReturn(requestedPermissions) - whenever(this.permissionGroups).thenReturn(permissionGroups) - whenever(this.permissions).thenReturn(permissions) - val signingDetails = mock<SigningDetails> { - whenever( - hasCommonSignerWithCapability(any(), any()) - ).thenReturn(isSignatureMatching) + isSignatureMatching: Boolean = false, + ): AndroidPackage = mock { + whenever(this.packageName).thenReturn(packageName) + whenever(this.targetSdkVersion).thenReturn(targetSdkVersion) + whenever(this.isRequestLegacyExternalStorage).thenReturn(isRequestLegacyExternalStorage) + whenever(this.adoptPermissions).thenReturn(adoptPermissions) + whenever(this.implicitPermissions).thenReturn(implicitPermissions) + whenever(this.requestedPermissions).thenReturn(requestedPermissions) + whenever(this.permissionGroups).thenReturn(permissionGroups) + whenever(this.permissions).thenReturn(permissions) + val signingDetails = + mock<SigningDetails> { + whenever(hasCommonSignerWithCapability(any(), any())) + .thenReturn(isSignatureMatching) whenever(hasAncestorOrSelf(any())).thenReturn(isSignatureMatching) - whenever( - checkCapability(any<SigningDetails>(), any()) - ).thenReturn(isSignatureMatching) + whenever(checkCapability(any<SigningDetails>(), any())) + .thenReturn(isSignatureMatching) } - whenever(this.signingDetails).thenReturn(signingDetails) - } + whenever(this.signingDetails).thenReturn(signingDetails) + } protected fun mockParsedPermission( permissionName: String, @@ -235,72 +235,74 @@ abstract class BasePermissionPolicyTest { group: String? = null, protectionLevel: Int = PermissionInfo.PROTECTION_NORMAL, flags: Int = 0, - isTree: Boolean = false - ): ParsedPermission = - mock { - whenever(name).thenReturn(permissionName) - whenever(this.packageName).thenReturn(packageName) - whenever(metaData).thenReturn(Bundle()) - whenever(this.backgroundPermission).thenReturn(backgroundPermission) - whenever(this.group).thenReturn(group) - whenever(this.protectionLevel).thenReturn(protectionLevel) - whenever(this.flags).thenReturn(flags) - whenever(this.isTree).thenReturn(isTree) - } + isTree: Boolean = false, + ): ParsedPermission = mock { + whenever(name).thenReturn(permissionName) + whenever(this.packageName).thenReturn(packageName) + whenever(metaData).thenReturn(Bundle()) + whenever(this.backgroundPermission).thenReturn(backgroundPermission) + whenever(this.group).thenReturn(group) + whenever(this.protectionLevel).thenReturn(protectionLevel) + whenever(this.flags).thenReturn(flags) + whenever(this.isTree).thenReturn(isTree) + } protected fun mockParsedPermissionGroup( permissionGroupName: String, packageName: String, - ): ParsedPermissionGroup = - mock { - whenever(name).thenReturn(permissionGroupName) - whenever(this.packageName).thenReturn(packageName) - whenever(metaData).thenReturn(Bundle()) - } + ): ParsedPermissionGroup = mock { + whenever(name).thenReturn(permissionGroupName) + whenever(this.packageName).thenReturn(packageName) + whenever(metaData).thenReturn(Bundle()) + } protected fun addPackageState( packageState: PackageState, - state: MutableAccessState = oldState + state: MutableAccessState = oldState, ) { state.mutateExternalState().apply { setPackageStates( packageStates.toMutableMap().apply { put(packageState.packageName, packageState) } ) - mutateAppIdPackageNames().mutateOrPut(packageState.appId) { MutableIndexedListSet() } + mutateAppIdPackageNames() + .mutateOrPut(packageState.appId) { MutableIndexedListSet() } .add(packageState.packageName) } } protected fun removePackageState( packageState: PackageState, - state: MutableAccessState = oldState + state: MutableAccessState = oldState, ) { state.mutateExternalState().apply { setPackageStates( packageStates.toMutableMap().apply { remove(packageState.packageName) } ) - mutateAppIdPackageNames().mutateOrPut(packageState.appId) { MutableIndexedListSet() } + mutateAppIdPackageNames() + .mutateOrPut(packageState.appId) { MutableIndexedListSet() } .remove(packageState.packageName) } } protected fun addDisabledSystemPackageState( packageState: PackageState, - state: MutableAccessState = oldState - ) = state.mutateExternalState().apply { - (disabledSystemPackageStates as ArrayMap)[packageState.packageName] = packageState - } + state: MutableAccessState = oldState, + ) = + state.mutateExternalState().apply { + (disabledSystemPackageStates as ArrayMap)[packageState.packageName] = packageState + } protected fun addPermission( parsedPermission: ParsedPermission, type: Int = Permission.TYPE_MANIFEST, isReconciled: Boolean = true, - state: MutableAccessState = oldState + state: MutableAccessState = oldState, ) { - val permissionInfo = PackageInfoUtils.generatePermissionInfo( - parsedPermission, - PackageManager.GET_META_DATA.toLong() - )!! + val permissionInfo = + PackageInfoUtils.generatePermissionInfo( + parsedPermission, + PackageManager.GET_META_DATA.toLong(), + )!! val appId = state.externalState.packageStates[permissionInfo.packageName]!!.appId val permission = Permission(permissionInfo, isReconciled, type, appId) if (parsedPermission.isTree) { @@ -312,35 +314,35 @@ abstract class BasePermissionPolicyTest { protected fun addPermissionGroup( parsedPermissionGroup: ParsedPermissionGroup, - state: MutableAccessState = oldState + state: MutableAccessState = oldState, ) { state.mutateSystemState().mutatePermissionGroups()[parsedPermissionGroup.name] = PackageInfoUtils.generatePermissionGroupInfo( parsedPermissionGroup, - PackageManager.GET_META_DATA.toLong() + PackageManager.GET_META_DATA.toLong(), )!! } protected fun getPermission( permissionName: String, - state: MutableAccessState = newState + state: MutableAccessState = newState, ): Permission? = state.systemState.permissions[permissionName] protected fun getPermissionTree( permissionTreeName: String, - state: MutableAccessState = newState + state: MutableAccessState = newState, ): Permission? = state.systemState.permissionTrees[permissionTreeName] protected fun getPermissionGroup( permissionGroupName: String, - state: MutableAccessState = newState + state: MutableAccessState = newState, ): PermissionGroupInfo? = state.systemState.permissionGroups[permissionGroupName] protected fun getPermissionFlags( appId: Int, userId: Int, permissionName: String, - state: MutableAccessState = newState + state: MutableAccessState = newState, ): Int = state.userStates[userId]?.appIdPermissionFlags?.get(appId).getWithDefault(permissionName, 0) @@ -349,11 +351,13 @@ abstract class BasePermissionPolicyTest { userId: Int, permissionName: String, flags: Int, - state: MutableAccessState = oldState + state: MutableAccessState = oldState, ) = - state.mutateUserState(userId)!!.mutateAppIdPermissionFlags().mutateOrPut(appId) { - MutableIndexedMap() - }.put(permissionName, flags) + state + .mutateUserState(userId)!! + .mutateAppIdPermissionFlags() + .mutateOrPut(appId) { MutableIndexedMap() } + .put(permissionName, flags) companion object { @JvmStatic protected val PACKAGE_NAME_0 = "packageName0" @@ -375,16 +379,17 @@ abstract class BasePermissionPolicyTest { @JvmStatic protected val PERMISSION_NAME_1 = "permissionName1" @JvmStatic protected val PERMISSION_NAME_2 = "permissionName2" @JvmStatic protected val PERMISSION_BELONGS_TO_A_TREE = "permissionTree.permission" - @JvmStatic protected val PERMISSION_READ_EXTERNAL_STORAGE = - Manifest.permission.READ_EXTERNAL_STORAGE - @JvmStatic protected val PERMISSION_POST_NOTIFICATIONS = - Manifest.permission.POST_NOTIFICATIONS - @JvmStatic protected val PERMISSION_BLUETOOTH_CONNECT = - Manifest.permission.BLUETOOTH_CONNECT - @JvmStatic protected val PERMISSION_ACCESS_BACKGROUND_LOCATION = + @JvmStatic + protected val PERMISSION_READ_EXTERNAL_STORAGE = Manifest.permission.READ_EXTERNAL_STORAGE + @JvmStatic + protected val PERMISSION_POST_NOTIFICATIONS = Manifest.permission.POST_NOTIFICATIONS + @JvmStatic + protected val PERMISSION_BLUETOOTH_CONNECT = Manifest.permission.BLUETOOTH_CONNECT + @JvmStatic + protected val PERMISSION_ACCESS_BACKGROUND_LOCATION = Manifest.permission.ACCESS_BACKGROUND_LOCATION - @JvmStatic protected val PERMISSION_ACCESS_MEDIA_LOCATION = - Manifest.permission.ACCESS_MEDIA_LOCATION + @JvmStatic + protected val PERMISSION_ACCESS_MEDIA_LOCATION = Manifest.permission.ACCESS_MEDIA_LOCATION @JvmStatic protected val USER_ID_0 = 0 @JvmStatic protected val USER_ID_NEW = 1 |