summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/tests/servicestests/res/raw/mmac_cnsps_ds.xml15
-rw-r--r--services/tests/servicestests/res/raw/mmac_cnsps_nd.xml11
-rw-r--r--services/tests/servicestests/res/raw/mmac_csnp_ds.xml13
-rw-r--r--services/tests/servicestests/res/raw/mmac_csnp_nd.xml8
-rw-r--r--services/tests/servicestests/res/raw/mmac_csps_ds.xml16
-rw-r--r--services/tests/servicestests/res/raw/mmac_csps_nd.xml12
-rw-r--r--services/tests/servicestests/res/raw/mmac_nc_ds.xml8
-rw-r--r--services/tests/servicestests/res/raw/mmac_nc_nd.xml3
-rw-r--r--services/tests/servicestests/res/raw/signed_platform.apkbin0 -> 2902 bytes
-rw-r--r--services/tests/servicestests/res/raw/signed_release.apkbin0 -> 2895 bytes
-rw-r--r--services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java247
11 files changed, 333 insertions, 0 deletions
diff --git a/services/tests/servicestests/res/raw/mmac_cnsps_ds.xml b/services/tests/servicestests/res/raw/mmac_cnsps_ds.xml
new file mode 100644
index 000000000000..df32dc73012a
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_cnsps_ds.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <!-- Platform dev key with AOSP -->
+ <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" >
+ <package name="com.android.frameworks.servicestests.mmac_install_platform" >
+ <seinfo value="package" />
+ </package>
+ </signer>
+
+ <default>
+ <seinfo value="default"/>
+ </default>
+
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_cnsps_nd.xml b/services/tests/servicestests/res/raw/mmac_cnsps_nd.xml
new file mode 100644
index 000000000000..b6ffc58d4523
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_cnsps_nd.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <!-- Platform dev key with AOSP -->
+ <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" >
+ <package name="com.android.frameworks.servicestests.mmac_install_platform" >
+ <seinfo value="package" />
+ </package>
+ </signer>
+
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_csnp_ds.xml b/services/tests/servicestests/res/raw/mmac_csnp_ds.xml
new file mode 100644
index 000000000000..4471278723e9
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_csnp_ds.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <!-- Platform dev key with AOSP -->
+ <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" >
+ <seinfo value="signer" />
+ </signer>
+
+ <default>
+ <seinfo value="default"/>
+ </default>
+
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_csnp_nd.xml b/services/tests/servicestests/res/raw/mmac_csnp_nd.xml
new file mode 100644
index 000000000000..2b79f73e1f6f
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_csnp_nd.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <!-- Platform dev key with AOSP -->
+ <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" >
+ <seinfo value="signer" />
+ </signer>
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_csps_ds.xml b/services/tests/servicestests/res/raw/mmac_csps_ds.xml
new file mode 100644
index 000000000000..62b8e5ffe219
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_csps_ds.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <!-- Platform dev key with AOSP -->
+ <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" >
+ <seinfo value="signer" />
+ <package name="com.android.frameworks.servicestests.mmac_install_platform" >
+ <seinfo value="package" />
+ </package>
+ </signer>
+
+ <default>
+ <seinfo value="default"/>
+ </default>
+
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_csps_nd.xml b/services/tests/servicestests/res/raw/mmac_csps_nd.xml
new file mode 100644
index 000000000000..a568f94a3d88
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_csps_nd.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <!-- Platform dev key with AOSP -->
+ <signer signature="308204a830820390a003020102020900b3998086d056cffa300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353232343035305a170d3335303930313232343035305a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d003082010802820101009c780592ac0d5d381cdeaa65ecc8a6006e36480c6d7207b12011be50863aabe2b55d009adf7146d6f2202280c7cd4d7bdb26243b8a806c26b34b137523a49268224904dc01493e7c0acf1a05c874f69b037b60309d9074d24280e16bad2a8734361951eaf72a482d09b204b1875e12ac98c1aa773d6800b9eafde56d58bed8e8da16f9a360099c37a834a6dfedb7b6b44a049e07a269fccf2c5496f2cf36d64df90a3b8d8f34a3baab4cf53371ab27719b3ba58754ad0c53fc14e1db45d51e234fbbe93c9ba4edf9ce54261350ec535607bf69a2ff4aa07db5f7ea200d09a6c1b49e21402f89ed1190893aab5a9180f152e82f85a45753cf5fc19071c5eec827020103a381fc3081f9301d0603551d0e041604144fe4a0b3dd9cba29f71d7287c4e7c38f2086c2993081c90603551d230481c13081be80144fe4a0b3dd9cba29f71d7287c4e7c38f2086c299a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900b3998086d056cffa300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100572551b8d93a1f73de0f6d469f86dad6701400293c88a0cd7cd778b73dafcc197fab76e6212e56c1c761cfc42fd733de52c50ae08814cefc0a3b5a1a4346054d829f1d82b42b2048bf88b5d14929ef85f60edd12d72d55657e22e3e85d04c831d613d19938bb8982247fa321256ba12d1d6a8f92ea1db1c373317ba0c037f0d1aff645aef224979fba6e7a14bc025c71b98138cef3ddfc059617cf24845cf7b40d6382f7275ed738495ab6e5931b9421765c491b72fb68e080dbdb58c2029d347c8b328ce43ef6a8b15533edfbe989bd6a48dd4b202eda94c6ab8dd5b8399203daae2ed446232e4fe9bd961394c6300e5138e3cfd285e6e4e483538cb8b1b357" >
+ <seinfo value="signer" />
+ <package name="com.android.frameworks.servicestests.mmac_install_platform" >
+ <seinfo value="package" />
+ </package>
+ </signer>
+
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_nc_ds.xml b/services/tests/servicestests/res/raw/mmac_nc_ds.xml
new file mode 100644
index 000000000000..a5b7ef814523
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_nc_ds.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+
+ <default>
+ <seinfo value="default" />
+ </default>
+
+</policy>
diff --git a/services/tests/servicestests/res/raw/mmac_nc_nd.xml b/services/tests/servicestests/res/raw/mmac_nc_nd.xml
new file mode 100644
index 000000000000..ef9c6dd70765
--- /dev/null
+++ b/services/tests/servicestests/res/raw/mmac_nc_nd.xml
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy>
+</policy>
diff --git a/services/tests/servicestests/res/raw/signed_platform.apk b/services/tests/servicestests/res/raw/signed_platform.apk
new file mode 100644
index 000000000000..aadcdeafa2cf
--- /dev/null
+++ b/services/tests/servicestests/res/raw/signed_platform.apk
Binary files differ
diff --git a/services/tests/servicestests/res/raw/signed_release.apk b/services/tests/servicestests/res/raw/signed_release.apk
new file mode 100644
index 000000000000..af50f45854f7
--- /dev/null
+++ b/services/tests/servicestests/res/raw/signed_release.apk
Binary files differ
diff --git a/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java
new file mode 100644
index 000000000000..ce5f7b9e085b
--- /dev/null
+++ b/services/tests/servicestests/src/com/android/server/pm/SELinuxMMACTests.java
@@ -0,0 +1,247 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.pm;
+
+import android.content.pm.PackageParser;
+import android.content.res.Resources;
+import android.content.res.Resources.NotFoundException;
+import android.net.Uri;
+import android.os.FileUtils;
+import android.test.AndroidTestCase;
+import android.util.DisplayMetrics;
+
+import com.android.frameworks.servicestests.R;
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.InputStream;
+import java.io.IOException;
+
+/**
+ * Test the {@link SELinuxMMAC} functionality. An emphasis is placed on testing the
+ * seinfo assignments that result from various mac_permissions.xml files. To run these
+ * tests individually use the following set of commands:
+ *
+ * <pre>
+ * {@code
+ * cd $ANDROID_BUILD_TOP
+ * make -j8 FrameworksServicesTests
+ * adb install -r out/target/product/mako/data/app/FrameworksServicesTests.apk
+ * adb shell am instrument -w -e class com.android.server.pm.SELinuxMMACTests com.android.frameworks.servicestests/android.test.InstrumentationTestRunner
+ * }
+ *
+ */
+public class SELinuxMMACTests extends AndroidTestCase {
+
+ private static final String TAG = "SELinuxMMACTests";
+
+ private static File MAC_INSTALL_TMP;
+ private static File APK_INSTALL_TMP;
+
+ private static final String MAC_INSTALL_TMP_NAME = "macperms_test_policy";
+ private static final String APK_INSTALL_TMP_NAME = "test_install.apk";
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ // Use the test apps data directory as scratch space
+ File filesDir = mContext.getFilesDir();
+ assertNotNull(filesDir);
+
+ // Need a tmp file to hold mmac policy
+ MAC_INSTALL_TMP = new File(filesDir, MAC_INSTALL_TMP_NAME);
+
+ // Need a tmp file to hold the apk
+ APK_INSTALL_TMP = new File(filesDir, APK_INSTALL_TMP_NAME);
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+
+ // Just in case tmp files still exist
+ MAC_INSTALL_TMP.delete();
+ APK_INSTALL_TMP.delete();
+ }
+
+ /**
+ * Fake an app install. Simply call the PackageParser to parse and save the
+ * contents of the app.
+ */
+ private PackageParser.Package parsePackage(Uri packageURI) {
+ // Package archive parsing
+ String archiveFilePath = packageURI.getPath();
+ PackageParser packageParser = new PackageParser(archiveFilePath);
+ File sourceFile = new File(archiveFilePath);
+ DisplayMetrics metrics = new DisplayMetrics();
+ metrics.setToDefaults();
+ PackageParser.Package pkg = packageParser.parsePackage(sourceFile,
+ archiveFilePath, metrics, 0);
+ assertNotNull(pkg);
+ assertNotNull(pkg.packageName);
+
+ // Collect the certs for this package
+ boolean savedCerts = packageParser.collectCertificates(pkg, 0);
+ assertTrue(savedCerts);
+
+ return pkg;
+ }
+
+ /**
+ * Dump the contents of a resource to a file. This is just an ancillary function
+ * used for copying the apk and mac_permissions.xml policy files.
+ */
+ private Uri getResourceURI(int fileResId, File outFile) {
+ try (InputStream is = mContext.getResources().openRawResource(fileResId)) {
+ boolean copied = FileUtils.copyToFile(is, outFile);
+ assertTrue(copied);
+ } catch (NotFoundException | IOException ex) {
+ fail("Expecting to load resource with id: " + fileResId + ". " + ex);
+ }
+
+ return Uri.fromFile(outFile);
+ }
+
+ /**
+ * Takes the policy xml file as a resource, the apk as a resource and the expected
+ * seinfo string. Determines if the assigned seinfo string matches the passed string.
+ */
+ private void checkSeinfo(int policyRes, int apkRes, String expectedSeinfo) {
+ // Grab policy file as a uri
+ Uri policyURI = getResourceURI(policyRes, MAC_INSTALL_TMP);
+
+ // Parse the policy file
+ boolean parsed = SELinuxMMAC.readInstallPolicy(policyURI.getPath());
+ assertTrue(parsed);
+
+ // Grab the apk as a uri
+ Uri apkURI = getResourceURI(apkRes, APK_INSTALL_TMP);
+
+ // "install" the apk
+ PackageParser.Package pkg = parsePackage(apkURI);
+
+ // Assign the apk an seinfo value
+ SELinuxMMAC.assignSeinfoValue(pkg);
+
+ // Check for expected seinfo against assigned seinfo value
+ String actualSeinfo = pkg.applicationInfo.seinfo;
+ if (expectedSeinfo == null) {
+ assertNull(actualSeinfo);
+ } else {
+ assertEquals(expectedSeinfo, actualSeinfo);
+ }
+
+ // delete policy and apk
+ MAC_INSTALL_TMP.delete();
+ APK_INSTALL_TMP.delete();
+ }
+
+ /*
+ * Start of the SElinuxMMAC tests
+ */
+
+ // Requested policy file doesn't exist
+ public void test_INSTALL_POLICY_BADPATH() {
+ boolean ret = SELinuxMMAC.readInstallPolicy("/d/o/e/s/n/t/e/x/i/s/t");
+ assertFalse(ret);
+ }
+
+ /*
+ * Raw resource xml file names can be decoded with:
+ * c = signature stanza included
+ * s = seinfo tag attached
+ * p = package tag attached
+ * d = default stanza included
+ * n = means the next abbreviation is missing
+ *
+ * Example: R.raw.mmac_csps_ds.xml would translate to a signer stanza
+ * with a seinfo tag attached followed by an inner child package tag which
+ * has an seinfo tag. Also, there is a default stanza with an attached
+ * seinfo tag.
+ */
+
+ // signer stanza (seinfo, no package), no default stanza : match signer
+ public void test_CSNP_ND() {
+ checkSeinfo(R.raw.mmac_csnp_nd, R.raw.signed_platform, "signer");
+ }
+
+ // signer stanza (seinfo, no package), no default stanza : match nothing
+ public void test_CSNP_ND_2() {
+ checkSeinfo(R.raw.mmac_csnp_nd, R.raw.signed_release, null);
+ }
+
+ // signer stanza (seinfo, package), no default stanza : match inner package
+ public void test_CSPS_ND() {
+ checkSeinfo(R.raw.mmac_csps_nd, R.raw.signed_platform, "package");
+ }
+
+ // signer stanza (seinfo, package), no default stanza : match nothing
+ public void test_CSPS_ND_2() {
+ checkSeinfo(R.raw.mmac_csps_nd, R.raw.signed_release, null);
+ }
+
+ // signer stanza (no seinfo, package), no default stanza : match inner package
+ public void test_CNSPS_ND() {
+ checkSeinfo(R.raw.mmac_cnsps_nd, R.raw.signed_platform, "package");
+ }
+
+ // signer stanza (no seinfo, package), no default stanza : match nothing
+ public void test_CNSPS_ND_2() {
+ checkSeinfo(R.raw.mmac_cnsps_nd, R.raw.signed_release, null);
+ }
+
+ // signer stanza (seinfo, no package), default stanza : match signer
+ public void test_CSNP_DS() {
+ checkSeinfo(R.raw.mmac_csnp_ds, R.raw.signed_platform, "signer");
+ }
+
+ // signer stanza (seinfo, no package), default stanza : match default
+ public void test_CSNP_DS_2() {
+ checkSeinfo(R.raw.mmac_csnp_ds, R.raw.signed_release, "default");
+ }
+
+ // signer stanza (seinfo, package), default stanza : match inner package
+ public void test_CSPS_DS() {
+ checkSeinfo(R.raw.mmac_csps_ds, R.raw.signed_platform, "package");
+ }
+
+ // signer stanza (seinfo, package), default stanza : match default
+ public void test_CSPS_DS_2() {
+ checkSeinfo(R.raw.mmac_csps_ds, R.raw.signed_release, "default");
+ }
+
+ // signer stanza (no seinfo, package), default stanza : match inner package
+ public void test_CNSPS_DS() {
+ checkSeinfo(R.raw.mmac_cnsps_ds, R.raw.signed_platform, "package");
+ }
+
+ // signer stanza (no seinfo, package), default stanza : match default
+ public void test_CNSPS_DS_2() {
+ checkSeinfo(R.raw.mmac_cnsps_ds, R.raw.signed_release, "default");
+ }
+
+ // no signer stanza, default stanza : match default
+ public void test_NC_DS() {
+ checkSeinfo(R.raw.mmac_nc_ds, R.raw.signed_platform, "default");
+ }
+
+ // Test for empty policy (i.e. no stanzas at all) : match nothing
+ public void test_NC_ND() {
+ checkSeinfo(R.raw.mmac_nc_nd, R.raw.signed_platform, null);
+ }
+}
generated by cgit v1.2.3-59-g8ed1b (git 2.39.0) at 2025-11-02 07:33:42 +0000