diff options
6 files changed, 91 insertions, 19 deletions
diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java index 33e12c6d4fec..b1639a948ffc 100644 --- a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java +++ b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java @@ -385,6 +385,9 @@ public class AppIntegrityManagerServiceImpl extends IAppIntegrityManager.Stub { String packageName = getPackageNameNormalized(packageAndCert[0]); String cert = packageAndCert[1]; packageCertMap.put(packageName, cert); + } else if (packageAndCert.length == 1 + && packageAndCert[0].equals(ADB_INSTALLER)) { + packageCertMap.put(ADB_INSTALLER, INSTALLER_CERT_NOT_APPLICABLE); } } } diff --git a/services/tests/servicestests/AndroidTest.xml b/services/tests/servicestests/AndroidTest.xml index d34f78353e71..bbc6bdb95f6c 100644 --- a/services/tests/servicestests/AndroidTest.xml +++ b/services/tests/servicestests/AndroidTest.xml @@ -26,6 +26,11 @@ <option name="test-file-name" value="SimpleServiceTestApp.apk" /> </target_preparer> + <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer"> + <option name="cleanup" value="true" /> + <option name="push" value="AppIntegrityManagerServiceTestApp.apk->/data/local/tmp/AppIntegrityManagerServiceTestApp.apk" /> + </target_preparer> + <option name="test-tag" value="FrameworksServicesTests" /> <test class="com.android.tradefed.testtype.AndroidJUnitTest" > <option name="package" value="com.android.frameworks.servicestests" /> diff --git a/services/tests/servicestests/assets/AppIntegrityManagerServiceImplTest/test.apk b/services/tests/servicestests/assets/AppIntegrityManagerServiceImplTest/test.apk Binary files differdeleted file mode 100644 index 6345c986efc2..000000000000 --- a/services/tests/servicestests/assets/AppIntegrityManagerServiceImplTest/test.apk +++ /dev/null diff --git a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java index a2376a6bef1c..604efc4949fe 100644 --- a/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java +++ b/services/tests/servicestests/src/com/android/server/integrity/AppIntegrityManagerServiceImplTest.java @@ -32,6 +32,7 @@ import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -64,7 +65,6 @@ import com.android.server.integrity.engine.RuleEvaluationEngine; import com.android.server.integrity.model.IntegrityCheckResult; import com.android.server.testutils.TestUtils; -import org.junit.After; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -75,9 +75,6 @@ import org.mockito.junit.MockitoRule; import java.io.File; import java.io.IOException; -import java.io.InputStream; -import java.nio.file.Files; -import java.nio.file.StandardCopyOption; import java.util.Arrays; import java.util.HashMap; import java.util.List; @@ -86,7 +83,8 @@ import java.util.Map; /** Unit test for {@link com.android.server.integrity.AppIntegrityManagerServiceImpl} */ @RunWith(AndroidJUnit4.class) public class AppIntegrityManagerServiceImplTest { - private static final String TEST_DIR = "AppIntegrityManagerServiceImplTest"; + private static final String TEST_APP_PATH = + "/data/local/tmp/AppIntegrityManagerServiceTestApp.apk"; private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; private static final String VERSION = "version"; @@ -97,13 +95,19 @@ public class AppIntegrityManagerServiceImplTest { private static final String INSTALLER = TEST_FRAMEWORK_PACKAGE; // These are obtained by running the test and checking logcat. private static final String APP_CERT = - "949ADC6CB92FF09E3784D6E9504F26F9BEAC06E60D881D55A6A81160F9CD6FD1"; + "301AA3CB081134501C45F1422ABC66C24224FD5DED5FDC8F17E697176FD866AA"; private static final String INSTALLER_CERT = "301AA3CB081134501C45F1422ABC66C24224FD5DED5FDC8F17E697176FD866AA"; // We use SHA256 for package names longer than 32 characters. private static final String INSTALLER_SHA256 = "786933C28839603EB48C50B2A688DC6BE52C833627CB2731FF8466A2AE9F94CD"; + private static final String PLAY_STORE_PKG = "com.android.vending"; + private static final String ADB_INSTALLER = "adb"; + private static final String PLAY_STORE_CERT = + "play_store_cert"; + private static final String ADB_CERT = ""; + @org.junit.Rule public MockitoRule mMockitoRule = MockitoJUnit.rule(); @Mock PackageManagerInternal mPackageManagerInternal; @@ -122,11 +126,7 @@ public class AppIntegrityManagerServiceImplTest { @Before public void setup() throws Exception { - mTestApk = File.createTempFile("TestApk", /* suffix= */ null); - mTestApk.deleteOnExit(); - try (InputStream inputStream = mRealContext.getAssets().open(TEST_DIR + "/test.apk")) { - Files.copy(inputStream, mTestApk.toPath(), StandardCopyOption.REPLACE_EXISTING); - } + mTestApk = new File(TEST_APP_PATH); mService = new AppIntegrityManagerServiceImpl( @@ -141,11 +141,7 @@ public class AppIntegrityManagerServiceImplTest { when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager); when(mMockContext.getResources()).thenReturn(mMockResources); when(mMockResources.getStringArray(anyInt())).thenReturn(new String[] {}); - } - - @After - public void tearDown() throws Exception { - mTestApk.delete(); + when(mIntegrityFileManager.initialized()).thenReturn(true); } // This is not a test of the class, but more of a safeguard that we don't block any install in @@ -310,10 +306,10 @@ public class AppIntegrityManagerServiceImplTest { assertEquals(INSTALLER_CERT, appInstallMetadata.getInstallerCertificate()); assertEquals(VERSION_CODE, appInstallMetadata.getVersionCode()); assertFalse(appInstallMetadata.isPreInstalled()); - // These are hardcoded in the test apk + // These are hardcoded in the test apk android manifest assertEquals(2, allowedInstallers.size()); - assertEquals("cert_1", allowedInstallers.get("store_1")); - assertEquals("cert_2", allowedInstallers.get("store_2")); + assertEquals(PLAY_STORE_CERT, allowedInstallers.get(PLAY_STORE_PKG)); + assertEquals(ADB_CERT, allowedInstallers.get(ADB_INSTALLER)); } @Test @@ -356,6 +352,25 @@ public class AppIntegrityManagerServiceImplTest { 1, PackageManagerInternal.INTEGRITY_VERIFICATION_REJECT); } + @Test + public void handleBroadcast_notInitialized() throws Exception { + when(mIntegrityFileManager.initialized()).thenReturn(false); + ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = + ArgumentCaptor.forClass(BroadcastReceiver.class); + verify(mMockContext) + .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); + Intent intent = makeVerificationIntent(); + when(mRuleEvaluationEngine.evaluate(any(), any())).thenReturn(IntegrityCheckResult.allow()); + + broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); + runJobInHandler(); + + verify(mPackageManagerInternal) + .setIntegrityVerificationResult( + 1, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); + verify(mSpyPackageManager, never()).getPackageArchiveInfo(any(), anyInt()); + } + private void whitelistUsAsRuleProvider() { Resources mockResources = mock(Resources.class); when(mockResources.getStringArray(R.array.config_integrityRuleProviderPackages)) diff --git a/services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/Android.bp b/services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/Android.bp new file mode 100644 index 000000000000..9aaa37d5c234 --- /dev/null +++ b/services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/Android.bp @@ -0,0 +1,21 @@ +// Copyright (C) 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +android_test_helper_app { + name: "AppIntegrityManagerServiceTestApp", + + test_suites: ["device-tests"], + + certificate: "platform", +} diff --git a/services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/AndroidManifest.xml b/services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/AndroidManifest.xml new file mode 100644 index 000000000000..f5dbf43cdfd6 --- /dev/null +++ b/services/tests/servicestests/test-apps/AppIntegrityManagerServiceTestApp/AndroidManifest.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + * Copyright (C) 2019 Google Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="com.google.android.appintegritymanager.test.app" + android:versionCode="5000"> + + <uses-sdk android:minSdkVersion="14" android:targetSdkVersion="28" /> + + <application android:hasCode="false"> + <meta-data android:name="allowed-installers" android:value="com.android.vending|play_store_cert,adb|"/> + </application> +</manifest> + |