From 22492125106739575a65eae9d86cf4e6cf5c47a0 Mon Sep 17 00:00:00 2001 From: Evan Severson Date: Tue, 5 Mar 2024 16:19:34 -0800 Subject: Check flags for permissions that are filtered Platform permissions will start to be filtered in the PackageInfo, we need to parse and lookup the required flags that determine this rule per permission. LOW_COVERAGE_REASON=Only changing tests Test: This test on dev and release branches Bug: 320411042 Change-Id: I67a64db38f1cdb552646193a3ad54b10f9595ffd --- tests/cts/permissionpolicy/Android.bp | 1 + .../permissionpolicy/res/raw/android_manifest.xml | 1305 ++++++++++++-------- .../permissionpolicy/cts/PermissionPolicyTest.java | 36 +- 3 files changed, 843 insertions(+), 499 deletions(-) diff --git a/tests/cts/permissionpolicy/Android.bp b/tests/cts/permissionpolicy/Android.bp index a2860e264..8f3c42b0e 100644 --- a/tests/cts/permissionpolicy/Android.bp +++ b/tests/cts/permissionpolicy/Android.bp @@ -36,6 +36,7 @@ android_test { "truth", "permission-test-util-lib", "androidx.test.rules", + "flag-junit", ], srcs: [ "src/**/*.java", diff --git a/tests/cts/permissionpolicy/res/raw/android_manifest.xml b/tests/cts/permissionpolicy/res/raw/android_manifest.xml index 92183e6ee..9d80d153f 100644 --- a/tests/cts/permissionpolicy/res/raw/android_manifest.xml +++ b/tests/cts/permissionpolicy/res/raw/android_manifest.xml @@ -48,6 +48,7 @@ + @@ -101,6 +102,7 @@ + @@ -144,6 +146,7 @@ + @@ -176,6 +179,7 @@ + + + @@ -292,6 +299,7 @@ + @@ -313,6 +321,7 @@ + @@ -377,6 +386,8 @@ + @@ -400,6 +411,7 @@ + @@ -470,11 +482,9 @@ android:name="com.android.server.connectivityservice.CONNECTED_TO_PROVISIONING_NETWORK_ACTION" /> - - + + - @@ -525,6 +535,7 @@ + @@ -567,6 +578,7 @@ + @@ -652,6 +664,8 @@ + + @@ -663,7 +677,6 @@ - @@ -791,14 +804,40 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -833,6 +872,7 @@ android:label="@string/permlab_readContacts" android:description="@string/permdesc_readContacts" android:protectionLevel="dangerous" /> + Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. --> Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. --> Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. --> Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. --> Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. @hide Pending API council approval --> @@ -1019,27 +1060,10 @@ android:protectionLevel="dangerous" /> + Only granted if the application is a system app or privileged app. --> - - - - - - - - - @@ -1053,28 +1077,41 @@ android:priority="900" /> - This permission is enforced starting in API level - {@link android.os.Build.VERSION_CODES#TIRAMISU}. + {@link android.os.Build.VERSION_CODES#TIRAMISU}. An app which targets + {@link android.os.Build.VERSION_CODES#TIRAMISU} or higher and needs to read image files from + external storage must hold this permission; {@link #READ_EXTERNAL_STORAGE} is not required. For apps with a {@code - targetSdkVersion} of {@link android.os.Build.VERSION_CODES#S} or lower, this permission - must not be used and the READ_EXTERNAL_STORAGE permission must be used instead. -

Protection level: dangerous --> + targetSdkVersion} of {@link android.os.Build.VERSION_CODES#S_V2} or lower, the + {@link #READ_EXTERNAL_STORAGE} permission is required, instead, to read image files. +

Protection level: dangerous --> Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. --> Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. --> - Protection level: dangerous

This is a hard restricted permission which cannot be held by an app until - the installer on record whitelists the permission. For more details see + the installer on record allowlists the permission. For more details see {@link android.content.pm.PackageInstaller.SessionParams#setWhitelistedRestrictedPermissions(Set)}. @deprecated Applications should use {@link android.telecom.CallRedirectionService} instead @@ -1406,6 +1471,14 @@ android:description="@string/permdesc_readPhoneState" android:protectionLevel="dangerous" /> + + + @@ -1417,7 +1490,9 @@ + android:protectionLevel="signature" + android:featureFlag="com.android.internal.camera.flags.camera_hsum_permission" /> + + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_bodySensors" + android:description="@string/permdesc_bodySensors" + android:backgroundPermission="android.permission.BODY_SENSORS_BACKGROUND" + android:protectionLevel="dangerous" /> + android:permissionGroup="android.permission-group.UNDEFINED" + android:label="@string/permlab_bodySensors_background" + android:description="@string/permdesc_bodySensors_background" + android:protectionLevel="dangerous" + android:permissionFlags="hardRestricted" /> + @@ -1756,6 +1834,7 @@ android:label="@string/permlab_postNotification" android:description="@string/permdesc_postNotification" android:protectionLevel="dangerous|instant" /> + @@ -1791,7 +1870,7 @@ android:protectionLevel="normal" android:permissionFlags="removed"/> - + @@ -1869,7 +1948,7 @@ - - @@ -2028,10 +2108,10 @@ android:protectionLevel="normal" /> + privileged wifi APIs to improve wifi performance. Allows applications to manage + Wi-Fi network selection related features such as enable or disable global auto-join, + modify connectivity scan intervals, and approve Wi-Fi Direct connections. +

Not for use by third-party applications. --> @@ -2090,14 +2170,14 @@ modifications.

Not for use by third-party applications. --> + android:protectionLevel="signature|privileged|knownSigner" + android:knownCerts="@array/wifi_known_signers" /> - + - @@ -2201,7 +2281,7 @@ + @FlaggedApi("com.android.net.thread.platform.flags.thread_enabled_platform") --> @@ -2251,10 +2331,12 @@ + android:protectionLevel="signature" + android:featureFlag="android.net.platform.flags.register_nsd_offload_engine" /> @@ -2323,7 +2405,8 @@ them from running without explicit user action. --> + android:protectionLevel="signature|verifier" + android:featureFlag="android.content.pm.quarantined_enabled" /> @@ -2369,6 +2453,8 @@

Protection level: normal --> + @@ -2531,6 +2618,15 @@ android:description="@string/permdesc_transmitIr" android:protectionLevel="normal" /> + + + @@ -2557,7 +2653,7 @@ - + android:protectionLevel="normal" + android:featureFlag="com.android.window.flags.screen_recording_callbacks" /> @@ -2692,8 +2789,9 @@ - + @@ -2804,6 +2902,13 @@ + + + - - - - - + + + + + + + @@ -3114,7 +3231,7 @@ -

{@link Manifest.permission#MANAGE_DEVICE_POLICY_ACROSS_USERS_FULL} is required to call + APIs protected by this permission on users different to the calling user. + @FlaggedApi("android.app.admin.flags.esim_management_enabled") --> + - @@ -3778,6 +3894,7 @@ @hide This is not a third-party API (intended for OEMs and system apps). --> + - - - @@ -3888,13 +4000,15 @@ android:description="@string/permdesc_killBackgroundProcesses" android:protectionLevel="normal" /> - Protection level: normal --> + android:label="@string/permlab_startForegroundServicesFromBackground" + android:description="@string/permdesc_startForegroundServicesFromBackground" + android:protectionLevel="normal"/> - - + and/or data with other devices, such as notifications, photos and media + ({@link android.companion.AssociationRequest#DEVICE_PROFILE_COMPUTER}) + by {@link android.companion.CompanionDeviceManager}. +

Not for use by third-party applications. + --> @@ -4102,6 +4211,8 @@ @@ -4125,8 +4236,7 @@ android:description="@string/permdesc_setWallpaperHints" android:protectionLevel="normal" /> - @@ -4300,11 +4411,6 @@ - - - + + + @@ -4326,7 +4437,7 @@ - @@ -4501,7 +4612,8 @@ + @SystemApi @hide + @deprecated Vestigial permission declaration. No longer used. --> @@ -4510,7 +4622,8 @@

An application requesting this permission is responsible for verifying the source and integrity of the update before passing it off to the installer components. - @SystemApi @hide --> + @SystemApi @hide + @deprecated Vestigial permission declaration. No longer used. --> @@ -4564,6 +4677,45 @@ + + + + + + + + + + + + + + + + + + + + + @@ -4591,15 +4743,17 @@ - - - + + + @@ -4734,7 +4888,7 @@ - + + + @@ -4862,9 +5023,9 @@ android:protectionLevel="signature|recents" /> + enabled state. +

Not for use by third-party applications. + @hide --> @@ -4883,7 +5044,8 @@ android:protectionLevel="signature" /> + @hide + @TestApi --> @@ -4995,32 +5157,6 @@ android:protectionLevel="signature" /> - - - - - - - - - - - - - - - - - Protection level: signature|privileged + --> + - - - - - - - + android:protectionLevel="signature" /> - - - + + - - + --> + + + @@ -5174,9 +5282,9 @@ android:protectionLevel="signature" /> @@ -5212,6 +5320,16 @@ + + + + + @hide @SystemApi Intended for OEM and system apps. +

Protection level: signature|privileged + --> @@ -5243,7 +5363,9 @@ sound models at any time. This permission should be reserved for system enrollment applications detected by {@link android.hardware.soundtrigger.KeyphraseEnrollmentInfo} only. - @hide

Not for use by third-party applications.

--> + @hide @SystemApi Intended for OEM and system apps. +

Protection level: signature|privileged + --> @@ -5256,6 +5378,7 @@ @@ -5283,15 +5406,6 @@ - - - - - - - - - - - - - + android:protectionLevel="signature|installer" /> @@ -5662,11 +5783,11 @@ - + + android:protectionLevel="signature" /> @@ -5680,7 +5801,7 @@ - @@ -5691,7 +5812,7 @@ android:protectionLevel="signature" /> @@ -5715,6 +5836,7 @@ @hide --> + + android:protectionLevel="module|signature|role" /> + + + - + @@ -5778,7 +5913,7 @@ - + + - + + android:protectionLevel="signature|knownSigner" + android:knownCerts="@array/wifi_known_signers" /> - - + controllable by external apps, such as volume settings or volume behaviors for audio + devices, regardless of their connection status. +

Not for use by third-party applications. + @hide --> + + + +

Only for use by role COMPANION_DEVICE_WATCH

+ @FlaggedApi("com.android.media.flags.enable_privileged_routing_for_media_routing_control") + --> @@ -6112,7 +6252,7 @@ + android:protectionLevel="signature|privileged" /> + - @@ -6303,11 +6443,6 @@ - - - @@ -6405,8 +6540,8 @@ - + @@ -6606,6 +6741,11 @@ + + + @@ -6641,12 +6781,12 @@ + android:protectionLevel="signature" /> +

Not for use by third-party applications. + @FlaggedApi("android.hardware.biometrics.custom_biometric_prompt") + --> @@ -6959,12 +7099,16 @@ @@ -7023,6 +7167,11 @@ + + + + generation service. + @hide

Not for use by third-party applications.

--> - - - - - - - - Protection level: normal|instant --> - - - - + + + @@ -7511,38 +7672,34 @@ + + + + @hide --> - + - - - - - - + android:protectionLevel="signature|privileged" /> + whether to allow the device to stream its notifications and apps to nearby devices. + Applications that are not the device owner will need this permission to call + {@link android.app.admin.DevicePolicyManager#getNearbyNotificationStreamingPolicy} or + {@link android.app.admin.DevicePolicyManager#getNearbyAppStreamingPolicy}. --> @@ -7596,6 +7756,7 @@ android:protectionLevel="normal" /> + - - + @hide --> @@ -7686,6 +7839,19 @@ + + + + + + + + + + + + @hide @TestApi @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES) --> @@ -7712,21 +7892,77 @@ @hide --> + + + + + + + + + + +

Protection level: internal|role +

Intended for use by the FINANCED_DEVICE_KIOSK role only. + --> - - + + + + + + + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - + @hide + --> @@ -7803,15 +7999,15 @@ - + + @hide --> + android:protectionLevel="signature|knownSigner" + android:knownCerts="@array/config_healthConnectMigrationKnownSigners" /> + android:protectionLevel="signature" /> + android:protectionLevel="signature" /> @@ -7912,7 +8109,8 @@ - + @FlaggedApi("android.app.bic_client") + Allows app to call BackgroundInstallControlManager API to retrieve silently installed apps + for all users on device. +

Apps with a BackgroundInstallControlManager client will not be able to call any API without + this permission. +

Protection level: signature|role + @hide + --> @@ -7950,7 +8148,7 @@ @hide --> + android:protectionLevel="signature|privileged"/> @@ -7972,6 +8170,9 @@

Not for use by third-party applications.

--> + + - - - - - - - + + + + + + @@ -8132,12 +8333,6 @@ - - - + + + + + + + + + @@ -8348,6 +8562,16 @@ + + + + + + + @@ -8357,6 +8581,11 @@ android:permission="android.permission.BIND_JOB_SERVICE" > + + + @@ -8384,6 +8613,18 @@ android:permission="android.permission.BIND_JOB_SERVICE"> + + + + + + + + + @@ -8420,6 +8661,10 @@ android:permission="android.permission.BIND_JOB_SERVICE" > + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -8441,6 +8722,38 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java b/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java index 94bd2be1b..c28b5d560 100644 --- a/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java +++ b/tests/cts/permissionpolicy/src/android/permissionpolicy/cts/PermissionPolicyTest.java @@ -19,6 +19,7 @@ package android.permissionpolicy.cts; import static android.content.pm.PermissionInfo.FLAG_INSTALLED; import static android.content.pm.PermissionInfo.PROTECTION_MASK_BASE; import static android.os.Build.VERSION.SECURITY_PATCH; +import static android.os.Build.VERSION_CODES.UPSIDE_DOWN_CAKE; import static com.google.common.truth.Truth.assertWithMessage; @@ -32,13 +33,12 @@ import android.content.pm.PermissionInfo; import android.os.Process; import android.os.SystemProperties; import android.platform.test.annotations.AppModeFull; +import android.platform.test.flag.junit.DeviceFlagsValueProvider; import android.util.ArrayMap; import android.util.ArraySet; import android.util.Log; import android.util.Xml; -import com.android.modules.utils.build.SdkLevel; - import androidx.annotation.NonNull; import androidx.annotation.Nullable; import androidx.test.ext.junit.runners.AndroidJUnit4; @@ -87,6 +87,7 @@ public class PermissionPolicyTest { private static final String ATTR_PERMISSION_FLAGS = "permissionFlags"; private static final String ATTR_PROTECTION_LEVEL = "protectionLevel"; private static final String ATTR_BACKGROUND_PERMISSION = "backgroundPermission"; + private static final String ATTR_FEATURE_FLAG = "featureFlag"; private static final Context sContext = InstrumentationRegistry.getInstrumentation().getTargetContext(); @@ -117,13 +118,17 @@ public class PermissionPolicyTest { declaredGroupsSet.add(declaredGroup.name); } + boolean filterFlaggedPermissions = sContext.getPackageManager() + .getApplicationInfo(PLATFORM_PACKAGE_NAME, 0).minSdkVersion <= UPSIDE_DOWN_CAKE; + Set expectedPermissionGroups = loadExpectedPermissionGroupNames( R.raw.android_manifest); List expectedPermissions = loadExpectedPermissions( - R.raw.android_manifest); + R.raw.android_manifest, filterFlaggedPermissions); if (sContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) { - expectedPermissions.addAll(loadExpectedPermissions(R.raw.automotive_android_manifest)); + expectedPermissions.addAll(loadExpectedPermissions(R.raw.automotive_android_manifest, + filterFlaggedPermissions)); String carServicePackageName = SystemProperties.get("ro.android.car.carservice.package", null); @@ -301,8 +306,11 @@ public class PermissionPolicyTest { return false; } - private List loadExpectedPermissions(int resourceId) throws Exception { + private List loadExpectedPermissions(int resourceId, + boolean filterFlaggedPermissions) throws Exception { List permissions = new ArrayList<>(); + DeviceFlagsValueProvider flagsValueProvider = new DeviceFlagsValueProvider(); + flagsValueProvider.setUp(); try (InputStream in = sContext.getResources().openRawResource(resourceId)) { XmlPullParser parser = Xml.newPullParser(); parser.setInput(in, null); @@ -315,6 +323,22 @@ public class PermissionPolicyTest { continue; } if (TAG_PERMISSION.equals(parser.getName())) { + if (filterFlaggedPermissions) { + String featureFlag = parser.getAttributeValue(null, ATTR_FEATURE_FLAG); + if (featureFlag != null) { + featureFlag = featureFlag.trim(); + boolean invert = featureFlag.startsWith("!"); + if (invert) { + featureFlag = featureFlag.substring(1).trim(); + } + boolean flagEnabled = + invert != flagsValueProvider.getBoolean(featureFlag); + if (!flagEnabled) { + continue; + } + } + } + ExpectedPermissionInfo permissionInfo = new ExpectedPermissionInfo( parser.getAttributeValue(null, ATTR_NAME), parser.getAttributeValue(null, ATTR_PERMISSION_GROUP), @@ -328,6 +352,8 @@ public class PermissionPolicyTest { Log.e(LOG_TAG, "Unknown tag " + parser.getName()); } } + } finally { + flagsValueProvider.tearDownBeforeTest(); } return permissions; -- cgit v1.2.3-59-g8ed1b