services/tests/servicestests/src/com/android/server/integrity/engine/RuleEvaluatorTest.java - platform/frameworks/base - Gitiles

 /*
  * Copyright (C) 2019 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.server.integrity.engine;

 import static com.android.server.integrity.model.IntegrityCheckResult.Effect.ALLOW;
 import static com.android.server.integrity.model.IntegrityCheckResult.Effect.DENY;

 import static org.junit.Assert.assertEquals;

 import com.android.server.integrity.model.AppInstallMetadata;
 import com.android.server.integrity.model.AtomicFormula;
 import com.android.server.integrity.model.AtomicFormula.StringAtomicFormula;
 import com.android.server.integrity.model.IntegrityCheckResult;
 import com.android.server.integrity.model.OpenFormula;
 import com.android.server.integrity.model.Rule;

 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.List;

 @RunWith(JUnit4.class)
 public class RuleEvaluatorTest {

     private static final String PACKAGE_NAME_1 = "com.test.app";
     private static final String PACKAGE_NAME_2 = "com.test.app2";
     private static final String APP_CERTIFICATE = "test_cert";
     private static final AppInstallMetadata APP_INSTALL_METADATA =
             new AppInstallMetadata.Builder()
                     .setPackageName(PACKAGE_NAME_1)
                     .setAppCertificate(APP_CERTIFICATE)
                     .setVersionCode(2)
                     .build();

     @Test
     public void testEvaluateRules_noRules_allow() {
         List<Rule> rules = new ArrayList<>();

         IntegrityCheckResult result = RuleEvaluator.evaluateRules(rules, APP_INSTALL_METADATA);

         assertEquals(ALLOW, result.getEffect());
     }

     @Test
     public void testEvaluateRules_noMatchedRules_allow() {
         Rule rule1 =
                 new Rule(
                         new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2),
                         Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Collections.singletonList(rule1), APP_INSTALL_METADATA);

         assertEquals(ALLOW, result.getEffect());
     }

     @Test
     public void testEvaluateRules_oneMatch_deny() {
         Rule rule1 =
                 new Rule(
                         new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                         Rule.DENY);
         Rule rule2 =
                 new Rule(
                         new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2),
                         Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);

         assertEquals(DENY, result.getEffect());
         assertEquals(rule1, result.getRule());
     }

     @Test
     public void testEvaluateRules_multipleMatches_deny() {
         Rule rule1 =
                 new Rule(
                         new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                         Rule.DENY);
         OpenFormula openFormula2 =
                 new OpenFormula(
                         OpenFormula.AND,
                         Arrays.asList(
                                 new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                                 new StringAtomicFormula(
                                         AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
         Rule rule2 = new Rule(openFormula2, Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);

         assertEquals(DENY, result.getEffect());
         assertEquals(rule1, result.getRule());
     }

     @Test
     public void testEvaluateRules_ruleWithNot_deny() {
         OpenFormula openFormula =
                 new OpenFormula(
                         OpenFormula.NOT,
                         Collections.singletonList(
                                 new StringAtomicFormula(
                                         AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2)));
         Rule rule = new Rule(openFormula, Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

         assertEquals(DENY, result.getEffect());
         assertEquals(rule, result.getRule());
     }

     @Test
     public void testEvaluateRules_ruleWithIntegerOperators_deny() {
         Rule rule =
                 new Rule(
                         new AtomicFormula.IntAtomicFormula(
                                 AtomicFormula.VERSION_CODE, AtomicFormula.GT, 1),
                         Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

         assertEquals(DENY, result.getEffect());
         assertEquals(rule, result.getRule());
     }

     @Test
     public void testEvaluateRules_validForm_deny() {
         OpenFormula openFormula =
                 new OpenFormula(
                         OpenFormula.AND,
                         Arrays.asList(
                                 new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                                 new StringAtomicFormula(
                                         AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
         Rule rule = new Rule(openFormula, Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

         assertEquals(DENY, result.getEffect());
         assertEquals(rule, result.getRule());
     }

     @Test
     public void testEvaluateRules_ruleNotInDNF_ignoreAndAllow() {
         OpenFormula openFormula =
                 new OpenFormula(
                         OpenFormula.OR,
                         Arrays.asList(
                                 new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                                 new StringAtomicFormula(
                                         AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
         Rule rule = new Rule(openFormula, Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

         assertEquals(ALLOW, result.getEffect());
     }

     @Test
     public void testEvaluateRules_openFormulaWithNot_allow() {
         OpenFormula openSubFormula =
                 new OpenFormula(
                         OpenFormula.AND,
                         Arrays.asList(
                                 new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2),
                                 new StringAtomicFormula(
                                         AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
         OpenFormula openFormula =
                 new OpenFormula(OpenFormula.NOT, Collections.singletonList(openSubFormula));
         Rule rule = new Rule(openFormula, Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

         assertEquals(ALLOW, result.getEffect());
     }

     @Test
     public void testEvaluateRules_forceAllow() {
         Rule rule1 =
                 new Rule(
                         new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                         Rule.FORCE_ALLOW);
         OpenFormula openFormula2 =
                 new OpenFormula(
                         OpenFormula.AND,
                         Arrays.asList(
                                 new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
                                 new StringAtomicFormula(
                                         AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
         Rule rule2 = new Rule(openFormula2, Rule.DENY);

         IntegrityCheckResult result =
                 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);

         assertEquals(ALLOW, result.getEffect());
         assertEquals(rule1, result.getRule());
     }
 }
	/*
	* Copyright (C) 2019 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.server.integrity.engine;

	import static com.android.server.integrity.model.IntegrityCheckResult.Effect.ALLOW;
	import static com.android.server.integrity.model.IntegrityCheckResult.Effect.DENY;

	import static org.junit.Assert.assertEquals;

	import com.android.server.integrity.model.AppInstallMetadata;
	import com.android.server.integrity.model.AtomicFormula;
	import com.android.server.integrity.model.AtomicFormula.StringAtomicFormula;
	import com.android.server.integrity.model.IntegrityCheckResult;
	import com.android.server.integrity.model.OpenFormula;
	import com.android.server.integrity.model.Rule;

	import org.junit.Test;
	import org.junit.runner.RunWith;
	import org.junit.runners.JUnit4;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Collections;
	import java.util.List;

	@RunWith(JUnit4.class)
	public class RuleEvaluatorTest {

	private static final String PACKAGE_NAME_1 = "com.test.app";
	private static final String PACKAGE_NAME_2 = "com.test.app2";
	private static final String APP_CERTIFICATE = "test_cert";
	private static final AppInstallMetadata APP_INSTALL_METADATA =
	new AppInstallMetadata.Builder()
	.setPackageName(PACKAGE_NAME_1)
	.setAppCertificate(APP_CERTIFICATE)
	.setVersionCode(2)
	.build();

	@Test
	public void testEvaluateRules_noRules_allow() {
	List<Rule> rules = new ArrayList<>();

	IntegrityCheckResult result = RuleEvaluator.evaluateRules(rules, APP_INSTALL_METADATA);

	assertEquals(ALLOW, result.getEffect());
	}

	@Test
	public void testEvaluateRules_noMatchedRules_allow() {
	Rule rule1 =
	new Rule(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2),
	Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Collections.singletonList(rule1), APP_INSTALL_METADATA);

	assertEquals(ALLOW, result.getEffect());
	}

	@Test
	public void testEvaluateRules_oneMatch_deny() {
	Rule rule1 =
	new Rule(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	Rule.DENY);
	Rule rule2 =
	new Rule(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2),
	Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);

	assertEquals(DENY, result.getEffect());
	assertEquals(rule1, result.getRule());
	}

	@Test
	public void testEvaluateRules_multipleMatches_deny() {
	Rule rule1 =
	new Rule(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	Rule.DENY);
	OpenFormula openFormula2 =
	new OpenFormula(
	OpenFormula.AND,
	Arrays.asList(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	new StringAtomicFormula(
	AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
	Rule rule2 = new Rule(openFormula2, Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);

	assertEquals(DENY, result.getEffect());
	assertEquals(rule1, result.getRule());
	}

	@Test
	public void testEvaluateRules_ruleWithNot_deny() {
	OpenFormula openFormula =
	new OpenFormula(
	OpenFormula.NOT,
	Collections.singletonList(
	new StringAtomicFormula(
	AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2)));
	Rule rule = new Rule(openFormula, Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

	assertEquals(DENY, result.getEffect());
	assertEquals(rule, result.getRule());
	}

	@Test
	public void testEvaluateRules_ruleWithIntegerOperators_deny() {
	Rule rule =
	new Rule(
	new AtomicFormula.IntAtomicFormula(
	AtomicFormula.VERSION_CODE, AtomicFormula.GT, 1),
	Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

	assertEquals(DENY, result.getEffect());
	assertEquals(rule, result.getRule());
	}

	@Test
	public void testEvaluateRules_validForm_deny() {
	OpenFormula openFormula =
	new OpenFormula(
	OpenFormula.AND,
	Arrays.asList(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	new StringAtomicFormula(
	AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
	Rule rule = new Rule(openFormula, Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

	assertEquals(DENY, result.getEffect());
	assertEquals(rule, result.getRule());
	}

	@Test
	public void testEvaluateRules_ruleNotInDNF_ignoreAndAllow() {
	OpenFormula openFormula =
	new OpenFormula(
	OpenFormula.OR,
	Arrays.asList(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	new StringAtomicFormula(
	AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
	Rule rule = new Rule(openFormula, Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

	assertEquals(ALLOW, result.getEffect());
	}

	@Test
	public void testEvaluateRules_openFormulaWithNot_allow() {
	OpenFormula openSubFormula =
	new OpenFormula(
	OpenFormula.AND,
	Arrays.asList(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_2),
	new StringAtomicFormula(
	AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
	OpenFormula openFormula =
	new OpenFormula(OpenFormula.NOT, Collections.singletonList(openSubFormula));
	Rule rule = new Rule(openFormula, Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);

	assertEquals(ALLOW, result.getEffect());
	}

	@Test
	public void testEvaluateRules_forceAllow() {
	Rule rule1 =
	new Rule(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	Rule.FORCE_ALLOW);
	OpenFormula openFormula2 =
	new OpenFormula(
	OpenFormula.AND,
	Arrays.asList(
	new StringAtomicFormula(AtomicFormula.PACKAGE_NAME, PACKAGE_NAME_1),
	new StringAtomicFormula(
	AtomicFormula.APP_CERTIFICATE, APP_CERTIFICATE)));
	Rule rule2 = new Rule(openFormula2, Rule.DENY);

	IntegrityCheckResult result =
	RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);

	assertEquals(ALLOW, result.getEffect());
	assertEquals(rule1, result.getRule());
	}
	}