Merge "Delete the staging directory after rule push finishes."
diff --git a/services/core/java/com/android/server/integrity/IntegrityFileManager.java b/services/core/java/com/android/server/integrity/IntegrityFileManager.java
index d763bae..fffe7d9 100644
--- a/services/core/java/com/android/server/integrity/IntegrityFileManager.java
+++ b/services/core/java/com/android/server/integrity/IntegrityFileManager.java
@@ -185,6 +185,10 @@
&& tmpDir.renameTo(mStagingDir))) {
throw new IOException("Error switching staging/rules directory");
}
+
+ for (File file : mStagingDir.listFiles()) {
+ file.delete();
+ }
}
}
diff --git a/services/tests/servicestests/src/com/android/server/integrity/IntegrityFileManagerTest.java b/services/tests/servicestests/src/com/android/server/integrity/IntegrityFileManagerTest.java
index 5aed194..47c7e56 100644
--- a/services/tests/servicestests/src/com/android/server/integrity/IntegrityFileManagerTest.java
+++ b/services/tests/servicestests/src/com/android/server/integrity/IntegrityFileManagerTest.java
@@ -135,14 +135,15 @@
Arrays.asList(packageNameRule, packageCertRule, versionCodeRule, randomRule);
mIntegrityFileManager.writeRules(VERSION, RULE_PROVIDER, rules);
- AppInstallMetadata appInstallMetadata = new AppInstallMetadata.Builder()
- .setPackageName(packageName)
- .setAppCertificate(packageCert)
- .setVersionCode(version)
- .setInstallerName("abc")
- .setInstallerCertificate("abc")
- .setIsPreInstalled(true)
- .build();
+ AppInstallMetadata appInstallMetadata =
+ new AppInstallMetadata.Builder()
+ .setPackageName(packageName)
+ .setAppCertificate(packageCert)
+ .setVersionCode(version)
+ .setInstallerName("abc")
+ .setInstallerCertificate("abc")
+ .setIsPreInstalled(true)
+ .build();
List<Rule> rulesFetched = mIntegrityFileManager.readRules(appInstallMetadata);
assertThat(rulesFetched)
@@ -174,14 +175,15 @@
// Read the rules for a specific rule.
String installedPackageName = String.format("%s%04d", packageName, 264);
String installedAppCertificate = String.format("%s%04d", appCertificate, 1264);
- AppInstallMetadata appInstallMetadata = new AppInstallMetadata.Builder()
- .setPackageName(installedPackageName)
- .setAppCertificate(installedAppCertificate)
- .setVersionCode(250)
- .setInstallerName("abc")
- .setInstallerCertificate("abc")
- .setIsPreInstalled(true)
- .build();
+ AppInstallMetadata appInstallMetadata =
+ new AppInstallMetadata.Builder()
+ .setPackageName(installedPackageName)
+ .setAppCertificate(installedAppCertificate)
+ .setVersionCode(250)
+ .setInstallerName("abc")
+ .setInstallerCertificate("abc")
+ .setIsPreInstalled(true)
+ .build();
List<Rule> rulesFetched = mIntegrityFileManager.readRules(appInstallMetadata);
// Verify that we do not load all the rules and we have the necessary rules to evaluate.
@@ -195,27 +197,38 @@
private Rule getPackageNameIndexedRule(String packageName) {
return new Rule(
new StringAtomicFormula(
- AtomicFormula.PACKAGE_NAME,
- packageName,
- /* isHashedValue= */ false),
+ AtomicFormula.PACKAGE_NAME, packageName, /* isHashedValue= */ false),
Rule.DENY);
}
private Rule getAppCertificateIndexedRule(String appCertificate) {
return new Rule(
new StringAtomicFormula(
- AtomicFormula.APP_CERTIFICATE,
- appCertificate,
- /* isHashedValue= */ false),
+ AtomicFormula.APP_CERTIFICATE, appCertificate, /* isHashedValue= */ false),
Rule.DENY);
}
private Rule getInstallerCertificateRule(String installerCert) {
return new Rule(
new StringAtomicFormula(
- AtomicFormula.INSTALLER_NAME,
- installerCert,
- /* isHashedValue= */ false),
+ AtomicFormula.INSTALLER_NAME, installerCert, /* isHashedValue= */ false),
Rule.DENY);
}
+
+ @Test
+ public void testStagingDirectoryCleared() throws Exception {
+ // We must push rules two times to ensure that staging directory is empty because we cleared
+ // it, rather than because original rules directory is empty.
+ mIntegrityFileManager.writeRules(VERSION, RULE_PROVIDER, Collections.EMPTY_LIST);
+ mIntegrityFileManager.writeRules(VERSION, RULE_PROVIDER, Collections.EMPTY_LIST);
+
+ assertStagingDirectoryCleared();
+ }
+
+ private void assertStagingDirectoryCleared() {
+ File stagingDir = new File(mTmpDir, "integrity_staging");
+ assertThat(stagingDir.exists()).isTrue();
+ assertThat(stagingDir.isDirectory()).isTrue();
+ assertThat(stagingDir.listFiles()).isEmpty();
+ }
}