Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 48dbcaae414f71da46064b907aaa635d9417653e / . / services / tests / servicestests / src / com / android / server / integrity / engine / RuleEvaluatorTest.java
blob: b271a7766d635b933355bef8205093d95222f185 [file] [log] [blame]
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]1/*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.integrity.engine;
18
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]19import static com.android.server.integrity.model.IntegrityCheckResult.Effect.ALLOW;
20import static com.android.server.integrity.model.IntegrityCheckResult.Effect.DENY;
21
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]22import static com.google.common.truth.Truth.assertThat;
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]23
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]24import android.content.integrity.AppInstallMetadata;
25import android.content.integrity.AtomicFormula;
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]26import android.content.integrity.AtomicFormula.LongAtomicFormula;
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]27import android.content.integrity.AtomicFormula.StringAtomicFormula;
28import android.content.integrity.CompoundFormula;
29import android.content.integrity.Rule;
30
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]31import com.android.server.integrity.model.IntegrityCheckResult;
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]32
33import org.junit.Test;
34import org.junit.runner.RunWith;
35import org.junit.runners.JUnit4;
36
37import java.util.ArrayList;
38import java.util.Arrays;
39import java.util.Collections;
40import java.util.List;
41
42@RunWith(JUnit4.class)
43public class RuleEvaluatorTest {
44
45 private static final String PACKAGE_NAME_1 = "com.test.app";
46 private static final String PACKAGE_NAME_2 = "com.test.app2";
47 private static final String APP_CERTIFICATE = "test_cert";
48 private static final AppInstallMetadata APP_INSTALL_METADATA =
49 new AppInstallMetadata.Builder()
50 .setPackageName(PACKAGE_NAME_1)
Omer Nebil Yaveroglub9943722020-02-07 14:22:44 +0000[diff] [blame]51 .setAppCertificates(Collections.singletonList(APP_CERTIFICATE))
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]52 .setVersionCode(2)
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]53 .build();
54
55 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]56 public void testEvaluateRules_noRules_allow() {
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]57 List<Rule> rules = new ArrayList<>();
58
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]59 IntegrityCheckResult result = RuleEvaluator.evaluateRules(rules, APP_INSTALL_METADATA);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]60
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]61 assertThat(result.getEffect()).isEqualTo(ALLOW);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]62 }
63
64 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]65 public void testEvaluateRules_noMatchedRules_allow() {
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]66 Rule rule =
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]67 new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]68 new StringAtomicFormula(
69 AtomicFormula.PACKAGE_NAME,
70 PACKAGE_NAME_2,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]71 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]72 Rule.DENY);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]73
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]74 IntegrityCheckResult result =
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]75 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]76
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]77 assertThat(result.getEffect()).isEqualTo(ALLOW);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]78 }
79
80 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]81 public void testEvaluateRules_oneMatch_deny() {
82 Rule rule1 =
83 new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]84 new StringAtomicFormula(
85 AtomicFormula.PACKAGE_NAME,
86 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]87 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]88 Rule.DENY);
89 Rule rule2 =
90 new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]91 new StringAtomicFormula(
92 AtomicFormula.PACKAGE_NAME,
93 PACKAGE_NAME_2,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]94 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]95 Rule.DENY);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]96
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]97 IntegrityCheckResult result =
98 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]99
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]100 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]101 assertThat(result.getMatchedRules()).containsExactly(rule1);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]102 }
103
104 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]105 public void testEvaluateRules_multipleMatches_deny() {
106 Rule rule1 =
107 new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]108 new StringAtomicFormula(
109 AtomicFormula.PACKAGE_NAME,
110 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]111 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]112 Rule.DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]113 Rule rule2 = new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]114 new CompoundFormula(
115 CompoundFormula.AND,
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]116 Arrays.asList(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]117 new StringAtomicFormula(
118 AtomicFormula.PACKAGE_NAME,
119 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]120 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]121 new StringAtomicFormula(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]122 AtomicFormula.APP_CERTIFICATE,
123 APP_CERTIFICATE,
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]124 /* isHashedValue= */ false))),
125 Rule.DENY);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]126
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]127 IntegrityCheckResult result =
128 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]129
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]130 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]131 assertThat(result.getMatchedRules()).containsExactly(rule1, rule2);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]132 }
133
134 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]135 public void testEvaluateRules_ruleWithNot_deny() {
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]136 Rule rule = new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]137 new CompoundFormula(
138 CompoundFormula.NOT,
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]139 Collections.singletonList(
140 new StringAtomicFormula(
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]141 AtomicFormula.PACKAGE_NAME,
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]142 PACKAGE_NAME_2,
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]143 /* isHashedValue= */ false))),
144 Rule.DENY);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]145
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]146 IntegrityCheckResult result =
147 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]148
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]149 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]150 assertThat(result.getMatchedRules()).containsExactly(rule);
Khaled Abdelmohsen29be9642019-10-08 18:34:45 +0100[diff] [blame]151 }
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]152
153 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]154 public void testEvaluateRules_ruleWithIntegerOperators_deny() {
155 Rule rule =
156 new Rule(
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]157 new LongAtomicFormula(AtomicFormula.VERSION_CODE,
158 AtomicFormula.GT, 1),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]159 Rule.DENY);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]160
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]161 IntegrityCheckResult result =
162 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]163
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]164 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]165 assertThat(result.getMatchedRules()).containsExactly(rule);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]166 }
167
168 @Test
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]169 public void testEvaluateRules_validForm_deny() {
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]170 Rule rule = new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]171 new CompoundFormula(
172 CompoundFormula.AND,
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]173 Arrays.asList(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]174 new StringAtomicFormula(
175 AtomicFormula.PACKAGE_NAME,
176 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]177 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]178 new StringAtomicFormula(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]179 AtomicFormula.APP_CERTIFICATE,
180 APP_CERTIFICATE,
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]181 /* isHashedValue= */ false))),
182 Rule.DENY);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]183
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]184 IntegrityCheckResult result =
185 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]186
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]187 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]188 assertThat(result.getMatchedRules()).containsExactly(rule);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]189 }
190
191 @Test
Song Pane5d60742020-01-10 17:58:00 +0000[diff] [blame]192 public void testEvaluateRules_orRules() {
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]193 Rule rule = new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]194 new CompoundFormula(
195 CompoundFormula.OR,
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]196 Arrays.asList(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]197 new StringAtomicFormula(
198 AtomicFormula.PACKAGE_NAME,
199 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]200 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]201 new StringAtomicFormula(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]202 AtomicFormula.APP_CERTIFICATE,
203 APP_CERTIFICATE,
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]204 /* isHashedValue= */ false))),
205 Rule.DENY);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]206
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]207 IntegrityCheckResult result =
208 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]209
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]210 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]211 assertThat(result.getMatchedRules()).containsExactly(rule);
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]212 }
213
214 @Test
Song Pane5d60742020-01-10 17:58:00 +0000[diff] [blame]215 public void testEvaluateRules_compoundFormulaWithNot_deny() {
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]216 CompoundFormula openSubFormula =
217 new CompoundFormula(
218 CompoundFormula.AND,
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]219 Arrays.asList(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]220 new StringAtomicFormula(
221 AtomicFormula.PACKAGE_NAME,
222 PACKAGE_NAME_2,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]223 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]224 new StringAtomicFormula(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]225 AtomicFormula.APP_CERTIFICATE,
226 APP_CERTIFICATE,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]227 /* isHashedValue= */ false)));
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]228 CompoundFormula compoundFormula =
229 new CompoundFormula(CompoundFormula.NOT, Collections.singletonList(openSubFormula));
230 Rule rule = new Rule(compoundFormula, Rule.DENY);
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]231
232 IntegrityCheckResult result =
233 RuleEvaluator.evaluateRules(Collections.singletonList(rule), APP_INSTALL_METADATA);
234
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]235 assertThat(result.getEffect()).isEqualTo(DENY);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]236 assertThat(result.getMatchedRules()).containsExactly(rule);
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]237 }
238
239 @Test
240 public void testEvaluateRules_forceAllow() {
241 Rule rule1 =
242 new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]243 new StringAtomicFormula(
244 AtomicFormula.PACKAGE_NAME,
245 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]246 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]247 Rule.FORCE_ALLOW);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]248 Rule rule2 = new Rule(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]249 new CompoundFormula(
250 CompoundFormula.AND,
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]251 Arrays.asList(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]252 new StringAtomicFormula(
253 AtomicFormula.PACKAGE_NAME,
254 PACKAGE_NAME_1,
Khaled Abdelmohsen1efff872019-11-25 16:44:20 +0000[diff] [blame]255 /* isHashedValue= */ false),
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]256 new StringAtomicFormula(
Song Pan75147d52019-11-19 00:57:46 +0000[diff] [blame]257 AtomicFormula.APP_CERTIFICATE,
258 APP_CERTIFICATE,
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]259 /* isHashedValue= */ false))),
260 Rule.DENY);
Song Pan097f65d2019-11-10 18:02:52 +0000[diff] [blame]261
262 IntegrityCheckResult result =
263 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);
264
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]265 assertThat(result.getEffect()).isEqualTo(ALLOW);
Omer Nebil Yaveroglu09e44f52020-01-28 15:48:36 +0000[diff] [blame]266 assertThat(result.getMatchedRules()).containsExactly(rule1);
267 }
268
269 @Test
270 public void testEvaluateRules_multipleMatches_forceAllow() {
271 Rule rule1 =
272 new Rule(
273 new StringAtomicFormula(
274 AtomicFormula.PACKAGE_NAME,
275 PACKAGE_NAME_1,
276 /* isHashedValue= */ false),
277 Rule.FORCE_ALLOW);
278 Rule rule2 = new Rule(
279 new CompoundFormula(
280 CompoundFormula.AND,
281 Arrays.asList(
282 new StringAtomicFormula(
283 AtomicFormula.PACKAGE_NAME,
284 PACKAGE_NAME_1,
285 /* isHashedValue= */ false),
286 new StringAtomicFormula(
287 AtomicFormula.APP_CERTIFICATE,
288 APP_CERTIFICATE,
289 /* isHashedValue= */ false))),
290 Rule.FORCE_ALLOW);
291
292 IntegrityCheckResult result =
293 RuleEvaluator.evaluateRules(Arrays.asList(rule1, rule2), APP_INSTALL_METADATA);
294
295 assertThat(result.getEffect()).isEqualTo(ALLOW);
296 assertThat(result.getMatchedRules()).containsExactly(rule1, rule2);
Khaled Abdelmohsene0d74cd2019-10-10 16:47:22 +0100[diff] [blame]297 }
Omer Nebil Yaveroglu15395f52020-01-22 12:14:44 +0000[diff] [blame]298}