Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2019 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package com.android.server.integrity; |
| 18 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 19 | import static android.content.integrity.AppIntegrityManager.EXTRA_STATUS; |
| 20 | import static android.content.integrity.AppIntegrityManager.STATUS_FAILURE; |
| 21 | import static android.content.integrity.AppIntegrityManager.STATUS_SUCCESS; |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 22 | import static android.content.integrity.InstallerAllowedByManifestFormula.INSTALLER_CERTIFICATE_NOT_EVALUATED; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 23 | import static android.content.pm.PackageManager.EXTRA_VERIFICATION_ID; |
| 24 | import static android.content.pm.PackageManager.EXTRA_VERIFICATION_INSTALLER_PACKAGE; |
| 25 | import static android.content.pm.PackageManager.EXTRA_VERIFICATION_INSTALLER_UID; |
| 26 | |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 27 | import static com.google.common.truth.Truth.assertThat; |
| 28 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 29 | import static org.junit.Assert.assertEquals; |
| 30 | import static org.junit.Assert.assertFalse; |
Khaled Abdelmohsen | ac7eed6 | 2020-03-12 19:57:19 +0000 | [diff] [blame] | 31 | import static org.junit.Assert.assertNull; |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 32 | import static org.junit.Assert.assertTrue; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 33 | import static org.mockito.ArgumentMatchers.any; |
| 34 | import static org.mockito.ArgumentMatchers.anyInt; |
| 35 | import static org.mockito.ArgumentMatchers.anyLong; |
| 36 | import static org.mockito.ArgumentMatchers.eq; |
Song Pan | 7a9c4c2 | 2020-02-04 14:03:57 +0000 | [diff] [blame] | 37 | import static org.mockito.Mockito.atLeastOnce; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 38 | import static org.mockito.Mockito.doReturn; |
| 39 | import static org.mockito.Mockito.doThrow; |
| 40 | import static org.mockito.Mockito.mock; |
| 41 | import static org.mockito.Mockito.spy; |
| 42 | import static org.mockito.Mockito.verify; |
| 43 | import static org.mockito.Mockito.when; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 44 | |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 45 | import static java.nio.file.StandardCopyOption.REPLACE_EXISTING; |
| 46 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 47 | import android.content.BroadcastReceiver; |
| 48 | import android.content.Context; |
| 49 | import android.content.Intent; |
| 50 | import android.content.IntentFilter; |
| 51 | import android.content.IntentSender; |
| 52 | import android.content.integrity.AppInstallMetadata; |
| 53 | import android.content.integrity.AtomicFormula; |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 54 | import android.content.integrity.IntegrityFormula; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 55 | import android.content.integrity.Rule; |
| 56 | import android.content.pm.ApplicationInfo; |
| 57 | import android.content.pm.PackageInfo; |
| 58 | import android.content.pm.PackageManager; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 59 | import android.content.pm.PackageManagerInternal; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 60 | import android.content.pm.ParceledListSlice; |
| 61 | import android.content.res.Resources; |
| 62 | import android.net.Uri; |
| 63 | import android.os.Handler; |
| 64 | import android.os.Message; |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 65 | import android.provider.Settings; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 66 | |
| 67 | import androidx.test.InstrumentationRegistry; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 68 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 69 | import com.android.internal.R; |
Winson | 727da64 | 2020-03-10 15:25:32 -0700 | [diff] [blame^] | 70 | import com.android.server.compat.PlatformCompat; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 71 | import com.android.server.integrity.engine.RuleEvaluationEngine; |
| 72 | import com.android.server.integrity.model.IntegrityCheckResult; |
Winson | 727da64 | 2020-03-10 15:25:32 -0700 | [diff] [blame^] | 73 | import com.android.server.pm.parsing.PackageParser2; |
| 74 | import com.android.server.pm.parsing.TestPackageParser2; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 75 | import com.android.server.testutils.TestUtils; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 76 | |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 77 | import org.junit.After; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 78 | import org.junit.Before; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 79 | import org.junit.Test; |
| 80 | import org.junit.runner.RunWith; |
Omer Nebil Yaveroglu | 15395f5 | 2020-01-22 12:14:44 +0000 | [diff] [blame] | 81 | import org.junit.runners.JUnit4; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 82 | import org.mockito.ArgumentCaptor; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 83 | import org.mockito.Mock; |
| 84 | import org.mockito.junit.MockitoJUnit; |
| 85 | import org.mockito.junit.MockitoRule; |
| 86 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 87 | import java.io.File; |
| 88 | import java.io.IOException; |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 89 | import java.io.InputStream; |
| 90 | import java.nio.file.Files; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 91 | import java.util.Arrays; |
| 92 | import java.util.List; |
Song Pan | f17fd09 | 2019-11-29 13:00:50 +0000 | [diff] [blame] | 93 | import java.util.Map; |
Winson | 727da64 | 2020-03-10 15:25:32 -0700 | [diff] [blame^] | 94 | import java.util.function.Supplier; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 95 | |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 96 | /** Unit test for {@link com.android.server.integrity.AppIntegrityManagerServiceImpl} */ |
Omer Nebil Yaveroglu | 15395f5 | 2020-01-22 12:14:44 +0000 | [diff] [blame] | 97 | @RunWith(JUnit4.class) |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 98 | public class AppIntegrityManagerServiceImplTest { |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 99 | private static final String TEST_APP_PATH = |
Song Pan | 5300771 | 2020-01-16 13:57:31 +0000 | [diff] [blame] | 100 | "AppIntegrityManagerServiceImplTest/AppIntegrityManagerServiceTestApp.apk"; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 101 | |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 102 | private static final String TEST_APP_TWO_CERT_PATH = |
| 103 | "AppIntegrityManagerServiceImplTest/DummyAppTwoCerts.apk"; |
| 104 | |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 105 | private static final String TEST_APP_SOURCE_STAMP_PATH = |
| 106 | "AppIntegrityManagerServiceImplTest/SourceStampTestApk.apk"; |
| 107 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 108 | private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; |
| 109 | private static final String VERSION = "version"; |
| 110 | private static final String TEST_FRAMEWORK_PACKAGE = "com.android.frameworks.servicestests"; |
| 111 | |
| 112 | private static final String PACKAGE_NAME = "com.test.app"; |
Omer Nebil Yaveroglu | 15395f5 | 2020-01-22 12:14:44 +0000 | [diff] [blame] | 113 | |
| 114 | private static final long VERSION_CODE = 100; |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 115 | private static final String INSTALLER = "com.long.random.test.installer.name"; |
Omer Nebil Yaveroglu | 15395f5 | 2020-01-22 12:14:44 +0000 | [diff] [blame] | 116 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 117 | // These are obtained by running the test and checking logcat. |
| 118 | private static final String APP_CERT = |
Song Pan | 5300771 | 2020-01-16 13:57:31 +0000 | [diff] [blame] | 119 | "C8A2E9BCCF597C2FB6DC66BEE293FC13F2FC47EC77BC6B2B0D52C11F51192AB8"; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 120 | // We use SHA256 for package names longer than 32 characters. |
| 121 | private static final String INSTALLER_SHA256 = |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 122 | "30F41A7CBF96EE736A54DD6DF759B50ED3CC126ABCEF694E167C324F5976C227"; |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 123 | private static final String SOURCE_STAMP_CERTIFICATE_HASH = |
| 124 | "681B0E56A796350C08647352A4DB800CC44B2ADC8F4C72FA350BD05D4D50264D"; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 125 | |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 126 | private static final String DUMMY_APP_TWO_CERTS_CERT_1 = |
| 127 | "C0369C2A1096632429DFA8433068AECEAD00BAC337CA92A175036D39CC9AFE94"; |
| 128 | private static final String DUMMY_APP_TWO_CERTS_CERT_2 = |
| 129 | "94366E0A80F3A3F0D8171A15760B88E228CD6E1101F0414C98878724FBE70147"; |
| 130 | |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 131 | private static final String PLAY_STORE_PKG = "com.android.vending"; |
| 132 | private static final String ADB_INSTALLER = "adb"; |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 133 | private static final String PLAY_STORE_CERT = "play_store_cert"; |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 134 | |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 135 | @org.junit.Rule public MockitoRule mMockitoRule = MockitoJUnit.rule(); |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 136 | |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 137 | @Mock PackageManagerInternal mPackageManagerInternal; |
Winson | 727da64 | 2020-03-10 15:25:32 -0700 | [diff] [blame^] | 138 | @Mock PlatformCompat mPlatformCompat; |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 139 | @Mock Context mMockContext; |
| 140 | @Mock Resources mMockResources; |
| 141 | @Mock RuleEvaluationEngine mRuleEvaluationEngine; |
| 142 | @Mock IntegrityFileManager mIntegrityFileManager; |
| 143 | @Mock Handler mHandler; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 144 | |
Winson | 727da64 | 2020-03-10 15:25:32 -0700 | [diff] [blame^] | 145 | private Supplier<PackageParser2> mParserSupplier = TestPackageParser2::new; |
| 146 | |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 147 | private final Context mRealContext = InstrumentationRegistry.getTargetContext(); |
| 148 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 149 | private PackageManager mSpyPackageManager; |
| 150 | private File mTestApk; |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 151 | private File mTestApkTwoCerts; |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 152 | private File mTestApkSourceStamp; |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 153 | |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 154 | // under test |
| 155 | private AppIntegrityManagerServiceImpl mService; |
| 156 | |
| 157 | @Before |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 158 | public void setup() throws Exception { |
Song Pan | 5300771 | 2020-01-16 13:57:31 +0000 | [diff] [blame] | 159 | mTestApk = File.createTempFile("AppIntegrity", ".apk"); |
| 160 | try (InputStream inputStream = mRealContext.getAssets().open(TEST_APP_PATH)) { |
| 161 | Files.copy(inputStream, mTestApk.toPath(), REPLACE_EXISTING); |
| 162 | } |
| 163 | |
| 164 | mTestApkTwoCerts = File.createTempFile("AppIntegrityTwoCerts", ".apk"); |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 165 | try (InputStream inputStream = mRealContext.getAssets().open(TEST_APP_TWO_CERT_PATH)) { |
| 166 | Files.copy(inputStream, mTestApkTwoCerts.toPath(), REPLACE_EXISTING); |
| 167 | } |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 168 | |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 169 | mTestApkSourceStamp = File.createTempFile("AppIntegritySourceStamp", ".apk"); |
| 170 | try (InputStream inputStream = mRealContext.getAssets().open(TEST_APP_SOURCE_STAMP_PATH)) { |
| 171 | Files.copy(inputStream, mTestApkSourceStamp.toPath(), REPLACE_EXISTING); |
| 172 | } |
| 173 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 174 | mService = |
| 175 | new AppIntegrityManagerServiceImpl( |
| 176 | mMockContext, |
| 177 | mPackageManagerInternal, |
Winson | 727da64 | 2020-03-10 15:25:32 -0700 | [diff] [blame^] | 178 | mParserSupplier, |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 179 | mRuleEvaluationEngine, |
| 180 | mIntegrityFileManager, |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 181 | mHandler); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 182 | |
| 183 | mSpyPackageManager = spy(mRealContext.getPackageManager()); |
| 184 | // setup mocks to prevent NPE |
| 185 | when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager); |
| 186 | when(mMockContext.getResources()).thenReturn(mMockResources); |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 187 | when(mMockResources.getStringArray(anyInt())).thenReturn(new String[] {}); |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 188 | when(mIntegrityFileManager.initialized()).thenReturn(true); |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 189 | // These are needed to override the Settings.Global.get result. |
| 190 | when(mMockContext.getContentResolver()).thenReturn(mRealContext.getContentResolver()); |
| 191 | setIntegrityCheckIncludesRuleProvider(true); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 192 | } |
| 193 | |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 194 | @After |
| 195 | public void tearDown() throws Exception { |
Song Pan | 5300771 | 2020-01-16 13:57:31 +0000 | [diff] [blame] | 196 | mTestApk.delete(); |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 197 | mTestApkTwoCerts.delete(); |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 198 | mTestApkSourceStamp.delete(); |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 199 | } |
| 200 | |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 201 | @Test |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 202 | public void updateRuleSet_notAuthorized() throws Exception { |
| 203 | makeUsSystemApp(); |
| 204 | Rule rule = |
| 205 | new Rule( |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 206 | new AtomicFormula.BooleanAtomicFormula(AtomicFormula.PRE_INSTALLED, true), |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 207 | Rule.DENY); |
| 208 | TestUtils.assertExpectException( |
| 209 | SecurityException.class, |
| 210 | "Only system packages specified in config_integrityRuleProviderPackages are" |
| 211 | + " allowed to call this method.", |
| 212 | () -> |
| 213 | mService.updateRuleSet( |
| 214 | VERSION, |
| 215 | new ParceledListSlice<>(Arrays.asList(rule)), |
| 216 | /* statusReceiver= */ null)); |
| 217 | } |
| 218 | |
| 219 | @Test |
| 220 | public void updateRuleSet_notSystemApp() throws Exception { |
| 221 | whitelistUsAsRuleProvider(); |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 222 | makeUsSystemApp(false); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 223 | Rule rule = |
| 224 | new Rule( |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 225 | new AtomicFormula.BooleanAtomicFormula(AtomicFormula.PRE_INSTALLED, true), |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 226 | Rule.DENY); |
| 227 | TestUtils.assertExpectException( |
| 228 | SecurityException.class, |
| 229 | "Only system packages specified in config_integrityRuleProviderPackages are" |
| 230 | + " allowed to call this method.", |
| 231 | () -> |
| 232 | mService.updateRuleSet( |
| 233 | VERSION, |
| 234 | new ParceledListSlice<>(Arrays.asList(rule)), |
| 235 | /* statusReceiver= */ null)); |
| 236 | } |
| 237 | |
| 238 | @Test |
| 239 | public void updateRuleSet_authorized() throws Exception { |
| 240 | whitelistUsAsRuleProvider(); |
| 241 | makeUsSystemApp(); |
| 242 | Rule rule = |
| 243 | new Rule( |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 244 | new AtomicFormula.BooleanAtomicFormula(AtomicFormula.PRE_INSTALLED, true), |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 245 | Rule.DENY); |
| 246 | |
| 247 | // no SecurityException |
| 248 | mService.updateRuleSet( |
| 249 | VERSION, new ParceledListSlice<>(Arrays.asList(rule)), mock(IntentSender.class)); |
| 250 | } |
| 251 | |
| 252 | @Test |
| 253 | public void updateRuleSet_correctMethodCall() throws Exception { |
| 254 | whitelistUsAsRuleProvider(); |
| 255 | makeUsSystemApp(); |
| 256 | IntentSender mockReceiver = mock(IntentSender.class); |
| 257 | List<Rule> rules = |
| 258 | Arrays.asList( |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 259 | new Rule( |
| 260 | IntegrityFormula.Application.packageNameEquals(PACKAGE_NAME), |
Song Pan | 76a0bb8 | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 261 | Rule.DENY)); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 262 | |
| 263 | mService.updateRuleSet(VERSION, new ParceledListSlice<>(rules), mockReceiver); |
| 264 | runJobInHandler(); |
| 265 | |
| 266 | verify(mIntegrityFileManager).writeRules(VERSION, TEST_FRAMEWORK_PACKAGE, rules); |
| 267 | ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class); |
| 268 | verify(mockReceiver).sendIntent(any(), anyInt(), intentCaptor.capture(), any(), any()); |
| 269 | assertEquals(STATUS_SUCCESS, intentCaptor.getValue().getIntExtra(EXTRA_STATUS, -1)); |
| 270 | } |
| 271 | |
| 272 | @Test |
| 273 | public void updateRuleSet_fail() throws Exception { |
| 274 | whitelistUsAsRuleProvider(); |
| 275 | makeUsSystemApp(); |
| 276 | doThrow(new IOException()).when(mIntegrityFileManager).writeRules(any(), any(), any()); |
| 277 | IntentSender mockReceiver = mock(IntentSender.class); |
| 278 | List<Rule> rules = |
| 279 | Arrays.asList( |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 280 | new Rule( |
| 281 | IntegrityFormula.Application.packageNameEquals(PACKAGE_NAME), |
Song Pan | 76a0bb8 | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 282 | Rule.DENY)); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 283 | |
| 284 | mService.updateRuleSet(VERSION, new ParceledListSlice<>(rules), mockReceiver); |
| 285 | runJobInHandler(); |
| 286 | |
| 287 | verify(mIntegrityFileManager).writeRules(VERSION, TEST_FRAMEWORK_PACKAGE, rules); |
| 288 | ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class); |
| 289 | verify(mockReceiver).sendIntent(any(), anyInt(), intentCaptor.capture(), any(), any()); |
| 290 | assertEquals(STATUS_FAILURE, intentCaptor.getValue().getIntExtra(EXTRA_STATUS, -1)); |
| 291 | } |
| 292 | |
| 293 | @Test |
| 294 | public void broadcastReceiverRegistration() throws Exception { |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 295 | whitelistUsAsRuleProvider(); |
| 296 | makeUsSystemApp(); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 297 | ArgumentCaptor<IntentFilter> intentFilterCaptor = |
| 298 | ArgumentCaptor.forClass(IntentFilter.class); |
| 299 | |
| 300 | verify(mMockContext).registerReceiver(any(), intentFilterCaptor.capture(), any(), any()); |
| 301 | assertEquals(1, intentFilterCaptor.getValue().countActions()); |
| 302 | assertEquals( |
| 303 | Intent.ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION, |
| 304 | intentFilterCaptor.getValue().getAction(0)); |
| 305 | assertEquals(1, intentFilterCaptor.getValue().countDataTypes()); |
| 306 | assertEquals(PACKAGE_MIME_TYPE, intentFilterCaptor.getValue().getDataType(0)); |
| 307 | } |
| 308 | |
| 309 | @Test |
| 310 | public void handleBroadcast_correctArgs() throws Exception { |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 311 | whitelistUsAsRuleProvider(); |
| 312 | makeUsSystemApp(); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 313 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 314 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
| 315 | verify(mMockContext) |
| 316 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
| 317 | Intent intent = makeVerificationIntent(); |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 318 | when(mRuleEvaluationEngine.evaluate(any())).thenReturn(IntegrityCheckResult.allow()); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 319 | |
| 320 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 321 | runJobInHandler(); |
| 322 | |
| 323 | ArgumentCaptor<AppInstallMetadata> metadataCaptor = |
| 324 | ArgumentCaptor.forClass(AppInstallMetadata.class); |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 325 | verify(mRuleEvaluationEngine).evaluate(metadataCaptor.capture()); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 326 | AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); |
| 327 | assertEquals(PACKAGE_NAME, appInstallMetadata.getPackageName()); |
Omer Nebil Yaveroglu | b994372 | 2020-02-07 14:22:44 +0000 | [diff] [blame] | 328 | assertThat(appInstallMetadata.getAppCertificates()).containsExactly(APP_CERT); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 329 | assertEquals(INSTALLER_SHA256, appInstallMetadata.getInstallerName()); |
Song Pan | 5300771 | 2020-01-16 13:57:31 +0000 | [diff] [blame] | 330 | // we cannot check installer cert because it seems to be device specific. |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 331 | assertEquals(VERSION_CODE, appInstallMetadata.getVersionCode()); |
| 332 | assertFalse(appInstallMetadata.isPreInstalled()); |
Khaled Abdelmohsen | ac7eed6 | 2020-03-12 19:57:19 +0000 | [diff] [blame] | 333 | // Asserting source stamp not present. |
| 334 | assertFalse(appInstallMetadata.isStampPresent()); |
| 335 | assertFalse(appInstallMetadata.isStampVerified()); |
| 336 | assertFalse(appInstallMetadata.isStampTrusted()); |
| 337 | assertNull(appInstallMetadata.getStampCertificateHash()); |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 338 | // These are hardcoded in the test apk android manifest |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 339 | Map<String, String> allowedInstallers = |
| 340 | appInstallMetadata.getAllowedInstallersAndCertificates(); |
Song Pan | f17fd09 | 2019-11-29 13:00:50 +0000 | [diff] [blame] | 341 | assertEquals(2, allowedInstallers.size()); |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 342 | assertEquals(PLAY_STORE_CERT, allowedInstallers.get(PLAY_STORE_PKG)); |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 343 | assertEquals(INSTALLER_CERTIFICATE_NOT_EVALUATED, allowedInstallers.get(ADB_INSTALLER)); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 344 | } |
| 345 | |
| 346 | @Test |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 347 | public void handleBroadcast_correctArgs_multipleCerts() throws Exception { |
| 348 | whitelistUsAsRuleProvider(); |
| 349 | makeUsSystemApp(); |
| 350 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 351 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
| 352 | verify(mMockContext) |
| 353 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
| 354 | Intent intent = makeVerificationIntent(); |
| 355 | intent.setDataAndType(Uri.fromFile(mTestApkTwoCerts), PACKAGE_MIME_TYPE); |
| 356 | when(mRuleEvaluationEngine.evaluate(any())).thenReturn(IntegrityCheckResult.allow()); |
| 357 | |
| 358 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 359 | runJobInHandler(); |
| 360 | |
| 361 | ArgumentCaptor<AppInstallMetadata> metadataCaptor = |
| 362 | ArgumentCaptor.forClass(AppInstallMetadata.class); |
| 363 | verify(mRuleEvaluationEngine).evaluate(metadataCaptor.capture()); |
| 364 | AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 365 | assertThat(appInstallMetadata.getAppCertificates()) |
| 366 | .containsExactly(DUMMY_APP_TWO_CERTS_CERT_1, DUMMY_APP_TWO_CERTS_CERT_2); |
| 367 | } |
| 368 | |
| 369 | @Test |
| 370 | public void handleBroadcast_correctArgs_sourceStamp() throws Exception { |
| 371 | whitelistUsAsRuleProvider(); |
| 372 | makeUsSystemApp(); |
| 373 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 374 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
| 375 | verify(mMockContext) |
| 376 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
| 377 | Intent intent = makeVerificationIntent(); |
| 378 | intent.setDataAndType(Uri.fromFile(mTestApkSourceStamp), PACKAGE_MIME_TYPE); |
| 379 | when(mRuleEvaluationEngine.evaluate(any())).thenReturn(IntegrityCheckResult.allow()); |
| 380 | |
| 381 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 382 | runJobInHandler(); |
| 383 | |
| 384 | ArgumentCaptor<AppInstallMetadata> metadataCaptor = |
| 385 | ArgumentCaptor.forClass(AppInstallMetadata.class); |
| 386 | verify(mRuleEvaluationEngine).evaluate(metadataCaptor.capture()); |
| 387 | AppInstallMetadata appInstallMetadata = metadataCaptor.getValue(); |
| 388 | assertTrue(appInstallMetadata.isStampPresent()); |
| 389 | assertTrue(appInstallMetadata.isStampVerified()); |
Khaled Abdelmohsen | 612ecd2 | 2020-03-09 12:02:49 +0000 | [diff] [blame] | 390 | assertTrue(appInstallMetadata.isStampTrusted()); |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 391 | assertEquals(SOURCE_STAMP_CERTIFICATE_HASH, appInstallMetadata.getStampCertificateHash()); |
Song Pan | 90991d4 | 2020-02-11 17:39:09 +0000 | [diff] [blame] | 392 | } |
| 393 | |
| 394 | @Test |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 395 | public void handleBroadcast_allow() throws Exception { |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 396 | whitelistUsAsRuleProvider(); |
| 397 | makeUsSystemApp(); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 398 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 399 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
| 400 | verify(mMockContext) |
| 401 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
| 402 | Intent intent = makeVerificationIntent(); |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 403 | when(mRuleEvaluationEngine.evaluate(any())).thenReturn(IntegrityCheckResult.allow()); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 404 | |
| 405 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 406 | runJobInHandler(); |
| 407 | |
| 408 | verify(mPackageManagerInternal) |
| 409 | .setIntegrityVerificationResult( |
| 410 | 1, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); |
| 411 | } |
| 412 | |
| 413 | @Test |
| 414 | public void handleBroadcast_reject() throws Exception { |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 415 | whitelistUsAsRuleProvider(); |
| 416 | makeUsSystemApp(); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 417 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 418 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
| 419 | verify(mMockContext) |
| 420 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 421 | when(mRuleEvaluationEngine.evaluate(any())) |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 422 | .thenReturn( |
| 423 | IntegrityCheckResult.deny( |
Omer Nebil Yaveroglu | 09e44f5 | 2020-01-28 15:48:36 +0000 | [diff] [blame] | 424 | Arrays.asList( |
| 425 | new Rule( |
| 426 | new AtomicFormula.BooleanAtomicFormula( |
| 427 | AtomicFormula.PRE_INSTALLED, false), |
| 428 | Rule.DENY)))); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 429 | Intent intent = makeVerificationIntent(); |
| 430 | |
| 431 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 432 | runJobInHandler(); |
| 433 | |
| 434 | verify(mPackageManagerInternal) |
| 435 | .setIntegrityVerificationResult( |
| 436 | 1, PackageManagerInternal.INTEGRITY_VERIFICATION_REJECT); |
| 437 | } |
| 438 | |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 439 | @Test |
| 440 | public void handleBroadcast_notInitialized() throws Exception { |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 441 | whitelistUsAsRuleProvider(); |
| 442 | makeUsSystemApp(); |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 443 | when(mIntegrityFileManager.initialized()).thenReturn(false); |
| 444 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 445 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
| 446 | verify(mMockContext) |
| 447 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
| 448 | Intent intent = makeVerificationIntent(); |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 449 | when(mRuleEvaluationEngine.evaluate(any())).thenReturn(IntegrityCheckResult.allow()); |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 450 | |
| 451 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 452 | runJobInHandler(); |
| 453 | |
Omer Nebil Yaveroglu | d4c9af8 | 2020-01-24 19:36:02 +0000 | [diff] [blame] | 454 | // The evaluation will still run since we still evaluate manifest based rules. |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 455 | verify(mPackageManagerInternal) |
| 456 | .setIntegrityVerificationResult( |
| 457 | 1, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); |
Song Pan | e515e96 | 2020-01-03 15:06:11 +0000 | [diff] [blame] | 458 | } |
| 459 | |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 460 | @Test |
| 461 | public void verifierAsInstaller_skipIntegrityVerification() throws Exception { |
| 462 | whitelistUsAsRuleProvider(); |
| 463 | makeUsSystemApp(); |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 464 | setIntegrityCheckIncludesRuleProvider(false); |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 465 | ArgumentCaptor<BroadcastReceiver> broadcastReceiverCaptor = |
| 466 | ArgumentCaptor.forClass(BroadcastReceiver.class); |
Song Pan | 7a9c4c2 | 2020-02-04 14:03:57 +0000 | [diff] [blame] | 467 | verify(mMockContext, atLeastOnce()) |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 468 | .registerReceiver(broadcastReceiverCaptor.capture(), any(), any(), any()); |
| 469 | Intent intent = makeVerificationIntent(TEST_FRAMEWORK_PACKAGE); |
Song Pan | 6a0fd8b | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 470 | when(mRuleEvaluationEngine.evaluate(any())) |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 471 | .thenReturn(IntegrityCheckResult.deny(/* rule= */ null)); |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 472 | |
| 473 | broadcastReceiverCaptor.getValue().onReceive(mMockContext, intent); |
| 474 | runJobInHandler(); |
| 475 | |
| 476 | verify(mPackageManagerInternal) |
| 477 | .setIntegrityVerificationResult( |
| 478 | 1, PackageManagerInternal.INTEGRITY_VERIFICATION_ALLOW); |
| 479 | } |
| 480 | |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 481 | @Test |
| 482 | public void getCurrentRules() throws Exception { |
| 483 | whitelistUsAsRuleProvider(); |
| 484 | makeUsSystemApp(); |
Song Pan | 76a0bb8 | 2020-02-06 13:48:04 +0000 | [diff] [blame] | 485 | Rule rule = new Rule(IntegrityFormula.Application.packageNameEquals("package"), Rule.DENY); |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 486 | when(mIntegrityFileManager.readRules(any())).thenReturn(Arrays.asList(rule)); |
| 487 | |
| 488 | assertThat(mService.getCurrentRules().getList()).containsExactly(rule); |
| 489 | } |
| 490 | |
Song Pan | 4d37486 | 2020-03-04 15:30:45 +0000 | [diff] [blame] | 491 | @Test |
| 492 | public void getWhitelistedRuleProviders() throws Exception { |
| 493 | whitelistUsAsRuleProvider(); |
| 494 | |
| 495 | assertThat(mService.getWhitelistedRuleProviders()).containsExactly(TEST_FRAMEWORK_PACKAGE); |
| 496 | } |
| 497 | |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 498 | private void whitelistUsAsRuleProvider() { |
| 499 | Resources mockResources = mock(Resources.class); |
| 500 | when(mockResources.getStringArray(R.array.config_integrityRuleProviderPackages)) |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 501 | .thenReturn(new String[] {TEST_FRAMEWORK_PACKAGE}); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 502 | when(mMockContext.getResources()).thenReturn(mockResources); |
| 503 | } |
| 504 | |
| 505 | private void runJobInHandler() { |
| 506 | ArgumentCaptor<Message> messageCaptor = ArgumentCaptor.forClass(Message.class); |
| 507 | // sendMessageAtTime is the first non-final method in the call chain when "post" is invoked. |
| 508 | verify(mHandler).sendMessageAtTime(messageCaptor.capture(), anyLong()); |
| 509 | messageCaptor.getValue().getCallback().run(); |
| 510 | } |
| 511 | |
| 512 | private void makeUsSystemApp() throws Exception { |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 513 | makeUsSystemApp(true); |
| 514 | } |
| 515 | |
| 516 | private void makeUsSystemApp(boolean isSystemApp) throws Exception { |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 517 | PackageInfo packageInfo = |
| 518 | mRealContext.getPackageManager().getPackageInfo(TEST_FRAMEWORK_PACKAGE, 0); |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 519 | if (isSystemApp) { |
| 520 | packageInfo.applicationInfo.flags |= ApplicationInfo.FLAG_SYSTEM; |
| 521 | } else { |
| 522 | packageInfo.applicationInfo.flags &= ~ApplicationInfo.FLAG_SYSTEM; |
| 523 | } |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 524 | doReturn(packageInfo) |
| 525 | .when(mSpyPackageManager) |
| 526 | .getPackageInfo(eq(TEST_FRAMEWORK_PACKAGE), anyInt()); |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 527 | when(mMockContext.getPackageManager()).thenReturn(mSpyPackageManager); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 528 | } |
| 529 | |
| 530 | private Intent makeVerificationIntent() throws Exception { |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 531 | PackageInfo packageInfo = |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 532 | mRealContext |
| 533 | .getPackageManager() |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 534 | .getPackageInfo( |
| 535 | TEST_FRAMEWORK_PACKAGE, PackageManager.GET_SIGNING_CERTIFICATES); |
Song Pan | 5604437 | 2020-02-03 13:39:45 +0000 | [diff] [blame] | 536 | doReturn(packageInfo).when(mSpyPackageManager).getPackageInfo(eq(INSTALLER), anyInt()); |
| 537 | doReturn(1).when(mSpyPackageManager).getPackageUid(eq(INSTALLER), anyInt()); |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 538 | return makeVerificationIntent(INSTALLER); |
| 539 | } |
| 540 | |
| 541 | private Intent makeVerificationIntent(String installer) throws Exception { |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 542 | Intent intent = new Intent(); |
| 543 | intent.setDataAndType(Uri.fromFile(mTestApk), PACKAGE_MIME_TYPE); |
| 544 | intent.setAction(Intent.ACTION_PACKAGE_NEEDS_INTEGRITY_VERIFICATION); |
| 545 | intent.putExtra(EXTRA_VERIFICATION_ID, 1); |
| 546 | intent.putExtra(Intent.EXTRA_PACKAGE_NAME, PACKAGE_NAME); |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 547 | intent.putExtra(EXTRA_VERIFICATION_INSTALLER_PACKAGE, installer); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 548 | intent.putExtra( |
| 549 | EXTRA_VERIFICATION_INSTALLER_UID, |
Khaled Abdelmohsen | 7390161 | 2020-01-21 21:12:21 +0000 | [diff] [blame] | 550 | mMockContext.getPackageManager().getPackageUid(installer, /* flags= */ 0)); |
Omer Nebil Yaveroglu | 15395f5 | 2020-01-22 12:14:44 +0000 | [diff] [blame] | 551 | intent.putExtra(Intent.EXTRA_LONG_VERSION_CODE, VERSION_CODE); |
Song Pan | 6e3677c | 2019-10-29 14:19:26 +0000 | [diff] [blame] | 552 | return intent; |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 553 | } |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 554 | |
| 555 | private void setIntegrityCheckIncludesRuleProvider(boolean shouldInclude) throws Exception { |
| 556 | int value = shouldInclude ? 1 : 0; |
Khaled Abdelmohsen | 02067c2 | 2020-02-28 11:09:57 +0000 | [diff] [blame] | 557 | Settings.Global.putInt( |
| 558 | mRealContext.getContentResolver(), |
| 559 | Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER, |
| 560 | value); |
| 561 | assertThat( |
| 562 | Settings.Global.getInt( |
| 563 | mRealContext.getContentResolver(), |
| 564 | Settings.Global.INTEGRITY_CHECK_INCLUDES_RULE_PROVIDER, |
| 565 | -1) |
| 566 | == 1) |
| 567 | .isEqualTo(shouldInclude); |
Song Pan | d39ec80 | 2020-02-25 16:34:49 +0000 | [diff] [blame] | 568 | } |
Song Pan | f93a39c | 2019-11-19 00:58:31 +0000 | [diff] [blame] | 569 | } |