diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-04-01 02:05:03 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-04-01 02:05:03 +0000 |
commit | c4a488dff4c6c2decee20636cbc52fecd1755884 (patch) | |
tree | eea3589b4a063d1b9af81c73f2da7eea3982b013 | |
parent | c70f129081f26d9b61ae47e3ebc76c2dd12fd2f7 (diff) | |
parent | 2c8142d68ce434324953d2c1ccdd5d35f962ccf0 (diff) | |
download | telephony-android13-mainline-art-release.tar.gz |
Snap for 9867090 from 2c8142d68ce434324953d2c1ccdd5d35f962ccf0 to mainline-art-releaseaml_art_331813100aml_art_331813010android13-mainline-art-release
Change-Id: I67140e95a6ec49978d1f467c9a5354268cf6da79
-rw-r--r-- | src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java | 48 | ||||
-rw-r--r-- | tests/telephonytests/src/com/android/internal/telephony/CarrierPrivilegesTrackerTest.java | 33 |
2 files changed, 52 insertions, 29 deletions
diff --git a/src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java b/src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java index 31442297b1..1e184bb69a 100644 --- a/src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java +++ b/src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java @@ -108,6 +108,10 @@ public class CarrierPrivilegesTracker extends Handler { private static final String SHA_1 = "SHA-1"; private static final String SHA_256 = "SHA-256"; + private static final int PACKAGE_NOT_PRIVILEGED = 0; + private static final int PACKAGE_PRIVILEGED_FROM_CARRIER_CONFIG = 1; + private static final int PACKAGE_PRIVILEGED_FROM_SIM = 2; + // TODO(b/232273884): Turn feature on when find solution to handle the inter-carriers switching /** * Time delay to clear UICC rules after UICC is gone. @@ -757,23 +761,35 @@ public class CarrierPrivilegesTracker extends Handler { @NonNull private PrivilegedPackageInfo getCurrentPrivilegedPackagesForAllUsers() { + Set<String> carrierServiceEligiblePackages = new ArraySet<>(); Set<String> privilegedPackageNames = new ArraySet<>(); Set<Integer> privilegedUids = new ArraySet<>(); for (Map.Entry<String, Set<String>> e : mInstalledPackageCerts.entrySet()) { - if (isPackagePrivileged(e.getKey(), e.getValue())) { - privilegedPackageNames.add(e.getKey()); - privilegedUids.addAll(getUidsForPackage(e.getKey(), /* invalidateCache= */ false)); + final int priv = getPackagePrivilegedStatus(e.getKey(), e.getValue()); + switch (priv) { + case PACKAGE_PRIVILEGED_FROM_SIM: + carrierServiceEligiblePackages.add(e.getKey()); + // fallthrough + case PACKAGE_PRIVILEGED_FROM_CARRIER_CONFIG: + privilegedPackageNames.add(e.getKey()); + privilegedUids.addAll( + getUidsForPackage(e.getKey(), /* invalidateCache= */ false)); } } - return new PrivilegedPackageInfo(privilegedPackageNames, privilegedUids, - getCarrierService(privilegedPackageNames)); + + return new PrivilegedPackageInfo( + privilegedPackageNames, + privilegedUids, + getCarrierService(carrierServiceEligiblePackages)); } /** - * Returns true iff there is an overlap between the provided certificate hashes and the - * certificate hashes stored in mTestOverrideRules, mCarrierConfigRules and mUiccRules. + * Returns the privilege status of the provided package. + * + * <p>Returned privilege status depends on whether a package matches the certificates from + * carrier config, from test overrides or from certificates stored on the SIM. */ - private boolean isPackagePrivileged(@NonNull String pkgName, @NonNull Set<String> certs) { + private int getPackagePrivilegedStatus(@NonNull String pkgName, @NonNull Set<String> certs) { // Double-nested for loops, but each collection should contain at most 2 elements in nearly // every case. // TODO(b/184382310) find a way to speed this up @@ -782,23 +798,23 @@ public class CarrierPrivilegesTracker extends Handler { if (mTestOverrideRules != null) { for (UiccAccessRule rule : mTestOverrideRules) { if (rule.matches(cert, pkgName)) { - return true; + return PACKAGE_PRIVILEGED_FROM_SIM; } } } else { - for (UiccAccessRule rule : mCarrierConfigRules) { + for (UiccAccessRule rule : mUiccRules) { if (rule.matches(cert, pkgName)) { - return true; + return PACKAGE_PRIVILEGED_FROM_SIM; } } - for (UiccAccessRule rule : mUiccRules) { + for (UiccAccessRule rule : mCarrierConfigRules) { if (rule.matches(cert, pkgName)) { - return true; + return PACKAGE_PRIVILEGED_FROM_CARRIER_CONFIG; } } } } - return false; + return PACKAGE_NOT_PRIVILEGED; } @NonNull @@ -1067,13 +1083,13 @@ public class CarrierPrivilegesTracker extends Handler { } @NonNull - private Pair<String, Integer> getCarrierService(@NonNull Set<String> privilegedPackageNames) { + private Pair<String, Integer> getCarrierService(@NonNull Set<String> simPrivilegedPackages) { List<ResolveInfo> carrierServiceResolveInfos = mPackageManager.queryIntentServices( new Intent(CarrierService.CARRIER_SERVICE_INTERFACE), /* flags= */ 0); String carrierServicePackageName = null; for (ResolveInfo resolveInfo : carrierServiceResolveInfos) { String packageName = getPackageName(resolveInfo); - if (privilegedPackageNames.contains(packageName)) { + if (simPrivilegedPackages.contains(packageName)) { carrierServicePackageName = packageName; break; } diff --git a/tests/telephonytests/src/com/android/internal/telephony/CarrierPrivilegesTrackerTest.java b/tests/telephonytests/src/com/android/internal/telephony/CarrierPrivilegesTrackerTest.java index 221b2b525e..07011a30e6 100644 --- a/tests/telephonytests/src/com/android/internal/telephony/CarrierPrivilegesTrackerTest.java +++ b/tests/telephonytests/src/com/android/internal/telephony/CarrierPrivilegesTrackerTest.java @@ -889,7 +889,7 @@ public class CarrierPrivilegesTrackerTest extends TelephonyTest { @Test public void testPackageDisabledAndThenEnabled() throws Exception { // Start with certs and packages installed - setupCarrierConfigRules(carrierConfigRuleString(getHash(CERT_1))); + setupSimLoadedRules(ruleWithHashOnly(getHash(CERT_1))); setupInstalledPackages( new PackageCertInfo(PACKAGE_1, CERT_1, USER_1, UID_1), new PackageCertInfo(PACKAGE_2, CERT_2, USER_1, UID_2)); @@ -1032,9 +1032,12 @@ public class CarrierPrivilegesTrackerTest extends TelephonyTest { } @Test - public void testGetCarrierService_haveCarrierServiceWithCarrierPrivileges() throws Exception { - // Only packages with CERT_1 have carrier privileges - setupCarrierConfigRules(carrierConfigRuleString(getHash(CERT_1))); + public void testGetCarrierService_haveCarrierServiceWithSimCarrierPrivileges() + throws Exception { + // Package 1 has SIM loaded rules, making it eligible for carrier service bindings + setupSimLoadedRules(ruleWithHashOnly(getHash(CERT_1))); + // Package 2 has only carrier-config based rules, which is insufficient for carrier services + setupCarrierConfigRules(carrierConfigRuleString(getHash(CERT_2))); // Setup all odd packages privileged, even packages not setupInstalledPackages( new PackageCertInfo(PACKAGE_1, CERT_1, USER_1, UID_1), @@ -1061,7 +1064,6 @@ public class CarrierPrivilegesTrackerTest extends TelephonyTest { assertEquals(PACKAGE_1, carrierServicePackageName); assertEquals(UID_1, carrierServiceUid); - reset(mPackageManager); // Get CS again carrierServicePackageName = mCarrierPrivilegesTracker.getCarrierServicePackageName(); @@ -1072,27 +1074,32 @@ public class CarrierPrivilegesTrackerTest extends TelephonyTest { verify(mPackageManager, never()).queryIntentServices(any(), anyInt()); assertEquals(PACKAGE_1, carrierServicePackageName); assertEquals(UID_1, carrierServiceUid); - } @Test - public void testGetCarrierService_haveCarrierServiceWithNoCarrierPrivileges() throws Exception { - // Only packages with CERT_1 have carrier privileges - setupCarrierConfigRules(carrierConfigRuleString(getHash(CERT_1))); + public void testGetCarrierService_haveCarrierServiceWithoutSimCarrierPrivileges() + throws Exception { + // Package 1 has no carrier privileges, package 2 has carrier-config based privileges, but + // no matching certificate on the SIM. + setupCarrierConfigRules(carrierConfigRuleString(getHash(CERT_2))); // Setup all odd packages privileged, even packages not setupInstalledPackages( new PackageCertInfo(PACKAGE_1, CERT_1, USER_1, UID_1), new PackageCertInfo(PACKAGE_2, CERT_2, USER_1, UID_2), new PackageCertInfo(PACKAGE_3, CERT_1, USER_1, UID_1)); - // One declared CarrierService which has no carrier privileges - ResolveInfo noPrivilegeService = new ResolveInfoBuilder().setService(PACKAGE_2).build(); + // Two declared CarrierService, only PACKAGE_1 has carrier privileges + ResolveInfo service1 = new ResolveInfoBuilder().setService(PACKAGE_1).build(); + ResolveInfo service2 = new ResolveInfoBuilder().setService(PACKAGE_2).build(); // Use doReturn instead of when/thenReturn which has NPE with unknown reason - doReturn(List.of(noPrivilegeService)).when( - mPackageManager).queryIntentServices(any(), anyInt()); + doReturn(List.of(service1, service2)) + .when(mPackageManager) + .queryIntentServices(any(), anyInt()); when(mPackageManager.getPackageUid(eq(PACKAGE_1), anyInt())).thenReturn(UID_1); when(mPackageManager.getPackageUid(eq(PACKAGE_2), anyInt())).thenReturn(UID_2); when(mPackageManager.getPackageUid(eq(PACKAGE_3), anyInt())).thenReturn(UID_1); + // Verify that neither carrier service (no privileges, or carrier-config based privileges) + // are accepted. mCarrierPrivilegesTracker = createCarrierPrivilegesTracker(); String carrierServicePackageName = mCarrierPrivilegesTracker.getCarrierServicePackageName(); int carrierServiceUid = mCarrierPrivilegesTracker.getCarrierServicePackageUid(); |