diff options
author | Thomas Stuart <tjstuart@google.com> | 2022-04-13 13:59:08 -0700 |
---|---|---|
committer | Thomas Stuart <tjstuart@google.com> | 2022-04-20 16:12:00 -0700 |
commit | c5da1394740292b036fa0d0b7ad9b96f0851b799 (patch) | |
tree | 7096aadbd360fab652740e922b1fa42847810ed1 /tests/src/com/android | |
parent | 809e04f27d64ceb928ec7ad154be7f66937307d2 (diff) | |
download | ContactsProvider-c5da1394740292b036fa0d0b7ad9b96f0851b799.tar.gz |
Add check that prevents file operations outside of Call Composer Dir
Cannot open, delete, sync, or insert files outside of the Call Composer
directory. New check prevents this.
bug: 219015884
Test: 3 UT,
1. CallLogProviderTest#testOpenFileOutsideOfScopeThrowsException
2. CallLogProviderTest#testDeleteFileOutsideOfScopeThrowsException
3. CallLogProviderTest#testInsertFileOutsideOfScopeThrowsException
Change-Id: I5a9dc98db446707373479fe1c2cb5fba44bdedf7
Diffstat (limited to 'tests/src/com/android')
-rw-r--r-- | tests/src/com/android/providers/contacts/CallLogProviderTest.java | 59 |
1 files changed, 58 insertions, 1 deletions
diff --git a/tests/src/com/android/providers/contacts/CallLogProviderTest.java b/tests/src/com/android/providers/contacts/CallLogProviderTest.java index ebb06556..c7555823 100644 --- a/tests/src/com/android/providers/contacts/CallLogProviderTest.java +++ b/tests/src/com/android/providers/contacts/CallLogProviderTest.java @@ -21,9 +21,11 @@ import static android.provider.CallLog.Calls.MISSED_REASON_NOT_MISSED; import static org.mockito.Mockito.eq; import static org.mockito.Mockito.when; +import android.content.ContentResolver; import android.telecom.CallerInfo; import com.android.providers.contacts.testutil.CommonDatabaseUtils; import com.android.providers.contacts.util.ContactsPermissions; +import com.android.providers.contacts.util.FileUtilities; import com.android.providers.contacts.util.PhoneAccountHandleMigrationUtils; import android.content.BroadcastReceiver; @@ -46,8 +48,10 @@ import android.telecom.PhoneAccountHandle; import android.telecom.TelecomManager; import android.telephony.SubscriptionInfo; import android.test.suitebuilder.annotation.MediumTest; -import android.util.Log; +import org.junit.Assert; + +import java.io.FileNotFoundException; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; @@ -92,6 +96,14 @@ public class CallLogProviderTest extends BaseContactsProvider2Test { private static final String TEST_PHONE_ACCOUNT_HANDLE_ICC_ID2 = "891004234814455937"; private static final String TEST_COMPONENT_NAME = "foo/bar"; + private static final Uri INVALID_CALL_LOG_URI = Uri.parse( + "content://call_log/call_composer/%2fdata%2fdata%2fcom.android.providers" + + ".contacts%2fshared_prefs%2fContactsUpgradeReceiver.xml"); + + private static final String TEST_FAIL_DID_NOT_TRHOW_SE = + "fail test because Security Exception was not throw"; + + private int mOldMinMatch; private CallLogProviderTestable mCallLogProvider; @@ -515,6 +527,51 @@ public class CallLogProviderTest extends BaseContactsProvider2Test { } } + /** + * Tests scenario where an app gives {@link ContentResolver} a file to open that is not in the + * Call Log Provider directory. + */ + public void testOpenFileOutsideOfScopeThrowsException() throws FileNotFoundException { + try { + mResolver.openFile(INVALID_CALL_LOG_URI, "w", null); + // previous line should throw exception + fail(TEST_FAIL_DID_NOT_TRHOW_SE); + } catch (SecurityException e) { + Assert.assertTrue( + e.toString().contains(FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE)); + } + } + + /** + * Tests scenario where an app gives {@link ContentResolver} a file to delete that is not in the + * Call Log Provider directory. + */ + public void testDeleteFileOutsideOfScopeThrowsException() { + try { + mResolver.delete(INVALID_CALL_LOG_URI, "w", null); + // previous line should throw exception + fail(TEST_FAIL_DID_NOT_TRHOW_SE); + } catch (SecurityException e) { + Assert.assertTrue( + e.toString().contains(FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE)); + } + } + + /** + * Tests scenario where an app gives {@link ContentResolver} a file to insert outside the + * Call Log Provider directory. + */ + public void testInsertFileOutsideOfScopeThrowsException() { + try { + mResolver.insert(INVALID_CALL_LOG_URI, new ContentValues()); + // previous line should throw exception + fail(TEST_FAIL_DID_NOT_TRHOW_SE); + } catch (SecurityException e) { + Assert.assertTrue( + e.toString().contains(FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE)); + } + } + public void testUriWithBadLimitParamThrowsException() { assertParamThrowsIllegalArgumentException(Calls.LIMIT_PARAM_KEY, "notvalid"); } |