Add check that prevents file operations outside of Call Composer Dir

Cannot open, delete, sync, or insert files outside of the Call Composer directory. New check prevents this. bug: 219015884 Test: 3 UT, 1. CallLogProviderTest#testOpenFileOutsideOfScopeThrowsException 2. CallLogProviderTest#testDeleteFileOutsideOfScopeThrowsException 3. CallLogProviderTest#testInsertFileOutsideOfScopeThrowsException Change-Id: I5a9dc98db446707373479fe1c2cb5fba44bdedf7
author: Thomas Stuart <tjstuart@google.com> 2022-04-13 13:59:08 -0700
committer: Thomas Stuart <tjstuart@google.com> 2022-04-20 16:12:00 -0700
commit: c5da1394740292b036fa0d0b7ad9b96f0851b799 (patch)
tree: 7096aadbd360fab652740e922b1fa42847810ed1 /tests/src/com/android
parent: 809e04f27d64ceb928ec7ad154be7f66937307d2 (diff)
download: ContactsProvider-c5da1394740292b036fa0d0b7ad9b96f0851b799.tar.gz
1 files changed, 58 insertions, 1 deletions
diff --git a/tests/src/com/android/providers/contacts/CallLogProviderTest.java b/tests/src/com/android/providers/contacts/CallLogProviderTest.java
index ebb06556..c7555823 100644
--- a/tests/src/com/android/providers/contacts/CallLogProviderTest.java
+++ b/tests/src/com/android/providers/contacts/CallLogProviderTest.java
@@ -21,9 +21,11 @@ import static android.provider.CallLog.Calls.MISSED_REASON_NOT_MISSED;
 import static org.mockito.Mockito.eq;
 import static org.mockito.Mockito.when;
 
+import android.content.ContentResolver;
 import android.telecom.CallerInfo;
 import com.android.providers.contacts.testutil.CommonDatabaseUtils;
 import com.android.providers.contacts.util.ContactsPermissions;
+import com.android.providers.contacts.util.FileUtilities;
 import com.android.providers.contacts.util.PhoneAccountHandleMigrationUtils;
 
 import android.content.BroadcastReceiver;
@@ -46,8 +48,10 @@ import android.telecom.PhoneAccountHandle;
 import android.telecom.TelecomManager;
 import android.telephony.SubscriptionInfo;
 import android.test.suitebuilder.annotation.MediumTest;
-import android.util.Log;
 
+import org.junit.Assert;
+
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -92,6 +96,14 @@ public class CallLogProviderTest extends BaseContactsProvider2Test {
     private static final String TEST_PHONE_ACCOUNT_HANDLE_ICC_ID2 = "891004234814455937";
     private static final String TEST_COMPONENT_NAME = "foo/bar";
 
+    private static final Uri INVALID_CALL_LOG_URI = Uri.parse(
+            "content://call_log/call_composer/%2fdata%2fdata%2fcom.android.providers"
+                    + ".contacts%2fshared_prefs%2fContactsUpgradeReceiver.xml");
+
+    private static final String TEST_FAIL_DID_NOT_TRHOW_SE =
+            "fail test because Security Exception was not throw";
+
+
     private int mOldMinMatch;
 
     private CallLogProviderTestable mCallLogProvider;
@@ -515,6 +527,51 @@ public class CallLogProviderTest extends BaseContactsProvider2Test {
         }
     }
 
+    /**
+     * Tests scenario where an app gives {@link ContentResolver} a file to open that is not in the
+     * Call Log Provider directory.
+     */
+    public void testOpenFileOutsideOfScopeThrowsException() throws FileNotFoundException {
+        try {
+            mResolver.openFile(INVALID_CALL_LOG_URI, "w", null);
+            // previous line should throw exception
+            fail(TEST_FAIL_DID_NOT_TRHOW_SE);
+        } catch (SecurityException e) {
+            Assert.assertTrue(
+                    e.toString().contains(FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE));
+        }
+    }
+
+    /**
+     * Tests scenario where an app gives {@link ContentResolver} a file to delete that is not in the
+     * Call Log Provider directory.
+     */
+    public void testDeleteFileOutsideOfScopeThrowsException() {
+        try {
+            mResolver.delete(INVALID_CALL_LOG_URI, "w", null);
+            // previous line should throw exception
+            fail(TEST_FAIL_DID_NOT_TRHOW_SE);
+        } catch (SecurityException e) {
+            Assert.assertTrue(
+                    e.toString().contains(FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE));
+        }
+    }
+
+    /**
+     * Tests scenario where an app gives {@link ContentResolver} a file to insert outside the
+     * Call Log Provider directory.
+     */
+    public void testInsertFileOutsideOfScopeThrowsException() {
+        try {
+            mResolver.insert(INVALID_CALL_LOG_URI, new ContentValues());
+            // previous line should throw exception
+            fail(TEST_FAIL_DID_NOT_TRHOW_SE);
+        } catch (SecurityException e) {
+            Assert.assertTrue(
+                    e.toString().contains(FileUtilities.INVALID_CALL_LOG_PATH_EXCEPTION_MESSAGE));
+        }
+    }
+
     public void testUriWithBadLimitParamThrowsException() {
         assertParamThrowsIllegalArgumentException(Calls.LIMIT_PARAM_KEY, "notvalid");
     }
author	Thomas Stuart <tjstuart@google.com>	2022-04-13 13:59:08 -0700
committer	Thomas Stuart <tjstuart@google.com>	2022-04-20 16:12:00 -0700
commit	c5da1394740292b036fa0d0b7ad9b96f0851b799 (patch)
tree	7096aadbd360fab652740e922b1fa42847810ed1 /tests/src/com/android
parent	809e04f27d64ceb928ec7ad154be7f66937307d2 (diff)
download	ContactsProvider-c5da1394740292b036fa0d0b7ad9b96f0851b799.tar.gz