diff options
author | Roshan Pius <rpius@google.com> | 2019-02-19 13:41:32 -0800 |
---|---|---|
committer | Roshan Pius <rpius@google.com> | 2019-02-26 21:52:27 -0800 |
commit | 3a5a6e997ca32114a96aeefc456f13abd437ed29 (patch) | |
tree | dac63eddda50d2b1aa604563359781ca9cccceca /tests/wifitests/src/com/android/server/wifi/scanner | |
parent | 4a438d6ba908f04d4b5ee03c53300fd95c72b8e1 (diff) | |
download | android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.tar.gz android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.tar.bz2 android_frameworks_opt_net_wifi-3a5a6e997ca32114a96aeefc456f13abd437ed29.zip |
WifiScanningServiceImpl: Hide requests from app-ops if flag set
If the newly added |hideFromAppOps| flag is set for scan requests, don't
invoke |AppOpsManager.noteOp()| method to log the request in app-ops.
Instead use |AppOpsManager.checkOp()| method to just ensure that the app
has the necessary permission to perform the operation, but not log it.
Also, renamed the existing |checkAppOpAllowed()| method to
|noteAppOpAllowed| in WifiPermissionsUtil to better reflect the
underlying call. The new |checkAppOpAllowed()| helper method will
instead invoke |AppOpsManager.checkOp|.
Bug: 119833663
Test: ./frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Change-Id: I3942513d17c23362ba7f2c5ca67bc9e3b5046ab5
Diffstat (limited to 'tests/wifitests/src/com/android/server/wifi/scanner')
-rw-r--r-- | tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java | 106 |
1 files changed, 102 insertions, 4 deletions
diff --git a/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java b/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java index aa8b46f89..356b50f49 100644 --- a/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java +++ b/tests/wifitests/src/com/android/server/wifi/scanner/WifiScanningServiceTest.java @@ -39,6 +39,7 @@ import static org.mockito.Mockito.anyBoolean; import static org.mockito.Mockito.anyInt; import static org.mockito.Mockito.anyString; import static org.mockito.Mockito.argThat; +import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.doThrow; import static org.mockito.Mockito.eq; import static org.mockito.Mockito.inOrder; @@ -2542,7 +2543,7 @@ public class WifiScanningServiceTest { // Location permission or mode check fail. doThrow(new SecurityException()).when(mWifiPermissionsUtil) .enforceCanAccessScanResultsForWifiScanner(any(), eq(Binder.getCallingUid()), - eq(false)); + eq(false), eq(false)); Handler handler = mock(Handler.class); BidirectionalAsyncChannel controlChannel = connectChannel(handler); @@ -2610,7 +2611,7 @@ public class WifiScanningServiceTest { // Verify the permission check params (ignoreLocationSettings == true). verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner( - eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(true)); + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(true), eq(false)); // send single scan request (ignoreLocationSettings == false). scanSettings.ignoreLocationSettings = false; @@ -2623,7 +2624,7 @@ public class WifiScanningServiceTest { // Verify the permission check params (ignoreLocationSettings == true). verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner( - eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false)); + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false)); // send background scan request (ignoreLocationSettings == true). scanSettings.ignoreLocationSettings = true; @@ -2636,6 +2637,103 @@ public class WifiScanningServiceTest { // Verify the permission check params (ignoreLocationSettings == false), the field // is ignored for any requests other than single scan. verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner( - eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false)); + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false)); + } + + /** + * Verifies that we hide from app-ops when the single scan request settings sets + * {@link WifiScanner.ScanSettings#hideFromAppOps} + */ + @Test + public void verifyHideFromAppOpsFromNonPrivilegedAppsForSingleScan() throws Exception { + // Start service & initialize it. + startServiceAndLoadDriver(); + + Handler handler = mock(Handler.class); + BidirectionalAsyncChannel controlChannel = connectChannel(handler); + + // Client doesn't have NETWORK_STACK permission. + doThrow(new SecurityException()).when(mContext).enforcePermission( + eq(Manifest.permission.NETWORK_STACK), anyInt(), eq(Binder.getCallingUid()), any()); + + Bundle bundle = new Bundle(); + bundle.putString(WifiScanner.REQUEST_PACKAGE_NAME_KEY, TEST_PACKAGE_NAME); + WifiScanner.ScanSettings scanSettings = new WifiScanner.ScanSettings(); + + // send single scan request (hideFromAppOps == true). + scanSettings.hideFromAppOps = true; + bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings); + Message message = Message.obtain(); + message.what = WifiScanner.CMD_START_SINGLE_SCAN; + message.obj = bundle; + controlChannel.sendMessage(message); + mLooper.dispatchAll(); + + // Verify the permission check params (hideFromAppOps == true). + verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner( + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(true)); + + // send single scan request (hideFromAppOps == false). + scanSettings.hideFromAppOps = false; + bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings); + message = Message.obtain(); + message.what = WifiScanner.CMD_START_SINGLE_SCAN; + message.obj = bundle; + controlChannel.sendMessage(message); + mLooper.dispatchAll(); + + // Verify the permission check params (hideFromAppOps == false). + verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner( + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false)); + + // send background scan request (hideFromAppOps == true). + scanSettings.hideFromAppOps = true; + bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings); + message = Message.obtain(); + message.what = WifiScanner.CMD_START_BACKGROUND_SCAN; + controlChannel.sendMessage(message); + mLooper.dispatchAll(); + + // Verify the permission check params (hideFromAppOps == false), the field + // is ignored for any requests other than single scan. + verify(mWifiPermissionsUtil).enforceCanAccessScanResultsForWifiScanner( + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), eq(false), eq(false)); + } + + /** + * Verifies that we don't invoke {@link WifiPermissionsUtil# + * enforceCanAccessScanResultsForWifiScanner(String, int, boolean, boolean)} for requests + * from privileged clients (i.e wifi service). + */ + @Test + public void verifyLocationPermissionCheckIsSkippedFromPrivilegedClientsForSingleScan() + throws Exception { + // Start service & initialize it. + startServiceAndLoadDriver(); + + Handler handler = mock(Handler.class); + BidirectionalAsyncChannel controlChannel = connectChannel(handler); + + // Client does have NETWORK_STACK permission. + doNothing().when(mContext).enforcePermission( + eq(Manifest.permission.NETWORK_STACK), anyInt(), eq(Binder.getCallingUid()), any()); + + Bundle bundle = new Bundle(); + bundle.putString(WifiScanner.REQUEST_PACKAGE_NAME_KEY, TEST_PACKAGE_NAME); + WifiScanner.ScanSettings scanSettings = new WifiScanner.ScanSettings(); + + // send single scan request (hideFromAppOps == true, ignoreLocationSettings = true). + scanSettings.hideFromAppOps = true; + scanSettings.ignoreLocationSettings = true; + bundle.putParcelable(WifiScanner.SCAN_PARAMS_SCAN_SETTINGS_KEY, scanSettings); + Message message = Message.obtain(); + message.what = WifiScanner.CMD_START_SINGLE_SCAN; + message.obj = bundle; + controlChannel.sendMessage(message); + mLooper.dispatchAll(); + + // Verify that we didn't invoke the location permission check. + verify(mWifiPermissionsUtil, never()).enforceCanAccessScanResultsForWifiScanner( + eq(TEST_PACKAGE_NAME), eq(Binder.getCallingUid()), anyBoolean(), anyBoolean()); } } |