From 8669ad1117c7502d74ef24e2a7f9df387f5eddd2 Mon Sep 17 00:00:00 2001 From: Brett Chabot Date: Mon, 15 Jun 2009 16:36:38 -0700 Subject: Add DownloadProvider permission tests. --- .../tests/DownloadProviderPermissionsTest.java | 116 +++++++++++++++++++++ .../permission/tests/DummyPermissionTest.java | 29 ------ 2 files changed, 116 insertions(+), 29 deletions(-) create mode 100644 tests/permission/src/com/android/providers/downloads/permission/tests/DownloadProviderPermissionsTest.java delete mode 100644 tests/permission/src/com/android/providers/downloads/permission/tests/DummyPermissionTest.java (limited to 'tests/permission') diff --git a/tests/permission/src/com/android/providers/downloads/permission/tests/DownloadProviderPermissionsTest.java b/tests/permission/src/com/android/providers/downloads/permission/tests/DownloadProviderPermissionsTest.java new file mode 100644 index 00000000..020d1e45 --- /dev/null +++ b/tests/permission/src/com/android/providers/downloads/permission/tests/DownloadProviderPermissionsTest.java @@ -0,0 +1,116 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.providers.downloads.permission.tests; + +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; + +import android.content.ContentResolver; +import android.content.ContentValues; +import android.content.Intent; +import android.provider.Downloads; +import android.test.AndroidTestCase; +import android.test.suitebuilder.annotation.MediumTest; + +/** + * Verify that protected Download provider actions require specific permissions. + * + * TODO: consider adding test where app has ACCESS_DOWNLOAD_MANAGER, but not + * ACCESS_DOWNLOAD_MANAGER_ADVANCED + */ +public class DownloadProviderPermissionsTest extends AndroidTestCase { + + private ContentResolver mContentResolver; + + @Override + protected void setUp() throws Exception { + super.setUp(); + mContentResolver = getContext().getContentResolver(); + } + + /** + * Test that an app cannot access the /cache filesystem + *

Tests Permission: + * {@link com.android.providers.downloads.Manifest.permission#ACCESS_CACHE_FILESYSTEM} + */ + @MediumTest + public void testAccessCacheFilesystem() throws IOException { + try { + String filePath = "/cache/this-should-not-exist.txt"; + FileOutputStream strm = new FileOutputStream(filePath); + strm.write("Oops!".getBytes()); + strm.flush(); + strm.close(); + fail("Was able to create and write to " + filePath); + } catch (SecurityException e) { + // expected + } catch (FileNotFoundException e) { + // also could be expected + } + } + + /** + * Test that an untrusted app cannot read from the download provider + *

Tests Permission: + * {@link com.android.providers.downloads.Manifest.permission#ACCESS_DOWNLOAD_MANAGER} + */ + @MediumTest + public void testReadDownloadProvider() throws IOException { + try { + mContentResolver.query(Downloads.CONTENT_URI, null, null, null, null); + fail("read from provider did not throw SecurityException as expected."); + } catch (SecurityException e) { + // expected + } + } + + /** + * Test that an untrusted app cannot write to the download provider + *

Tests Permission: + * {@link com.android.providers.downloads.Manifest.permission#ACCESS_DOWNLOAD_MANAGER} + */ + @MediumTest + public void testWriteDownloadProvider() throws IOException { + try { + ContentValues values = new ContentValues(); + values.put(Downloads.DESTINATION, "foo"); + mContentResolver.insert(Downloads.CONTENT_URI, values); + fail("write to provider did not throw SecurityException as expected."); + } catch (SecurityException e) { + // expected + } + } + + /** + * Test that an untrusted app cannot access the download service + *

Tests Permission: + * {@link com.android.providers.downloads.Manifest.permission#ACCESS_DOWNLOAD_MANAGER} + */ + @MediumTest + public void testStartDownloadService() throws IOException { + try { + Intent downloadServiceIntent = new Intent(); + downloadServiceIntent.setClassName("com.android.providers.downloads", + "com.android.providers.downloads.DownloadService"); + getContext().startService(downloadServiceIntent); + fail("starting download service did not throw SecurityException as expected."); + } catch (SecurityException e) { + // expected + } + } +} diff --git a/tests/permission/src/com/android/providers/downloads/permission/tests/DummyPermissionTest.java b/tests/permission/src/com/android/providers/downloads/permission/tests/DummyPermissionTest.java deleted file mode 100644 index f53c5e59..00000000 --- a/tests/permission/src/com/android/providers/downloads/permission/tests/DummyPermissionTest.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.providers.downloads.permission.tests; - -import junit.framework.TestCase; - -/** - * TODO: Remove this. This is only a placeholder. - */ -public class DummyPermissionTest extends TestCase { - - public void testMe() { - - } -} -- cgit v1.2.3