1 /* 2 * Copyright (C) 2022 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.cts 18 19 import android.content.pm.PackageManager 20 import android.content.pm.PermissionInfo 21 import android.platform.test.annotations.AsbSecurityTest 22 import androidx.test.ext.junit.runners.AndroidJUnit4 23 import androidx.test.platform.app.InstrumentationRegistry 24 import com.android.sts.common.util.StsExtraBusinessLogicTestCase 25 import org.junit.Assert 26 import org.junit.Test 27 import org.junit.runner.RunWith 28 29 @RunWith(AndroidJUnit4::class) 30 class PermissionMemoryFootprintTest : StsExtraBusinessLogicTestCase() { 31 companion object { 32 const val MAX_NUM_PERMISSIONS = 32000 33 const val PKG_TREE_NAME = "com.android.cts" 34 val LONG_DESCRIPTION = " ".repeat(MAX_NUM_PERMISSIONS / 10) 35 val SHORT_DESCRIPTION = " ".repeat(MAX_NUM_PERMISSIONS / 100) 36 <lambda>null37 val permInfo = PermissionInfo().apply { 38 labelRes = 1 39 protectionLevel = PermissionInfo.PROTECTION_NORMAL 40 } 41 } 42 43 val packageManager: PackageManager = InstrumentationRegistry.getInstrumentation() 44 .getTargetContext().packageManager!! 45 46 @Throws(SecurityException::class) createOrRemovePermissionsnull47 private fun createOrRemovePermissions( 48 largePerm: Boolean = true, 49 add: Boolean = true, 50 numPerms: Int = MAX_NUM_PERMISSIONS, 51 ): Int { 52 var numPermsCreated = 0 53 for (i in 1..numPerms) { 54 try { 55 permInfo.name = "$PKG_TREE_NAME.$i" 56 permInfo.nonLocalizedDescription = if (largePerm) { 57 LONG_DESCRIPTION 58 } else { 59 SHORT_DESCRIPTION 60 } 61 62 if (add) { 63 packageManager.addPermission(permInfo) 64 } else { 65 packageManager.removePermission(permInfo.name) 66 } 67 } catch (e: SecurityException) { 68 break 69 } 70 numPermsCreated = i 71 } 72 return numPermsCreated 73 } 74 75 @Test 76 @AsbSecurityTest(cveBugId = [242537498]) checkAppsCreatingPermissionsAreCappednull77 fun checkAppsCreatingPermissionsAreCapped() { 78 var numCreated = 0 79 try { 80 numCreated = createOrRemovePermissions() 81 Assert.assertNotEquals("Expected at least one permission", numCreated, 0) 82 Assert.assertNotEquals(numCreated, MAX_NUM_PERMISSIONS) 83 } finally { 84 createOrRemovePermissions(add = false, numPerms = numCreated) 85 } 86 } 87 88 @Test 89 @AsbSecurityTest(cveBugId = [242537498]) checkAppsCantIncreasePermissionSizeAfterCreatingnull90 fun checkAppsCantIncreasePermissionSizeAfterCreating() { 91 var numCreatedShort = 0 92 try { 93 numCreatedShort = createOrRemovePermissions(largePerm = false) 94 Assert.assertNotEquals("Expected at least one permission", numCreatedShort, 0) 95 val numCreatedLong = createOrRemovePermissions(numPerms = 1) 96 Assert.assertEquals("Expected to not be able to create a large permission", 97 0, numCreatedLong) 98 } finally { 99 createOrRemovePermissions(add = false, numPerms = numCreatedShort) 100 } 101 } 102 } 103