1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security; 18 19 import android.test.AndroidTestCase; 20 import com.android.compatibility.common.util.PropertyUtil; 21 import java.io.IOException; 22 23 /** 24 * Verify the selinux domain for apps running with targetSdkVersion==29 25 */ 26 public class SELinuxTargetSdkTest extends SELinuxTargetSdkTestBase 27 { 28 /** 29 * Verify that net.dns properties may not be read 30 */ testNoDns()31 public void testNoDns() throws IOException { 32 noDns(); 33 } 34 testDex2oat()35 public void testDex2oat() throws Exception { 36 /* 37 * Apps with a vendor image older than Q may access the dex2oat executable through 38 * selinux policy on the vendor partition because the permission was granted in public 39 * policy for appdomain. 40 */ 41 if (PropertyUtil.isVendorApiLevelNewerThan(28)) { 42 checkDex2oatAccess(false); 43 } 44 } 45 testNetlinkRouteGetlinkSucceeds()46 public void testNetlinkRouteGetlinkSucceeds() throws IOException { 47 checkNetlinkRouteGetlink(true); 48 } 49 testNetlinkRouteBindSucceeds()50 public void testNetlinkRouteBindSucceeds() throws IOException { 51 checkNetlinkRouteBind(true); 52 } 53 testCanNotExecuteFromHomeDir()54 public void testCanNotExecuteFromHomeDir() throws Exception { 55 assertFalse(canExecuteFromHomeDir()); 56 } 57 58 /** 59 * Verify that selinux context is the expected domain based on 60 * targetSdkVersion = 29 61 */ testAppDomainContext()62 public void testAppDomainContext() throws IOException { 63 String context = "u:r:untrusted_app_29:s0:c[0-9]+,c[0-9]+,c[0-9]+,c[0-9]+"; 64 String msg = "Untrusted apps with targetSdkVersion 29 " + 65 "must run in the untrusted_app selinux domain and use the levelFrom=all " + 66 "selector in SELinux seapp_contexts which adds four category types " + 67 "to the app's selinux context.\n" + 68 "Example expected value: u:r:untrusted_app:s0:c89,c256,c512,c768\n" + 69 "Actual value: "; 70 appDomainContext(context, msg); 71 } 72 73 /** 74 * Verify that selinux context is the expected type based on 75 * targetSdkVersion = 29 76 */ testAppDataContext()77 public void testAppDataContext() throws Exception { 78 String context = "u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+,c[0-9]+,c[0-9]+"; 79 String msg = "Untrusted apps with targetSdkVersion 29 " + 80 "must use the app_data_file selinux context and use the levelFrom=all " + 81 "selector in SELinux seapp_contexts which adds four category types " + 82 "to the app_data_file context.\n" + 83 "Example expected value: u:object_r:app_data_file:s0:c89,c256,c512,c768\n" + 84 "Actual value: "; 85 appDataContext(context, msg); 86 } 87 testNetworkInterface()88 public void testNetworkInterface() throws Exception { 89 checkNetworkInterface_returnsHardwareAddresses(); 90 } 91 } 92