• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 package android.os.cts;
17 
18 import static com.google.common.truth.Truth.assertThat;
19 
20 import android.content.Context;
21 import android.content.pm.ApplicationInfo;
22 import android.os.Environment;
23 import android.os.UserHandle;
24 import android.platform.test.annotations.AppModeFull;
25 import android.system.Os;
26 import android.system.StructStatVfs;
27 
28 import androidx.test.platform.app.InstrumentationRegistry;
29 
30 import com.android.compatibility.common.util.ApiTest;
31 
32 import junit.framework.TestCase;
33 
34 import java.io.BufferedReader;
35 import java.io.File;
36 import java.io.FileReader;
37 import java.util.UUID;
38 import java.util.function.BiFunction;
39 import java.util.function.Function;
40 
41 public class EnvironmentTest extends TestCase {
42 
43     private static final Context sContext =
44             InstrumentationRegistry.getInstrumentation().getContext();
45 
testEnvironment()46     public void testEnvironment() {
47         new Environment();
48         assertNotNull(Environment.getExternalStorageState());
49         assertTrue(Environment.getRootDirectory().isDirectory());
50         assertTrue(Environment.getDownloadCacheDirectory().isDirectory());
51         assertTrue(Environment.getDataDirectory().isDirectory());
52     }
53 
54     @AppModeFull(reason = "External directory not accessible by instant apps")
testEnvironmentExternal()55     public void testEnvironmentExternal() {
56         assertTrue(Environment.getStorageDirectory().isDirectory());
57         assertTrue(Environment.getExternalStorageDirectory().isDirectory());
58     }
59 
60     /**
61      * If TMPDIR points to a global shared directory,
62      * this could compromise the security of the files.
63      */
testNoTmpDir()64     public void testNoTmpDir() {
65         assertTrue(System.getenv("TMPDIR").endsWith("android.os.cts/cache"));
66     }
67 
68     /**
69      * Verify that all writable block filesystems are mounted "noatime" to avoid
70      * unnecessary flash churn.
71      */
testNoAtime()72     public void testNoAtime() throws Exception {
73         try (BufferedReader br = new BufferedReader(new FileReader("/proc/mounts"))) {
74             String line;
75             while ((line = br.readLine()) != null) {
76                 final String[] fields = line.split(" ");
77                 final String source = fields[0];
78                 final String options = fields[3];
79 
80                 if (source.startsWith("/dev/block/") && !options.startsWith("ro,")
81                         && !options.contains("noatime")) {
82                     fail("Found device mounted at " + source + " without 'noatime' option, "
83                             + "which can cause unnecessary flash churn; please update your fstab.");
84                 }
85             }
86         }
87     }
88 
89     /**
90      * verify hidepid=2 on /proc
91      */
testHidePid2()92     public void testHidePid2() throws Exception {
93         try (BufferedReader br = new BufferedReader(new FileReader("/proc/mounts"))) {
94             String line;
95             while ((line = br.readLine()) != null) {
96                 final String[] fields = line.split(" ");
97                 final String source = fields[0];
98                 final String options = fields[3];
99 
100                 if (source.equals("proc") && !options.contains("hidepid=2")
101                         && !options.contains("hidepid=invisible")) {
102                     fail("proc filesystem mounted without hidepid=2 or hidepid=invisible");
103                 }
104             }
105         }
106     }
107 
testHidePid2_direct()108     public void testHidePid2_direct() throws Exception {
109         assertFalse(new File("/proc/1").exists());
110     }
111 
112     /**
113      * Verify that all writable block filesystems are mounted with "resgid" to
114      * mitigate disk-full trouble.
115      */
testSaneInodes()116     public void testSaneInodes() throws Exception {
117         final File file = Environment.getDataDirectory();
118         final StructStatVfs stat = Os.statvfs(file.getAbsolutePath());
119 
120         // By default ext4 creates one inode per 16KiB; we're okay with a much
121         // wider range, but we want to make sure the device isn't going totally
122         // crazy; too few inodes can result in system instability, and too many
123         // inodes can result in wasted space.
124         final long maxsize = stat.f_blocks * stat.f_frsize;
125         final long maxInodes = maxsize / 4096;
126         // Assuming the smallest storage would be 4GB, min # of free inodes
127         // in EXT4/F2FS must be larger than 128k for Android to work properly.
128         long minInodes = 128 * 1024;
129         final long size4GB = 4294967296l;
130         //If the storage size is smaller than 4GB, let's consider 32k for 1GB.
131         if (maxsize < size4GB) {
132             minInodes = 32 * 1024;
133         }
134 
135         if (stat.f_ffree >= minInodes && stat.f_ffree <= maxInodes
136             && stat.f_favail <= stat.f_ffree) {
137             // Sweet, sounds great!
138         } else {
139             fail("Number of inodes " + stat.f_ffree + "/" + stat.f_favail
140               + " not within sane range for partition of " + maxsize + " bytes; expected ["
141               + minInodes + "," + maxInodes + "]");
142         }
143     }
144 
145     @ApiTest(apis = "android.os.Environment#getDataCePackageDirectoryForUser")
testDataCePackageDirectoryForUser()146     public void testDataCePackageDirectoryForUser() {
147         testDataPackageDirectoryForUser(
148                 (uuid, userHandle) -> Environment.getDataCePackageDirectoryForUser(
149                         uuid, userHandle, sContext.getPackageName()),
150                 (appInfo) -> appInfo.credentialProtectedDataDir
151         );
152     }
153 
154     @ApiTest(apis = "android.os.Environment#getDataDePackageDirectoryForUser")
testDataDePackageDirectoryForUser()155     public void testDataDePackageDirectoryForUser() {
156         testDataPackageDirectoryForUser(
157                 (uuid, userHandle) -> Environment.getDataDePackageDirectoryForUser(
158                         uuid, userHandle, sContext.getPackageName()),
159                 (appInfo) -> appInfo.deviceProtectedDataDir
160         );
161     }
162 
testDataPackageDirectoryForUser( BiFunction<UUID, UserHandle, File> publicApi, Function<ApplicationInfo, String> publicProperty)163     private void testDataPackageDirectoryForUser(
164             BiFunction<UUID, UserHandle, File> publicApi,
165             Function<ApplicationInfo, String> publicProperty) {
166         var appInfo = sContext.getApplicationInfo();
167         // Check that public API is consistent with the public property
168         assertThat(publicApi.apply(appInfo.storageUuid, sContext.getUser()).getAbsolutePath())
169                 .isEqualTo(publicProperty.apply(appInfo));
170     }
171 }
172