1 /* 2 * Copyright (C) 2021 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.net; 18 19 import static com.android.testutils.DevSdkIgnoreRuleKt.SC_V2; 20 21 import static org.junit.Assert.assertEquals; 22 import static org.mockito.Mockito.doCallRealMethod; 23 import static org.mockito.Mockito.when; 24 25 import android.Manifest; 26 import android.Manifest.permission; 27 import android.app.AppOpsManager; 28 import android.app.admin.DevicePolicyManager; 29 import android.content.Context; 30 import android.content.pm.PackageManager; 31 import android.telephony.TelephonyManager; 32 33 import androidx.test.filters.SmallTest; 34 35 import com.android.testutils.DevSdkIgnoreRule; 36 import com.android.testutils.DevSdkIgnoreRunner; 37 38 import org.junit.After; 39 import org.junit.Before; 40 import org.junit.Test; 41 import org.junit.runner.RunWith; 42 import org.mockito.Mock; 43 import org.mockito.MockitoAnnotations; 44 45 @RunWith(DevSdkIgnoreRunner.class) 46 @SmallTest 47 @DevSdkIgnoreRule.IgnoreUpTo(SC_V2) // TODO: Use to Build.VERSION_CODES.SC_V2 when available 48 public class NetworkStatsAccessTest { 49 private static final String TEST_PKG = "com.example.test"; 50 private static final int TEST_PID = 1234; 51 private static final int TEST_UID = 12345; 52 53 @Mock private Context mContext; 54 @Mock private DevicePolicyManager mDpm; 55 @Mock private TelephonyManager mTm; 56 @Mock private AppOpsManager mAppOps; 57 58 // Hold the real service so we can restore it when tearing down the test. 59 private DevicePolicyManager mSystemDpm; 60 61 @Before setUp()62 public void setUp() throws Exception { 63 MockitoAnnotations.initMocks(this); 64 65 when(mContext.getSystemService(Context.TELEPHONY_SERVICE)).thenReturn(mTm); 66 when(mContext.getSystemService(Context.APP_OPS_SERVICE)).thenReturn(mAppOps); 67 when(mContext.getSystemServiceName(DevicePolicyManager.class)) 68 .thenReturn(Context.DEVICE_POLICY_SERVICE); 69 when(mContext.getSystemService(Context.DEVICE_POLICY_SERVICE)).thenReturn(mDpm); 70 if (mContext.getSystemService(DevicePolicyManager.class) == null) { 71 // Test is using mockito-extended 72 doCallRealMethod().when(mContext).getSystemService(DevicePolicyManager.class); 73 } 74 75 setHasCarrierPrivileges(false); 76 setIsDeviceOwner(false); 77 setIsProfileOwner(false); 78 setHasAppOpsPermission(AppOpsManager.MODE_DEFAULT, false); 79 setHasReadHistoryPermission(false); 80 setHasNetworkStackPermission(false); 81 setHasMainlineNetworkStackPermission(false); 82 } 83 84 @After tearDown()85 public void tearDown() throws Exception { 86 } 87 88 @Test testCheckAccessLevel_hasCarrierPrivileges()89 public void testCheckAccessLevel_hasCarrierPrivileges() throws Exception { 90 setHasCarrierPrivileges(true); 91 assertEquals(NetworkStatsAccess.Level.DEVICE, 92 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 93 } 94 95 @Test testCheckAccessLevel_isDeviceOwner()96 public void testCheckAccessLevel_isDeviceOwner() throws Exception { 97 setIsDeviceOwner(true); 98 assertEquals(NetworkStatsAccess.Level.DEVICE, 99 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 100 } 101 102 @Test testCheckAccessLevel_isProfileOwner()103 public void testCheckAccessLevel_isProfileOwner() throws Exception { 104 setIsProfileOwner(true); 105 assertEquals(NetworkStatsAccess.Level.USER, 106 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 107 } 108 109 @Test testCheckAccessLevel_hasAppOpsBitAllowed()110 public void testCheckAccessLevel_hasAppOpsBitAllowed() throws Exception { 111 setIsProfileOwner(true); 112 setHasAppOpsPermission(AppOpsManager.MODE_ALLOWED, false); 113 assertEquals(NetworkStatsAccess.Level.DEVICESUMMARY, 114 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 115 } 116 117 @Test testCheckAccessLevel_hasAppOpsBitDefault_grantedPermission()118 public void testCheckAccessLevel_hasAppOpsBitDefault_grantedPermission() throws Exception { 119 setIsProfileOwner(true); 120 setHasAppOpsPermission(AppOpsManager.MODE_DEFAULT, true); 121 assertEquals(NetworkStatsAccess.Level.DEVICESUMMARY, 122 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 123 } 124 125 @Test testCheckAccessLevel_hasReadHistoryPermission()126 public void testCheckAccessLevel_hasReadHistoryPermission() throws Exception { 127 setIsProfileOwner(true); 128 setHasReadHistoryPermission(true); 129 assertEquals(NetworkStatsAccess.Level.DEVICESUMMARY, 130 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 131 } 132 133 @Test testCheckAccessLevel_deniedAppOpsBit()134 public void testCheckAccessLevel_deniedAppOpsBit() throws Exception { 135 setHasAppOpsPermission(AppOpsManager.MODE_ERRORED, true); 136 assertEquals(NetworkStatsAccess.Level.DEFAULT, 137 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 138 } 139 140 @Test testCheckAccessLevel_deniedAppOpsBit_deniedPermission()141 public void testCheckAccessLevel_deniedAppOpsBit_deniedPermission() throws Exception { 142 assertEquals(NetworkStatsAccess.Level.DEFAULT, 143 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 144 } 145 146 @Test testCheckAccessLevel_hasNetworkStackPermission()147 public void testCheckAccessLevel_hasNetworkStackPermission() throws Exception { 148 assertEquals(NetworkStatsAccess.Level.DEFAULT, 149 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 150 151 setHasNetworkStackPermission(true); 152 assertEquals(NetworkStatsAccess.Level.DEVICE, 153 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 154 155 setHasNetworkStackPermission(false); 156 assertEquals(NetworkStatsAccess.Level.DEFAULT, 157 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 158 159 setHasMainlineNetworkStackPermission(true); 160 assertEquals(NetworkStatsAccess.Level.DEVICE, 161 NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG)); 162 } 163 setHasCarrierPrivileges(boolean hasPrivileges)164 private void setHasCarrierPrivileges(boolean hasPrivileges) { 165 when(mTm.checkCarrierPrivilegesForPackageAnyPhone(TEST_PKG)).thenReturn( 166 hasPrivileges ? TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS 167 : TelephonyManager.CARRIER_PRIVILEGE_STATUS_NO_ACCESS); 168 } 169 setIsDeviceOwner(boolean isOwner)170 private void setIsDeviceOwner(boolean isOwner) { 171 when(mDpm.isDeviceOwnerApp(TEST_PKG)).thenReturn(isOwner); 172 } 173 setIsProfileOwner(boolean isOwner)174 private void setIsProfileOwner(boolean isOwner) { 175 when(mDpm.isProfileOwnerApp(TEST_PKG)).thenReturn(isOwner); 176 } 177 setHasAppOpsPermission(int appOpsMode, boolean hasPermission)178 private void setHasAppOpsPermission(int appOpsMode, boolean hasPermission) { 179 when(mAppOps.noteOp(AppOpsManager.OPSTR_GET_USAGE_STATS, TEST_UID, TEST_PKG, 180 null /* attributionTag */, null /* message */)).thenReturn(appOpsMode); 181 when(mContext.checkCallingPermission(Manifest.permission.PACKAGE_USAGE_STATS)).thenReturn( 182 hasPermission ? PackageManager.PERMISSION_GRANTED 183 : PackageManager.PERMISSION_DENIED); 184 } 185 setHasReadHistoryPermission(boolean hasPermission)186 private void setHasReadHistoryPermission(boolean hasPermission) { 187 when(mContext.checkCallingOrSelfPermission(permission.READ_NETWORK_USAGE_HISTORY)) 188 .thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED 189 : PackageManager.PERMISSION_DENIED); 190 } 191 setHasNetworkStackPermission(boolean hasPermission)192 private void setHasNetworkStackPermission(boolean hasPermission) { 193 when(mContext.checkPermission(android.Manifest.permission.NETWORK_STACK, 194 TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED 195 : PackageManager.PERMISSION_DENIED); 196 } 197 setHasMainlineNetworkStackPermission(boolean hasPermission)198 private void setHasMainlineNetworkStackPermission(boolean hasPermission) { 199 when(mContext.checkPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, 200 TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED 201 : PackageManager.PERMISSION_DENIED); 202 } 203 } 204