5 files changed, 118 insertions, 1 deletions

diff --git a/tests/backup/AndroidTest.xml b/tests/backup/AndroidTest.xml
index 0e8466247c9..d4498707eb3 100644
--- a/tests/backup/AndroidTest.xml
+++ b/tests/backup/AndroidTest.xml
@@ -20,6 +20,7 @@
     <!-- Backup of instant apps is not supported. -->
     <option name="config-descriptor:metadata" key="parameter" value="not_instant_app" />
     <option name="config-descriptor:metadata" key="parameter" value="not_multi_abi" />
+    <option name="config-descriptor:metadata" key="mainline-param" value="com.google.android.permission.apex" />
     <!-- Run module in system user because backup tests are not fully supported in secondary user.
      For devices running on secondary user, such as automotive devices, these tests will fail.
      When backup tests are fully functional for secondary users:
diff --git a/tests/backup/TEST_MAPPING b/tests/backup/TEST_MAPPING
index 4e5beb081b0..1e1dcdb211c 100644
--- a/tests/backup/TEST_MAPPING
+++ b/tests/backup/TEST_MAPPING
@@ -3,5 +3,15 @@
     {
       "name": "CtsBackupTestCases"
     }
+  ],
+  "mainline-presubmit": [
+    {
+      "name": "CtsBackupTestCases[com.google.android.permission.apex]",
+      "options": [
+        {
+          "include-filter": "android.backup.cts.PermissionTest"
+        }
+      ]
+    }
   ]
 }
diff --git a/tests/tests/security/AndroidManifest.xml b/tests/tests/security/AndroidManifest.xml
index 2c5e2482754..72a110b40d6 100644
--- a/tests/tests/security/AndroidManifest.xml
+++ b/tests/tests/security/AndroidManifest.xml
@@ -18,6 +18,8 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
      package="android.security.cts">
 
+    <permission-tree android:name="com.android.cts"/>
+
     <uses-permission android:name="android.permission.DISABLE_KEYGUARD"/>
     <uses-permission android:name="android.permission.KILL_BACKGROUND_PROCESSES"/>
     <uses-permission android:name="android.permission.CHANGE_NETWORK_STATE"/>
diff --git a/tests/tests/security/src/android/security/cts/PermissionMemoryFootprintTest.kt b/tests/tests/security/src/android/security/cts/PermissionMemoryFootprintTest.kt
new file mode 100644
index 00000000000..c77476021d0
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/PermissionMemoryFootprintTest.kt
@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts
+
+import android.content.pm.PackageManager
+import android.content.pm.PermissionInfo
+import android.platform.test.annotations.AsbSecurityTest
+import androidx.test.ext.junit.runners.AndroidJUnit4
+import androidx.test.platform.app.InstrumentationRegistry
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase
+import org.junit.Assert
+import org.junit.Test
+import org.junit.runner.RunWith
+
+@RunWith(AndroidJUnit4::class)
+class PermissionMemoryFootprintTest : StsExtraBusinessLogicTestCase() {
+    companion object {
+        const val MAX_NUM_PERMISSIONS = 32000
+        const val PKG_TREE_NAME = "com.android.cts"
+        val LONG_DESCRIPTION = " ".repeat(MAX_NUM_PERMISSIONS / 10)
+        val SHORT_DESCRIPTION = " ".repeat(MAX_NUM_PERMISSIONS / 100)
+
+        val permInfo = PermissionInfo().apply {
+            labelRes = 1
+            protectionLevel = PermissionInfo.PROTECTION_NORMAL
+        }
+    }
+
+    val packageManager: PackageManager = InstrumentationRegistry.getInstrumentation()
+                    .getTargetContext().packageManager!!
+
+    @Throws(SecurityException::class)
+    private fun createOrRemovePermissions(
+        largePerm: Boolean = true,
+        add: Boolean = true,
+        numPerms: Int = MAX_NUM_PERMISSIONS,
+    ): Int {
+        var numPermsCreated = 0
+        for (i in 1..numPerms) {
+            try {
+                permInfo.name = "$PKG_TREE_NAME.$i"
+                permInfo.nonLocalizedDescription = if (largePerm) {
+                    LONG_DESCRIPTION
+                } else {
+                    SHORT_DESCRIPTION
+                }
+
+                if (add) {
+                    packageManager.addPermission(permInfo)
+                } else {
+                    packageManager.removePermission(permInfo.name)
+                }
+            } catch (e: SecurityException) {
+                break
+            }
+            numPermsCreated = i
+        }
+        return numPermsCreated
+    }
+
+    @Test
+    @AsbSecurityTest(cveBugId = [242537498])
+    fun checkAppsCreatingPermissionsAreCapped() {
+        var numCreated = 0
+        try {
+            numCreated = createOrRemovePermissions()
+            Assert.assertNotEquals("Expected at least one permission", numCreated, 0)
+            Assert.assertNotEquals(numCreated, MAX_NUM_PERMISSIONS)
+        } finally {
+            createOrRemovePermissions(add = false, numPerms = numCreated)
+        }
+    }
+
+    @Test
+    @AsbSecurityTest(cveBugId = [242537498])
+    fun checkAppsCantIncreasePermissionSizeAfterCreating() {
+        var numCreatedShort = 0
+        try {
+            numCreatedShort = createOrRemovePermissions(largePerm = false)
+            Assert.assertNotEquals("Expected at least one permission", numCreatedShort, 0)
+            val numCreatedLong = createOrRemovePermissions(numPerms = 1)
+            Assert.assertEquals("Expected to not be able to create a large permission",
+                0, numCreatedLong)
+        } finally {
+            createOrRemovePermissions(add = false, numPerms = numCreatedShort)
+        }
+    }
+}
diff --git a/tests/tests/security/src/android/security/cts/WallpaperManagerTest.java b/tests/tests/security/src/android/security/cts/WallpaperManagerTest.java
index 73474a1b67e..eeed518b713 100644
--- a/tests/tests/security/src/android/security/cts/WallpaperManagerTest.java
+++ b/tests/tests/security/src/android/security/cts/WallpaperManagerTest.java
@@ -76,7 +76,9 @@ public class WallpaperManagerTest extends StsExtraBusinessLogicTestCase {
 
     @After
     public void tearDown() throws Exception {
-        mWallpaperManager.clear(WallpaperManager.FLAG_SYSTEM | WallpaperManager.FLAG_LOCK);
+        if (mWallpaperManager != null) {
+            mWallpaperManager.clear(WallpaperManager.FLAG_SYSTEM | WallpaperManager.FLAG_LOCK);
+        }
         InstrumentationRegistry.getInstrumentation().getUiAutomation()
                 .dropShellPermissionIdentity();
     }