diff options
-rw-r--r-- | hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java b/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java index f187504d992..355de8c72c9 100644 --- a/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java +++ b/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java @@ -141,6 +141,16 @@ public class AccessPermissionWithDiffSigTest extends AndroidTestCase { } } + private void assertContentUriAllowed(Uri uri) { + assertReadingContentUriAllowed(uri); + assertWritingContentUriAllowed(uri); + } + + private void assertContentUriNotAllowed(Uri uri, String msg) { + assertReadingContentUriNotAllowed(uri, msg); + assertWritingContentUriNotAllowed(uri, msg); + } + private void assertWritingContentUriNotAllowed(Uri uri, String msg) { final ContentResolver resolver = getContext().getContentResolver(); try { @@ -1170,6 +1180,26 @@ public class AccessPermissionWithDiffSigTest extends AndroidTestCase { } /** + * Test that shady {@link Uri} are blocked by {@code path-permission}. + */ + public void testRestrictingProviderMatchingShadyPaths() { + assertContentUriAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting/")); + assertContentUriAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting//")); + assertContentUriAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting///")); + assertContentUriNotAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting/foo"), null); + assertContentUriNotAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting//foo"), null); + assertContentUriNotAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting///foo"), null); + assertContentUriNotAllowed( + Uri.parse("content://ctspermissionwithsignaturepathrestricting/foo//baz"), null); + } + + /** * Verify that at least one {@code path-permission} rule will grant access, * even if the caller doesn't hold another matching {@code path-permission}. */ |