summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java30
1 files changed, 30 insertions, 0 deletions
diff --git a/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java b/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
index 0e569015132..f2cbc6c552f 100644
--- a/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
+++ b/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
@@ -114,6 +114,16 @@ public class AccessPermissionWithDiffSigTest extends AndroidTestCase {
}
}
+ private void assertContentUriAllowed(Uri uri) {
+ assertReadingContentUriAllowed(uri);
+ assertWritingContentUriAllowed(uri);
+ }
+
+ private void assertContentUriNotAllowed(Uri uri, String msg) {
+ assertReadingContentUriNotAllowed(uri, msg);
+ assertWritingContentUriNotAllowed(uri, msg);
+ }
+
private void assertWritingContentUriNotAllowed(Uri uri, String msg) {
final ContentResolver resolver = getContext().getContentResolver();
try {
@@ -1197,6 +1207,26 @@ public class AccessPermissionWithDiffSigTest extends AndroidTestCase {
}
/**
+ * Test that shady {@link Uri} are blocked by {@code path-permission}.
+ */
+ public void testRestrictingProviderMatchingShadyPaths() {
+ assertContentUriAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting/"));
+ assertContentUriAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting//"));
+ assertContentUriAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting///"));
+ assertContentUriNotAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting/foo"), null);
+ assertContentUriNotAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting//foo"), null);
+ assertContentUriNotAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting///foo"), null);
+ assertContentUriNotAllowed(
+ Uri.parse("content://ctspermissionwithsignaturepathrestricting/foo//baz"), null);
+ }
+
+ /**
* Verify that at least one {@code path-permission} rule will grant access,
* even if the caller doesn't hold another matching {@code path-permission}.
*/
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 23:33:33 +0000