1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
/*
* Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.cts
import android.content.pm.PackageManager
import android.content.pm.PermissionInfo
import android.platform.test.annotations.AsbSecurityTest
import androidx.test.ext.junit.runners.AndroidJUnit4
import androidx.test.platform.app.InstrumentationRegistry
import com.android.sts.common.util.StsExtraBusinessLogicTestCase
import org.junit.Assert
import org.junit.Test
import org.junit.runner.RunWith
@RunWith(AndroidJUnit4::class)
class PermissionMemoryFootprintTest : StsExtraBusinessLogicTestCase() {
companion object {
const val MAX_NUM_PERMISSIONS = 32000
const val PKG_TREE_NAME = "com.android.cts"
val LONG_DESCRIPTION = " ".repeat(MAX_NUM_PERMISSIONS / 10)
val SHORT_DESCRIPTION = " ".repeat(MAX_NUM_PERMISSIONS / 100)
val permInfo = PermissionInfo().apply {
labelRes = 1
protectionLevel = PermissionInfo.PROTECTION_NORMAL
}
}
val packageManager: PackageManager = InstrumentationRegistry.getInstrumentation()
.getTargetContext().packageManager!!
@Throws(SecurityException::class)
private fun createOrRemovePermissions(
largePerm: Boolean = true,
add: Boolean = true,
numPerms: Int = MAX_NUM_PERMISSIONS,
): Int {
var numPermsCreated = 0
for (i in 1..numPerms) {
try {
permInfo.name = "$PKG_TREE_NAME.$i"
permInfo.nonLocalizedDescription = if (largePerm) {
LONG_DESCRIPTION
} else {
SHORT_DESCRIPTION
}
if (add) {
packageManager.addPermission(permInfo)
} else {
packageManager.removePermission(permInfo.name)
}
} catch (e: SecurityException) {
break
}
numPermsCreated = i
}
return numPermsCreated
}
@Test
@AsbSecurityTest(cveBugId = [242537498])
fun checkAppsCreatingPermissionsAreCapped() {
var numCreated = 0
try {
numCreated = createOrRemovePermissions()
Assert.assertNotEquals("Expected at least one permission", numCreated, 0)
Assert.assertNotEquals(numCreated, MAX_NUM_PERMISSIONS)
} finally {
createOrRemovePermissions(add = false, numPerms = numCreated)
}
}
@Test
@AsbSecurityTest(cveBugId = [242537498])
fun checkAppsCantIncreasePermissionSizeAfterCreating() {
var numCreatedShort = 0
try {
numCreatedShort = createOrRemovePermissions(largePerm = false)
Assert.assertNotEquals("Expected at least one permission", numCreatedShort, 0)
val numCreatedLong = createOrRemovePermissions(numPerms = 1)
Assert.assertEquals("Expected to not be able to create a large permission",
0, numCreatedLong)
} finally {
createOrRemovePermissions(add = false, numPerms = numCreatedShort)
}
}
}
|
