Merge "Merge "[automerger skipped] Merge "DO NOT MERGE:CDD Annotation for 7.4.7/C-2-1" into oreo-mr1-cts-dev am: 4173c4fce5 -s ours" into pie-cts-dev am: 7b1734a9b4 -s ours" am: 84ccc5fc6b -s ours am: 98b4477869 -s ours
am: 33f8cba38f -s ours
Change-Id: Ib98843c80a4380c68d830d1d4e9f1ef6a4a02c4c
diff --git a/tests/cts/net/src/android/net/wifi/aware/OWNERS b/tests/cts/net/src/android/net/wifi/aware/OWNERS
index 4afc47f..cf116f8 100644
--- a/tests/cts/net/src/android/net/wifi/aware/OWNERS
+++ b/tests/cts/net/src/android/net/wifi/aware/OWNERS
@@ -1,2 +1 @@
etancohen@google.com
-satk@google.com
\ No newline at end of file
diff --git a/tests/cts/net/src/android/net/wifi/cts/WifiManagerTest.java b/tests/cts/net/src/android/net/wifi/cts/WifiManagerTest.java
index af91fbf..3b8ad6c 100644
--- a/tests/cts/net/src/android/net/wifi/cts/WifiManagerTest.java
+++ b/tests/cts/net/src/android/net/wifi/cts/WifiManagerTest.java
@@ -21,7 +21,10 @@
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
+import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
+import android.content.pm.ResolveInfo;
+import android.net.ConnectivityManager;
import android.net.NetworkInfo;
import android.net.wifi.ScanResult;
import android.net.wifi.WifiConfiguration;
@@ -32,9 +35,13 @@
import android.net.wifi.hotspot2.PasspointConfiguration;
import android.net.wifi.hotspot2.pps.Credential;
import android.net.wifi.hotspot2.pps.HomeSp;
+import android.os.Process;
import android.os.SystemClock;
import android.provider.Settings;
+import android.support.test.InstrumentationRegistry;
+import android.support.test.uiautomator.UiDevice;
import android.test.AndroidTestCase;
+import android.util.ArraySet;
import android.util.Log;
import com.android.compatibility.common.util.WifiConfigCreator;
@@ -45,6 +52,7 @@
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.List;
+import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
@@ -60,6 +68,7 @@
private List<ScanResult> mScanResults = null;
private NetworkInfo mNetworkInfo;
private Object mLOHSLock = new Object();
+ private UiDevice mUiDevice;
// Please refer to WifiManager
private static final int MIN_RSSI = -100;
@@ -84,6 +93,7 @@
private static final int TIMEOUT_MSEC = 6000;
private static final int WAIT_MSEC = 60;
private static final int DURATION = 10000;
+ private static final int DURATION_SCREEN_TOGGLE = 2000;
private static final int WIFI_SCAN_TEST_INTERVAL_MILLIS = 60 * 1000;
private static final int WIFI_SCAN_TEST_CACHE_DELAY_MILLIS = 3 * 60 * 1000;
private static final int WIFI_SCAN_TEST_ITERATIONS = 5;
@@ -156,6 +166,8 @@
mWifiLock.acquire();
if (!mWifiManager.isWifiEnabled())
setWifiEnabled(true);
+ mUiDevice = UiDevice.getInstance(InstrumentationRegistry.getInstrumentation());
+ turnScreenOnNoDelay();
Thread.sleep(DURATION);
assertTrue(mWifiManager.isWifiEnabled());
synchronized (mMySync) {
@@ -951,4 +963,203 @@
stopLocalOnlyHotspot(callback, wifiEnabled);
}
+
+ /**
+ * Verify that the {@link android.Manifest.permission#NETWORK_STACK} permission is never held by
+ * any package.
+ * <p>
+ * No apps should <em>ever</em> attempt to acquire this permission, since it would give those
+ * apps extremely broad access to connectivity functionality.
+ */
+ public void testNetworkStackPermission() {
+ final PackageManager pm = getContext().getPackageManager();
+
+ final List<PackageInfo> holding = pm.getPackagesHoldingPermissions(new String[] {
+ android.Manifest.permission.NETWORK_STACK
+ }, PackageManager.MATCH_UNINSTALLED_PACKAGES);
+ for (PackageInfo pi : holding) {
+ fail("The NETWORK_STACK permission must not be held by " + pi.packageName
+ + " and must be revoked for security reasons");
+ }
+ }
+
+ /**
+ * Verify that the {@link android.Manifest.permission#NETWORK_SETTINGS} permission is
+ * never held by any package.
+ * <p>
+ * Only Settings, SysUi and shell apps should <em>ever</em> attempt to acquire this
+ * permission, since it would give those apps extremely broad access to connectivity
+ * functionality. The permission is intended to be granted to only those apps with direct user
+ * access and no others.
+ */
+ public void testNetworkSettingsPermission() {
+ final PackageManager pm = getContext().getPackageManager();
+
+ final ArraySet<String> allowedPackages = new ArraySet();
+ final ArraySet<Integer> allowedUIDs = new ArraySet();
+ // explicitly add allowed UIDs
+ allowedUIDs.add(Process.SYSTEM_UID);
+ allowedUIDs.add(Process.SHELL_UID);
+ allowedUIDs.add(Process.PHONE_UID);
+
+ // only quick settings is allowed to bind to the BIND_QUICK_SETTINGS_TILE permission, using
+ // this fact to determined allowed package name for sysui
+ String validPkg = "";
+ final List<PackageInfo> sysuiPackage = pm.getPackagesHoldingPermissions(new String[] {
+ android.Manifest.permission.BIND_QUICK_SETTINGS_TILE
+ }, PackageManager.MATCH_UNINSTALLED_PACKAGES);
+
+ if (sysuiPackage.size() > 1) {
+ fail("The BIND_QUICK_SETTINGS_TILE permission must only be held by one package");
+ }
+
+ if (sysuiPackage.size() == 1) {
+ validPkg = sysuiPackage.get(0).packageName;
+ allowedPackages.add(validPkg);
+ }
+
+ // the captive portal flow also currently holds the NETWORK_SETTINGS permission
+ final Intent intent = new Intent(ConnectivityManager.ACTION_CAPTIVE_PORTAL_SIGN_IN);
+ final ResolveInfo ri = pm.resolveActivity(intent, PackageManager.MATCH_DISABLED_COMPONENTS);
+ if (ri != null) {
+ allowedPackages.add(ri.activityInfo.packageName);
+ }
+
+ final List<PackageInfo> holding = pm.getPackagesHoldingPermissions(new String[] {
+ android.Manifest.permission.NETWORK_SETTINGS
+ }, PackageManager.MATCH_UNINSTALLED_PACKAGES);
+ for (PackageInfo pi : holding) {
+ String packageName = pi.packageName;
+ if (allowedPackages.contains(packageName)) {
+ // this is an explicitly allowed package
+ } else {
+ // now check if the packages are from allowed UIDs
+ boolean allowed = false;
+ try {
+ if (allowedUIDs.contains(pm.getPackageUid(packageName, 0))) {
+ allowed = true;
+ Log.d(TAG, packageName + " is on an allowed UID");
+ }
+ } catch (PackageManager.NameNotFoundException e) { }
+ if (!allowed) {
+ fail("The NETWORK_SETTINGS permission must not be held by "
+ + packageName + " and must be revoked for security reasons");
+ }
+ }
+ }
+ }
+
+ /**
+ * Verify that the {@link android.Manifest.permission#NETWORK_SETUP_WIZARD} permission is
+ * only held by the device setup wizard application.
+ * <p>
+ * Only the SetupWizard app should <em>ever</em> attempt to acquire this
+ * permission, since it would give those apps extremely broad access to connectivity
+ * functionality. The permission is intended to be granted to only the device setup wizard.
+ */
+ public void testNetworkSetupWizardPermission() {
+ final PackageManager pm = getContext().getPackageManager();
+
+ final Intent intent = new Intent(Intent.ACTION_MAIN);
+ intent.addCategory(Intent.CATEGORY_SETUP_WIZARD);
+ final ResolveInfo ri = pm.resolveActivity(intent, PackageManager.MATCH_DISABLED_COMPONENTS);
+ String validPkg = "";
+ if (ri != null) {
+ validPkg = ri.activityInfo.packageName;
+ }
+
+ final List<PackageInfo> holding = pm.getPackagesHoldingPermissions(new String[] {
+ android.Manifest.permission.NETWORK_SETUP_WIZARD
+ }, PackageManager.MATCH_UNINSTALLED_PACKAGES);
+ for (PackageInfo pi : holding) {
+ if (!Objects.equals(pi.packageName, validPkg)) {
+ fail("The NETWORK_SETUP_WIZARD permission must not be held by " + pi.packageName
+ + " and must be revoked for security reasons [" + validPkg +"]");
+ }
+ }
+ }
+
+ private void turnScreenOnNoDelay() throws Exception {
+ mUiDevice.executeShellCommand("input keyevent KEYCODE_WAKEUP");
+ mUiDevice.executeShellCommand("wm dismiss-keyguard");
+ }
+
+ private void turnScreenOn() throws Exception {
+ turnScreenOnNoDelay();
+ // Since the screen on/off intent is ordered, they will not be sent right now.
+ Thread.sleep(DURATION_SCREEN_TOGGLE);
+ }
+
+ private void turnScreenOff() throws Exception {
+ mUiDevice.executeShellCommand("input keyevent KEYCODE_SLEEP");
+ // Since the screen on/off intent is ordered, they will not be sent right now.
+ Thread.sleep(DURATION_SCREEN_TOGGLE);
+ }
+
+ /**
+ * Verify that Wi-Fi scanning is not turned off when the screen turns off while wifi is disabled
+ * but location is on.
+ * @throws Exception
+ */
+ public void testScreenOffDoesNotTurnOffWifiScanningWhenWifiDisabled() throws Exception {
+ if (!WifiFeature.isWifiSupported(getContext())) {
+ // skip the test if WiFi is not supported
+ return;
+ }
+ if (!hasLocationFeature()) {
+ // skip the test if location is not supported
+ return;
+ }
+ if (!isLocationEnabled()) {
+ fail("Please enable location for this test - since Marshmallow WiFi scan results are"
+ + " empty when location is disabled!");
+ }
+ if(!mWifiManager.isScanAlwaysAvailable()) {
+ fail("Please enable Wi-Fi scanning for this test!");
+ }
+ setWifiEnabled(false);
+ turnScreenOn();
+ assertWifiScanningIsOn();
+ // Toggle screen and verify Wi-Fi scanning is still on.
+ turnScreenOff();
+ assertWifiScanningIsOn();
+ turnScreenOn();
+ assertWifiScanningIsOn();
+ }
+
+ /**
+ * Verify that Wi-Fi scanning is not turned off when the screen turns off while wifi is enabled.
+ * @throws Exception
+ */
+ public void testScreenOffDoesNotTurnOffWifiScanningWhenWifiEnabled() throws Exception {
+ if (!WifiFeature.isWifiSupported(getContext())) {
+ // skip the test if WiFi is not supported
+ return;
+ }
+ if (!hasLocationFeature()) {
+ // skip the test if location is not supported
+ return;
+ }
+ if (!isLocationEnabled()) {
+ fail("Please enable location for this test - since Marshmallow WiFi scan results are"
+ + " empty when location is disabled!");
+ }
+ if(!mWifiManager.isScanAlwaysAvailable()) {
+ fail("Please enable Wi-Fi scanning for this test!");
+ }
+ setWifiEnabled(true);
+ turnScreenOn();
+ assertWifiScanningIsOn();
+ // Toggle screen and verify Wi-Fi scanning is still on.
+ turnScreenOff();
+ assertWifiScanningIsOn();
+ turnScreenOn();
+ assertWifiScanningIsOn();
+ }
+
+ private void assertWifiScanningIsOn() {
+ if(!mWifiManager.isScanAlwaysAvailable()) {
+ fail("Wi-Fi scanning should be on.");
+ }
+ }
}
diff --git a/tests/cts/net/src/android/net/wifi/rtt/OWNERS b/tests/cts/net/src/android/net/wifi/rtt/OWNERS
index 4afc47f..cf116f8 100644
--- a/tests/cts/net/src/android/net/wifi/rtt/OWNERS
+++ b/tests/cts/net/src/android/net/wifi/rtt/OWNERS
@@ -1,2 +1 @@
etancohen@google.com
-satk@google.com
\ No newline at end of file