Merge "Add test for IntegrityFileManagerTest."

services/core/java/com/android/server/integrity/IntegrityFileManager.java

@@ -24,14 +24,14 @@ import android.util.Slog;
 
 import com.android.internal.annotations.VisibleForTesting;
 import com.android.server.integrity.model.RuleMetadata;
+import com.android.server.integrity.parser.RuleBinaryParser;
 import com.android.server.integrity.parser.RuleMetadataParser;
 import com.android.server.integrity.parser.RuleParseException;
 import com.android.server.integrity.parser.RuleParser;
-import com.android.server.integrity.parser.RuleXmlParser;
+import com.android.server.integrity.serializer.RuleBinarySerializer;
 import com.android.server.integrity.serializer.RuleMetadataSerializer;
 import com.android.server.integrity.serializer.RuleSerializeException;
 import com.android.server.integrity.serializer.RuleSerializer;
-import com.android.server.integrity.serializer.RuleXmlSerializer;
 
 import java.io.File;
 import java.io.FileInputStream;
@@ -57,6 +57,7 @@ public class IntegrityFileManager {
     private final RuleParser mRuleParser;
     private final RuleSerializer mRuleSerializer;
 
+    private final File mDataDir;
     // mRulesDir contains data of the actual rules currently stored.
     private final File mRulesDir;
     // mStagingDir is used to store the temporary rules / metadata during updating, since we want to
@@ -74,18 +75,22 @@ public class IntegrityFileManager {
     }
 
     private IntegrityFileManager() {
-        this(new RuleXmlParser(), new RuleXmlSerializer(), Environment.getDataSystemDirectory());
+        this(
+                new RuleBinaryParser(),
+                new RuleBinarySerializer(),
+                Environment.getDataSystemDirectory());
     }
 
     @VisibleForTesting
     IntegrityFileManager(RuleParser ruleParser, RuleSerializer ruleSerializer, File dataDir) {
         mRuleParser = ruleParser;
         mRuleSerializer = ruleSerializer;
+        mDataDir = dataDir;
 
         mRulesDir = new File(dataDir, "integrity_rules");
         mStagingDir = new File(dataDir, "integrity_staging");
 
-        if (!mStagingDir.mkdirs() && mRulesDir.mkdirs()) {
+        if (!mStagingDir.mkdirs() || !mRulesDir.mkdirs()) {
             Slog.e(TAG, "Error creating staging and rules directory");
             // TODO: maybe throw an exception?
         }
@@ -153,7 +158,7 @@ public class IntegrityFileManager {
 
     private void switchStagingRulesDir() throws IOException {
         synchronized (RULES_LOCK) {
-            File tmpDir = new File(Environment.getDataSystemDirectory(), "temp");
+            File tmpDir = new File(mDataDir, "temp");
 
             if (!(mRulesDir.renameTo(tmpDir)
                     && mStagingDir.renameTo(mRulesDir)

services/tests/servicestests/src/com/android/server/integrity/IntegrityFileManagerTest.java

+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.integrity;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.hasItems;
+import static org.junit.Assert.assertThat;
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNotNull;
+import static org.testng.Assert.assertNull;
+import static org.testng.Assert.assertTrue;
+
+import android.content.integrity.AppInstallMetadata;
+import android.content.integrity.AtomicFormula;
+import android.content.integrity.AtomicFormula.IntAtomicFormula;
+import android.content.integrity.AtomicFormula.StringAtomicFormula;
+import android.content.integrity.CompoundFormula;
+import android.content.integrity.Rule;
+import android.util.Slog;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.server.integrity.parser.RuleXmlParser;
+import com.android.server.integrity.serializer.RuleXmlSerializer;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+
+/** Unit test for {@link IntegrityFileManager} */
+@RunWith(AndroidJUnit4.class)
+public class IntegrityFileManagerTest {
+    private static final String TAG = "IntegrityFileManagerTest";
+
+    private static final String VERSION = "version";
+    private static final String RULE_PROVIDER = "rule_provider";
+
+    private File mTmpDir;
+
+    // under test
+    private IntegrityFileManager mIntegrityFileManager;
+
+    @Before
+    public void setUp() throws Exception {
+        mTmpDir = Files.createTempDirectory("IntegrityFileManagerTest").toFile();
+        Slog.i(TAG, "Using temp directory " + mTmpDir);
+
+        // Use Xml Parser/Serializer to help with debugging since we can just print the file.
+        mIntegrityFileManager =
+                new IntegrityFileManager(
+                        new RuleXmlParser(), new RuleXmlSerializer(), mTmpDir);
+        Files.walk(mTmpDir.toPath())
+                .forEach(
+                        path -> {
+                            Slog.i(TAG, "before " + path);
+                        });
+    }
+
+    @After
+    public void tearDown() throws Exception {
+        Files.walk(mTmpDir.toPath())
+                .forEach(
+                        path -> {
+                            Slog.i(TAG, "after " + path);
+                        });
+        // Sorting paths in reverse order guarantees that we delete inside files before deleting
+        // directory.
+        Files.walk(mTmpDir.toPath())
+                .sorted(Comparator.reverseOrder())
+                .map(Path::toFile)
+                .forEach(File::delete);
+    }
+
+    @Test
+    public void testGetMetadata() throws Exception {
+        assertNull(mIntegrityFileManager.readMetadata());
+        mIntegrityFileManager.writeRules(VERSION, RULE_PROVIDER, Collections.EMPTY_LIST);
+
+        assertNotNull(mIntegrityFileManager.readMetadata());
+        assertEquals(VERSION, mIntegrityFileManager.readMetadata().getVersion());
+        assertEquals(RULE_PROVIDER, mIntegrityFileManager.readMetadata().getRuleProvider());
+    }
+
+    @Test
+    public void testGetRules() throws Exception {
+        String packageName = "package";
+        String packageCert = "cert";
+        int version = 123;
+        Rule packageNameRule =
+                new Rule(
+                        new StringAtomicFormula(
+                                AtomicFormula.PACKAGE_NAME,
+                                packageName,
+                                /* isHashedValue= */ false),
+                        Rule.DENY);
+        Rule packageCertRule =
+                new Rule(
+                        new StringAtomicFormula(
+                                AtomicFormula.APP_CERTIFICATE,
+                                packageCert,
+                                /* isHashedValue= */ false),
+                        Rule.DENY);
+        Rule versionCodeRule =
+                new Rule(
+                        new IntAtomicFormula(AtomicFormula.VERSION_CODE, AtomicFormula.LE, version),
+                        Rule.DENY);
+        Rule randomRule =
+                new Rule(
+                        new CompoundFormula(
+                                CompoundFormula.OR,
+                                Arrays.asList(
+                                        new StringAtomicFormula(
+                                                AtomicFormula.PACKAGE_NAME,
+                                                "abc",
+                                                /* isHashedValue= */ false),
+                                        new IntAtomicFormula(
+                                                AtomicFormula.VERSION_CODE,
+                                                AtomicFormula.LE,
+                                                version))),
+                        Rule.DENY);
+        // We will test the specifics of indexing in other classes. Here, we just require that all
+        // rules that are related to the given AppInstallMetadata are returned and do not assert
+        // anything on other rules.
+        List<Rule> rules =
+                Arrays.asList(packageNameRule, packageCertRule, versionCodeRule, randomRule);
+        mIntegrityFileManager.writeRules(VERSION, RULE_PROVIDER, rules);
+
+        AppInstallMetadata appInstallMetadata = new AppInstallMetadata.Builder()
+                .setPackageName(packageName)
+                .setAppCertificate(packageCert)
+                .setVersionCode(version)
+                .setInstallerName("abc")
+                .setInstallerCertificate("abc")
+                .setIsPreInstalled(true)
+                .build();
+        List<Rule> rulesFetched = mIntegrityFileManager.readRules(appInstallMetadata);
+
+        assertThat(rulesFetched, hasItems(
+                equalTo(packageNameRule),
+                equalTo(packageCertRule),
+                equalTo(versionCodeRule)
+        ));
+    }
+
+    @Test
+    public void testIsInitialized() throws Exception {
+        assertFalse(mIntegrityFileManager.initialized());
+        mIntegrityFileManager.writeRules(VERSION, RULE_PROVIDER, Collections.EMPTY_LIST);
+        assertTrue(mIntegrityFileManager.initialized());
+    }
+}