Move out IntegrityCheckResult related methods from AppIntegrityManage…

…rServiceImpl and provide unit tests for IntegrityCheckResult. Bug: 147095027 Test: atest frameworks/base/services/tests/servicetests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java Change-Id: I4bcd7fe1284515a2483ae4be77d6d17c7fcbcc36
xiaomi-8560 · Jan 28, 2020 · 0e44e0d · 0e44e0d
1 parent 424d871
commit 0e44e0d
Show file tree

Hide file tree

Showing 3 changed files with 109 additions and 23 deletions.
diff --git a/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java b/services/core/java/com/android/server/integrity/AppIntegrityManagerServiceImpl.java
@@ -268,9 +268,9 @@ private void handleIntegrityVerification(Intent intent) {
                     appCert,
                     appInstallMetadata.getVersionCode(),
                     installerPackageName,
-                    getLoggingResponse(result),
-                    isCausedByAppCertRule(result),
-                    isCausedByInstallerRule(result));
+                    result.getLoggingResponse(),
+                    result.isCausedByAppCertRule(),
+                    result.isCausedByInstallerRule());
             mPackageManagerInternal.setIntegrityVerificationResult(
                     verificationId,
                     result.getEffect() == IntegrityCheckResult.Effect.ALLOW
@@ -583,26 +583,6 @@ private boolean isSystemApp(String packageName) {
         }
     }
 
-    private static int getLoggingResponse(IntegrityCheckResult result) {
-        if (result.getEffect() == IntegrityCheckResult.Effect.DENY) {
-            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED;
-        } else if (result.getRule() != null) {
-            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED;
-        } else {
-            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED;
-        }
-    }
-
-    private static boolean isCausedByAppCertRule(IntegrityCheckResult result) {
-        // TODO(b/147095027): implement this.
-        return true;
-    }
-
-    private static boolean isCausedByInstallerRule(IntegrityCheckResult result) {
-        // TODO(b/147095027): implement this.
-        return true;
-    }
-
     private List<String> getAllowedRuleProviders() {
         return Arrays.asList(mContext.getResources().getStringArray(
                 R.array.config_integrityRuleProviderPackages));

diff --git a/services/core/java/com/android/server/integrity/model/IntegrityCheckResult.java b/services/core/java/com/android/server/integrity/model/IntegrityCheckResult.java
@@ -18,6 +18,7 @@
 
 import android.annotation.Nullable;
 import android.content.integrity.Rule;
+import android.util.StatsLog;
 
 /**
  * A class encapsulating the result from the evaluation engine after evaluating rules against app
@@ -76,4 +77,34 @@ public static IntegrityCheckResult allow(Rule rule) {
     public static IntegrityCheckResult deny(Rule rule) {
         return new IntegrityCheckResult(Effect.DENY, rule);
     }
+
+    /**
+     * Returns the in value of the integrity check result for logging purposes.
+     */
+    public int getLoggingResponse() {
+        if (getEffect() == IntegrityCheckResult.Effect.DENY) {
+            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED;
+        } else if (getRule() != null) {
+            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED;
+        } else {
+            return StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED;
+        }
+    }
+
+    /**
+     * Returns true when the {@code Effect.DENY} result is caused by an app certificate mismatch.
+     */
+    public boolean isCausedByAppCertRule() {
+        // TODO(b/147095027): implement this.
+        return true;
+    }
+
+    /**
+     * Returns true when the {@code Effect.DENY} result is caused by an installer rule.
+     */
+    public boolean isCausedByInstallerRule() {
+        // TODO(b/147095027): implement this.
+        return true;
+    }
+
 }
diff --git a/.../tests/servicestests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java b/.../tests/servicestests/src/com/android/server/integrity/model/IntegrityCheckResultTest.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.integrity.model;
+
+import static com.google.common.truth.Truth.assertThat;
+
+import android.content.integrity.AtomicFormula;
+import android.content.integrity.Rule;
+import android.util.StatsLog;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class IntegrityCheckResultTest {
+
+    @Test
+    public void createAllowResult() {
+        IntegrityCheckResult allowResult = IntegrityCheckResult.allow();
+
+        assertThat(allowResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.ALLOW);
+        assertThat(allowResult.getRule()).isNull();
+        assertThat(allowResult.getLoggingResponse())
+                .isEqualTo(StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__ALLOWED);
+    }
+
+    @Test
+    public void createAllowResultWithRule() {
+        String packageName = "com.test.deny";
+        Rule forceAllowRule =
+                new Rule(
+                        new AtomicFormula.StringAtomicFormula(AtomicFormula.PACKAGE_NAME,
+                                packageName),
+                        Rule.FORCE_ALLOW);
+
+        IntegrityCheckResult allowResult = IntegrityCheckResult.allow(forceAllowRule);
+
+        assertThat(allowResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.ALLOW);
+        assertThat(allowResult.getRule()).isEqualTo(forceAllowRule);
+        assertThat(allowResult.getLoggingResponse())
+                .isEqualTo(StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__FORCE_ALLOWED);
+    }
+
+    @Test
+    public void createDenyResultWithRule() {
+        String packageName = "com.test.deny";
+        Rule failedRule =
+                new Rule(
+                        new AtomicFormula.StringAtomicFormula(AtomicFormula.PACKAGE_NAME,
+                                packageName),
+                        Rule.DENY);
+
+        IntegrityCheckResult denyResult = IntegrityCheckResult.deny(failedRule);
+
+        assertThat(denyResult.getEffect()).isEqualTo(IntegrityCheckResult.Effect.DENY);
+        assertThat(denyResult.getRule()).isEqualTo(failedRule);
+        assertThat(denyResult.getLoggingResponse())
+                .isEqualTo(StatsLog.INTEGRITY_CHECK_RESULT_REPORTED__RESPONSE__REJECTED);
+    }
+}