1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.telephonyprovider.device.cts; 18 19 import android.content.ContentResolver; 20 import android.database.Cursor; 21 import android.provider.Telephony.Carriers; 22 23 import androidx.test.InstrumentationRegistry; 24 import androidx.test.runner.AndroidJUnit4; 25 26 import org.junit.Assert; 27 import org.junit.Before; 28 import org.junit.Test; 29 import org.junit.runner.RunWith; 30 31 @RunWith(AndroidJUnit4.class) 32 public class TelephonyProviderTest { 33 private ContentResolver mContentResolver; 34 private static final String[] APN_PROJECTION = { 35 Carriers.TYPE, 36 Carriers.MMSC, 37 Carriers.MMSPROXY, 38 Carriers.MMSPORT, 39 Carriers.MVNO_TYPE, 40 Carriers.MVNO_MATCH_DATA 41 }; 42 43 @Before setUp()44 public void setUp() throws Exception { 45 mContentResolver = InstrumentationRegistry.getInstrumentation().getContext().getContentResolver(); 46 } 47 48 // In JB MR1 access to the TelephonyProvider's Carriers table was clamped down and would 49 // throw a SecurityException when queried. That was fixed in JB MR2. Verify that 3rd parties 50 // can access the APN info the carriers table, after JB MR1. 51 52 // However, in R, a security bug was discovered that let apps read the password by querying 53 // multiple times and matching passwords against a regex in the query. Due to this hole, we're 54 // locking down the API and no longer allowing the exception. Accordingly, the behavior of this 55 // test is now reversed and we expect a SecurityException to be thrown. 56 @Test testAccessToApnsWithChangeEnabled()57 public void testAccessToApnsWithChangeEnabled() { 58 try { 59 String selection = Carriers.CURRENT + " IS NOT NULL"; 60 String[] selectionArgs = null; 61 Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI, 62 APN_PROJECTION, selection, selectionArgs, null); 63 Assert.fail("No SecurityException thrown"); 64 } catch (SecurityException e) { 65 // expected 66 } 67 } 68 69 @Test testAccessToApnsWithChangeDisabled()70 public void testAccessToApnsWithChangeDisabled() { 71 try { 72 String selection = Carriers.CURRENT + " IS NOT NULL"; 73 String[] selectionArgs = null; 74 Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI, 75 APN_PROJECTION, selection, selectionArgs, null); 76 } catch (SecurityException e) { 77 Assert.fail("SecurityException thrown"); 78 } 79 } 80 } 81