1 /*
2  * Copyright (C) 2013 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.telephonyprovider.device.cts;
18 
19 import android.content.ContentResolver;
20 import android.database.Cursor;
21 import android.provider.Telephony.Carriers;
22 
23 import androidx.test.InstrumentationRegistry;
24 import androidx.test.runner.AndroidJUnit4;
25 
26 import org.junit.Assert;
27 import org.junit.Before;
28 import org.junit.Test;
29 import org.junit.runner.RunWith;
30 
31 @RunWith(AndroidJUnit4.class)
32 public class TelephonyProviderTest {
33     private ContentResolver mContentResolver;
34     private static final String[] APN_PROJECTION = {
35             Carriers.TYPE,
36             Carriers.MMSC,
37             Carriers.MMSPROXY,
38             Carriers.MMSPORT,
39             Carriers.MVNO_TYPE,
40             Carriers.MVNO_MATCH_DATA
41     };
42 
43     @Before
setUp()44     public void setUp() throws Exception {
45         mContentResolver = InstrumentationRegistry.getInstrumentation().getContext().getContentResolver();
46     }
47 
48     // In JB MR1 access to the TelephonyProvider's Carriers table was clamped down and would
49     // throw a SecurityException when queried. That was fixed in JB MR2. Verify that 3rd parties
50     // can access the APN info the carriers table, after JB MR1.
51 
52     // However, in R, a security bug was discovered that let apps read the password by querying
53     // multiple times and matching passwords against a regex in the query. Due to this hole, we're
54     // locking down the API and no longer allowing the exception. Accordingly, the behavior of this
55     // test is now reversed and we expect a SecurityException to be thrown.
56     @Test
testAccessToApnsWithChangeEnabled()57     public void testAccessToApnsWithChangeEnabled() {
58         try {
59             String selection = Carriers.CURRENT + " IS NOT NULL";
60             String[] selectionArgs = null;
61             Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
62                     APN_PROJECTION, selection, selectionArgs, null);
63             Assert.fail("No SecurityException thrown");
64         } catch (SecurityException e) {
65             // expected
66         }
67     }
68 
69     @Test
testAccessToApnsWithChangeDisabled()70     public void testAccessToApnsWithChangeDisabled() {
71         try {
72             String selection = Carriers.CURRENT + " IS NOT NULL";
73             String[] selectionArgs = null;
74             Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI,
75                     APN_PROJECTION, selection, selectionArgs, null);
76         } catch (SecurityException e) {
77             Assert.fail("SecurityException thrown");
78         }
79     }
80 }
81