1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.appsecurity.cts.deviceids;
18 
19 import static junit.framework.Assert.assertEquals;
20 import static junit.framework.Assert.fail;
21 
22 import android.content.Context;
23 import android.content.pm.PackageManager;
24 import android.os.Build;
25 import android.platform.test.annotations.AsbSecurityTest;
26 import android.telephony.SubscriptionInfo;
27 import android.telephony.SubscriptionManager;
28 import android.telephony.TelephonyManager;
29 import android.test.AndroidTestCase;
30 
31 import androidx.test.InstrumentationRegistry;
32 import androidx.test.runner.AndroidJUnit4;
33 
34 import com.android.compatibility.common.util.ShellIdentityUtils;
35 
36 import org.junit.Test;
37 import org.junit.runner.RunWith;
38 
39 /**
40  * Verify apps can access device identifiers with the app op granted.
41  */
42 @RunWith(AndroidJUnit4.class)
43 public class DeviceIdentifierAppOpTest  {
44     private static final String DEVICE_ID_WITH_APPOP_ERROR_MESSAGE =
45             "An unexpected value was received by an app with the READ_DEVICE_IDENTIFIERS app op "
46                     + "granted when invoking %s.";
47 
48     @Test
49     @AsbSecurityTest(cveBugId = 173421434)
testAccessToDeviceIdentifiersWithAppOp()50     public void testAccessToDeviceIdentifiersWithAppOp() throws Exception {
51         Context context = InstrumentationRegistry.getContext();
52         TelephonyManager telephonyManager =
53                 (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE);
54         try {
55             assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getDeviceId"),
56                     ShellIdentityUtils.invokeMethodWithShellPermissions(telephonyManager,
57                             (tm) -> tm.getDeviceId()), telephonyManager.getDeviceId());
58             assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getImei"),
59                     ShellIdentityUtils.invokeMethodWithShellPermissions(telephonyManager,
60                             (tm) -> tm.getImei()), telephonyManager.getImei());
61             assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getMeid"),
62                     ShellIdentityUtils.invokeMethodWithShellPermissions(telephonyManager,
63                             (tm) -> tm.getMeid()), telephonyManager.getMeid());
64             assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getSubscriberId"),
65                     ShellIdentityUtils.invokeMethodWithShellPermissions(telephonyManager,
66                             (tm) -> tm.getSubscriberId()), telephonyManager.getSubscriberId());
67             assertEquals(
68                     String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getSimSerialNumber"),
69                     ShellIdentityUtils.invokeMethodWithShellPermissions(telephonyManager,
70                             (tm) -> tm.getSimSerialNumber()),
71                     telephonyManager.getSimSerialNumber());
72             assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getNai"),
73                     ShellIdentityUtils.invokeMethodWithShellPermissions(telephonyManager,
74                             (tm) -> tm.getNai()), telephonyManager.getNai());
75             assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "Build#getSerial"),
76                     ShellIdentityUtils.invokeStaticMethodWithShellPermissions(Build::getSerial),
77                     Build.getSerial());
78             if (context.getPackageManager().hasSystemFeature(PackageManager.FEATURE_TELEPHONY)) {
79                 SubscriptionManager subscriptionManager =
80                         (SubscriptionManager) context.getSystemService(
81                                 Context.TELEPHONY_SUBSCRIPTION_SERVICE);
82                 int subId = subscriptionManager.getDefaultSubscriptionId();
83                 if (subId != SubscriptionManager.INVALID_SUBSCRIPTION_ID) {
84                     SubscriptionInfo expectedSubInfo =
85                             ShellIdentityUtils.invokeMethodWithShellPermissions(subscriptionManager,
86                                     (sm) -> sm.getActiveSubscriptionInfo(subId));
87                     SubscriptionInfo actualSubInfo = subscriptionManager.getActiveSubscriptionInfo(
88                             subId);
89                     assertEquals(String.format(DEVICE_ID_WITH_APPOP_ERROR_MESSAGE, "getIccId"),
90                             expectedSubInfo.getIccId(), actualSubInfo.getIccId());
91                 }
92             }
93         } catch (SecurityException e) {
94             fail("An app with the READ_DEVICE_IDENTIFIERS app op set to allowed must be able to "
95                     + "access the device identifiers; caught SecurityException instead: "
96                     + e);
97         }
98     }
99 }
100