Tests for ApkVerifier

2016-07-29 01:27:31 +02:00 · 2016-07-29 01:27:31 +02:00 · 9235462e34
commit 9235462e34
parent 2837a235b4
8 changed files with 296 additions and 31 deletions
--- a/app/src/androidTest/assets/org.fdroid.permissions.minmax.apk
+++ b/app/src/androidTest/assets/org.fdroid.permissions.minmax.apk
--- a/app/src/androidTest/assets/org.fdroid.permissions.minmax.zip
+++ b/app/src/androidTest/assets/org.fdroid.permissions.minmax.zip
--- a/app/src/androidTest/assets/org.fdroid.permissions.sdk14.apk
+++ b/app/src/androidTest/assets/org.fdroid.permissions.sdk14.apk
--- a/app/src/androidTest/assets/org.fdroid.permissions.sdk14.zip
+++ b/app/src/androidTest/assets/org.fdroid.permissions.sdk14.zip
--- a/app/src/androidTest/java/org/fdroid/fdroid/AssetUtils.java
+++ b/app/src/androidTest/java/org/fdroid/fdroid/AssetUtils.java
@ -0,0 +1,39 @@
 package org.fdroid.fdroid;
 import android.content.Context;
 import android.support.annotation.Nullable;
 import android.util.Log;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import static org.junit.Assert.fail;
 public class AssetUtils {
    private static final String TAG = "Utils";
    @Nullable
    public static File copyAssetToDir(Context context, String assetName, File directory) {
        File tempFile = null;
        InputStream input = null;
        OutputStream output = null;
        try {
            tempFile = File.createTempFile(assetName, ".testasset", directory);
            Log.i(TAG, "Copying asset file " + assetName + " to directory " + directory);
            input = context.getAssets().open(assetName);
            output = new FileOutputStream(tempFile);
            Utils.copy(input, output);
        } catch (IOException e) {
            fail(e.getMessage());
        } finally {
            Utils.closeQuietly(output);
            Utils.closeQuietly(input);
        }
        return tempFile;
    }
 }
--- a/app/src/androidTest/java/org/fdroid/fdroid/compat/FileCompatTest.java
+++ b/app/src/androidTest/java/org/fdroid/fdroid/compat/FileCompatTest.java
@ -4,12 +4,10 @@ import android.app.Instrumentation;
 import android.content.Context;
 import android.os.Build;
 import android.os.Environment;
 import android.support.annotation.Nullable;
 import android.support.test.InstrumentationRegistry;
 import android.support.test.runner.AndroidJUnit4;
 import android.util.Log;
-import org.fdroid.fdroid.Utils;
+import org.fdroid.fdroid.AssetUtils;
 import org.fdroid.fdroid.data.SanitizedFile;
 import org.junit.After;
 import org.junit.Before;
@ -17,10 +15,6 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.UUID;
 import static org.junit.Assert.assertFalse;
@ -36,8 +30,6 @@ import static org.junit.Assume.assumeTrue;
@RunWith(AndroidJUnit4.class)
 public class FileCompatTest {
    private static final String TAG = "FileCompatTest";
    private SanitizedFile sourceFile;
    private SanitizedFile destFile;
@ -45,7 +37,8 @@ public class FileCompatTest {
    public void setUp() {
        Instrumentation instrumentation = InstrumentationRegistry.getInstrumentation();
        File dir = getWriteableDir(instrumentation);
-        sourceFile = SanitizedFile.knownSanitized(copyAssetToDir(instrumentation.getContext(), "simpleIndex.jar", dir));
+        sourceFile = SanitizedFile.knownSanitized(
                AssetUtils.copyAssetToDir(instrumentation.getContext(), "simpleIndex.jar", dir));
        destFile = new SanitizedFile(dir, "dest-" + UUID.randomUUID() + ".testproduct");
        assertFalse(destFile.exists());
        assertTrue(sourceFile.getAbsolutePath() + " should exist.", sourceFile.exists());
@ -82,26 +75,6 @@ public class FileCompatTest {
        assertTrue(destFile.getAbsolutePath() + " should exist after symlinking", destFile.exists());
    }
    @Nullable
    private static File copyAssetToDir(Context context, String assetName, File directory) {
        File tempFile;
        InputStream input = null;
        OutputStream output = null;
        try {
            tempFile = File.createTempFile(assetName + "-", ".testasset", directory);
            Log.i(TAG, "Copying asset file " + assetName + " to directory " + directory);
            input = context.getAssets().open(assetName);
            output = new FileOutputStream(tempFile);
            Utils.copy(input, output);
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        } finally {
            Utils.closeQuietly(output);
            Utils.closeQuietly(input);
        }
        return tempFile;
    }
    /**
     * Prefer internal over external storage, because external tends to be FAT filesystems,
--- a/app/src/androidTest/java/org/fdroid/fdroid/installer/ApkVerifierTest.java
+++ b/app/src/androidTest/java/org/fdroid/fdroid/installer/ApkVerifierTest.java
@ -0,0 +1,242 @@
 /*
 * Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301, USA.
 */
 package org.fdroid.fdroid.installer;
 import android.app.Instrumentation;
 import android.net.Uri;
 import android.support.test.InstrumentationRegistry;
 import android.support.test.runner.AndroidJUnit4;
 import org.fdroid.fdroid.AssetUtils;
 import org.fdroid.fdroid.data.Apk;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
 import org.junit.runner.RunWith;
 import java.io.File;
 import java.io.IOException;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 /**
 * This test checks the ApkVerifier by parsing a repo from permissionsRepo.xml
 * and checking the listed permissions against the ones specified in apks' AndroidManifest,
 * which have been specifically generated for this test.
 * - the apk file name must match the package name in the xml
 * - the versionName of listed apks inside the repo have either a good or bad outcome.
 * this must be defined in GOOD_VERSION_NAMES and BAD_VERSION_NAMES.
 * <p/>
 * NOTE: This androidTest cannot run as a Robolectric test because the
 * required methods from PackageManger are not included in Robolectric's Android API.
 * java.lang.NoClassDefFoundError: java/util/jar/StrictJarFile
 * at android.content.pm.PackageManager.getPackageArchiveInfo(PackageManager.java:3545)
 */
@RunWith(AndroidJUnit4.class)
 public class ApkVerifierTest {
    Instrumentation instrumentation;
    File sdk14Apk;
    File minMaxApk;
    @Rule
    public TemporaryFolder tempFolder = new TemporaryFolder();
    @Before
    public void setUp() {
        instrumentation = InstrumentationRegistry.getInstrumentation();
        File dir = null;
        try {
            dir = tempFolder.newFolder("apks");
        } catch (IOException e) {
            fail(e.getMessage());
        }
        sdk14Apk = AssetUtils.copyAssetToDir(instrumentation.getContext(),
                "org.fdroid.permissions.sdk14.apk",
                dir
        );
        minMaxApk = AssetUtils.copyAssetToDir(instrumentation.getContext(),
                "org.fdroid.permissions.minmax.apk",
                dir
        );
        assertTrue(sdk14Apk.exists());
        assertTrue(minMaxApk.exists());
    }
    @Test
    public void testWithoutPrefix() {
        Apk apk = new Apk();
        apk.packageName = "org.fdroid.permissions.sdk14";
        apk.targetSdkVersion = 14;
        apk.permissions = new String[]{
                "AUTHENTICATE_ACCOUNTS",
                "MANAGE_ACCOUNTS",
                "READ_PROFILE",
                "WRITE_PROFILE",
                "GET_ACCOUNTS",
                "READ_CONTACTS",
                "WRITE_CONTACTS",
                "WRITE_EXTERNAL_STORAGE",
                "READ_EXTERNAL_STORAGE",
                "INTERNET",
                "ACCESS_NETWORK_STATE",
                "NFC",
                "READ_SYNC_SETTINGS",
                "WRITE_SYNC_SETTINGS",
                "WRITE_CALL_LOG", // implied-permission!
                "READ_CALL_LOG", // implied-permission!
        };
        Uri uri = Uri.fromFile(sdk14Apk);
        ApkVerifier apkVerifier = new ApkVerifier(instrumentation.getContext(), uri, apk);
        try {
            apkVerifier.verifyApk();
        } catch (ApkVerifier.ApkVerificationException | ApkVerifier.ApkPermissionUnequalException e) {
            e.printStackTrace();
            fail(e.getMessage());
        }
    }
    @Test
    public void testWithPrefix() {
        Apk apk = new Apk();
        apk.packageName = "org.fdroid.permissions.sdk14";
        apk.targetSdkVersion = 14;
        apk.permissions = new String[]{
                "android.permission.AUTHENTICATE_ACCOUNTS",
                "android.permission.MANAGE_ACCOUNTS",
                "android.permission.READ_PROFILE",
                "android.permission.WRITE_PROFILE",
                "android.permission.GET_ACCOUNTS",
                "android.permission.READ_CONTACTS",
                "android.permission.WRITE_CONTACTS",
                "android.permission.WRITE_EXTERNAL_STORAGE",
                "android.permission.READ_EXTERNAL_STORAGE",
                "android.permission.INTERNET",
                "android.permission.ACCESS_NETWORK_STATE",
                "android.permission.NFC",
                "android.permission.READ_SYNC_SETTINGS",
                "android.permission.WRITE_SYNC_SETTINGS",
                "android.permission.WRITE_CALL_LOG", // implied-permission!
                "android.permission.READ_CALL_LOG", // implied-permission!
        };
        Uri uri = Uri.fromFile(sdk14Apk);
        ApkVerifier apkVerifier = new ApkVerifier(instrumentation.getContext(), uri, apk);
        try {
            apkVerifier.verifyApk();
        } catch (ApkVerifier.ApkVerificationException | ApkVerifier.ApkPermissionUnequalException e) {
            e.printStackTrace();
            fail(e.getMessage());
        }
    }
    /**
     * Additional permissions are okay. The user is simply
     * warned about a permission that is not used inside the apk
     */
    @Test
    public void testAdditionalPermission() {
        Apk apk = new Apk();
        apk.packageName = "org.fdroid.permissions.sdk14";
        apk.targetSdkVersion = 14;
        apk.permissions = new String[]{
                "android.permission.AUTHENTICATE_ACCOUNTS",
                "android.permission.MANAGE_ACCOUNTS",
                "android.permission.READ_PROFILE",
                "android.permission.WRITE_PROFILE",
                "android.permission.GET_ACCOUNTS",
                "android.permission.READ_CONTACTS",
                "android.permission.WRITE_CONTACTS",
                "android.permission.WRITE_EXTERNAL_STORAGE",
                "android.permission.READ_EXTERNAL_STORAGE",
                "android.permission.INTERNET",
                "android.permission.ACCESS_NETWORK_STATE",
                "android.permission.NFC",
                "android.permission.READ_SYNC_SETTINGS",
                "android.permission.WRITE_SYNC_SETTINGS",
                "android.permission.WRITE_CALL_LOG", // implied-permission!
                "android.permission.READ_CALL_LOG", // implied-permission!
                "NEW_PERMISSION",
        };
        Uri uri = Uri.fromFile(sdk14Apk);
        ApkVerifier apkVerifier = new ApkVerifier(instrumentation.getContext(), uri, apk);
        try {
            apkVerifier.verifyApk();
        } catch (ApkVerifier.ApkVerificationException | ApkVerifier.ApkPermissionUnequalException e) {
            e.printStackTrace();
            fail(e.getMessage());
        }
    }
    /**
     * Missing permissions are not okay!
     * The user is then not warned about a permission that the apk uses!
     */
    @Test
    public void testMissingPermission() {
        Apk apk = new Apk();
        apk.packageName = "org.fdroid.permissions.sdk14";
        apk.targetSdkVersion = 14;
        apk.permissions = new String[]{
                //"android.permission.AUTHENTICATE_ACCOUNTS",
                "android.permission.MANAGE_ACCOUNTS",
                "android.permission.READ_PROFILE",
                "android.permission.WRITE_PROFILE",
                "android.permission.GET_ACCOUNTS",
                "android.permission.READ_CONTACTS",
                "android.permission.WRITE_CONTACTS",
                "android.permission.WRITE_EXTERNAL_STORAGE",
                "android.permission.READ_EXTERNAL_STORAGE",
                "android.permission.INTERNET",
                "android.permission.ACCESS_NETWORK_STATE",
                "android.permission.NFC",
                "android.permission.READ_SYNC_SETTINGS",
                "android.permission.WRITE_SYNC_SETTINGS",
                "android.permission.WRITE_CALL_LOG", // implied-permission!
                "android.permission.READ_CALL_LOG", // implied-permission!
        };
        Uri uri = Uri.fromFile(sdk14Apk);
        ApkVerifier apkVerifier = new ApkVerifier(instrumentation.getContext(), uri, apk);
        try {
            apkVerifier.verifyApk();
            fail();
        } catch (ApkVerifier.ApkVerificationException e) {
            e.printStackTrace();
            fail(e.getMessage());
        } catch (ApkVerifier.ApkPermissionUnequalException e) {
            e.printStackTrace();
        }
    }
 }
--- a/app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java
+++ b/app/src/main/java/org/fdroid/fdroid/installer/ApkVerifier.java
@ -45,6 +45,10 @@ class ApkVerifier {
    private final Apk expectedApk;
    private final PackageManager pm;
    /**
     * IMPORTANT: localApkUri must be available as a File on the file system with an absolute path
     * to be readable by Android's internal PackageParser.
     */
    ApkVerifier(Context context, Uri localApkUri, Apk expectedApk) {
        this.localApkUri = localApkUri;
        this.expectedApk = expectedApk;
@ -52,11 +56,18 @@ class ApkVerifier {
    }
    public void verifyApk() throws ApkVerificationException, ApkPermissionUnequalException {
        Utils.debugLog(TAG, "localApkUri.getPath: " + localApkUri.getPath());
        // parse downloaded apk file locally
        PackageInfo localApkInfo = pm.getPackageArchiveInfo(
                localApkUri.getPath(), PackageManager.GET_PERMISSIONS);
        if (localApkInfo == null) {
-            throw new ApkVerificationException("Parsing apk file failed!");
+            // Unfortunately, more specific errors are not forwarded to us
            // but the internal PackageParser sometimes shows warnings in logcat such as
            // "Requires newer sdk version #14 (current version is #11)"
            throw new ApkVerificationException("Parsing apk file failed!" +
                    "Maybe minSdk of apk is lower than current Sdk?" +
                    "Look into logcat for more specific warnings of Android's PackageParser");
        }
        // check if the apk has the expected packageName