1 /*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <android/os/BnServiceCallback.h>
18 #include <binder/Binder.h>
19 #include <binder/ProcessState.h>
20 #include <binder/IServiceManager.h>
21 #include <cutils/android_filesystem_config.h>
22 #include <gtest/gtest.h>
23 #include <gmock/gmock.h>
24
25 #include "Access.h"
26 #include "ServiceManager.h"
27
28 using android::sp;
29 using android::Access;
30 using android::BBinder;
31 using android::IBinder;
32 using android::ServiceManager;
33 using android::binder::Status;
34 using android::os::BnServiceCallback;
35 using android::os::IServiceManager;
36 using testing::_;
37 using testing::ElementsAre;
38 using testing::NiceMock;
39 using testing::Return;
40
getBinder()41 static sp<IBinder> getBinder() {
42 class LinkableBinder : public BBinder {
43 android::status_t linkToDeath(const sp<DeathRecipient>&, void*, uint32_t) override {
44 // let SM linkToDeath
45 return android::OK;
46 }
47 };
48
49 return sp<LinkableBinder>::make();
50 }
51
52 class MockAccess : public Access {
53 public:
54 MOCK_METHOD0(getCallingContext, CallingContext());
55 MOCK_METHOD2(canAdd, bool(const CallingContext&, const std::string& name));
56 MOCK_METHOD2(canFind, bool(const CallingContext&, const std::string& name));
57 MOCK_METHOD1(canList, bool(const CallingContext&));
58 };
59
60 class MockServiceManager : public ServiceManager {
61 public:
MockServiceManager(std::unique_ptr<Access> && access)62 MockServiceManager(std::unique_ptr<Access>&& access) : ServiceManager(std::move(access)) {}
63 MOCK_METHOD1(tryStartService, void(const std::string& name));
64 };
65
getPermissiveServiceManager()66 static sp<ServiceManager> getPermissiveServiceManager() {
67 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
68
69 ON_CALL(*access, getCallingContext()).WillByDefault(Return(Access::CallingContext{}));
70 ON_CALL(*access, canAdd(_, _)).WillByDefault(Return(true));
71 ON_CALL(*access, canFind(_, _)).WillByDefault(Return(true));
72 ON_CALL(*access, canList(_)).WillByDefault(Return(true));
73
74 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
75 return sm;
76 }
77
TEST(AddService,HappyHappy)78 TEST(AddService, HappyHappy) {
79 auto sm = getPermissiveServiceManager();
80 EXPECT_TRUE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
81 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
82 }
83
TEST(AddService,EmptyNameDisallowed)84 TEST(AddService, EmptyNameDisallowed) {
85 auto sm = getPermissiveServiceManager();
86 EXPECT_FALSE(sm->addService("", getBinder(), false /*allowIsolated*/,
87 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
88 }
89
TEST(AddService,JustShortEnoughServiceNameHappy)90 TEST(AddService, JustShortEnoughServiceNameHappy) {
91 auto sm = getPermissiveServiceManager();
92 EXPECT_TRUE(sm->addService(std::string(127, 'a'), getBinder(), false /*allowIsolated*/,
93 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
94 }
95
TEST(AddService,TooLongNameDisallowed)96 TEST(AddService, TooLongNameDisallowed) {
97 auto sm = getPermissiveServiceManager();
98 EXPECT_FALSE(sm->addService(std::string(128, 'a'), getBinder(), false /*allowIsolated*/,
99 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
100 }
101
TEST(AddService,WeirdCharactersDisallowed)102 TEST(AddService, WeirdCharactersDisallowed) {
103 auto sm = getPermissiveServiceManager();
104 EXPECT_FALSE(sm->addService("happy$foo$foo", getBinder(), false /*allowIsolated*/,
105 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
106 }
107
TEST(AddService,AddNullServiceDisallowed)108 TEST(AddService, AddNullServiceDisallowed) {
109 auto sm = getPermissiveServiceManager();
110 EXPECT_FALSE(sm->addService("foo", nullptr, false /*allowIsolated*/,
111 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
112 }
113
TEST(AddService,AddDisallowedFromApp)114 TEST(AddService, AddDisallowedFromApp) {
115 for (uid_t uid : { AID_APP_START, AID_APP_START + 1, AID_APP_END }) {
116 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
117 EXPECT_CALL(*access, getCallingContext()).WillOnce(Return(Access::CallingContext{
118 .debugPid = 1337,
119 .uid = uid,
120 }));
121 EXPECT_CALL(*access, canAdd(_, _)).Times(0);
122 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
123
124 EXPECT_FALSE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
125 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
126 }
127
128 }
129
TEST(AddService,HappyOverExistingService)130 TEST(AddService, HappyOverExistingService) {
131 auto sm = getPermissiveServiceManager();
132 EXPECT_TRUE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
133 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
134 EXPECT_TRUE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
135 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
136 }
137
TEST(AddService,OverwriteExistingService)138 TEST(AddService, OverwriteExistingService) {
139 auto sm = getPermissiveServiceManager();
140 sp<IBinder> serviceA = getBinder();
141 EXPECT_TRUE(sm->addService("foo", serviceA, false /*allowIsolated*/,
142 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
143
144 sp<IBinder> outA;
145 EXPECT_TRUE(sm->getService("foo", &outA).isOk());
146 EXPECT_EQ(serviceA, outA);
147
148 // serviceA should be overwritten by serviceB
149 sp<IBinder> serviceB = getBinder();
150 EXPECT_TRUE(sm->addService("foo", serviceB, false /*allowIsolated*/,
151 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
152
153 sp<IBinder> outB;
154 EXPECT_TRUE(sm->getService("foo", &outB).isOk());
155 EXPECT_EQ(serviceB, outB);
156 }
157
TEST(AddService,NoPermissions)158 TEST(AddService, NoPermissions) {
159 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
160
161 EXPECT_CALL(*access, getCallingContext()).WillOnce(Return(Access::CallingContext{}));
162 EXPECT_CALL(*access, canAdd(_, _)).WillOnce(Return(false));
163
164 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
165
166 EXPECT_FALSE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
167 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
168 }
169
TEST(GetService,HappyHappy)170 TEST(GetService, HappyHappy) {
171 auto sm = getPermissiveServiceManager();
172 sp<IBinder> service = getBinder();
173
174 EXPECT_TRUE(sm->addService("foo", service, false /*allowIsolated*/,
175 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
176
177 sp<IBinder> out;
178 EXPECT_TRUE(sm->getService("foo", &out).isOk());
179 EXPECT_EQ(service, out);
180 }
181
TEST(GetService,NonExistant)182 TEST(GetService, NonExistant) {
183 auto sm = getPermissiveServiceManager();
184
185 sp<IBinder> out;
186 EXPECT_TRUE(sm->getService("foo", &out).isOk());
187 EXPECT_EQ(nullptr, out.get());
188 }
189
TEST(GetService,NoPermissionsForGettingService)190 TEST(GetService, NoPermissionsForGettingService) {
191 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
192
193 EXPECT_CALL(*access, getCallingContext()).WillRepeatedly(Return(Access::CallingContext{}));
194 EXPECT_CALL(*access, canAdd(_, _)).WillOnce(Return(true));
195 EXPECT_CALL(*access, canFind(_, _)).WillOnce(Return(false));
196
197 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
198
199 EXPECT_TRUE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
200 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
201
202 sp<IBinder> out;
203 // returns nullptr but has OK status for legacy compatibility
204 EXPECT_TRUE(sm->getService("foo", &out).isOk());
205 EXPECT_EQ(nullptr, out.get());
206 }
207
TEST(GetService,AllowedFromIsolated)208 TEST(GetService, AllowedFromIsolated) {
209 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
210
211 EXPECT_CALL(*access, getCallingContext())
212 // something adds it
213 .WillOnce(Return(Access::CallingContext{}))
214 // next call is from isolated app
215 .WillOnce(Return(Access::CallingContext{
216 .uid = AID_ISOLATED_START,
217 }));
218 EXPECT_CALL(*access, canAdd(_, _)).WillOnce(Return(true));
219 EXPECT_CALL(*access, canFind(_, _)).WillOnce(Return(true));
220
221 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
222
223 sp<IBinder> service = getBinder();
224 EXPECT_TRUE(sm->addService("foo", service, true /*allowIsolated*/,
225 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
226
227 sp<IBinder> out;
228 EXPECT_TRUE(sm->getService("foo", &out).isOk());
229 EXPECT_EQ(service, out.get());
230 }
231
TEST(GetService,NotAllowedFromIsolated)232 TEST(GetService, NotAllowedFromIsolated) {
233 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
234
235 EXPECT_CALL(*access, getCallingContext())
236 // something adds it
237 .WillOnce(Return(Access::CallingContext{}))
238 // next call is from isolated app
239 .WillOnce(Return(Access::CallingContext{
240 .uid = AID_ISOLATED_START,
241 }));
242 EXPECT_CALL(*access, canAdd(_, _)).WillOnce(Return(true));
243
244 // TODO(b/136023468): when security check is first, this should be called first
245 // EXPECT_CALL(*access, canFind(_, _)).WillOnce(Return(true));
246
247 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
248
249 EXPECT_TRUE(sm->addService("foo", getBinder(), false /*allowIsolated*/,
250 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
251
252 sp<IBinder> out;
253 // returns nullptr but has OK status for legacy compatibility
254 EXPECT_TRUE(sm->getService("foo", &out).isOk());
255 EXPECT_EQ(nullptr, out.get());
256 }
257
TEST(ListServices,NoPermissions)258 TEST(ListServices, NoPermissions) {
259 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
260
261 EXPECT_CALL(*access, getCallingContext()).WillOnce(Return(Access::CallingContext{}));
262 EXPECT_CALL(*access, canList(_)).WillOnce(Return(false));
263
264 sp<ServiceManager> sm = sp<NiceMock<MockServiceManager>>::make(std::move(access));
265
266 std::vector<std::string> out;
267 EXPECT_FALSE(sm->listServices(IServiceManager::DUMP_FLAG_PRIORITY_ALL, &out).isOk());
268 EXPECT_TRUE(out.empty());
269 }
270
TEST(ListServices,AllServices)271 TEST(ListServices, AllServices) {
272 auto sm = getPermissiveServiceManager();
273
274 EXPECT_TRUE(sm->addService("sd", getBinder(), false /*allowIsolated*/,
275 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
276 EXPECT_TRUE(sm->addService("sc", getBinder(), false /*allowIsolated*/,
277 IServiceManager::DUMP_FLAG_PRIORITY_NORMAL).isOk());
278 EXPECT_TRUE(sm->addService("sb", getBinder(), false /*allowIsolated*/,
279 IServiceManager::DUMP_FLAG_PRIORITY_HIGH).isOk());
280 EXPECT_TRUE(sm->addService("sa", getBinder(), false /*allowIsolated*/,
281 IServiceManager::DUMP_FLAG_PRIORITY_CRITICAL).isOk());
282
283 std::vector<std::string> out;
284 EXPECT_TRUE(sm->listServices(IServiceManager::DUMP_FLAG_PRIORITY_ALL, &out).isOk());
285
286 // all there and in the right order
287 EXPECT_THAT(out, ElementsAre("sa", "sb", "sc", "sd"));
288 }
289
TEST(ListServices,CriticalServices)290 TEST(ListServices, CriticalServices) {
291 auto sm = getPermissiveServiceManager();
292
293 EXPECT_TRUE(sm->addService("sd", getBinder(), false /*allowIsolated*/,
294 IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
295 EXPECT_TRUE(sm->addService("sc", getBinder(), false /*allowIsolated*/,
296 IServiceManager::DUMP_FLAG_PRIORITY_NORMAL).isOk());
297 EXPECT_TRUE(sm->addService("sb", getBinder(), false /*allowIsolated*/,
298 IServiceManager::DUMP_FLAG_PRIORITY_HIGH).isOk());
299 EXPECT_TRUE(sm->addService("sa", getBinder(), false /*allowIsolated*/,
300 IServiceManager::DUMP_FLAG_PRIORITY_CRITICAL).isOk());
301
302 std::vector<std::string> out;
303 EXPECT_TRUE(sm->listServices(IServiceManager::DUMP_FLAG_PRIORITY_CRITICAL, &out).isOk());
304
305 // all there and in the right order
306 EXPECT_THAT(out, ElementsAre("sa"));
307 }
308
309 class CallbackHistorian : public BnServiceCallback {
onRegistration(const std::string & name,const sp<IBinder> & binder)310 Status onRegistration(const std::string& name, const sp<IBinder>& binder) override {
311 registrations.push_back(name);
312 binders.push_back(binder);
313 return Status::ok();
314 }
315
linkToDeath(const sp<DeathRecipient> &,void *,uint32_t)316 android::status_t linkToDeath(const sp<DeathRecipient>&, void*, uint32_t) override {
317 // let SM linkToDeath
318 return android::OK;
319 }
320
321 public:
322 std::vector<std::string> registrations;
323 std::vector<sp<IBinder>> binders;
324 };
325
TEST(ServiceNotifications,NoPermissionsRegister)326 TEST(ServiceNotifications, NoPermissionsRegister) {
327 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
328
329 EXPECT_CALL(*access, getCallingContext()).WillOnce(Return(Access::CallingContext{}));
330 EXPECT_CALL(*access, canFind(_,_)).WillOnce(Return(false));
331
332 sp<ServiceManager> sm = sp<ServiceManager>::make(std::move(access));
333
334 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
335
336 EXPECT_EQ(sm->registerForNotifications("foofoo", cb).exceptionCode(),
337 Status::EX_SECURITY);
338 }
339
TEST(ServiceNotifications,NoPermissionsUnregister)340 TEST(ServiceNotifications, NoPermissionsUnregister) {
341 std::unique_ptr<MockAccess> access = std::make_unique<NiceMock<MockAccess>>();
342
343 EXPECT_CALL(*access, getCallingContext()).WillOnce(Return(Access::CallingContext{}));
344 EXPECT_CALL(*access, canFind(_,_)).WillOnce(Return(false));
345
346 sp<ServiceManager> sm = sp<ServiceManager>::make(std::move(access));
347
348 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
349
350 // should always hit security error first
351 EXPECT_EQ(sm->unregisterForNotifications("foofoo", cb).exceptionCode(),
352 Status::EX_SECURITY);
353 }
354
TEST(ServiceNotifications,InvalidName)355 TEST(ServiceNotifications, InvalidName) {
356 auto sm = getPermissiveServiceManager();
357
358 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
359
360 EXPECT_EQ(sm->registerForNotifications("foo@foo", cb).exceptionCode(),
361 Status::EX_ILLEGAL_ARGUMENT);
362 }
363
TEST(ServiceNotifications,NullCallback)364 TEST(ServiceNotifications, NullCallback) {
365 auto sm = getPermissiveServiceManager();
366
367 EXPECT_EQ(sm->registerForNotifications("foofoo", nullptr).exceptionCode(),
368 Status::EX_NULL_POINTER);
369 }
370
TEST(ServiceNotifications,Unregister)371 TEST(ServiceNotifications, Unregister) {
372 auto sm = getPermissiveServiceManager();
373
374 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
375
376 EXPECT_TRUE(sm->registerForNotifications("foofoo", cb).isOk());
377 EXPECT_EQ(sm->unregisterForNotifications("foofoo", cb).exceptionCode(), 0);
378 }
379
TEST(ServiceNotifications,UnregisterWhenNoRegistrationExists)380 TEST(ServiceNotifications, UnregisterWhenNoRegistrationExists) {
381 auto sm = getPermissiveServiceManager();
382
383 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
384
385 EXPECT_EQ(sm->unregisterForNotifications("foofoo", cb).exceptionCode(),
386 Status::EX_ILLEGAL_STATE);
387 }
388
TEST(ServiceNotifications,NoNotification)389 TEST(ServiceNotifications, NoNotification) {
390 auto sm = getPermissiveServiceManager();
391
392 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
393
394 EXPECT_TRUE(sm->registerForNotifications("foofoo", cb).isOk());
395 EXPECT_TRUE(sm->addService("otherservice", getBinder(),
396 false /*allowIsolated*/, IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
397
398 EXPECT_THAT(cb->registrations, ElementsAre());
399 EXPECT_THAT(cb->binders, ElementsAre());
400 }
401
TEST(ServiceNotifications,GetNotification)402 TEST(ServiceNotifications, GetNotification) {
403 auto sm = getPermissiveServiceManager();
404
405 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
406
407 sp<IBinder> service = getBinder();
408
409 EXPECT_TRUE(sm->registerForNotifications("asdfasdf", cb).isOk());
410 EXPECT_TRUE(sm->addService("asdfasdf", service,
411 false /*allowIsolated*/, IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
412
413 EXPECT_THAT(cb->registrations, ElementsAre("asdfasdf"));
414 EXPECT_THAT(cb->binders, ElementsAre(service));
415 }
416
TEST(ServiceNotifications,GetNotificationForAlreadyRegisteredService)417 TEST(ServiceNotifications, GetNotificationForAlreadyRegisteredService) {
418 auto sm = getPermissiveServiceManager();
419
420 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
421
422 sp<IBinder> service = getBinder();
423
424 EXPECT_TRUE(sm->addService("asdfasdf", service,
425 false /*allowIsolated*/, IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
426
427 EXPECT_TRUE(sm->registerForNotifications("asdfasdf", cb).isOk());
428
429 EXPECT_THAT(cb->registrations, ElementsAre("asdfasdf"));
430 EXPECT_THAT(cb->binders, ElementsAre(service));
431 }
432
TEST(ServiceNotifications,GetMultipleNotification)433 TEST(ServiceNotifications, GetMultipleNotification) {
434 auto sm = getPermissiveServiceManager();
435
436 sp<CallbackHistorian> cb = sp<CallbackHistorian>::make();
437
438 sp<IBinder> binder1 = getBinder();
439 sp<IBinder> binder2 = getBinder();
440
441 EXPECT_TRUE(sm->registerForNotifications("asdfasdf", cb).isOk());
442 EXPECT_TRUE(sm->addService("asdfasdf", binder1,
443 false /*allowIsolated*/, IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
444 EXPECT_TRUE(sm->addService("asdfasdf", binder2,
445 false /*allowIsolated*/, IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT).isOk());
446
447 EXPECT_THAT(cb->registrations, ElementsAre("asdfasdf", "asdfasdf"));
448 EXPECT_THAT(cb->registrations, ElementsAre("asdfasdf", "asdfasdf"));
449 }
450