/* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.android.server; import static org.mockito.ArgumentMatchers.anyInt; import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.eq; import static org.mockito.Mockito.never; import static org.mockito.Mockito.spy; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; import android.app.job.JobScheduler; import android.content.Context; import android.content.pm.PackageManager; import android.content.pm.PackageManagerInternal; import android.hardware.biometrics.ComponentInfoInternal; import android.hardware.biometrics.SensorProperties; import android.hardware.face.FaceManager; import android.hardware.face.FaceSensorProperties; import android.hardware.face.FaceSensorPropertiesInternal; import android.hardware.face.IFaceAuthenticatorsRegisteredCallback; import android.hardware.fingerprint.FingerprintManager; import android.hardware.fingerprint.FingerprintSensorProperties; import android.hardware.fingerprint.FingerprintSensorPropertiesInternal; import android.hardware.fingerprint.IFingerprintAuthenticatorsRegisteredCallback; import android.os.RemoteException; import android.os.ResultReceiver; import android.os.SystemProperties; import android.provider.DeviceConfig; import android.util.Log; import androidx.test.core.app.ApplicationProvider; import androidx.test.ext.junit.runners.AndroidJUnit4; import com.android.internal.util.FrameworkStatsLog; import org.junit.After; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; import org.mockito.Captor; import org.mockito.Mock; import org.mockito.MockitoAnnotations; import java.io.FileDescriptor; import java.util.List; @RunWith(AndroidJUnit4.class) public class BinaryTransparencyServiceTest { private static final String TAG = "BinaryTransparencyServiceTest"; private Context mContext; private BinaryTransparencyService mBinaryTransparencyService; private BinaryTransparencyService.BinaryTransparencyServiceImpl mTestInterface; private DeviceConfig.Properties mOriginalBiometricsFlags; @Mock private BinaryTransparencyService.BiometricLogger mBiometricLogger; @Mock private FingerprintManager mFpManager; @Mock private FaceManager mFaceManager; @Mock private PackageManager mPackageManager; @Mock private PackageManagerInternal mPackageManagerInternal; @Captor private ArgumentCaptor mFpAuthenticatorsRegisteredCaptor; @Captor private ArgumentCaptor mFaceAuthenticatorsRegisteredCaptor; @Before public void setUp() { MockitoAnnotations.initMocks(this); mContext = spy(ApplicationProvider.getApplicationContext()); LocalServices.removeServiceForTest(PackageManagerInternal.class); LocalServices.addService(PackageManagerInternal.class, mPackageManagerInternal); mBinaryTransparencyService = new BinaryTransparencyService(mContext, mBiometricLogger); mTestInterface = mBinaryTransparencyService.new BinaryTransparencyServiceImpl(); mOriginalBiometricsFlags = DeviceConfig.getProperties(DeviceConfig.NAMESPACE_BIOMETRICS); } @After public void tearDown() throws Exception { try { DeviceConfig.setProperties(mOriginalBiometricsFlags); } catch (DeviceConfig.BadConfigException e) { Log.e(TAG, "Failed to reset biometrics flags to the original values before test. " + e); } LocalServices.removeServiceForTest(PackageManagerInternal.class); } private void prepSignedInfo() { // simulate what happens on boot completed phase // but we avoid calling JobScheduler.schedule by returning a null. doReturn(null).when(mContext).getSystemService(JobScheduler.class); mBinaryTransparencyService.onBootPhase(SystemService.PHASE_BOOT_COMPLETED); } private void prepApexInfo() throws RemoteException { // simulates what happens to apex info after computations are done. String[] args = {"get", "apex_info"}; mTestInterface.onShellCommand(FileDescriptor.in, FileDescriptor.out, FileDescriptor.err, args, null, new ResultReceiver(null)); } private void prepBiometricsTesting() { when(mContext.getPackageManager()).thenReturn(mPackageManager); when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_FINGERPRINT)).thenReturn(true); when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_FACE)).thenReturn(true); when(mContext.getSystemService(FingerprintManager.class)).thenReturn(mFpManager); when(mContext.getSystemService(FaceManager.class)).thenReturn(mFaceManager); } @Test public void getSignedImageInfo_preInitialize_returnsUninitializedString() { String result = mTestInterface.getSignedImageInfo(); Assert.assertNotNull("VBMeta digest value should not be null", result); Assert.assertEquals(BinaryTransparencyService.VBMETA_DIGEST_UNINITIALIZED, result); } @Test public void getSignedImageInfo_postInitialize_returnsNonErrorStrings() { prepSignedInfo(); String result = mTestInterface.getSignedImageInfo(); Assert.assertNotNull("Initialized VBMeta digest string should not be null", result); Assert.assertNotEquals("VBMeta digest value is uninitialized", BinaryTransparencyService.VBMETA_DIGEST_UNINITIALIZED, result); Assert.assertNotEquals("VBMeta value should not be unavailable", BinaryTransparencyService.VBMETA_DIGEST_UNAVAILABLE, result); } @Test public void getSignedImageInfo_postInitialize_returnsCorrectValue() { prepSignedInfo(); String result = mTestInterface.getSignedImageInfo(); Assert.assertEquals( SystemProperties.get(BinaryTransparencyService.SYSPROP_NAME_VBETA_DIGEST, BinaryTransparencyService.VBMETA_DIGEST_UNAVAILABLE), result); } @Test public void testCollectBiometricProperties_disablesFeature() { DeviceConfig.setProperty(DeviceConfig.NAMESPACE_BIOMETRICS, BinaryTransparencyService.KEY_ENABLE_BIOMETRIC_PROPERTY_VERIFICATION, Boolean.FALSE.toString(), false /* makeDefault */); mBinaryTransparencyService.collectBiometricProperties(); verify(mBiometricLogger, never()).logStats(anyInt(), anyInt(), anyInt(), anyInt(), anyString(), anyString(), anyString(), anyString(), anyString()); } @Test public void testCollectBiometricProperties_enablesFeature_logsFingerprintProperties() throws RemoteException { prepBiometricsTesting(); DeviceConfig.setProperty(DeviceConfig.NAMESPACE_BIOMETRICS, BinaryTransparencyService.KEY_ENABLE_BIOMETRIC_PROPERTY_VERIFICATION, Boolean.TRUE.toString(), false /* makeDefault */); final List props = List.of( new FingerprintSensorPropertiesInternal( 1 /* sensorId */, SensorProperties.STRENGTH_STRONG, 5 /* maxEnrollmentsPerUser */, List.of(new ComponentInfoInternal("sensor" /* componentId */, "vendor/model/revision" /* hardwareVersion */, "1.01" /* firmwareVersion */, "00000001" /* serialNumber */, "" /* softwareVersion */)), FingerprintSensorProperties.TYPE_REAR, true /* resetLockoutRequiresHardwareAuthToken */)); mBinaryTransparencyService.collectBiometricProperties(); verify(mFpManager).addAuthenticatorsRegisteredCallback(mFpAuthenticatorsRegisteredCaptor .capture()); mFpAuthenticatorsRegisteredCaptor.getValue().onAllAuthenticatorsRegistered(props); verify(mBiometricLogger, times(1)).logStats( eq(1) /* sensorId */, eq(FrameworkStatsLog .BIOMETRIC_PROPERTIES_COLLECTED__MODALITY__MODALITY_FINGERPRINT), eq(FrameworkStatsLog .BIOMETRIC_PROPERTIES_COLLECTED__SENSOR_TYPE__SENSOR_FP_REAR), eq(FrameworkStatsLog .BIOMETRIC_PROPERTIES_COLLECTED__SENSOR_STRENGTH__STRENGTH_STRONG), eq("sensor") /* componentId */, eq("vendor/model/revision") /* hardwareVersion */, eq("1.01") /* firmwareVersion */, eq("00000001") /* serialNumber */, eq("") /* softwareVersion */ ); } @Test public void testCollectBiometricProperties_enablesFeature_logsFaceProperties() throws RemoteException { prepBiometricsTesting(); DeviceConfig.setProperty(DeviceConfig.NAMESPACE_BIOMETRICS, BinaryTransparencyService.KEY_ENABLE_BIOMETRIC_PROPERTY_VERIFICATION, Boolean.TRUE.toString(), false /* makeDefault */); final List props = List.of( new FaceSensorPropertiesInternal( 1 /* sensorId */, SensorProperties.STRENGTH_CONVENIENCE, 1 /* maxEnrollmentsPerUser */, List.of(new ComponentInfoInternal("sensor" /* componentId */, "vendor/model/revision" /* hardwareVersion */, "1.01" /* firmwareVersion */, "00000001" /* serialNumber */, "" /* softwareVersion */)), FaceSensorProperties.TYPE_RGB, true /* supportsFaceDetection */, true /* supportsSelfIllumination */, true /* resetLockoutRequiresHardwareAuthToken */)); mBinaryTransparencyService.collectBiometricProperties(); verify(mFaceManager).addAuthenticatorsRegisteredCallback(mFaceAuthenticatorsRegisteredCaptor .capture()); mFaceAuthenticatorsRegisteredCaptor.getValue().onAllAuthenticatorsRegistered(props); verify(mBiometricLogger, times(1)).logStats( eq(1) /* sensorId */, eq(FrameworkStatsLog .BIOMETRIC_PROPERTIES_COLLECTED__MODALITY__MODALITY_FACE), eq(FrameworkStatsLog .BIOMETRIC_PROPERTIES_COLLECTED__SENSOR_TYPE__SENSOR_FACE_RGB), eq(FrameworkStatsLog .BIOMETRIC_PROPERTIES_COLLECTED__SENSOR_STRENGTH__STRENGTH_CONVENIENCE), eq("sensor") /* componentId */, eq("vendor/model/revision") /* hardwareVersion */, eq("1.01") /* firmwareVersion */, eq("00000001") /* serialNumber */, eq("") /* softwareVersion */ ); } }