[DESCRIPTION]
CtsPermission2TestCases android.permission2.cts.PrivappPermissionsTest#testPrivappPermissionsEnforcement fail
一般出现如下log:
junit.framework.AssertionFailedError: Not whitelisted permissions are granted for package com.google.android.apps.nbu.files: [android.permission.DELETE_CACHE_FILES]
junit.framework.AssertionFailedError: Not whitelisted permissions are granted for package com.signal.main: [android.permission.ACCESS_FM_RADIO, android.permission.MANAGE_FINGERPRINT, android.permission.MASTER_CLEAR, android.permission.MOUNT_UNMOUNT_FILESYSTEMS, android.permission.WRITE_SECURE_SETTINGS]
[SOLUTION]
首先该测项的目的是:
Tests enforcement of signature|privileged permission whitelist:Ensure all priv permissions are exclusively granted to
applications declared in privapp-permissions
applications declared in privapp-permissions
其次从Android8.0之后,需要白名单明确列出priv-app以及所要使用的priv-app permissions.
例如:对于AOSP中本身就包括的app就会放在frameworks\base\data\etc\privapp-permissions-platform.xml,
对于Google app就会放在vendor/go-gms/etc/permissions/privapp-permissions-google.xml
对于其他的就会放在privapp-permissions-DEVICE_NAME.xml,such as \vendor\mediatek\proprietary\frameworks\base\data\etc\privapp-permissions-mediatek.xml
最后具体的格式可以privapp-permissions-platform.xml中com.android.dialer为例
<privapp-permissions package="com.android.dialer"> 49 <permission name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK"/> 50 <permission name="android.permission.CONTROL_INCALL_EXPERIENCE"/> 51 <permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/> 52 <permission name="android.permission.MODIFY_PHONE_STATE"/> 53 <permission name="android.permission.STOP_APP_SWITCHES"/> 54 <permission name="com.android.voicemail.permission.READ_VOICEMAIL"/> 55 <permission name="com.android.voicemail.permission.WRITE_VOICEMAIL"/> 56 </privapp-permissions>