public boolean runPermissionTests()

in niap-cc/Permissions/Tester/app/src/main/java/com/android/certifications/niap/permissions/NonPlatformPermissionTester.java [55:112]

• 47 lines of code
• 11 McCabe index (conditional complexity)

    public boolean runPermissionTests() {
        boolean allTestsPassed = true;
        // Maintain a mapping of permissions to declaring packages; this way if a configuration
        // specifies a static list of permissions each permission can be looked up in expected
        // constant time.
        Map<String, String> permissionToPackage = new HashMap<>();
        List<PermissionInfo> declaredPermissions = PermissionUtils.getAllDeclaredPermissions(mContext);
        for (PermissionInfo permission : declaredPermissions) {
            // Ensure that the permission has signature protection level with no other
            // protection flags; the most common seen are privileged and preinstalled.
            if (!permission.packageName.equals(Constants.PLATFORM_PACKAGE)
                    && permission.getProtection() == PermissionInfo.PROTECTION_SIGNATURE
                    && permission.getProtectionFlags() == 0) {
                permissionToPackage.put(permission.name, permission.packageName);
            }
        }

        byte[] signatureBytes = mAppSignature.toByteArray();
        List<String> permissions = mConfiguration.getPermissions().orElse(
                new ArrayList<>(permissionToPackage.keySet()));
        // Maintain a mapping of each of the preloaded packages declaring signature permissions and
        // whether this app is signed by that package's signing key to minimize calls to
        // hasSigningCertificate.
        Map<String, Boolean> packageSignatureMatch = new HashMap<>();
        for (String permission : permissions) {
            // Only test those signature permissions that are declared on the device to avoid false
            // positives when the permission is expected to be granted.
            if (!permissionToPackage.containsKey(permission)) {
                mLogger.logDebug("Permission " + permission
                        + " is not declared by a non-platform package on this device");
                continue;
            }
            String packageName = permissionToPackage.get(permission);
            boolean signatureMatch;
            boolean permissionGranted = isPermissionGranted(permission);
            if (!packageSignatureMatch.containsKey(packageName)) {
                signatureMatch = mPackageManager.hasSigningCertificate(packageName,
                        signatureBytes, PackageManager.CERT_INPUT_RAW_X509);
                packageSignatureMatch.put(packageName, signatureMatch);
            } else {
                signatureMatch = packageSignatureMatch.get(packageName);
            }
            if (permissionGranted != (signatureMatch || mPlatformSignatureMatch)) {
                allTestsPassed = false;
            }
            StatusLogger.logSignaturePermissionStatus(permission, permissionGranted, signatureMatch,
                    mPlatformSignatureMatch);
        }
        if (allTestsPassed) {
            StatusLogger.logInfo(
                    "*** PASSED - all non-framework signature permission tests completed "
                            + "successfully");
        } else {
            StatusLogger.logInfo(
                    "!!! FAILED - one or more non-framework signature permission tests failed");
        }
        return allTestsPassed;
    }