[FAQ20689] O版本CtsPermission2TestCases PrivappPermissionsTest#testPrivappPermissionsEnforcement fail

[DESCRIPTION]

 CtsPermission2TestCases  android.permission2.cts.PrivappPermissionsTest#testPrivappPermissionsEnforcement fail

一般出现如下log：

 　junit.framework.AssertionFailedError: Not whitelisted permissions are granted for package 　　　　　　com.google.android.apps.nbu.files: [android.permission.DELETE_CACHE_FILES]

 

 junit.framework.AssertionFailedError: Not whitelisted permissions are granted for package com.signal.main: [android.permission.ACCESS_FM_RADIO, android.permission.MANAGE_FINGERPRINT, android.permission.MASTER_CLEAR, android.permission.MOUNT_UNMOUNT_FILESYSTEMS, android.permission.WRITE_SECURE_SETTINGS]

 

[SOLUTION]

首先该测项的目的是:

Tests enforcement of signature|privileged permission whitelist：Ensure all priv permissions are exclusively granted to 
applications declared in privapp-permissions

 

其次从Android8.0之后，需要白名单明确列出priv-app以及所要使用的priv-app permissions.

例如：对于AOSP中本身就包括的app就会放在frameworks\base\data\etc\privapp-permissions-platform.xml，

对于Google app就会放在vendor/go-gms/etc/permissions/privapp-permissions-google.xml

对于其他的就会放在privapp-permissions-DEVICE_NAME.xml,such as \vendor\mediatek\proprietary\frameworks\base\data\etc\privapp-permissions-mediatek.xml

 

最后具体的格式可以privapp-permissions-platform.xml中com.android.dialer为例

   <privapp-permissions package="com.android.dialer">
49        <permission name="android.permission.ALLOW_ANY_CODEC_FOR_PLAYBACK"/>
50        <permission name="android.permission.CONTROL_INCALL_EXPERIENCE"/>
51        <permission name="android.permission.GET_ACCOUNTS_PRIVILEGED"/>
52        <permission name="android.permission.MODIFY_PHONE_STATE"/>
53        <permission name="android.permission.STOP_APP_SWITCHES"/>
54        <permission name="com.android.voicemail.permission.READ_VOICEMAIL"/>
55        <permission name="com.android.voicemail.permission.WRITE_VOICEMAIL"/>
56    privapp-permissions>