Merge "Snap for 5320838 from 47ddfb6f683588a59a663f401295b257c63ec761 to nougat-mr1-cts-release" into nougat-mr1-cts-releasesparse-5328304-L82400000275672478

8 files changed, 80 insertions, 53 deletions

diff --git a/apps/CameraITS/tools/validate_scene.py b/apps/CameraITS/tools/validate_scene.py
index cfe14e209e6..1c0f0fdc8c5 100644
--- a/apps/CameraITS/tools/validate_scene.py
+++ b/apps/CameraITS/tools/validate_scene.py
@@ -49,8 +49,9 @@ def main():
                 " to frame the test scene: " + scene_name +
                 "\nThe scene setup should be: " + scene_desc )
         # Converge 3A prior to capture.
-        cam.do_3a(do_af=do_af, lock_ae=True, lock_awb=True)
         props = cam.get_camera_properties()
+        cam.do_3a(do_af=do_af, lock_ae=its.caps.ae_lock(props),
+                  lock_awb=its.caps.awb_lock(props))
         req = its.objects.fastest_auto_capture_request(props)
         if its.caps.ae_lock(props):
             req["android.control.awbLock"] = True
diff --git a/apps/CtsVerifier/AndroidManifest.xml b/apps/CtsVerifier/AndroidManifest.xml
index c83c2649265..c7da696a480 100644
--- a/apps/CtsVerifier/AndroidManifest.xml
+++ b/apps/CtsVerifier/AndroidManifest.xml
@@ -18,7 +18,7 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
       package="com.android.cts.verifier"
       android:versionCode="5"
-      android:versionName="7.1_r25">
+      android:versionName="7.1_r26">
 
     <uses-sdk android:minSdkVersion="19" android:targetSdkVersion="25"/>
 
diff --git a/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java b/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
index cf16307dbf3..e332825a93e 100644
--- a/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
+++ b/hostsidetests/appsecurity/test-apps/UsePermissionDiffCert/src/com/android/cts/usespermissiondiffcertapp/AccessPermissionWithDiffSigTest.java
@@ -114,6 +114,16 @@ public class AccessPermissionWithDiffSigTest extends AndroidTestCase {
         }
     }
 
+    private void assertContentUriAllowed(Uri uri) {
+        assertReadingContentUriAllowed(uri);
+        assertWritingContentUriAllowed(uri);
+    }
+
+    private void assertContentUriNotAllowed(Uri uri, String msg) {
+        assertReadingContentUriNotAllowed(uri, msg);
+        assertWritingContentUriNotAllowed(uri, msg);
+    }
+
     private void assertWritingContentUriNotAllowed(Uri uri, String msg) {
         final ContentResolver resolver = getContext().getContentResolver();
         try {
@@ -1189,6 +1199,26 @@ public class AccessPermissionWithDiffSigTest extends AndroidTestCase {
     }
 
     /**
+     * Test that shady {@link Uri} are blocked by {@code path-permission}.
+     */
+    public void testRestrictingProviderMatchingShadyPaths() {
+        assertContentUriAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting/"));
+        assertContentUriAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting//"));
+        assertContentUriAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting///"));
+        assertContentUriNotAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting/foo"), null);
+        assertContentUriNotAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting//foo"), null);
+        assertContentUriNotAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting///foo"), null);
+        assertContentUriNotAllowed(
+                Uri.parse("content://ctspermissionwithsignaturepathrestricting/foo//baz"), null);
+    }
+
+    /**
      * Verify that at least one {@code path-permission} rule will grant access,
      * even if the caller doesn't hold another matching {@code path-permission}.
      */
diff --git a/tests/app/src/android/app/cts/SystemFeaturesTest.java b/tests/app/src/android/app/cts/SystemFeaturesTest.java
index f03c549f2fd..b77427b93d6 100644
--- a/tests/app/src/android/app/cts/SystemFeaturesTest.java
+++ b/tests/app/src/android/app/cts/SystemFeaturesTest.java
@@ -467,17 +467,11 @@ public class SystemFeaturesTest extends InstrumentationTestCase {
     }
 
     public void testUsbAccessory() {
-        // USB accessory mode is only a requirement for devices with USB ports supporting
-        // peripheral mode. As there is no public API to distinguish a device with only host
-        // mode support from having both peripheral and host support, the test may have
-        // false negatives.
         if (!mPackageManager.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE) &&
                 !mPackageManager.hasSystemFeature(PackageManager.FEATURE_TELEVISION) &&
-                !mPackageManager.hasSystemFeature(PackageManager.FEATURE_WATCH)) {
-            // USB accessory mode is only a requirement for devices with USB ports supporting
-            // peripheral mode. As there is no public API to distinguish a device with only host
-            // mode support from having both peripheral and host support, the test may have
-            // false negatives.
+                !mPackageManager.hasSystemFeature(PackageManager.FEATURE_WATCH) &&
+                mPackageManager.hasSystemFeature(PackageManager.FEATURE_MICROPHONE) &&
+                mPackageManager.hasSystemFeature(PackageManager.FEATURE_TOUCHSCREEN)) {
             assertAvailable(PackageManager.FEATURE_USB_ACCESSORY);
         }
     }
diff --git a/tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java b/tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java
index 0f093142cfa..61c02db17ce 100644
--- a/tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java
+++ b/tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java
@@ -89,7 +89,8 @@ public class SimRestrictedApisTest extends AndroidTestCase {
     public void testIccOpenLogicalChannel() {
         try {
             if (isSimCardPresent()) {
-                TelephonyManager.getDefault().iccOpenLogicalChannel("");
+                TelephonyManager.getDefault().iccCloseLogicalChannel(
+                        TelephonyManager.getDefault().iccOpenLogicalChannel("").getChannel());
                 fail("Expected SecurityException. App doesn't have carrier privileges.");
             }
         } catch (SecurityException expected) {
diff --git a/tests/tests/webkit/src/android/webkit/cts/WebSettingsTest.java b/tests/tests/webkit/src/android/webkit/cts/WebSettingsTest.java
index a3a72799251..f52c28e4e2b 100644
--- a/tests/tests/webkit/src/android/webkit/cts/WebSettingsTest.java
+++ b/tests/tests/webkit/src/android/webkit/cts/WebSettingsTest.java
@@ -104,10 +104,9 @@ public class WebSettingsTest extends ActivityInstrumentationTestCase2<WebViewCts
      * compatibility definition (tokens in angle brackets are variables, tokens in square
      * brackets are optional):
      * <p/>
-     * Mozilla/5.0 (Linux;[ U;] Android <version>;[ <language>-<country>;]
-     * [<devicemodel>;] Build/<buildID>; wv) AppleWebKit/<major>.<minor> (KHTML, like Gecko)
-     * Version/<major>.<minor> Chrome/<major>.<minor>.<branch>.<build>[ Mobile]
-     * Safari/<major>.<minor>
+     * Mozilla/5.0 (Linux; Android <version>; [<devicemodel>;] [Build/<buildID>;] wv)
+     * AppleWebKit/<major>.<minor> (KHTML, like Gecko) Version/<major>.<minor>
+     * Chrome/<major>.<minor>.<branch>.<build>[ Mobile] Safari/<major>.<minor>
      */
     public void testUserAgentString_default() {
         if (!NullWebViewUtils.isWebViewAvailable()) {
@@ -115,43 +114,34 @@ public class WebSettingsTest extends ActivityInstrumentationTestCase2<WebViewCts
         }
         final String actualUserAgentString = mSettings.getUserAgentString();
         Log.i(LOG_TAG, String.format("Checking user agent string %s", actualUserAgentString));
+
+        String expectedRelease, expectedModel;
+        if ("REL".equals(Build.VERSION.CODENAME)) {
+            expectedRelease = Pattern.quote(Build.VERSION.RELEASE);
+            expectedModel = Pattern.quote(Build.MODEL);
+        } else {
+            // Non-release builds don't include real release version/model, be lenient.
+            expectedRelease = expectedModel = "[^;]+";
+        }
+
+        // Build expected regex inserting the appropriate variables, as this is easier to
+        // understand and get right than matching any possible useragent and comparing the
+        // variables afterward.
         final String patternString =
-                "Mozilla/5\\.0 \\(Linux;( U;)? Android ([^;]+);( (\\w+)-(\\w+);)?" +
-                "\\s?(.*)\\sBuild/(.+); wv\\) AppleWebKit/(\\d+)\\.(\\d+) " +
-                "\\(KHTML, like Gecko\\) " +
-                "Version/\\d+\\.\\d+ Chrome/\\d+\\.\\d+\\.\\d+\\.\\d+( Mobile)? " +
-                "Safari/(\\d+)\\.(\\d+)";
-        // Groups used:
-        //  1 - SSL encryption strength token " U;" (optional)
-        //  2 - Android version
-        //  3 - full locale string (optional)
-        //  4   - country
-        //  5   - language
-        //  6 - device model (optional)
-        //  7 - build ID
-        //  8 - AppleWebKit major version number
-        //  9 - AppleWebKit minor version number
-        // 10 - " Mobile" string (optional)
-        // 11 - Safari major version number
-        // 12 - Safari minor version number
+                Pattern.quote("Mozilla/5.0 (Linux; Android ") + expectedRelease + "; " +
+                "(" + expectedModel + "; )?" +                  // Optional
+                "(Build/" + Pattern.quote(Build.ID) + "; )?" +  // Optional
+                Pattern.quote("wv) ") +
+                "AppleWebKit/\\d+\\.\\d+ " +
+                Pattern.quote("(KHTML, like Gecko) Version/4.0 ") +
+                "Chrome/\\d+\\.\\d+\\.\\d+\\.\\d+ " +
+                "(Mobile )?Safari/\\d+\\.\\d+";
         Log.i(LOG_TAG, String.format("Trying to match pattern %s", patternString));
         final Pattern userAgentExpr = Pattern.compile(patternString);
         Matcher patternMatcher = userAgentExpr.matcher(actualUserAgentString);
         assertTrue(String.format("User agent string did not match expected pattern. \nExpected " +
                         "pattern:\n%s\nActual:\n%s", patternString, actualUserAgentString),
                         patternMatcher.find());
-        if (patternMatcher.group(3) != null) {
-            Locale currentLocale = Locale.getDefault();
-            assertEquals(currentLocale.getLanguage().toLowerCase(), patternMatcher.group(4));
-            assertEquals(currentLocale.getCountry().toLowerCase(), patternMatcher.group(5));
-        }
-        if ("REL".equals(Build.VERSION.CODENAME)) {
-            // Model is only added in release builds
-            assertEquals(Build.MODEL, patternMatcher.group(6));
-            // Release version is valid only in release builds
-            assertEquals(Build.VERSION.RELEASE, patternMatcher.group(2));
-        }
-        assertEquals(Build.ID, patternMatcher.group(7));
     }
 
     public void testAccessUserAgentString() throws Exception {
diff --git a/tests/tests/webkit/src/android/webkit/cts/WebViewSslTest.java b/tests/tests/webkit/src/android/webkit/cts/WebViewSslTest.java
index e07267fc5f5..3c65a862501 100644
--- a/tests/tests/webkit/src/android/webkit/cts/WebViewSslTest.java
+++ b/tests/tests/webkit/src/android/webkit/cts/WebViewSslTest.java
@@ -730,12 +730,23 @@ public class WebViewSslTest extends ActivityInstrumentationTestCase2<WebViewCtsA
         mOnUiThread.clearSslPreferences();
         mOnUiThread.loadUrlAndWaitForCompletion(url);
         // Page NOT loaded OK...
-        // In this case, we must NOT have received the onReceivedSslError callback as that is for
-        // recoverable (e.g. server auth) errors, whereas failing mandatory client auth is non-
-        // recoverable and should drop straight through to a load error.
-        assertFalse(webViewClient.wasOnReceivedSslErrorCalled());
-        assertFalse(TestHtmlConstants.HELLO_WORLD_TITLE.equals(mOnUiThread.getTitle()));
-        assertEquals(WebViewClient.ERROR_FAILED_SSL_HANDSHAKE, webViewClient.onReceivedErrorCode());
+        //
+        // In this test, we expect both a recoverable and non-recoverable error:
+        //
+        //  1. WebView does not trust the test server's certificate. This is a recoverable error, so
+        //     WebView invokes #onReceivedSslError (and the WebViewClient calls #proceed). We don't
+        //     specifically intend to test this part of the scenario, but we can't easily mock out
+        //     WebView's certificate roots.
+        //  2. WebView proceeds with the handshake without providing client authentication. The
+        //     server fails the client. This is non-recoverable, so WebView invokes
+        //     #onReceivedError.
+        //
+        // We only assert the second error, since earlier WebView versions had a bug in which
+        // WebView hit error 2 first, which prevented it from hitting error 1.
+        assertFalse("Title should not be updated, since page load should have failed",
+                TestHtmlConstants.HELLO_WORLD_TITLE.equals(mOnUiThread.getTitle()));
+        assertEquals("Expected ERROR_FAILED_SSL_HANDSHAKE in onReceivedError",
+                WebViewClient.ERROR_FAILED_SSL_HANDSHAKE, webViewClient.onReceivedErrorCode());
     }
 
     public void testProceedClientCertRequest() throws Throwable {
diff --git a/tools/cts-tradefed/Android.mk b/tools/cts-tradefed/Android.mk
index 553a5dee19e..5ad5fe93b76 100644
--- a/tools/cts-tradefed/Android.mk
+++ b/tools/cts-tradefed/Android.mk
@@ -25,7 +25,7 @@ LOCAL_SUITE_BUILD_NUMBER := $(BUILD_NUMBER_FROM_FILE)
 LOCAL_SUITE_TARGET_ARCH := $(TARGET_ARCH)
 LOCAL_SUITE_NAME := CTS
 LOCAL_SUITE_FULLNAME := "Compatibility Test Suite"
-LOCAL_SUITE_VERSION := 7.1_r25
+LOCAL_SUITE_VERSION := 7.1_r26
 
 LOCAL_MODULE := cts-tradefed