Test that VPN lockdown restarts the VPN agent.
Bug: 246162564 Test: atest FrameworksNetTests:VpnTest Change-Id: I35f08bf263cec19bbfb1d656d1d89dbb0acf8944
This commit is contained in:
Chalard Jean
@@ -279,12 +279,11 @@ public class VpnTest extends VpnTestBase {
|
|||||||
private static final String TEST_IFACE_NAME = "TEST_IFACE";
|
private static final String TEST_IFACE_NAME = "TEST_IFACE";
|
||||||
private static final int TEST_TUNNEL_RESOURCE_ID = 0x2345;
|
private static final int TEST_TUNNEL_RESOURCE_ID = 0x2345;
|
||||||
private static final long TEST_TIMEOUT_MS = 500L;
|
private static final long TEST_TIMEOUT_MS = 500L;
|
||||||
|
private static final long TIMEOUT_CROSSTHREAD_MS = 20_000L;
|
||||||
private static final String PRIMARY_USER_APP_EXCLUDE_KEY =
|
private static final String PRIMARY_USER_APP_EXCLUDE_KEY =
|
||||||
"VPNAPPEXCLUDED_27_com.testvpn.vpn";
|
"VPNAPPEXCLUDED_27_com.testvpn.vpn";
|
||||||
static final String PKGS_BYTES = getPackageByteString(List.of(PKGS));
|
static final String PKGS_BYTES = getPackageByteString(List.of(PKGS));
|
||||||
private static final Range<Integer> PRIMARY_USER_RANGE = uidRangeForUser(PRIMARY_USER.id);
|
private static final Range<Integer> PRIMARY_USER_RANGE = uidRangeForUser(PRIMARY_USER.id);
|
||||||
// Same as IkeSessionParams#IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT
|
|
||||||
private static final int IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT = 10;
|
|
||||||
private static final int TEST_KEEPALIVE_TIMER = 800;
|
private static final int TEST_KEEPALIVE_TIMER = 800;
|
||||||
private static final int TEST_SUB_ID = 1234;
|
private static final int TEST_SUB_ID = 1234;
|
||||||
private static final String TEST_MCCMNC = "12345";
|
private static final String TEST_MCCMNC = "12345";
|
||||||
@@ -765,7 +764,8 @@ public class VpnTest extends VpnTestBase {
|
|||||||
@Test
|
@Test
|
||||||
public void testPrepare_throwSecurityExceptionWhenGivenPackageDoesNotBelongToTheCaller()
|
public void testPrepare_throwSecurityExceptionWhenGivenPackageDoesNotBelongToTheCaller()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
mTestDeps.mIgnoreCallingUidChecks = false;
|
||||||
|
final Vpn vpn = createVpn();
|
||||||
assertThrows(SecurityException.class,
|
assertThrows(SecurityException.class,
|
||||||
() -> vpn.prepare("com.not.vpn.owner", null, VpnManager.TYPE_VPN_SERVICE));
|
() -> vpn.prepare("com.not.vpn.owner", null, VpnManager.TYPE_VPN_SERVICE));
|
||||||
assertThrows(SecurityException.class,
|
assertThrows(SecurityException.class,
|
||||||
@@ -777,7 +777,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testPrepare_bothOldPackageAndNewPackageAreNull() throws Exception {
|
public void testPrepare_bothOldPackageAndNewPackageAreNull() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
assertTrue(vpn.prepare(null, null, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.prepare(null, null, VpnManager.TYPE_VPN_SERVICE));
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -860,17 +860,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Vpn createVpnAndSetupUidChecks(String... grantedOps) throws Exception {
|
private Vpn createVpn(String... grantedOps) throws Exception {
|
||||||
return createVpnAndSetupUidChecks(PRIMARY_USER, grantedOps);
|
return createVpn(PRIMARY_USER, grantedOps);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Vpn createVpnAndSetupUidChecks(UserInfo user, String... grantedOps) throws Exception {
|
private Vpn createVpn(UserInfo user, String... grantedOps) throws Exception {
|
||||||
final Vpn vpn = createVpn(user.id);
|
final Vpn vpn = createVpn(user.id);
|
||||||
setMockedUsers(user);
|
setMockedUsers(user);
|
||||||
|
|
||||||
when(mPackageManager.getPackageUidAsUser(eq(TEST_VPN_PKG), anyInt()))
|
|
||||||
.thenReturn(Process.myUid());
|
|
||||||
|
|
||||||
for (final String opStr : grantedOps) {
|
for (final String opStr : grantedOps) {
|
||||||
when(mAppOps.noteOpNoThrow(opStr, Process.myUid(), TEST_VPN_PKG,
|
when(mAppOps.noteOpNoThrow(opStr, Process.myUid(), TEST_VPN_PKG,
|
||||||
null /* attributionTag */, null /* message */))
|
null /* attributionTag */, null /* message */))
|
||||||
@@ -899,7 +896,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
|
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
|
||||||
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
|
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
|
||||||
.thenReturn(false);
|
.thenReturn(false);
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
checkProvisionVpnProfile(
|
checkProvisionVpnProfile(
|
||||||
@@ -910,7 +907,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private Vpn prepareVpnForVerifyAppExclusionList() throws Exception {
|
private Vpn prepareVpnForVerifyAppExclusionList() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
when(mVpnProfileStore.get(PRIMARY_USER_APP_EXCLUDE_KEY))
|
when(mVpnProfileStore.get(PRIMARY_USER_APP_EXCLUDE_KEY))
|
||||||
@@ -1026,7 +1023,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfilePreconsented() throws Exception {
|
public void testProvisionVpnProfilePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
checkProvisionVpnProfile(
|
checkProvisionVpnProfile(
|
||||||
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
@@ -1034,7 +1031,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileNotPreconsented() throws Exception {
|
public void testProvisionVpnProfileNotPreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
|
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
|
||||||
// had neither.
|
// had neither.
|
||||||
@@ -1044,14 +1041,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
|
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
|
|
||||||
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileTooLarge() throws Exception {
|
public void testProvisionVpnProfileTooLarge() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
final VpnProfile bigProfile = new VpnProfile("");
|
final VpnProfile bigProfile = new VpnProfile("");
|
||||||
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
|
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
|
||||||
@@ -1066,7 +1063,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileRestrictedUser() throws Exception {
|
public void testProvisionVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpn(
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@@ -1078,7 +1075,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDeleteVpnProfile() throws Exception {
|
public void testDeleteVpnProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
vpn.deleteVpnProfile(TEST_VPN_PKG);
|
vpn.deleteVpnProfile(TEST_VPN_PKG);
|
||||||
|
|
||||||
@@ -1089,7 +1086,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
@Test
|
@Test
|
||||||
public void testDeleteVpnProfileRestrictedUser() throws Exception {
|
public void testDeleteVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpn(
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@@ -1101,7 +1098,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetVpnProfilePrivileged() throws Exception {
|
public void testGetVpnProfilePrivileged() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(new VpnProfile("").encode());
|
.thenReturn(new VpnProfile("").encode());
|
||||||
@@ -1120,7 +1117,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
verify(mAppOps).startOp(
|
verify(mAppOps).startOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(packageName),
|
eq(packageName),
|
||||||
eq(null) /* attributionTag */,
|
eq(null) /* attributionTag */,
|
||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
@@ -1130,14 +1127,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
// Add a small delay to double confirm that finishOp is only called once.
|
// Add a small delay to double confirm that finishOp is only called once.
|
||||||
verify(mAppOps, after(100)).finishOp(
|
verify(mAppOps, after(100)).finishOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(packageName),
|
eq(packageName),
|
||||||
eq(null) /* attributionTag */);
|
eq(null) /* attributionTag */);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfile() throws Exception {
|
public void testStartVpnProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
@@ -1150,7 +1147,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
|
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
@@ -1164,7 +1161,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileNotConsented() throws Exception {
|
public void testStartVpnProfileNotConsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1189,7 +1186,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileMissingProfile() throws Exception {
|
public void testStartVpnProfileMissingProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
|
||||||
|
|
||||||
@@ -1211,9 +1208,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileRestrictedUser() throws Exception {
|
public void testStartVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn = createVpn(RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
createVpnAndSetupUidChecks(
|
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1224,9 +1219,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStopVpnProfileRestrictedUser() throws Exception {
|
public void testStopVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn = createVpn(RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
createVpnAndSetupUidChecks(
|
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.stopVpnProfile(TEST_VPN_PKG);
|
vpn.stopVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1237,7 +1230,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartOpAndFinishOpWillBeCalledWhenPlatformVpnIsOnAndOff() throws Exception {
|
public void testStartOpAndFinishOpWillBeCalledWhenPlatformVpnIsOnAndOff() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1245,14 +1238,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
// Add a small delay to make sure that startOp is only called once.
|
// Add a small delay to make sure that startOp is only called once.
|
||||||
verify(mAppOps, after(100).times(1)).startOp(
|
verify(mAppOps, after(100).times(1)).startOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(null) /* attributionTag */,
|
eq(null) /* attributionTag */,
|
||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
// Check that the startOp is not called with OPSTR_ESTABLISH_VPN_SERVICE.
|
// Check that the startOp is not called with OPSTR_ESTABLISH_VPN_SERVICE.
|
||||||
verify(mAppOps, never()).startOp(
|
verify(mAppOps, never()).startOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_SERVICE),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_SERVICE),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(null) /* attributionTag */,
|
eq(null) /* attributionTag */,
|
||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
@@ -1262,7 +1255,9 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartOpWithSeamlessHandover() throws Exception {
|
public void testStartOpWithSeamlessHandover() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
// Create with SYSTEM_USER so that establish() will match the user ID when checking
|
||||||
|
// against Binder.getCallerUid
|
||||||
|
final Vpn vpn = createVpn(SYSTEM_USER, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
assertTrue(vpn.prepare(TEST_VPN_PKG, null, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.prepare(TEST_VPN_PKG, null, VpnManager.TYPE_VPN_SERVICE));
|
||||||
final VpnConfig config = new VpnConfig();
|
final VpnConfig config = new VpnConfig();
|
||||||
config.user = "VpnTest";
|
config.user = "VpnTest";
|
||||||
@@ -1358,7 +1353,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
// this is checked with CONTROL_VPN so simulate holding CONTROL_VPN in order to pass the
|
// this is checked with CONTROL_VPN so simulate holding CONTROL_VPN in order to pass the
|
||||||
// security checks.
|
// security checks.
|
||||||
doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
|
doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
|
|
||||||
@@ -1450,7 +1445,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testReconnectVpnManagerVpnWithAlwaysOnEnabled() throws Exception {
|
public void testReconnectVpnManagerVpnWithAlwaysOnEnabled() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1473,47 +1468,74 @@ public class VpnTest extends VpnTestBase {
|
|||||||
verifyPlatformVpnIsActivated(TEST_VPN_PKG);
|
verifyPlatformVpnIsActivated(TEST_VPN_PKG);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLockdown_enableDisableWhileConnected() throws Exception {
|
||||||
|
final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
|
||||||
|
createIkeConfig(createIkeConnectInfo(), true /* isMobikeEnabled */));
|
||||||
|
|
||||||
|
final InOrder order = inOrder(mTestDeps);
|
||||||
|
order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
|
||||||
|
.newNetworkAgent(any(), any(), any(), any(), any(), any(),
|
||||||
|
argThat(config -> config.allowBypass), any(), any());
|
||||||
|
|
||||||
|
// Make VPN lockdown.
|
||||||
|
assertTrue(vpnSnapShot.vpn.setAlwaysOnPackage(TEST_VPN_PKG, true /* lockdown */,
|
||||||
|
null /* lockdownAllowlist */));
|
||||||
|
|
||||||
|
order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
|
||||||
|
.newNetworkAgent(any(), any(), any(), any(), any(), any(),
|
||||||
|
argThat(config -> !config.allowBypass), any(), any());
|
||||||
|
|
||||||
|
// Disable lockdown.
|
||||||
|
assertTrue(vpnSnapShot.vpn.setAlwaysOnPackage(TEST_VPN_PKG, false /* lockdown */,
|
||||||
|
null /* lockdownAllowlist */));
|
||||||
|
|
||||||
|
order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
|
||||||
|
.newNetworkAgent(any(), any(), any(), any(), any(), any(),
|
||||||
|
argThat(config -> config.allowBypass), any(), any());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSetPackageAuthorizationVpnService() throws Exception {
|
public void testSetPackageAuthorizationVpnService() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSetPackageAuthorizationPlatformVpn() throws Exception {
|
public void testSetPackageAuthorizationPlatformVpn() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, TYPE_VPN_PLATFORM));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, TYPE_VPN_PLATFORM));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSetPackageAuthorizationRevokeAuthorization() throws Exception {
|
public void testSetPackageAuthorizationRevokeAuthorization() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
}
|
}
|
||||||
@@ -1551,7 +1573,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
final ArgumentCaptor<IkeSessionCallback> captor =
|
final ArgumentCaptor<IkeSessionCallback> captor =
|
||||||
ArgumentCaptor.forClass(IkeSessionCallback.class);
|
ArgumentCaptor.forClass(IkeSessionCallback.class);
|
||||||
|
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
|
|
||||||
@@ -1878,7 +1900,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
any(), any(), anyString(), any(), any(), any(), any(), any(), any());
|
any(), any(), anyString(), any(), any(), any(), any(), any(), any());
|
||||||
doReturn(TEST_NETWORK).when(mMockNetworkAgent).getNetwork();
|
doReturn(TEST_NETWORK).when(mMockNetworkAgent).getNetwork();
|
||||||
|
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(vpnProfile.encode());
|
.thenReturn(vpnProfile.encode());
|
||||||
|
|
||||||
@@ -2866,6 +2888,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
|
public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
|
||||||
return mExecutor;
|
return mExecutor;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean mIgnoreCallingUidChecks = true;
|
||||||
|
@Override
|
||||||
|
public void verifyCallingUidAndPackage(Context context, String packageName, int userId) {
|
||||||
|
if (!mIgnoreCallingUidChecks) {
|
||||||
|
super.verifyCallingUidAndPackage(context, packageName, userId);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user