Merge "Test that VPN lockdown restarts the VPN agent."
This commit is contained in:
Jean Chalard
@@ -285,8 +285,6 @@ public class VpnTest extends VpnTestBase {
|
|||||||
"VPNAPPEXCLUDED_27_com.testvpn.vpn";
|
"VPNAPPEXCLUDED_27_com.testvpn.vpn";
|
||||||
static final String PKGS_BYTES = getPackageByteString(List.of(PKGS));
|
static final String PKGS_BYTES = getPackageByteString(List.of(PKGS));
|
||||||
private static final Range<Integer> PRIMARY_USER_RANGE = uidRangeForUser(PRIMARY_USER.id);
|
private static final Range<Integer> PRIMARY_USER_RANGE = uidRangeForUser(PRIMARY_USER.id);
|
||||||
// Same as IkeSessionParams#IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT
|
|
||||||
private static final int IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT = 10;
|
|
||||||
private static final int TEST_KEEPALIVE_TIMER = 800;
|
private static final int TEST_KEEPALIVE_TIMER = 800;
|
||||||
private static final int TEST_SUB_ID = 1234;
|
private static final int TEST_SUB_ID = 1234;
|
||||||
private static final String TEST_MCCMNC = "12345";
|
private static final String TEST_MCCMNC = "12345";
|
||||||
@@ -792,7 +790,8 @@ public class VpnTest extends VpnTestBase {
|
|||||||
@Test
|
@Test
|
||||||
public void testPrepare_throwSecurityExceptionWhenGivenPackageDoesNotBelongToTheCaller()
|
public void testPrepare_throwSecurityExceptionWhenGivenPackageDoesNotBelongToTheCaller()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
mTestDeps.mIgnoreCallingUidChecks = false;
|
||||||
|
final Vpn vpn = createVpn();
|
||||||
assertThrows(SecurityException.class,
|
assertThrows(SecurityException.class,
|
||||||
() -> vpn.prepare("com.not.vpn.owner", null, VpnManager.TYPE_VPN_SERVICE));
|
() -> vpn.prepare("com.not.vpn.owner", null, VpnManager.TYPE_VPN_SERVICE));
|
||||||
assertThrows(SecurityException.class,
|
assertThrows(SecurityException.class,
|
||||||
@@ -804,7 +803,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testPrepare_bothOldPackageAndNewPackageAreNull() throws Exception {
|
public void testPrepare_bothOldPackageAndNewPackageAreNull() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
assertTrue(vpn.prepare(null, null, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.prepare(null, null, VpnManager.TYPE_VPN_SERVICE));
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -887,17 +886,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Vpn createVpnAndSetupUidChecks(String... grantedOps) throws Exception {
|
private Vpn createVpn(String... grantedOps) throws Exception {
|
||||||
return createVpnAndSetupUidChecks(PRIMARY_USER, grantedOps);
|
return createVpn(PRIMARY_USER, grantedOps);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Vpn createVpnAndSetupUidChecks(UserInfo user, String... grantedOps) throws Exception {
|
private Vpn createVpn(UserInfo user, String... grantedOps) throws Exception {
|
||||||
final Vpn vpn = createVpn(user.id);
|
final Vpn vpn = createVpn(user.id);
|
||||||
setMockedUsers(user);
|
setMockedUsers(user);
|
||||||
|
|
||||||
when(mPackageManager.getPackageUidAsUser(eq(TEST_VPN_PKG), anyInt()))
|
|
||||||
.thenReturn(Process.myUid());
|
|
||||||
|
|
||||||
for (final String opStr : grantedOps) {
|
for (final String opStr : grantedOps) {
|
||||||
when(mAppOps.noteOpNoThrow(opStr, Process.myUid(), TEST_VPN_PKG,
|
when(mAppOps.noteOpNoThrow(opStr, Process.myUid(), TEST_VPN_PKG,
|
||||||
null /* attributionTag */, null /* message */))
|
null /* attributionTag */, null /* message */))
|
||||||
@@ -926,7 +922,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
|
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
|
||||||
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
|
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
|
||||||
.thenReturn(false);
|
.thenReturn(false);
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
checkProvisionVpnProfile(
|
checkProvisionVpnProfile(
|
||||||
@@ -937,7 +933,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private Vpn prepareVpnForVerifyAppExclusionList() throws Exception {
|
private Vpn prepareVpnForVerifyAppExclusionList() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
when(mVpnProfileStore.get(PRIMARY_USER_APP_EXCLUDE_KEY))
|
when(mVpnProfileStore.get(PRIMARY_USER_APP_EXCLUDE_KEY))
|
||||||
@@ -1053,7 +1049,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfilePreconsented() throws Exception {
|
public void testProvisionVpnProfilePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
checkProvisionVpnProfile(
|
checkProvisionVpnProfile(
|
||||||
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
@@ -1061,7 +1057,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileNotPreconsented() throws Exception {
|
public void testProvisionVpnProfileNotPreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
|
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
|
||||||
// had neither.
|
// had neither.
|
||||||
@@ -1071,14 +1067,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
|
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
|
|
||||||
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileTooLarge() throws Exception {
|
public void testProvisionVpnProfileTooLarge() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
final VpnProfile bigProfile = new VpnProfile("");
|
final VpnProfile bigProfile = new VpnProfile("");
|
||||||
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
|
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
|
||||||
@@ -1093,7 +1089,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileRestrictedUser() throws Exception {
|
public void testProvisionVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpn(
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@@ -1105,7 +1101,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testDeleteVpnProfile() throws Exception {
|
public void testDeleteVpnProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
vpn.deleteVpnProfile(TEST_VPN_PKG);
|
vpn.deleteVpnProfile(TEST_VPN_PKG);
|
||||||
|
|
||||||
@@ -1116,7 +1112,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
@Test
|
@Test
|
||||||
public void testDeleteVpnProfileRestrictedUser() throws Exception {
|
public void testDeleteVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpn(
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@@ -1128,7 +1124,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testGetVpnProfilePrivileged() throws Exception {
|
public void testGetVpnProfilePrivileged() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(new VpnProfile("").encode());
|
.thenReturn(new VpnProfile("").encode());
|
||||||
@@ -1147,7 +1143,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
verify(mAppOps).startOp(
|
verify(mAppOps).startOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(packageName),
|
eq(packageName),
|
||||||
eq(null) /* attributionTag */,
|
eq(null) /* attributionTag */,
|
||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
@@ -1157,14 +1153,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
// Add a small delay to double confirm that finishOp is only called once.
|
// Add a small delay to double confirm that finishOp is only called once.
|
||||||
verify(mAppOps, after(100)).finishOp(
|
verify(mAppOps, after(100)).finishOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(packageName),
|
eq(packageName),
|
||||||
eq(null) /* attributionTag */);
|
eq(null) /* attributionTag */);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfile() throws Exception {
|
public void testStartVpnProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
@@ -1177,7 +1173,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
|
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
@@ -1191,7 +1187,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileNotConsented() throws Exception {
|
public void testStartVpnProfileNotConsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1216,7 +1212,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileMissingProfile() throws Exception {
|
public void testStartVpnProfileMissingProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
|
||||||
|
|
||||||
@@ -1238,9 +1234,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileRestrictedUser() throws Exception {
|
public void testStartVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn = createVpn(RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
createVpnAndSetupUidChecks(
|
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1251,9 +1245,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStopVpnProfileRestrictedUser() throws Exception {
|
public void testStopVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn = createVpn(RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
createVpnAndSetupUidChecks(
|
|
||||||
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.stopVpnProfile(TEST_VPN_PKG);
|
vpn.stopVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1264,7 +1256,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartOpAndFinishOpWillBeCalledWhenPlatformVpnIsOnAndOff() throws Exception {
|
public void testStartOpAndFinishOpWillBeCalledWhenPlatformVpnIsOnAndOff() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1272,14 +1264,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
// Add a small delay to make sure that startOp is only called once.
|
// Add a small delay to make sure that startOp is only called once.
|
||||||
verify(mAppOps, after(100).times(1)).startOp(
|
verify(mAppOps, after(100).times(1)).startOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(null) /* attributionTag */,
|
eq(null) /* attributionTag */,
|
||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
// Check that the startOp is not called with OPSTR_ESTABLISH_VPN_SERVICE.
|
// Check that the startOp is not called with OPSTR_ESTABLISH_VPN_SERVICE.
|
||||||
verify(mAppOps, never()).startOp(
|
verify(mAppOps, never()).startOp(
|
||||||
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_SERVICE),
|
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_SERVICE),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(null) /* attributionTag */,
|
eq(null) /* attributionTag */,
|
||||||
eq(null) /* message */);
|
eq(null) /* message */);
|
||||||
@@ -1289,7 +1281,9 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartOpWithSeamlessHandover() throws Exception {
|
public void testStartOpWithSeamlessHandover() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
// Create with SYSTEM_USER so that establish() will match the user ID when checking
|
||||||
|
// against Binder.getCallerUid
|
||||||
|
final Vpn vpn = createVpn(SYSTEM_USER, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
assertTrue(vpn.prepare(TEST_VPN_PKG, null, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.prepare(TEST_VPN_PKG, null, VpnManager.TYPE_VPN_SERVICE));
|
||||||
final VpnConfig config = new VpnConfig();
|
final VpnConfig config = new VpnConfig();
|
||||||
config.user = "VpnTest";
|
config.user = "VpnTest";
|
||||||
@@ -1387,7 +1381,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
// this is checked with CONTROL_VPN so simulate holding CONTROL_VPN in order to pass the
|
// this is checked with CONTROL_VPN so simulate holding CONTROL_VPN in order to pass the
|
||||||
// security checks.
|
// security checks.
|
||||||
doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
|
doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
|
|
||||||
@@ -1479,7 +1473,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testReconnectVpnManagerVpnWithAlwaysOnEnabled() throws Exception {
|
public void testReconnectVpnManagerVpnWithAlwaysOnEnabled() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG);
|
vpn.startVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -1502,47 +1496,74 @@ public class VpnTest extends VpnTestBase {
|
|||||||
verifyPlatformVpnIsActivated(TEST_VPN_PKG);
|
verifyPlatformVpnIsActivated(TEST_VPN_PKG);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testLockdown_enableDisableWhileConnected() throws Exception {
|
||||||
|
final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
|
||||||
|
createIkeConfig(createIkeConnectInfo(), true /* isMobikeEnabled */));
|
||||||
|
|
||||||
|
final InOrder order = inOrder(mTestDeps);
|
||||||
|
order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
|
||||||
|
.newNetworkAgent(any(), any(), any(), any(), any(), any(),
|
||||||
|
argThat(config -> config.allowBypass), any(), any());
|
||||||
|
|
||||||
|
// Make VPN lockdown.
|
||||||
|
assertTrue(vpnSnapShot.vpn.setAlwaysOnPackage(TEST_VPN_PKG, true /* lockdown */,
|
||||||
|
null /* lockdownAllowlist */));
|
||||||
|
|
||||||
|
order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
|
||||||
|
.newNetworkAgent(any(), any(), any(), any(), any(), any(),
|
||||||
|
argThat(config -> !config.allowBypass), any(), any());
|
||||||
|
|
||||||
|
// Disable lockdown.
|
||||||
|
assertTrue(vpnSnapShot.vpn.setAlwaysOnPackage(TEST_VPN_PKG, false /* lockdown */,
|
||||||
|
null /* lockdownAllowlist */));
|
||||||
|
|
||||||
|
order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
|
||||||
|
.newNetworkAgent(any(), any(), any(), any(), any(), any(),
|
||||||
|
argThat(config -> config.allowBypass), any(), any());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSetPackageAuthorizationVpnService() throws Exception {
|
public void testSetPackageAuthorizationVpnService() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSetPackageAuthorizationPlatformVpn() throws Exception {
|
public void testSetPackageAuthorizationPlatformVpn() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, TYPE_VPN_PLATFORM));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, TYPE_VPN_PLATFORM));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testSetPackageAuthorizationRevokeAuthorization() throws Exception {
|
public void testSetPackageAuthorizationRevokeAuthorization() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks();
|
final Vpn vpn = createVpn();
|
||||||
|
|
||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
}
|
}
|
||||||
@@ -1580,7 +1601,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
final ArgumentCaptor<IkeSessionCallback> captor =
|
final ArgumentCaptor<IkeSessionCallback> captor =
|
||||||
ArgumentCaptor.forClass(IkeSessionCallback.class);
|
ArgumentCaptor.forClass(IkeSessionCallback.class);
|
||||||
|
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
|
|
||||||
@@ -1905,7 +1926,7 @@ public class VpnTest extends VpnTestBase {
|
|||||||
any(), any(), anyString(), any(), any(), any(), any(), any(), any());
|
any(), any(), anyString(), any(), any(), any(), any(), any(), any());
|
||||||
doReturn(TEST_NETWORK).when(mMockNetworkAgent).getNetwork();
|
doReturn(TEST_NETWORK).when(mMockNetworkAgent).getNetwork();
|
||||||
|
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(vpnProfile.encode());
|
.thenReturn(vpnProfile.encode());
|
||||||
|
|
||||||
@@ -2954,6 +2975,14 @@ public class VpnTest extends VpnTestBase {
|
|||||||
public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
|
public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
|
||||||
return mExecutor;
|
return mExecutor;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean mIgnoreCallingUidChecks = true;
|
||||||
|
@Override
|
||||||
|
public void verifyCallingUidAndPackage(Context context, String packageName, int userId) {
|
||||||
|
if (!mIgnoreCallingUidChecks) {
|
||||||
|
super.verifyCallingUidAndPackage(context, packageName, userId);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user