From 3797f878acf9b76320be86d963f95fed5f9fb301 Mon Sep 17 00:00:00 2001 From: chiachangwang Date: Fri, 5 Aug 2022 02:00:25 +0000 Subject: [PATCH] Stop calling setAlwaysOnPackage from VpnManagerService To decouple VpnManagerService from ConnectivityServiceTest, stop calling setAlwaysOnPackage from VpnManagerService as a preparation for the follow up changes. Update it to equivalent calls from Vpn directly. The VpnManagerService variable is still needed because tests have indirect calls via sending intent to update the lock down behavior. Bug: 230548427 Test: atest ConnectivityServiceTest Change-Id: Ib78ac8173b2a4d2a8e9845e943eb63d79c36218c --- .../server/ConnectivityServiceTest.java | 30 +++++++------------ 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java index 28119d8e9c..3c9ff275d6 100644 --- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java +++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java @@ -8547,8 +8547,7 @@ public class ConnectivityServiceTest { // Enable always-on VPN lockdown. The main user loses network access because no VPN is up. final ArrayList allowList = new ArrayList<>(); - mVpnManagerService.setAlwaysOnVpnPackage(PRIMARY_USER, ALWAYS_ON_PACKAGE, - true /* lockdown */, allowList); + mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList); waitForIdle(); assertNull(mCm.getActiveNetworkForUid(uid)); // This is arguably overspecified: a UID that is not running doesn't have an active network. @@ -8580,8 +8579,7 @@ public class ConnectivityServiceTest { assertNull(mCm.getActiveNetworkForUid(uid)); assertNotNull(mCm.getActiveNetworkForUid(restrictedUid)); - mVpnManagerService.setAlwaysOnVpnPackage(PRIMARY_USER, null, false /* lockdown */, - allowList); + mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList); waitForIdle(); } @@ -9039,10 +9037,8 @@ public class ConnectivityServiceTest { new Handler(ConnectivityThread.getInstanceLooper())); final int uid = Process.myUid(); - final int userId = UserHandle.getUserId(uid); final ArrayList allowList = new ArrayList<>(); - mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */, - allowList); + mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList); waitForIdle(); final Set excludedUids = new ArraySet(); @@ -9072,7 +9068,7 @@ public class ConnectivityServiceTest { assertNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED); // Disable lockdown, expect to see the network unblocked. - mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList); + mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList); callback.expectBlockedStatusCallback(false, mWiFiNetworkAgent); defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent); vpnUidCallback.assertNoCallback(); @@ -9087,8 +9083,7 @@ public class ConnectivityServiceTest { // Add our UID to the allowlist and re-enable lockdown, expect network is not blocked. allowList.add(TEST_PACKAGE_NAME); - mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */, - allowList); + mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList); callback.assertNoCallback(); defaultCallback.assertNoCallback(); vpnUidCallback.assertNoCallback(); @@ -9126,12 +9121,11 @@ public class ConnectivityServiceTest { // Disable lockdown, remove our UID from the allowlist, and re-enable lockdown. // Everything should now be blocked. - mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList); + mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList); waitForIdle(); expectNetworkRejectNonSecureVpn(inOrder, false, uidRangeParcelsAlsoExcludingUs); allowList.clear(); - mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */, - allowList); + mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList); waitForIdle(); expectNetworkRejectNonSecureVpn(inOrder, true, uidRangeParcels); defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent); @@ -9146,7 +9140,7 @@ public class ConnectivityServiceTest { assertNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED); // Disable lockdown. Everything is unblocked. - mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList); + mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList); defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent); assertBlockedCallbackInAnyOrder(callback, false, mWiFiNetworkAgent, mCellNetworkAgent); vpnUidCallback.assertNoCallback(); @@ -9160,8 +9154,7 @@ public class ConnectivityServiceTest { // Enable and disable an always-on VPN package without lockdown. Expect no changes. reset(mMockNetd); - mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, false /* lockdown */, - allowList); + mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, false /* lockdown */, allowList); inOrder.verify(mMockNetd, never()).networkRejectNonSecureVpn(anyBoolean(), any()); callback.assertNoCallback(); defaultCallback.assertNoCallback(); @@ -9174,7 +9167,7 @@ public class ConnectivityServiceTest { assertNetworkInfo(TYPE_MOBILE, DetailedState.DISCONNECTED); assertNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED); - mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList); + mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList); inOrder.verify(mMockNetd, never()).networkRejectNonSecureVpn(anyBoolean(), any()); callback.assertNoCallback(); defaultCallback.assertNoCallback(); @@ -9188,8 +9181,7 @@ public class ConnectivityServiceTest { assertNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED); // Enable lockdown and connect a VPN. The VPN is not blocked. - mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */, - allowList); + mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList); defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent); assertBlockedCallbackInAnyOrder(callback, true, mWiFiNetworkAgent, mCellNetworkAgent); vpnUidCallback.assertNoCallback();