Improve getConnectionOwnerUid tests.
Currently, the tests only check whether the method throws a SecurityException or not. Also check the return value of the call, by mocking out InetDiagMessage.getConnectionOwnerUid. This is required to test an upcoming change that will never throw SecurityException but always return INVALID_UID if the caller lacks permissions. Bug: 173331190 Test: test-only change Change-Id: I63f42a2f098fcf8796c9b4525a3a7b8320c0a139
This commit is contained in:
Lorenzo Colitti
@@ -222,6 +222,7 @@ import java.io.FileDescriptor;
|
|||||||
import java.io.PrintWriter;
|
import java.io.PrintWriter;
|
||||||
import java.net.Inet4Address;
|
import java.net.Inet4Address;
|
||||||
import java.net.InetAddress;
|
import java.net.InetAddress;
|
||||||
|
import java.net.InetSocketAddress;
|
||||||
import java.net.UnknownHostException;
|
import java.net.UnknownHostException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
@@ -989,6 +990,15 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
return NetworkUtils.queryUserAccess(uid, netId);
|
return NetworkUtils.queryUserAccess(uid, netId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the UID that owns a socket connection. Needed because opening SOCK_DIAG sockets
|
||||||
|
* requires CAP_NET_ADMIN, which the unit tests do not have.
|
||||||
|
*/
|
||||||
|
public int getConnectionOwnerUid(int protocol, InetSocketAddress local,
|
||||||
|
InetSocketAddress remote) {
|
||||||
|
return InetDiagMessage.getConnectionOwnerUid(protocol, local, remote);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see MultinetworkPolicyTracker
|
* @see MultinetworkPolicyTracker
|
||||||
*/
|
*/
|
||||||
@@ -8350,7 +8360,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
throw new IllegalArgumentException("Unsupported protocol " + connectionInfo.protocol);
|
throw new IllegalArgumentException("Unsupported protocol " + connectionInfo.protocol);
|
||||||
}
|
}
|
||||||
|
|
||||||
final int uid = InetDiagMessage.getConnectionOwnerUid(connectionInfo.protocol,
|
final int uid = mDeps.getConnectionOwnerUid(connectionInfo.protocol,
|
||||||
connectionInfo.local, connectionInfo.remote);
|
connectionInfo.local, connectionInfo.remote);
|
||||||
|
|
||||||
/* Filter out Uids not associated with the VPN. */
|
/* Filter out Uids not associated with the VPN. */
|
||||||
|
|||||||
@@ -8355,13 +8355,14 @@ public class ConnectivityServiceTest {
|
|||||||
private void setupConnectionOwnerUid(int vpnOwnerUid, @VpnManager.VpnType int vpnType)
|
private void setupConnectionOwnerUid(int vpnOwnerUid, @VpnManager.VpnType int vpnType)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(PRIMARY_USER));
|
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(PRIMARY_USER));
|
||||||
|
mMockVpn.setVpnType(vpnType);
|
||||||
mMockVpn.establish(new LinkProperties(), vpnOwnerUid, vpnRange);
|
mMockVpn.establish(new LinkProperties(), vpnOwnerUid, vpnRange);
|
||||||
assertVpnUidRangesUpdated(true, vpnRange, vpnOwnerUid);
|
assertVpnUidRangesUpdated(true, vpnRange, vpnOwnerUid);
|
||||||
mMockVpn.setVpnType(vpnType);
|
|
||||||
|
|
||||||
final UnderlyingNetworkInfo underlyingNetworkInfo =
|
final UnderlyingNetworkInfo underlyingNetworkInfo =
|
||||||
new UnderlyingNetworkInfo(vpnOwnerUid, VPN_IFNAME, new ArrayList<String>());
|
new UnderlyingNetworkInfo(vpnOwnerUid, VPN_IFNAME, new ArrayList<String>());
|
||||||
mMockVpn.setUnderlyingNetworkInfo(underlyingNetworkInfo);
|
mMockVpn.setUnderlyingNetworkInfo(underlyingNetworkInfo);
|
||||||
|
when(mDeps.getConnectionOwnerUid(anyInt(), any(), any())).thenReturn(42);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void setupConnectionOwnerUidAsVpnApp(int vpnOwnerUid, @VpnManager.VpnType int vpnType)
|
private void setupConnectionOwnerUidAsVpnApp(int vpnOwnerUid, @VpnManager.VpnType int vpnType)
|
||||||
@@ -8410,8 +8411,7 @@ public class ConnectivityServiceTest {
|
|||||||
final int myUid = Process.myUid();
|
final int myUid = Process.myUid();
|
||||||
setupConnectionOwnerUidAsVpnApp(myUid, VpnManager.TYPE_VPN_SERVICE);
|
setupConnectionOwnerUidAsVpnApp(myUid, VpnManager.TYPE_VPN_SERVICE);
|
||||||
|
|
||||||
// TODO: Test the returned UID
|
assertEquals(42, mService.getConnectionOwnerUid(getTestConnectionInfo()));
|
||||||
mService.getConnectionOwnerUid(getTestConnectionInfo());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -8421,8 +8421,7 @@ public class ConnectivityServiceTest {
|
|||||||
mServiceContext.setPermission(
|
mServiceContext.setPermission(
|
||||||
android.Manifest.permission.NETWORK_STACK, PERMISSION_GRANTED);
|
android.Manifest.permission.NETWORK_STACK, PERMISSION_GRANTED);
|
||||||
|
|
||||||
// TODO: Test the returned UID
|
assertEquals(42, mService.getConnectionOwnerUid(getTestConnectionInfo()));
|
||||||
mService.getConnectionOwnerUid(getTestConnectionInfo());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -8433,8 +8432,7 @@ public class ConnectivityServiceTest {
|
|||||||
mServiceContext.setPermission(
|
mServiceContext.setPermission(
|
||||||
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, PERMISSION_GRANTED);
|
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK, PERMISSION_GRANTED);
|
||||||
|
|
||||||
// TODO: Test the returned UID
|
assertEquals(42, mService.getConnectionOwnerUid(getTestConnectionInfo()));
|
||||||
mService.getConnectionOwnerUid(getTestConnectionInfo());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid) {
|
private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid) {
|
||||||
|
|||||||
Reference in New Issue
Block a user