Add always-on VPN support for platform VPNs am: 16e0e33c71
Change-Id: I9f600a9ea2002bf9a1ee88137e3a29b2c90b22ac
This commit is contained in:
Automerger Merge Worker
@@ -4780,7 +4780,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return vpn.startAlwaysOnVpn();
|
return vpn.startAlwaysOnVpn(mKeyStore);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4795,7 +4795,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
Slog.w(TAG, "User " + userId + " has no Vpn configuration");
|
Slog.w(TAG, "User " + userId + " has no Vpn configuration");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
return vpn.isAlwaysOnPackageSupported(packageName);
|
return vpn.isAlwaysOnPackageSupported(packageName, mKeyStore);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4816,11 +4816,11 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
Slog.w(TAG, "User " + userId + " has no Vpn configuration");
|
Slog.w(TAG, "User " + userId + " has no Vpn configuration");
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!vpn.setAlwaysOnPackage(packageName, lockdown, lockdownWhitelist)) {
|
if (!vpn.setAlwaysOnPackage(packageName, lockdown, lockdownWhitelist, mKeyStore)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if (!startAlwaysOnVpn(userId)) {
|
if (!startAlwaysOnVpn(userId)) {
|
||||||
vpn.setAlwaysOnPackage(null, false, null);
|
vpn.setAlwaysOnPackage(null, false, null, mKeyStore);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -5006,7 +5006,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
loge("Starting user already has a VPN");
|
loge("Starting user already has a VPN");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
userVpn = new Vpn(mHandler.getLooper(), mContext, mNMS, userId);
|
userVpn = new Vpn(mHandler.getLooper(), mContext, mNMS, userId, mKeyStore);
|
||||||
mVpns.put(userId, userVpn);
|
mVpns.put(userId, userVpn);
|
||||||
if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) {
|
if (mUserManager.getUserInfo(userId).isPrimary() && LockdownVpnTracker.isEnabled()) {
|
||||||
updateLockdownVpn();
|
updateLockdownVpn();
|
||||||
@@ -5077,7 +5077,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName)) {
|
if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName)) {
|
||||||
Slog.d(TAG, "Restarting always-on VPN package " + packageName + " for user "
|
Slog.d(TAG, "Restarting always-on VPN package " + packageName + " for user "
|
||||||
+ userId);
|
+ userId);
|
||||||
vpn.startAlwaysOnVpn();
|
vpn.startAlwaysOnVpn(mKeyStore);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -5099,7 +5099,7 @@ public class ConnectivityService extends IConnectivityManager.Stub
|
|||||||
if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName) && !isReplacing) {
|
if (TextUtils.equals(vpn.getAlwaysOnPackage(), packageName) && !isReplacing) {
|
||||||
Slog.d(TAG, "Removing always-on VPN package " + packageName + " for user "
|
Slog.d(TAG, "Removing always-on VPN package " + packageName + " for user "
|
||||||
+ userId);
|
+ userId);
|
||||||
vpn.setAlwaysOnPackage(null, false, null);
|
vpn.setAlwaysOnPackage(null, false, null, mKeyStore);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -203,6 +203,7 @@ import android.os.SystemClock;
|
|||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
import android.os.UserManager;
|
import android.os.UserManager;
|
||||||
import android.provider.Settings;
|
import android.provider.Settings;
|
||||||
|
import android.security.KeyStore;
|
||||||
import android.system.Os;
|
import android.system.Os;
|
||||||
import android.test.mock.MockContentResolver;
|
import android.test.mock.MockContentResolver;
|
||||||
import android.text.TextUtils;
|
import android.text.TextUtils;
|
||||||
@@ -1017,7 +1018,7 @@ public class ConnectivityServiceTest {
|
|||||||
|
|
||||||
public MockVpn(int userId) {
|
public MockVpn(int userId) {
|
||||||
super(startHandlerThreadAndReturnLooper(), mServiceContext, mNetworkManagementService,
|
super(startHandlerThreadAndReturnLooper(), mServiceContext, mNetworkManagementService,
|
||||||
userId);
|
userId, mock(KeyStore.class));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setNetworkAgent(TestNetworkAgentWrapper agent) {
|
public void setNetworkAgent(TestNetworkAgentWrapper agent) {
|
||||||
|
|||||||
@@ -72,6 +72,7 @@ import android.os.Looper;
|
|||||||
import android.os.Process;
|
import android.os.Process;
|
||||||
import android.os.UserHandle;
|
import android.os.UserHandle;
|
||||||
import android.os.UserManager;
|
import android.os.UserManager;
|
||||||
|
import android.provider.Settings;
|
||||||
import android.security.Credentials;
|
import android.security.Credentials;
|
||||||
import android.security.KeyStore;
|
import android.security.KeyStore;
|
||||||
import android.util.ArrayMap;
|
import android.util.ArrayMap;
|
||||||
@@ -260,17 +261,17 @@ public class VpnTest {
|
|||||||
assertFalse(vpn.getLockdown());
|
assertFalse(vpn.getLockdown());
|
||||||
|
|
||||||
// Set always-on without lockdown.
|
// Set always-on without lockdown.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], false, Collections.emptyList()));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], false, Collections.emptyList(), mKeyStore));
|
||||||
assertTrue(vpn.getAlwaysOn());
|
assertTrue(vpn.getAlwaysOn());
|
||||||
assertFalse(vpn.getLockdown());
|
assertFalse(vpn.getLockdown());
|
||||||
|
|
||||||
// Set always-on with lockdown.
|
// Set always-on with lockdown.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, Collections.emptyList()));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, Collections.emptyList(), mKeyStore));
|
||||||
assertTrue(vpn.getAlwaysOn());
|
assertTrue(vpn.getAlwaysOn());
|
||||||
assertTrue(vpn.getLockdown());
|
assertTrue(vpn.getLockdown());
|
||||||
|
|
||||||
// Remove always-on configuration.
|
// Remove always-on configuration.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(null, false, Collections.emptyList()));
|
assertTrue(vpn.setAlwaysOnPackage(null, false, Collections.emptyList(), mKeyStore));
|
||||||
assertFalse(vpn.getAlwaysOn());
|
assertFalse(vpn.getAlwaysOn());
|
||||||
assertFalse(vpn.getLockdown());
|
assertFalse(vpn.getLockdown());
|
||||||
}
|
}
|
||||||
@@ -284,11 +285,11 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[1], user.start + PKG_UIDS[2], user.start + PKG_UIDS[3]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[1], user.start + PKG_UIDS[2], user.start + PKG_UIDS[3]);
|
||||||
|
|
||||||
// Set always-on without lockdown.
|
// Set always-on without lockdown.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], false, null));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], false, null, mKeyStore));
|
||||||
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[1], user.start + PKG_UIDS[2], user.start + PKG_UIDS[3]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[1], user.start + PKG_UIDS[2], user.start + PKG_UIDS[3]);
|
||||||
|
|
||||||
// Set always-on with lockdown.
|
// Set always-on with lockdown.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, null));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, null, mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(true), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(true), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[1] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||||
@@ -297,7 +298,7 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[1]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[1]);
|
||||||
|
|
||||||
// Switch to another app.
|
// Switch to another app.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[3], true, null));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[3], true, null, mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[1] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||||
@@ -316,7 +317,8 @@ public class VpnTest {
|
|||||||
final UidRange user = UidRange.createForUser(primaryUser.id);
|
final UidRange user = UidRange.createForUser(primaryUser.id);
|
||||||
|
|
||||||
// Set always-on with lockdown and whitelist app PKGS[2] from lockdown.
|
// Set always-on with lockdown and whitelist app PKGS[2] from lockdown.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, Collections.singletonList(PKGS[2])));
|
assertTrue(vpn.setAlwaysOnPackage(
|
||||||
|
PKGS[1], true, Collections.singletonList(PKGS[2]), mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(true), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(true), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[2] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[2] + 1, user.stop)
|
||||||
@@ -325,7 +327,8 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[1], user.start + PKG_UIDS[2]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[1], user.start + PKG_UIDS[2]);
|
||||||
|
|
||||||
// Change whitelisted app to PKGS[3].
|
// Change whitelisted app to PKGS[3].
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, Collections.singletonList(PKGS[3])));
|
assertTrue(vpn.setAlwaysOnPackage(
|
||||||
|
PKGS[1], true, Collections.singletonList(PKGS[3]), mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start + PKG_UIDS[2] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[2] + 1, user.stop)
|
||||||
}));
|
}));
|
||||||
@@ -337,7 +340,8 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[1], user.start + PKG_UIDS[3]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[1], user.start + PKG_UIDS[3]);
|
||||||
|
|
||||||
// Change the VPN app.
|
// Change the VPN app.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[0], true, Collections.singletonList(PKGS[3])));
|
assertTrue(vpn.setAlwaysOnPackage(
|
||||||
|
PKGS[0], true, Collections.singletonList(PKGS[3]), mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
new UidRange(user.start, user.start + PKG_UIDS[1] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[1] + 1, user.start + PKG_UIDS[3] - 1)
|
new UidRange(user.start + PKG_UIDS[1] + 1, user.start + PKG_UIDS[3] - 1)
|
||||||
@@ -350,7 +354,7 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[3]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[3]);
|
||||||
|
|
||||||
// Remove the whitelist.
|
// Remove the whitelist.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[0], true, null));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[0], true, null, mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[3] - 1),
|
new UidRange(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[3] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[3] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[3] + 1, user.stop)
|
||||||
@@ -363,7 +367,8 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[0]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[0]);
|
||||||
|
|
||||||
// Add the whitelist.
|
// Add the whitelist.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[0], true, Collections.singletonList(PKGS[1])));
|
assertTrue(vpn.setAlwaysOnPackage(
|
||||||
|
PKGS[0], true, Collections.singletonList(PKGS[1]), mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start + PKG_UIDS[0] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[0] + 1, user.stop)
|
||||||
}));
|
}));
|
||||||
@@ -375,12 +380,13 @@ public class VpnTest {
|
|||||||
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[1]);
|
assertUnblocked(vpn, user.start + PKG_UIDS[0], user.start + PKG_UIDS[1]);
|
||||||
|
|
||||||
// Try whitelisting a package with a comma, should be rejected.
|
// Try whitelisting a package with a comma, should be rejected.
|
||||||
assertFalse(vpn.setAlwaysOnPackage(PKGS[0], true, Collections.singletonList("a.b,c.d")));
|
assertFalse(vpn.setAlwaysOnPackage(
|
||||||
|
PKGS[0], true, Collections.singletonList("a.b,c.d"), mKeyStore));
|
||||||
|
|
||||||
// Pass a non-existent packages in the whitelist, they (and only they) should be ignored.
|
// Pass a non-existent packages in the whitelist, they (and only they) should be ignored.
|
||||||
// Whitelisted package should change from PGKS[1] to PKGS[2].
|
// Whitelisted package should change from PGKS[1] to PKGS[2].
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[0], true,
|
assertTrue(vpn.setAlwaysOnPackage(
|
||||||
Arrays.asList("com.foo.app", PKGS[2], "com.bar.app")));
|
PKGS[0], true, Arrays.asList("com.foo.app", PKGS[2], "com.bar.app"), mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[]{
|
verify(mNetService).setAllowOnlyVpnForUids(eq(false), aryEq(new UidRange[]{
|
||||||
new UidRange(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[1] - 1),
|
new UidRange(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[1] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[1] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||||
@@ -405,7 +411,7 @@ public class VpnTest {
|
|||||||
final UidRange profile = UidRange.createForUser(tempProfile.id);
|
final UidRange profile = UidRange.createForUser(tempProfile.id);
|
||||||
|
|
||||||
// Set lockdown.
|
// Set lockdown.
|
||||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[3], true, null));
|
assertTrue(vpn.setAlwaysOnPackage(PKGS[3], true, null, mKeyStore));
|
||||||
verify(mNetService).setAllowOnlyVpnForUids(eq(true), aryEq(new UidRange[] {
|
verify(mNetService).setAllowOnlyVpnForUids(eq(true), aryEq(new UidRange[] {
|
||||||
new UidRange(user.start, user.start + PKG_UIDS[3] - 1),
|
new UidRange(user.start, user.start + PKG_UIDS[3] - 1),
|
||||||
new UidRange(user.start + PKG_UIDS[3] + 1, user.stop)
|
new UidRange(user.start + PKG_UIDS[3] + 1, user.stop)
|
||||||
@@ -499,22 +505,22 @@ public class VpnTest {
|
|||||||
.thenReturn(Collections.singletonList(resInfo));
|
.thenReturn(Collections.singletonList(resInfo));
|
||||||
|
|
||||||
// null package name should return false
|
// null package name should return false
|
||||||
assertFalse(vpn.isAlwaysOnPackageSupported(null));
|
assertFalse(vpn.isAlwaysOnPackageSupported(null, mKeyStore));
|
||||||
|
|
||||||
// Pre-N apps are not supported
|
// Pre-N apps are not supported
|
||||||
appInfo.targetSdkVersion = VERSION_CODES.M;
|
appInfo.targetSdkVersion = VERSION_CODES.M;
|
||||||
assertFalse(vpn.isAlwaysOnPackageSupported(PKGS[0]));
|
assertFalse(vpn.isAlwaysOnPackageSupported(PKGS[0], mKeyStore));
|
||||||
|
|
||||||
// N+ apps are supported by default
|
// N+ apps are supported by default
|
||||||
appInfo.targetSdkVersion = VERSION_CODES.N;
|
appInfo.targetSdkVersion = VERSION_CODES.N;
|
||||||
assertTrue(vpn.isAlwaysOnPackageSupported(PKGS[0]));
|
assertTrue(vpn.isAlwaysOnPackageSupported(PKGS[0], mKeyStore));
|
||||||
|
|
||||||
// Apps that opt out explicitly are not supported
|
// Apps that opt out explicitly are not supported
|
||||||
appInfo.targetSdkVersion = VERSION_CODES.CUR_DEVELOPMENT;
|
appInfo.targetSdkVersion = VERSION_CODES.CUR_DEVELOPMENT;
|
||||||
Bundle metaData = new Bundle();
|
Bundle metaData = new Bundle();
|
||||||
metaData.putBoolean(VpnService.SERVICE_META_DATA_SUPPORTS_ALWAYS_ON, false);
|
metaData.putBoolean(VpnService.SERVICE_META_DATA_SUPPORTS_ALWAYS_ON, false);
|
||||||
svcInfo.metaData = metaData;
|
svcInfo.metaData = metaData;
|
||||||
assertFalse(vpn.isAlwaysOnPackageSupported(PKGS[0]));
|
assertFalse(vpn.isAlwaysOnPackageSupported(PKGS[0], mKeyStore));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -531,7 +537,7 @@ public class VpnTest {
|
|||||||
.cancelAsUser(anyString(), anyInt(), eq(userHandle));
|
.cancelAsUser(anyString(), anyInt(), eq(userHandle));
|
||||||
|
|
||||||
// Start showing a notification for disconnected once always-on.
|
// Start showing a notification for disconnected once always-on.
|
||||||
vpn.setAlwaysOnPackage(PKGS[0], false, null);
|
vpn.setAlwaysOnPackage(PKGS[0], false, null, mKeyStore);
|
||||||
order.verify(mNotificationManager)
|
order.verify(mNotificationManager)
|
||||||
.notifyAsUser(anyString(), anyInt(), any(), eq(userHandle));
|
.notifyAsUser(anyString(), anyInt(), any(), eq(userHandle));
|
||||||
|
|
||||||
@@ -545,7 +551,7 @@ public class VpnTest {
|
|||||||
.notifyAsUser(anyString(), anyInt(), any(), eq(userHandle));
|
.notifyAsUser(anyString(), anyInt(), any(), eq(userHandle));
|
||||||
|
|
||||||
// Notification should be cleared after unsetting always-on package.
|
// Notification should be cleared after unsetting always-on package.
|
||||||
vpn.setAlwaysOnPackage(null, false, null);
|
vpn.setAlwaysOnPackage(null, false, null, mKeyStore);
|
||||||
order.verify(mNotificationManager).cancelAsUser(anyString(), anyInt(), eq(userHandle));
|
order.verify(mNotificationManager).cancelAsUser(anyString(), anyInt(), eq(userHandle));
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -920,12 +926,48 @@ public class VpnTest {
|
|||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void setAndVerifyAlwaysOnPackage(Vpn vpn, int uid, boolean lockdownEnabled) {
|
||||||
|
assertTrue(vpn.setAlwaysOnPackage(TEST_VPN_PKG, lockdownEnabled, null, mKeyStore));
|
||||||
|
|
||||||
|
verify(mKeyStore).get(eq(vpn.getProfileNameForPackage(TEST_VPN_PKG)));
|
||||||
|
verify(mAppOps).setMode(
|
||||||
|
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN), eq(uid), eq(TEST_VPN_PKG),
|
||||||
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
|
|
||||||
|
verify(mSystemServices).settingsSecurePutStringForUser(
|
||||||
|
eq(Settings.Secure.ALWAYS_ON_VPN_APP), eq(TEST_VPN_PKG), eq(primaryUser.id));
|
||||||
|
verify(mSystemServices).settingsSecurePutIntForUser(
|
||||||
|
eq(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN), eq(lockdownEnabled ? 1 : 0),
|
||||||
|
eq(primaryUser.id));
|
||||||
|
verify(mSystemServices).settingsSecurePutStringForUser(
|
||||||
|
eq(Settings.Secure.ALWAYS_ON_VPN_LOCKDOWN_WHITELIST), eq(""), eq(primaryUser.id));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testSetAndStartAlwaysOnVpn() throws Exception {
|
||||||
|
final Vpn vpn = createVpn(primaryUser.id);
|
||||||
|
setMockedUsers(primaryUser);
|
||||||
|
|
||||||
|
// UID checks must return a different UID; otherwise it'll be treated as already prepared.
|
||||||
|
final int uid = Process.myUid() + 1;
|
||||||
|
when(mPackageManager.getPackageUidAsUser(eq(TEST_VPN_PKG), anyInt()))
|
||||||
|
.thenReturn(uid);
|
||||||
|
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
|
.thenReturn(mVpnProfile.encode());
|
||||||
|
|
||||||
|
setAndVerifyAlwaysOnPackage(vpn, uid, false);
|
||||||
|
assertTrue(vpn.startAlwaysOnVpn(mKeyStore));
|
||||||
|
|
||||||
|
// TODO: Test the Ikev2VpnRunner started up properly. Relies on utility methods added in
|
||||||
|
// a subsequent CL.
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Mock some methods of vpn object.
|
* Mock some methods of vpn object.
|
||||||
*/
|
*/
|
||||||
private Vpn createVpn(@UserIdInt int userId) {
|
private Vpn createVpn(@UserIdInt int userId) {
|
||||||
return new Vpn(Looper.myLooper(), mContext, mNetService,
|
return new Vpn(Looper.myLooper(), mContext, mNetService,
|
||||||
userId, mSystemServices, mIkev2SessionCreator);
|
userId, mKeyStore, mSystemServices, mIkev2SessionCreator);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void assertBlocked(Vpn vpn, int... uids) {
|
private static void assertBlocked(Vpn vpn, int... uids) {
|
||||||
|
|||||||
Reference in New Issue
Block a user