LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge changes Ic6ff7a3d,Iff9b9792

Browse Source 
* changes:
  Refactor code and improve tests for VPN filtering
  Remove LOCKDOWN from FirewallChain IntDef
This commit is contained in:
Motomu Utsumi
2022-06-16 01:32:20 +00:00
committed by Gerrit Code Review
parent 929368eb1a f8bd82cd67
commit 5d787feef0
11 changed files with 185 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
service/native/TrafficControllerTest.cpp
View File

@@ -218,7 +218,7 @@ class TrafficControllerTest : public ::testing::Test {
checkEachUidValue(uids, match);
}
void expectUidOwnerMapValues(const std::vector<uint32_t>& appUids, uint8_t expectedRule,
void expectUidOwnerMapValues(const std::vector<uint32_t>& appUids, uint32_t expectedRule,
uint32_t expectedIif) {
for (uint32_t uid : appUids) {
Result<UidOwnerValue> value = mFakeUidOwnerMap.readValue(uid);
@@ -407,7 +407,6 @@ TEST_F(TrafficControllerTest, TestChangeUidOwnerRule) {
checkUidOwnerRuleForChain(POWERSAVE, POWERSAVE_MATCH);
checkUidOwnerRuleForChain(RESTRICTED, RESTRICTED_MATCH);
checkUidOwnerRuleForChain(LOW_POWER_STANDBY, LOW_POWER_STANDBY_MATCH);
checkUidOwnerRuleForChain(LOCKDOWN, LOCKDOWN_VPN_MATCH);
checkUidOwnerRuleForChain(OEM_DENY_1, OEM_DENY_1_MATCH);
checkUidOwnerRuleForChain(OEM_DENY_2, OEM_DENY_2_MATCH);
checkUidOwnerRuleForChain(OEM_DENY_3, OEM_DENY_3_MATCH);
@@ -539,6 +538,21 @@ TEST_F(TrafficControllerTest, TestRemoveUidInterfaceFilteringRules) {
expectMapEmpty(mFakeUidOwnerMap);
}
TEST_F(TrafficControllerTest, TestUpdateUidLockdownRule) {
// Add Lockdown rules
ASSERT_TRUE(isOk(mTc.updateUidLockdownRule(1000, true /* add */)));
ASSERT_TRUE(isOk(mTc.updateUidLockdownRule(1001, true /* add */)));
expectUidOwnerMapValues({1000, 1001}, LOCKDOWN_VPN_MATCH, 0);
// Remove one of Lockdown rules
ASSERT_TRUE(isOk(mTc.updateUidLockdownRule(1000, false /* add */)));
expectUidOwnerMapValues({1001}, LOCKDOWN_VPN_MATCH, 0);
// Remove remaining Lockdown rule
ASSERT_TRUE(isOk(mTc.updateUidLockdownRule(1001, false /* add */)));
expectMapEmpty(mFakeUidOwnerMap);
}
TEST_F(TrafficControllerTest, TestUidInterfaceFilteringRulesCoexistWithExistingMatches) {
// Set up existing PENALTY_BOX_MATCH rules
ASSERT_TRUE(isOk(updateUidOwnerMaps({1000, 1001, 10012}, PENALTY_BOX_MATCH,
@@ -885,7 +899,6 @@ TEST_F(TrafficControllerTest, getFirewallType) {
{POWERSAVE, ALLOWLIST},
{RESTRICTED, ALLOWLIST},
{LOW_POWER_STANDBY, ALLOWLIST},
{LOCKDOWN, DENYLIST},
{OEM_DENY_1, DENYLIST},
{OEM_DENY_2, DENYLIST},
{OEM_DENY_3, DENYLIST},