Accept both pre-S and post-S errors in getConnectionOwnerUid.

On R and below, when an app that is not the active VPN app calls getConnectionOwnerUid, a SecurityException is thrown. On S and above, the method just returns INVALID_UID, which is what would happen if the app was the active VPN app but was not authorized to find that particular socket. Accept both behaviours. Bug: 173331190 Test: atest HostsideVpnTests#testGetConnectionOwnerUidSecurity passes on R and S Change-Id: Ie6de2ef505b0d7bc253c55215a698aeaa210785c
2021-02-04 13:14:16 +09:00
parent e9aeb3c1c5
commit 98d23e7d02
1 changed files with 5 additions and 2 deletions
--- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
@@ -829,8 +829,11 @@ public class VpnTest extends InstrumentationTestCase {
        InetSocketAddress rem = new InetSocketAddress(s.getInetAddress(), s.getPort());
        try {
            int uid = mCM.getConnectionOwnerUid(OsConstants.IPPROTO_TCP, loc, rem);
-            fail("Only an active VPN app may call this API.");
-        } catch (SecurityException expected) {
+            assertEquals("Only an active VPN app should see connection information",
+                    INVALID_UID, uid);
+        } catch (SecurityException acceptable) {
+            // R and below throw SecurityException if a non-active VPN calls this method.
+            // As long as we can't actually get socket information, either behaviour is fine.
            return;
        }
    }