From 98d23e7d02f519c413cc1b56ba907f20cfec582e Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Thu, 4 Feb 2021 13:14:16 +0900 Subject: [PATCH] Accept both pre-S and post-S errors in getConnectionOwnerUid. On R and below, when an app that is not the active VPN app calls getConnectionOwnerUid, a SecurityException is thrown. On S and above, the method just returns INVALID_UID, which is what would happen if the app was the active VPN app but was not authorized to find that particular socket. Accept both behaviours. Bug: 173331190 Test: atest HostsideVpnTests#testGetConnectionOwnerUidSecurity passes on R and S Change-Id: Ie6de2ef505b0d7bc253c55215a698aeaa210785c --- .../app/src/com/android/cts/net/hostside/VpnTest.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java index a5efe0c507..4668ba3670 100755 --- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java +++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java @@ -829,8 +829,11 @@ public class VpnTest extends InstrumentationTestCase { InetSocketAddress rem = new InetSocketAddress(s.getInetAddress(), s.getPort()); try { int uid = mCM.getConnectionOwnerUid(OsConstants.IPPROTO_TCP, loc, rem); - fail("Only an active VPN app may call this API."); - } catch (SecurityException expected) { + assertEquals("Only an active VPN app should see connection information", + INVALID_UID, uid); + } catch (SecurityException acceptable) { + // R and below throw SecurityException if a non-active VPN calls this method. + // As long as we can't actually get socket information, either behaviour is fine. return; } }