LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accept both pre-S and post-S errors in getConnectionOwnerUid.

Browse Source 
On R and below, when an app that is not the active VPN app calls
getConnectionOwnerUid, a SecurityException is thrown. On S and
above, the method just returns INVALID_UID, which is what would
happen if the app was the active VPN app but was not authorized
to find that particular socket.

Accept both behaviours.

Bug: 173331190
Test: atest HostsideVpnTests#testGetConnectionOwnerUidSecurity passes on R and S
Change-Id: Ie6de2ef505b0d7bc253c55215a698aeaa210785c
This commit is contained in:
Lorenzo Colitti
2021-02-04 13:14:16 +09:00
parent e9aeb3c1c5
commit 98d23e7d02
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
View File

@@ -829,8 +829,11 @@ public class VpnTest extends InstrumentationTestCase {
InetSocketAddress rem = new InetSocketAddress(s.getInetAddress(), s.getPort()); InetSocketAddress rem = new InetSocketAddress(s.getInetAddress(), s.getPort());
try { try {
int uid = mCM.getConnectionOwnerUid(OsConstants.IPPROTO_TCP, loc, rem); int uid = mCM.getConnectionOwnerUid(OsConstants.IPPROTO_TCP, loc, rem);
fail("Only an active VPN app may call this API."); assertEquals("Only an active VPN app should see connection information",
} catch (SecurityException expected) { INVALID_UID, uid);
} catch (SecurityException acceptable) {
// R and below throw SecurityException if a non-active VPN calls this method.
// As long as we can't actually get socket information, either behaviour is fine.
return; return;
} }
} }