Merge "Add checks around CONTROL_VPN permission during prepare()" am: 04f3dc871d am: e9c82f087a
Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2624812 Change-Id: I560ab0b7bf6818096d925ad974a0921b02f96859 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Cassie Wang
@@ -80,6 +80,7 @@ import static org.mockito.Mockito.doAnswer;
|
|||||||
import static org.mockito.Mockito.doCallRealMethod;
|
import static org.mockito.Mockito.doCallRealMethod;
|
||||||
import static org.mockito.Mockito.doNothing;
|
import static org.mockito.Mockito.doNothing;
|
||||||
import static org.mockito.Mockito.doReturn;
|
import static org.mockito.Mockito.doReturn;
|
||||||
|
import static org.mockito.Mockito.doThrow;
|
||||||
import static org.mockito.Mockito.inOrder;
|
import static org.mockito.Mockito.inOrder;
|
||||||
import static org.mockito.Mockito.mock;
|
import static org.mockito.Mockito.mock;
|
||||||
import static org.mockito.Mockito.never;
|
import static org.mockito.Mockito.never;
|
||||||
@@ -806,6 +807,32 @@ public class VpnTest extends VpnTestBase {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testPrepare_legacyVpnWithoutControlVpn()
|
||||||
|
throws Exception {
|
||||||
|
doThrow(new SecurityException("no CONTROL_VPN")).when(mContext)
|
||||||
|
.enforceCallingOrSelfPermission(eq(CONTROL_VPN), any());
|
||||||
|
final Vpn vpn = createVpn();
|
||||||
|
assertThrows(SecurityException.class,
|
||||||
|
() -> vpn.prepare(null, VpnConfig.LEGACY_VPN, VpnManager.TYPE_VPN_SERVICE));
|
||||||
|
|
||||||
|
// CONTROL_VPN can be held by the caller or another system server process - both are
|
||||||
|
// allowed. Just checking for `enforceCallingPermission` may not be sufficient.
|
||||||
|
verify(mContext, never()).enforceCallingPermission(eq(CONTROL_VPN), any());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testPrepare_legacyVpnWithControlVpn()
|
||||||
|
throws Exception {
|
||||||
|
doNothing().when(mContext).enforceCallingOrSelfPermission(eq(CONTROL_VPN), any());
|
||||||
|
final Vpn vpn = createVpn();
|
||||||
|
assertTrue(vpn.prepare(null, VpnConfig.LEGACY_VPN, VpnManager.TYPE_VPN_SERVICE));
|
||||||
|
|
||||||
|
// CONTROL_VPN can be held by the caller or another system server process - both are
|
||||||
|
// allowed. Just checking for `enforceCallingPermission` may not be sufficient.
|
||||||
|
verify(mContext, never()).enforceCallingPermission(eq(CONTROL_VPN), any());
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testIsAlwaysOnPackageSupported() throws Exception {
|
public void testIsAlwaysOnPackageSupported() throws Exception {
|
||||||
final Vpn vpn = createVpn(PRIMARY_USER.id);
|
final Vpn vpn = createVpn(PRIMARY_USER.id);
|
||||||
|
|||||||
Reference in New Issue
Block a user