From b807dd8884af3d8cfc4498972e6c71be8ed67566 Mon Sep 17 00:00:00 2001
From: Chalard Jean <jchalard@google.com>
Date: Thu, 23 May 2019 18:30:38 +0900
Subject: [PATCH] Let the system server have
 CONNECTIVITY_USE_RESTRICTED_NETWORKS.

Also :
- Fix testUidFilteringDuringVpnConnectDisconnectAndUidUpdates that
  was failing on devices with a first released SDK >= Q
- Add a test actually tests that the system has the permission, as
  the test was only testing what's in the mock

Bug: 119770201
Test: New test making sure this stays true
Change-Id: I74cf5f0fa17fcf818f1fed78c7e3e4375c20152e
---
 .../connectivity/PermissionMonitorTest.java   | 20 +++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java b/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
index df1f57f7a0..cd2bd26ef4 100644
--- a/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
+++ b/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
@@ -65,6 +65,7 @@ import android.os.UserHandle;
 import android.os.UserManager;
 import android.util.SparseIntArray;
 
+import androidx.test.InstrumentationRegistry;
 import androidx.test.filters.SmallTest;
 import androidx.test.runner.AndroidJUnit4;
 
@@ -96,6 +97,7 @@ public class PermissionMonitorTest {
     private static final int SYSTEM_UID1 = 1000;
     private static final int SYSTEM_UID2 = 1008;
     private static final int VPN_UID = 10002;
+    private static final String REAL_SYSTEM_PACKAGE_NAME = "android";
     private static final String MOCK_PACKAGE1 = "appName1";
     private static final String MOCK_PACKAGE2 = "appName2";
     private static final String SYSTEM_PACKAGE1 = "sysName1";
@@ -188,8 +190,10 @@ public class PermissionMonitorTest {
     private static PackageInfo buildPackageInfo(boolean hasSystemPermission, int uid, int userId) {
         final PackageInfo pkgInfo;
         if (hasSystemPermission) {
-            pkgInfo = packageInfoWithPermissions(new String[] {CHANGE_NETWORK_STATE, NETWORK_STACK},
-                    PARTITION_SYSTEM);
+            final String[] systemPermissions = new String[]{
+                    CHANGE_NETWORK_STATE, NETWORK_STACK, CONNECTIVITY_USE_RESTRICTED_NETWORKS
+            };
+            pkgInfo = packageInfoWithPermissions(systemPermissions, PARTITION_SYSTEM);
         } else {
             pkgInfo = packageInfoWithPermissions(new String[] {}, "");
         }
@@ -646,4 +650,16 @@ public class PermissionMonitorTest {
         mObserver.onPackageRemoved(MOCK_PACKAGE1, MOCK_UID1);
         mNetdServiceMonitor.expectPermission(INetd.PERMISSION_INTERNET, new int[]{MOCK_UID1});
     }
+
+    @Test
+    public void testRealSystemPermission() throws Exception {
+        // Use the real context as this test must ensure the *real* system package holds the
+        // necessary permission.
+        final Context realContext = InstrumentationRegistry.getContext();
+        final PermissionMonitor monitor = new PermissionMonitor(realContext, mNetdService);
+        final PackageManager manager = realContext.getPackageManager();
+        final PackageInfo systemInfo = manager.getPackageInfo(REAL_SYSTEM_PACKAGE_NAME,
+                GET_PERMISSIONS | MATCH_ANY_USER);
+        assertTrue(monitor.hasPermission(systemInfo, CONNECTIVITY_USE_RESTRICTED_NETWORKS));
+    }
 }