Merge "Replace AppOpsManager @hide APIs" am: 55f45703ad
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1469126 Change-Id: I6222db7e8f966d7df17de9c46b5e26e715ecccf2
This commit is contained in:
Paul Hu
@@ -241,7 +241,7 @@ public class VpnTest {
|
|||||||
doNothing().when(mNetService).registerObserver(any());
|
doNothing().when(mNetService).registerObserver(any());
|
||||||
|
|
||||||
// Deny all appops by default.
|
// Deny all appops by default.
|
||||||
when(mAppOps.noteOpNoThrow(anyInt(), anyInt(), anyString()))
|
when(mAppOps.noteOpNoThrow(anyString(), anyInt(), anyString(), any(), any()))
|
||||||
.thenReturn(AppOpsManager.MODE_IGNORED);
|
.thenReturn(AppOpsManager.MODE_IGNORED);
|
||||||
|
|
||||||
// Setup IpSecService
|
// Setup IpSecService
|
||||||
@@ -729,26 +729,27 @@ public class VpnTest {
|
|||||||
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
||||||
}
|
}
|
||||||
|
|
||||||
private Vpn createVpnAndSetupUidChecks(int... grantedOps) throws Exception {
|
private Vpn createVpnAndSetupUidChecks(String... grantedOps) throws Exception {
|
||||||
return createVpnAndSetupUidChecks(primaryUser, grantedOps);
|
return createVpnAndSetupUidChecks(primaryUser, grantedOps);
|
||||||
}
|
}
|
||||||
|
|
||||||
private Vpn createVpnAndSetupUidChecks(UserInfo user, int... grantedOps) throws Exception {
|
private Vpn createVpnAndSetupUidChecks(UserInfo user, String... grantedOps) throws Exception {
|
||||||
final Vpn vpn = createVpn(user.id);
|
final Vpn vpn = createVpn(user.id);
|
||||||
setMockedUsers(user);
|
setMockedUsers(user);
|
||||||
|
|
||||||
when(mPackageManager.getPackageUidAsUser(eq(TEST_VPN_PKG), anyInt()))
|
when(mPackageManager.getPackageUidAsUser(eq(TEST_VPN_PKG), anyInt()))
|
||||||
.thenReturn(Process.myUid());
|
.thenReturn(Process.myUid());
|
||||||
|
|
||||||
for (final int op : grantedOps) {
|
for (final String opStr : grantedOps) {
|
||||||
when(mAppOps.noteOpNoThrow(op, Process.myUid(), TEST_VPN_PKG))
|
when(mAppOps.noteOpNoThrow(opStr, Process.myUid(), TEST_VPN_PKG,
|
||||||
|
null /* attributionTag */, null /* message */))
|
||||||
.thenReturn(AppOpsManager.MODE_ALLOWED);
|
.thenReturn(AppOpsManager.MODE_ALLOWED);
|
||||||
}
|
}
|
||||||
|
|
||||||
return vpn;
|
return vpn;
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkProvisionVpnProfile(Vpn vpn, boolean expectedResult, int... checkedOps) {
|
private void checkProvisionVpnProfile(Vpn vpn, boolean expectedResult, String... checkedOps) {
|
||||||
assertEquals(expectedResult, vpn.provisionVpnProfile(TEST_VPN_PKG, mVpnProfile, mKeyStore));
|
assertEquals(expectedResult, vpn.provisionVpnProfile(TEST_VPN_PKG, mVpnProfile, mKeyStore));
|
||||||
|
|
||||||
// The profile should always be stored, whether or not consent has been previously granted.
|
// The profile should always be stored, whether or not consent has been previously granted.
|
||||||
@@ -759,8 +760,9 @@ public class VpnTest {
|
|||||||
eq(Process.SYSTEM_UID),
|
eq(Process.SYSTEM_UID),
|
||||||
eq(0));
|
eq(0));
|
||||||
|
|
||||||
for (final int checkedOp : checkedOps) {
|
for (final String checkedOpStr : checkedOps) {
|
||||||
verify(mAppOps).noteOpNoThrow(checkedOp, Process.myUid(), TEST_VPN_PKG);
|
verify(mAppOps).noteOpNoThrow(checkedOpStr, Process.myUid(), TEST_VPN_PKG,
|
||||||
|
null /* attributionTag */, null /* message */);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -768,11 +770,11 @@ public class VpnTest {
|
|||||||
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
|
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
|
||||||
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
|
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
|
||||||
.thenReturn(false);
|
.thenReturn(false);
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
checkProvisionVpnProfile(
|
checkProvisionVpnProfile(
|
||||||
vpn, true /* expectedResult */, AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
fail("Expected exception due to missing feature");
|
fail("Expected exception due to missing feature");
|
||||||
} catch (UnsupportedOperationException expected) {
|
} catch (UnsupportedOperationException expected) {
|
||||||
}
|
}
|
||||||
@@ -780,10 +782,10 @@ public class VpnTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfilePreconsented() throws Exception {
|
public void testProvisionVpnProfilePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
checkProvisionVpnProfile(
|
checkProvisionVpnProfile(
|
||||||
vpn, true /* expectedResult */, AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -793,19 +795,19 @@ public class VpnTest {
|
|||||||
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
|
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
|
||||||
// had neither.
|
// had neither.
|
||||||
checkProvisionVpnProfile(vpn, false /* expectedResult */,
|
checkProvisionVpnProfile(vpn, false /* expectedResult */,
|
||||||
AppOpsManager.OP_ACTIVATE_PLATFORM_VPN, AppOpsManager.OP_ACTIVATE_VPN);
|
AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
|
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
|
|
||||||
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OP_ACTIVATE_VPN);
|
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testProvisionVpnProfileTooLarge() throws Exception {
|
public void testProvisionVpnProfileTooLarge() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
final VpnProfile bigProfile = new VpnProfile("");
|
final VpnProfile bigProfile = new VpnProfile("");
|
||||||
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
|
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
|
||||||
@@ -821,7 +823,7 @@ public class VpnTest {
|
|||||||
public void testProvisionVpnProfileRestrictedUser() throws Exception {
|
public void testProvisionVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpnAndSetupUidChecks(
|
||||||
restrictedProfileA, AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
restrictedProfileA, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.provisionVpnProfile(TEST_VPN_PKG, mVpnProfile, mKeyStore);
|
vpn.provisionVpnProfile(TEST_VPN_PKG, mVpnProfile, mKeyStore);
|
||||||
@@ -844,7 +846,7 @@ public class VpnTest {
|
|||||||
public void testDeleteVpnProfileRestrictedUser() throws Exception {
|
public void testDeleteVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpnAndSetupUidChecks(
|
||||||
restrictedProfileA, AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
restrictedProfileA, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.deleteVpnProfile(TEST_VPN_PKG, mKeyStore);
|
vpn.deleteVpnProfile(TEST_VPN_PKG, mKeyStore);
|
||||||
@@ -867,7 +869,7 @@ public class VpnTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfile() throws Exception {
|
public void testStartVpnProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
@@ -877,14 +879,16 @@ public class VpnTest {
|
|||||||
verify(mKeyStore).get(eq(vpn.getProfileNameForPackage(TEST_VPN_PKG)));
|
verify(mKeyStore).get(eq(vpn.getProfileNameForPackage(TEST_VPN_PKG)));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.noteOpNoThrow(
|
.noteOpNoThrow(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG));
|
eq(TEST_VPN_PKG),
|
||||||
|
eq(null) /* attributionTag */,
|
||||||
|
eq(null) /* message */);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
|
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
|
||||||
|
|
||||||
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
|
||||||
.thenReturn(mVpnProfile.encode());
|
.thenReturn(mVpnProfile.encode());
|
||||||
@@ -892,7 +896,8 @@ public class VpnTest {
|
|||||||
vpn.startVpnProfile(TEST_VPN_PKG, mKeyStore);
|
vpn.startVpnProfile(TEST_VPN_PKG, mKeyStore);
|
||||||
|
|
||||||
// Verify that the the ACTIVATE_VPN appop was checked, but no error was thrown.
|
// Verify that the the ACTIVATE_VPN appop was checked, but no error was thrown.
|
||||||
verify(mAppOps).noteOpNoThrow(AppOpsManager.OP_ACTIVATE_VPN, Process.myUid(), TEST_VPN_PKG);
|
verify(mAppOps).noteOpNoThrow(AppOpsManager.OPSTR_ACTIVATE_VPN, Process.myUid(),
|
||||||
|
TEST_VPN_PKG, null /* attributionTag */, null /* message */);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
@@ -908,10 +913,13 @@ public class VpnTest {
|
|||||||
// Verify both appops were checked.
|
// Verify both appops were checked.
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.noteOpNoThrow(
|
.noteOpNoThrow(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG));
|
eq(TEST_VPN_PKG),
|
||||||
verify(mAppOps).noteOpNoThrow(AppOpsManager.OP_ACTIVATE_VPN, Process.myUid(), TEST_VPN_PKG);
|
eq(null) /* attributionTag */,
|
||||||
|
eq(null) /* message */);
|
||||||
|
verify(mAppOps).noteOpNoThrow(AppOpsManager.OPSTR_ACTIVATE_VPN, Process.myUid(),
|
||||||
|
TEST_VPN_PKG, null /* attributionTag */, null /* message */);
|
||||||
|
|
||||||
// Keystore should never have been accessed.
|
// Keystore should never have been accessed.
|
||||||
verify(mKeyStore, never()).get(any());
|
verify(mKeyStore, never()).get(any());
|
||||||
@@ -919,7 +927,7 @@ public class VpnTest {
|
|||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileMissingProfile() throws Exception {
|
public void testStartVpnProfileMissingProfile() throws Exception {
|
||||||
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
|
when(mKeyStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
|
||||||
|
|
||||||
@@ -932,16 +940,18 @@ public class VpnTest {
|
|||||||
verify(mKeyStore).get(vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
verify(mKeyStore).get(vpn.getProfileNameForPackage(TEST_VPN_PKG));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.noteOpNoThrow(
|
.noteOpNoThrow(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG));
|
eq(TEST_VPN_PKG),
|
||||||
|
eq(null) /* attributionTag */,
|
||||||
|
eq(null) /* message */);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testStartVpnProfileRestrictedUser() throws Exception {
|
public void testStartVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpnAndSetupUidChecks(
|
||||||
restrictedProfileA, AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
restrictedProfileA, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.startVpnProfile(TEST_VPN_PKG, mKeyStore);
|
vpn.startVpnProfile(TEST_VPN_PKG, mKeyStore);
|
||||||
@@ -954,7 +964,7 @@ public class VpnTest {
|
|||||||
public void testStopVpnProfileRestrictedUser() throws Exception {
|
public void testStopVpnProfileRestrictedUser() throws Exception {
|
||||||
final Vpn vpn =
|
final Vpn vpn =
|
||||||
createVpnAndSetupUidChecks(
|
createVpnAndSetupUidChecks(
|
||||||
restrictedProfileA, AppOpsManager.OP_ACTIVATE_PLATFORM_VPN);
|
restrictedProfileA, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
vpn.stopVpnProfile(TEST_VPN_PKG);
|
vpn.stopVpnProfile(TEST_VPN_PKG);
|
||||||
@@ -970,7 +980,7 @@ public class VpnTest {
|
|||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
@@ -983,7 +993,7 @@ public class VpnTest {
|
|||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_PLATFORM));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_PLATFORM));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
@@ -996,13 +1006,13 @@ public class VpnTest {
|
|||||||
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
|
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
verify(mAppOps)
|
verify(mAppOps)
|
||||||
.setMode(
|
.setMode(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
|
||||||
eq(Process.myUid()),
|
eq(Process.myUid()),
|
||||||
eq(TEST_VPN_PKG),
|
eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_IGNORED));
|
eq(AppOpsManager.MODE_IGNORED));
|
||||||
@@ -1059,7 +1069,7 @@ public class VpnTest {
|
|||||||
|
|
||||||
verify(mKeyStore).get(eq(vpn.getProfileNameForPackage(TEST_VPN_PKG)));
|
verify(mKeyStore).get(eq(vpn.getProfileNameForPackage(TEST_VPN_PKG)));
|
||||||
verify(mAppOps).setMode(
|
verify(mAppOps).setMode(
|
||||||
eq(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN), eq(uid), eq(TEST_VPN_PKG),
|
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN), eq(uid), eq(TEST_VPN_PKG),
|
||||||
eq(AppOpsManager.MODE_ALLOWED));
|
eq(AppOpsManager.MODE_ALLOWED));
|
||||||
|
|
||||||
verify(mSystemServices).settingsSecurePutStringForUser(
|
verify(mSystemServices).settingsSecurePutStringForUser(
|
||||||
|
|||||||
Reference in New Issue
Block a user