Revert "Replace the usage of UidRange"
Revert "Add shims for NetworkRequest" Revert submission 1626206-replaceUidRange Reason for revert: Breaking build - b/183106405 Reverted Changes: I0b79c73e8:Add shims for NetworkRequest I4bc0daf5a:Replace the usage of UidRange I4e5aec6ef:Replace the usage of UidRange I107c329d4:Expose uids related APIs in NetworkRequest and Net... Change-Id: I6290429db1c8e787f8138b55b98fd92a74ac6402
This commit is contained in:
Anthony Stange
@@ -266,7 +266,6 @@ import android.text.TextUtils;
|
||||
import android.util.ArraySet;
|
||||
import android.util.Log;
|
||||
import android.util.Pair;
|
||||
import android.util.Range;
|
||||
import android.util.SparseArray;
|
||||
|
||||
import androidx.test.InstrumentationRegistry;
|
||||
@@ -1159,7 +1158,7 @@ public class ConnectivityServiceTest {
|
||||
}
|
||||
|
||||
public void setUids(Set<UidRange> uids) {
|
||||
mNetworkCapabilities.setUids(UidRange.toIntRanges(uids));
|
||||
mNetworkCapabilities.setUids(uids);
|
||||
if (mAgentRegistered) {
|
||||
mMockNetworkAgent.setNetworkCapabilities(mNetworkCapabilities, true);
|
||||
}
|
||||
@@ -1464,8 +1463,6 @@ public class ConnectivityServiceTest {
|
||||
}
|
||||
|
||||
private static final int PRIMARY_USER = 0;
|
||||
private static final UidRange PRIMARY_UIDRANGE =
|
||||
UidRange.createForUser(UserHandle.of(PRIMARY_USER));
|
||||
private static final int APP1_UID = UserHandle.getUid(PRIMARY_USER, 10100);
|
||||
private static final int APP2_UID = UserHandle.getUid(PRIMARY_USER, 10101);
|
||||
private static final int VPN_UID = UserHandle.getUid(PRIMARY_USER, 10043);
|
||||
@@ -6947,7 +6944,7 @@ public class ConnectivityServiceTest {
|
||||
final int uid = Process.myUid();
|
||||
NetworkCapabilities nc = mCm.getNetworkCapabilities(mMockVpn.getNetwork());
|
||||
assertNotNull("nc=" + nc, nc.getUids());
|
||||
assertEquals(nc.getUids(), UidRange.toIntRanges(uidRangesForUids(uid)));
|
||||
assertEquals(nc.getUids(), uidRangesForUids(uid));
|
||||
assertVpnTransportInfo(nc, VpnManager.TYPE_VPN_SERVICE);
|
||||
|
||||
// Set an underlying network and expect to see the VPN transports change.
|
||||
@@ -6972,13 +6969,10 @@ public class ConnectivityServiceTest {
|
||||
|
||||
// Expect that the VPN UID ranges contain both |uid| and the UID range for the newly-added
|
||||
// restricted user.
|
||||
final UidRange rRange = UidRange.createForUser(UserHandle.of(RESTRICTED_USER));
|
||||
final Range<Integer> restrictUidRange = new Range<Integer>(rRange.start, rRange.stop);
|
||||
final Range<Integer> singleUidRange = new Range<Integer>(uid, uid);
|
||||
callback.expectCapabilitiesThat(mMockVpn, (caps)
|
||||
-> caps.getUids().size() == 2
|
||||
&& caps.getUids().contains(singleUidRange)
|
||||
&& caps.getUids().contains(restrictUidRange)
|
||||
&& caps.getUids().contains(new UidRange(uid, uid))
|
||||
&& caps.getUids().contains(createUidRange(RESTRICTED_USER))
|
||||
&& caps.hasTransport(TRANSPORT_VPN)
|
||||
&& caps.hasTransport(TRANSPORT_WIFI));
|
||||
|
||||
@@ -6987,8 +6981,8 @@ public class ConnectivityServiceTest {
|
||||
callback.expectCallback(CallbackEntry.LOST, mWiFiNetworkAgent);
|
||||
callback.expectCapabilitiesThat(mMockVpn, (caps)
|
||||
-> caps.getUids().size() == 2
|
||||
&& caps.getUids().contains(singleUidRange)
|
||||
&& caps.getUids().contains(restrictUidRange)
|
||||
&& caps.getUids().contains(new UidRange(uid, uid))
|
||||
&& caps.getUids().contains(createUidRange(RESTRICTED_USER))
|
||||
&& caps.hasTransport(TRANSPORT_VPN)
|
||||
&& !caps.hasTransport(TRANSPORT_WIFI));
|
||||
|
||||
@@ -7002,7 +6996,7 @@ public class ConnectivityServiceTest {
|
||||
// change made just before that (i.e., loss of TRANSPORT_WIFI) is preserved.
|
||||
callback.expectCapabilitiesThat(mMockVpn, (caps)
|
||||
-> caps.getUids().size() == 1
|
||||
&& caps.getUids().contains(singleUidRange)
|
||||
&& caps.getUids().contains(new UidRange(uid, uid))
|
||||
&& caps.hasTransport(TRANSPORT_VPN)
|
||||
&& !caps.hasTransport(TRANSPORT_WIFI));
|
||||
}
|
||||
@@ -7660,7 +7654,7 @@ public class ConnectivityServiceTest {
|
||||
assertNotNull(underlying);
|
||||
mMockVpn.setVpnType(VpnManager.TYPE_VPN_LEGACY);
|
||||
// The legacy lockdown VPN only supports userId 0.
|
||||
final Set<UidRange> ranges = Collections.singleton(PRIMARY_UIDRANGE);
|
||||
final Set<UidRange> ranges = Collections.singleton(createUidRange(PRIMARY_USER));
|
||||
mMockVpn.registerAgent(ranges);
|
||||
mMockVpn.setUnderlyingNetworks(new Network[]{underlying});
|
||||
mMockVpn.connect(true);
|
||||
@@ -8622,7 +8616,7 @@ public class ConnectivityServiceTest {
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), RTN_UNREACHABLE));
|
||||
// The uid range needs to cover the test app so the network is visible to it.
|
||||
final Set<UidRange> vpnRange = Collections.singleton(PRIMARY_UIDRANGE);
|
||||
final Set<UidRange> vpnRange = Collections.singleton(createUidRange(PRIMARY_USER));
|
||||
mMockVpn.establish(lp, VPN_UID, vpnRange);
|
||||
assertVpnUidRangesUpdated(true, vpnRange, VPN_UID);
|
||||
|
||||
@@ -8650,7 +8644,7 @@ public class ConnectivityServiceTest {
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
|
||||
// The uid range needs to cover the test app so the network is visible to it.
|
||||
final Set<UidRange> vpnRange = Collections.singleton(PRIMARY_UIDRANGE);
|
||||
final Set<UidRange> vpnRange = Collections.singleton(createUidRange(PRIMARY_USER));
|
||||
mMockVpn.establish(lp, Process.SYSTEM_UID, vpnRange);
|
||||
assertVpnUidRangesUpdated(true, vpnRange, Process.SYSTEM_UID);
|
||||
|
||||
@@ -8666,7 +8660,7 @@ public class ConnectivityServiceTest {
|
||||
lp.addRoute(new RouteInfo(new IpPrefix("192.0.2.0/24"), null, "tun0"));
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), RTN_UNREACHABLE));
|
||||
// The uid range needs to cover the test app so the network is visible to it.
|
||||
final Set<UidRange> vpnRange = Collections.singleton(PRIMARY_UIDRANGE);
|
||||
final Set<UidRange> vpnRange = Collections.singleton(createUidRange(PRIMARY_USER));
|
||||
mMockVpn.establish(lp, Process.SYSTEM_UID, vpnRange);
|
||||
assertVpnUidRangesUpdated(true, vpnRange, Process.SYSTEM_UID);
|
||||
|
||||
@@ -8681,7 +8675,7 @@ public class ConnectivityServiceTest {
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
|
||||
// The uid range needs to cover the test app so the network is visible to it.
|
||||
final Set<UidRange> vpnRange = Collections.singleton(PRIMARY_UIDRANGE);
|
||||
final Set<UidRange> vpnRange = Collections.singleton(createUidRange(PRIMARY_USER));
|
||||
mMockVpn.establish(lp, VPN_UID, vpnRange);
|
||||
assertVpnUidRangesUpdated(true, vpnRange, VPN_UID);
|
||||
|
||||
@@ -8733,7 +8727,7 @@ public class ConnectivityServiceTest {
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), RTN_UNREACHABLE));
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
|
||||
// The uid range needs to cover the test app so the network is visible to it.
|
||||
final UidRange vpnRange = PRIMARY_UIDRANGE;
|
||||
final UidRange vpnRange = createUidRange(PRIMARY_USER);
|
||||
final Set<UidRange> vpnRanges = Collections.singleton(vpnRange);
|
||||
mMockVpn.establish(lp, VPN_UID, vpnRanges);
|
||||
assertVpnUidRangesUpdated(true, vpnRanges, VPN_UID);
|
||||
@@ -9014,7 +9008,7 @@ public class ConnectivityServiceTest {
|
||||
|
||||
private void setupConnectionOwnerUid(int vpnOwnerUid, @VpnManager.VpnType int vpnType)
|
||||
throws Exception {
|
||||
final Set<UidRange> vpnRange = Collections.singleton(PRIMARY_UIDRANGE);
|
||||
final Set<UidRange> vpnRange = Collections.singleton(createUidRange(PRIMARY_USER));
|
||||
mMockVpn.setVpnType(vpnType);
|
||||
mMockVpn.establish(new LinkProperties(), vpnOwnerUid, vpnRange);
|
||||
assertVpnUidRangesUpdated(true, vpnRange, vpnOwnerUid);
|
||||
@@ -9574,7 +9568,7 @@ public class ConnectivityServiceTest {
|
||||
lp.setInterfaceName("tun0");
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null));
|
||||
lp.addRoute(new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null));
|
||||
final UidRange vpnRange = PRIMARY_UIDRANGE;
|
||||
final UidRange vpnRange = createUidRange(PRIMARY_USER);
|
||||
Set<UidRange> vpnRanges = Collections.singleton(vpnRange);
|
||||
mMockVpn.establish(lp, VPN_UID, vpnRanges);
|
||||
assertVpnUidRangesUpdated(true, vpnRanges, VPN_UID);
|
||||
@@ -9772,7 +9766,7 @@ public class ConnectivityServiceTest {
|
||||
.thenReturn(hasFeature);
|
||||
}
|
||||
|
||||
private Range<Integer> getNriFirstUidRange(
|
||||
private UidRange getNriFirstUidRange(
|
||||
@NonNull final ConnectivityService.NetworkRequestInfo nri) {
|
||||
return nri.mRequests.get(0).networkCapabilities.getUids().iterator().next();
|
||||
}
|
||||
@@ -9955,11 +9949,11 @@ public class ConnectivityServiceTest {
|
||||
pref));
|
||||
|
||||
// Sort by uid to access nris by index
|
||||
nris.sort(Comparator.comparingInt(nri -> getNriFirstUidRange(nri).getLower()));
|
||||
assertEquals(TEST_PACKAGE_UID, (int) getNriFirstUidRange(nris.get(0)).getLower());
|
||||
assertEquals(TEST_PACKAGE_UID, (int) getNriFirstUidRange(nris.get(0)).getUpper());
|
||||
assertEquals(testPackageNameUid2, (int) getNriFirstUidRange(nris.get(1)).getLower());
|
||||
assertEquals(testPackageNameUid2, (int) getNriFirstUidRange(nris.get(1)).getUpper());
|
||||
nris.sort(Comparator.comparingInt(nri -> getNriFirstUidRange(nri).start));
|
||||
assertEquals(TEST_PACKAGE_UID, getNriFirstUidRange(nris.get(0)).start);
|
||||
assertEquals(TEST_PACKAGE_UID, getNriFirstUidRange(nris.get(0)).stop);
|
||||
assertEquals(testPackageNameUid2, getNriFirstUidRange(nris.get(1)).start);
|
||||
assertEquals(testPackageNameUid2, getNriFirstUidRange(nris.get(1)).stop);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -9989,17 +9983,17 @@ public class ConnectivityServiceTest {
|
||||
// UIDs for all users and all managed packages should be present.
|
||||
// Two users each with two packages.
|
||||
final int expectedUidSize = 2;
|
||||
final List<Range<Integer>> uids =
|
||||
final List<UidRange> uids =
|
||||
new ArrayList<>(nris.get(0).mRequests.get(0).networkCapabilities.getUids());
|
||||
assertEquals(expectedUidSize, uids.size());
|
||||
|
||||
// Sort by uid to access nris by index
|
||||
uids.sort(Comparator.comparingInt(uid -> uid.getLower()));
|
||||
uids.sort(Comparator.comparingInt(uid -> uid.start));
|
||||
final int secondUserTestPackageUid = UserHandle.getUid(secondUser, TEST_PACKAGE_UID);
|
||||
assertEquals(TEST_PACKAGE_UID, (int) uids.get(0).getLower());
|
||||
assertEquals(TEST_PACKAGE_UID, (int) uids.get(0).getUpper());
|
||||
assertEquals(secondUserTestPackageUid, (int) uids.get(1).getLower());
|
||||
assertEquals(secondUserTestPackageUid, (int) uids.get(1).getUpper());
|
||||
assertEquals(TEST_PACKAGE_UID, uids.get(0).start);
|
||||
assertEquals(TEST_PACKAGE_UID, uids.get(0).stop);
|
||||
assertEquals(secondUserTestPackageUid, uids.get(1).start);
|
||||
assertEquals(secondUserTestPackageUid, uids.get(1).stop);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -23,7 +23,6 @@ import static android.content.pm.UserInfo.FLAG_RESTRICTED;
|
||||
import static android.net.ConnectivityManager.NetworkCallback;
|
||||
import static android.net.INetd.IF_STATE_DOWN;
|
||||
import static android.net.INetd.IF_STATE_UP;
|
||||
import static android.os.UserHandle.PER_USER_RANGE;
|
||||
|
||||
import static org.junit.Assert.assertArrayEquals;
|
||||
import static org.junit.Assert.assertEquals;
|
||||
@@ -75,6 +74,7 @@ import android.net.Network;
|
||||
import android.net.NetworkCapabilities;
|
||||
import android.net.NetworkInfo.DetailedState;
|
||||
import android.net.RouteInfo;
|
||||
import android.net.UidRange;
|
||||
import android.net.UidRangeParcel;
|
||||
import android.net.VpnManager;
|
||||
import android.net.VpnService;
|
||||
@@ -181,7 +181,8 @@ public class VpnTest {
|
||||
mPackages.put(PKGS[i], PKG_UIDS[i]);
|
||||
}
|
||||
}
|
||||
private static final Range<Integer> PRI_USER_RANGE = uidRangeForUser(primaryUser.id);
|
||||
private static final UidRange PRI_USER_RANGE =
|
||||
UidRange.createForUser(UserHandle.of(primaryUser.id));
|
||||
|
||||
@Mock(answer = Answers.RETURNS_DEEP_STUBS) private Context mContext;
|
||||
@Mock private UserManager mUserManager;
|
||||
@@ -259,21 +260,6 @@ public class VpnTest {
|
||||
.thenReturn(tunnelResp);
|
||||
}
|
||||
|
||||
private Set<Range<Integer>> rangeSet(Range<Integer> ... ranges) {
|
||||
final Set<Range<Integer>> range = new ArraySet<>();
|
||||
for (Range<Integer> r : ranges) range.add(r);
|
||||
|
||||
return range;
|
||||
}
|
||||
|
||||
private static Range<Integer> uidRangeForUser(int userId) {
|
||||
return new Range<Integer>(userId * PER_USER_RANGE, (userId + 1) * PER_USER_RANGE - 1);
|
||||
}
|
||||
|
||||
private Range<Integer> uidRange(int start, int stop) {
|
||||
return new Range<Integer>(start, stop);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRestrictedProfilesAreAddedToVpn() {
|
||||
setMockedUsers(primaryUser, secondaryUser, restrictedProfileA, restrictedProfileB);
|
||||
@@ -282,10 +268,12 @@ public class VpnTest {
|
||||
|
||||
// Assume the user can have restricted profiles.
|
||||
doReturn(true).when(mUserManager).canHaveRestrictedProfile();
|
||||
final Set<Range<Integer>> ranges =
|
||||
final Set<UidRange> ranges =
|
||||
vpn.createUserAndRestrictedProfilesRanges(primaryUser.id, null, null);
|
||||
|
||||
assertEquals(rangeSet(PRI_USER_RANGE, uidRangeForUser(restrictedProfileA.id)), ranges);
|
||||
assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
|
||||
PRI_USER_RANGE, UidRange.createForUser(UserHandle.of(restrictedProfileA.id))
|
||||
})), ranges);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -293,10 +281,10 @@ public class VpnTest {
|
||||
setMockedUsers(primaryUser, managedProfileA);
|
||||
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final Set<Range<Integer>> ranges = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
|
||||
final Set<UidRange> ranges = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
|
||||
null, null);
|
||||
|
||||
assertEquals(rangeSet(PRI_USER_RANGE), ranges);
|
||||
assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] { PRI_USER_RANGE })), ranges);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -304,38 +292,35 @@ public class VpnTest {
|
||||
setMockedUsers(primaryUser, restrictedProfileA, managedProfileA);
|
||||
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final Set<Range<Integer>> ranges = new ArraySet<>();
|
||||
final Set<UidRange> ranges = new ArraySet<>();
|
||||
vpn.addUserToRanges(ranges, primaryUser.id, null, null);
|
||||
|
||||
assertEquals(rangeSet(PRI_USER_RANGE), ranges);
|
||||
assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] { PRI_USER_RANGE })), ranges);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUidAllowAndDenylist() throws Exception {
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final Range<Integer> user = PRI_USER_RANGE;
|
||||
final int userStart = user.getLower();
|
||||
final int userStop = user.getUpper();
|
||||
final UidRange user = PRI_USER_RANGE;
|
||||
final String[] packages = {PKGS[0], PKGS[1], PKGS[2]};
|
||||
|
||||
// Allowed list
|
||||
final Set<Range<Integer>> allow = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
|
||||
Arrays.asList(packages), null /* disallowedApplications */);
|
||||
assertEquals(rangeSet(
|
||||
uidRange(userStart + PKG_UIDS[0], userStart + PKG_UIDS[0]),
|
||||
uidRange(userStart + PKG_UIDS[1], userStart + PKG_UIDS[2])),
|
||||
allow);
|
||||
final Set<UidRange> allow = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
|
||||
Arrays.asList(packages), null);
|
||||
assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
|
||||
new UidRange(user.start + PKG_UIDS[0], user.start + PKG_UIDS[0]),
|
||||
new UidRange(user.start + PKG_UIDS[1], user.start + PKG_UIDS[2])
|
||||
})), allow);
|
||||
|
||||
// Denied list
|
||||
final Set<Range<Integer>> disallow =
|
||||
vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
|
||||
null /* allowedApplications */, Arrays.asList(packages));
|
||||
assertEquals(rangeSet(
|
||||
uidRange(userStart, userStart + PKG_UIDS[0] - 1),
|
||||
uidRange(userStart + PKG_UIDS[0] + 1, userStart + PKG_UIDS[1] - 1),
|
||||
/* Empty range between UIDS[1] and UIDS[2], should be excluded, */
|
||||
uidRange(userStart + PKG_UIDS[2] + 1, userStop)),
|
||||
disallow);
|
||||
final Set<UidRange> disallow = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
|
||||
null, Arrays.asList(packages));
|
||||
assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
|
||||
new UidRange(user.start, user.start + PKG_UIDS[0] - 1),
|
||||
new UidRange(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[1] - 1),
|
||||
/* Empty range between UIDS[1] and UIDS[2], should be excluded, */
|
||||
new UidRange(user.start + PKG_UIDS[2] + 1, user.stop)
|
||||
})), disallow);
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -365,86 +350,84 @@ public class VpnTest {
|
||||
@Test
|
||||
public void testLockdownChangingPackage() throws Exception {
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final Range<Integer> user = PRI_USER_RANGE;
|
||||
final int userStart = user.getLower();
|
||||
final int userStop = user.getUpper();
|
||||
final UidRange user = PRI_USER_RANGE;
|
||||
|
||||
// Set always-on without lockdown.
|
||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], false, null));
|
||||
|
||||
// Set always-on with lockdown.
|
||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[1], true, null));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart, userStart + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[1] + 1, userStop)
|
||||
new UidRangeParcel(user.start, user.start + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||
}));
|
||||
|
||||
// Switch to another app.
|
||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[3], true, null));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(false, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart, userStart + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[1] + 1, userStop)
|
||||
new UidRangeParcel(user.start, user.start + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||
}));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart, userStart + PKG_UIDS[3] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[3] + 1, userStop)
|
||||
new UidRangeParcel(user.start, user.start + PKG_UIDS[3] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[3] + 1, user.stop)
|
||||
}));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testLockdownAllowlist() throws Exception {
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final Range<Integer> user = PRI_USER_RANGE;
|
||||
final int userStart = user.getLower();
|
||||
final int userStop = user.getUpper();
|
||||
final UidRange user = PRI_USER_RANGE;
|
||||
|
||||
// Set always-on with lockdown and allow app PKGS[2] from lockdown.
|
||||
assertTrue(vpn.setAlwaysOnPackage(
|
||||
PKGS[1], true, Collections.singletonList(PKGS[2])));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart, userStart + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[2] + 1, userStop)
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(user.start, user.start + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[2] + 1, user.stop)
|
||||
}));
|
||||
// Change allowed app list to PKGS[3].
|
||||
assertTrue(vpn.setAlwaysOnPackage(
|
||||
PKGS[1], true, Collections.singletonList(PKGS[3])));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(false, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[2] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[2] + 1, user.stop)
|
||||
}));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[1] + 1, userStart + PKG_UIDS[3] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[3] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[1] + 1, user.start + PKG_UIDS[3] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[3] + 1, user.stop)
|
||||
}));
|
||||
|
||||
// Change the VPN app.
|
||||
assertTrue(vpn.setAlwaysOnPackage(
|
||||
PKGS[0], true, Collections.singletonList(PKGS[3])));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(false, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart, userStart + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[1] + 1, userStart + PKG_UIDS[3] - 1)
|
||||
new UidRangeParcel(user.start, user.start + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[1] + 1, user.start + PKG_UIDS[3] - 1)
|
||||
}));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart, userStart + PKG_UIDS[0] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStart + PKG_UIDS[3] - 1)
|
||||
new UidRangeParcel(user.start, user.start + PKG_UIDS[0] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[3] - 1)
|
||||
}));
|
||||
|
||||
// Remove the list of allowed packages.
|
||||
assertTrue(vpn.setAlwaysOnPackage(PKGS[0], true, null));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(false, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStart + PKG_UIDS[3] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[3] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[3] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[3] + 1, user.stop)
|
||||
}));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStop),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.stop),
|
||||
}));
|
||||
|
||||
// Add the list of allowed packages.
|
||||
assertTrue(vpn.setAlwaysOnPackage(
|
||||
PKGS[0], true, Collections.singletonList(PKGS[1])));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(false, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.stop)
|
||||
}));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStart + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[1] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||
}));
|
||||
|
||||
// Try allowing a package with a comma, should be rejected.
|
||||
@@ -456,12 +439,12 @@ public class VpnTest {
|
||||
assertTrue(vpn.setAlwaysOnPackage(
|
||||
PKGS[0], true, Arrays.asList("com.foo.app", PKGS[2], "com.bar.app")));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(false, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStart + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[1] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[1] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[1] + 1, user.stop)
|
||||
}));
|
||||
verify(mConnectivityManager).setRequireVpnForUids(true, toRanges(new UidRangeParcel[] {
|
||||
new UidRangeParcel(userStart + PKG_UIDS[0] + 1, userStart + PKG_UIDS[2] - 1),
|
||||
new UidRangeParcel(userStart + PKG_UIDS[2] + 1, userStop)
|
||||
new UidRangeParcel(user.start + PKG_UIDS[0] + 1, user.start + PKG_UIDS[2] - 1),
|
||||
new UidRangeParcel(user.start + PKG_UIDS[2] + 1, user.stop)
|
||||
}));
|
||||
}
|
||||
|
||||
@@ -469,7 +452,7 @@ public class VpnTest {
|
||||
public void testLockdownRuleRepeatability() throws Exception {
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final UidRangeParcel[] primaryUserRangeParcel = new UidRangeParcel[] {
|
||||
new UidRangeParcel(PRI_USER_RANGE.getLower(), PRI_USER_RANGE.getUpper())};
|
||||
new UidRangeParcel(PRI_USER_RANGE.start, PRI_USER_RANGE.stop)};
|
||||
// Given legacy lockdown is already enabled,
|
||||
vpn.setLockdown(true);
|
||||
verify(mConnectivityManager, times(1)).setRequireVpnForUids(true,
|
||||
@@ -501,7 +484,7 @@ public class VpnTest {
|
||||
public void testLockdownRuleReversibility() throws Exception {
|
||||
final Vpn vpn = createVpn(primaryUser.id);
|
||||
final UidRangeParcel[] entireUser = {
|
||||
new UidRangeParcel(PRI_USER_RANGE.getLower(), PRI_USER_RANGE.getUpper())
|
||||
new UidRangeParcel(PRI_USER_RANGE.start, PRI_USER_RANGE.stop)
|
||||
};
|
||||
final UidRangeParcel[] exceptPkg0 = {
|
||||
new UidRangeParcel(entireUser[0].start, entireUser[0].start + PKG_UIDS[0] - 1),
|
||||
|
||||
Reference in New Issue
Block a user