Update VpnTest for new restricted API (45a6931c) · Commits · e / os / android_frameworks_base

services/core/java/com/android/server/connectivity/Vpn.java

+8 −8

Original line number	Diff line number	Diff line
		@@ -203,6 +203,7 @@ public class Vpn {
		protected final NetworkCapabilities mNetworkCapabilities;
		private final SystemServices mSystemServices;
		private final Ikev2SessionCreator mIkev2SessionCreator;
		private final UserManager mUserManager;

		/**
		* Whether to keep the connection active after rebooting, or upgrading or reinstalling. This
		@@ -405,6 +406,7 @@ public class Vpn {
		mLooper = looper;
		mSystemServices = systemServices;
		mIkev2SessionCreator = ikev2SessionCreator;
		mUserManager = mContext.getSystemService(UserManager.class);

		mPackage = VpnConfig.LEGACY_VPN;
		mOwnerUID = getAppUid(mPackage, mUserId);
		@@ -1431,7 +1433,7 @@ public class Vpn {
		final long token = Binder.clearCallingIdentity();
		List<UserInfo> users;
		try {
		users = UserManager.get(mContext).getAliveUsers();
		users = mUserManager.getAliveUsers();
		} finally {
		Binder.restoreCallingIdentity(token);
		}
		@@ -1515,7 +1517,7 @@ public class Vpn {
		*/
		public void onUserAdded(int userId) {
		// If the user is restricted tie them to the parent user's VPN
		UserInfo user = UserManager.get(mContext).getUserInfo(userId);
		UserInfo user = mUserManager.getUserInfo(userId);
		if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {
		synchronized(Vpn.this) {
		final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
		@@ -1543,7 +1545,7 @@ public class Vpn {
		*/
		public void onUserRemoved(int userId) {
		// clean up if restricted
		UserInfo user = UserManager.get(mContext).getUserInfo(userId);
		UserInfo user = mUserManager.getUserInfo(userId);
		if (user.isRestricted() && user.restrictedProfileParentId == mUserId) {
		synchronized(Vpn.this) {
		final Set<UidRange> existingRanges = mNetworkCapabilities.getUids();
		@@ -1968,8 +1970,7 @@ public class Vpn {

		private void enforceNotRestrictedUser() {
		Binder.withCleanCallingIdentity(() -> {
		final UserManager mgr = UserManager.get(mContext);
		final UserInfo user = mgr.getUserInfo(mUserId);
		final UserInfo user = mUserManager.getUserInfo(mUserId);

		if (user.isRestricted()) {
		throw new SecurityException("Restricted users cannot configure VPNs");
		@@ -2004,9 +2005,8 @@ public class Vpn {
		*/
		public void startLegacyVpnPrivileged(VpnProfile profile, KeyStore keyStore,
		@Nullable Network underlying, @NonNull LinkProperties egress) {
		UserManager mgr = UserManager.get(mContext);
		UserInfo user = mgr.getUserInfo(mUserId);
		if (user.isRestricted() \|\| mgr.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN,
		UserInfo user = mUserManager.getUserInfo(mUserId);
		if (user.isRestricted() \|\| mUserManager.hasUserRestriction(UserManager.DISALLOW_CONFIG_VPN,
		new UserHandle(mUserId))) {
		throw new SecurityException("Restricted users cannot establish VPNs");
		}

tests/net/java/com/android/server/connectivity/VpnTest.java

+9 −15

Original line number	Diff line number	Diff line
		@@ -253,12 +253,14 @@ public class VpnTest {

		@Test
		public void testRestrictedProfilesAreAddedToVpn() {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		setMockedUsers(primaryUser, secondaryUser, restrictedProfileA, restrictedProfileB);

		final Vpn vpn = createVpn(primaryUser.id);
		final Set<UidRange> ranges = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
		null, null);

		// Assume the user can have restricted profiles.
		doReturn(true).when(mUserManager).canHaveRestrictedProfile();
		final Set<UidRange> ranges =
		vpn.createUserAndRestrictedProfilesRanges(primaryUser.id, null, null);

		assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
		PRI_USER_RANGE, UidRange.createForUser(restrictedProfileA.id)
		@@ -267,7 +269,6 @@ public class VpnTest {

		@Test
		public void testManagedProfilesAreNotAddedToVpn() {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		setMockedUsers(primaryUser, managedProfileA);

		final Vpn vpn = createVpn(primaryUser.id);
		@@ -290,7 +291,6 @@ public class VpnTest {

		@Test
		public void testUidAllowAndDenylist() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRange user = PRI_USER_RANGE;
		final String[] packages = {PKGS[0], PKGS[1], PKGS[2]};
		@@ -316,7 +316,6 @@ public class VpnTest {

		@Test
		public void testGetAlwaysAndOnGetLockDown() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);

		// Default state.
		@@ -341,7 +340,6 @@ public class VpnTest {

		@Test
		public void testLockdownChangingPackage() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRange user = PRI_USER_RANGE;

		@@ -369,7 +367,6 @@ public class VpnTest {

		@Test
		public void testLockdownAllowlist() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRange user = PRI_USER_RANGE;

		@@ -444,7 +441,6 @@ public class VpnTest {

		@Test
		public void testLockdownRuleRepeatability() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRangeParcel[] primaryUserRangeParcel = new UidRangeParcel[] {
		new UidRangeParcel(PRI_USER_RANGE.start, PRI_USER_RANGE.stop)};
		@@ -477,7 +473,6 @@ public class VpnTest {

		@Test
		public void testLockdownRuleReversibility() throws Exception {
		if (true) return; // TODO(b/175883995): Test disabled until updated for new UserManager API.
		final Vpn vpn = createVpn(primaryUser.id);
		final UidRangeParcel[] entireUser = {
		new UidRangeParcel(PRI_USER_RANGE.start, PRI_USER_RANGE.stop)
		@@ -1144,6 +1139,10 @@ public class VpnTest {
		doReturn(UserHandle.of(userId)).when(asUserContext).getUser();
		when(mContext.createContextAsUser(eq(UserHandle.of(userId)), anyInt()))
		.thenReturn(asUserContext);
		when(asUserContext.getSystemServiceName(UserManager.class))
		.thenReturn(Context.USER_SERVICE);
		when(asUserContext.getSystemService(UserManager.class))
		.thenReturn(mUserManager);
		final TestLooper testLooper = new TestLooper();
		final Vpn vpn = new Vpn(testLooper.getLooper(), mContext, new TestDeps(), mNetService,
		mNetd, userId, mKeyStore, mSystemServices, mIkev2SessionCreator);
		@@ -1179,11 +1178,6 @@ public class VpnTest {
		final int id = (int) invocation.getArguments()[0];
		return userMap.get(id);
		}).when(mUserManager).getUserInfo(anyInt());

		doAnswer(invocation -> {
		final int id = (int) invocation.getArguments()[0];
		return (userMap.get(id).flags & UserInfo.FLAG_ADMIN) != 0;
		}).when(mUserManager).canHaveRestrictedProfile();
		}

		/**