Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4d3a0c24 authored by Lorenzo Colitti's avatar Lorenzo Colitti
Browse files

Add tests for always-on VPN lockdown mode. 

This requires mocking lots of new things that weren't mocked
before but is otherwise fairly straightforward.

A few changes to MockVpn are needed as well:

1. Set the VPN's NetworkInfo to CONNECTED, so methods such as
   isBlockingUid will work. While I'm at it, set the interface on
   the LinkProperties as well to make things a bit more
   realistic.

2. Constructs the VpnConfig when registering the agent, not when
   the MockVpn is created. This is needed because starting and
   stopping lockdown VPN calls prepare, which nulls out mConfig.
   But constructing the VpnConfig when registering the agent is
   more realistic anyway. The production code does that in
   establish, but we can't do that in ConnectivityServiceTest
   because some of the test cases don't call establish and call
   registerAgent directly.

Bug: 173331190
Test: atest FrameworksNetTests
Change-Id: I827543751dbf5e626a24ec02cd6f50b423f5f761
parent c3c61489

services/core/java/com/android/server/connectivity/Vpn.java

+20 −8
Original line number Diff line number Diff line
@@ -246,7 +246,12 @@ public class Vpn { 
        void checkInterruptAndDelay(boolean sleepLonger) throws InterruptedException;

    }



    static class Dependencies {

    @VisibleForTesting

    public static class Dependencies {

        public boolean isCallerSystem() {

            return Binder.getCallingUid() == Process.SYSTEM_UID;

        }



        public void startService(final String serviceName) {

            SystemService.start(serviceName);

        }
@@ -267,6 +272,10 @@ public class Vpn { 
            return new File("/data/misc/vpn/state");

        }



        public DeviceIdleInternal getDeviceIdleInternal() {

            return LocalServices.getService(DeviceIdleInternal.class);

        }



        public void sendArgumentsToDaemon(

                final String daemon, final LocalSocket socket, final String[] arguments,

                final RetryScheduler retryScheduler) throws IOException, InterruptedException {
@@ -372,6 +381,14 @@ public class Vpn { 
                new SystemServices(context), new Ikev2SessionCreator());

    }



    @VisibleForTesting

    public Vpn(Looper looper, Context context, Dependencies deps,

            INetworkManagementService netService, INetd netd, @UserIdInt int userId,

            @NonNull KeyStore keyStore) {

        this(looper, context, deps, netService, netd, userId, keyStore,

                new SystemServices(context), new Ikev2SessionCreator());

    }



    @VisibleForTesting

    protected Vpn(Looper looper, Context context, Dependencies deps,

            INetworkManagementService netService, INetd netd,
@@ -772,8 +789,7 @@ public class Vpn { 


            // Tell the OS that background services in this app need to be allowed for

            // a short time, so we can bootstrap the VPN service.

            DeviceIdleInternal idleController =

                    LocalServices.getService(DeviceIdleInternal.class);

            DeviceIdleInternal idleController = mDeps.getDeviceIdleInternal();

            idleController.addPowerSaveTempWhitelistApp(Process.myUid(), alwaysOnPackage,

                    VPN_LAUNCH_IDLE_ALLOWLIST_DURATION_MS, mUserId, false, "vpn");
@@ -1959,10 +1975,6 @@ public class Vpn { 
            return mContext.createContextAsUser(

                    UserHandle.of(userId), 0 /* flags */).getContentResolver();

        }



        public boolean isCallerSystem() {

            return Binder.getCallingUid() == Process.SYSTEM_UID;

        }

    }



    private native int jniCreate(int mtu);
@@ -3112,7 +3124,7 @@ public class Vpn { 
    @VisibleForTesting

    @Nullable

    VpnProfile getVpnProfilePrivileged(@NonNull String packageName, @NonNull KeyStore keyStore) {

        if (!mSystemServices.isCallerSystem()) {

        if (!mDeps.isCallerSystem()) {

            Log.wtf(TAG, "getVpnProfilePrivileged called as non-System UID ");

            return null;

        }

tests/net/java/com/android/server/ConnectivityServiceTest.java

+241 −17

File changed.

Preview size limit exceeded, changes collapsed.

tests/net/java/com/android/server/connectivity/VpnTest.java

+5 −1
Original line number Diff line number Diff line
@@ -228,7 +228,6 @@ public class VpnTest { 
                        R.string.config_customVpnAlwaysOnDisconnectedDialogComponent));

        when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))

                .thenReturn(true);

        when(mSystemServices.isCallerSystem()).thenReturn(true);



        // Used by {@link Notification.Builder}

        ApplicationInfo applicationInfo = new ApplicationInfo();
@@ -1101,6 +1100,11 @@ public class VpnTest { 
            }

        }



        @Override

        public boolean isCallerSystem() {

            return true;

        }



        @Override

        public void startService(final String serviceName) {

            mRunningServices.put(serviceName, true);