Merge "Make sure that only the owner can call stopVpnProfile()" into rvc-dev am: 15941027

import android.content.Intent;

import android.content.IntentFilter;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager.NameNotFoundException;

import android.content.res.Configuration;

import android.database.ContentObserver;

import android.net.CaptivePortal;

        }

    }

    private int getAppUid(final String app, final int userId) {

        final PackageManager pm = mContext.getPackageManager();

        final long token = Binder.clearCallingIdentity();

        try {

            return pm.getPackageUidAsUser(app, userId);

        } catch (NameNotFoundException e) {

            return -1;

        } finally {

            Binder.restoreCallingIdentity(token);

        }

    }

    private void verifyCallingUidAndPackage(String packageName, int callingUid) {

        final int userId = UserHandle.getUserId(callingUid);

        if (getAppUid(packageName, userId) != callingUid) {

            throw new SecurityException(packageName + " does not belong to uid " + callingUid);

        }

    }

    /**

     * Starts the VPN based on the stored profile for the given package

     *

     */

    @Override

    public void startVpnProfile(@NonNull String packageName) {

        final int user = UserHandle.getUserId(Binder.getCallingUid());

        final int callingUid = Binder.getCallingUid();

        verifyCallingUidAndPackage(packageName, callingUid);

        final int user = UserHandle.getUserId(callingUid);

        synchronized (mVpns) {

            throwIfLockdownEnabled();

            mVpns.get(user).startVpnProfile(packageName, mKeyStore);

     */

    @Override

    public void stopVpnProfile(@NonNull String packageName) {

        final int user = UserHandle.getUserId(Binder.getCallingUid());

        final int callingUid = Binder.getCallingUid();

        verifyCallingUidAndPackage(packageName, callingUid);

        final int user = UserHandle.getUserId(callingUid);

        synchronized (mVpns) {

            mVpns.get(user).stopVpnProfile(packageName);

        }

                Arrays.asList(new UserInfo[] {

                        new UserInfo(VPN_USER, "", 0),

                }));

        final int userId = UserHandle.getCallingUserId();

        final UserInfo primaryUser = new UserInfo(userId, "", UserInfo.FLAG_PRIMARY);

        doReturn(primaryUser).when(mUserManager).getUserInfo(eq(userId));

        final ApplicationInfo applicationInfo = new ApplicationInfo();

        applicationInfo.targetSdkVersion = Build.VERSION_CODES.Q;

        when(mPackageManager.getApplicationInfoAsUser(anyString(), anyInt(), any()))

                        buildPackageInfo(/* SYSTEM */ false, APP2_UID),

                        buildPackageInfo(/* SYSTEM */ false, VPN_UID)

                }));

        final int userId = UserHandle.getCallingUserId();

        when(mPackageManager.getPackageUidAsUser(TEST_PACKAGE_NAME, userId))

                .thenReturn(Process.myUid());

    }

    private void verifyActiveNetwork(int transport) {

        assertContainsExactly(uidCaptor.getValue(), APP1_UID, APP2_UID);

    }

    @Test

    public void testStartVpnProfileFromDiffPackage() throws Exception {

        final String notMyVpnPkg = "com.not.my.vpn";

        assertThrows(SecurityException.class, () -> mService.startVpnProfile(notMyVpnPkg));

    }

    @Test

    public void testStopVpnProfileFromDiffPackage() throws Exception {

        final String notMyVpnPkg = "com.not.my.vpn";

        assertThrows(SecurityException.class, () -> mService.stopVpnProfile(notMyVpnPkg));

    }

    @Test

    public void testUidUpdateChangesInterfaceFilteringRule() throws Exception {

        LinkProperties lp = new LinkProperties();