Merge "Add checks around CONTROL_VPN permission during prepare()" am: 04f3dc871d Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2624812 Change-Id: Ibf49d8f7bf4912a8192838c3bf2692585b0d1135 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

commit: e9c82f087a11368bb8b5e42039ad55f71e10d8ec [log] [tgz]
author: Cassie Wang <cassiewang@google.com> Mon Jun 19 12:12:57 2023 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jun 19 12:12:57 2023 +0000
tree: be78b74c2ca4d3415e11e01f647f1442b746348b
parent: e82e2145704c487a31d46c59343f4958e17d181c [diff]
parent: 04f3dc871daabf273597a5a48d10911e23587329 [diff]
diff --git a/tests/unit/java/com/android/server/connectivity/VpnTest.java b/tests/unit/java/com/android/server/connectivity/VpnTest.java
index 2d2819c..dc50773 100644
--- a/tests/unit/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/unit/java/com/android/server/connectivity/VpnTest.java

@@ -80,6 +80,7 @@
 import static org.mockito.Mockito.doCallRealMethod;
 import static org.mockito.Mockito.doNothing;
 import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.doThrow;
 import static org.mockito.Mockito.inOrder;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -807,6 +808,32 @@
     }
 
     @Test
+    public void testPrepare_legacyVpnWithoutControlVpn()
+            throws Exception {
+        doThrow(new SecurityException("no CONTROL_VPN")).when(mContext)
+                .enforceCallingOrSelfPermission(eq(CONTROL_VPN), any());
+        final Vpn vpn = createVpn();
+        assertThrows(SecurityException.class,
+                () -> vpn.prepare(null, VpnConfig.LEGACY_VPN, VpnManager.TYPE_VPN_SERVICE));
+
+        // CONTROL_VPN can be held by the caller or another system server process - both are
+        // allowed. Just checking for `enforceCallingPermission` may not be sufficient.
+        verify(mContext, never()).enforceCallingPermission(eq(CONTROL_VPN), any());
+    }
+
+    @Test
+    public void testPrepare_legacyVpnWithControlVpn()
+            throws Exception {
+        doNothing().when(mContext).enforceCallingOrSelfPermission(eq(CONTROL_VPN), any());
+        final Vpn vpn = createVpn();
+        assertTrue(vpn.prepare(null, VpnConfig.LEGACY_VPN, VpnManager.TYPE_VPN_SERVICE));
+
+        // CONTROL_VPN can be held by the caller or another system server process - both are
+        // allowed. Just checking for `enforceCallingPermission` may not be sufficient.
+        verify(mContext, never()).enforceCallingPermission(eq(CONTROL_VPN), any());
+    }
+
+    @Test
     public void testIsAlwaysOnPackageSupported() throws Exception {
         final Vpn vpn = createVpn(PRIMARY_USER.id);
commit	e9c82f087a11368bb8b5e42039ad55f71e10d8ec	[log] [tgz]
author	Cassie Wang <cassiewang@google.com>	Mon Jun 19 12:12:57 2023 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jun 19 12:12:57 2023 +0000
tree	be78b74c2ca4d3415e11e01f647f1442b746348b
parent	e82e2145704c487a31d46c59343f4958e17d181c [diff]
parent	04f3dc871daabf273597a5a48d10911e23587329 [diff]