commit 8debc39f1727ee4540e08cf699a6fde75268a5da
author TreeHugger Robot <treehugger-gerrit@google.com> Tue May 17 18:28:20 2016 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Tue May 17 18:28:22 2016 +0000
tree dd69ba5a6e6dbca1f7c7dfcec53369f2bc4c8bf7
parent 89bf3e3aa2b3e95486445a50f4666a20b3d8e830
parent 57fc863cce07ae8962d0888c8765dfb46b0a4702

Merge "Added a onRestrictBackgroundBlacklistChanged() callback." into nyc-dev

core/java/android/net/ConnectivityManager.java

diff --git a/core/java/android/net/ConnectivityManager.java b/core/java/android/net/ConnectivityManager.java
index 43d9bf3..a45e6f5 100644
--- a/core/java/android/net/ConnectivityManager.java
+++ b/core/java/android/net/ConnectivityManager.java
@@ -3362,6 +3362,10 @@
     /**
      * Determines if the calling application is subject to metered network restrictions while
      * running on background.
+     *
+     * @return {@link #RESTRICT_BACKGROUND_STATUS_DISABLED},
+     * {@link #RESTRICT_BACKGROUND_STATUS_ENABLED},
+     * or {@link #RESTRICT_BACKGROUND_STATUS_WHITELISTED}
      */
     public @RestrictBackgroundStatus int getRestrictBackgroundStatus() {
         try {

core/java/android/net/UidRange.java

diff --git a/core/java/android/net/UidRange.java b/core/java/android/net/UidRange.java
index 2e586b3..fd465d9 100644
--- a/core/java/android/net/UidRange.java
+++ b/core/java/android/net/UidRange.java
@@ -48,6 +48,17 @@
         return start / PER_USER_RANGE;
     }
 
+    public boolean contains(int uid) {
+        return start <= uid && uid <= stop;
+    }
+
+    /**
+     * @return {@code true} if this range contains every UID contained by the {@param other} range.
+     */
+    public boolean containsRange(UidRange other) {
+        return start <= other.start && other.stop <= stop;
+    }
+
     @Override
     public int hashCode() {
         int result = 17;

services/tests/servicestests/src/com/android/server/connectivity/VpnTest.java

diff --git a/services/tests/servicestests/src/com/android/server/connectivity/VpnTest.java b/services/tests/servicestests/src/com/android/server/connectivity/VpnTest.java
new file mode 100644
index 0000000..3295bf5
--- /dev/null
+++ b/services/tests/servicestests/src/com/android/server/connectivity/VpnTest.java
@@ -0,0 +1,198 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.server.connectivity;
+
+import static android.content.pm.UserInfo.FLAG_ADMIN;
+import static android.content.pm.UserInfo.FLAG_MANAGED_PROFILE;
+import static android.content.pm.UserInfo.FLAG_PRIMARY;
+import static android.content.pm.UserInfo.FLAG_RESTRICTED;
+import static org.mockito.Mockito.*;
+
+import android.annotation.UserIdInt;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.content.pm.UserInfo;
+import android.net.UidRange;
+import android.os.INetworkManagementService;
+import android.os.Looper;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.test.AndroidTestCase;
+import android.test.suitebuilder.annotation.SmallTest;
+import android.util.ArrayMap;
+import android.util.ArraySet;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.Set;
+
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+/**
+ * Tests for {@link Vpn}.
+ *
+ * Build, install and run with:
+ *  runtest --path src/com/android/server/connectivity/VpnTest.java
+ */
+public class VpnTest extends AndroidTestCase {
+    private static final String TAG = "VpnTest";
+
+    // Mock users
+    static final UserInfo primaryUser = new UserInfo(27, "Primary", FLAG_ADMIN | FLAG_PRIMARY);
+    static final UserInfo secondaryUser = new UserInfo(15, "Secondary", FLAG_ADMIN);
+    static final UserInfo restrictedProfileA = new UserInfo(40, "RestrictedA", FLAG_RESTRICTED);
+    static final UserInfo restrictedProfileB = new UserInfo(42, "RestrictedB", FLAG_RESTRICTED);
+    static final UserInfo managedProfileA = new UserInfo(45, "ManagedA", FLAG_MANAGED_PROFILE);
+    static {
+        restrictedProfileA.restrictedProfileParentId = primaryUser.id;
+        restrictedProfileB.restrictedProfileParentId = secondaryUser.id;
+        managedProfileA.profileGroupId = primaryUser.id;
+    }
+
+    @Mock private Context mContext;
+    @Mock private UserManager mUserManager;
+    @Mock private PackageManager mPackageManager;
+    @Mock private INetworkManagementService mNetService;
+
+    @Override
+    public void setUp() throws Exception {
+        MockitoAnnotations.initMocks(this);
+        when(mContext.getPackageManager()).thenReturn(mPackageManager);
+        when(mContext.getSystemService(eq(Context.USER_SERVICE))).thenReturn(mUserManager);
+        doNothing().when(mNetService).registerObserver(any());
+    }
+
+    @SmallTest
+    public void testRestrictedProfilesAreAddedToVpn() {
+        setMockedUsers(primaryUser, secondaryUser, restrictedProfileA, restrictedProfileB);
+
+        final Vpn vpn = createVpn(primaryUser.id);
+        final Set<UidRange> ranges = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
+                null, null);
+
+        assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
+            UidRange.createForUser(primaryUser.id),
+            UidRange.createForUser(restrictedProfileA.id)
+        })), ranges);
+    }
+
+    @SmallTest
+    public void testManagedProfilesAreNotAddedToVpn() {
+        setMockedUsers(primaryUser, managedProfileA);
+
+        final Vpn vpn = createVpn(primaryUser.id);
+        final Set<UidRange> ranges = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
+                null, null);
+
+        assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
+            UidRange.createForUser(primaryUser.id)
+        })), ranges);
+    }
+
+    @SmallTest
+    public void testAddUserToVpnOnlyAddsOneUser() {
+        setMockedUsers(primaryUser, restrictedProfileA, managedProfileA);
+
+        final Vpn vpn = createVpn(primaryUser.id);
+        final Set<UidRange> ranges = new ArraySet<>();
+        vpn.addUserToRanges(ranges, primaryUser.id, null, null);
+
+        assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
+            UidRange.createForUser(primaryUser.id)
+        })), ranges);
+    }
+
+    @SmallTest
+    public void testUidWhiteAndBlacklist() throws Exception {
+        final Map<String, Integer> packages = new ArrayMap<>();
+        packages.put("com.example", 66);
+        packages.put("org.example", 77);
+        packages.put("net.example", 78);
+        setMockedPackages(packages);
+
+        final Vpn vpn = createVpn(primaryUser.id);
+        final UidRange user = UidRange.createForUser(primaryUser.id);
+
+        // Whitelist
+        final Set<UidRange> allow = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
+                new ArrayList<String>(packages.keySet()), null);
+        assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
+            new UidRange(user.start + 66, user.start + 66),
+            new UidRange(user.start + 77, user.start + 78)
+        })), allow);
+
+        // Blacklist
+        final Set<UidRange> disallow = vpn.createUserAndRestrictedProfilesRanges(primaryUser.id,
+                null, new ArrayList<String>(packages.keySet()));
+        assertEquals(new ArraySet<>(Arrays.asList(new UidRange[] {
+            new UidRange(user.start, user.start + 65),
+            new UidRange(user.start + 67, user.start + 76),
+            new UidRange(user.start + 79, user.stop)
+        })), disallow);
+    }
+
+    /**
+     * @return A subclass of {@link Vpn} which is reliably:
+     * <ul>
+     *   <li>Associated with a specific user ID</li>
+     *   <li>Not in always-on mode</li>
+     * </ul>
+     */
+    private Vpn createVpn(@UserIdInt int userId) {
+        return new Vpn(Looper.myLooper(), mContext, mNetService, userId);
+    }
+
+    /**
+     * Populate {@link #mUserManager} with a list of fake users.
+     */
+    private void setMockedUsers(UserInfo... users) {
+        final Map<Integer, UserInfo> userMap = new ArrayMap<>();
+        for (UserInfo user : users) {
+            userMap.put(user.id, user);
+        }
+
+        doAnswer(invocation -> {
+            return new ArrayList(userMap.values());
+        }).when(mUserManager).getUsers();
+
+        doAnswer(invocation -> {
+            final int id = (int) invocation.getArguments()[0];
+            return userMap.get(id);
+        }).when(mUserManager).getUserInfo(anyInt());
+
+        doAnswer(invocation -> {
+            final int id = (int) invocation.getArguments()[0];
+            return (userMap.get(id).flags & UserInfo.FLAG_ADMIN) != 0;
+        }).when(mUserManager).canHaveRestrictedProfile(anyInt());
+    }
+
+    /**
+     * Populate {@link #mPackageManager} with a fake packageName-to-UID mapping.
+     */
+    private void setMockedPackages(final Map<String, Integer> packages) {
+        try {
+            doAnswer(invocation -> {
+                final String appName = (String) invocation.getArguments()[0];
+                final int userId = (int) invocation.getArguments()[1];
+                return UserHandle.getUid(userId, packages.get(appName));
+            }).when(mPackageManager).getPackageUidAsUser(anyString(), anyInt());
+        } catch (Exception e) {
+        }
+    }
+}