Merge "Don't pass non-const refs." am: 2fe71c70ab Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/1949796 Change-Id: Icdc0c7c1a3ebd2962d15b38ebd87e1a28f40938c

commit: 2dafc77581347675f1c32b2f4946be2c8d59ee25 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Mon Jan 17 16:12:51 2022 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Mon Jan 17 16:12:51 2022 +0000
tree: 9d668acb2befc77ff34a0f0c092d3dce858d0250
parent: 778e9d325fd34c8aa88f9925387f216a25190615 [diff]
parent: 2fe71c70abe17a3054f40a7400eccca41f0b4c31 [diff]
diff --git a/Tethering/Android.bp b/Tethering/Android.bp
index 041a3ae..1f9ef08 100644
--- a/Tethering/Android.bp
+++ b/Tethering/Android.bp

@@ -208,5 +208,4 @@
 sdk {
     name: "tethering-module-sdk",
     bootclasspath_fragments: ["com.android.tethering-bootclasspath-fragment"],
-    systemserverclasspath_fragments: ["com.android.tethering-systemserverclasspath-fragment"],
 }

diff --git a/Tethering/apex/Android.bp b/Tethering/apex/Android.bp
index 4703f1d..b369177 100644
--- a/Tethering/apex/Android.bp
+++ b/Tethering/apex/Android.bp

@@ -22,14 +22,14 @@
 // different value depending on the branch.
 java_defaults {
     name: "ConnectivityNextEnableDefaults",
-    enabled: true,
+    enabled: false,
 }
 apex_defaults {
     name: "ConnectivityApexDefaults",
     // Tethering app to include in the AOSP apex. Branches that disable the "next" targets may use
     // a stable tethering app instead, but will generally override the AOSP apex to use updatable
     // package names and keys, so that apex will be unused anyway.
-    apps: ["TetheringNext"], // Replace to "Tethering" if ConnectivityNextEnableDefaults is false.
+    apps: ["Tethering"], // Replace to "Tethering" if ConnectivityNextEnableDefaults is false.
 }
 // This is a placeholder comment to avoid merge conflicts
 // as the above target may have different "enabled" values
@@ -44,8 +44,8 @@
     bootclasspath_fragments: [
         "com.android.tethering-bootclasspath-fragment",
     ],
-    systemserverclasspath_fragments: [
-        "com.android.tethering-systemserverclasspath-fragment",
+    java_libs: [
+        "service-connectivity",
     ],
     multilib: {
         first: {
@@ -120,12 +120,6 @@
     },
 }
 
-systemserverclasspath_fragment {
-    name: "com.android.tethering-systemserverclasspath-fragment",
-    standalone_contents: ["service-connectivity"],
-    apex_available: ["com.android.tethering"],
-}
-
 override_apex {
     name: "com.android.tethering.inprocess",
     base: "com.android.tethering",

diff --git a/tests/deflake/Android.bp b/tests/deflake/Android.bp
index 8205f1c..b3d0363 100644
--- a/tests/deflake/Android.bp
+++ b/tests/deflake/Android.bp

@@ -21,7 +21,7 @@
 
 // FrameworksNetDeflakeTest depends on FrameworksNetTests so it should be disabled
 // if FrameworksNetTests is disabled.
-enable_frameworks_net_deflake_test = true
+enable_frameworks_net_deflake_test = false
 // Placeholder
 // This is a placeholder comment to minimize merge conflicts, as enable_frameworks_net_deflake_test
 // may have different values depending on the branch

diff --git a/tests/unit/Android.bp b/tests/unit/Android.bp
index 3735ca4..9e80a25 100644
--- a/tests/unit/Android.bp
+++ b/tests/unit/Android.bp

@@ -13,7 +13,7 @@
 // Whether to enable the FrameworksNetTests. Set to false in the branches that might have older
 // frameworks/base since FrameworksNetTests includes the test for classes that are not in
 // connectivity module.
-enable_frameworks_net_tests = true
+enable_frameworks_net_tests = false
 // Placeholder
 // This is a placeholder comment to minimize merge conflicts, as enable_frameworks_net_tests
 // may have different values depending on the branch

diff --git a/tests/unit/java/com/android/server/connectivity/VpnTest.java b/tests/unit/java/com/android/server/connectivity/VpnTest.java
index fd9aefa..33c0868 100644
--- a/tests/unit/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/unit/java/com/android/server/connectivity/VpnTest.java

@@ -17,6 +17,9 @@
 package com.android.server.connectivity;
 
 import static android.Manifest.permission.BIND_VPN_SERVICE;
+import static android.Manifest.permission.CONTROL_VPN;
+import static android.content.pm.PackageManager.PERMISSION_DENIED;
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
 import static android.content.pm.UserInfo.FLAG_ADMIN;
 import static android.content.pm.UserInfo.FLAG_MANAGED_PROFILE;
 import static android.content.pm.UserInfo.FLAG_PRIMARY;
@@ -26,6 +29,9 @@
 import static android.net.INetd.IF_STATE_UP;
 import static android.os.UserHandle.PER_USER_RANGE;
 
+import static com.android.modules.utils.build.SdkLevel.isAtLeastT;
+import static com.android.testutils.MiscAsserts.assertThrows;
+
 import static org.junit.Assert.assertArrayEquals;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
@@ -259,6 +265,10 @@
                         IpSecManager.Status.OK, TEST_TUNNEL_RESOURCE_ID, TEST_IFACE_NAME);
         when(mIpSecService.createTunnelInterface(any(), any(), any(), any(), any()))
                 .thenReturn(tunnelResp);
+        // The unit test should know what kind of permission it needs and set the permission by
+        // itself, so set the default value of Context#checkCallingOrSelfPermission to
+        // PERMISSION_DENIED.
+        doReturn(PERMISSION_DENIED).when(mContext).checkCallingOrSelfPermission(any());
     }
 
     private <T> void mockService(Class<T> clazz, String name, T service) {
@@ -511,6 +521,7 @@
 
     @Test
     public void testLockdownRuleReversibility() throws Exception {
+        doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
         final Vpn vpn = createVpn(primaryUser.id);
         final UidRangeParcel[] entireUser = {
             new UidRangeParcel(PRI_USER_RANGE.getLower(), PRI_USER_RANGE.getUpper())
@@ -538,6 +549,27 @@
     }
 
     @Test
+    public void testPrepare_throwSecurityExceptionWhenGivenPackageDoesNotBelongToTheCaller()
+            throws Exception {
+        assumeTrue(isAtLeastT());
+        final Vpn vpn = createVpnAndSetupUidChecks();
+        assertThrows(SecurityException.class,
+                () -> vpn.prepare("com.not.vpn.owner", null, VpnManager.TYPE_VPN_SERVICE));
+        assertThrows(SecurityException.class,
+                () -> vpn.prepare(null, "com.not.vpn.owner", VpnManager.TYPE_VPN_SERVICE));
+        assertThrows(SecurityException.class,
+                () -> vpn.prepare("com.not.vpn.owner1", "com.not.vpn.owner2",
+                        VpnManager.TYPE_VPN_SERVICE));
+    }
+
+    @Test
+    public void testPrepare_bothOldPackageAndNewPackageAreNull() throws Exception {
+        final Vpn vpn = createVpnAndSetupUidChecks();
+        assertTrue(vpn.prepare(null, null, VpnManager.TYPE_VPN_SERVICE));
+
+    }
+
+    @Test
     public void testIsAlwaysOnPackageSupported() throws Exception {
         final Vpn vpn = createVpn(primaryUser.id);
commit	2dafc77581347675f1c32b2f4946be2c8d59ee25	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Mon Jan 17 16:12:51 2022 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	Mon Jan 17 16:12:51 2022 +0000
tree	9d668acb2befc77ff34a0f0c092d3dce858d0250
parent	778e9d325fd34c8aa88f9925387f216a25190615 [diff]
parent	2fe71c70abe17a3054f40a7400eccca41f0b4c31 [diff]