Accept both pre-S and post-S errors in getConnectionOwnerUid.
On R and below, when an app that is not the active VPN app calls
getConnectionOwnerUid, a SecurityException is thrown. On S and
above, the method just returns INVALID_UID, which is what would
happen if the app was the active VPN app but was not authorized
to find that particular socket.
Accept both behaviours.
Bug: 173331190
Test: atest HostsideVpnTests#testGetConnectionOwnerUidSecurity passes on R and S
Change-Id: Ie6de2ef505b0d7bc253c55215a698aeaa210785c
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
index a5efe0c..4668ba3 100755
--- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
@@ -829,8 +829,11 @@
InetSocketAddress rem = new InetSocketAddress(s.getInetAddress(), s.getPort());
try {
int uid = mCM.getConnectionOwnerUid(OsConstants.IPPROTO_TCP, loc, rem);
- fail("Only an active VPN app may call this API.");
- } catch (SecurityException expected) {
+ assertEquals("Only an active VPN app should see connection information",
+ INVALID_UID, uid);
+ } catch (SecurityException acceptable) {
+ // R and below throw SecurityException if a non-active VPN calls this method.
+ // As long as we can't actually get socket information, either behaviour is fine.
return;
}
}