diff options
author | Cody Kesting <ckesting@google.com> | 2021-06-14 12:13:21 -0700 |
---|---|---|
committer | Cody Kesting <ckesting@google.com> | 2021-06-15 21:12:49 -0700 |
commit | bbf05195f5f1fca90725261cdea5f742d406f584 (patch) | |
tree | 37c9c0fc062ef9f175f60b87e1b694f10d8303ff | |
parent | 5c2f3afd66882853e0daf5f75ad10768dce3548e (diff) | |
download | cts-bbf05195f5f1fca90725261cdea5f742d406f584.tar.gz |
Adopt and drop shell permission once per VCN test.
This CL updates VcnManagerTest to explicitly adopt and drop shell
permission identity once per test. This change ensures that no races
occur between adopting and dropping shell permission identity in
testing, which can cause test flake.
This CL also updates CarrierPrivilegeUtils to not manage its own
permissions (needed for adopting CarrierPrivileges). Instead, the caller
must manage these permissions before using the util.
Bug: 182291467
Test: atest CtsVcnTestCases
Change-Id: I3e82d3b2da3fe30b87a90751b0b996a42e6f15c3
-rw-r--r-- | tests/tests/vcn/src/android/net/vcn/cts/TestNetworkWrapper.java | 158 | ||||
-rw-r--r-- | tests/tests/vcn/src/android/net/vcn/cts/VcnManagerTest.java | 21 |
2 files changed, 81 insertions, 98 deletions
diff --git a/tests/tests/vcn/src/android/net/vcn/cts/TestNetworkWrapper.java b/tests/tests/vcn/src/android/net/vcn/cts/TestNetworkWrapper.java index 6d0a95743e4..52b6245a186 100644 --- a/tests/tests/vcn/src/android/net/vcn/cts/TestNetworkWrapper.java +++ b/tests/tests/vcn/src/android/net/vcn/cts/TestNetworkWrapper.java @@ -18,9 +18,6 @@ package android.net.vcn.cts; import static android.net.cts.util.CtsNetUtils.TestNetworkCallback; -import static com.android.compatibility.common.util.SystemUtil.callWithShellPermissionIdentity; -import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity; - import android.annotation.NonNull; import android.content.Context; import android.net.ConnectivityManager; @@ -106,9 +103,7 @@ public class TestNetworkWrapper implements AutoCloseable { throws Exception { mConnectivityManager = context.getSystemService(ConnectivityManager.class); mVcnManager = context.getSystemService(VcnManager.class); - mTestNetworkManager = - callWithShellPermissionIdentity( - () -> context.getSystemService(TestNetworkManager.class)); + mTestNetworkManager = context.getSystemService(TestNetworkManager.class); try { final LinkAddress linkAddress = @@ -116,49 +111,31 @@ public class TestNetworkWrapper implements AutoCloseable { localAddress, localAddress instanceof Inet4Address ? IP4_PREFIX_LEN : IP6_PREFIX_LEN); final TestNetworkInterface tni = - callWithShellPermissionIdentity( - () -> { - return mTestNetworkManager.createTunInterface( - Arrays.asList(linkAddress)); - }); + mTestNetworkManager.createTunInterface(Arrays.asList(linkAddress)); tunFd = tni.getFileDescriptor(); final String iface = tni.getInterfaceName(); - vcnNetworkCallback = - callWithShellPermissionIdentity( - () -> { - final NetworkRequest nr = - new NetworkRequest.Builder(TEST_NETWORK_REQUEST) - .setNetworkSpecifier(iface) - .build(); - final VcnTestNetworkCallback cb = new VcnTestNetworkCallback(); - mConnectivityManager.requestNetwork(nr, cb); - return cb; - }); + final NetworkRequest nr = + new NetworkRequest.Builder(TEST_NETWORK_REQUEST) + .setNetworkSpecifier(iface) + .build(); + vcnNetworkCallback = new VcnTestNetworkCallback(); + mConnectivityManager.requestNetwork(nr, vcnNetworkCallback); final NetworkCapabilities nc = createNetworkCapabilitiesForIface(iface, isMetered, subIds); final LinkProperties lp = createLinkPropertiesForIface(iface, mtu); + final VcnNetworkPolicyResult policy = mVcnManager.applyVcnNetworkPolicy(nc, lp); + if (policy.isTeardownRequested()) { + throw new IllegalStateException("Restart requested in bringup"); + } + mTestNetworkAgent = - callWithShellPermissionIdentity( - () -> { - final VcnNetworkPolicyResult policy = - mVcnManager.applyVcnNetworkPolicy(nc, lp); - if (policy.isTeardownRequested()) { - throw new IllegalStateException("Restart requested in bringup"); - } - - final TestNetworkAgent agent = - new TestNetworkAgent( - context, - Looper.getMainLooper(), - policy.getNetworkCapabilities(), - lp); - agent.register(); - agent.markConnected(); - return agent; - }); + new TestNetworkAgent( + context, Looper.getMainLooper(), policy.getNetworkCapabilities(), lp); + mTestNetworkAgent.register(); + mTestNetworkAgent.markConnected(); tunNetwork = vcnNetworkCallback.waitForAvailable(); mCloseGuard.open(TAG); @@ -232,42 +209,40 @@ public class TestNetworkWrapper implements AutoCloseable { @Override public void close() { mCloseGuard.close(); - runWithShellPermissionIdentity( - () -> { - if (vcnNetworkCallback != null) { - try { - mConnectivityManager.unregisterNetworkCallback(vcnNetworkCallback); - } catch (Exception e) { - Log.e(TAG, "Failed to unregister Network CB", e); - } - } - if (mTestNetworkAgent != null) { - synchronized (mTestNetworkAgent) { - try { - mTestNetworkAgent.teardown(); - } catch (Exception e) { - Log.e(TAG, "Failed to unregister TestNetworkAgent", e); - } - } - } + if (vcnNetworkCallback != null) { + try { + mConnectivityManager.unregisterNetworkCallback(vcnNetworkCallback); + } catch (Exception e) { + Log.e(TAG, "Failed to unregister Network CB", e); + } + } - if (tunNetwork != null) { - try { - mTestNetworkManager.teardownTestNetwork(tunNetwork); - } catch (Exception e) { - Log.e(TAG, "Failed to tear down Test Network", e); - } - } + if (mTestNetworkAgent != null) { + synchronized (mTestNetworkAgent) { + try { + mTestNetworkAgent.teardown(); + } catch (Exception e) { + Log.e(TAG, "Failed to unregister TestNetworkAgent", e); + } + } + } - if (tunFd != null) { - try { - tunFd.close(); - } catch (Exception e) { - Log.e(TAG, "Failed to close Test Network FD", e); - } - } - }); + if (tunNetwork != null) { + try { + mTestNetworkManager.teardownTestNetwork(tunNetwork); + } catch (Exception e) { + Log.e(TAG, "Failed to tear down Test Network", e); + } + } + + if (tunFd != null) { + try { + tunFd.close(); + } catch (Exception e) { + Log.e(TAG, "Failed to close Test Network FD", e); + } + } } @Override @@ -321,11 +296,9 @@ public class TestNetworkWrapper implements AutoCloseable { @Override public void onNetworkUnwanted() { - // Not guaranteed to be called from the same thread, so synchronize on this. The shell - // is needed for teardown because unregistering the VcnPolicyListener requires - // permission MANAGE_TEST_NETWORKS. + // Not guaranteed to be called from the same thread, so synchronize on this. synchronized (this) { - runWithShellPermissionIdentity(() -> teardown()); + teardown(); } } @@ -353,24 +326,19 @@ public class TestNetworkWrapper implements AutoCloseable { private class TestVcnNetworkPolicyChangeListener implements VcnNetworkPolicyChangeListener { @Override public void onPolicyChanged() { - runWithShellPermissionIdentity( - () -> { - synchronized (TestNetworkAgent.this) { - final VcnNetworkPolicyResult policy = - mVcnManager.applyVcnNetworkPolicy( - mTestNetworkAgent.getNetworkCapabilities(), - mTestNetworkAgent.getLinkProperties()); - if (policy.isTeardownRequested()) { - Log.w( - POLICY_LISTENER_TAG, - "network teardown requested on policy change"); - teardown(); - return; - } - - updateNetworkCapabilities(policy.getNetworkCapabilities()); - } - }); + synchronized (TestNetworkAgent.this) { + final VcnNetworkPolicyResult policy = + mVcnManager.applyVcnNetworkPolicy( + mTestNetworkAgent.getNetworkCapabilities(), + mTestNetworkAgent.getLinkProperties()); + if (policy.isTeardownRequested()) { + Log.w(POLICY_LISTENER_TAG, "network teardown requested on policy change"); + teardown(); + return; + } + + updateNetworkCapabilities(policy.getNetworkCapabilities()); + } } } } diff --git a/tests/tests/vcn/src/android/net/vcn/cts/VcnManagerTest.java b/tests/tests/vcn/src/android/net/vcn/cts/VcnManagerTest.java index 9bf818ddab3..7fec0011b09 100644 --- a/tests/tests/vcn/src/android/net/vcn/cts/VcnManagerTest.java +++ b/tests/tests/vcn/src/android/net/vcn/cts/VcnManagerTest.java @@ -23,6 +23,8 @@ import static android.net.NetworkCapabilities.NET_CAPABILITY_VALIDATED; import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR; import static android.telephony.SubscriptionManager.INVALID_SUBSCRIPTION_ID; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; + import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity; import static org.junit.Assert.assertEquals; @@ -96,12 +98,19 @@ public class VcnManagerTest extends VcnTestBase { @Before public void setUp() throws Exception { assumeTrue(mContext.getPackageManager().hasSystemFeature(FEATURE_TELEPHONY)); + + getInstrumentation().getUiAutomation().adoptShellPermissionIdentity(); } @After public void tearDown() throws Exception { - if (mTestNetworkWrapper != null) { - mTestNetworkWrapper.close(); + try { + if (mTestNetworkWrapper != null) { + mTestNetworkWrapper.close(); + mTestNetworkWrapper = null; + } + } finally { + getInstrumentation().getUiAutomation().dropShellPermissionIdentity(); } } @@ -172,6 +181,9 @@ public class VcnManagerTest extends VcnTestBase { @Test(expected = SecurityException.class) public void testAddVcnNetworkPolicyChangeListener_noNetworkFactoryPermission() throws Exception { + // Drop shell permission identity to test unpermissioned behavior. + getInstrumentation().getUiAutomation().dropShellPermissionIdentity(); + final TestVcnNetworkPolicyChangeListener listener = new TestVcnNetworkPolicyChangeListener(); @@ -192,6 +204,9 @@ public class VcnManagerTest extends VcnTestBase { @Test(expected = SecurityException.class) public void testApplyVcnNetworkPolicy_noNetworkFactoryPermission() throws Exception { + // Drop shell permission identity to test unpermissioned behavior. + getInstrumentation().getUiAutomation().dropShellPermissionIdentity(); + final NetworkCapabilities nc = new NetworkCapabilities.Builder().build(); final LinkProperties lp = new LinkProperties(); @@ -334,7 +349,7 @@ public class VcnManagerTest extends VcnTestBase { true /* expectNotVcnManaged */, false /* expectNotMetered */); - CarrierPrivilegeUtils.withCarrierPrivileges(mContext, subId, () -> { + CarrierPrivilegeUtils.withCarrierPrivilegesForShell(mContext, subId, () -> { SubscriptionGroupUtils.withEphemeralSubscriptionGroup(mContext, subId, (subGrp) -> { mVcnManager.setVcnConfig(subGrp, buildVcnConfig()); |