Merge "Cleanup existing firewall rule on myUid before the test" into main

18520551 · Motomu Utsumi · Gerrit Code Review · 8cfccc9d · 4d8c70c0 · 18520551
Commit 18520551 authored 1 year ago by Motomu Utsumi Committed by Gerrit Code Review 1 year ago
--- a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
@@ -47,6 +47,7 @@ import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
 import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
 import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
 import static android.net.ConnectivityManager.FIREWALL_RULE_ALLOW;
+import static android.net.ConnectivityManager.FIREWALL_RULE_DEFAULT;
 import static android.net.ConnectivityManager.FIREWALL_RULE_DENY;
 import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE;
 import static android.net.ConnectivityManager.TYPE_BLUETOOTH;
@@ -3591,6 +3592,15 @@ public class ConnectivityManagerTest {
        }
    }
+    private void setUidFirewallRule(final int chain, final int uid, final int rule) {
+        try {
+            mCm.setUidFirewallRule(chain, uid, rule);
+        } catch (IllegalStateException ignored) {
+            // Removing match causes an exception when the rule entry for the uid does
+            // not exist. But this is fine and can be ignored.
+        }
+    }
    private static final boolean EXPECT_OPEN = false;
    private static final boolean EXPECT_CLOSE = true;
@@ -3599,6 +3609,8 @@ public class ConnectivityManagerTest {
        runWithShellPermissionIdentity(() -> {
            // Firewall chain status will be restored after the test.
            final boolean wasChainEnabled = mCm.getFirewallChainEnabled(chain);
+            final int myUid = Process.myUid();
+            final int previousMyUidFirewallRule = mCm.getUidFirewallRule(chain, myUid);
            final int previousUidFirewallRule = mCm.getUidFirewallRule(chain, targetUid);
            final Socket socket = new Socket(TEST_HOST, HTTP_PORT);
            socket.setSoTimeout(NETWORK_REQUEST_TIMEOUT_MS);
@@ -3606,12 +3618,12 @@ public class ConnectivityManagerTest {
                mCm.setFirewallChainEnabled(chain, false /* enable */);
                assertSocketOpen(socket);
-                try {
+                setUidFirewallRule(chain, targetUid, rule);
-                    mCm.setUidFirewallRule(chain, targetUid, rule);
+                if (targetUid != myUid) {
-                } catch (IllegalStateException ignored) {
+                    // If this test does not set rule on myUid, remove existing rule on myUid
-                    // Removing match causes an exception when the rule entry for the uid does
+                    setUidFirewallRule(chain, myUid, FIREWALL_RULE_DEFAULT);
-                    // not exist. But this is fine and can be ignored.
                }
                mCm.setFirewallChainEnabled(chain, true /* enable */);
                if (expectClose) {
@@ -3624,11 +3636,9 @@ public class ConnectivityManagerTest {
                    mCm.setFirewallChainEnabled(chain, wasChainEnabled);
                }, /* cleanup */ () -> {
                    // Restore the uid firewall rule status
-                    try {
+                    setUidFirewallRule(chain, targetUid, previousUidFirewallRule);
-                        mCm.setUidFirewallRule(chain, targetUid, previousUidFirewallRule);
+                    if (targetUid != myUid) {
-                    } catch (IllegalStateException ignored) {
+                        setUidFirewallRule(chain, myUid, previousMyUidFirewallRule);
-                        // Removing match causes an exception when the rule entry for the uid does
-                        // not exist. But this is fine and can be ignored.
                    }
                }, /* cleanup */ () -> {
                    socket.close();