From ee20a09bdbed8d0102962d8bb0677c739a82c501 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= <maze@google.com>
Date: Tue, 3 Oct 2023 23:29:05 +0000
Subject: [PATCH] cts: fix android.net.cts.VpnServiceTest#testProtect_int flake
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is written based on observation that
testStartVpnProfileNoPreviousConsent()
appears to result in the right things happening when running
adb logcat | egrep --color -i 'Switched from |protect'
ie. it results in:
I netd   : networkSetProtectDeny(<ctsappuid>) <0.01ms>
I Vpn   : Switched from android.net.cts to [Legacy VPN]
I netd   : networkSetProtectAllow(1000) <0.00ms>
Which disallows the CTS uid, and allows AID_SYSTEM.
That in turn appears to be the 'default' state of things.
So this basically copies that logic into tearDown()
Test: atest android.net.cts.{Ikev2VpnTest,VpnServiceTest} --iterations 2
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic9cca56097d78ae48157e808081de2ebb76635e8
---
tests/cts/net/src/android/net/cts/Ikev2VpnTest.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java b/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java
index a3a65b6400..6b7954af30 100644
--- a/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java
+++ b/tests/cts/net/src/android/net/cts/Ikev2VpnTest.java
@@ -216,6 +216,15 @@ public class Ikev2VpnTest {
}
setAppop(AppOpsManager.OP_ACTIVATE_VPN, false);
setAppop(AppOpsManager.OP_ACTIVATE_PLATFORM_VPN, false);
+
+ // Make sure the VpnProfile is not provisioned already.
+ sVpnMgr.stopProvisionedVpnProfile();
+
+ try {
+ sVpnMgr.startProvisionedVpnProfile();
+ fail("Expected SecurityException for missing consent");
+ } catch (SecurityException expected) {
+ }
}
/**
--
GitLab