From dfd08cab51983cc2e580ee81a54afa7bb0159427 Mon Sep 17 00:00:00 2001 From: Treehugger Robot Date: Tue, 9 Jun 2020 20:22:44 +0000 Subject: [PATCH 1/3] Fix tests that failed on devices without IPsec tunnel feature Three tests failed when they try to set up IKE Session with a tunnel mode Child SA and the device does not have ipsec tunnel feature. This commit changed these tests to set up IKE Session with a transport mode SA because 1) the logic these tests are verifying is unrelated to the Child SA type and 2) using transport mode make sure these tests run on all the devices. Bug: 158268209 Test: CtsIkeTestCases, verified on taimen Change-Id: I9a8c7f631f0e6e02492816e3fbf0d751017dc2b3 Merged-In: I9a8c7f631f0e6e02492816e3fbf0d751017dc2b3 (cherry picked from commit 0224324097f36106dfb7eccad3325024403e0381) --- .../net/ipsec/ike/cts/IkeSessionPskTest.java | 62 +++++++++++-------- .../net/ipsec/ike/cts/IkeSessionTestBase.java | 7 +++ 2 files changed, 43 insertions(+), 26 deletions(-) diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java index 0509fc0c92..13f953a50d 100644 --- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java +++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionPskTest.java @@ -18,13 +18,14 @@ package android.net.ipsec.ike.cts; import static android.app.AppOpsManager.OP_MANAGE_IPSEC_TUNNELS; import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_AUTHENTICATION_FAILED; -import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_INTERNAL_ADDRESS_FAILURE; import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_NO_PROPOSAL_CHOSEN; +import static android.net.ipsec.ike.exceptions.IkeProtocolException.ERROR_TYPE_TS_UNACCEPTABLE; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import android.net.LinkAddress; +import android.net.ipsec.ike.ChildSessionParams; import android.net.ipsec.ike.IkeFqdnIdentification; import android.net.ipsec.ike.IkeSession; import android.net.ipsec.ike.IkeSessionParams; @@ -84,7 +85,15 @@ public class IkeSessionPskTest extends IkeSessionTestBase { + "9352D71100777B00ABCC6BD7DBEA697827FFAAA48DF9A54D1D68161939F5DC8" + "6743A7CEB2BE34AC00095A5B8"; - private IkeSession openIkeSessionWithRemoteAddress(InetAddress remoteAddress) { + private IkeSession openIkeSessionWithTunnelModeChild(InetAddress remoteAddress) { + return openIkeSession(remoteAddress, buildTunnelModeChildSessionParams()); + } + + private IkeSession openIkeSessionWithTransportModeChild(InetAddress remoteAddress) { + return openIkeSession(remoteAddress, buildTransportModeChildParamsWithDefaultTs()); + } + + private IkeSession openIkeSession(InetAddress remoteAddress, ChildSessionParams childParams) { IkeSessionParams ikeParams = new IkeSessionParams.Builder(sContext) .setNetwork(mTunNetwork) @@ -98,7 +107,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { return new IkeSession( sContext, ikeParams, - buildTunnelModeChildSessionParams(), + childParams, mUserCbExecutor, mIkeSessionCallback, mFirstChildSessionCallback); @@ -124,7 +133,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { if (!hasTunnelsFeature()) return; // Open IKE Session - IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress); + IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress); performSetupIkeAndFirstChildBlocking(SUCCESS_IKE_INIT_RESP, SUCCESS_IKE_AUTH_RESP); // IKE INIT and IKE AUTH takes two exchanges. Message ID starts from 2 @@ -222,7 +231,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { setUpTestNetwork(mLocalAddress); // Open IKE Session - IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress); + IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress); performSetupIkeAndFirstChildBlocking( ikeInitResp, 1 /* expectedAuthReqPktCnt */, @@ -258,7 +267,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { if (!hasTunnelsFeature()) return; // Open IKE Session - IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress); + IkeSession ikeSession = openIkeSessionWithTunnelModeChild(mRemoteAddress); performSetupIkeAndFirstChildBlocking(SUCCESS_IKE_INIT_RESP, SUCCESS_IKE_AUTH_RESP); ikeSession.kill(); @@ -272,7 +281,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { "46B8ECA1E0D72A180000000000000000292022200000000000000024000000080000000E"; // Open IKE Session - IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress); + IkeSession ikeSession = openIkeSessionWithTransportModeChild(mRemoteAddress); int expectedMsgId = 0; mTunUtils.awaitReqAndInjectResp( IKE_DETERMINISTIC_INITIATOR_SPI, @@ -309,7 +318,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { + "AB6E4808BAC0CA1DAD6ADD0A126A41BD"; // Open IKE Session - IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress); + IkeSession ikeSession = openIkeSessionWithTransportModeChild(mRemoteAddress); performSetupIkeAndFirstChildBlocking(ikeInitRespHex, ikeAuthFailRespHex); mFirstChildSessionCallback.awaitOnClosed(); @@ -322,27 +331,28 @@ public class IkeSessionPskTest extends IkeSessionTestBase { @Test public void testIkeAuthHandlesFirstChildCreationFail() throws Exception { final String ikeInitRespHex = - "46B8ECA1E0D72A182B300285DA19E6452120222000000000000001502200" - + "00300000002C010100040300000C0100000C800E01000300000803000005" - + "0300000802000004000000080400000228000088000200005C9DE629981F" - + "DB1FC45DB6CCF15D076C1F51BD9F63C771DC089F05CCDE6247965D15C616" - + "C7B5A62342491715E4D1FEA19326477D24143E8E56AB6AD93F54B19BC32A" - + "44BC0A5B5632E57D0A3C43E466E1547D8E4EF65EA4B864A348161666E229" - + "84975A486251A17C4F096A6D5CF3DB83874B70324A31AA7ADDE2D73BADD8" - + "238029000024CF06260F7C4923295E7C91F2B8479212892DA7A519A0322F" - + "F5B2BF570B92972B2900001C00004004C7ACC2C7D58CF8C9F5E953993AF4" - + "6CAC976635B42900001C00004005B64B190DFE7BDE8B9B1475EDE67B63D6" - + "F1DBBF44290000080000402E290000100000402F00020003000400050000" + "46B8ECA1E0D72A18F5ABBF896A1240BE2120222000000000000001502200" + + "00300000002C010100040300000C0100000C800E0100030000080300000C" + + "03000008020000050000000804000002280000880002000074950F016B85" + + "605E57E24651843AB70E41B552EDEE227DFE51E6CBEC00E75FFEFC7D5453" + + "109B15F721FCD811FC9F113BE06050882F2FC5F5FF25857E555CCFB5AB64" + + "8B0D1D7A819A3B05DE1FE89A4A627C60D5AA06CD0F66ACD3748722F9CD4F" + + "F30AE7477CBC12049821F07AD6C9F0ED732321A6A36FA817722E025AC34B" + + "ABE62900002432E3807F595070E95EDA341A787599B24B1151B535B0222B" + + "65C003401B9B38F82900001C000040043BB760DB3037B51768DFFAB4B21D" + + "B1716EA1C1382900001C0000400531098EB04DF1BE3F304606BD59B454A8" + + "CC7E7311290000080000402E290000100000402F00020003000400050000" + "000800004014"; final String ikeAuthCreateChildFailHex = - "46B8ECA1E0D72A182B300285DA19E6452E202320000000010000008C2400" - + "0070386FC9CCC67495A17915D0544390A2963A769F4A42C6FA668CEEC07F" - + "EC0C87D681DE34267023DD394F1401B5A563E71002C0CE0928D0ABC0C4570" - + "E39C2EDEF820F870AB71BD70A3F3EB5C96CA294B6D3F01677690DCF9F8CFC" - + "9584650957573502BA83E32F18207A9ADEB1FA"; + "46B8ECA1E0D72A18F5ABBF896A1240BE2E20232000000001000000B02400" + + "009400B0861242E0C88ECB3848D772B560CAD65B6AC9DFFDC8622A394B8E" + + "64E550BDD69FCD7E768129787ED9062992C1D6DB0F0631C2E05765B403CF" + + "EF1D0A055B32F6698FF7DB5B8FB1B6A83A81634D00E22C86E35B3BFBEC73" + + "EAC6806678926945BC7A57003DC1A3528A1EC423EE56C1075B36C0B57A6B" + + "C6DD990182F6FABFFA167D199C7D629E5B830AAD2AFBD31CEBA6"; // Open IKE Session - IkeSession ikeSession = openIkeSessionWithRemoteAddress(mRemoteAddress); + IkeSession ikeSession = openIkeSessionWithTransportModeChild(mRemoteAddress); performSetupIkeAndFirstChildBlocking(ikeInitRespHex, ikeAuthCreateChildFailHex); // Even though the child creation failed, the authentication succeeded, so the IKE Session's @@ -352,7 +362,7 @@ public class IkeSessionPskTest extends IkeSessionTestBase { // Verify Child Creation failed IkeProtocolException protocolException = (IkeProtocolException) mFirstChildSessionCallback.awaitOnClosedException(); - assertEquals(ERROR_TYPE_INTERNAL_ADDRESS_FAILURE, protocolException.getErrorType()); + assertEquals(ERROR_TYPE_TS_UNACCEPTABLE, protocolException.getErrorType()); assertArrayEquals(EXPECTED_PROTOCOL_ERROR_DATA_NONE, protocolException.getErrorData()); ikeSession.kill(); diff --git a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java index 2458b25e33..a81063b30a 100644 --- a/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java +++ b/tests/cts/net/ipsec/src/android/net/ipsec/ike/cts/IkeSessionTestBase.java @@ -276,6 +276,13 @@ abstract class IkeSessionTestBase extends IkeTestBase { .build(); } + TransportModeChildSessionParams buildTransportModeChildParamsWithDefaultTs() { + return new TransportModeChildSessionParams.Builder() + .addSaProposal(SaProposalTest.buildChildSaProposalWithCombinedModeCipher()) + .addSaProposal(SaProposalTest.buildChildSaProposalWithNormalModeCipher()) + .build(); + } + TunnelModeChildSessionParams buildTunnelModeChildSessionParams() { return new TunnelModeChildSessionParams.Builder() .addSaProposal(SaProposalTest.buildChildSaProposalWithNormalModeCipher()) From 53430127ecc8d004645c4f1ee405f1a01a9e00e2 Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Sat, 13 Jun 2020 00:47:44 +0900 Subject: [PATCH 2/3] Bump CtsNetTestCasesLatestSdk to target SDK 30. This is not necessary for the tests to be able to use APIs introduced in R because they can already access hidden APIs. But it is important to ensure that they are subject to whatever new system behaviour is applied to SDK 30 apps. Fix: 158839774 Test: treehugger Test: atest CtsNetTestCasesLatestSdk has no new failures Change-Id: Ic86fe84b28b5becc722903650f00e9ca7d6e5f3f --- tests/cts/net/Android.bp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/cts/net/Android.bp b/tests/cts/net/Android.bp index 052ab263d2..2b99a40202 100644 --- a/tests/cts/net/Android.bp +++ b/tests/cts/net/Android.bp @@ -72,15 +72,15 @@ android_test { test_config_template: "AndroidTestTemplate.xml", } -// Networking CTS tests that have a min_sdk_version of the latest released SDK. These tests can -// be installed on release devices at any point in the release cycle and are useful for qualifying -// mainline modules on release devices. +// Networking CTS tests that target the latest released SDK. These tests can be installed on release +// devices at any point in the Android release cycle and are useful for qualifying mainline modules +// on release devices. android_test { name: "CtsNetTestCasesLatestSdk", defaults: ["CtsNetTestCasesDefaults"], jni_uses_sdk_apis: true, min_sdk_version: "29", - target_sdk_version: "29", + target_sdk_version: "30", test_suites: [ "device-tests", "mts", From 3abe36567c8afd63f116e7fe736584d80cb63165 Mon Sep 17 00:00:00 2001 From: Treehugger Robot Date: Mon, 15 Jun 2020 10:18:21 +0000 Subject: [PATCH 3/3] Fix CtsTetheringTest on devices without permanent softAp interfaces. Normally stop wifi tethering flow would be: Tethering#stopTethering -> WifiManager#stopSoftAp -> softAp disabled, then have WIIF_AP_STATE_CHANGED intent -> stop IpServer and broadcast TETHER_STATE_CHANGED intent. SoftAp is disabled before tethering stop. Because tethering would shutdown the corresponding IpServer if it observed the interface is removed. For those devices that softAp interface would be removed when stop tethering, the flow may be Tethering#stopTethering -> WifiManager#stopSoftAp -> softAp disabing, softAp interface is removed -> tethering trigger stop IpServer and broadcast TETHER_STATE_CHANGED intent -> -> softAp disabled, then wifi broadcast WIIF_AP_STATE_CHANGED intent. In this case, tethering is stopped ready before softap is disabled. For this case, CtsTeteringTest would have race between two test cases. If two case need to start wifi tethering for testing and stop wifi tethering after finish testing. The second test may suffer from startTethering fail problem due to softAP is not disabled yet. E WifiService: Tethering is already active. Bug: 157806780 Test: atest CtsTetheringTest Original-Change: https://android-review.googlesource.com/1331096 Merged-In: I0ba6bc9dcbf7829dcad5561c707d5f5c5540f10b Change-Id: I0ba6bc9dcbf7829dcad5561c707d5f5c5540f10b --- .../tethering/cts/TetheringManagerTest.java | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java index f7160dd502..5e2f62787c 100644 --- a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java +++ b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java @@ -57,8 +57,11 @@ import android.net.TetheringManager.TetheringInterfaceRegexps; import android.net.TetheringManager.TetheringRequest; import android.net.cts.util.CtsNetUtils; import android.net.cts.util.CtsNetUtils.TestNetworkCallback; +import android.net.wifi.WifiClient; import android.net.wifi.WifiManager; +import android.net.wifi.WifiManager.SoftApCallback; import android.os.Bundle; +import android.os.ConditionVariable; import android.os.PersistableBundle; import android.os.ResultReceiver; import android.telephony.CarrierConfigManager; @@ -135,6 +138,40 @@ public class TetheringManagerTest { dropShellPermissionIdentity(); } + private static class StopSoftApCallback implements SoftApCallback { + private final ConditionVariable mWaiting = new ConditionVariable(); + @Override + public void onStateChanged(int state, int failureReason) { + if (state == WifiManager.WIFI_AP_STATE_DISABLED) mWaiting.open(); + } + + @Override + public void onConnectedClientsChanged(List clients) { } + + public void waitForSoftApStopped() { + if (!mWaiting.block(DEFAULT_TIMEOUT_MS)) { + fail("stopSoftAp Timeout"); + } + } + } + + // Wait for softAp to be disabled. This is necessary on devices where stopping softAp + // deletes the interface. On these devices, tethering immediately stops when the softAp + // interface is removed, but softAp is not yet fully disabled. Wait for softAp to be + // fully disabled, because otherwise the next test might fail because it attempts to + // start softAp before it's fully stopped. + private void expectSoftApDisabled() { + final StopSoftApCallback callback = new StopSoftApCallback(); + try { + mWm.registerSoftApCallback(c -> c.run(), callback); + // registerSoftApCallback will immediately call the callback with the current state, so + // this callback will fire even if softAp is already disabled. + callback.waitForSoftApStopped(); + } finally { + mWm.unregisterSoftApCallback(callback); + } + } + private class TetherChangeReceiver extends BroadcastReceiver { private class TetherState { final ArrayList mAvailable; @@ -294,6 +331,7 @@ public class TetheringManagerTest { mTetherChangeReceiver.expectTethering(true /* active */, wifiRegexs); mTM.stopTethering(TETHERING_WIFI); + expectSoftApDisabled(); mTetherChangeReceiver.expectTethering(false /* active */, wifiRegexs); } @@ -544,6 +582,7 @@ public class TetheringManagerTest { private void stopWifiTethering(final TestTetheringEventCallback callback) { mTM.stopTethering(TETHERING_WIFI); + expectSoftApDisabled(); callback.expectTetheredInterfacesChanged(null); callback.expectOneOfOffloadStatusChanged(TETHER_HARDWARE_OFFLOAD_STOPPED); }