diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java index ef9a206b69..1fbbd25bf5 100644 --- a/framework/src/android/net/ConnectivityManager.java +++ b/framework/src/android/net/ConnectivityManager.java @@ -984,7 +984,16 @@ public class ConnectivityManager { /** * Firewall chain used for OEM-specific application restrictions. - * Denylist of apps that will not have network access due to OEM-specific restrictions. + * + * Denylist of apps that will not have network access due to OEM-specific restrictions. If an + * app UID is placed on this chain, and the chain is enabled, the app's packets will be dropped. + * + * All the {@code FIREWALL_CHAIN_OEM_DENY_x} chains are equivalent, and each one is + * independent of the others. The chains can be enabled and disabled independently, and apps can + * be added and removed from each chain independently. + * + * @see #FIREWALL_CHAIN_OEM_DENY_2 + * @see #FIREWALL_CHAIN_OEM_DENY_3 * @hide */ @SystemApi(client = MODULE_LIBRARIES) @@ -992,7 +1001,16 @@ public class ConnectivityManager { /** * Firewall chain used for OEM-specific application restrictions. - * Denylist of apps that will not have network access due to OEM-specific restrictions. + * + * Denylist of apps that will not have network access due to OEM-specific restrictions. If an + * app UID is placed on this chain, and the chain is enabled, the app's packets will be dropped. + * + * All the {@code FIREWALL_CHAIN_OEM_DENY_x} chains are equivalent, and each one is + * independent of the others. The chains can be enabled and disabled independently, and apps can + * be added and removed from each chain independently. + * + * @see #FIREWALL_CHAIN_OEM_DENY_1 + * @see #FIREWALL_CHAIN_OEM_DENY_3 * @hide */ @SystemApi(client = MODULE_LIBRARIES) @@ -1000,7 +1018,16 @@ public class ConnectivityManager { /** * Firewall chain used for OEM-specific application restrictions. - * Denylist of apps that will not have network access due to OEM-specific restrictions. + * + * Denylist of apps that will not have network access due to OEM-specific restrictions. If an + * app UID is placed on this chain, and the chain is enabled, the app's packets will be dropped. + * + * All the {@code FIREWALL_CHAIN_OEM_DENY_x} chains are equivalent, and each one is + * independent of the others. The chains can be enabled and disabled independently, and apps can + * be added and removed from each chain independently. + * + * @see #FIREWALL_CHAIN_OEM_DENY_1 + * @see #FIREWALL_CHAIN_OEM_DENY_2 * @hide */ @SystemApi(client = MODULE_LIBRARIES) diff --git a/tests/integration/util/com/android/server/NetworkAgentWrapper.java b/tests/integration/util/com/android/server/NetworkAgentWrapper.java index 2763f5a789..97688d5613 100644 --- a/tests/integration/util/com/android/server/NetworkAgentWrapper.java +++ b/tests/integration/util/com/android/server/NetworkAgentWrapper.java @@ -61,6 +61,7 @@ import java.util.List; import java.util.Objects; import java.util.Set; import java.util.concurrent.atomic.AtomicBoolean; +import java.util.function.Consumer; public class NetworkAgentWrapper implements TestableNetworkCallback.HasNetwork { private final NetworkCapabilities mNetworkCapabilities; @@ -83,14 +84,35 @@ public class NetworkAgentWrapper implements TestableNetworkCallback.HasNetwork { private final ArrayTrackRecord.ReadHead mCallbackHistory = new ArrayTrackRecord().newReadHead(); + public static class Callbacks { + public final Consumer onNetworkCreated; + public final Consumer onNetworkUnwanted; + public final Consumer onNetworkDestroyed; + + public Callbacks() { + this(null, null, null); + } + + public Callbacks(Consumer onNetworkCreated, + Consumer onNetworkUnwanted, + Consumer onNetworkDestroyed) { + this.onNetworkCreated = onNetworkCreated; + this.onNetworkUnwanted = onNetworkUnwanted; + this.onNetworkDestroyed = onNetworkDestroyed; + } + } + + private final Callbacks mCallbacks; + public NetworkAgentWrapper(int transport, LinkProperties linkProperties, NetworkCapabilities ncTemplate, Context context) throws Exception { - this(transport, linkProperties, ncTemplate, null /* provider */, context); + this(transport, linkProperties, ncTemplate, null /* provider */, + null /* callbacks */, context); } public NetworkAgentWrapper(int transport, LinkProperties linkProperties, NetworkCapabilities ncTemplate, NetworkProvider provider, - Context context) throws Exception { + Callbacks callbacks, Context context) throws Exception { final int type = transportToLegacyType(transport); final String typeName = ConnectivityManager.getNetworkTypeName(type); mNetworkCapabilities = (ncTemplate != null) ? ncTemplate : new NetworkCapabilities(); @@ -135,6 +157,7 @@ public class NetworkAgentWrapper implements TestableNetworkCallback.HasNetwork { .setLegacyTypeName(typeName) .setLegacyExtraInfo(extraInfo) .build(); + mCallbacks = (callbacks != null) ? callbacks : new Callbacks(); mNetworkAgent = makeNetworkAgent(linkProperties, mNetworkAgentConfig, provider); } @@ -214,6 +237,31 @@ public class NetworkAgentWrapper implements TestableNetworkCallback.HasNetwork { protected void removeKeepalivePacketFilter(Message msg) { Log.i(mWrapper.mLogTag, "Remove keepalive packet filter."); } + + @Override + public void onNetworkCreated() { + super.onNetworkCreated(); + if (mWrapper.mCallbacks.onNetworkCreated != null) { + mWrapper.mCallbacks.onNetworkCreated.accept(this); + } + } + + @Override + public void onNetworkUnwanted() { + super.onNetworkUnwanted(); + if (mWrapper.mCallbacks.onNetworkUnwanted != null) { + mWrapper.mCallbacks.onNetworkUnwanted.accept(this); + } + } + + @Override + public void onNetworkDestroyed() { + super.onNetworkDestroyed(); + if (mWrapper.mCallbacks.onNetworkDestroyed != null) { + mWrapper.mCallbacks.onNetworkDestroyed.accept(this); + } + } + } public void setScore(@NonNull final NetworkScore score) { diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java index ce9214d761..e9cbb3cf04 100644 --- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java +++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java @@ -430,6 +430,7 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicReference; +import java.util.function.Consumer; import java.util.function.Predicate; import java.util.function.Supplier; import java.util.regex.Matcher; @@ -926,9 +927,6 @@ public class ConnectivityServiceTest { private int mProbesSucceeded; private String mNmValidationRedirectUrl = null; private boolean mNmProvNotificationRequested = false; - private Runnable mCreatedCallback; - private Runnable mUnwantedCallback; - private Runnable mDisconnectedCallback; private final ConditionVariable mNetworkStatusReceived = new ConditionVariable(); // Contains the redirectUrl from networkStatus(). Before reading, wait for @@ -936,22 +934,34 @@ public class ConnectivityServiceTest { private String mRedirectUrl; TestNetworkAgentWrapper(int transport) throws Exception { - this(transport, new LinkProperties(), null /* ncTemplate */, null /* provider */); + this(transport, new LinkProperties(), null /* ncTemplate */, null /* provider */, null); } TestNetworkAgentWrapper(int transport, LinkProperties linkProperties) throws Exception { - this(transport, linkProperties, null /* ncTemplate */, null /* provider */); + this(transport, linkProperties, null /* ncTemplate */, null /* provider */, null); } private TestNetworkAgentWrapper(int transport, LinkProperties linkProperties, NetworkCapabilities ncTemplate) throws Exception { - this(transport, linkProperties, ncTemplate, null /* provider */); + this(transport, linkProperties, ncTemplate, null /* provider */, null); } private TestNetworkAgentWrapper(int transport, LinkProperties linkProperties, NetworkCapabilities ncTemplate, NetworkProvider provider) throws Exception { - super(transport, linkProperties, ncTemplate, provider, mServiceContext); + this(transport, linkProperties, ncTemplate, provider /* provider */, null); + } + + private TestNetworkAgentWrapper(int transport, NetworkAgentWrapper.Callbacks callbacks) + throws Exception { + this(transport, new LinkProperties(), null /* ncTemplate */, null /* provider */, + callbacks); + } + + private TestNetworkAgentWrapper(int transport, LinkProperties linkProperties, + NetworkCapabilities ncTemplate, NetworkProvider provider, + NetworkAgentWrapper.Callbacks callbacks) throws Exception { + super(transport, linkProperties, ncTemplate, provider, callbacks, mServiceContext); // Waits for the NetworkAgent to be registered, which includes the creation of the // NetworkMonitor. @@ -972,23 +982,6 @@ public class ConnectivityServiceTest { mNetworkStatusReceived.open(); } - @Override - public void onNetworkCreated() { - super.onNetworkCreated(); - if (mCreatedCallback != null) mCreatedCallback.run(); - } - - @Override - public void onNetworkUnwanted() { - super.onNetworkUnwanted(); - if (mUnwantedCallback != null) mUnwantedCallback.run(); - } - - @Override - public void onNetworkDestroyed() { - super.onNetworkDestroyed(); - if (mDisconnectedCallback != null) mDisconnectedCallback.run(); - } } @Override @@ -1218,18 +1211,6 @@ public class ConnectivityServiceTest { p.timestampMillis = DATA_STALL_TIMESTAMP; mNmCallbacks.notifyDataStallSuspected(p); } - - public void setCreatedCallback(Runnable r) { - mCreatedCallback = r; - } - - public void setUnwantedCallback(Runnable r) { - mUnwantedCallback = r; - } - - public void setDisconnectedCallback(Runnable r) { - mDisconnectedCallback = r; - } } /** @@ -3570,37 +3551,35 @@ public class ConnectivityServiceTest { final NetworkRequest request = new NetworkRequest.Builder() .addTransportType(TRANSPORT_WIFI).build(); final TestNetworkCallback callback = new TestNetworkCallback(); - final AtomicReference wifiNetwork = new AtomicReference<>(); - mWiFiNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_WIFI); // Expectations for state when various callbacks fire. These expectations run on the handler // thread and not on the test thread because they need to prevent the handler thread from // advancing while they examine state. // 1. When onCreated fires, netd has been told to create the network. - mWiFiNetworkAgent.setCreatedCallback(() -> { + final Consumer onNetworkCreated = (agent) -> { eventOrder.offer("onNetworkCreated"); - wifiNetwork.set(mWiFiNetworkAgent.getNetwork()); - assertNotNull(wifiNetwork.get()); try { verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical( - wifiNetwork.get().getNetId(), INetd.PERMISSION_NONE)); + agent.getNetwork().getNetId(), INetd.PERMISSION_NONE)); } catch (RemoteException impossible) { fail(); } - }); + }; // 2. onNetworkUnwanted isn't precisely ordered with respect to any particular events. Just // check that it is fired at some point after disconnect. - mWiFiNetworkAgent.setUnwantedCallback(() -> eventOrder.offer("onNetworkUnwanted")); + final Consumer onNetworkUnwanted = (agent) -> { + eventOrder.offer("onNetworkUnwanted"); + }; // 3. While the teardown timer is running, connectivity APIs report the network is gone, but // netd has not yet been told to destroy it. - final Runnable duringTeardown = () -> { + final Consumer duringTeardown = (network) -> { eventOrder.offer("timePasses"); - assertNull(mCm.getLinkProperties(wifiNetwork.get())); + assertNull(mCm.getLinkProperties(network)); try { - verify(mMockNetd, never()).networkDestroy(wifiNetwork.get().getNetId()); + verify(mMockNetd, never()).networkDestroy(network.getNetId()); } catch (RemoteException impossible) { fail(); } @@ -3608,15 +3587,20 @@ public class ConnectivityServiceTest { // 4. After onNetworkDisconnected is called, connectivity APIs report the network is gone, // and netd has been told to destroy it. - mWiFiNetworkAgent.setDisconnectedCallback(() -> { + final Consumer onNetworkDisconnected = (agent) -> { eventOrder.offer("onNetworkDisconnected"); - assertNull(mCm.getLinkProperties(wifiNetwork.get())); + assertNull(mCm.getLinkProperties(agent.getNetwork())); try { - verify(mMockNetd).networkDestroy(wifiNetwork.get().getNetId()); + verify(mMockNetd).networkDestroy(agent.getNetwork().getNetId()); } catch (RemoteException impossible) { fail(); } - }); + }; + + final NetworkAgentWrapper.Callbacks callbacks = new NetworkAgentWrapper.Callbacks( + onNetworkCreated, onNetworkUnwanted, onNetworkDisconnected); + + mWiFiNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_WIFI, callbacks); // Connect a network, and file a request for it after it has come up, to ensure the nascent // timer is cleared and the test does not have to wait for it. Filing the request after the @@ -3638,7 +3622,7 @@ public class ConnectivityServiceTest { // down the network and started the teardown timer, and short enough that the lambda is // scheduled to run before the teardown timer. final Handler h = new Handler(mCsHandlerThread.getLooper()); - h.postDelayed(duringTeardown, 150); + h.postDelayed(() -> duringTeardown.accept(mWiFiNetworkAgent.getNetwork()), 150); // Disconnect the network and check that events happened in the right order. mCm.unregisterNetworkCallback(callback);