Makes two new SystemApis:
getRestrictedProfileParent()
canHaveRestrictedProfile()
Temporarily disables VPN Tests that rely on the old APIs until those
tests are updated (b/175883995).
Bug: 171529940
Test: atest FrameworksNetTests:com.android.server.connectivity.VpnTest
Test: Tests for UserManager SystemApis are TODO awaiting completion of new user test infrastructure (b/163890431)
(cherry picked from commit 20ba13f5bc482de37a569c8c791ee5be9e7874b4)
Change-Id: I28e39400039631e7d391dc7b0d003e8a38d1f06a
We currently test CONNECTIVITY_ACTION broadcasts by directly
registering BroadcastReceivers with BroadcastInterceptingContext,
and making the receivers unregister themselves when all the
broadcasts they expect have been received.
This works for current test cases, but does not work if anything
registers another receiver for CONNECTIVITY_ACTION. In that case,
when we unregister the receiver in the receiver's onReceive
method, BroadcastInterceptingContext will throw a
ConcurrentModificationException because the list of receivers is
being modified during iteration.
Fix this by adding an ExpectedBroadcast class that stores the
receiver and unregisters the receiver only when the test checks
that the broadcast was received, which happens after the receiver
runs. This is easier to use and also guarantees that the receiver
is unregistered even if the test is expecting that the broadcast
is never fired. Accordingly, remove mRegisteredReceivers and the
code that uses it; it's no longer necessary now that
ExpectedBroadcast always unregisters its receivers.
Also add a convenience expectConnectivityAction method to expect
a CONNECTIVITY_ACTION broadcast with specific contents. This
makes the test easier to read and more detailed. Convert some
existing tests to this method.
While I'm at it, fix a test that was using "mCellNetworkAgent" to
represent a wifi network.
Bug: 173331190
Test: test-only change
Change-Id: Ibada8b4215625e1016d9fd170526206920af76f5
After this CL, ConnectivityService no longer needs to grab the
VPN lock and access Vpn objects to determine connectivity state.
Also make a synchronized (mVpns) block smaller.
Bug: 173331190
Test: existing tests in ConnectivityServiceTest
Change-Id: I3297b3ab8e75bdf4902c62dd7e492c3634cfc51f
Netd currently calls maybeCloseSockets before adding/removing users for
network. The task should be moved from netd to CS. In this way, we can
handle WiFi lingering more easily in the future.
Test: atest HostsideVpnTests
Test: atest FrameworksNetTests
Change-Id: Icf8125e8552c89da367a67f48611ed193a1a343d
Currently, ConnectivityService calls the IpConnectivityMetrics
service class directly to log default network events. This is
incompatible with ConnectivityService being in a mainline module.
Replace direct access to IIpConnectivityMetrics with public
methods in IpConnectivityLog, which is @SystemApi class.
The new methods are not yet @SystemApi, but they can be made so
if desired. Alternatively, these metrics could be deleted.
Also remove the IpConectivityMetrics service from the
service-connectivity JAR, and go back to starting it from
SystemServer.java, which is what was happening a few hours ago
before aosp/1542626 was merged.
Test: builds, boots
Test: atest FrameworksNetTests
Test: "dumpsys connmetrics" shows events, including default network events
Change-Id: I9d6147d93590363a2f8f83f39f05c03d001b4851
Connectivity service is going to become a mainline module which
will not able to access hidden APIs. NetworkPolicyManagerInternal
is a internal serivce that CS can't be access after be a mainline
module. Thus, replace NPMI#isUidNetworkingBlocked() to similar
method NPMS#isUidNetworkingBlocked() and create new API
NPM#isUidNetworkingBlocked() to support CS usage.
Bug: 170598012
Test: atest FrameworksNetTests
Test: atest FrameworksCoreTests:NetworkPolicyManagerTest
Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest
Test: atest CtsNetTestCases
Test: atest CtsHostsideNetworkTests
Change-Id: Ic3427c71c395de787320f303c9513874b4d64f98
This reverts commit a37dda6024.
Reason for revert: After discussion, we prefer to add a field in NetworkCapabilities instead. Sorry for inconvenience.
Change-Id: I2e8840a797df9d1594f2b8b576bcd45beb184fca
This code is no longer used. Delete it and the tests for it.
One of the tests checks that when a restricted profile is added,
the lockdown UID rules are updated to cover that profile as well.
ConnectivityServiceTest does not currently has coverage for this,
so add it.
Bug: 173331190
Test: moved unit test from VpnTest to ConnectivityServiceTest
Change-Id: Ic350b90946870890bf031668bb5c201037b0bd15
As part of modularization of ConnectivityService and expansion of the
Tethering module scope, move service-connectivity.jar into the tethering
APEX, and load it from there.
This rolls forward the change. The original topic was reverted because
of a bad merged-in clause; this is fixed and re-verified in this topic.
Bug: 171540887
Test: m, device boots and connectivity
Change-Id: I293b09c0dc04c6ccafa30cd0f1a63efe32283604
Revert submission 1532910-connectivity_jar_in_apex
Reason for revert: Breaks boot tests: b/176969905
Reverted Changes:
Ie41a5b569:Set setCurrentProxyScriptUrl as public
Id7b6a4664:Move service-connectivity to the tethering APEX
Ia7cb83834:Add service-connectivity to tethering APEX
Change-Id: I1c369dd8a6527513f8fc1a5cacde59d78d104c7e
Switch to using IDnsResolver#registerEventListener and
INetdEventListener directly.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases
Change-Id: I72a6b4457a2c22fdbe8c9b25ea92903db3f6fc91
This was the last place in CS that fetched underlying networks
from Vpn. Therefore, delete Vpn#getUnderlyingNetworks, which is
no longer used.
Bug: 173331190
Test: new tests in ConnectivityServiceTest added in previous CL
Change-Id: Iec22ff636de0c02193576fe2e2d36b8bc7380457
Currently, when an always-on VPN is set in lockdown mode, Vpn
configures prohibit UID rules in netd directly and does not
inform ConnectivityService of the fact.
This means that ConnectivityService cannot send NetworkCallbacks
that tells apps that they are blocked or unblocked. It also means
that ConnectivityService has to take the mVpns lock and call into
Vpn to allow synchronous APIs such as getActiveNetwork to return
BLOCKED if the app is blocked.
Move all this to ConnectivityService:
- Add a setRequireVpnForUids API to ConnectivityManager, and have
that pass the routing rules to netd.
- Update VpnTest to expect calls to ConnectivityManager instead
of to netd.
- Whenever setRequireVpnForUids is called, ensure that
ConnectivityService sends onBlockedStatusChanged to the
affected callbacks.
- Update existing unit tests to check for callbacks.
- Add a way to find the VPN that applies to a given UID without
taking the VPN lock, by instead scanning all connected VPNs.
Use this as a replacement for direct access to mVpns.
For simplicity, and in order to ensure proper ordering between
the NetworkCallbacks sent for VPNs connecting and disconnecting,
process blocked UID ranges on the handler thread. This means that
when setRequireVpnForUids returns, the rule changes might not
have been applied. This shouldn't impact apps using network
connectivity, but it might mean that apps setting an always-on
package, and then immediately checking whether networking is
blocked, will see a behaviour change.
Bug: 173331190
Fix: 175670887
Test: new test coverage in ConnectivityServiceTest
Test: atest MixedDeviceOwnerTest#testAlwaysOnVpn \
MixedDeviceOwnerTest#testAlwaysOnVpnLockDown \
MixedDeviceOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedDeviceOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedDeviceOwnerTest#testAlwaysOnVpnPackageLogged \
MixedProfileOwnerTest#testAlwaysOnVpn \
MixedProfileOwnerTest#testAlwaysOnVpnLockDown \
MixedProfileOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedProfileOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedProfileOwnerTest#testAlwaysOnVpnPackageLogged \
MixedManagedProfileOwnerTest#testAlwaysOnVpn \
MixedManagedProfileOwnerTest#testAlwaysOnVpnLockDown \
MixedManagedProfileOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedManagedProfileOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedManagedProfileOwnerTest#testAlwaysOnVpnPackageLogged
Test: atest FrameworksNetTests HostsideVpnTests \
CtsNetTestCases:VpnServiceTest \
CtsNetTestCases:Ikev2VpnTest
Change-Id: Iaca8a7cc343aef52706cff62a7735f338cb1b772
In order to support ConnectivityService mainline, module should
not use hidden APIs. The logic to get mobile provision is moved
to telephony surface since it's only used by telephony.
Hence, remove the design out from Connectivity.
Bug: 175177794
Test: atest FrameworksNetTests
Change-Id: Ic3082fc1c4d7ac998f4e4cff1351e6829d500924
As part of modularization of ConnectivityService and expansion of the
Tethering module scope, move service-connectivity.jar into the tethering
APEX, and load it from there.
Bug: 171540887
Test: m, device boots and connectivity
Change-Id: Id7b6a4664ae73224b9ab219c94f56d603a62ee5a
Using these generalized interfaces is more flexible, since it enables
us to pivot the implementation being used internally. In particular,
an upcoming CL will pivot them to use a more efficient alternative.
This is a no-op refactoring.
Bug: 176777285
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: Ibd4717174cf1f136e9d5d80172ecb6e493265306
Currently, LingerTimer takes a NetworkRequest for internal use.
However, this is unnecessary since only request Id is used.
Thus, this patch allows subsequent patches to remove the need
of a NetworkRequest when creating a LingerTimer. And the output
of lingered requests is reduced to id instead of printing
content of requests.
Test: atest FrameworksNetTests
Bug: 175180558
Change-Id: I9106d0804f1083942e1fcaca842f547c0aee1840
Currently, when network factory is under testing, but failed
without terminating the network factory. The mocked network
factory will stay registered and trigger another assertion
fail in teardown(). Thus, the test suite will only shows
the callstack that generated in teardown() instead of the
original fail. The error message is misleading and not useful
at all.
Thus, safely terminate and quit mocked network factory after
testing to prevent assertion fail in teardown().
Test: atest ConnectivityServiceTest#testMobileDataAlwaysOn
Bug: 175180558
Change-Id: I0f96332cc05221e576bd792c6cd26d9dccb4e228
Connectivity service is going to become a mainline module which
will not able to access hidden APIs. Thus, use formal API
Context#getSystemService() to get network policy service instead
of hidden API ServiceManager#getService().
Bug: 170598012
Test: atest FrameworksNetTests FrameworksNetIntegrationTests
Change-Id: I4f286264b5800b2b922f85a76ddd20d64d53000a
Updates to ConnectivityDiagnosticsCallback flows that directly accessed
the NRI 'request' member to now instead use mRequests. This will be done
by first not allowing multilayer requests on registration of a
connectivity diagnostic and then accessing the '0' index of mRequests.
Bug: 174187714
Bug: 171991028
Test: atest FrameworksNetTests
atest FrameworksNetIntegrationTests
atest CtsNetTestCasesLatestSdk
Change-Id: Ida98036b70fa290a214ee23236bfd0aad08e90a3
The wifi (mainline module) need to set the subscriberId for specific
wifi network.
Bug: 176396812
Test: TreeHugger
Change-Id: Ie97d3dad81c87d41a360558e91c83278595ff475
Use two oneway binder interfaces instead.
The interfaces post messages to handlers as was implemented before, but
provide a more strictly defined interface, with less hops between
NetworkAgent, AsyncChannel, and ConnectivityService.
The actual public interface is the NetworkAgent @SystemApi: the binder
interface is an internal implementation detail.
Test: atest FrameworksNetTests CtsNetTestCasesLatestSdk
Bug: 173574274
Merged-In: Ie364ab50f416e7821e70f4539a881eea828e1256
Change-Id: Ie364ab50f416e7821e70f4539a881eea828e1256
Currently, when the caller increment operation count, the count
will be blamed on the active default network even though the
traffic is all generated on other networks. This is kind
of weird. But in order to change the behavior, extend test
coverage first.
Test: atest com.android.server.net.NetworkStatsServiceTest#testOperationCount_nondefault_traffic
Bug: 174123988
Change-Id: Ia5b5aa3601de15bb9ee5a29f6d184d122f1c5352
In a previous change (https://r.android.com/1394342), we did a mass update of whitelist->allowlist
and blacklist->denylist in network policy related code. Updating
some usages of those (like allowlisted to allowed) to make them
sound natural.
Test: atest services/tests/servicestests/src/com/android/server/net/NetworkPolicyManagerServiceTest.java
Test: atest services/tests/servicestests/src/com/android/server/NetworkManagementInternalTest.java
Test: atest hostsidetests/net/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Change-Id: I6d34b0bd3cdb64d5872874fd9378bfc962a24f8d
