Currntly, keepalive slot is released when stop() is called. Next
starting keepalive can use the same slot number while previous
keepalive is still stopping. When the previous keepalive is
stopped, the incoming as will be processed by the new keepalive.
This change release keepalive slot after the result of stopping
has returned. Thus, newly created keepalive cannot allocate the
same slot number while lower layer is still processing stop event.
This change also disable flaky assertions that are caused by
test port has been occupied by other process.
Bug: 129512753
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
3. simulate the fail case manually.
Change-Id: I1991627545519ee5cb408a3df3a006f710f4af7b
am: 965ddfdc5d -s ours
am skip reason: change_id I5737cf293264bf9d492e7bd56b62bee4d49002eb with SHA1 dca57c2e44 is in history
Change-Id: I44c2d7e34d6351cc2b862aa99d0ef0260130961b
A mocked PackageManager caused test failures in existing tests.
Revert that for now to make tests pass again.
Bug: 114231106
Bug: 130397860
Test: atest FrameworksNetTests
Change-Id: I4f181789152438f18e6cd2d235d76fabe3872ea3
This reverts commit 2b6cd177ba.
Reason for revert: Rolling forward, will fix tests in same CL stack.
Bug: 114231106
Bug: 130397860
Test: FrameworksNetTests
Change-Id: Ia8a0c99b4e1fd5dff26c881715cd876618ca4321
This reverts commit 1c19cf383f.
This change does not have any topic: not reverting the other 2 commits in the original topic.
Reason for revert: broke FrameworksNetTests presubmit: b/130397860
Change-Id: Iff41d9fe97fafea44680c8d67d1ce19277548cc0
To address the API review feedback provided by
the API council.
Bug: 129261432
Test: atest DnsResolverTest
Merged-In: I5737cf293264bf9d492e7bd56b62bee4d49002eb
(cherry picked from commit dca57c2e44)
Change-Id: I429dd93285f50314e9d757f4ec8539a3ba40e61b
am: 3b5424047c -s ours
am skip reason: change_id I98573a5c68e45abbbaddef01f6ac74a6a18e26f9 with SHA1 0fed3d2c01 is in history
Change-Id: I80f0924a1a1f83962c6dee7fd937a341075327e4
am: 5c7c6a4b7d -s ours
am skip reason: change_id I88bfd7f37c0ba0228f8288fe92212618ce134e4f with SHA1 4f370cefa2 is in history
Change-Id: If600c79a42b040f8323800cc2b6a145d5efb2c39
This commit re-enables enforcement of the MANAGE_TEST_NETWORK
permission, which is only granted to the shell. CTS tests using this
permission should use UiAutomation.adoptShellPermissionIdentity() to
gain access.
Bug: 72950854
Test: IPsec CTS tests using this passing
Change-Id: I98573a5c68e45abbbaddef01f6ac74a6a18e26f9
Merged-In: I98573a5c68e45abbbaddef01f6ac74a6a18e26f9
(cherry picked from commit 0fed3d2c01)
This follow-up change performs some cleanup changes without affecting
functionality
Bug: 72950854
Test: Compiles, CTS tests using this pass
Change-Id: Ic7394f24f11d713c9374b438182e29d2a02ea236
Merged-In: Ic7394f24f11d713c9374b438182e29d2a02ea236
(cherry picked from commit 5f6bc9d438)
To address the API review feedback provided by
the API council.
Bug: 129261432
Test: atest DnsResolverTest
Change-Id: I3de11c913682abf790850b45cd5d50ac28b3fc5c
am: b207526a0b -s ours
am skip reason: change_id Ifd18d1c6ad708c1dbc793f03d8241f572af50317 with SHA1 ec82da1166 is in history
Change-Id: I1a1cac47a948636d6dae934edb3fbf42327f5314
am: c7a083a15e -s ours
am skip reason: change_id I54050b28bbfb93e0b7e509dbe0e987a0b902b7d9 with SHA1 9b84ea14a8 is in history
Change-Id: I15a4acf4355e05833ed15bde3deb0db966f2a75a
am: 610eed67b6 -s ours
am skip reason: change_id I6db75853da9f29e1573512e26351623f22770c5d with SHA1 4dba79cc89 is in history
Change-Id: I3e0bd244d8a2ddf86cf4dab99d4a563ea1e2b01e
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
