This is needed to ensure corrupted data can be clean up if
the data migration process dones't go well.
Test: NetworkStatsCollectionTest
Bug: 197717846
Change-Id: Ic76ad6f3e96f03791b48988fb2622c9c647ffc7c
(cherry picked from commit 306a00316c)
Merged-In: Ic76ad6f3e96f03791b48988fb2622c9c647ffc7c
This is a follow-up commit from aosp/2076483. Mainly to update:
1. Update the hex string to human understandable code instead of
byte code.
2. Use IgnoreUpTo() to do the SDK check
3. Avoid relying on the code being tested
Bug: 192078259
Test: atest FrameworksNetTests
Change-Id: I8973d248a1d30fdcb597677dbf051e146041f905
(cherry picked from commit a023f88193)
Merged-In: I8973d248a1d30fdcb597677dbf051e146041f905
VPN configurations in T should automatically include the corresponding
SDK sandbox UID of an application.
The existing tests used a UID range outside the regular application
range, which means the new sandbox UIDs wouldn't be tested. Modified the
UIDs to run in the regular UID range of [10000, 19999]. Changed the
tests to include the SDK sandbox UID where necessary.
Also, changed the entire class to only run on T+, since that is the only
place where the SDK sandbox UIDs will be added. Since VPN code is not
mainline updatable, having coverage on earlier releases doesn't really
help anyway.
Finally, fixed up testNetworkBlockedStatusAlwaysOnVpn() in
ConnectivityServiceTest, and only have that run on T+ for the same
reasons.
Bug: 225317905
Test: atest VpnTest
Test: atest ConnectivityServiceTest
Change-Id: I83009344c270e520ac8ad1558c067cf7e46b1d2e
Merged-In: I83009344c270e520ac8ad1558c067cf7e46b1d2e
1) alowFallback flag was incorrectly not reset while setting profile
preference. Corrected it.
2) Threw exception if default preference and enterprise preference are
set together
3) renamed clearUser to withoutUser
Bug: 231670730
Test: ConnectivityServiceTest
Change-Id: If92ebe0cc23f18c8808893926d5e1d12ff2e3650
Merged-In: Iaf49237bdc791c7e1dd884d069eff64e74757477
Normally if an app calls requestNetwork with capabilities that it
does not have permission to request, it gets a SecurityException,
except if it requests NET_CAPABILITY_CBS, in which case the request
will not throw but the app will get an onUnavailable callback.
Make this codepath throw as well. This simplifies the code and makes
the app-visible behaviour more consistent (and consistent with what
happens in S and below). The reason the code was written this way is because the carrier privilege app should receive a callback if it
loses permission. But onUnavailable is also not the best callback to
send, since it is used very rarely and also releases the app's
request. It seems better to leave the request registered and send
onLost.
Test: atest FrameworksNetTests
Bug: 194332512
Change-Id: I5eaeb415a6654851246e38599a996fbd9366fde0
(cherry picked from commit 96bd9fe4de)
Merged-In: I5eaeb415a6654851246e38599a996fbd9366fde0
In order to have better logging to gather information
about the callers. This change includes:
1. Add pid and package name into RequestInfo for better logging.
2. Print current observers in dumpsys section.
3. Enable register/unregister usage request logging by default.
The log added in the dumpsys section looks like:
Stats Observers:
RequestInfo from pid/uid:2001/1000(android) for DataUsageRequest [...] accessLevel:3
...
Test: NetworkStatsObserversTest
Bug: 229103088
Change-Id: Ide68776dc279610e8dee0efd924b59a1fac2b7b6
(cherry picked from commit c259e615e6)
Merged-In: Ide68776dc279610e8dee0efd924b59a1fac2b7b6
Multiple enterprise slice can be setup within single user profile based
on different uids. So do not remove profile network preference with same
user profile but with different uids
Bug: 229644102
Test: manual system test and ConnectivityServciceTest
Change-Id: I897b643e01240958fff575de9e15182069efc698
(cherry picked from commit 9cc129f37d)
Merged-In: I897b643e01240958fff575de9e15182069efc698
1. Test that adding a new preference replaces the existing preference.
2. Test that if we pass in two simultaneous preferences for the same user.
(e.g., two different groups of apps), the second overrides the first.
Bug: 229644102
Test: ConnectivityServciceTest
Change-Id: I819247711f8457b12792585216ff47be31457ae8
(cherry picked from commit 95e02c5d5a)
Merged-In: I819247711f8457b12792585216ff47be31457ae8
isMangedProfile returns true for managed profiles.
But enterprise device can be fully managed like device owner.
Hence check specifically if request is coming on fully managed
device.
Bug: 226966328
Bug: 231071836
Test: ran DevicePolicyManager CTS and ConnectivityServiceTest
Change-Id: I7827466bd61e24ba9c36c3a2e25043257e2ed602
(cherry picked from commit bb65aa8fc2)
Merged-In: I7827466bd61e24ba9c36c3a2e25043257e2ed602
(this is safe because on pre-T none of these maps and programs are mainlined
and thus safe to access from mainline code anyway)
Test: TreeHugger, manual
Bug: 218408035
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I23e565d665247f33e084978890a1ee8ffe0fe568
- For clatd start and stop, use ClatdCoordinator on T+ and Netd on S-
- Fix the unit test for T+ and S- devices
Note that mokito.verify(.., times(1)) is replaced by verify(..)
because times(1) is the default and can be omitted.
See verify in mockito/src/main/java/org/mockito/Mockito.java
Note that this commit needs to be merged with aosp/1956072.
Bug: 212345928
Test: atest FrameworksNetTests
manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
$ ping 8.8.8.8
3. Check bpf entries are added
4. Disconnect from ipv6-only wifi.
5. Check bpf entries are removed
6. testipv4.com shows 10/10
Change-Id: I7dfda6eec19de94e4258971effcd8a1210542473
Since the tethering functions in ConnectivityService is delegated
to TetheringManager instance and get caches informataion in
TetheringManager without checking ACCESS_NETWORK_STATE permission.
If application use reflection call getTetherXXX functions in
ConnectivityService, it can get tethering status with no additional
execution privileges needed.
Bug: 162952629
Test: manual
Ignore-AOSP-First: security fix
Change-Id: I5b897f216db19fead6ba6ac07915aa0f6ff5bf42
Currently dumpCheckin passes a null object to create
the contructor of NetworkStatsCollection.Key but the
constructor requires non-null object. Thus, it caused
the NPE in dumpCheckin. To fix this exception, create
an NetworkIdentitySet() object instead of using an
null object.
Bug: 225131008
Bug: 226539404
Test: dumpsys netstats --checkin is fine
FrameworksNetTests
Change-Id: I7f2dadf0647b3f42e0f667d96291d2ae37e23faf
PermissionMonitor does not store any information regarding
traffic permission. It just checks permission from each package
and sends the result to netd. In addition, bpf can store traffic
permissions for appIds only because of memory limitations.
However, there is a mistaken permission overwriting when
different packages are installed on multi-user. Because
PermissionMonitor updates appIds traffic permissions to netd
from each user, so the permission result will depend on the
latest user state.
To fix the problem, save the traffic permissions by each user and
appId on PermissionMonitor. An appId has a permission if and
only if at least one uid in that appId has that permission.
bug: 224775316
Test: atest FrameworksNetTests CtsNetTestCases \
CtsNetTestCasesUpdateStatsPermission \
CtsNetTestCasesInternetPermission
Change-Id: Ieb01fb21f6201a58723eb7e6446b127627be2c0e
NsdService is using binder call to communicate with
mdnsresponder, so there is no one to use NativeDaemonConnector
now. Thus, remove NativeDaemonConnector relevant files.
Bug: 209894875
Test: atest FrameworksNetTests
Change-Id: Ic70d9417dc85c04c537e09d8f8586a762ac9a97b
- Use MDns aidl to communicate with mdns service and register
event listener to receive callback.
- Remove all NDC relevant code on NsdService.
- Use MDns aidl on NsdServiceTest.
Bug: 209894875
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I65929dee3838fef753396e86c665abd66b6fec81
The onError callback can use the same future as the onResult callback by
calling completeExceptionally.
This change is also removing the test for a specific exception message.
Testing for a specific exception message would mean that tests break if we
ever were to update them. If we decide that there is value to
distinguish between different types of
EthernetNetworkManagementException we should probably subclass it
internally.
Test: atest EthernetNetworkFactoryTest
Change-Id: Ib6f8cf79fc26e0f856c880cbe505b101f12aa187
As per the TODO, merge EthernetServiceTests into the larger
FrameworksNetTests suite.
Similarly to NetworkStats, NSD or IpSec tests, the tests are also marked
as "non-connectivity-module-test", where "module" actually refers to
modules being built for release (from an S-based branch) today. This is
necessary as the tests and associated code cannot build without T APIs.
Also add FrameworksNetTests to presubmit as non-connectivity-module
tests are not run in presubmit without this.
Test: TH
Merged-In: Id533cdb4ac184b963f570af299dea04754ba88e9
Change-Id: I9950fcb49fdc2217134a59e993941cbe5da0b556
As per the TODO, merge EthernetServiceTests into the larger
FrameworksNetTests suite.
Similarly to NetworkStats, NSD or IpSec tests, the tests are also marked
as "non-connectivity-module-test", where "module" actually refers to
modules being built for release (from an S-based branch) today. This is
necessary as the tests and associated code cannot build without T APIs.
Also add FrameworksNetTests to presubmit as non-connectivity-module
tests are not run in presubmit without this.
Test: TH
Ignore-AOSP-First: Merged in topic, will be cherry-picked
Change-Id: Id533cdb4ac184b963f570af299dea04754ba88e9
