Split-tunnel VPN (which are the only ones affected by this change)
always fall through to the default network for routes they don't
handle, and even if the underlying network(s) don't provide access
this may be a pinhole that can actually reach the broader network.
In practice this behaves like the original release of P and is the
safest thing to do for Q. In R we should evaluate giving the VPN
app the ability to simply tell the network stack whether it does
provide Internet access or not.
Bug: 119216095
Test: FrameworksNetTests NetworkStackTests
Change-Id: I262ca41fe0225660551c9a421562405366b6acac
This is the most common test library for Connectivity tests. It is
meant to be usable in framework tests, network stack tests, CTS,
GTS. To achieve that, it can only depend on framework classes.
Bug: none
Test: NetworkMonitorTest
Test: NsdManagerTest
Test: ConnectivityServiceTest
Test: OffloadControllerTest
Test: NetworkStatsObserversTest
Test: NetworkStatsServiceTest
(all the touched classes)
Change-Id: Ic47cbe7ba0e407145fa6bc49bb2adb3c5937dbc4
This test is conitnuely fail in cuttlefish.
Lack of ipv6 default route in cuttlefish caused the test failed.
The reason is that the result of rfc6724Sort depends on on the route in system.
It is not good to expect any route should exists, so remove it.
Bug: 133649648
Test: atest DnsUtilsTest
Change-Id: I91f89782b9b989fa1a49e666bb5ce2df3a0dbbf7
Also :
- Fix testUidFilteringDuringVpnConnectDisconnectAndUidUpdates that
was failing on devices with a first released SDK >= Q
- Add a test actually tests that the system has the permission, as
the test was only testing what's in the mock
Bug: 119770201
Test: New test making sure this stays true
Change-Id: I74cf5f0fa17fcf818f1fed78c7e3e4375c20152e
This is a follow-up commit for aosp/955431 to update commets
and minor updates in unit test.
Test: atest com.android.server.ConnectivityServiceTest#testCaptivePortalOnPartialConnectivity
Bug: 130683832
Change-Id: I581eae8daeddd2c4c186e7b40e27fef2aaa7ab43
Once a network is determined to have partial connectivity, it
cannot go back to full connectivity without a disconnect. This
is because NetworkMonitor can only communicate either
PARTIAL_CONNECTIVITY or VALID, but not both. Thus, multiple
validation results allow ConnectivityService to know the real
network status.
Bug: 129662877
Bug: 130683832
Test: atest FrameworksNetTests
Test: atest NetworkStackTests
Test: atest --generate-new-metrics 50
NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Test: Simulate partial connectvitiy
Change-Id: I406c9368617c03a2dd3ab15fb1f6dbf539d7c714
1. pass default network explicitly to fix potential
mis-sync network problem in DnsResolver#query
2. Add rfc6724 sort and related test
3. DnsResolver do rfc6724 sort before response InetAddress answers
4. move haveIpv* function from DnsResolver to DnsUtils
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Change-Id: I4efa599c0605f6a9e4ef2dd1a36572c69b3c433f
When unregistering callback due to ON_UNAVAILABLE did not check for
a non-null callback.
Bug: 132950880
Test: atest ConnectivityServiceTest
Change-Id: I8f3322963f322e6690f1403681bf66e8b38b35f8
Our stable AIDL interfaces need to use versioned build targets,
otherwise getVersion will always return 0, which makes it
impossible to support different components at different versions.
List generated with:
find . -name Android.bp -exec egrep \
-H "(netd|dnsresolver|ipmemorystore|networkstack).aidl.interface(s?)-(java|cpp)" {} \;
Bug: 133124190
Test: m
Change-Id: Id175c99daa77507847673777a8dcce51897ab17b
Original CL description:
Add FrameworksNetTests dependency on libcgrouprc
The tests are currently broken without this dependency.
Bug: 132925169
Test: atest FrameworksNetTests
Change-Id: I473b250587d871158e1e9595d56183a0342238d8
Merged-In: If9c8aa41c4e96a79b71c88f199a4f3b0483e31cd
Bug: 132435820
Bug: 132437254
Original CL description:
Add FrameworksNetTests dependency on libcgrouprc
The tests are currently broken without this dependency.
Bug: 129902619
Test: atest FrameworksNetTests
Merged-In: I85891485157ed86e069039dfe3092028ff703dd5
Change-Id: I7daf6bdf8a9f8836d17746e1e352f8f75cd34adc
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
This reverts commit cece56e3ce.
Reason for revert: Adds dependency between IpSecService and
ConnectivityService may lead to future deadlock
problems. Uses a simpler approach instead,
hence the solution is not needed.
See aosp/954040.
Change-Id: Ibff278a6eee666cd85dba81c2bed94d568679b02
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Change-Id: I0218f3674628c13ead63fc9a873895ba7f113033
The onUnavailable semantics promise that it is equivalent to calling
the unregister callback method. But - it doesn't unregister the callback
allowing it to be reused. Fixed.
Additionally, modified the unregisterNetworkCallback method to not fail
on duplicate unregistration (since a callback could now self
unregister). Instead simply print a log.
Bug: 130651445
Test: atest ConnectivityServiceTest
Change-Id: I4c54b003a733eb0b1e4fd8674ed13081b1bef8e3
This reverts commit 8368fe9fe0.
Reason for revert: Adds dependency between IpSecService and
ConnectivityService may lead to future deadlock
problems. Uses a simpler approach instead,
hence the solution is not needed.
See aosp/954040.
Change-Id: If6d537a39595cf132d3ed81d4eaac6700f5f0ab3
Delete the unused NetworkManagementService API for set/remove
permissions. Use PERMISSION_NONE to replace NO_PERMISSIONS so the
framework now use the same set of permission constant when communicate
with netd.
Bug: 128944261
Test: PermissionMonitorTest.java
Change-Id: I25224c9576f52d2a0a0bd2182325c7aac7b28eb5
