This commit expands IKEv2 VPN CTS testing to ensure that given a
successful IKEv2 negotiation, the VPN network will be correctly set up.
Additionally, it verifies that the stopProvisionedVpnProfile will
teardown the VPN network.
Bug: 148582947
Test: atest CtsNetTestCases:Ikev2VpnTest
Change-Id: Ib6635f0068200ac0172515989fbdee5c3d49e231
Merged-In: Ib6635f0068200ac0172515989fbdee5c3d49e231
(cherry picked from commit 0ef85ff5a391fe81fb7d06959566d869f805f8b5)
This change adds basic tests for all IKEv2/IPsec VPN public APIs.
Additional testing for ensuring IKEv2 setup completes will be done in a
subsequent CL.
Bug: 148582947
Test: Ikev2VpnTest added
Change-Id: Ia5d35c32525b32be4a0dc0584630f5bb9e7f1bcb
Merged-In: Ia5d35c32525b32be4a0dc0584630f5bb9e7f1bcb
(cherry picked from commit 12f571feaea736de875aebef8ad0cc70630ad6ab)
This patch moves some test setup functions to util classes in
preparation for IKEv2 VPN tests which will use those same utilities.
Bug: 148582947
Test: atest IpSecManagerTunnelTest; passing
Change-Id: I9aeafa45ab515ce72a72c3de6f70fb26e32e7fd4
Merged-In: I9aeafa45ab515ce72a72c3de6f70fb26e32e7fd4
(cherry picked from commit 30432fa7640603c1e746b7d8c83e2e6052d8f967)
The test relies on EthernetManager#setIncludeTestInterfaces to run
validation on an "ethernet" network based on a tap interface, and
simulates DHCP and HTTP servers so the device sees the capport DHCP
option, and fetches the API contents.
Bug: 156062304
Test: atest CaptivePortalApiTest
(clean cherry-pick from aosp)
Merged-In: I734dbd05c0f50b8dc4553102ab286f0d8807a7ac
Change-Id: I734dbd05c0f50b8dc4553102ab286f0d8807a7ac
- Test receiving Authentication Failure notification
- Test setting up IKE Session with first Child setup failure
Bug: 155821007
Test: CtsIkeTestCases
Change-Id: I4ec43a3899d67a119cd4ba19e0ffc63c277325fb
Merged-In: I4ec43a3899d67a119cd4ba19e0ffc63c277325fb
(cherry picked from commit b765ebe3f26e61093dbe9ac0df1845afc5d42d3d)
This commit:
- Adds test for remotely initiated rekey for IKE and Child SA
- Makes IkeTunUtils support building and injecting requests
- Adds method to parse hex to long because Long.parseLong cannot
handle negative long value
Bug: 155821007
Test: atest CtsIkeTestCases
Change-Id: I299cf190261ac15397f9ed389adb2c69e94a6507
Merged-In: I299cf190261ac15397f9ed389adb2c69e94a6507
(cherry picked from commit a5bff5a7b46c31dfa4ae692328edfb2b2a6462c8)
This commit adds a test for setting up IKE Session with
digital-signature-based authentication.
This test also verifies sending and receiving IKE fragments
Bug: 155821007
Test: atest CtsIkeTestCases:IkeSessionDigitalSignatureTest
Change-Id: I5829dfa955c47c0810760b7bf97372031e740f1e
Merged-In: I5829dfa955c47c0810760b7bf97372031e740f1e
(cherry picked from commit 3fde403c39e048e82223256ec7ca5c3ac7c93751)
This commit moves following logics to IkeSessionTestBase so that all
subclasses can share it:
- build ChildParams
- perform IKE and first Child setup
- perform deleting IKE
- verifying IKE and first Child setup
Bug: 155821007
Test: atest CtsIkeTestCases:IkeSessionDigitalSignatureTest
Change-Id: Ib35b18240396a7b4823111e37be9a338d8ff6f06
Merged-In: Ib35b18240396a7b4823111e37be9a338d8ff6f06
(cherry picked from commit 34cdddb039da37c07bacf15f4c7a5fb36e757fad)
- Verify that inbound and outbound IpSecTransforms
are created when a Child Session is created
- Verify that when Child Session is deleted,
the IpSecTransform pair is deleted
Bug: 148689509
Test: atest CtsIkeTestCases
Change-Id: If142b3fb2ac791322921beeab1bc8d43db255317
Merged-In: If142b3fb2ac791322921beeab1bc8d43db255317
(cherry picked from commit a91fc43cbdfc6e58347493506fa5079a4280dca8)
testTetheringUpstream test case need cellular network. So it disable
wifi and getActiveNetwork to check whether current network is cellular.
But there is a race that call getActiveNetwork right away after
disconnect wifi. getActiveNetwork may return null because switching
network is not ready yet.
Bug: 156314879
Test: atest CtsTetheringTest
Merged-In: I6b433560fb27a3b4bd80c4198ccdb58a5be701b6
Change-Id: I6b433560fb27a3b4bd80c4198ccdb58a5be701b6
Only run the tests when com.google.android.ipsec is
installed on device.
This CL follows aosp/11427976 as an example.
Bug: 150497352
Test: m mts && mts-tradefed run mts-ipsec
Change-Id: I5992c54f9c0b9f1aa9752a207660f9f6e97ccace
- Add java doc in IkeSessionTestBase about the necessity to use
different addresses and Networks in each test
- Use ArrayTrackRecord in Test Session Callback to retrieve the
latest result.
- Verify that IpSecTransform pair is created and deleted
Bug: 148689509
Test: atest CtsIkeTestCases
Change-Id: Ib747c8cdfe1827e8df2aa7544e28e98a177d3d1c
Merged-In: Ib747c8cdfe1827e8df2aa7544e28e98a177d3d1c
(cherry picked from commit f729d7a112e83e04c008b0bbeed333238482d3e9)
The fix verified by that test is only applied on R+.
Test: atest NetworkStatsBinderTest
Bug: 150904735
Change-Id: I5ac69a121e5fa1b927ec94f3873f5c31b9031419
It's possible that private DNS setting is not in the state we expected
when we tried to enable strict mode during tests. The problem here is
that there are 2 setting Uris(mode and specifier) relating to strict
mode, each of them might trigger private DNS setting changing evnet in
ConnectivityService.
Previously, we tried to enable strict mode with first set private DNS
mode and then private DNS specifier. This may result in 2 consecutive
private DNS changes events with very short intervals, which caused
conflicts between DnsResolver / NetworkMonitor and lead to flaky tests.
So
0. Use opportunistic as default mode if no default mode existed.
1. Change the order (mode and specifier) for enabling strict mode.
2. Change private DNS mode only when needed.
(If original mode is "hostname", then we only need to set
specifier)
Bug: 153624005
Bug: 151122313
Bug: 150952393
Test: atest DnsResolverTest --rerun-until-failure 100
Test: forrest (git_master, cts/networking/gce-all)
Test: forrest (git_rvc-dev, atest CtsNetTestCases)
Test: forrest (git_rvc-dev, mts/dnsresolver/device-all)
Merged-In: I224a6493c87cebaf0bf954c2644e2945ccd50db1
Change-Id: Ib61ad7bd510341366ebbbb72aa451e5809ee3e9d
(cherry picked from commit 7561b1499c1b8da0334b32c0452d49113d9e4806)
The capability did not exist on Q.
Bug: 155993662
Test: atest NetworkRequestTest
Original-Change: https://android-review.googlesource.com/1316082
Merged-In: I94e874e37cadadd90397278bf519db68db48a50f
Change-Id: I94e874e37cadadd90397278bf519db68db48a50f
on Q startCaptivePortalApp was guarded by CONNECTIVITY_INTERNAL instead
of NETWORK_SETTINGS: change the permission adopted by shell on Q to
match the platform.
Test: atest CaptivePortalTest on a Q device
Bug: 150904735
Original-Change: https://android-review.googlesource.com/1316081
Merged-In: I24b6907d164aba07df0f5a1a3715669e99cddd88
Change-Id: I24b6907d164aba07df0f5a1a3715669e99cddd88
- Migrate the test to JUnit4, as JUnit3 cannot use assumeTrue
- Skip IPv4 keepalive tests on networks that do not have native IPv4.
- Refactor usage of adoptShellPermissionIdentity to use try / finally
or runAsShellPermissionIdentity: test failures could lead to
permission failures in other tests due to mismatched adopt/drop.
- Fix ensureWifiConnected to support the "wifi enabled but not fully
connected" case.
Bug: 150949391
Test: atest CtsNetTestCasesLatestSdk:ConnectivityManagerTest \
--rerun-until-failure 50
Original-Change: https://android-review.googlesource.com/1310419
Merged-In: I7459753b1068e1760a95337760db58d1df213fad
Change-Id: I7459753b1068e1760a95337760db58d1df213fad
Add a cts test to check whether app can have netd sytem
permission even the app didn't grant the
CONNECTIVITY_USE_RESTRICTED_NETWORKS permission.
Bug: 144679405
Test: atest android.net.cts.ConnectivityManagerTest
Change-Id: I2c717a11bda43db166a55d343eb752ab45947fe8
Merged-In: I2c717a11bda43db166a55d343eb752ab45947fe8
(cherry picked from commit 1bc6b39789, ag/10285567)
to only run them when com.google.android.tethering is
installed on device. This does not change any existing CTS run.
The logic only applies when the test triggered by mts-tradefed
to make sure it runs appropriate set of tests against the device.
For example, the test will be skipped when running MTS on Q because
tethering and wifi are not on Q devices.
Bug: 154845935
Test: m mts && mts-tradefed run mts-tethering
Change-Id: I9e6bd60982d4ef67538ad506e7008366bbf35363
The CtsNetTestCasesLatestSdk needs to build against platform (for hidden
API access), The JNI library libnativedns_jni used by
CtsNetTestCasesLatestSdk needs to build against stable SDK (for running
on Q). To fulfill the combination, property jni_uses_sdk_apis must be
set.
Bug: 151122313
Bug: 150904735
Bug: 150918852
Test: atest CtsNetTestCasesLatestSdk on R and Q platforms
Merged-In: I5db3cb28829847e74412d270db7d17b81c5e26a2
Change-Id: I8e9af302b487199b144f4fd791bc39d57f002fe2
(cherry picked from commit 452ef123caa60eeebc1744b14137197c47704d6b)
This reverts commit dd9608b7d1147a4eaf36ea634b9fc2f0feca1145.
Reason for revert: This CL made whole test failed.
Bug: 153624005
Bug: 150952393
Bug: 151122313
Merged-In: I083529616dbf80421ea6a322bb57d2bb0f2bca62
Change-Id: I002c39d6535fb31b13bc463812517fe1882f1884
(cherry picked from commit 98015badd01863fa4a79c089f371d9a50f2ae98c)
It's possible that private DNS setting is not in the state we expected
when we tried to enable strict mode during tests. The problem here is
that there are 2 setting Uris(mode and specifier) relating to strict
mode, each of them might trigger private DNS setting changing evnet in
ConnectivityService.
Previously, we tried to enable strict mode with first set private DNS
mode and then private DNS specifier. This may result in 2 consecutive
private DNS changes events with very short intervals, which caused
conflicts between DnsResolver / NetworkMonitor and lead to flaky tests.
So
1. Change the order (mode and specifier) for enabling strict mode.
2. Change private DNS mode only when needed.
(If original mode is "hostname", then we only need to set
specifier)
Bug: 153624005
Bug: 153624702
Test: atest DnsResolverTest --rerun-until-failure 100
Merged-In: Iaed6285677f74a5ee6cc6684534ddc0758b25974
Change-Id: I566bdfa98dc070247b52fe29ca1f31cbd1bb8cc2
(cherry picked from commit 877af1ee3ed2c3a9e9256e216709908d2beb3bfb)
If the device is put into airplane mode before the network tests run,
the tests fail. This ensures that airplane mode is off before the tests
run.
Bug: 150788500
Test: atest CtsHostsideNetworkTests
Change-Id: I7a84be751e5e9efb534d48c6d8ff457875ebe716
Test will be affected by logic modification from different
NetworkSpecifiers. Since this test tries to test the behavior
of NetworkRequest but not NetworkSpecifier, use local defined
NetworkSpecifier to test to prevent repeating noisy breaks.
Also update test for testing invariant.
Bug: 154451660
Test: atest CtsNetTestCasesLatestSdk:android.net.cts.NetworkRequestTest
Merged-In: I7e357c75a68244432231d59646ddf67c8d969c6d
Change-Id: I7e357c75a68244432231d59646ddf67c8d969c6d
In R, to avoid data overages due to apps not detecting a
meteredness change, when a wifi network changes from unmetered
to metered the network will go down and will be replaced with a
new network. It will make NetworkCallbackTest fail because the
original design is getting the active network in setUp(). So once
the wifi reconnects, the network which is got in setUp() will be
meaningless and make the test fail due to network mismatches.
The new changes are:
1. Moving some initial pre-configurations into setUp().
2. Override the onCapabilitiesChanged() to check if network has
changed to metered or not.
3. Add unregisterNetworkCallback() into iMyService.aidl so that
NetworkCallbackTest can call it to unregister the network
callback.
4. Enlarge the timeout of connecting network and receiving
callback to prevent network cannot reconnect in time or
callback cannot be received in a short time.
Bug: 153485744
Test: atest CtsHostsideNetworkTests:com.android.cts.net.HostsideNetworkCallbackTests
Change-Id: I1aa0e107cf6797b06dee4a15896c63321d822156
This is a partial revert of the change that removed the parole
(Icd7b6eff8777f9b53a10eca521b73988f58f2d84).
Bug: 151802309
Test: atest --rerun-until-failure 10 com.android.cts.net.HostsideRestrictBackgroundNetworkTests
Change-Id: I65f5ff20cdd342905e1afd1f4897017aa60682d3
This commit:
-Extend TunUtils for processing IKE packets
-Add IkeSessionBaseTest containing common functionality for all IkeSession tests
-Add end-to-end test for IKEv2 PSK verifying creating IKE SA, creating child SAs
and closing sessions
-Add basic tests for error scenarios
Bug: 148689509
Test: atest CtsIkeTestCases
Change-Id: Ie6c18591ffcc883abbf0484d9a59dfda61b33257
Merged-In: Ie6c18591ffcc883abbf0484d9a59dfda61b33257
