This is a no-op change and refactors the design for subsequent
TTL expiration check changes.
- Add a ServiceExpiredCallback to notify expired services.
- To simplify the design, pass the CacheKey to MdnsServiceCache
methods instead.
Bug: 265787401
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I930a4f7baf9b8d3d0037dc6aefd717dbdd486520
Override Vpn.setUnderlyingNetworks() to do a direct call on the
network agent instead of relying on the Vpn class.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ib7883f8a81a22317616cae79ce57a30afdd2bed4
Call setRequireVpnForUids directly to enable lockdown instead of
calling the real Vpn method.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I91ec59f7542d145e9250a7e7a414593db3d99424
This doesn't do anything at this patchset, but the whole
pipe from the agent to ConnectivityService is built.
LocalNetworkInfo will be the name of the public information
sent in callbacks to clients.
Test: CSLocalAgentTests
Change-Id: I70e133031ef3b0aaf6c3e59ccc2ad895c66d339c
This patch does the following :
• When a network is local but the system doesn't support it,
throw in registerNetworkAgent.
• When a network is local, tell netd about it.
• Add tests for the above, as well as a test for callbacks
being sent correctly when the caps are set and not when
they aren't and that the new keep connected flag is
respected.
Telling netd about the network being local has it add two
routes that do not exist if the network is not local :
• One at PRIORITY_LOCAL_NETWORK matching unmarked sockets
and looking up the table for the interface.
20000: from all fwmark 0x0/0x10000 lookup xxxx
• One at PRIORITY_EXPLICIT_NETWORK matching explicitly on
network 99, so that dnsmasq traffic and any OEM traffic
marked for network 99 flowing there.
16000: from all fwmark 0x10063/0x1ffff iif lo lookup xxxx
IMPLICIT_NETWORK and EXPLICIT_NETWORK rules are installed
by connectivity service as a matter of course whether the
network is local or not.
See commit If8729fc6f3716a580c936584b851bc38000b5de5 for
implementation details of this mechanic.
There is no need to implement anything in particular for the
new connected reason, as the current implementation will
already keep it connected. A new test makes sure of that.
Test: FrameworksNetTests
CtsNetTestCases
FrameworksNetIntegrationTests
NetworkStackTests
NetworkStaticLibTests
TetheringTests
MtsTetheringTestLatestSdk
TetheringIntegrationTests
Change-Id: I6fb7dfe4c232eea8cac9ac268897ddb36bb794d1
* changes:
Ensure nri is satisfied before returning.
Add testLockdownVpn that mocks platform VPN.
Make variables in testLegacyLockdownVpn() final.
Update testLegacyLockdownVpn to mock VPN.
When a network preference is set, the highest priority nri will
be a managed default request that disallows default networking.
In the case where there is no satisfying network,
mNoServiceNetwork is used as the satisfier instead of null.
(see computeNetworkReassignment)
mNoServiceNetwork should not be returned in any public API.
Check for the nri being satisfied before returning the satisfier
to ensure mNoServiceNetwork is not returned.
Fixes: 301222648
Test: atest FrameworksNetTests
Change-Id: I22d67a7e8d0274d8ad4f6123fbedf6d37eed18e7
Add a test for lockdown vpn that uses TYPE_IKEV2_IPSEC_PSK and
mocks platform VPN by override in startLegacyVpnPrivileged().
In the context of ConnectivityService, setVpnDefaultForUids()
is the main interaction.
Refactor testLegacyLockdownVpn to take a VpnProfile and assert
behaviors with and without setVpnDefaultForUids().
This includes:
1. Updating callback asserts and assertActiveNetworkInfo to
reflect setVpnDefaultForUids().
2. Adding TODOs where mCm.getActiveNetworkInfo() returns
unexpected values.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ida4a4bc745af5ba2fc251795b2ffca56ead79b7f
The created handler thread will stay there for a while until
all the tests are finished. This is considered as a leakage
which will take the resource from the devices. In low end
devices, this may possibly impact the performance. The created
threads should be closed explicitly.
Test: atest ConnectivityCoverageTests ConntrackSocketTest
Change-Id: Ic1beb2a210e7c8c80c66fc9e0727c47599150672
* changes:
Prepare exposing Network{Request,Caps}.forbiddenCapabilities
Add a keep connected for test reason
Improvements to CSTest : legacy type, wait for LOST, permissions
This is useful going forward in particular because there will
be a default forbidden capability for LOCAL_NETWORKS. This
means it will be useful to be able to remove it.
It is also generally useful and we have been wanting to open
this API to the public, so this is a good opportunity to do so.
Test: new tests for NetworkRequest
NetworkCapabilitiesTest already has tests because it
already was @SystemApi
Change-Id: Ibb8d33b799f2d274326fd9cd0b05a2c33a18032a
This has been sorely needed for a while. Instead of filing requests
for each of your networks in a CSTest, which is fiddly at best and
sometimes almost impossible (because you can't single out the network),
you can now add this flag and be done with it.
Test: CSKeepConnectedTest
Change-Id: Ie168fe1f3a17de035fdf05e3d6580d3262a3448e
• Make sure all Agents have a legacy type. This is necessary to
avoid crashes in LegacyNetworkTracker
• Wait for LOST when disconnecting a network
• Make sure the test package sees its own permissions (importantly
it can't see background networks otherwise, because it lacks
CHANGE_NETWORKING_STATE)
Test: in the followup
Change-Id: I9f699b6372a8fe0d5bcd5310d8f35f72e48a6c61
service-connectivity-mdns-standalone-build-test builds the mDNS
discovery and advertisement implementation against API level 21.
This stops the advertisement code from calling new NsdServiceInfo
public or private APIs which are required by Thread.
This commit removes the mDNS advertisement code from the standalone
build to loose the check given this will never be used by GMS Core.
Bug: 265095929
Test: verified that it can build with aosp/2608627
Change-Id: I32cfce7b994d51a4b4ec468e9f79ffc2be6635ff
(in preparation for moving it into netbpfload)
The programs themselves (in bpf_progs/block.c) required a 5.4+ kernel.
We relax this restriction to 4.19+ as we don't have any 5.4 device coverage
(while the pixel 4a 5G / 5 / 5a are all 4.19 devices).
I believe we could relax it further to 4.14+ but Pixel 4/4xl/4a that
would exercise those code paths are EOL and probably have poor to
non existent test coverage, and we cannot do anything for 4.9 T devices
anyway.
Note: on <4.19 kernels (ie. T devices running 4.9/4.14, U running 4.14)
this results in ConnectivityNativeService going from null to initialized
(as the bpf map will exist).
This doesn't hurt as the set/clear port interfaces are only ever
called by vendor code on devices where the kernel doesn't support
the older mechanism. And even if you call them it will just set/clear
the bits in the bpf bitmap, they just won't actually affect anything.
We could flag the map itself as being 4.19+ as well, but I think
I prefer the no-op map to exist...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1085addd22f4f3b709e1875049633832c5dac836
