When a network preference is set, the highest priority nri will
be a managed default request that disallows default networking.
In the case where there is no satisfying network,
mNoServiceNetwork is used as the satisfier instead of null.
(see computeNetworkReassignment)
mNoServiceNetwork should not be returned in any public API.
Check for the nri being satisfied before returning the satisfier
to ensure mNoServiceNetwork is not returned.
Fixes: 301222648
Test: atest FrameworksNetTests
Change-Id: I22d67a7e8d0274d8ad4f6123fbedf6d37eed18e7
Add a test for lockdown vpn that uses TYPE_IKEV2_IPSEC_PSK and
mocks platform VPN by override in startLegacyVpnPrivileged().
In the context of ConnectivityService, setVpnDefaultForUids()
is the main interaction.
Refactor testLegacyLockdownVpn to take a VpnProfile and assert
behaviors with and without setVpnDefaultForUids().
This includes:
1. Updating callback asserts and assertActiveNetworkInfo to
reflect setVpnDefaultForUids().
2. Adding TODOs where mCm.getActiveNetworkInfo() returns
unexpected values.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ida4a4bc745af5ba2fc251795b2ffca56ead79b7f
The created handler thread will stay there for a while until
all the tests are finished. This is considered as a leakage
which will take the resource from the devices. In low end
devices, this may possibly impact the performance. The created
threads should be closed explicitly.
Test: atest ConnectivityCoverageTests ConntrackSocketTest
Change-Id: Ic1beb2a210e7c8c80c66fc9e0727c47599150672
* changes:
Prepare exposing Network{Request,Caps}.forbiddenCapabilities
Add a keep connected for test reason
Improvements to CSTest : legacy type, wait for LOST, permissions
This is useful going forward in particular because there will
be a default forbidden capability for LOCAL_NETWORKS. This
means it will be useful to be able to remove it.
It is also generally useful and we have been wanting to open
this API to the public, so this is a good opportunity to do so.
Test: new tests for NetworkRequest
NetworkCapabilitiesTest already has tests because it
already was @SystemApi
Change-Id: Ibb8d33b799f2d274326fd9cd0b05a2c33a18032a
This has been sorely needed for a while. Instead of filing requests
for each of your networks in a CSTest, which is fiddly at best and
sometimes almost impossible (because you can't single out the network),
you can now add this flag and be done with it.
Test: CSKeepConnectedTest
Change-Id: Ie168fe1f3a17de035fdf05e3d6580d3262a3448e
• Make sure all Agents have a legacy type. This is necessary to
avoid crashes in LegacyNetworkTracker
• Wait for LOST when disconnecting a network
• Make sure the test package sees its own permissions (importantly
it can't see background networks otherwise, because it lacks
CHANGE_NETWORKING_STATE)
Test: in the followup
Change-Id: I9f699b6372a8fe0d5bcd5310d8f35f72e48a6c61
All the branches except udc-mainline-prod have TrunkStable.bp.
So this CL adds this file to avoid conflicts.
TrunkStable.bp is not included by Android.bp in udc-mainline-prod.
So, this CL is a no-op.
AOSP-first: TrunkStable.bp exists in aosp
Test: TH
Merged-In: Ib69d2fdc1d73b36a08a3d8ae1f2c45b2bcffae64
Change-Id: Ib3fe0774086ab5531f0e4d776da23667d32daad4
* changes:
netbpfload: remove netbpfload.rc
netbpfload: remove support for limiting selinux contexts
netbpfload: do not create /sys/fs/bpf/loader subdir
type safety for 'bool downstream'
type safety for 'bool updatetime'
Currently, metalava will discard concrete overrides of abstract methods
from the API signature files which causes problems when attempting to
generate stubs from those files and also discards information that may
be important in API reviews. This change is the first step in the
process of changing that behavior.
This change hard codes the current behavior for discarding the concrete
overrides (`add-additional-overrides=no`) into those signature files
that will (or are likely) to be affected by the change in behavior.
That allows the default behavior to be changed for all the other files
without affecting these.
Follow up changes will remove the hard coding from the signature files
and will update the contents which will include the concrete overrides
of the abstract methods.
More information and the background for this change is available at
go/add-overriding-one-pager.
Test: m checkapi
Bug: 299366704
Change-Id: I52c5bbe2e3bbd36019fe44fcb0b2d19876a5a869
I think it's better to just put this in bpfloader.rc,
where we can guarantee the correct ordering.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie2c5ab1cb1de015397ac54867ae6bb0c4321d207
No need for this, as we simply only support those selinux
contexts (and directories) which are available to networking.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I35b134c57411f82514b9f7148411f83d3aee1927
(it's already created by the platform bpfloader)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie22f585cab17fd2bded3d97a9cfe1019b792b69d
funky naming 'stream.down', because downstream.downstream is just too long...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id234654fa8960e7430fc33119f36fd94b858d242
