This test is conitnuely fail in cuttlefish.
Lack of ipv6 default route in cuttlefish caused the test failed.
The reason is that the result of rfc6724Sort depends on on the route in system.
It is not good to expect any route should exists, so remove it.
Bug: 133649648
Test: atest DnsUtilsTest
Merged-In: Idc6db433585de067e45088b43665c8e37b310397
(cherry picked from commit 91b35f88429d77ddce0e3f539690e6370b89915b)
Change-Id: Idb6f4c094d3466772e3bfc98a57505bf38f381ef
This is a follow-up commit for aosp/955431 to update commets
and minor updates in unit test.
Test: atest com.android.server.ConnectivityServiceTest#testCaptivePortalOnPartialConnectivity
Bug: 130683832
Change-Id: I581eae8daeddd2c4c186e7b40e27fef2aaa7ab43
Merged-In: I9087ef791b3fee5399ba8e83ef9d8a544845a4dd
Merged-In: I4424663292c5ad29eb7a888fa6975835721a5d2e
(cherry picked from commit 3d3a9fff7b7fa0df4ee627cb082668e642d6f754)
Once a network is determined to have partial connectivity, it
cannot go back to full connectivity without a disconnect. This
is because NetworkMonitor can only communicate either
PARTIAL_CONNECTIVITY or VALID, but not both. Thus, multiple
validation results allow ConnectivityService to know the real
network status.
Bug: 129662877
Bug: 130683832
Test: atest FrameworksNetTests
Test: atest NetworkStackTests
Test: atest --generate-new-metrics 50
NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Test: Simulate partial connectvitiy
Change-Id: I406c9368617c03a2dd3ab15fb1f6dbf539d7c714
Merged-In: I243db4c406cca826e803c8035268bc0c6e6e01e2
(cherry picked from commit 4532abd4d2af9ad118873a63cafc6028ed87c52e)
The native services should specify their permissions in platform.xml if
they need internet permission, otherwise the eBPF program will block the
socket creation request. Fixing the known services that are in group
AID_INET but didn't specify their permission in the xml file.
Bug: 132217906
Test: CtsJdwpTestCases dumpsys netd trafficcontroller
Change-Id: I84cde7d3757953bc0bf761727d64a715bcdd68bb
Merged-In: I84cde7d3757953bc0bf761727d64a715bcdd68bb
(cherry picked from commit e5d6f0fa6c3fd77572f5b29f416acbf304abf9da)
When unregistering callback due to ON_UNAVAILABLE did not check for
a non-null callback.
Bug: 132950880
Test: atest ConnectivityServiceTest
Merged-In: Ib3fde31d88c36469cdee1e3578606d130a9817cb
Change-Id: Ib3fde31d88c36469cdee1e3578606d130a9817cb
(cherry picked from commit 51ddc176abd23bd3ddbc26124e5541a983a1db07)
1. pass default network explicitly to fix potential
mis-sync network problem in DnsResolver#query
2. Add rfc6724 sort and related test
3. DnsResolver do rfc6724 sort before response InetAddress answers
4. move haveIpv* function from DnsResolver to DnsUtils
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Merged-In: I0323f5c7f32fc3fa589b9e87f8e7c9caf744dbd4
(cherry picked from commit d352f4ca85ff8418a5a58d32fb03b85d7e0b843b)
Change-Id: I98455045fa43cc5a5902a08232251c1734feaac3
Our stable AIDL interfaces need to use versioned build targets,
otherwise getVersion will always return 0, which makes it
impossible to support different components at different versions.
List generated with:
find . -name Android.bp -exec egrep \
-H "(netd|dnsresolver|ipmemorystore|networkstack).aidl.interface(s?)-(java|cpp)" {} \; \
| grep -v oemnetd | grep -v tests/
Test: m
Bug: 133124190
(cherry-pick from aosp/968011)
Merged-In: Idf49e840263ef32b9ee4fafa6718d4f893ea7c87
(cherry picked from commit 433f7c4178aaadac7d6a5f6727f39ef83342d436)
Change-Id: I77e2291b52fda24ee01e1b22ddafe4fe7368959e
This notification is shown when the user has already logged in to
the network, so it should not have a question mark on it.
Fix: 130526201
Test: atest FrameworksNetTests
Test: manually signed in to portal
Change-Id: I8250236bc4ba251492a6cb9bf23e67666ef860d3
Merged-In: I8250236bc4ba251492a6cb9bf23e67666ef860d3
(cherry picked from commit fce363555029b92b1532058555797d6ef1afb09c)
Caller should get SecurityException if called
ConnectivityManager#startCaptivePortalApp() w/o
MAINLINE_NETWORK_STACK permission. But now it will not get any
exception and can launch captive portal app successfully.
Bug: 132662433
Test: atest android.net.cts.ConnectivityManagerTest#testStartCaptivePortalApp
w and w/o MAINLINE_NETWORK_STACK permission
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: Ib70fe6fad107f3e9dce9ce673188c5ce5dc1ad7b
Merged-In: I1025da29beb53259f57bd9ca5648b32f2847ed4a
Merged-In: Ib70fe6fad107f3e9dce9ce673188c5ce5dc1ad7b
(cherry picked from commit 72b3ab18ca302a3117f424a0f0ef6c08897c310e)
Delete the unused NetworkManagementService API for set/remove
permissions. Use PERMISSION_NONE to replace NO_PERMISSIONS so the
framework now use the same set of permission constant when communicate
with netd.
Bug: 128944261
Test: PermissionMonitorTest.java
Change-Id: I25224c9576f52d2a0a0bd2182325c7aac7b28eb5
Merged-In: I25224c9576f52d2a0a0bd2182325c7aac7b28eb5
(cherry picked from commit 05887f99c6ca6885db737af2f356023dc6de80a2)
Remove definition of TYPE_NATT and TYPE_TCP since the type
can be identified by checking message.obj is an instance of
NattKeepalivePacketData or TcpKeepalivePacketData.
It's more simple and won't have dependency on KeepaliveInfo.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
(Clean cherry-pick of aosp/955419)
Change-Id: Ic97ffe9ff5781778efd264460809f5059f0f4230
Merged-In: Ic97ffe9ff5781778efd264460809f5059f0f4230
In aosp/951200, the clean up function delete the item in the
hash map that holds the record while iterating it, where the
list used to iterate the records is backed by the hash map,
so changes to the map are reflected in the list and caused
the concurrent modification exception.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 300
2. atest FrameworksNetTests --generate-new-metrics 10
(Clean cherry-pick of aosp/959599)
Change-Id: I9cdfe6f6d11c5400c856cc30a33ff4a44ba9d811
Merged-In: I0481a469ee23231e5f0ab738a06b5e09f6cdb680
In general, keepalive slots are released after result of
stopping has returned. However, for network disconnect case,
the service side cannot communicate with network agent since
the async channel is broken.
Clean up keepalive slots right after stop in this case.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
Change-Id: Id3e4e159713c0ed7e03f45169e87b73ae6408e4f
(cherry picked from commit a5f6bd16062fba89bcf900aca93aa3514d93f662)
Merged-In: Id3e4e159713c0ed7e03f45169e87b73ae6408e4f
Merged-In: Icb5a1b5bb10617aa5a7b35db6cf48db3dc53b7fd
Currntly, keepalive slot is released when stop() is called. Next
starting keepalive can use the same slot number while previous
keepalive is still stopping. When the previous keepalive is
stopped, the incoming as will be processed by the new keepalive.
This change release keepalive slot after the result of stopping
has returned. Thus, newly created keepalive cannot allocate the
same slot number while lower layer is still processing stop event.
This change also disable flaky assertions that are caused by
test port has been occupied by other process.
Bug: 129512753
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
3. simulate the fail case manually.
Change-Id: I790f6bbc5efc3f088034ac45ec379da5f781d0ca
Merged-In: I1991627545519ee5cb408a3df3a006f710f4af7b
(cherry picked from commit 3523a3d02a1f88a3990ab9cc4948c705ecc713c8)
Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.
Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests
Clean cherry-pick of aosp/954040
Merged-In: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
Change-Id: I92f6d977b6dfde4e1bf74df6b60c9a0b9e8eec40
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Clean cherry-pick of aosp/946359
Change-Id: I06840834d0ee8121358bf4829fe47ecf9964d395
Merged-In: I0218f3674628c13ead63fc9a873895ba7f113033
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
(cherry picked from commit 414b8c8b1ce8ae2ad6ef95c1ffba19062077d3e6)
The onUnavailable semantics promise that it is equivalent to calling
the unregister callback method. But - it doesn't unregister the callback
allowing it to be reused. Fixed.
Additionally, modified the unregisterNetworkCallback method to not fail
on duplicate unregistration (since a callback could now self
unregister). Instead simply print a log.
Bug: 130651445
Test: atest ConnectivityServiceTest
Merged-In: I4c54b003a733eb0b1e4fd8674ed13081b1bef8e3
Change-Id: I4c54b003a733eb0b1e4fd8674ed13081b1bef8e3
This patch adds checks to ensure that the IPSEC_TUNNEL feature flag is
enabled.
Bug: 117183273
Test: Compiles & tests passing
Change-Id: I2699dda29e1eed139bc6fd1b70071e5ab33cad88
Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I403cd14ac9aa6b001c4e580abbb33a615931a192
Merged-In: Idaa7238a5c9acdae9f6cff13095ee9436c7c92c8
(cherry picked from commit 038c11d564452c9e08f25119423049339ff93c57)
For implementing parcelable interface for NattKeepalivePacketData.
Move this class out of framework.jar and move to services.jar
This class is used in telephony-common.jar and it also loads
service.jar.
Bug: 33530442
Test: - build pass
- atest NetworkStackTests
- atest ConnectivityServiceTest
Change-Id: Ie1d02bb7bccb76415cf71824147466cabf6b88b6
Merged-In: Ie1d02bb7bccb76415cf71824147466cabf6b88b6
Merged-In: Idf7c25b6b553d8c0cc4ef2ea8193438480420fb4
(cherry picked from commit 58a1f931eba8716c4a630863f658b070cda623de)
The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
Merged-In: I9b65a2eef94567d2b79a9955619938e64906080d
Merged-In: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
(cherry picked from commit 9e046d509a37c6f37b4757f1681846cee60cfd5c)
