IpSecService is no longer using any methods of
INetworkManagementService, so remove it from IpSecService
and related files.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: I852e3a534e0ffd26b4b22420754f3ec8a6f153ad
NetdUtils has the same method(e.g. setInterfaceUp) as
NetworkManagementService so using the one inside NetdUtils instead
and try to remove NetworkManagementService from Vpn in
the following commit.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: I867556478fbc8c8ca8baa4e4c438a47b3beebe39
NetdUtils has the same method(e.g. setInterfaceUp) as
NetworkManagementService so using the one inside NetdUtils instead
and try to remove NetworkManagementService from IpSecService in
the following commit.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: I0ed8b0c678b067a655b51b938b6b40eadd985321
Currently, NetworkRequest has several types of requests (LISTEN,
TRACK_DEFAULT, REQUEST, BACKGROUND_REQUEST), and we expect more
to be added.
There are really three categories of request:
1. Requests satisfied by only one network and will keep that
network up, and thus need to be sent to NetworkProviders:
REQUEST, BACKGROUND_REQUEST.
2. Requests satisfied by only one network but will not keep that
network up: TRACK_DEFAULT
3. Requests satisfied by multiple networks and will not keep any
networks up: LISTEN.
Unfortunately the separation is not very clear. Currently, for
any valid request, either isListen() will return true or
isRequest() will return true. This makes it impossible to tell
whether a particular request should be sent to NetworkProviders,
so the current code sends TRACK_DEFAULT requests to
NetworkProviders as well. This is incorrect - a TRACK_DEFAULT
should never keep a network up, for example.
This CL attempts to clarify things by making isRequest() return
false for TRACK_DEFAULT requests and thus never sending them to
NetworkProviders. After this CL:
- isRequest will return true only for requests that attempt to
bring up or keep up a network.
- isListen will return true only for requests that match multiple
networks but do not keep any of them up.
- Neither will return true for TRACK_DEFAULT.
Test: atest ConnectivityServiceTest
Change-Id: I7aad30ade8f7ab2a179e53483d9afd8675f64a12
This is mainly used by VCN, where VCN-eligible networks might
be registered before VCN management service can fire request
to prevent the newly created network from being torndown
immediately by ConnectivityService.
Test: atest ConnectivityServiceTest#testNewNetworkLingering
atest ConnectivityServiceTest#testNewNetworkLingering_bgNetwork
atest FrameworksNetTests --rerun-until-failure 20
Bug: 175180558
Change-Id: I7768daf4cf2d8f6d8057b5107412e06104ba82e0
Linger timer mechanism will be used for both "linger" and
"nascent" states. To prevent confusion, rename the linger
timer and related functions to more generic name.
Test: TH
Bug: 175180558
Change-Id: I652f7c65c2f8bc58fb9d3316480f23a9709eccce
This is a partial cherry-pick of change:
I5eedb571c9d78862115dfdc5dae1cf2a35343580
for connectivity classes.
Bug: 170883422
Test: m
Merged-In: I5eedb571c9d78862115dfdc5dae1cf2a35343580
Change-Id: I7dc661863b73f4198ddb4f3a1566583d0f07db3c
These tests do not actually work, or at least not as designed.
What happens when they are run is that creating/connecting the
VPN throws an exception. The call to legacyRunnerReady.block()
times out after 10 seconds because the condition variable is
never opened, but the doesn't notice the timeout becasue it
doesn't check the return value of block().
There are two reasons for the VPN not coming up.
1. VpnConfig.getIntentForStatusPanel calls into PendingIntent and
ActivityManager statics, which bypass all the mocks and fail
with an appops denial. Fix this by making it a dependency.
2. The tests are broken due to the UserManager API changes
tracked in b/175883995. Fixing by adding a bit of ad-hoc code
into startLegacyVpn, with a TODO to delete it once the rest of
the UserManager setup code is fixed.
Fix these and check the return value of block(). This ensures
that if any other breakage is added the test will actually fail.
Also check that the throw route survives all the way to the
LinkProperties sent to the agent.
Bug: 173331190
Test: atest com.android.server.connectivity.VpnTest
Change-Id: Ieb7f33bce283ac5ee562a912df8edb9c930ed2b0
Updated OemNetworkPreferences to use a Map instead of an Array of Arrays
(SparseArray<List<String>>). This is for two reasons: to make the API
simpler and also prevent issues with duplicate entries for packages
mapped to more than one preference which is not supported.
Bug: 176597181
Bug: 176494815
Test: atest FrameworksNetTests
Change-Id: I85363e28b46b89ae60a85219313c2a45bd5e7dd5
For the incoming connectivity mainline, it need to compute the
intersection of a set of uids and appIds for the permission
control. As @UserIdInt values are internal implementation details
of the OS, any mainline modules should use strongly-typed
UserHandle arguments. Thus, create a new API that accepts
UserHandle and appId to get the computed uid.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: I046546d2c5c76eac7a251e63e4234776975bf2bc
ConnectivityService is going to become a mainline module which
will not able to access hidden APIs. NetworkPolicyManagerInternal
is a internal serivce that CS can't be access after be a mainline
module. Thus, create NPM#checkUidNetworkingBlocked to replace it.
Bug: 170598012
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases
Test: atest CtsHostsideNetworkTests
Test: atest FrameworksCoreTests:NetworkPolicyManagerTest
Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest
Change-Id: I7bee37522dc5c55c255b159fda9481eff663655a
This patch addressses the mocked UserManager for the context
of the user which is created by createContextAsUser.
Bug: 171529940
Bug: 175883995
Test: FrameworksNetTests
Change-Id: Ie72d08c765ed7fb7083c0c4b7ee02a43c23d1707
Nothing on the system is using registerNetworkFactory,
unregisterNetworkFactory at the moment.
registerNetworkFactory, unregisterNetworkFactory are protected by
signature permissions, so could not be used by anything outside of the
system.
Remove the two methods and the underlying support for this legacy,
deprecated mechanism.
Bug: 179229316
Test: atest FrameworksNetTests
Change-Id: I7cdc9eed67f846c8774474af038133040aeccab3
Currently, the tests only check whether the method throws a
SecurityException or not. Also check the return value of the
call, by mocking out InetDiagMessage.getConnectionOwnerUid.
This is required to test an upcoming change that will never
throw SecurityException but always return INVALID_UID if the
caller lacks permissions.
Bug: 173331190
Test: test-only change
Change-Id: I63f42a2f098fcf8796c9b4525a3a7b8320c0a139
There is strong opposition in the team to this rename.
Reverting to the old language.
Test: FrameworksNetTests
Change-Id: Icefa3090966c07fd66692ddd5b44dfc94485a914
Currently, if a legacy lockdown VPN is up, no VPN can set
underlying networks. This does not make much sense.
When legacy lockdown VPN is enabled, no other VPN is allowed to
call prepare() or establish(), so no other VPN can connect, and
if no VPN can connect, then no VPN can set underlying networks.
Therefore, disabling the ability to set underlying networks only
affects the legacy lockdown VPN itself.
This change is necessary because in a future CL, the legacy
lockdown VPN will start to inform ConnectivityService of its
underlying network.
Bug: 173331190
Test: tests in subsequent CLs in stack
Change-Id: Ifa2aa3351c2c8324571f96fda151864ed987ed5a
This will be used by a future change that makes the legacy
lockdown VPN pass the underlying network.
Bug: 173331190
Test: tests in subsequent CLs in stack
Change-Id: I09366a7f872ef3d4538962a75b0114a2ecb536e6
Updating ConnectivityService foundational support for multiple default
networks by extending mDefaultRequest and mDefaultNetworkNai from single
instances to a HashMap to support more than a single default network.
Bug: 176027457
Bug: 172347841
Test: atest FrameworksNetTests
atest NetworkStackTests
atest FrameworksNetIntegrationTests
atest NetworkStackIntegrationTests
atest CtsNetTestCasesLatestSdk
Change-Id: I2f5fa96c2d21ab883499e82afa74e73f3ca606cd
