This patch does the following :
• When a network is local but the system doesn't support it,
throw in registerNetworkAgent.
• When a network is local, tell netd about it.
• Add tests for the above, as well as a test for callbacks
being sent correctly when the caps are set and not when
they aren't and that the new keep connected flag is
respected.
Telling netd about the network being local has it add two
routes that do not exist if the network is not local :
• One at PRIORITY_LOCAL_NETWORK matching unmarked sockets
and looking up the table for the interface.
20000: from all fwmark 0x0/0x10000 lookup xxxx
• One at PRIORITY_EXPLICIT_NETWORK matching explicitly on
network 99, so that dnsmasq traffic and any OEM traffic
marked for network 99 flowing there.
16000: from all fwmark 0x10063/0x1ffff iif lo lookup xxxx
IMPLICIT_NETWORK and EXPLICIT_NETWORK rules are installed
by connectivity service as a matter of course whether the
network is local or not.
See commit If8729fc6f3716a580c936584b851bc38000b5de5 for
implementation details of this mechanic.
There is no need to implement anything in particular for the
new connected reason, as the current implementation will
already keep it connected. A new test makes sure of that.
Test: FrameworksNetTests
CtsNetTestCases
FrameworksNetIntegrationTests
NetworkStackTests
NetworkStaticLibTests
TetheringTests
MtsTetheringTestLatestSdk
TetheringIntegrationTests
Change-Id: I6fb7dfe4c232eea8cac9ac268897ddb36bb794d1
The created handler thread will stay there for a while until
all the tests are finished. This is considered as a leakage
which will take the resource from the devices. In low end
devices, this may possibly impact the performance. The created
threads should be closed explicitly.
Test: atest ConnectivityCoverageTests ConntrackSocketTest
Change-Id: Ic1beb2a210e7c8c80c66fc9e0727c47599150672
* changes:
Prepare exposing Network{Request,Caps}.forbiddenCapabilities
Add a keep connected for test reason
Improvements to CSTest : legacy type, wait for LOST, permissions
This is useful going forward in particular because there will
be a default forbidden capability for LOCAL_NETWORKS. This
means it will be useful to be able to remove it.
It is also generally useful and we have been wanting to open
this API to the public, so this is a good opportunity to do so.
Test: new tests for NetworkRequest
NetworkCapabilitiesTest already has tests because it
already was @SystemApi
Change-Id: Ibb8d33b799f2d274326fd9cd0b05a2c33a18032a
This has been sorely needed for a while. Instead of filing requests
for each of your networks in a CSTest, which is fiddly at best and
sometimes almost impossible (because you can't single out the network),
you can now add this flag and be done with it.
Test: CSKeepConnectedTest
Change-Id: Ie168fe1f3a17de035fdf05e3d6580d3262a3448e
• Make sure all Agents have a legacy type. This is necessary to
avoid crashes in LegacyNetworkTracker
• Wait for LOST when disconnecting a network
• Make sure the test package sees its own permissions (importantly
it can't see background networks otherwise, because it lacks
CHANGE_NETWORKING_STATE)
Test: in the followup
Change-Id: I9f699b6372a8fe0d5bcd5310d8f35f72e48a6c61
* changes:
netbpfload: remove netbpfload.rc
netbpfload: remove support for limiting selinux contexts
netbpfload: do not create /sys/fs/bpf/loader subdir
type safety for 'bool downstream'
type safety for 'bool updatetime'
Currently, metalava will discard concrete overrides of abstract methods
from the API signature files which causes problems when attempting to
generate stubs from those files and also discards information that may
be important in API reviews. This change is the first step in the
process of changing that behavior.
This change hard codes the current behavior for discarding the concrete
overrides (`add-additional-overrides=no`) into those signature files
that will (or are likely) to be affected by the change in behavior.
That allows the default behavior to be changed for all the other files
without affecting these.
Follow up changes will remove the hard coding from the signature files
and will update the contents which will include the concrete overrides
of the abstract methods.
More information and the background for this change is available at
go/add-overriding-one-pager.
Test: m checkapi
Bug: 299366704
Change-Id: I52c5bbe2e3bbd36019fe44fcb0b2d19876a5a869
I think it's better to just put this in bpfloader.rc,
where we can guarantee the correct ordering.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie2c5ab1cb1de015397ac54867ae6bb0c4321d207
No need for this, as we simply only support those selinux
contexts (and directories) which are available to networking.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I35b134c57411f82514b9f7148411f83d3aee1927
(it's already created by the platform bpfloader)
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ie22f585cab17fd2bded3d97a9cfe1019b792b69d
funky naming 'stream.down', because downstream.downstream is just too long...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id234654fa8960e7430fc33119f36fd94b858d242
No need for this, as we simply only support network
program types in the first place.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I163e21fd4d4089882cf37fc68bc4299003b514d7
We are unlikely to ever be willing to load these
program types from mainline, as it is simply too dangerous.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1b0943d39b8131699f4606e8d165f3c944d453ed
(reversing logic, as 'rawip.rawip' is much shorter then 'ethernet.ethernet')
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ib48cc2b889e8b587e14edbe89606f887a884af87
service-connectivity-mdns-standalone-build-test builds the mDNS
discovery and advertisement implementation against API level 21.
This stops the advertisement code from calling new NsdServiceInfo
public or private APIs which are required by Thread.
This commit removes the mDNS advertisement code from the standalone
build to loose the check given this will never be used by GMS Core.
Bug: 265095929
Test: verified that it can build with aosp/2608627
Change-Id: I32cfce7b994d51a4b4ec468e9f79ffc2be6635ff
Generated via:
for f in bpf_progs/{block,dscpPolicy,netd,offload,test}.c; do
sed -i -r 's@KVER[(]([45]), ([0-9]+), 0[)]@KVER_\1_\2@g' "${f}"
done
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8f211e47bf259fc75aa1caaaf82f41c1929ceab2
(in preparation for moving it into netbpfload)
The programs themselves (in bpf_progs/block.c) required a 5.4+ kernel.
We relax this restriction to 4.19+ as we don't have any 5.4 device coverage
(while the pixel 4a 5G / 5 / 5a are all 4.19 devices).
I believe we could relax it further to 4.14+ but Pixel 4/4xl/4a that
would exercise those code paths are EOL and probably have poor to
non existent test coverage, and we cannot do anything for 4.9 T devices
anyway.
Note: on <4.19 kernels (ie. T devices running 4.9/4.14, U running 4.14)
this results in ConnectivityNativeService going from null to initialized
(as the bpf map will exist).
This doesn't hurt as the set/clear port interfaces are only ever
called by vendor code on devices where the kernel doesn't support
the older mechanism. And even if you call them it will just set/clear
the bits in the bpf bitmap, they just won't actually affect anything.
We could flag the map itself as being 4.19+ as well, but I think
I prefer the no-op map to exist...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1085addd22f4f3b709e1875049633832c5dac836
