Test: atest ConnectivityCoverageTests:android.net.connectivity.com.android.server.net.NetworkStatsServiceTest
(with debug code that dump all threads at the end of tests)
Fix: 308544001
Change-Id: I597054633bbb008ffd0edebe34dcf6935958aa5d
The information is needed by modules who want to know whether a
specific UID is blocked by Data Saver feature.
1. Add a one-element map data_saver_enabled_map.
2. Update current data saver setting to the map.
Bug: 288340533
Test: atest FrameworksNetTests:android.net.connectivity.com.android.serv
er.BpfNetMapsTest
Test: atest bpf_existence_test
Change-Id: I981da4b569247c33cba2d365cb6f2691f673474e
1. At present, the transportTypes in NetworkCapabilities have been
passed into DnsManager::updateTransportsForNetwork() as a parameter. In
the following CL, we also need to pass the 'metered' (also in
NetworkCapabilities) as a parameter to the function. Instead of passing
the members of NetworkCapabilities one by one, it is better to pass the
entire NetworkCapabilities.
2. Rename updateTransportsForNetwork() to
updateCapabilitiesForNetwork().
Bug: 288340533
Test: presubmit
Change-Id: I0966124f87b12c1d5a2eaee681885c3d5c7f74dc
This reverts commit 55ccfe19e2.
Reason for revert: this must be introducing some sort of race
it appears to cause
atest EthernetTetheringTest 'NetdBinderTest#TetherForwardAddRemove'
to no longer reliably pass.
Change-Id: I5281ab3f42c5ce268d97a12db24a6768db3f4354
testDumpDoesNotCrash does not dump enough objects to have full
coverage. e.g. In b/303348620, it did not detect the crash since
there is no NetworkAgentInfo stored in ConnectivityService.
This change ensures ConnectivityService is filled with more
objects that will be dumped:
1. NetworkProvider
2. NetworkAgentInfo
3. NetworkOffer
4. Network preferences
Bug: 303348620
Test: atest FrameworksNetTests
Change-Id: I7e2f1954c91409f3bf0daf01300e34ce73e311cb
(mostly to improve code coverage)
We can always revert if it ever turns out this is useful,
but I'd prefer for cgroup attach to be a once-at-boot
thing and handled either from bpfloader or the netd updatable
which are both directly C++ code.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I79b5ca8a47388cb6b9189234942e74ab6056aab9
The performPoll method in the NetworkStatsService can be called
for many reasons, such as RAT changed events, LinkProperties
changed events, open session method calls, forceUpdate method
calls, etc.
However, the current logging is not sufficient to trace down
the caller of performPoll. This makes it difficult to debug
frequent poll issues or performance problems.
Adding debug log to logcat is not an option, given that
performPoll might run several times per second by system server
callers.
This change adds a reason code to the performPoll method and
a helper class to log performPoll events. This will allow us
to track down the caller of performPoll and better understand
why it is being called frequently or causing performance
problems.
This change also introduces a PollEvent object, which can be
used to put related information in subsequent changes when
logging.
Sample output:
Poll counts per reason:
DUMPSYS: 0
FORCE_UPDATE: 6
GLOBAL_ALERT: 0
NETWORK_STATUS_CHANGED: 3
OPEN_SESSION: 0
PERIODIC: 1
RAT_CHANGED: 1
REG_CALLBACK: 3
REMOVE_UIDS: 0
UPSTREAM_CHANGED: 1
Recent poll events:
2023-10-04T02:47:12.937370 - Poll(flags=3, PollEvent{reason=REG_CALLBACK})
2023-10-04T02:47:13.178559 - Poll(flags=3, PollEvent{reason=FORCE_UPDATE})
Test: manual
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.net.NetworkStatsEventLoggerTest
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.net.NetworkStatsServiceTest
Bug: 301141955
Change-Id: Ic6d0543ccdef12493385f45200199854b841a26b
A helper class to *read* java BpfMaps. This is designed to
provide direct bpf access in the caller process through
ConnectivityManager APIs.
The change also removes any statical link to
net-utils-device-common-struct from service-connectivity.
This is because net-utils-device-common-struct is already
included in framework-connectivity. Including it again in
service-connectivity would create a r8 build fail by circular
dependency.
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.BpfNetMapsTest
Test: atest ConnectivityCoverageTests:android.net.connectivity.com.android.net.module.util.StructTest
Test: atest FrameworksNetTests:android.net.connectivity.android.net.BpfNetMapsReaderTest
Bug: 297836825
Change-Id: I7a6d2eb816d0dc7343167bddd672806b199f44fe
* changes:
Add tests for always on lockdown VPN on system user.
Remove MockVpn.setAlwaysOnPackage() non-lockdown.
Mock onUserAdded() and onUserRemoved()
Refactor helper method to return integer ranges.
Add tests for onUserAdded and onUserRemoved
Call setRequireVpnForUids() directly to mock an always on Vpn
being enabled instead of calling the real Vpn method.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I63d6547104cc6ee984413d4cf6027ceecd301ecc
Add test coverage for Vpn.setAlwaysOnPackage() where the caller
is system user to ensure uid = 0 is not restricted.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Id9f81fdf0147597f64f8440b971930b3bd7b55e5
Remove calls to MockVpn.setAlwaysOnPackage() where lockdown is
false as this does not cause any changes to occur. Also verify
setRequireVpnForUids() is not called for this case in VpnTest.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I3428e8b31b02975975be9e943e1f88cf0e80c5ee
Replace calls to onUserAdded() and onUserRemoved() to their
equivalent setUids() or setRequireVpnForUids() calls.
Note coverage for the calls to Vpn were added in VpnTest.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ifa895f71f78bd3376216fd2759c7a5a33cd3aff1
Calls to setRequireVpnForUids() for Vpn lockdown actually uses a
List instead of a Set of integer ranges.
Add intRangesExcludingUids() to return the needed List of integer
ranges and replace relevant usages of UidRange.toIntRanges() with
it.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I61cd4751ce2faeb129daa5ad5da7181e3c1df73c
The TTL check and removal of expired services is currently only
performed when a mDNS query is sent. This can result in expired
services remaining in the cache if no queries are sent. To
address this, the remaining TTL will be checked when retrieving
services from the MdnsServiceCache. Add a new flag to enable
the expired services removal feature. This feature will be
implemented in subsequent changes.
Bug: 265787401
Bug: 304649384
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I30f0eea568ee45d363cc02821de0921d6040f981
I0afdda023208c3f8620cb5b89add66448af596d7 added some assertions
to ensure NetworkAgentInfo can only be accessed from the handler
thread. This is good to eliminate any potential concurrent
accessing problem. Howver, dumpsys runs on binder thread, this
change breaks dumpsys functionality.
Thus, this change:
1. Copy Handler#runWithScissors() and related class
locally since they are @hide methods.
2. Run doDump on the handler thread and waits for return.
Test: adb shell dumpsys connectivity
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.HandlerUtilsTest
Fix: 303348620
Change-Id: Ic3a22f5d370bbf8c18b1972e86d695b6ad61bd0d
Test coverage of adding and removing a restricted user with and
without lockdown mode, using either setLockdown() and
setAlwaysOnPackage().
This change also refactors makeVpnUidRange() to return a list
and adds makeVpnUidRangeSet().
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I47a25e9f0337f5c1d5754c279534640cd2753b5c
Root cause not yet located, disable test to unblock TH.
Test: atest ConnectivityCoverageTests:android.net.connectivity.android.net.NetworkStatsHistoryTest
Bug: 302325928
Change-Id: I618090b67e428ab911ec88e7daab30c14cccbf64
This is a no-op change and refactors the design for subsequent
TTL expiration check changes.
- Add a ServiceExpiredCallback to notify expired services.
- To simplify the design, pass the CacheKey to MdnsServiceCache
methods instead.
Bug: 265787401
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I930a4f7baf9b8d3d0037dc6aefd717dbdd486520
Override Vpn.setUnderlyingNetworks() to do a direct call on the
network agent instead of relying on the Vpn class.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ib7883f8a81a22317616cae79ce57a30afdd2bed4
Call setRequireVpnForUids directly to enable lockdown instead of
calling the real Vpn method.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I91ec59f7542d145e9250a7e7a414593db3d99424
This doesn't do anything at this patchset, but the whole
pipe from the agent to ConnectivityService is built.
LocalNetworkInfo will be the name of the public information
sent in callbacks to clients.
Test: CSLocalAgentTests
Change-Id: I70e133031ef3b0aaf6c3e59ccc2ad895c66d339c
This patch does the following :
• When a network is local but the system doesn't support it,
throw in registerNetworkAgent.
• When a network is local, tell netd about it.
• Add tests for the above, as well as a test for callbacks
being sent correctly when the caps are set and not when
they aren't and that the new keep connected flag is
respected.
Telling netd about the network being local has it add two
routes that do not exist if the network is not local :
• One at PRIORITY_LOCAL_NETWORK matching unmarked sockets
and looking up the table for the interface.
20000: from all fwmark 0x0/0x10000 lookup xxxx
• One at PRIORITY_EXPLICIT_NETWORK matching explicitly on
network 99, so that dnsmasq traffic and any OEM traffic
marked for network 99 flowing there.
16000: from all fwmark 0x10063/0x1ffff iif lo lookup xxxx
IMPLICIT_NETWORK and EXPLICIT_NETWORK rules are installed
by connectivity service as a matter of course whether the
network is local or not.
See commit If8729fc6f3716a580c936584b851bc38000b5de5 for
implementation details of this mechanic.
There is no need to implement anything in particular for the
new connected reason, as the current implementation will
already keep it connected. A new test makes sure of that.
Test: FrameworksNetTests
CtsNetTestCases
FrameworksNetIntegrationTests
NetworkStackTests
NetworkStaticLibTests
TetheringTests
MtsTetheringTestLatestSdk
TetheringIntegrationTests
Change-Id: I6fb7dfe4c232eea8cac9ac268897ddb36bb794d1
* changes:
Ensure nri is satisfied before returning.
Add testLockdownVpn that mocks platform VPN.
Make variables in testLegacyLockdownVpn() final.
Update testLegacyLockdownVpn to mock VPN.
When a network preference is set, the highest priority nri will
be a managed default request that disallows default networking.
In the case where there is no satisfying network,
mNoServiceNetwork is used as the satisfier instead of null.
(see computeNetworkReassignment)
mNoServiceNetwork should not be returned in any public API.
Check for the nri being satisfied before returning the satisfier
to ensure mNoServiceNetwork is not returned.
Fixes: 301222648
Test: atest FrameworksNetTests
Change-Id: I22d67a7e8d0274d8ad4f6123fbedf6d37eed18e7
Add a test for lockdown vpn that uses TYPE_IKEV2_IPSEC_PSK and
mocks platform VPN by override in startLegacyVpnPrivileged().
In the context of ConnectivityService, setVpnDefaultForUids()
is the main interaction.
Refactor testLegacyLockdownVpn to take a VpnProfile and assert
behaviors with and without setVpnDefaultForUids().
This includes:
1. Updating callback asserts and assertActiveNetworkInfo to
reflect setVpnDefaultForUids().
2. Adding TODOs where mCm.getActiveNetworkInfo() returns
unexpected values.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ida4a4bc745af5ba2fc251795b2ffca56ead79b7f
