Use shell permissions to obtain CREATE_USERS to call
ActivityManager.getCurrentUser in ConnectivityServiceTest.
This is necessary to allow the tests to run in coverage tests without
the platform certificate.
Bug: 187935317
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I5a56ffab4820d351dcdb132046698cd0d3b8bdb1
* changes:
Adjust a test for policy scoring
Enable policy ranking
Add CTS to verify NetworkAgent#setLingerDuration
Allow network providers to set the linger duration.
Fix nascent timer never get removed
[NS13] Remove the last usage of the legacy int
Add documentation
Use filter from CollectionUtils.
Fix a bug where updates of offers won't find existing offers
[NS12] Address comments on NS09
[NS11] Fix yieldToBadWifi over the policy scoring
Add doc for NetworkScore#getLegacyInt
Expose sendNetworkScore that takes a NetworkScore
To allow unit tests to run without platform certificates, remove
signature permission usage in ConnectivityServiceTest.
This mocks permission checks done in ConnectivityService for which the
test assumed that the permission was held, and mocks calls to
BatteryStatsManager. Calls to ActivityManagerService (through
PendingIntent) are done with shell permissions as the test uses real
PendingIntent mechanics.
Bug: 187935317
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I80c5cae5fcd3d40be55d1a79a93d614e665fbbf4
This is necessary to mock classes like BatteryStatsManager, which cannot
be used without signature permissions, and to merge the test with other
test suites that use mockito extended.
Bug: 187935317
Test: atest FrameworksNetTests
Change-Id: I5dba65d806c5d06b3ff8f633846edb911a7a44ec
Currently, when a network that uses 464xlat is torn down,
NetworkCallbacks will receive onLinkPropertiesChanged after
onLost. This is confusing and incorrect.
The incorrect callback is sent because handleLinkProperties
checks that the netId of the agent still exists, not that the
NetworkAgent is still registered. This is normally correct,
because the NetworkAgent is removed from mNetworkAgentInfos and
the netId are removed from mNetworkForNetId by the same method,
disconnectAndDestroyNetwork.
In this specific case it's not correct, because the call to
handleUpdateLinkProperties is from disconnectAndDestroyNetwork
itself via nai.clatd.update and calls Nat464Xlat#stop.
No other callers of handleUpdateLinkProperties are affected
because:
- EVENT_NETWORK_PROPERTIES_CHANGED is called only by
maybeHandleNetworkAgentMessage, which first checks that the
NetworkAgent is registered.
- handlePrivateDnsSettingsChanged only looks at registered
NetworkAgents (it loops over mNetworkAgentInfos).
- handlePrivateDnsValidationUpdate, handleNat64PrefixEvent and
handleCapportApiDataUpdate call getNetworkAgentInfoForNetId,
which will correctly determine that the agent is no longer
registered, since they run on the handler thread and thus
cannot run at the same time as disconnectAndDestroyNetwork.
The existing code contains a check for the netId being current.
This is intended to ensure that an update from a NetworkAgent
cannot affect another agent with the same Network. This extra
check is not necessary, because code running on the handler
thread can never observe a NetworkAgent in mNetworkAgentInfos
unless mNetworkForNetId maps that NetworkAgent's Network to that
NetworkAgent. This is because mNetworkForNetId is updated by the
same methods as mNetworkAgentInfos, and those updates occur on
the handler thread. So all code on the handler thread will see
those two as consistent.
Bug: 176496580
Test: atest FrameworksNetTests CtsNetTestCases HostsideVpnTests
Change-Id: I944f4c6ad36206bdccd85a6ea7ef71324a29c685
Ensure that NetworkCallbacks and netd operations are accounted
for. Also add a test for the spurious onLinkPropertiesChanged
callback that is currently send out after onLost.
Bug: 176496580
Test: atest ConnectivityServiceTest
Change-Id: I69cf58bc87dfe55ea359a2cd76167d03fe2c953d
Test: Passes all presubmits, been tested in labs
Bug: 184834350
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: If33884aa245bcc8817bbc9c2fdfab035249e7301
Change-Id: If33884aa245bcc8817bbc9c2fdfab035249e7301
(cherry-picked from ag/14150470)
By design, the nascent timer will be removed after a network
satisfied first request. However, this never happens.
Because the mInactive is false when that happens, so isNascent
is never true.
Furthermore, when removing a nascent timer, the inactivity
state can never be updated since no condition in the
updateInactivityState will be met to update the state correctly.
Thus, update inactive state accordingly when adding/removing the
nascent timer.
Test: TH
Bug: 184227264
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I4c1521b6e0ef68ac489771a2ab6b09ef3e381577
Change-Id: I4c1521b6e0ef68ac489771a2ab6b09ef3e381577
(cherry-picked from ag/14060609)
Note that this requires removing part of a test, because
that part is testing that the a 50 bonus of the legacy
int is stronger than the validation penalty, which is
not a mechanic we want to have. When WiFi is unvalidated
and cell is unvalidated, cell should be kept in case it
validates, like is described in comments in
isNetworkPotentialSatisfier ; however this test is
checking that it *IS* reaped off if the wifi score is
strong enough. This should be incorrect, and should not
be tested, so this patch removes the check.
Test: ConnectivityServiceTest
Bug: 184834350
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I8966abee59fea2d9f10f082aba87df6588b72762
Change-Id: I8966abee59fea2d9f10f082aba87df6588b72762
(cherry-picked from ag/14127306)
This doesn't reactivate the test because it's not yet fixed over int
scoring.
Bug: 184834350
Test: Remove @Ignore and run testAvoidBadWifi
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I32477db52eb50faabc499fa68e24ba07577782aa
Change-Id: I32477db52eb50faabc499fa68e24ba07577782aa
(cherry-picked from ag/14064906)
At this stage, this is turned off. Unit tests will be
in a followup change.
Test: In a followup
Bug: 167544279
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I4448a3546fbc1a3dddf757982c031c5f39ba2889
Change-Id: I4448a3546fbc1a3dddf757982c031c5f39ba2889
(cherry-picked from ag/14010222 with fixes)
This exposes a mechanism for network providers to tell
the network stack that a given network must be kept up
for some specific reason. This is meant to be easier
for them than to have to file a request, in particular
because there is no guaranteed way to make sure the
request will be best matched by any given network.
Test: new test for this
Bug: 167544279
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I238a3ee5ee9262477a23b897e4141769dd1505d1
Change-Id: I238a3ee5ee9262477a23b897e4141769dd1505d1
(cherry-picked from ag/13929760)
Per-app APIs in ConnectivityService will now have their fallback
request which tracks the system default be of type TRACK_DEFAULT
as opposed to REQUEST. Existing tests which expect this fallback request
to be sent to network factories need to be updated to validate this
change.
Bug: 180452284
Bug: 176494815
Test: atest FrameworksNetTests
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I5125755b3ed1ec535494e2d7a48c0860710ed056
Change-Id: I5125755b3ed1ec535494e2d7a48c0860710ed056
(cherry-picked from ag/14286730)
The design is very simply expressed :
An offer is needed for a request if and only if that offer
might beat the satisfier for that request.
The implementation of "might beat" is NetworkRanker#mightBeat.
Test: FrameworksNetTests FrameworksWifiTests NetworkStackTests
Bug: 167544279
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Merged-In: I0fe911eef2483ecbac48c733d56283b81538690a
Change-Id: I0fe911eef2483ecbac48c733d56283b81538690a
(cherry-picked from 7b6a33bd50)
Now, PermissionMonitor reigster observer to listen the change
from all users, but "uids allowed on restricted networks" should
affect to all users instead of per each user. Thus, move the
setting from Settings.Secure to Settings.Global.
Bug: 189705071
Test: atest FrameworksNetTests
Merged-In: Ibea354d8dda1f02652a193820f3f9eb573b9a956
Change-Id: Ibea354d8dda1f02652a193820f3f9eb573b9a956
- Read MOBILE_DATA_PREFERRED_UIDS setting when system ready
- Register MOBILE_DATA_PREFERRED_UIDS setting observer
- Send uid ranges to netd when update mobile data preferred uids
Bug: 171872461
Test: atest FrameworksNetTests
Merged-In: I5153c770650594e05dfa8cf230d7381d790f4a55
(cherry-pick with minor conflicts)
Change-Id: I5153c770650594e05dfa8cf230d7381d790f4a55
Netd should be obtained via getSystemService, and
ModuleNetworkStackClient must be used instead of NetworkStackClient for
modules.
Original change (project moved):
Ibe703ac56dd70673115cd8b95b44b856a7fc01f3
Bug: 171540887
Test: m
Merged-In: I3c2563d4ae4e3715d0c6270344ba8f7ef067872f
Change-Id: I6c8593712c0e86da139d425ef6240c5004e392e2
As API review feedback, setting allowed on restricted networks
should be by uid instead of package name for security reason.
Thus, update the getter/setter to return/accept set of uids.
Bug: 188085693
Test: atest FrameworksNetTests
Merged-In: I979bf98075e6c9c0ed7e891582843fddb62643cb
Change-Id: I979bf98075e6c9c0ed7e891582843fddb62643cb
This CL updates ConnectivityDiagnostics permission checks in
ConnectivityService to only require location permission for Networks
that have TRANSPORT_WIFI. This change is consistent with the location
restrictions required for the transports themselves. Previously,
location permissions were required for all Network types.
Bug: 187310575
Test: atest ConnectivityServiceTest ConnectivityDiagnosticsManagerTest
Change-Id: I48806533e4e705d2d9be45f3b3d3931d9294b167
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
