* Provide App Developers Qos related info associated to
a bound socket through ConnectivityManager
* Qos sessions are generated and filtered by Network Agents
and sent back through the Connectivity Service to the
API consumer.
* The structure of the code within com.android.server
is designed to support different types of filters in the
the future.
* The first type of Qos Attributes are related to EPS
Bearers in order support RCS.
Bug: 155176305
Test: Added to cts/NetworkAgentTest
Test: Added to ConnectivityServiceTest
Change-Id: I145dd065d9deeee449eb9695ab3f6c8556ee7c09
* changes:
Address comments on aosp/1539753, aosp/1542487 and aosp/1547496.
Fix propagating underlying caps when a network disconnects.
Test for bugs with suspended VPN underlying networks.
aosp/1513052, which generalized support for underlying networks,
broke default network switching when the network underlying a VPN
disconnects.
This is because it calls propagateUnderlyingNetworkCapabilities
in the middle of the bookkeeping operations needed when a
network is disconnected (specifically, after all satisified
requests are removed from the disconnecting network, but before
mDefaultNetworkNai is updated). This is completely incorrect
because propagateUnderlyingNetworkCapabilities can trigger a
network rematch, and running a rematch when the request data
structures are inconsistent is obviously wrong. See the test
changes in this CL for an example of the damage.
Fix this by moving propagateUnderlyingNetworkCapabilities to
before the bookeeping operations begin. It must be before
mDefaultNetworkNai is updated, because otherwise it will not know
that the default network is disconnecting, and it will not be
able to propagate capabilities to VPNs that set underlying
networks to null (i.e., to the default network). It must be
after the nai is removed from mNetworkForNetId because
otherwise it will think that the underlying network is still
connected.
Bug: 173331190
Test: accompanying unit test shows lots of bugs removed
Change-Id: Ibf376a6fa4b34d1c96f8506fa8abbb7595a8c272
This will be mainly used by VCN management service which will
need to hold the networks but preserve the backgrounded-ness
of the networks.
Test: android.net.ConnectivityManagerTest#testRequestType
Test: android.net.cts.ConnectivityManagerTest#testRequestBackgroundNetwork /
--rerun-until-failure 100
Test: ConnectivityServiceTest#testBackgroundNetworks
Test: m -j doc-comment-check-docs
Bug: 175662146
Change-Id: If9aaa87b7e71c2b695ac7b08858850e975b28bb6
This test flakes about 1% of the time on my device. This is due
to the test calling expectNetworkRejectNonSecureVpn() before the
handler thread has processed the call to setAlwaysOnVpnPackage.
Fix this by waiting for callbacks where it is possible to do so,
and by calling waitForIdle where it is not.
Test: test-only change
Change-Id: Ic5750d4fdf9e7e3654a2b6ade74da6bc5de18fb6
Code review comments have suggested that this test is too long
and difficult to understand. Split it into two tests and put some
of the common setup into setup methods and statics.
Bug: 173331190
Test: test-only change
Change-Id: I9fa888c940d7048f1ba6836a5706fbdb84b5f5c9
These fields have been recently audited, confirmed never to be
null, and annotated @NonNull. Ensure that they can never become
null by throwing exceptions in the codepaths that set them.
Also remove some null checks.
Test: atest FrameworksNetTests
Change-Id: I6ce5bb4d69a990f1c857c599b7e50e372352eb87
This is a port of the exemption that exists in WifiPermissionsUtil.
Settings, sysui, network stack needs to be able to access all network
state regardless of location toggle. If we want to move sysui, etc to
retrieve WifiInfo via NetworkCapabilities (which is the current plan),
this exemption is essential since UI should reflect wifi state
regardless of location toggle state.
Bug: 162602799
Test: atest LocationPermissionCheckerTest
Change-Id: I49ce465eccce27bb7a860d882360436fd9ec19c6
Makes two new SystemApis:
getRestrictedProfileParent()
canHaveRestrictedProfile()
Temporarily disables VPN Tests that rely on the old APIs until those
tests are updated (b/175883995).
Bug: 171529940
Test: atest FrameworksNetTests:com.android.server.connectivity.VpnTest
Test: Tests for UserManager SystemApis are TODO awaiting completion of new user test infrastructure (b/163890431)
(cherry picked from commit 20ba13f5bc482de37a569c8c791ee5be9e7874b4)
Change-Id: I28e39400039631e7d391dc7b0d003e8a38d1f06a
We currently test CONNECTIVITY_ACTION broadcasts by directly
registering BroadcastReceivers with BroadcastInterceptingContext,
and making the receivers unregister themselves when all the
broadcasts they expect have been received.
This works for current test cases, but does not work if anything
registers another receiver for CONNECTIVITY_ACTION. In that case,
when we unregister the receiver in the receiver's onReceive
method, BroadcastInterceptingContext will throw a
ConcurrentModificationException because the list of receivers is
being modified during iteration.
Fix this by adding an ExpectedBroadcast class that stores the
receiver and unregisters the receiver only when the test checks
that the broadcast was received, which happens after the receiver
runs. This is easier to use and also guarantees that the receiver
is unregistered even if the test is expecting that the broadcast
is never fired. Accordingly, remove mRegisteredReceivers and the
code that uses it; it's no longer necessary now that
ExpectedBroadcast always unregisters its receivers.
Also add a convenience expectConnectivityAction method to expect
a CONNECTIVITY_ACTION broadcast with specific contents. This
makes the test easier to read and more detailed. Convert some
existing tests to this method.
While I'm at it, fix a test that was using "mCellNetworkAgent" to
represent a wifi network.
Bug: 173331190
Test: test-only change
Change-Id: Ibada8b4215625e1016d9fd170526206920af76f5
Waiting for idle in testRequestsSortedByIdSortsCorrectly to give it time
to handle async operations as part of registering network callbacks.
Bug: 177376544
Test: atest FrameworksNetTests:ConnectivityServiceTest#
testRequestsSortedByIdSortsCorrectly --rerun-until-failure 200
Change-Id: I268c4607d1a4c79e79f1385f014563cea0c2f979
The first parameter of adding idle timer is an unique identity
to communicate between ConnectivityService and netd. Netd will
notify the activity change using the identity, so it's fine to
replace the legacy type with transport type since we should
deprecate the usage of legacy type.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: Ia00606539b86872cca9a92285bd940c8a720a033
Add new capability to indicate whether a network is
managed by Virtual Carrier Network (VCN). This is needed
to identify networks between VCN managed network and
others. And this capability will be:
1. mutable
2. requestable
3. set by default for network agents and requests
4. allowed for test networks
Test: 1. atest FrameworksNetTests CtsNetTestCases
2. adb shell dumpsys connectivity
3. atest ConnectivityServiceTest#testLoseMutableAndRequestableCaps
Bug: 175662146
Change-Id: Ia5eeb3912a687164fa95d7ba5516fd73abca79ba
Changes:
i) Add a new constructor for NetworkCapabilities which accepts whether
location sensitive fields need to be parceled or not. Defalts to false
on the other constructor. This boolean should only be set on the copy of
NetworkCapabilities when sent to apps that hold location permission.
(Similar to how sensitive fields are handled in LinkProperties)
ii) Add a new makeCopy() method in the TransportInfo interface which
accepts whether location sensitive fields need to be parceled or not.
iii) Migrate the existing NetworkCapabilities owner UID masking to use
this new mechanism (instead of existing masking in ConnectivityService).
iv) Always set parcelLocationSensitiveFields to true in the NetworkAgent
surface (since that is a privileged surface from the transports to the
connectivity service)
v) Add a hasSensitiveFields() in TransportInfo interface to avoid
perfoming location permission checks for location insensitive
TrasnsportInfo.
Also, migrate to the new SdkLevel util for isAtLeastR() & isAtLeastS()
checks.
Bug: 162602799
Test: atest android.net
Test: atest com.android.server
Change-Id: Ie522d8c75a82ae521ccfd5165823d0c72642e651
Merged-In: Ie522d8c75a82ae521ccfd5165823d0c72642e651
Netd currently calls maybeCloseSockets before adding/removing users for
network. The task should be moved from netd to CS. In this way, we can
handle WiFi lingering more easily in the future.
Test: atest HostsideVpnTests
Test: atest FrameworksNetTests
Change-Id: Icf8125e8552c89da367a67f48611ed193a1a343d
Currently, ConnectivityService calls the IpConnectivityMetrics
service class directly to log default network events. This is
incompatible with ConnectivityService being in a mainline module.
Replace direct access to IIpConnectivityMetrics with public
methods in IpConnectivityLog, which is @SystemApi class.
The new methods are not yet @SystemApi, but they can be made so
if desired. Alternatively, these metrics could be deleted.
Also remove the IpConectivityMetrics service from the
service-connectivity JAR, and go back to starting it from
SystemServer.java, which is what was happening a few hours ago
before aosp/1542626 was merged.
Test: builds, boots
Test: atest FrameworksNetTests
Test: "dumpsys connmetrics" shows events, including default network events
Change-Id: I9d6147d93590363a2f8f83f39f05c03d001b4851
Currently, ConnectivityService decides the request type by
whether NetworkCapabilities is null when handling request
network. However, to fulfill the need of firing background
request via ConnectivityManager in the follow-up patches,
the request type is needed to pass into ConnectivityService.
This change also make ConnectivityService utilizes the passed
request type.
Test: atest ConnectivityManagerTest#testRequestType
Bug: 175662146
Change-Id: I3bc172bca1217c8020db45057a621d0745d43b3c
Extend CaptivePortalData with a member to hold the venue friendly
name. If CaptivePortalData is initialized by both the network
agent and Capport, merge the two objects to include the venue
friendly name and prioritize the venue URL from the network
agent.
Bug: 162783305
Test: atest ConnectivityServiceTest
Test: atest CtsNetTestCasesLatestSdk:CaptivePortalDataTest
Test: End-to-end test
Change-Id: I4fdf356be42237c5b6c0ae5bacfd3cec4726861b
This code is no longer used. Delete it and the tests for it.
One of the tests checks that when a restricted profile is added,
the lockdown UID rules are updated to cover that profile as well.
ConnectivityServiceTest does not currently has coverage for this,
so add it.
Bug: 173331190
Test: moved unit test from VpnTest to ConnectivityServiceTest
Change-Id: Ic350b90946870890bf031668bb5c201037b0bd15
Currently, when an always-on VPN is set in lockdown mode, Vpn
configures prohibit UID rules in netd directly and does not
inform ConnectivityService of the fact.
This means that ConnectivityService cannot send NetworkCallbacks
that tells apps that they are blocked or unblocked. It also means
that ConnectivityService has to take the mVpns lock and call into
Vpn to allow synchronous APIs such as getActiveNetwork to return
BLOCKED if the app is blocked.
Move all this to ConnectivityService:
- Add a setRequireVpnForUids API to ConnectivityManager, and have
that pass the routing rules to netd.
- Update VpnTest to expect calls to ConnectivityManager instead
of to netd.
- Whenever setRequireVpnForUids is called, ensure that
ConnectivityService sends onBlockedStatusChanged to the
affected callbacks.
- Update existing unit tests to check for callbacks.
- Add a way to find the VPN that applies to a given UID without
taking the VPN lock, by instead scanning all connected VPNs.
Use this as a replacement for direct access to mVpns.
For simplicity, and in order to ensure proper ordering between
the NetworkCallbacks sent for VPNs connecting and disconnecting,
process blocked UID ranges on the handler thread. This means that
when setRequireVpnForUids returns, the rule changes might not
have been applied. This shouldn't impact apps using network
connectivity, but it might mean that apps setting an always-on
package, and then immediately checking whether networking is
blocked, will see a behaviour change.
Bug: 173331190
Fix: 175670887
Test: new test coverage in ConnectivityServiceTest
Test: atest MixedDeviceOwnerTest#testAlwaysOnVpn \
MixedDeviceOwnerTest#testAlwaysOnVpnLockDown \
MixedDeviceOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedDeviceOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedDeviceOwnerTest#testAlwaysOnVpnPackageLogged \
MixedProfileOwnerTest#testAlwaysOnVpn \
MixedProfileOwnerTest#testAlwaysOnVpnLockDown \
MixedProfileOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedProfileOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedProfileOwnerTest#testAlwaysOnVpnPackageLogged \
MixedManagedProfileOwnerTest#testAlwaysOnVpn \
MixedManagedProfileOwnerTest#testAlwaysOnVpnLockDown \
MixedManagedProfileOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedManagedProfileOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedManagedProfileOwnerTest#testAlwaysOnVpnPackageLogged
Test: atest FrameworksNetTests HostsideVpnTests \
CtsNetTestCases:VpnServiceTest \
CtsNetTestCases:Ikev2VpnTest
Change-Id: Iaca8a7cc343aef52706cff62a7735f338cb1b772
Using these generalized interfaces is more flexible, since it enables
us to pivot the implementation being used internally. In particular,
an upcoming CL will pivot them to use a more efficient alternative.
This is a no-op refactoring.
Bug: 176777285
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: Ibd4717174cf1f136e9d5d80172ecb6e493265306
Currently, when network factory is under testing, but failed
without terminating the network factory. The mocked network
factory will stay registered and trigger another assertion
fail in teardown(). Thus, the test suite will only shows
the callstack that generated in teardown() instead of the
original fail. The error message is misleading and not useful
at all.
Thus, safely terminate and quit mocked network factory after
testing to prevent assertion fail in teardown().
Test: atest ConnectivityServiceTest#testMobileDataAlwaysOn
Bug: 175180558
Change-Id: I0f96332cc05221e576bd792c6cd26d9dccb4e228
Connectivity service is going to become a mainline module which
will not able to access hidden APIs. Thus, use formal API
Context#getSystemService() to get network policy service instead
of hidden API ServiceManager#getService().
Bug: 170598012
Test: atest FrameworksNetTests FrameworksNetIntegrationTests
Change-Id: I4f286264b5800b2b922f85a76ddd20d64d53000a
