A helper class to *read* java BpfMaps. This is designed to
provide direct bpf access in the caller process through
ConnectivityManager APIs.
The change also removes any statical link to
net-utils-device-common-struct from service-connectivity.
This is because net-utils-device-common-struct is already
included in framework-connectivity. Including it again in
service-connectivity would create a r8 build fail by circular
dependency.
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.BpfNetMapsTest
Test: atest ConnectivityCoverageTests:android.net.connectivity.com.android.net.module.util.StructTest
Test: atest FrameworksNetTests:android.net.connectivity.android.net.BpfNetMapsReaderTest
Bug: 297836825
Change-Id: I7a6d2eb816d0dc7343167bddd672806b199f44fe
* changes:
Add tests for always on lockdown VPN on system user.
Remove MockVpn.setAlwaysOnPackage() non-lockdown.
Mock onUserAdded() and onUserRemoved()
Refactor helper method to return integer ranges.
Add tests for onUserAdded and onUserRemoved
Call setRequireVpnForUids() directly to mock an always on Vpn
being enabled instead of calling the real Vpn method.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I63d6547104cc6ee984413d4cf6027ceecd301ecc
Add test coverage for Vpn.setAlwaysOnPackage() where the caller
is system user to ensure uid = 0 is not restricted.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Id9f81fdf0147597f64f8440b971930b3bd7b55e5
Remove calls to MockVpn.setAlwaysOnPackage() where lockdown is
false as this does not cause any changes to occur. Also verify
setRequireVpnForUids() is not called for this case in VpnTest.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I3428e8b31b02975975be9e943e1f88cf0e80c5ee
Replace calls to onUserAdded() and onUserRemoved() to their
equivalent setUids() or setRequireVpnForUids() calls.
Note coverage for the calls to Vpn were added in VpnTest.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ifa895f71f78bd3376216fd2759c7a5a33cd3aff1
Calls to setRequireVpnForUids() for Vpn lockdown actually uses a
List instead of a Set of integer ranges.
Add intRangesExcludingUids() to return the needed List of integer
ranges and replace relevant usages of UidRange.toIntRanges() with
it.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I61cd4751ce2faeb129daa5ad5da7181e3c1df73c
The TTL check and removal of expired services is currently only
performed when a mDNS query is sent. This can result in expired
services remaining in the cache if no queries are sent. To
address this, the remaining TTL will be checked when retrieving
services from the MdnsServiceCache. Add a new flag to enable
the expired services removal feature. This feature will be
implemented in subsequent changes.
Bug: 265787401
Bug: 304649384
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I30f0eea568ee45d363cc02821de0921d6040f981
I0afdda023208c3f8620cb5b89add66448af596d7 added some assertions
to ensure NetworkAgentInfo can only be accessed from the handler
thread. This is good to eliminate any potential concurrent
accessing problem. Howver, dumpsys runs on binder thread, this
change breaks dumpsys functionality.
Thus, this change:
1. Copy Handler#runWithScissors() and related class
locally since they are @hide methods.
2. Run doDump on the handler thread and waits for return.
Test: adb shell dumpsys connectivity
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.HandlerUtilsTest
Fix: 303348620
Change-Id: Ic3a22f5d370bbf8c18b1972e86d695b6ad61bd0d
Test coverage of adding and removing a restricted user with and
without lockdown mode, using either setLockdown() and
setAlwaysOnPackage().
This change also refactors makeVpnUidRange() to return a list
and adds makeVpnUidRangeSet().
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I47a25e9f0337f5c1d5754c279534640cd2753b5c
Root cause not yet located, disable test to unblock TH.
Test: atest ConnectivityCoverageTests:android.net.connectivity.android.net.NetworkStatsHistoryTest
Bug: 302325928
Change-Id: I618090b67e428ab911ec88e7daab30c14cccbf64
This is a no-op change and refactors the design for subsequent
TTL expiration check changes.
- Add a ServiceExpiredCallback to notify expired services.
- To simplify the design, pass the CacheKey to MdnsServiceCache
methods instead.
Bug: 265787401
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I930a4f7baf9b8d3d0037dc6aefd717dbdd486520
Override Vpn.setUnderlyingNetworks() to do a direct call on the
network agent instead of relying on the Vpn class.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ib7883f8a81a22317616cae79ce57a30afdd2bed4
Call setRequireVpnForUids directly to enable lockdown instead of
calling the real Vpn method.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: I91ec59f7542d145e9250a7e7a414593db3d99424
This doesn't do anything at this patchset, but the whole
pipe from the agent to ConnectivityService is built.
LocalNetworkInfo will be the name of the public information
sent in callbacks to clients.
Test: CSLocalAgentTests
Change-Id: I70e133031ef3b0aaf6c3e59ccc2ad895c66d339c
This patch does the following :
• When a network is local but the system doesn't support it,
throw in registerNetworkAgent.
• When a network is local, tell netd about it.
• Add tests for the above, as well as a test for callbacks
being sent correctly when the caps are set and not when
they aren't and that the new keep connected flag is
respected.
Telling netd about the network being local has it add two
routes that do not exist if the network is not local :
• One at PRIORITY_LOCAL_NETWORK matching unmarked sockets
and looking up the table for the interface.
20000: from all fwmark 0x0/0x10000 lookup xxxx
• One at PRIORITY_EXPLICIT_NETWORK matching explicitly on
network 99, so that dnsmasq traffic and any OEM traffic
marked for network 99 flowing there.
16000: from all fwmark 0x10063/0x1ffff iif lo lookup xxxx
IMPLICIT_NETWORK and EXPLICIT_NETWORK rules are installed
by connectivity service as a matter of course whether the
network is local or not.
See commit If8729fc6f3716a580c936584b851bc38000b5de5 for
implementation details of this mechanic.
There is no need to implement anything in particular for the
new connected reason, as the current implementation will
already keep it connected. A new test makes sure of that.
Test: FrameworksNetTests
CtsNetTestCases
FrameworksNetIntegrationTests
NetworkStackTests
NetworkStaticLibTests
TetheringTests
MtsTetheringTestLatestSdk
TetheringIntegrationTests
Change-Id: I6fb7dfe4c232eea8cac9ac268897ddb36bb794d1
* changes:
Ensure nri is satisfied before returning.
Add testLockdownVpn that mocks platform VPN.
Make variables in testLegacyLockdownVpn() final.
Update testLegacyLockdownVpn to mock VPN.
When a network preference is set, the highest priority nri will
be a managed default request that disallows default networking.
In the case where there is no satisfying network,
mNoServiceNetwork is used as the satisfier instead of null.
(see computeNetworkReassignment)
mNoServiceNetwork should not be returned in any public API.
Check for the nri being satisfied before returning the satisfier
to ensure mNoServiceNetwork is not returned.
Fixes: 301222648
Test: atest FrameworksNetTests
Change-Id: I22d67a7e8d0274d8ad4f6123fbedf6d37eed18e7
Add a test for lockdown vpn that uses TYPE_IKEV2_IPSEC_PSK and
mocks platform VPN by override in startLegacyVpnPrivileged().
In the context of ConnectivityService, setVpnDefaultForUids()
is the main interaction.
Refactor testLegacyLockdownVpn to take a VpnProfile and assert
behaviors with and without setVpnDefaultForUids().
This includes:
1. Updating callback asserts and assertActiveNetworkInfo to
reflect setVpnDefaultForUids().
2. Adding TODOs where mCm.getActiveNetworkInfo() returns
unexpected values.
Bug: 230548427
Test: atest FrameworksNetTests
Change-Id: Ida4a4bc745af5ba2fc251795b2ffca56ead79b7f
The created handler thread will stay there for a while until
all the tests are finished. This is considered as a leakage
which will take the resource from the devices. In low end
devices, this may possibly impact the performance. The created
threads should be closed explicitly.
Test: atest ConnectivityCoverageTests ConntrackSocketTest
Change-Id: Ic1beb2a210e7c8c80c66fc9e0727c47599150672
* changes:
Prepare exposing Network{Request,Caps}.forbiddenCapabilities
Add a keep connected for test reason
Improvements to CSTest : legacy type, wait for LOST, permissions
This has been sorely needed for a while. Instead of filing requests
for each of your networks in a CSTest, which is fiddly at best and
sometimes almost impossible (because you can't single out the network),
you can now add this flag and be done with it.
Test: CSKeepConnectedTest
Change-Id: Ie168fe1f3a17de035fdf05e3d6580d3262a3448e
• Make sure all Agents have a legacy type. This is necessary to
avoid crashes in LegacyNetworkTracker
• Wait for LOST when disconnecting a network
• Make sure the test package sees its own permissions (importantly
it can't see background networks otherwise, because it lacks
CHANGE_NETWORKING_STATE)
Test: in the followup
Change-Id: I9f699b6372a8fe0d5bcd5310d8f35f72e48a6c61
