This is needed for the tests to compile in mainline-prod.
Bug: 165835257
Test: atest CtsNetTestCases:android.net.ConnectivityManagerTest
Change-Id: I32924824e9968996f379e31f1b28eb6a8f29bc5d
When a 464xlat upstream disconnects, onLinkPropertiesChanged is
called after onLost. This breaks an UpstreamNetworkMonitor
assumption that no callback will ever arrive after onLost.
Bug: 173068192
Fix: 185117377
Test: new unit test
Change-Id: I4ff1eca6d5ed1680ff716c71b683891c8a0e5a77
UserHandle.getUid() is updated to a non-static API based on API
review feedback. Update the usage accordingly.
Bug: 184735865
Test: atest VpnTest
Change-Id: I884f427fae85b2b26973a0315b1ccf3d6f0824c6
* changes:
Cleanups to VPN hostside tests.
Ensure the HostsideVpnTests passes with keyguard locked.
Add CTS tests for registerDefaultNetworkCallbackAsUid.
By current wifi design, wifi will report disconnected and
re-connected when changing from non-metered to metered.
However, the cts test app listens for all network, which
will get mobile network as active network when wifi is
changing meteredness. This is not expected. And causes
test failures when DUT has both wifi and mobile connections.
Thus, this change pass request to track currently active
network to the test app and register only for transport
types of currently active network to prevent from getting
unexpected network.
Test: atest CtsHostsideNetworkTests:com.android.cts.net.HostsideNetworkCallbackTests
Bug: 182516128
Merged-In: I2dce6035b13472bbdc2609009d690aac96280033
Change-Id: I2dce6035b13472bbdc2609009d690aac96280033
(cherry-picked from ag/14029457)
Use TestableNetworkCallback instead of a hand-rolled class.
Remove unnecessary runWithShellPermissionIdentity around
unregisterNetworkCallback calls.
Bug: 165835257
Test: test-only change
Change-Id: I4557dfc64136f9c0b4bdaa1248c33b13e96ba3ed
The test app used in CtsHostsideNetworkTests already dismisses
the keyguard for its own activity, but that doesn't work for the
VPN tests. This is because as soon as the VPN dialog appears, the
test activity is no longer in the foreground and the keyguard
comes back. As a result, the test cannot click on the VPN dialog.
Test: test-only change
Change-Id: I7be1d7fb46a2f9547bc5325d75b5bd5546e6dc18
Add separate testing for unicast and multicast RAs.
Make the test more realistic by:
- Enabling forwarding. This ensures that the daemon actually
receives the RS.
- Adding a link-local route. This ensures that the daemon is
actually able to send a unicast response.
Bug: 154669942
Test: atest TetheringPrivilegedTests
Change-Id: Ibb1f51b5b1871657d7feff39335d3c71586cf64f
If a tc ebpf program writes into a packet using direct packet access
then the packet will automatically be uncloned and pulled by
additional prologue inserted by the kernel itself. See
tc_cls_act_prologue() & bpf_unclone_prologue() in kernel sources
(this is how the clat ebpf program works, which does DPA writes).
However in the forwarding programs we only *read* from the packets
using direct packet access, but never write. All writes happen via
kernel bpf helpers (this is mostly an implementation detail: since
we need to use helpers for checksum updates, I decided to also use
checksums for the writes themselves). As such the insert 'automatic
unclone/pull' logic doesn't trigger.
It is thus possible (it depends on the skb layout delivered by the
nic driver) for 0 bytes of the packet to be accessible for read
using direct packet access. We thus need to explicitly try to pull
in the header of the packet so that we can inspect it.
In most cases (on most drivers for most packet types) this will
end up being a no-op (because the headers will already be in
the linear portion of the skb). But on some drivers for some
packet types it ends up mattering.
Test: TreeHugger, makes icmpv6 tether forwarding work on bramble
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I4b07e57728ce544ffb908527ea11ecc315e5acec
When forwarding is on, DadProxyTest fails because forwarding
disables optimistic addresses. This results in the DAD proxy
getting EADDRNOTAVAIL.
Forwarding is on quite often on real hardware because many
solutions for wifi calling use forwarding.
Fix the test to retry after two seconds if the packet is not
forwarded on the first attempt.
It would also be possible to make this work more reliably in the
test by simply disabling DAD or disabling forwarding. However,
because DAD does happen in real usage (downstream interfaces
always disable DAD, but upstream interfaces don't), that seems
risky. For example, if the test disabled DAD, it would not catch
bugs where the DAD proxy crashed or stopped forwarding if it got
EADDRNOTAVAIL.
Test: atest TetheringPrivilegedTests on coral, which has forwarding on
Change-Id: I58280ef7c0e40371cd770ead4c8baa7190c288fd
Current upstream selection code suffers from a race where if the
CONNECTIVITY_ACTION broadcast for a given network switch is
received and processed before the NetworkCallbacks for that
network switch, upstream selection just re-selects the same
upstream it had before. The incorrect upstream persists until
another CONNECTIVITY_ACTION is received.
Fix this by defining a new EVENT_DEFAULT_SWITCHED message code
communicated from UpstreamNetworkMonitor to Tethering, and send
that whenever the default network switches.
The message is sent in onLinkPropertiesChanged, because the
tethering code stores all information about networks in an
UpstreamNetworkState structure that contains Network,
LinkProperties and NetworkCapabilities. When a network switch
occurs, onLinkPropertiesChanged always follows onAvailable and
onCapabilitiesChanged, and thus marks the first point in time
when all the information is available.
This CL tries not to change existing codepaths too much, but
it does move the update of mDefaultInternetNetwork from
onCapabilitiesChanged to onLinkPropertiesChanged. This should
not be a problem because the only thing that reads
mDefaultInternetNetwork is getCurrentPreferredUpstream, which,
in the case of a default network switch, will be run by the
onLinkPropertiesChanged which will immediately follow.
Bug: 173068192
Test: changes to existing unit tests show bug is fixed
Change-Id: Ic9196bc92892811b25bda463ffd839ee5c19d294
In the current tethering code, upstream selection is only
triggered by CONNECTIVITY_ACTION. But in automatic mode, the
upstream network is selected by listening to a NetworkCallback
that tracks the default network.
This causes a race where if the CONNECTIVITY_ACTION for a network
switch is received and processed before the callbacks for that
network switch, upstream selection just re-selects the upstream
currently in use.
Make it possible to test this by giving TestConnectivityManager
the ability to choose the ordering between NetworkCallbacks and
CONNECTIVITY_ACTION, and to run an arbitrary Runnable between
calling one and calling the other. TetheringTest passes a
Runnable that calls mLooper.dispatchAll(), which ensures that
the tethering code fully processes the first set of information
it receives (either the broadcast (or the callbacks) before
receiving any more information.
Add test coverage to testAutomaticUpstreamSelection that
exercises various orderings, and make the test pass by expecting
the buggy behaviour of the current code.
An upcoming CL will fix the bug and update the tests.
Bug: 173068192
Test: test-only change
Change-Id: I7805444dcf59f6d5f8517fbcf2f2b1641783d50b
This is needed for forwarding to work, so it should be dumped.
New output:
Forwarding rules:
29(29) -> 14(rmnet2) 86dd 00:00:00:00:00:00 00:00:00:00:00:00
[ap_br_wlan2]: iif(iface) oif(iface) v6addr srcmac dstmac
14(rmnet2) 29(ap_br_wlan2) 2001:240:2423:13fa:3c21:e35a:6a59:ff8a da:17:fd:70:3d:14 26:5b:b2:ee:bc:ba
IPv4: [inDstMac] iif(iface) src -> nat -> dst
[da:17:fd:70:3d:14] 29(29) 192.168.222.151:39208 -> 14(rmnet2) 100.102.14.231:39208 -> 172.217.175.3:80
[da:17:fd:70:3d:14] 29(29) 192.168.222.151:47386 -> 14(rmnet2) 100.102.14.231:47386 -> 216.58.197.196:443
Also add a call to getHostAddress() to remove the / on IPv6
forwarding rules.
Test: manual
Change-Id: I347ea5a3fd88c51f1fae0c76c75dfa30c68a55ad
Add a unit test to verify that BPF coordinator access downstream4
and upstream4 map while the conntrack event was received.
Verify shim API for IPv4:
- tetherOffloadRuleAdd
- tetherOffloadRuleRemove
- tetherOffloadGetAndClearStats
- tetherOffloadSetInterfaceQuota
- isAnyIpv4RuleOnUpstream
Test: atest TetheringCoverageTests
Change-Id: Ia57f07990d8750fd6ff67d7f4a18aa610336024a
Required because XDP offload needs input interface mac address
to be a part of the key. The mac address is used for checking
packets which are received from exceped input interface.
Test: atest TetheringCoverageTests, TetheringPrivilegedTests
Change-Id: Ied159454b516c0d70efe0a85744d1bb606892f2d
Currently, BpfCoordinator only sets the data limit on a given
upstream whenever the first IPv6 rule is created on that
upstream, and clears it whenever the last rule is deleted on that
upstream. It never does this when adding or removing IPv4 rules.
This makes it impossible to offload traffic on IPv4-only
networks.
Fix this by setting the limit when IPv4 rules are created or
deleted as well.
Test: atest TetheringCoverageTests
Manual tests as the follows
Test {add, clear} limit with IPv6-only network [OK]
Test {add} limit with IPv4-only upstream [OK]
TODO:
Test {clear} limit with IPv4-only network. blocked by aosp/1579873
because the IPv4 rules have never deleted.
Change-Id: I5a29bdd18e564318759f617023163e23fb5a3ed0
- This will be visible only to apps with the NETWORK_SETTINGS
permissions (signature), and will be redacted for all other callers.
- This string is expected to be the same as set by
VpnService#setSession, and in general, VpnConfig.session. But it
will be a general API that Vpn.java can call when setting the
VpnTransportInfo.
- This string cannot be updated once the VPN NetworkAgent is connected.
Bug: 171872481
Ignore-AOSP-First: needed to prevent automerger race breaking build
Test: atest ConnectivityServiceTest
atest VpnTransportInfoTest
atest NetworkAgentTest
Change-Id: I883035262465238c35c5a931d89707f3e84feef8
Merged-In: I883035262465238c35c5a931d89707f3e84feef8
(cherry-picked from ag/14008230)
Update test to:
1. verify onNetworkCreated callback called when network is
created.
2. Verify onNetworkDestroyed callback called when agent
updates its connection state to disconnect and native
network is destroyed.
Bug: 178725261
Test: atest android.net.cts.NetworkAgentTest
Change-Id: Icd30440e0f553d0f97b860d0e69b4f3d4f0a2a1d
These members are public mutable and their names are confusing.
Make them package-private and final.
Bug: 173068192
Test: test-only change
Change-Id: I87131c48f67b6614c25aa99e1cbc53196f49aa7c
Currently, TestConnectivityManager immediately sends all
callbacks and broadcasts to the Tethering code as soon as the
test code makes any change.
This makes it impossible to affect the order in which those
events are delivered to the Tethering code, so it is not possible
to test for races.
Fix some of this as follows:
1. Make TestConnectivityManager post all its callbacks to the
handlers that Tethering registered them with.
2. In TetheringTest, use the existing TestLooper object to
advance time manually. Also use setUseRegisteredHandlers to
ensure that the broadcasts are sent in order. This requires
calling dispatchAll() after sending the broadcast to preserve
the existing synchronous behaviour. Take advantage of that to
remove lots of existing dispatchAll calls.
3. Add a TestLooper to UpstreamNetworkMonitorTest and use it.
Keep the test passing by adding lots of mLooper.dispatchAll(),
which is a bit ugly but probably acceptable given the
additional coverage it provides.
This exposes an existing bug in the code where if upstream
selection is in automatic mode, and all CONNECTIVITY_ACTION
broadcasts are received before all NetworkCallbacks, the code
does not switch upstream.
In order to make the tests pass, re-order the CONNECTIVITY_ACTION
broadcasts with the NetworkCallbacks in TestConnectivityManager
so as not to trigger the bug. A future CL will make the order
configurable.
While I'm at it, switch TestConnectivityManager from HashMap to
ArrayMap, which is generally preferred for maps that do not
contain too many elements.
Bug: 173068192
Test: test-only change
Change-Id: I964f365c691fbc396ab0a87f292bd32b123011fe
Currently, Tethering files NetworkRequests even when
config_tether_upstream_automatic is enabled. This is incorrect:
when the automatic upstream selection is enabled, the tethering
upstream should always follow the default network and there is
no need to file any requests.
These requests are harmful when tethering is not using cellular
as its upstream, because:
- If the device does not use mobile data always on, the request
causes the cellular network to be brought up, causing power
draw.
- Even if the device does use mobile data always on, the request
causes the cellular network to come to the foreground, which
allows all apps to access it, causing potential data usage.
Amend the existing testGetCurrentPreferredUpstream to cover these
changes, by making that test case always set automatic upstream
mode. This does not result in any loss of meaningful test
coverage, because getCurrentPreferredUpstream is only ever called
when chooseUpstreamAutomatically is enabled.
Bug: 173068192
Test: atest TetheringTests
Change-Id: I068a5338699a3ed04f24f97f785ea89ff5890e50
UpstreamNetworkMonitor is the part of tethering that files
NetworkRequests for upstream netwoks, but it currently does not
know all the requirements for upstream selection. For example, it
does not know whether automatic upstream selection is in use.
This forces the upstream selection code to be split between
UpstreamNetworkMonitor and Tethering. This makes it difficult to
follow.
This CL ensures that all information about upstream requirements
(DUN required, automatic upstream selection, tryCell) is passed
to UpstreamNetworkMonitor so it can be aware of it.
This CL also removes the ability for UpstreamNetworkMonitor's
callers to call registerMobileNetworkRequest or
releaseMobileNetworkRequest. In a future CL, this will be
automatically done by UpstreamNetworkMonitor depending on the
upstream requirements.
This CL is a no-op refactoring with no behaviour changes.
Bug: 173068192
Test: atest TetheringTests
Change-Id: I174f765c616e0dbe2aa493c12613e6131cff0666
The class NetworkCapabilities has an extra field for SSID that
can be used by apps to obtain the router SSID (a surrogate for
location) without holding permission. This is a circumvention
of the permission system. Thus, add a test to ensure that
visibility of SSID for apps are controlled by NETWORK_SETTING
permission.
Bug: 183911251
Test: atest CtsNetTestCasesLatestSdk:ConnectivityManagerTest
Change-Id: I18d17093e2da37cde88b730c091c6a1deda08a8a
When meteredness of wifi changes during test, wifi disconnects.
Try reconnecting if it automatically connects after this.
Also, change the way we update metereness so that we can
use callback mechanism to wait for the state change instead of
polling for it regularly.
Bug: 181686645
Test: atest ./tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Merged-In: I31fb127ef333d39fe4697043876c7cef15d525e3
Change-Id: Icc0b37730201aebeab2713c6527a3195f6dcf97d
The file name is getting truncated by tradefed and
we are missing the information to actually idenity
the test. So, instead shorten the filename to preserve
the test name.
Test: atest ./tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Ignore-AOSP-First: Submitting internally first to avoid merge conflicts.
Merged-In: Ic0f87b97bb58e115fe81e2d688ce0e633397da42
Change-Id: I6ce3fc662782de82d8cad95414e24204b5f7f130
In S, instant apps can no longer access the system service that
backs the VPN APIs, so these tests started to fail in instant
mode.
Regardless of that change in S, though, instant apps cannot
create VPNs because they cannot access the package manager.
Previously, the tests were only passing because they did not
check that the VPN would actually work, they only checked that
the VPN API calls failed.
Fix: 181575083
Test: atest --instant CtsNetTestCases:VpnServiceTest
Change-Id: Idd35051bd1c908a8b85c02e8d0c54d3dea2dde38
java_sdk_libraries and apexes need to contain bootclasspath classes
under predefined packages. Tethering currently uses android.net, so make
sure all the connectivity bootclasspath classes are under android.net.
This avoids maintaining two packages for the tethering APEX, where
com.android.connectivity.aidl is only used by internal AIDL files.
Bug: 182984842
Test: m
Change-Id: I23feb26c5de2fd7a4177797a3bc1d0dcbef4ade7
Merged-In: I23feb26c5de2fd7a4177797a3bc1d0dcbef4ade7
274c796731
The parameter of NetworkCapabilities.setUids() and
NetworkRequest.Builder.setUids() are updated to take a set of
integer Range instead of a set of UidRange because of refactor
work for the incoming connectivity mainline module.
The parameter change stops NetworkRequestTest to work in the
different API levels. Replace the usage with shims to work in
both current and stable APIs.
Bug: 172183305
Test: atest FrameworksNetTests CtsNetTestCasesLatestSdk
Change-Id: I7d18402f051051371f3054f6897b05b6da072105
Merged-In: I4bc0daf5ad9e4b4043f4a897ddab16aec8f8a536
Revert "Replace the usage of UidRange"
Revert "Add shims for NetworkRequest"
Revert submission 1626206-replaceUidRange
Reason for revert: Breaking build - b/183106405
Reverted Changes:
I0b79c73e8:Add shims for NetworkRequest
I4bc0daf5a:Replace the usage of UidRange
I4e5aec6ef:Replace the usage of UidRange
I107c329d4:Expose uids related APIs in NetworkRequest and Net...
Change-Id: I5a4addc562d180487e2891fd2081c593126e6ffc
