Some names were still wrong somehow, and the wrappers were
missing.
Test: NetworkStack & FrameworkNetTests
Change-Id: I475bd011ad9bc714a07021a9dfd85c4876f8e9ad
Merged-In: I475bd011ad9bc714a07021a9dfd85c4876f8e9ad
This change adds a new NATTKeepalive resource type, along with the
associated allocation/deallocation. Additionally, this change allows
ReferenceCountedResource(s) to not be binder-linked, to allow the
ConnectivityService to verify ownership and allocate a NattKeepalive
without double-registering for binder-death notifications.
Bug: 125517194
Test: IpSecService frameworks tests ran
Change-Id: I8293f79940ad57dabb6f2b9de5e334d06b869443
Currntly, keepalive slot is released when stop() is called. Next
starting keepalive can use the same slot number while previous
keepalive is still stopping. When the previous keepalive is
stopped, the incoming as will be processed by the new keepalive.
This change release keepalive slot after the result of stopping
has returned. Thus, newly created keepalive cannot allocate the
same slot number while lower layer is still processing stop event.
This change also disable flaky assertions that are caused by
test port has been occupied by other process.
Bug: 129512753
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
3. simulate the fail case manually.
Change-Id: I1991627545519ee5cb408a3df3a006f710f4af7b
A mocked PackageManager caused test failures in existing tests.
Revert that for now to make tests pass again.
Bug: 114231106
Bug: 130397860
Test: atest FrameworksNetTests
Change-Id: I4f181789152438f18e6cd2d235d76fabe3872ea3
This reverts commit bc571c7cc8.
Reason for revert: Rolling forward, will fix tests in same CL stack.
Bug: 114231106
Bug: 130397860
Test: FrameworksNetTests
Change-Id: Ia8a0c99b4e1fd5dff26c881715cd876618ca4321
This reverts commit 4773027064.
This change does not have any topic: not reverting the other 2 commits in the original topic.
Reason for revert: broke FrameworksNetTests presubmit: b/130397860
Change-Id: Iff41d9fe97fafea44680c8d67d1ce19277548cc0
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I4c3d31ed595024af84093ca9110ed43633c383f4
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
This patch fixes a bug where if a binder dies before the linkToDeath
call, the cleanup will be performed before the entry is added to the
array. While it is safe in that quotas and tracking performs as per
normal, the RefcountedRecord may not be cleaned up.
Rethrowing this exception is safe, since the only paths that would hit
this are all on binder threads coming from applications. Further, it
seems there is only one real way of this getting hit - if the app that
called the creation died during the binder call.
Bug: 126802451
Test: Compiled, CTS tests passing
Change-Id: Ib955acaa5e498c0e977cb5f2e48cffbc9fea8c7c
Merged-In: I6db75853da9f29e1573512e26351623f22770c5d
Merged-In: I416c2e43961ec0e1cc6b2fbcef970fbce858603b
Merged-In: Ib955acaa5e498c0e977cb5f2e48cffbc9fea8c7c
(cherry picked from commit 6c089d90bfa728e9842de0f5947f0c557c62dea0)
This commit reduces the flakiness of the
testOpenAndCloseUdpEncapsulationSocket by retrying up to three times.
Unfortunately, testing port-selected socket creation is racy against
other applications. This helps to handle the same race condition as done
in IpSecService#bindToRandomPort
Bug: 128024100
Test: 200x runs of testOpenAndCloseUdpEncapsulationSocket
Change-Id: I7e036ce821019dbac6c50899bd0894e89d2fe82a
Merged-In: Idf040a67e53d9b9ec6e6c647ce24f8ada501d355
Merged-In: Iad9aea4b42cd8b31a5a2659bb9cb54dd1c64e8b7
(cherry picked from commit 614ab3dd4e49e9b664f5065983fb9067148fef12)
This patch fixes a bug where if a binder dies before the linkToDeath
call, the cleanup will be performed before the entry is added to the
array. While it is safe in that quotas and tracking performs as per
normal, the RefcountedRecord may not be cleaned up.
Rethrowing this exception is safe, since the only paths that would hit
this are all on binder threads coming from applications. Further, it
seems there is only one real way of this getting hit - if the app that
called the creation died during the binder call.
Bug: 126802451
Test: Compiled, CTS tests passing
Change-Id: I6db75853da9f29e1573512e26351623f22770c5d
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: Ic78ff947250871fa773252c924f1dee9395c6074
(cherry picked from commit 054e3e0f5ebfffe5d9fdd0095abac309552ae0cd)
This commit reduces the flakiness of the
testOpenAndCloseUdpEncapsulationSocket by retrying up to three times.
Unfortunately, testing port-selected socket creation is racy against
other applications. This helps to handle the same race condition as done
in IpSecService#bindToRandomPort
Bug: 128024100
Test: 200x runs of testOpenAndCloseUdpEncapsulationSocket
Change-Id: I7e036ce821019dbac6c50899bd0894e89d2fe82a
In order to notify netd to swap eBPF maps before pulling the
networkStats from eBPF maps, NetworkStatsFactory need to use the
NetdServices to issue binder calls. So it need to be moved from
framework/base/core to framework/base/service since object in
framework/base/core cannot get any system services. This change is also
necessary for setting up a lock inside NetworkStatsFactory to prevent
racing between two netstats caller since the lock need to be hold before
netd trigger the map swap.
Also fix the compile problem caused by moving the NetworkStatsFactory
and the related tests. Rename the packages and the jni functions to a
more proper name.
Bug: 124764595
Bug: 128900919
Test: NetworkStatsFactoryTest
android.app.usage.cts.NetworkUsageStatsTest
android.net.cts.TrafficStatsTest
Change-Id: Ifcfe4df81caf8ede2e4e66a76552cb3200378fa8
In order to notify netd to swap eBPF maps before pulling the
networkStats from eBPF maps, NetworkStatsFactory need to use the
NetdServices to issue binder calls. So it need to be moved from
framework/base/core to framework/base/service since object in
framework/base/core cannot get any system services. This change is also
necessary for setting up a lock inside NetworkStatsFactory to prevent
racing between two netstats caller since the lock need to be hold before
netd trigger the map swap.
Also fix the compile problem caused by moving the NetworkStatsFactory
and the related tests. Rename the packages and the jni functions to a
more proper name.
Bug: 124764595
Bug: 128900919
Test: NetworkStatsFactoryTest
android.app.usage.cts.NetworkUsageStatsTest
android.net.cts.TrafficStatsTest
Merged-In: Ifcfe4df81caf8ede2e4e66a76552cb3200378fa8
Change-Id: Ifcfe4df81caf8ede2e4e66a76552cb3200378fa8
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: I9c138d49ce010edde095e4bd3c47e36ca301634a
Some names were still wrong somehow, and the wrappers were
missing.
Test: NetworkStack & FrameworkNetTests
Change-Id: I475bd011ad9bc714a07021a9dfd85c4876f8e9ad
The kernel eBPF maps have a blacklist to store all the uids that doesn't
have internet permission. When an app is unintalled from the device and
it is the last package on device that uses that uid, make sure we
cleaned the uid from the map and do not add no longer used uids into the
eBPF map. This action helps reduce the number of entries stored in the
map and reduce the chance of overflow the eBPF map.
Bug: 128944261
Test: PermissionMonitorTest
Change-Id: I10dd0113d00d6cf9ca39902d9721f2591d387d4a
Add more tests to PermissionMonitor to verify the functionality related
to INTERNET permission and UPDATE_DEVIE_STATS permission. Modified some
of the class design of PermissionMonitor so that it is easier to test
the new functionalities.
Bug: 111560570
Test: PermissionMonitorTest
Change-Id: Ic5585f337db5de48e2f87bf4f01ed7d85c349827
