Idle timer rule is not cleared as expected if there is a
default network replacement.
Bug:37080406
Test: 1.run frameworks-net
2.check iptables rule with default network replacement
Change-Id: I6bd29d79e4ca3e8de4b867c4fcb5f81d02ba6de4
FakeSettingsProvider requires this method to be called before and after
use. Without this, the settings value or content provider may be cached
statically, so the test will be affected by code accessing settings
before it is run.
Bug: b/116668105
Test: atest FrameworksNetTests
Change-Id: I1480f3f3bbb17791752582a70327bb5c7c348d7c
This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
Not all preinstalled apps should have access to background
networks or restricted networks. But we give them all network
access permissions currently, it's not a good design. So we
shall limit preinstalled apps permissions, they should just
request the appropriate permission for their use case from
the network permissions.
Bug:19610688
Test: runtest frameworks-net
Change-Id: I184ae3197208c979847ca134c8f01b32528badf1
Those parameters will be used to start DhcpServer or update its
configuration.
Test: runtest DhcpServingParamsTest.java
Bug: b/109584964
Change-Id: Id8d3dcf62d66dcb02accffa8d8500e30f07af452
LocalServices.addService in NetworkStatsService is currently failing
with IllegalStateException "Overriding service registration". Setting up
LocalServices in the test to avoid this issue might be possible, but
moving the registration to the only non-test caller of that constructor
as done here solves the issue and avoids side-effects from a constructor.
Test: atest FrameworksNetTests does not choke on this test
Bug: b/78487385
Bug: b/80082746
Change-Id: I5dba98fc79aec0800c8b71e6c7e23d1cfbcae852
Merged-In: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0
(Clean cherry-pick of go/ag/4061255)
The current utilities map the higher-order bytes of ints to the
lower-order bytes of IPv4 addresses, which makes applying masks and
generating series of addresses confusing.
For example, the current utilities would convert 1.2.3.4 to 0x04030201,
or generate 0x0080ffff for a /17 subnet mask. The utilities in this CL
convert 1.2.3.4 to 0x01020304, and a /17 subnet mask is represented as
0xffff8000.
Includes tests for all the above methods and migration of
NetworkUtilsTest to JUnit4.
Test: added tests pass
Change-Id: I5f5aa2e6e3b054b66b9dc507dab64f41be9139b1
With recent performance degradations on apct, the current timeouts are
too short and some requests trigger onUnavailable() before networks are
validated.
Test: runtest -x ConnectivityServiceTest.java
Bug: b/111778226
Change-Id: I083f529787f108065637a0aff3e5bb88e05e6510
Fix some timeouts that were forgotten in parent CL.
Bug: b/111778226
Test: runtest --no-hidden-api-checks -x ConnectivityServiceTest.java
Change-Id: Ib848eaba8c69c07ac596aa4386a741c9a2a87fc9
Tests appear to have become much slower on apct in recent runs, although
local runs do not seem to be affected. As a first measure, increase our
timeouts to eliminate flakyness.
Bug: b/111778226
Test: runtest --no-hidden-api-checks -x ConnectivityServiceTest.java
Change-Id: I7a3bfb646eb554bcd9d50d026142f2a2cff74beb
The current timeout is short enough that lingered networks are torn down
before assertions can be run, causing flakyness in testMultipleLingering.
This CL sets the timeout to 300 in that particular test.
Verified that 300ms is enough with 500 successful runs on Sailfish.
An alternative would be to mock firing of the lingering timer, but
keeping the WakeupMessage logic realistic has already proven useful in
detecting races.
Bug: b/110673602
Test: runtest --no-hidden-api-checks frameworks-net
Change-Id: I6f9a656190bcff0b071ae2584d0f5fa74158472b
Change access level of getNetworkAgentInfoForNetwork in ConnectivityService to get
better testability. And add test case to verify clat state transition and make sure
linkProperties are updated correctly.
Bug: 80261579, 109913107
Test: runtest frameworks-net -c com.android.server.ConnectivityServiceTest \
-m testStackedLinkProperties
Change-Id: I72fce594d74bd349f65557edca03640e1b86317c
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Manually merging this due to skipping a merge
conflict at 9fe9ec18c1
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit 2ea91aee42)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 68a7edf1cb)
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Clean cherry-pick of ag/4113809
Bug: 79748782
Test: runtest frameworks-net
Change-Id: Ie6ace6bd95139605ffcfa8cd6c15cf28f8fa28c8
Merged-In: If19b85325e7d684e645470293b3c8a674084c641
Merged-in: I22f80a6a39d4a19ff74aa61fcbd66f1a041b1003
Fixes come later. This is complex enough as it is.
Clean cherry-pick of ag/4083953
Bug: 79748782
Test: new test passes, old tests still pass
Change-Id: If7276fe1f751be7b9c18f689e97699e566e5bde0
Merged-In: I12c948ebeb2b74290908f8320ff77220dc4a9fb9
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Clean cherry-pick of ag/4083952
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Iafe074126132a82af37f4bf056c4a7b8d56bdc83
Merged-In: Ia5bebf8a233775367bbf1b788870528934ecbcfb
Merged-In: I13d7782a6c0c7b1f94137995bbb0d257a58d89c1
Almost clean cherry-pick of ag/3889538.
Bug: 77737389
Test: runtest framework-net
new test don't pass without the main code change, but they
do with it
Change-Id: I0cd83a935ab0b349aa47e065b830e5a43ab9a091
Merged-In: Iaa0285825735d3f16bba6e4946723a437fd9b0b9
Merged-In: Ia8f985b448251f911484e6bd63fa562bffc1b0e4
Clean cherry-pick of ag/3918295
One-line adjustment for ag/3638326 which has not been put in AOSP.
Bug: 77737389
Test: runtest frameworks-net
Change-Id: I03ae2bbb08559f2cd44979e291c1f5d50eb215da
Merged-In: Iaa0285825735d3f16bba6e4946723a437fd9b0b9
Merged-In: Ia8f985b448251f911484e6bd63fa562bffc1b0e4
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Merged-In: Ia48b32307a51a66f2672d7112f71166dd6db41b1
Merged-In: I5df7ee9f16bc6be4f02353d40a843a383dd4cbd9
(Clean cherry-pick of pi-dev I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299)
Change-Id: I3c416c1a91ebfdf914fd528ff8ab73e3eb490562
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Bug: 79748782
Test: runtest frameworks-net
Change-Id: I51c3badde29f43f692f383553bd98327d2da8dd1
Fixes come later. This is complex enough as it is.
Bug: 79748782
Test: new test passes, old tests still pass
Change-Id: I30009f88e68a534c332ca88bae517cacc39a60bb
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Change-Id: I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Ie46581bdaf9ecc2f14aab44788bbdb27a3fec8c1
