The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
Merged-In: I9b65a2eef94567d2b79a9955619938e64906080d
Merged-In: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
(cherry picked from commit 9e046d509a)
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I895d2b57da658d5bed28ebe128611d5d15835742
Merged-In: I9f708a252ab606b782f5f828dce8c1690c3703bf
Merged-In: I895d2b57da658d5bed28ebe128611d5d15835742
(cherry picked from commit cc21fbd483)
* changes:
Reinstate new VPN uid filtering unit tests
Revert new tests and PackageManager mock
Block incoming non-VPN packets to apps under fully-routed VPN
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Merged-In: Ic2faef44831575b2d03bc00ef2553d5c549adc95
Change-Id: Ic2faef44831575b2d03bc00ef2553d5c549adc95
(cherry picked from commit 4469b1d8a5)
A mocked PackageManager caused test failures in existing tests.
Revert that for now to make tests pass again.
Bug: 114231106
Bug: 130397860
Test: atest FrameworksNetTests
Merged-In: Ib59e211d4329f885108de9ea0a74669ffb144e17
(cherry picked from commit 8574c9bf35)
Change-Id: I603a0b0dfb67a942679a668c182aa650774c80b2
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16b)
Test: new test for this
Fixes: 62650382
Change-Id: I918b8271d3c3c058553ca888cb54cd36a6efba66
Merged-In: I0fc408d546ae9d72b7dd9415e502252b484d4329
Merged-In: I9282930106d1eee3274d9e5c4e89de60e929a0e6
There is the potential bug[1] that default data subId change
intent may lose. So tethering may cache the outdated default
data subId in TetheringConfiguration. Now EntitlementManager
would fetch configuration every time and this would re-exam
whether subId is changed.
Additional passing subId to Settings to avoid default data
subId change right away when launching entitlement check.
Thus, Settings can know whether this is outdated entitlement
check request.
[1] b/129224596
Bug: 129751453
Test: -build, flash, boot
-atest FrameworksNetTests
-manual test with carrier SIM
Change-Id: I318cdd86bd7e516f7673bb293d1d9bf967861d8f
Merged-In: I32e238c4786657ecd4bacfa3260c28c3f083cf08
Merged-In: I318cdd86bd7e516f7673bb293d1d9bf967861d8f
(cherry picked from commit 430dd6e98a)
ConnectivityManager and its usages are removed from
NetworkStatsService. After that, forceUpdateIfaces requires
information that only ConnectivityService has, hence
restricting the calling permission to NETWORK_STACK or
MAINLINE_NETWORK_STACK permission. The required permission
will be changed from READ_NETWORK_USAGE_HISTORY to
NETWORK_STACK or MAINLINE_NETWORK_STACK. This change would make
it impossible to call outside the system.
Bug: 126830974
Test: atest FrameworksNetTests
Merged-In: I1b26dc64eaab2151e6885fd01cc5e8d4e18c4e60
Change-Id: I4ea421e4126a45f65d25fe0bec74243a3b20aeab
(cherry picked from commit 6b895dea25)
This patch fixes a bug where if a binder dies before the linkToDeath
call, the cleanup will be performed before the entry is added to the
array. While it is safe in that quotas and tracking performs as per
normal, the RefcountedRecord may not be cleaned up.
Rethrowing this exception is safe, since the only paths that would hit
this are all on binder threads coming from applications. Further, it
seems there is only one real way of this getting hit - if the app that
called the creation died during the binder call.
Bug: 126802451
Test: Compiled, CTS tests passing
Change-Id: Ib955acaa5e498c0e977cb5f2e48cffbc9fea8c7c
Merged-In: I6db75853da9f29e1573512e26351623f22770c5d
Merged-In: I416c2e43961ec0e1cc6b2fbcef970fbce858603b
Merged-In: Ib955acaa5e498c0e977cb5f2e48cffbc9fea8c7c
(cherry picked from commit 6c089d90bf)
This commit reduces the flakiness of the
testOpenAndCloseUdpEncapsulationSocket by retrying up to three times.
Unfortunately, testing port-selected socket creation is racy against
other applications. This helps to handle the same race condition as done
in IpSecService#bindToRandomPort
Bug: 128024100
Test: 200x runs of testOpenAndCloseUdpEncapsulationSocket
Change-Id: I7e036ce821019dbac6c50899bd0894e89d2fe82a
Merged-In: Idf040a67e53d9b9ec6e6c647ce24f8ada501d355
Merged-In: Iad9aea4b42cd8b31a5a2659bb9cb54dd1c64e8b7
(cherry picked from commit 614ab3dd4e)
This test is too flaky to run in presubmits.
Bug: 124354087
Test: atest InetDiagSocketTest
Change-Id: I90bc52a6f5b92d634862e3464634dfdbd3cada6a
Merged-In: Ic580b9261e0d556ec10f92ddffd8f2766e25f424
Merged-In: Ide5ac3f5316c4671b17fb9486ac56fc5feaf7b08
(cherry picked from commit fdc03bab0b)
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: Ic78ff947250871fa773252c924f1dee9395c6074
(cherry picked from commit 054e3e0f5e)
In order to notify netd to swap eBPF maps before pulling the
networkStats from eBPF maps, NetworkStatsFactory need to use the
NetdServices to issue binder calls. So it need to be moved from
framework/base/core to framework/base/service since object in
framework/base/core cannot get any system services. This change is also
necessary for setting up a lock inside NetworkStatsFactory to prevent
racing between two netstats caller since the lock need to be hold before
netd trigger the map swap.
Also fix the compile problem caused by moving the NetworkStatsFactory
and the related tests. Rename the packages and the jni functions to a
more proper name.
Bug: 124764595
Bug: 128900919
Test: NetworkStatsFactoryTest
android.app.usage.cts.NetworkUsageStatsTest
android.net.cts.TrafficStatsTest
Change-Id: Ifcfe4df81caf8ede2e4e66a76552cb3200378fa8
Some names were still wrong somehow, and the wrappers were
missing.
Test: NetworkStack & FrameworkNetTests
Change-Id: I475bd011ad9bc714a07021a9dfd85c4876f8e9ad
The kernel eBPF maps have a blacklist to store all the uids that doesn't
have internet permission. When an app is unintalled from the device and
it is the last package on device that uses that uid, make sure we
cleaned the uid from the map and do not add no longer used uids into the
eBPF map. This action helps reduce the number of entries stored in the
map and reduce the chance of overflow the eBPF map.
Bug: 128944261
Test: PermissionMonitorTest
Change-Id: I10dd0113d00d6cf9ca39902d9721f2591d387d4a
Add more tests to PermissionMonitor to verify the functionality related
to INTERNET permission and UPDATE_DEVIE_STATS permission. Modified some
of the class design of PermissionMonitor so that it is easier to test
the new functionalities.
Bug: 111560570
Test: PermissionMonitorTest
Change-Id: Ic5585f337db5de48e2f87bf4f01ed7d85c349827
These two classes were added to @SystemApi because they are used
both by NetworkMonitor and CaptivePortalLogin. However it turns
out they are not needed in the framework, so having them as a
library sounds better.
Change-Id: Iadf77ec5952b6da8812dc6d006a39bd4e93d2bd9
Fix: 129433264
Test: atest NetworkStackTests FrameworksNetTests
The argument of IpPreFix#contains() has been marked as @NonNull.
So the IpPrefixTest#testContainsInetAddress should not test
contains() method wiht null object.
Bug: None
Test: atest FrameworksNetTests
atest IpPrefixTest#testContainsInetAddress
Change-Id: I2f6bee19514dc47702f64d2a2bbf02d8b7b1b407
- Restrict unprivileged apps to use
NetworkRequest.Builder#setSignalStrength.
- Remove the "throws NullPointerException" in
CaptivePortalProbeSpec constructor.
- Remove the null check in LinkProperties.
- Add annotataion into all ConnectivityManager.NetworkCallback
methods.
Change-Id: Id275cac1d6a30d7515cd7b113394f5e8a0179314
Fix: 129097486
Test: atest FrameworksNetTests
NetworkMonitor obtained LinkProperties and NetworkCapabilities via
synchronous calls to ConnectivityManager after receiving an asynchronous
notification, which is prone to races: the network could be gone before
the LinkProperties/NetworkCapabilities can be fetched.
Fix the race by passing LinkProperties/NetworkCapabilities directly to
NetworkMonitor in the asynchronous notifications.
Test: atest FrameworksNetTests NetworkStackTests
Test: booted, WiFi works
Bug: 129375892
Change-Id: I200ac7ca6ff79590b11c9be705f650c92fd3cb63
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
