This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
This matches previous behavior, and there could be situations where
another server on the network would be configured to reply to such
requests, so not replying is better than sending NAKs as done now.
Also refactoring requests in DhcpLeaseRepositoryTest and replacing some
INETADDR_UNSPEC usages for giaddr with INET4_ANY (giaddr is a BOOTP
field and can't be unspecified, only empty).
Test: Following DhcpServerTest.py regression tests pass:
test_request_selecting_giaddr_outside_subnet
test_discover_requestaddress_giaddr_outside_subnet
test_discover_knownaddress_giaddr_outside_subnet
test_discover_giaddr_outside_subnet
Also: atest FrameworksNetTests passes
Change-Id: I4decffccfc64d5e0e29c9ce1cf1446644fcf8190
Add Android metered option, rebinding time option (T2), and match
current order of options. Current DHCP server uses subnet_mask,
broadcast_address, router, name_server in this order.
Test: DhcpServerTest.py:test_discover_paramrequestlist passes
atest FrameworksNetTests passes
Bug: b/109584964
Change-Id: I58f904d5fac306f704c16234fd69c2440fe0803d
Not all preinstalled apps should have access to background
networks or restricted networks. But we give them all network
access permissions currently, it's not a good design. So we
shall limit preinstalled apps permissions, they should just
request the appropriate permission for their use case from
the network permissions.
Bug:19610688
Test: runtest frameworks-net
Change-Id: I184ae3197208c979847ca134c8f01b32528badf1
The newer implementation is disabled by default with this CL. Ultimately
the intention is to enable it by default.
Bug: b/109584964
Test: set tether_enable_legacy_dhcp_server to 0, ran DhcpServerTest.py,
observed new behavior. Added tests in CL also pass.
Change-Id: I0f830b9804b8956c127057e66ab75a21ca29dc57
This differs from previous behavior where dnsmasq would reply to port 68
if the client had no configured address (ciaddr empty in request), or
send replies to the client port if the request ciaddr matched the
assigned lease.
Not all DHCP servers preserve this behavior, and there is no good known
use-case for it. Not replying to such packets is less error-prone and
closer to the standard.
Bug: b/109584964
Test: Added test in DhcpServerTest.py passes
Change-Id: I88d467336cc4f4e4c9498c3787ec22fdef5e1cdd
Use the Private DNS bypass logic that was moved into Network.
Once all callers of ResolvUtil are updated to use this interface
ResolvUtil can be deleted.
Test: as follows
- built, flashed, booted
- runtest frameworks-net passes
- connection to captive portal network detects portal correctly
and the login activity functions as expected
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 78548486
Change-Id: If11ef2b5ffdc729f8449cf18dccd5f1eccbc51e6
This first version can serve discover/request/release, although there
are some small behavior changes with current implementation which will
be addressed later.
Also removes final modifiers on start() and stop() in FdEventsReader, to
allow mocking the methods in tests with the current mockito lib.
Test: Added tests pass, manual: flashed a device using the server
Change-Id: I025366ff7d51c4ba31152af50f3dd2b5e280a54d
In common use-cases, only one gateway or DNS server may be set, so the
added methods make it easier for clients to build the parameters.
Bug: b/109584964
Test: runtest --no-hidden-api-checks frameworks-net
Change-Id: Ib54bc60a54ad4ef0605baea62d87b9f14caf8aa7
Those parameters will be used to start DhcpServer or update its
configuration.
Test: runtest DhcpServingParamsTest.java
Bug: b/109584964
Change-Id: Id8d3dcf62d66dcb02accffa8d8500e30f07af452
LocalServices.addService in NetworkStatsService is currently failing
with IllegalStateException "Overriding service registration". Setting up
LocalServices in the test to avoid this issue might be possible, but
moving the registration to the only non-test caller of that constructor
as done here solves the issue and avoids side-effects from a constructor.
Test: atest FrameworksNetTests does not choke on this test
Bug: b/78487385
Bug: b/80082746
Change-Id: I5dba98fc79aec0800c8b71e6c7e23d1cfbcae852
Merged-In: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0
(Clean cherry-pick of go/ag/4061255)
The current utilities map the higher-order bytes of ints to the
lower-order bytes of IPv4 addresses, which makes applying masks and
generating series of addresses confusing.
For example, the current utilities would convert 1.2.3.4 to 0x04030201,
or generate 0x0080ffff for a /17 subnet mask. The utilities in this CL
convert 1.2.3.4 to 0x01020304, and a /17 subnet mask is represented as
0xffff8000.
Includes tests for all the above methods and migration of
NetworkUtilsTest to JUnit4.
Test: added tests pass
Change-Id: I5f5aa2e6e3b054b66b9dc507dab64f41be9139b1
With recent performance degradations on apct, the current timeouts are
too short and some requests trigger onUnavailable() before networks are
validated.
Test: runtest -x ConnectivityServiceTest.java
Bug: b/111778226
Change-Id: I083f529787f108065637a0aff3e5bb88e05e6510
apct runs have become significantly slower, which makes some of these
tests flaky. Increase the timeout as a first measure to avoid flakes.
Bug: b/111819270
Test: runtest -x IpClientTest.java
Change-Id: Ifb0091377f311b67ba3a4f9324ce1e8cfb421ea3
Fix some timeouts that were forgotten in parent CL.
Bug: b/111778226
Test: runtest --no-hidden-api-checks -x ConnectivityServiceTest.java
Change-Id: Ib848eaba8c69c07ac596aa4386a741c9a2a87fc9
Tests appear to have become much slower on apct in recent runs, although
local runs do not seem to be affected. As a first measure, increase our
timeouts to eliminate flakyness.
Bug: b/111778226
Test: runtest --no-hidden-api-checks -x ConnectivityServiceTest.java
Change-Id: I7a3bfb646eb554bcd9d50d026142f2a2cff74beb
The current timeout is short enough that lingered networks are torn down
before assertions can be run, causing flakyness in testMultipleLingering.
This CL sets the timeout to 300 in that particular test.
Verified that 300ms is enough with 500 successful runs on Sailfish.
An alternative would be to mock firing of the lingering timer, but
keeping the WakeupMessage logic realistic has already proven useful in
detecting races.
Bug: b/110673602
Test: runtest --no-hidden-api-checks frameworks-net
Change-Id: I6f9a656190bcff0b071ae2584d0f5fa74158472b
Rather than use the crufty config.xml list of upstream transport types,
use ConnectivityService's notion of the default network for the upstream.
In cases where a DUN network is required and the default network is
currently a mobile network, look for a DUN network (code in Tethering
is currently responsible for requesting one).
Test: as follows
- built, flashed, booted
- runtest frameworks-net
- tethered via mobile, joined captive portal network, maintained
laptop access via mobile until captive passed (then used wifi)
- disabled client mode wifi, disabled mobile data, plugged in
ethernet adapter, observed connectivity via ethernet
Bug: 32163131
Bug: 62648872
Bug: 63282480
Bug: 109786760
Bug: 110118584
Bug: 110260419
Merged-In: I9cddf1fb7aa3b8d56bf048c563556244e74808c2
Merged-In: Icac3e5e20e99093ddb85aae1ca07ed7b5cf309fd
Change-Id: I925b75994e31df8046f3ef9916a2457b4210485e
(cherry picked from commit 4080a1bd15)
Change access level of getNetworkAgentInfoForNetwork in ConnectivityService to get
better testability. And add test case to verify clat state transition and make sure
linkProperties are updated correctly.
Bug: 80261579, 109913107
Test: runtest frameworks-net -c com.android.server.ConnectivityServiceTest \
-m testStackedLinkProperties
Change-Id: I72fce594d74bd349f65557edca03640e1b86317c
The used constant overflows. This is irrelevant to the test, so
decrease test constant.
Bug: 110155920
Test: m javac-check RUN_ERROR_PRONE=true
Change-Id: Idfc7e987ba9c36389a20c7fc01b1161ef89483d8
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Manually merging this due to skipping a merge
conflict at ef9f2740a7
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit 3f2c54b782)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 592dadbd43)
* changes:
Let tests enumerate all transports/capabilities.
Destroy networks as soon as they are disconnected.
Fix a ConcurrentModificationException crash.
Unify behavior of various cases of "no underlying networks"
Fix: VPNs update caps upon underlying network disconnect.
Add tests for setUnderlyingNetworks.
Fix setCapabilities.
Fix SSID not being logged by the validation logs
Make sure getActiveNetwork is consistent with default callbacks
Add tests for getActiveNetwork.
Guard the SSID with NETWORK_SETTINGS
Add a new ssid field in NetworkCapabilities.
Notif manager and captive portal app to read SSID again
Remove unwanted capability from the java-doc
Actually @hide unwanted capability methods.
API council requested tweaks to NetworkRequest.
Add OEM_PAID capability to system api
add airplane mode shell commands to connectivity
Enable cleartext for captive portal apps
Expose CONNECTIVITY_ACTION to Instant Apps
fix isActiveNetworkMetered with VPNs
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Clean cherry-pick of ag/4113809
Bug: 79748782
Test: runtest frameworks-net
Change-Id: Ie6ace6bd95139605ffcfa8cd6c15cf28f8fa28c8
Merged-In: If19b85325e7d684e645470293b3c8a674084c641
Merged-in: I22f80a6a39d4a19ff74aa61fcbd66f1a041b1003
