Merge "Add RESTRICTED_ALLOWED_APPS setting"
diff --git a/services/core/java/com/android/server/ConnectivityService.java b/services/core/java/com/android/server/ConnectivityService.java
index 61bb740..39a990c 100644
--- a/services/core/java/com/android/server/ConnectivityService.java
+++ b/services/core/java/com/android/server/ConnectivityService.java
@@ -133,6 +133,8 @@
import android.net.IpPrefix;
import android.net.LinkProperties;
import android.net.MatchAllNetworkSpecifier;
+import android.net.NativeNetworkConfig;
+import android.net.NativeNetworkType;
import android.net.NattSocketKeepalive;
import android.net.Network;
import android.net.NetworkAgent;
@@ -3804,36 +3806,43 @@
nai.onNetworkDestroyed();
}
- private boolean createNativeNetwork(@NonNull NetworkAgentInfo networkAgent) {
+ private boolean createNativeNetwork(@NonNull NetworkAgentInfo nai) {
try {
// This should never fail. Specifying an already in use NetID will cause failure.
- if (networkAgent.isVPN()) {
- mNetd.networkCreateVpn(networkAgent.network.getNetId(),
- (networkAgent.networkAgentConfig == null
- || !networkAgent.networkAgentConfig.allowBypass));
+ final NativeNetworkConfig config;
+ if (nai.isVPN()) {
+ if (getVpnType(nai) == VpnManager.TYPE_VPN_NONE) {
+ Log.wtf(TAG, "Unable to get VPN type from network " + nai.toShortString());
+ return false;
+ }
+ config = new NativeNetworkConfig(nai.network.getNetId(), NativeNetworkType.VIRTUAL,
+ INetd.PERMISSION_NONE,
+ (nai.networkAgentConfig == null || !nai.networkAgentConfig.allowBypass),
+ getVpnType(nai));
} else {
- mNetd.networkCreatePhysical(networkAgent.network.getNetId(),
- getNetworkPermission(networkAgent.networkCapabilities));
+ config = new NativeNetworkConfig(nai.network.getNetId(), NativeNetworkType.PHYSICAL,
+ getNetworkPermission(nai.networkCapabilities), /*secure=*/ false,
+ VpnManager.TYPE_VPN_NONE);
}
- mDnsResolver.createNetworkCache(networkAgent.network.getNetId());
- mDnsManager.updateTransportsForNetwork(networkAgent.network.getNetId(),
- networkAgent.networkCapabilities.getTransportTypes());
+ mNetd.networkCreate(config);
+ mDnsResolver.createNetworkCache(nai.network.getNetId());
+ mDnsManager.updateTransportsForNetwork(nai.network.getNetId(),
+ nai.networkCapabilities.getTransportTypes());
return true;
} catch (RemoteException | ServiceSpecificException e) {
- loge("Error creating network " + networkAgent.network.getNetId() + ": "
- + e.getMessage());
+ loge("Error creating network " + nai.toShortString() + ": " + e.getMessage());
return false;
}
}
- private void destroyNativeNetwork(@NonNull NetworkAgentInfo networkAgent) {
+ private void destroyNativeNetwork(@NonNull NetworkAgentInfo nai) {
try {
- mNetd.networkDestroy(networkAgent.network.getNetId());
+ mNetd.networkDestroy(nai.network.getNetId());
} catch (RemoteException | ServiceSpecificException e) {
loge("Exception destroying network(networkDestroy): " + e);
}
try {
- mDnsResolver.destroyNetworkCache(networkAgent.network.getNetId());
+ mDnsResolver.destroyNetworkCache(nai.network.getNetId());
} catch (RemoteException | ServiceSpecificException e) {
loge("Exception destroying network: " + e);
}
diff --git a/tests/net/integration/util/com/android/server/NetworkAgentWrapper.java b/tests/net/integration/util/com/android/server/NetworkAgentWrapper.java
index e2d43cb..e809550 100644
--- a/tests/net/integration/util/com/android/server/NetworkAgentWrapper.java
+++ b/tests/net/integration/util/com/android/server/NetworkAgentWrapper.java
@@ -370,4 +370,8 @@
}
}
}
+
+ public boolean isBypassableVpn() {
+ return mNetworkAgentConfig.isBypassableVpn();
+ }
}
diff --git a/tests/net/java/android/net/VpnManagerTest.java b/tests/net/java/android/net/VpnManagerTest.java
index c548e30..3135062 100644
--- a/tests/net/java/android/net/VpnManagerTest.java
+++ b/tests/net/java/android/net/VpnManagerTest.java
@@ -28,11 +28,13 @@
import android.content.ComponentName;
import android.content.Intent;
import android.test.mock.MockContext;
+import android.util.SparseArray;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
import com.android.internal.net.VpnProfile;
+import com.android.internal.util.MessageUtils;
import org.junit.Before;
import org.junit.Test;
@@ -119,4 +121,18 @@
.setAuthPsk(PSK_BYTES)
.build();
}
+
+ @Test
+ public void testVpnTypesEqual() throws Exception {
+ SparseArray<String> vmVpnTypes = MessageUtils.findMessageNames(
+ new Class[] { VpnManager.class }, new String[]{ "TYPE_VPN_" });
+ SparseArray<String> nativeVpnType = MessageUtils.findMessageNames(
+ new Class[] { NativeVpnType.class }, new String[]{ "" });
+
+ // TYPE_VPN_NONE = -1 is only defined in VpnManager.
+ assertEquals(vmVpnTypes.size() - 1, nativeVpnType.size());
+ for (int i = VpnManager.TYPE_VPN_SERVICE; i < vmVpnTypes.size(); i++) {
+ assertEquals(vmVpnTypes.get(i), "TYPE_VPN_" + nativeVpnType.get(i));
+ }
+ }
}
diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java
index 458e9b3..ab50798 100644
--- a/tests/net/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java
@@ -211,6 +211,8 @@
import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.MatchAllNetworkSpecifier;
+import android.net.NativeNetworkConfig;
+import android.net.NativeNetworkType;
import android.net.Network;
import android.net.NetworkAgent;
import android.net.NetworkAgentConfig;
@@ -1253,6 +1255,8 @@
verify(mMockNetd, never())
.networkRemoveUidRanges(eq(mMockVpn.getNetwork().getNetId()), any());
mAgentRegistered = true;
+ verify(mMockNetd).networkCreate(nativeNetworkConfigVpn(getNetwork().netId,
+ !mMockNetworkAgent.isBypassableVpn(), mVpnType));
updateState(NetworkInfo.DetailedState.CONNECTED, "registerAgent");
mNetworkCapabilities.set(mMockNetworkAgent.getNetworkCapabilities());
mNetworkAgent = mMockNetworkAgent.getNetworkAgent();
@@ -2861,6 +2865,16 @@
mCm.unregisterNetworkCallback(callback);
}
+ private NativeNetworkConfig nativeNetworkConfigPhysical(int netId, int permission) {
+ return new NativeNetworkConfig(netId, NativeNetworkType.PHYSICAL, permission,
+ /*secure=*/ false, VpnManager.TYPE_VPN_NONE);
+ }
+
+ private NativeNetworkConfig nativeNetworkConfigVpn(int netId, boolean secure, int vpnType) {
+ return new NativeNetworkConfig(netId, NativeNetworkType.VIRTUAL, INetd.PERMISSION_NONE,
+ secure, vpnType);
+ }
+
@Test
public void testNetworkAgentCallbacks() throws Exception {
// Keeps track of the order of events that happen in this test.
@@ -2882,8 +2896,8 @@
wifiNetwork.set(mWiFiNetworkAgent.getNetwork());
assertNotNull(wifiNetwork.get());
try {
- verify(mMockNetd).networkCreatePhysical(wifiNetwork.get().getNetId(),
- INetd.PERMISSION_NONE);
+ verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ wifiNetwork.get().getNetId(), INetd.PERMISSION_NONE));
} catch (RemoteException impossible) {
fail();
}
@@ -8327,7 +8341,8 @@
final int cellNetId = mCellNetworkAgent.getNetwork().netId;
waitForIdle();
- verify(mMockNetd, times(1)).networkCreatePhysical(eq(cellNetId), anyInt());
+ verify(mMockNetd, times(1)).networkCreate(nativeNetworkConfigPhysical(cellNetId,
+ INetd.PERMISSION_NONE));
assertRoutesAdded(cellNetId, ipv6Subnet, defaultRoute);
verify(mMockDnsResolver, times(1)).createNetworkCache(eq(cellNetId));
verify(mMockNetd, times(1)).networkAddInterface(cellNetId, MOBILE_IFNAME);
@@ -11982,8 +11997,9 @@
mSystemDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
mDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
mProfileDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
- inOrder.verify(mMockNetd).networkCreatePhysical(mCellNetworkAgent.getNetwork().netId,
- INetd.PERMISSION_NONE);
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ mCellNetworkAgent.getNetwork().netId, INetd.PERMISSION_NONE));
+
final TestOnCompleteListener listener = new TestOnCompleteListener();
mCm.setProfileNetworkPreference(testHandle, PROFILE_NETWORK_PREFERENCE_ENTERPRISE,
@@ -12010,8 +12026,8 @@
mProfileDefaultNetworkCallback.expectAvailableCallbacksUnvalidated(workAgent);
mSystemDefaultNetworkCallback.assertNoCallback();
mDefaultNetworkCallback.assertNoCallback();
- inOrder.verify(mMockNetd).networkCreatePhysical(workAgent.getNetwork().netId,
- INetd.PERMISSION_SYSTEM);
+ inOrder.verify(mMockNetd).networkCreate(
+ nativeNetworkConfigPhysical(workAgent.getNetwork().netId, INetd.PERMISSION_SYSTEM));
inOrder.verify(mMockNetd).networkAddUidRanges(workAgent.getNetwork().netId,
uidRangeFor(testHandle));
inOrder.verify(mMockNetd).networkRemoveUidRanges(mCellNetworkAgent.getNetwork().netId,
@@ -12054,8 +12070,8 @@
mSystemDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
mDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
mProfileDefaultNetworkCallback.assertNoCallback();
- inOrder.verify(mMockNetd).networkCreatePhysical(mCellNetworkAgent.getNetwork().netId,
- INetd.PERMISSION_NONE);
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ mCellNetworkAgent.getNetwork().netId, INetd.PERMISSION_NONE));
// When the agent disconnects, test that the app on the work profile falls back to the
// default network.
@@ -12085,8 +12101,8 @@
mProfileDefaultNetworkCallback.expectAvailableCallbacksUnvalidated(workAgent2);
assertNoCallbacks(mSystemDefaultNetworkCallback, mDefaultNetworkCallback);
- inOrder.verify(mMockNetd).networkCreatePhysical(workAgent2.getNetwork().netId,
- INetd.PERMISSION_SYSTEM);
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ workAgent2.getNetwork().netId, INetd.PERMISSION_SYSTEM));
inOrder.verify(mMockNetd).networkAddUidRanges(workAgent2.getNetwork().netId,
uidRangeFor(testHandle));
@@ -12131,8 +12147,8 @@
mCm.setProfileNetworkPreference(testHandle, PROFILE_NETWORK_PREFERENCE_ENTERPRISE,
r -> r.run(), listener);
listener.expectOnComplete();
- inOrder.verify(mMockNetd).networkCreatePhysical(mCellNetworkAgent.getNetwork().netId,
- INetd.PERMISSION_NONE);
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ mCellNetworkAgent.getNetwork().netId, INetd.PERMISSION_NONE));
inOrder.verify(mMockNetd).networkAddUidRanges(workAgent.getNetwork().netId,
uidRangeFor(testHandle));
@@ -12184,10 +12200,10 @@
mDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
mProfileDefaultNetworkCallback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
app4Cb.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
- inOrder.verify(mMockNetd).networkCreatePhysical(mCellNetworkAgent.getNetwork().netId,
- INetd.PERMISSION_NONE);
- inOrder.verify(mMockNetd).networkCreatePhysical(workAgent.getNetwork().netId,
- INetd.PERMISSION_SYSTEM);
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ mCellNetworkAgent.getNetwork().netId, INetd.PERMISSION_NONE));
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ workAgent.getNetwork().netId, INetd.PERMISSION_SYSTEM));
final TestOnCompleteListener listener = new TestOnCompleteListener();
mCm.setProfileNetworkPreference(testHandle2, PROFILE_NETWORK_PREFERENCE_ENTERPRISE,
@@ -12239,8 +12255,8 @@
mCm.setProfileNetworkPreference(testHandle, PROFILE_NETWORK_PREFERENCE_ENTERPRISE,
r -> r.run(), listener);
listener.expectOnComplete();
- inOrder.verify(mMockNetd).networkCreatePhysical(mCellNetworkAgent.getNetwork().netId,
- INetd.PERMISSION_NONE);
+ inOrder.verify(mMockNetd).networkCreate(nativeNetworkConfigPhysical(
+ mCellNetworkAgent.getNetwork().netId, INetd.PERMISSION_NONE));
inOrder.verify(mMockNetd).networkAddUidRanges(mCellNetworkAgent.getNetwork().netId,
uidRangeFor(testHandle));