Merge "Remove expectCapabilitiesWith and Without"
diff --git a/Cronet/tests/cts/src/android/net/http/cts/HttpEngineTest.java b/Cronet/tests/cts/src/android/net/http/cts/HttpEngineTest.java
index 6a8467c..6d27b43 100644
--- a/Cronet/tests/cts/src/android/net/http/cts/HttpEngineTest.java
+++ b/Cronet/tests/cts/src/android/net/http/cts/HttpEngineTest.java
@@ -17,6 +17,7 @@
package android.net.http.cts;
import static android.net.http.cts.util.TestUtilsKt.assertOKStatusCode;
+import static android.net.http.cts.util.TestUtilsKt.assumeOKStatusCode;
import static android.net.http.cts.util.TestUtilsKt.skipIfNoInternetConnection;
import static org.hamcrest.MatcherAssert.assertThat;
@@ -100,13 +101,14 @@
// We send multiple requests to reduce the flakiness of the test.
boolean quicWasUsed = false;
for (int i = 0; i < 5; i++) {
+ mCallback = new TestUrlRequestCallback();
UrlRequest.Builder builder =
mEngine.newUrlRequestBuilder(URL, mCallback, mCallback.getExecutor());
builder.build().start();
mCallback.expectCallback(ResponseStep.ON_SUCCEEDED);
UrlResponseInfo info = mCallback.mResponseInfo;
- assertOKStatusCode(info);
+ assumeOKStatusCode(info);
quicWasUsed = isQuic(info.getNegotiatedProtocol());
if (quicWasUsed) {
break;
diff --git a/Cronet/tests/cts/src/android/net/http/cts/UrlRequestTest.java b/Cronet/tests/cts/src/android/net/http/cts/UrlRequestTest.java
index 54c1ee3..5256bae 100644
--- a/Cronet/tests/cts/src/android/net/http/cts/UrlRequestTest.java
+++ b/Cronet/tests/cts/src/android/net/http/cts/UrlRequestTest.java
@@ -21,6 +21,7 @@
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThan;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertSame;
import android.content.Context;
@@ -30,6 +31,7 @@
import android.net.http.UrlResponseInfo;
import android.net.http.cts.util.HttpCtsTestServer;
import android.net.http.cts.util.TestStatusListener;
+import android.net.http.cts.util.TestUploadDataProvider;
import android.net.http.cts.util.TestUrlRequestCallback;
import android.net.http.cts.util.TestUrlRequestCallback.ResponseStep;
@@ -67,14 +69,14 @@
}
}
- private UrlRequest buildUrlRequest(String url) {
- return mHttpEngine.newUrlRequestBuilder(url, mCallback, mCallback.getExecutor()).build();
+ private UrlRequest.Builder createUrlRequestBuilder(String url) {
+ return mHttpEngine.newUrlRequestBuilder(url, mCallback, mCallback.getExecutor());
}
@Test
public void testUrlRequestGet_CompletesSuccessfully() throws Exception {
String url = mTestServer.getSuccessUrl();
- UrlRequest request = buildUrlRequest(url);
+ UrlRequest request = createUrlRequestBuilder(url).build();
request.start();
mCallback.expectCallback(ResponseStep.ON_SUCCEEDED);
@@ -85,7 +87,7 @@
@Test
public void testUrlRequestStatus_InvalidBeforeRequestStarts() throws Exception {
- UrlRequest request = buildUrlRequest(mTestServer.getSuccessUrl());
+ UrlRequest request = createUrlRequestBuilder(mTestServer.getSuccessUrl()).build();
// Calling before request is started should give Status.INVALID,
// since the native adapter is not created.
TestStatusListener statusListener = new TestStatusListener();
@@ -95,7 +97,7 @@
@Test
public void testUrlRequestCancel_CancelCalled() throws Exception {
- UrlRequest request = buildUrlRequest(mTestServer.getSuccessUrl());
+ UrlRequest request = createUrlRequestBuilder(mTestServer.getSuccessUrl()).build();
mCallback.setAutoAdvance(false);
request.start();
@@ -105,4 +107,28 @@
request.cancel();
mCallback.expectCallback(ResponseStep.ON_CANCELED);
}
+
+ @Test
+ public void testUrlRequestPost_EchoRequestBody() throws Exception {
+ String testData = "test";
+ UrlRequest.Builder builder = createUrlRequestBuilder(mTestServer.getEchoBodyUrl());
+
+ TestUploadDataProvider dataProvider = new TestUploadDataProvider(
+ TestUploadDataProvider.SuccessCallbackMode.SYNC, mCallback.getExecutor());
+ dataProvider.addRead(testData.getBytes());
+ builder.setUploadDataProvider(dataProvider, mCallback.getExecutor());
+ builder.addHeader("Content-Type", "text/html");
+ builder.build().start();
+ mCallback.expectCallback(ResponseStep.ON_SUCCEEDED);
+
+ assertOKStatusCode(mCallback.mResponseInfo);
+ assertEquals(testData, mCallback.mResponseAsString);
+ dataProvider.assertClosed();
+ }
+
+ @Test
+ public void testUrlRequestFail_FailedCalled() throws Exception {
+ createUrlRequestBuilder("http://0.0.0.0:0/").build().start();
+ mCallback.expectCallback(ResponseStep.ON_FAILED);
+ }
}
diff --git a/Cronet/tests/cts/src/android/net/http/cts/util/TestUtils.kt b/Cronet/tests/cts/src/android/net/http/cts/util/TestUtils.kt
index d30c059..23ec2c8 100644
--- a/Cronet/tests/cts/src/android/net/http/cts/util/TestUtils.kt
+++ b/Cronet/tests/cts/src/android/net/http/cts/util/TestUtils.kt
@@ -19,8 +19,10 @@
import android.content.Context
import android.net.ConnectivityManager
import android.net.http.UrlResponseInfo
+import org.hamcrest.Matchers.equalTo
import org.junit.Assert.assertEquals
import org.junit.Assume.assumeNotNull
+import org.junit.Assume.assumeThat
fun skipIfNoInternetConnection(context: Context) {
val connectivityManager = context.getSystemService(ConnectivityManager::class.java)
@@ -29,5 +31,9 @@
}
fun assertOKStatusCode(info: UrlResponseInfo) {
- assertEquals("Status code must be 200 OK", 200, info.getHttpStatusCode())
+ assertEquals("Status code must be 200 OK", 200, info.httpStatusCode)
+}
+
+fun assumeOKStatusCode(info: UrlResponseInfo) {
+ assumeThat("Status code must be 200 OK", info.getHttpStatusCode(), equalTo(200))
}
diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
index 4224da9..17389b4 100644
--- a/framework/src/android/net/ConnectivityManager.java
+++ b/framework/src/android/net/ConnectivityManager.java
@@ -2279,23 +2279,12 @@
private final ISocketKeepaliveCallback mCallback;
private final ExecutorService mExecutor;
- private volatile Integer mSlot;
-
@UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
public void stop() {
try {
mExecutor.execute(() -> {
try {
- if (mSlot != null) {
- // TODO : this is incorrect, because in the presence of auto on/off
- // keepalive the slot associated with this keepalive can have
- // changed. Also, this actually causes another problem where some other
- // app might stop your keepalive if it just knows the network and
- // the slot and goes through the trouble of grabbing the aidl object.
- // This code should use the callback to identify what keepalive to
- // stop instead.
- mService.stopKeepalive(mNetwork, mSlot);
- }
+ mService.stopKeepalive(mCallback);
} catch (RemoteException e) {
Log.e(TAG, "Error stopping packet keepalive: ", e);
throw e.rethrowFromSystemServer();
@@ -2313,11 +2302,10 @@
mExecutor = Executors.newSingleThreadExecutor();
mCallback = new ISocketKeepaliveCallback.Stub() {
@Override
- public void onStarted(int slot) {
+ public void onStarted() {
final long token = Binder.clearCallingIdentity();
try {
mExecutor.execute(() -> {
- mSlot = slot;
callback.onStarted();
});
} finally {
@@ -2330,7 +2318,6 @@
final long token = Binder.clearCallingIdentity();
try {
mExecutor.execute(() -> {
- mSlot = null;
callback.onStopped();
});
} finally {
@@ -2344,7 +2331,6 @@
final long token = Binder.clearCallingIdentity();
try {
mExecutor.execute(() -> {
- mSlot = null;
callback.onError(error);
});
} finally {
diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl
index 7db231e..acbc31e 100644
--- a/framework/src/android/net/IConnectivityManager.aidl
+++ b/framework/src/android/net/IConnectivityManager.aidl
@@ -193,7 +193,7 @@
void startTcpKeepalive(in Network network, in ParcelFileDescriptor pfd, int intervalSeconds,
in ISocketKeepaliveCallback cb);
- void stopKeepalive(in Network network, int slot);
+ void stopKeepalive(in ISocketKeepaliveCallback cb);
String getCaptivePortalServerUrl();
diff --git a/framework/src/android/net/ISocketKeepaliveCallback.aidl b/framework/src/android/net/ISocketKeepaliveCallback.aidl
index 020fbca..1240e37 100644
--- a/framework/src/android/net/ISocketKeepaliveCallback.aidl
+++ b/framework/src/android/net/ISocketKeepaliveCallback.aidl
@@ -24,7 +24,7 @@
oneway interface ISocketKeepaliveCallback
{
/** The keepalive was successfully started. */
- void onStarted(int slot);
+ void onStarted();
/** The keepalive was successfully stopped. */
void onStopped();
/** The keepalive was stopped because of an error. */
diff --git a/framework/src/android/net/NattSocketKeepalive.java b/framework/src/android/net/NattSocketKeepalive.java
index 4d45e70..77137f4 100644
--- a/framework/src/android/net/NattSocketKeepalive.java
+++ b/framework/src/android/net/NattSocketKeepalive.java
@@ -91,9 +91,7 @@
protected void stopImpl() {
mExecutor.execute(() -> {
try {
- if (mSlot != null) {
- mService.stopKeepalive(mNetwork, mSlot);
- }
+ mService.stopKeepalive(mCallback);
} catch (RemoteException e) {
Log.e(TAG, "Error stopping socket keepalive: ", e);
throw e.rethrowFromSystemServer();
diff --git a/framework/src/android/net/NetworkAgent.java b/framework/src/android/net/NetworkAgent.java
index 3ec00d9..8fe20de 100644
--- a/framework/src/android/net/NetworkAgent.java
+++ b/framework/src/android/net/NetworkAgent.java
@@ -291,7 +291,9 @@
/**
* Requests that the specified keepalive packet be stopped.
*
- * arg1 = hardware slot number of the keepalive to stop.
+ * arg1 = unused
+ * arg2 = error code (SUCCESS)
+ * obj = callback to identify the keepalive
*
* Also used internally by ConnectivityService / KeepaliveTracker, with different semantics.
* @hide
diff --git a/framework/src/android/net/SocketKeepalive.java b/framework/src/android/net/SocketKeepalive.java
index 90e5e9b..2911ce7 100644
--- a/framework/src/android/net/SocketKeepalive.java
+++ b/framework/src/android/net/SocketKeepalive.java
@@ -21,7 +21,6 @@
import android.annotation.IntDef;
import android.annotation.IntRange;
import android.annotation.NonNull;
-import android.annotation.Nullable;
import android.annotation.SystemApi;
import android.os.Binder;
import android.os.ParcelFileDescriptor;
@@ -249,9 +248,6 @@
@NonNull protected final Executor mExecutor;
/** @hide */
@NonNull protected final ISocketKeepaliveCallback mCallback;
- // TODO: remove slot since mCallback could be used to identify which keepalive to stop.
- /** @hide */
- @Nullable protected Integer mSlot;
/** @hide */
public SocketKeepalive(@NonNull IConnectivityManager service, @NonNull Network network,
@@ -263,11 +259,10 @@
mExecutor = executor;
mCallback = new ISocketKeepaliveCallback.Stub() {
@Override
- public void onStarted(int slot) {
+ public void onStarted() {
final long token = Binder.clearCallingIdentity();
try {
mExecutor.execute(() -> {
- mSlot = slot;
callback.onStarted();
});
} finally {
@@ -280,7 +275,6 @@
final long token = Binder.clearCallingIdentity();
try {
executor.execute(() -> {
- mSlot = null;
callback.onStopped();
});
} finally {
@@ -293,7 +287,6 @@
final long token = Binder.clearCallingIdentity();
try {
executor.execute(() -> {
- mSlot = null;
callback.onError(error);
});
} finally {
@@ -306,7 +299,6 @@
final long token = Binder.clearCallingIdentity();
try {
executor.execute(() -> {
- mSlot = null;
callback.onDataReceived();
});
} finally {
diff --git a/framework/src/android/net/TcpSocketKeepalive.java b/framework/src/android/net/TcpSocketKeepalive.java
index 51d805e..cda5830 100644
--- a/framework/src/android/net/TcpSocketKeepalive.java
+++ b/framework/src/android/net/TcpSocketKeepalive.java
@@ -69,9 +69,7 @@
protected void stopImpl() {
mExecutor.execute(() -> {
try {
- if (mSlot != null) {
- mService.stopKeepalive(mNetwork, mSlot);
- }
+ mService.stopKeepalive(mCallback);
} catch (RemoteException e) {
Log.e(TAG, "Error stopping packet keepalive: ", e);
throw e.rethrowFromSystemServer();
diff --git a/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp b/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
index 122c2d4..4fbc5f4 100644
--- a/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
+++ b/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
@@ -247,10 +247,6 @@
return parseBpfNetworkStatsDevInternal(lines, ifaceStatsMap, ifaceIndexNameMap);
}
-uint64_t combineUidTag(const uid_t uid, const uint32_t tag) {
- return (uint64_t)uid << 32 | tag;
-}
-
void groupNetworkStats(std::vector<stats_line>* lines) {
if (lines->size() <= 1) return;
std::sort(lines->begin(), lines->end());
diff --git a/service-t/native/libs/libnetworkstats/NetworkTraceHandlerTest.cpp b/service-t/native/libs/libnetworkstats/NetworkTraceHandlerTest.cpp
index 760ae91..560194f 100644
--- a/service-t/native/libs/libnetworkstats/NetworkTraceHandlerTest.cpp
+++ b/service-t/native/libs/libnetworkstats/NetworkTraceHandlerTest.cpp
@@ -87,7 +87,10 @@
protected:
void SetUp() {
if (access(PACKET_TRACE_RINGBUF_PATH, R_OK)) {
- GTEST_SKIP() << "Network tracing is not enabled/loaded on this build";
+ GTEST_SKIP() << "Network tracing is not enabled/loaded on this build.";
+ }
+ if (sizeof(void*) != 8) {
+ GTEST_SKIP() << "Network tracing requires 64-bit build.";
}
}
};
diff --git a/service-t/src/com/android/server/IpSecService.java b/service-t/src/com/android/server/IpSecService.java
index 9e71eb3..a884840 100644
--- a/service-t/src/com/android/server/IpSecService.java
+++ b/service-t/src/com/android/server/IpSecService.java
@@ -17,6 +17,7 @@
package com.android.server;
import static android.Manifest.permission.DUMP;
+import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.net.IpSecManager.FEATURE_IPSEC_TUNNEL_MIGRATION;
import static android.net.IpSecManager.INVALID_RESOURCE_ID;
import static android.system.OsConstants.AF_INET;
@@ -65,6 +66,7 @@
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.Preconditions;
+import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.BinderUtils;
import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.PermissionUtils;
@@ -102,6 +104,7 @@
private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms
private static final InetAddress INADDR_ANY;
+ private static final InetAddress IN6ADDR_ANY;
@VisibleForTesting static final int MAX_PORT_BIND_ATTEMPTS = 10;
@@ -110,6 +113,8 @@
static {
try {
INADDR_ANY = InetAddress.getByAddress(new byte[] {0, 0, 0, 0});
+ IN6ADDR_ANY = InetAddress.getByAddress(
+ new byte[] {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0});
} catch (UnknownHostException e) {
throw new RuntimeException(e);
}
@@ -1013,11 +1018,13 @@
private final class EncapSocketRecord extends OwnedResourceRecord {
private FileDescriptor mSocket;
private final int mPort;
+ private final int mFamily; // TODO: what about IPV6_ADDRFORM?
- EncapSocketRecord(int resourceId, FileDescriptor socket, int port) {
+ EncapSocketRecord(int resourceId, FileDescriptor socket, int port, int family) {
super(resourceId);
mSocket = socket;
mPort = port;
+ mFamily = family;
}
/** always guarded by IpSecService#this */
@@ -1038,6 +1045,10 @@
return mSocket;
}
+ public int getFamily() {
+ return mFamily;
+ }
+
@Override
protected ResourceTracker getResourceTracker() {
return getUserRecord().mSocketQuotaTracker;
@@ -1210,15 +1221,16 @@
* and re-binding, during which the system could *technically* hand that port out to someone
* else.
*/
- private int bindToRandomPort(FileDescriptor sockFd) throws IOException {
+ private int bindToRandomPort(FileDescriptor sockFd, int family, InetAddress localAddr)
+ throws IOException {
for (int i = MAX_PORT_BIND_ATTEMPTS; i > 0; i--) {
try {
- FileDescriptor probeSocket = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- Os.bind(probeSocket, INADDR_ANY, 0);
+ FileDescriptor probeSocket = Os.socket(family, SOCK_DGRAM, IPPROTO_UDP);
+ Os.bind(probeSocket, localAddr, 0);
int port = ((InetSocketAddress) Os.getsockname(probeSocket)).getPort();
Os.close(probeSocket);
Log.v(TAG, "Binding to port " + port);
- Os.bind(sockFd, INADDR_ANY, port);
+ Os.bind(sockFd, localAddr, port);
return port;
} catch (ErrnoException e) {
// Someone miraculously claimed the port just after we closed probeSocket.
@@ -1260,6 +1272,19 @@
@Override
public synchronized IpSecUdpEncapResponse openUdpEncapsulationSocket(int port, IBinder binder)
throws RemoteException {
+ // Experimental support for IPv6 UDP encap.
+ final int family;
+ final InetAddress localAddr;
+ if (SdkLevel.isAtLeastU() && port >= 65536) {
+ PermissionUtils.enforceNetworkStackPermissionOr(mContext, NETWORK_SETTINGS);
+ port -= 65536;
+ family = AF_INET6;
+ localAddr = IN6ADDR_ANY;
+ } else {
+ family = AF_INET;
+ localAddr = INADDR_ANY;
+ }
+
if (port != 0 && (port < FREE_PORT_MIN || port > PORT_MAX)) {
throw new IllegalArgumentException(
"Specified port number must be a valid non-reserved UDP port");
@@ -1278,7 +1303,7 @@
FileDescriptor sockFd = null;
try {
- sockFd = Os.socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+ sockFd = Os.socket(family, SOCK_DGRAM, IPPROTO_UDP);
pFd = ParcelFileDescriptor.dup(sockFd);
} finally {
IoUtils.closeQuietly(sockFd);
@@ -1295,15 +1320,16 @@
mNetd.ipSecSetEncapSocketOwner(pFd, callingUid);
if (port != 0) {
Log.v(TAG, "Binding to port " + port);
- Os.bind(pFd.getFileDescriptor(), INADDR_ANY, port);
+ Os.bind(pFd.getFileDescriptor(), localAddr, port);
} else {
- port = bindToRandomPort(pFd.getFileDescriptor());
+ port = bindToRandomPort(pFd.getFileDescriptor(), family, localAddr);
}
userRecord.mEncapSocketRecords.put(
resourceId,
new RefcountedResource<EncapSocketRecord>(
- new EncapSocketRecord(resourceId, pFd.getFileDescriptor(), port),
+ new EncapSocketRecord(resourceId, pFd.getFileDescriptor(), port,
+ family),
binder));
return new IpSecUdpEncapResponse(IpSecManager.Status.OK, resourceId, port,
pFd.getFileDescriptor());
@@ -1580,6 +1606,7 @@
*/
private void checkIpSecConfig(IpSecConfig config) {
UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid());
+ EncapSocketRecord encapSocketRecord = null;
switch (config.getEncapType()) {
case IpSecTransform.ENCAP_NONE:
@@ -1587,7 +1614,7 @@
case IpSecTransform.ENCAP_ESPINUDP:
case IpSecTransform.ENCAP_ESPINUDP_NON_IKE:
// Retrieve encap socket record; will throw IllegalArgumentException if not found
- userRecord.mEncapSocketRecords.getResourceOrThrow(
+ encapSocketRecord = userRecord.mEncapSocketRecords.getResourceOrThrow(
config.getEncapSocketResourceId());
int port = config.getEncapRemotePort();
@@ -1641,10 +1668,9 @@
+ ") have different address families.");
}
- // Throw an error if UDP Encapsulation is not used in IPv4.
- if (config.getEncapType() != IpSecTransform.ENCAP_NONE && sourceFamily != AF_INET) {
+ if (encapSocketRecord != null && encapSocketRecord.getFamily() != destinationFamily) {
throw new IllegalArgumentException(
- "UDP Encapsulation is not supported for this address family");
+ "UDP encapsulation socket and destination address families must match");
}
switch (config.getMode()) {
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 2371911..a570ab1 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -5580,14 +5580,14 @@
}
// Sent by KeepaliveTracker to process an app request on the state machine thread.
case NetworkAgent.CMD_STOP_SOCKET_KEEPALIVE: {
- NetworkAgentInfo nai = getNetworkAgentInfoForNetwork((Network) msg.obj);
- if (nai == null) {
- Log.e(TAG, "Attempt to stop keepalive on nonexistent network");
+ final AutomaticOnOffKeepalive ki = mKeepaliveTracker.getKeepaliveForBinder(
+ (IBinder) msg.obj);
+ if (ki == null) {
+ Log.e(TAG, "Attempt to stop an already stopped keepalive");
return;
}
- int slot = msg.arg1;
- int reason = msg.arg2;
- mKeepaliveTracker.handleStopKeepalive(nai, slot, reason);
+ final int reason = msg.arg2;
+ mKeepaliveTracker.handleStopKeepalive(ki, reason);
break;
}
case EVENT_REPORT_NETWORK_CONNECTIVITY: {
@@ -9870,9 +9870,10 @@
}
@Override
- public void stopKeepalive(Network network, int slot) {
+ public void stopKeepalive(@NonNull final ISocketKeepaliveCallback cb) {
mHandler.sendMessage(mHandler.obtainMessage(
- NetworkAgent.CMD_STOP_SOCKET_KEEPALIVE, slot, SocketKeepalive.SUCCESS, network));
+ NetworkAgent.CMD_STOP_SOCKET_KEEPALIVE, 0, SocketKeepalive.SUCCESS,
+ Objects.requireNonNull(cb).asBinder()));
}
@Override
diff --git a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
index 18e2dd8..8bfbcf7 100644
--- a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
+++ b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
@@ -54,6 +54,7 @@
import android.os.SystemClock;
import android.system.ErrnoException;
import android.system.Os;
+import android.system.OsConstants;
import android.system.StructTimeval;
import android.util.Log;
import android.util.SparseArray;
@@ -67,6 +68,7 @@
import com.android.net.module.util.HexDump;
import com.android.net.module.util.SocketUtils;
import com.android.net.module.util.netlink.InetDiagMessage;
+import com.android.net.module.util.netlink.NetlinkMessage;
import com.android.net.module.util.netlink.NetlinkUtils;
import com.android.net.module.util.netlink.StructNlAttr;
@@ -329,30 +331,6 @@
handleResumeKeepalive(newKi);
}
- // TODO : this method should be removed ; the keepalives should always be indexed by callback
- private int findAutomaticOnOffKeepaliveIndex(@NonNull Network network, int slot) {
- ensureRunningOnHandlerThread();
-
- int index = 0;
- for (AutomaticOnOffKeepalive ki : mAutomaticOnOffKeepalives) {
- if (ki.match(network, slot)) {
- return index;
- }
- index++;
- }
- return -1;
- }
-
- // TODO : this method should be removed ; the keepalives should always be indexed by callback
- @Nullable
- private AutomaticOnOffKeepalive findAutomaticOnOffKeepalive(@NonNull Network network,
- int slot) {
- ensureRunningOnHandlerThread();
-
- final int index = findAutomaticOnOffKeepaliveIndex(network, slot);
- return (index >= 0) ? mAutomaticOnOffKeepalives.get(index) : null;
- }
-
/**
* Find the AutomaticOnOffKeepalive associated with a given callback.
* @return the keepalive associated with this callback, or null if none
@@ -415,17 +393,12 @@
/**
* Handle stop keepalives on the specific network with given slot.
*/
- public void handleStopKeepalive(@NonNull NetworkAgentInfo nai, int slot, int reason) {
- final AutomaticOnOffKeepalive autoKi = findAutomaticOnOffKeepalive(nai.network, slot);
- if (null == autoKi) {
- Log.e(TAG, "Attempt to stop nonexistent keepalive " + slot + " on " + nai);
- return;
- }
-
+ public void handleStopKeepalive(@NonNull final AutomaticOnOffKeepalive autoKi, int reason) {
// Stop the keepalive unless it was suspended. This includes the case where it's managed
// but enabled, and the case where it's always on.
if (autoKi.mAutomaticOnOffState != STATE_SUSPENDED) {
- mKeepaliveTracker.handleStopKeepalive(nai, slot, reason);
+ final KeepaliveTracker.KeepaliveInfo ki = autoKi.mKi;
+ mKeepaliveTracker.handleStopKeepalive(ki.getNai(), ki.getSlot(), reason);
}
cleanupAutoOnOffKeepalive(autoKi);
@@ -599,6 +572,16 @@
bytes.position(startPos + SOCKDIAG_MSG_HEADER_SIZE);
if (isTargetTcpSocket(bytes, nlmsgLen, networkMark, networkMask)) {
+ if (Log.isLoggable(TAG, Log.DEBUG)) {
+ bytes.position(startPos);
+ final InetDiagMessage diagMsg = (InetDiagMessage) NetlinkMessage.parse(
+ bytes, OsConstants.NETLINK_INET_DIAG);
+ Log.d(TAG, String.format("Found open TCP connection by uid %d to %s"
+ + " cookie %d",
+ diagMsg.inetDiagMsg.idiag_uid,
+ diagMsg.inetDiagMsg.id.remSocketAddress,
+ diagMsg.inetDiagMsg.id.cookie));
+ }
return true;
}
}
diff --git a/service/src/com/android/server/connectivity/KeepaliveTracker.java b/service/src/com/android/server/connectivity/KeepaliveTracker.java
index 7cb613b..a512b7c 100644
--- a/service/src/com/android/server/connectivity/KeepaliveTracker.java
+++ b/service/src/com/android/server/connectivity/KeepaliveTracker.java
@@ -589,9 +589,9 @@
Log.d(TAG, "Started keepalive " + slot + " on " + nai.toShortString());
ki.mStartedState = KeepaliveInfo.STARTED;
try {
- ki.mCallback.onStarted(slot);
+ ki.mCallback.onStarted();
} catch (RemoteException e) {
- Log.w(TAG, "Discarded onStarted(" + slot + ") callback");
+ Log.w(TAG, "Discarded onStarted callback");
}
} else {
Log.d(TAG, "Failed to start keepalive " + slot + " on " + nai.toShortString()
diff --git a/tests/cts/net/native/dns/Android.bp b/tests/cts/net/native/dns/Android.bp
index 434e529..49b9337 100644
--- a/tests/cts/net/native/dns/Android.bp
+++ b/tests/cts/net/native/dns/Android.bp
@@ -24,6 +24,10 @@
"liblog",
"libutils",
],
+ static_libs: [
+ "libbase",
+ "libnetdutils",
+ ],
// To be compatible with Q devices, the min_sdk_version must be 29.
min_sdk_version: "29",
}
diff --git a/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp b/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp
index e501475..68bd227 100644
--- a/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp
+++ b/tests/cts/net/native/dns/NativeDnsAsyncTest.cpp
@@ -28,6 +28,7 @@
#include <android/multinetwork.h>
#include <gtest/gtest.h>
+#include <netdutils/NetNativeTestBase.h>
namespace {
constexpr int MAXPACKET = 8 * 1024;
@@ -101,7 +102,9 @@
} // namespace
-TEST (NativeDnsAsyncTest, Async_Query) {
+class NativeDnsAsyncTest : public NetNativeTestBase {};
+
+TEST_F(NativeDnsAsyncTest, Async_Query) {
// V4
int fd1 = android_res_nquery(
NETWORK_UNSPECIFIED, "www.google.com", ns_c_in, ns_t_a, 0);
@@ -123,7 +126,7 @@
expectAnswersValid(fd1, AF_INET6, ns_r_noerror);
}
-TEST (NativeDnsAsyncTest, Async_Send) {
+TEST_F(NativeDnsAsyncTest, Async_Send) {
// V4
uint8_t buf1[MAXPACKET] = {};
int len1 = res_mkquery(ns_o_query, "www.googleapis.com",
@@ -162,7 +165,7 @@
expectAnswersValid(fd1, AF_INET6, ns_r_noerror);
}
-TEST (NativeDnsAsyncTest, Async_NXDOMAIN) {
+TEST_F(NativeDnsAsyncTest, Async_NXDOMAIN) {
uint8_t buf[MAXPACKET] = {};
int len = res_mkquery(ns_o_query, "test1-nx.metric.gstatic.com",
ns_c_in, ns_t_a, nullptr, 0, nullptr, buf, sizeof(buf));
@@ -191,7 +194,7 @@
expectAnswersValid(fd1, AF_INET6, ns_r_nxdomain);
}
-TEST (NativeDnsAsyncTest, Async_Cancel) {
+TEST_F(NativeDnsAsyncTest, Async_Cancel) {
int fd = android_res_nquery(
NETWORK_UNSPECIFIED, "www.google.com", ns_c_in, ns_t_a, 0);
errno = 0;
@@ -202,7 +205,7 @@
// otherwise it will hit fdsan double-close fd.
}
-TEST (NativeDnsAsyncTest, Async_Query_MALFORMED) {
+TEST_F(NativeDnsAsyncTest, Async_Query_MALFORMED) {
// Empty string to create BLOB and query, we will get empty result and rcode = 0
// on DNSTLS.
int fd = android_res_nquery(
@@ -221,7 +224,7 @@
EXPECT_EQ(-EMSGSIZE, fd);
}
-TEST (NativeDnsAsyncTest, Async_Send_MALFORMED) {
+TEST_F(NativeDnsAsyncTest, Async_Send_MALFORMED) {
uint8_t buf[10] = {};
// empty BLOB
int fd = android_res_nsend(NETWORK_UNSPECIFIED, buf, 10, 0);
diff --git a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
index 8234ec1..4fa0080 100644
--- a/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/IpSecManagerTest.java
@@ -16,6 +16,7 @@
package android.net.cts;
+import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.net.IpSecAlgorithm.AUTH_AES_CMAC;
import static android.net.IpSecAlgorithm.AUTH_AES_XCBC;
import static android.net.IpSecAlgorithm.AUTH_CRYPT_AES_GCM;
@@ -52,7 +53,9 @@
import static com.android.compatibility.common.util.PropertyUtil.getFirstApiLevel;
import static com.android.compatibility.common.util.PropertyUtil.getVendorApiLevel;
+import static com.android.testutils.DeviceInfoUtils.isKernelVersionAtLeast;
import static com.android.testutils.MiscAsserts.assertThrows;
+import static com.android.testutils.TestPermissionUtil.runAsShell;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
@@ -62,6 +65,8 @@
import android.net.IpSecAlgorithm;
import android.net.IpSecManager;
+import android.net.IpSecManager.SecurityParameterIndex;
+import android.net.IpSecManager.UdpEncapsulationSocket;
import android.net.IpSecTransform;
import android.net.TrafficStats;
import android.os.Build;
@@ -73,6 +78,7 @@
import androidx.test.InstrumentationRegistry;
import androidx.test.runner.AndroidJUnit4;
+import com.android.modules.utils.build.SdkLevel;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
@@ -120,7 +126,7 @@
@Test
public void testAllocSpi() throws Exception {
for (InetAddress addr : GOOGLE_DNS_LIST) {
- IpSecManager.SecurityParameterIndex randomSpi = null, droidSpi = null;
+ SecurityParameterIndex randomSpi, droidSpi;
randomSpi = mISM.allocateSecurityParameterIndex(addr);
assertTrue(
"Failed to receive a valid SPI",
@@ -258,6 +264,24 @@
accepted.close();
}
+ private IpSecTransform buildTransportModeTransform(
+ SecurityParameterIndex spi, InetAddress localAddr,
+ UdpEncapsulationSocket encapSocket)
+ throws Exception {
+ final IpSecTransform.Builder builder =
+ new IpSecTransform.Builder(InstrumentationRegistry.getContext())
+ .setEncryption(new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY))
+ .setAuthentication(
+ new IpSecAlgorithm(
+ IpSecAlgorithm.AUTH_HMAC_SHA256,
+ AUTH_KEY,
+ AUTH_KEY.length * 8));
+ if (encapSocket != null) {
+ builder.setIpv4Encapsulation(encapSocket, encapSocket.getPort());
+ }
+ return builder.buildTransportModeTransform(localAddr, spi);
+ }
+
/*
* Alloc outbound SPI
* Alloc inbound SPI
@@ -268,21 +292,8 @@
* release transform
* send data (expect exception)
*/
- @Test
- public void testCreateTransform() throws Exception {
- InetAddress localAddr = InetAddress.getByName(IPV4_LOOPBACK);
- IpSecManager.SecurityParameterIndex spi =
- mISM.allocateSecurityParameterIndex(localAddr);
-
- IpSecTransform transform =
- new IpSecTransform.Builder(InstrumentationRegistry.getContext())
- .setEncryption(new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY))
- .setAuthentication(
- new IpSecAlgorithm(
- IpSecAlgorithm.AUTH_HMAC_SHA256,
- AUTH_KEY,
- AUTH_KEY.length * 8))
- .buildTransportModeTransform(localAddr, spi);
+ private void doTestCreateTransform(String loopbackAddrString, boolean encap) throws Exception {
+ InetAddress localAddr = InetAddress.getByName(loopbackAddrString);
final boolean [][] applyInApplyOut = {
{false, false}, {false, true}, {true, false}, {true,true}};
@@ -291,50 +302,93 @@
byte[] in = new byte[data.length];
DatagramPacket inPacket = new DatagramPacket(in, in.length);
- DatagramSocket localSocket;
int localPort;
for(boolean[] io : applyInApplyOut) {
boolean applyIn = io[0];
boolean applyOut = io[1];
- // Bind localSocket to a random available port.
- localSocket = new DatagramSocket(0);
- localPort = localSocket.getLocalPort();
- localSocket.setSoTimeout(200);
- outPacket.setPort(localPort);
- if (applyIn) {
- mISM.applyTransportModeTransform(
- localSocket, IpSecManager.DIRECTION_IN, transform);
- }
- if (applyOut) {
- mISM.applyTransportModeTransform(
- localSocket, IpSecManager.DIRECTION_OUT, transform);
- }
- if (applyIn == applyOut) {
- localSocket.send(outPacket);
- localSocket.receive(inPacket);
- assertTrue("Encapsulated data did not match.",
- Arrays.equals(outPacket.getData(), inPacket.getData()));
- mISM.removeTransportModeTransforms(localSocket);
- localSocket.close();
- } else {
- try {
+ try (
+ SecurityParameterIndex spi = mISM.allocateSecurityParameterIndex(localAddr);
+ UdpEncapsulationSocket encapSocket = encap
+ ? getPrivilegedUdpEncapSocket(/*ipv6=*/ localAddr instanceof Inet6Address)
+ : null;
+ IpSecTransform transform = buildTransportModeTransform(spi, localAddr,
+ encapSocket);
+ // Bind localSocket to a random available port.
+ DatagramSocket localSocket = new DatagramSocket(0);
+ ) {
+ localPort = localSocket.getLocalPort();
+ localSocket.setSoTimeout(200);
+ outPacket.setPort(localPort);
+ if (applyIn) {
+ mISM.applyTransportModeTransform(
+ localSocket, IpSecManager.DIRECTION_IN, transform);
+ }
+ if (applyOut) {
+ mISM.applyTransportModeTransform(
+ localSocket, IpSecManager.DIRECTION_OUT, transform);
+ }
+ if (applyIn == applyOut) {
localSocket.send(outPacket);
localSocket.receive(inPacket);
- } catch (IOException e) {
- continue;
- } finally {
+ assertTrue("Encrypted data did not match.",
+ Arrays.equals(outPacket.getData(), inPacket.getData()));
mISM.removeTransportModeTransforms(localSocket);
- localSocket.close();
+ } else {
+ try {
+ localSocket.send(outPacket);
+ localSocket.receive(inPacket);
+ } catch (IOException e) {
+ continue;
+ } finally {
+ mISM.removeTransportModeTransforms(localSocket);
+ }
+ // FIXME: This check is disabled because sockets currently receive data
+ // if there is a valid SA for decryption, even when the input policy is
+ // not applied to a socket.
+ // fail("Data IO should fail on asymmetrical transforms! + Input="
+ // + applyIn + " Output=" + applyOut);
}
- // FIXME: This check is disabled because sockets currently receive data
- // if there is a valid SA for decryption, even when the input policy is
- // not applied to a socket.
- // fail("Data IO should fail on asymmetrical transforms! + Input="
- // + applyIn + " Output=" + applyOut);
}
}
- transform.close();
+ }
+
+ private UdpEncapsulationSocket getPrivilegedUdpEncapSocket(boolean ipv6) throws Exception {
+ return runAsShell(NETWORK_SETTINGS, () -> {
+ if (ipv6) {
+ return mISM.openUdpEncapsulationSocket(65536);
+ } else {
+ // Can't pass 0 to IpSecManager#openUdpEncapsulationSocket(int).
+ return mISM.openUdpEncapsulationSocket();
+ }
+ });
+ }
+
+ private void assumeExperimentalIpv6UdpEncapSupported() throws Exception {
+ assumeTrue("Not supported before U", SdkLevel.isAtLeastU());
+ assumeTrue("Not supported by kernel", isKernelVersionAtLeast("5.15.31")
+ || (isKernelVersionAtLeast("5.10.108") && !isKernelVersionAtLeast("5.15.0")));
+ }
+
+ @Test
+ public void testCreateTransformIpv4() throws Exception {
+ doTestCreateTransform(IPV4_LOOPBACK, false);
+ }
+
+ @Test
+ public void testCreateTransformIpv6() throws Exception {
+ doTestCreateTransform(IPV6_LOOPBACK, false);
+ }
+
+ @Test
+ public void testCreateTransformIpv4Encap() throws Exception {
+ doTestCreateTransform(IPV4_LOOPBACK, true);
+ }
+
+ @Test
+ public void testCreateTransformIpv6Encap() throws Exception {
+ assumeExperimentalIpv6UdpEncapSupported();
+ doTestCreateTransform(IPV6_LOOPBACK, true);
}
/** Snapshot of TrafficStats as of initStatsChecker call for later comparisons */
@@ -503,8 +557,8 @@
StatsChecker.initStatsChecker();
InetAddress local = InetAddress.getByName(localAddress);
- try (IpSecManager.UdpEncapsulationSocket encapSocket = mISM.openUdpEncapsulationSocket();
- IpSecManager.SecurityParameterIndex spi =
+ try (UdpEncapsulationSocket encapSocket = mISM.openUdpEncapsulationSocket();
+ SecurityParameterIndex spi =
mISM.allocateSecurityParameterIndex(local)) {
IpSecTransform.Builder transformBuilder =
@@ -656,7 +710,7 @@
public void testIkeOverUdpEncapSocket() throws Exception {
// IPv6 not supported for UDP-encap-ESP
InetAddress local = InetAddress.getByName(IPV4_LOOPBACK);
- try (IpSecManager.UdpEncapsulationSocket encapSocket = mISM.openUdpEncapsulationSocket()) {
+ try (UdpEncapsulationSocket encapSocket = mISM.openUdpEncapsulationSocket()) {
NativeUdpSocket wrappedEncapSocket =
new NativeUdpSocket(encapSocket.getFileDescriptor());
checkIkePacket(wrappedEncapSocket, local);
@@ -665,7 +719,7 @@
IpSecAlgorithm crypt = new IpSecAlgorithm(IpSecAlgorithm.CRYPT_AES_CBC, CRYPT_KEY);
IpSecAlgorithm auth = new IpSecAlgorithm(IpSecAlgorithm.AUTH_HMAC_MD5, getKey(128), 96);
- try (IpSecManager.SecurityParameterIndex spi =
+ try (SecurityParameterIndex spi =
mISM.allocateSecurityParameterIndex(local);
IpSecTransform transform =
new IpSecTransform.Builder(InstrumentationRegistry.getContext())
@@ -1498,7 +1552,7 @@
@Test
public void testOpenUdpEncapSocketSpecificPort() throws Exception {
- IpSecManager.UdpEncapsulationSocket encapSocket = null;
+ UdpEncapsulationSocket encapSocket = null;
int port = -1;
for (int i = 0; i < MAX_PORT_BIND_ATTEMPTS; i++) {
try {
@@ -1527,7 +1581,7 @@
@Test
public void testOpenUdpEncapSocketRandomPort() throws Exception {
- try (IpSecManager.UdpEncapsulationSocket encapSocket = mISM.openUdpEncapsulationSocket()) {
+ try (UdpEncapsulationSocket encapSocket = mISM.openUdpEncapsulationSocket()) {
assertTrue("Returned invalid port", encapSocket.getPort() != 0);
}
}
diff --git a/tests/unit/java/com/android/server/IpSecServiceTest.java b/tests/unit/java/com/android/server/IpSecServiceTest.java
index 6955620..4b6857c 100644
--- a/tests/unit/java/com/android/server/IpSecServiceTest.java
+++ b/tests/unit/java/com/android/server/IpSecServiceTest.java
@@ -82,7 +82,7 @@
private static final int MAX_NUM_ENCAP_SOCKETS = 100;
private static final int MAX_NUM_SPIS = 100;
private static final int TEST_UDP_ENCAP_INVALID_PORT = 100;
- private static final int TEST_UDP_ENCAP_PORT_OUT_RANGE = 100000;
+ private static final int TEST_UDP_ENCAP_PORT_OUT_RANGE = 200000;
private static final InetAddress INADDR_ANY;
diff --git a/tools/gn2bp/Android.bp.swp b/tools/gn2bp/Android.bp.swp
index 9f34b06..9cc72a1 100644
--- a/tools/gn2bp/Android.bp.swp
+++ b/tools/gn2bp/Android.bp.swp
@@ -10821,15 +10821,11 @@
"SPDX-license-identifier-Apache-2.0",
"SPDX-license-identifier-BSD",
"SPDX-license-identifier-BSL-1.0",
- "SPDX-license-identifier-GPL",
- "SPDX-license-identifier-GPL-2.0",
- "SPDX-license-identifier-GPL-3.0",
"SPDX-license-identifier-ICU",
"SPDX-license-identifier-ISC",
- "SPDX-license-identifier-LGPL",
- "SPDX-license-identifier-LGPL-2.1",
"SPDX-license-identifier-MIT",
"SPDX-license-identifier-MPL",
+ "SPDX-license-identifier-MPL-1.1",
"SPDX-license-identifier-MPL-2.0",
"SPDX-license-identifier-NCSA",
"SPDX-license-identifier-OpenSSL",
diff --git a/tools/gn2bp/gen_android_bp b/tools/gn2bp/gen_android_bp
index 9d2d858..d8bc116 100755
--- a/tools/gn2bp/gen_android_bp
+++ b/tools/gn2bp/gen_android_bp
@@ -1667,24 +1667,20 @@
def create_license_module(blueprint):
module = Module("license", "external_cronet_license", "LICENSE")
module.license_kinds.update({
- 'SPDX-license-identifier-LGPL-2.1',
- 'SPDX-license-identifier-GPL-2.0',
'SPDX-license-identifier-MPL',
+ 'SPDX-license-identifier-MPL-1.1',
'SPDX-license-identifier-ISC',
- 'SPDX-license-identifier-GPL',
'SPDX-license-identifier-AFL-2.0',
'SPDX-license-identifier-MPL-2.0',
'SPDX-license-identifier-BSD',
'SPDX-license-identifier-Apache-2.0',
'SPDX-license-identifier-BSL-1.0',
- 'SPDX-license-identifier-LGPL',
- 'SPDX-license-identifier-GPL-3.0',
'SPDX-license-identifier-Unicode-DFS',
'SPDX-license-identifier-NCSA',
'SPDX-license-identifier-OpenSSL',
'SPDX-license-identifier-MIT',
"SPDX-license-identifier-ICU",
- 'legacy_unencumbered', # public domain
+ 'legacy_unencumbered',
})
module.license_text.update({
"LICENSE",