Merge changes I31885637,I68943651
* changes:
ethernet: rename restart() to maybeRestart()
ethernet: remove IpClient null check before restart
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 4d3ecdf..34646e2 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -58,17 +58,6 @@
]
},
{
- "name": "CtsNetTestCasesMaxTargetSdk33",
- "options": [
- {
- "exclude-annotation": "com.android.testutils.SkipPresubmit"
- },
- {
- "exclude-annotation": "androidx.test.filters.RequiresDevice"
- }
- ]
- },
- {
"name": "bpf_existence_test"
},
{
@@ -154,17 +143,6 @@
}
]
},
- {
- "name": "CtsNetTestCasesMaxTargetSdk33[CaptivePortalLoginGoogle.apk+NetworkStackGoogle.apk+com.google.android.resolv.apex+com.google.android.tethering.apex]",
- "options": [
- {
- "exclude-annotation": "com.android.testutils.SkipPresubmit"
- },
- {
- "exclude-annotation": "androidx.test.filters.RequiresDevice"
- }
- ]
- },
// Test with APK modules only, in cases where APEX is not supported, or the other modules
// were simply not updated
{
diff --git a/Tethering/src/android/net/ip/RouterAdvertisementDaemon.java b/Tethering/src/android/net/ip/RouterAdvertisementDaemon.java
index c452e55..775c36f 100644
--- a/Tethering/src/android/net/ip/RouterAdvertisementDaemon.java
+++ b/Tethering/src/android/net/ip/RouterAdvertisementDaemon.java
@@ -88,13 +88,13 @@
private static final int MIN_RTR_ADV_INTERVAL_SEC = 300;
private static final int MAX_RTR_ADV_INTERVAL_SEC = 600;
// In general, router, prefix, and DNS lifetimes are all advised to be
- // greater than or equal to 3 * MAX_RTR_ADV_INTERVAL. Here, we double
+ // greater than or equal to 3 * MAX_RTR_ADV_INTERVAL. Here, we quadruple
// that to allow for multicast packet loss.
//
// This MAX_RTR_ADV_INTERVAL_SEC and DEFAULT_LIFETIME are also consistent
// with the https://tools.ietf.org/html/rfc7772#section-4 discussion of
// "approximately 7 RAs per hour".
- private static final int DEFAULT_LIFETIME = 6 * MAX_RTR_ADV_INTERVAL_SEC;
+ private static final int DEFAULT_LIFETIME = 12 * MAX_RTR_ADV_INTERVAL_SEC;
// From https://tools.ietf.org/html/rfc4861#section-10 .
private static final int MIN_DELAY_BETWEEN_RAS_SEC = 3;
// Both initial and final RAs, but also for changes in RA contents.
diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
index 9d3d7c1..7cef58b 100644
--- a/framework/src/android/net/ConnectivityManager.java
+++ b/framework/src/android/net/ConnectivityManager.java
@@ -6036,6 +6036,30 @@
}
/**
+ * Get firewall rule of specified firewall chain on specified uid.
+ *
+ * @param chain target chain.
+ * @param uid target uid
+ * @return either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY
+ * @throws UnsupportedOperationException if called on pre-T devices.
+ * @throws ServiceSpecificException in case of failure, with an error code indicating the
+ * cause of the failure.
+ * @hide
+ */
+ @RequiresPermission(anyOf = {
+ android.Manifest.permission.NETWORK_SETTINGS,
+ android.Manifest.permission.NETWORK_STACK,
+ NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
+ })
+ public int getUidFirewallRule(@FirewallChain final int chain, final int uid) {
+ try {
+ return mService.getUidFirewallRule(chain, uid);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+
+ /**
* Enables or disables the specified firewall chain.
*
* @param chain target chain.
diff --git a/framework/src/android/net/IConnectivityManager.aidl b/framework/src/android/net/IConnectivityManager.aidl
index db001f9..1372e9a 100644
--- a/framework/src/android/net/IConnectivityManager.aidl
+++ b/framework/src/android/net/IConnectivityManager.aidl
@@ -242,6 +242,8 @@
void setUidFirewallRule(int chain, int uid, int rule);
+ int getUidFirewallRule(int chain, int uid);
+
void setFirewallChainEnabled(int chain, boolean enable);
boolean getFirewallChainEnabled(int chain);
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index 1606fd0..2346244 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -2423,20 +2423,41 @@
xtTotal = mXtRecorder.getTotalSinceBootLocked(template);
uidTotal = mUidRecorder.getTotalSinceBootLocked(template);
- EventLog.writeEvent(LOG_TAG_NETSTATS_MOBILE_SAMPLE,
- xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
- uidTotal.rxBytes, uidTotal.rxPackets, uidTotal.txBytes, uidTotal.txPackets,
- currentTime);
+ if (SdkLevel.isAtLeastU()) {
+ EventLog.writeEvent(LOG_TAG_NETSTATS_MOBILE_SAMPLE,
+ xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
+ uidTotal.rxBytes, uidTotal.rxPackets, uidTotal.txBytes, uidTotal.txPackets,
+ currentTime);
+ } else {
+ // To keep the format of event log, here replaces the value of DevRecorder with the
+ // value of XtRecorder because they have the same content in old design.
+ EventLog.writeEvent(LOG_TAG_NETSTATS_MOBILE_SAMPLE,
+ xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
+ xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
+ uidTotal.rxBytes, uidTotal.rxPackets, uidTotal.txBytes, uidTotal.txPackets,
+ currentTime);
+ }
// collect wifi sample
template = new NetworkTemplate.Builder(MATCH_WIFI).build();
xtTotal = mXtRecorder.getTotalSinceBootLocked(template);
uidTotal = mUidRecorder.getTotalSinceBootLocked(template);
- EventLog.writeEvent(LOG_TAG_NETSTATS_WIFI_SAMPLE,
- xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
- uidTotal.rxBytes, uidTotal.rxPackets, uidTotal.txBytes, uidTotal.txPackets,
- currentTime);
+ if (SdkLevel.isAtLeastU()) {
+ EventLog.writeEvent(LOG_TAG_NETSTATS_WIFI_SAMPLE,
+ xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
+ uidTotal.rxBytes, uidTotal.rxPackets, uidTotal.txBytes, uidTotal.txPackets,
+ currentTime);
+ } else {
+ // To keep the format of event log, here replaces the value of DevRecorder with the
+ // value of XtRecorder because they have the same content in old design.
+ EventLog.writeEvent(LOG_TAG_NETSTATS_WIFI_SAMPLE,
+ xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
+ xtTotal.rxBytes, xtTotal.rxPackets, xtTotal.txBytes, xtTotal.txPackets,
+ uidTotal.rxBytes, uidTotal.rxPackets, uidTotal.txBytes, uidTotal.txPackets,
+ currentTime);
+
+ }
}
// deleteKernelTagData can ignore ENOENT; otherwise we should log an error
diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index 26ec37a..b4fce37 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java
@@ -721,6 +721,31 @@
}
/**
+ * Get firewall rule of specified firewall chain on specified uid.
+ *
+ * @param childChain target chain
+ * @param uid target uid
+ * @return either FIREWALL_RULE_ALLOW or FIREWALL_RULE_DENY
+ * @throws UnsupportedOperationException if called on pre-T devices.
+ * @throws ServiceSpecificException in case of failure, with an error code indicating the
+ * cause of the failure.
+ */
+ public int getUidRule(final int childChain, final int uid) {
+ throwIfPreT("isUidChainEnabled is not available on pre-T devices");
+
+ final long match = getMatchByFirewallChain(childChain);
+ final boolean isAllowList = isFirewallAllowList(childChain);
+ try {
+ final UidOwnerValue uidMatch = sUidOwnerMap.getValue(new S32(uid));
+ final boolean isMatchEnabled = uidMatch != null && (uidMatch.rule & match) != 0;
+ return isMatchEnabled == isAllowList ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY;
+ } catch (ErrnoException e) {
+ throw new ServiceSpecificException(e.errno,
+ "Unable to get uid rule status: " + Os.strerror(e.errno));
+ }
+ }
+
+ /**
* Add ingress interface filtering rules to a list of UIDs
*
* For a given uid, once a filtering rule is added, the kernel will only allow packets from the
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 26335c9..394292e 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -11747,6 +11747,12 @@
}
}
+ @Override
+ public int getUidFirewallRule(final int chain, final int uid) {
+ enforceNetworkStackOrSettingsPermission();
+ return mBpfNetMaps.getUidRule(chain, uid);
+ }
+
private int getFirewallRuleType(int chain, int rule) {
final int defaultRule;
switch (chain) {
diff --git a/tests/cts/net/Android.bp b/tests/cts/net/Android.bp
index f9fe5b0..23cb15c 100644
--- a/tests/cts/net/Android.bp
+++ b/tests/cts/net/Android.bp
@@ -114,39 +114,34 @@
],
}
-java_defaults {
- name: "CtsNetTestCasesMaxTargetSdkDefaults",
+android_test {
+ name: "CtsNetTestCasesMaxTargetSdk31", // Must match CtsNetTestCasesMaxTargetSdk31 annotation.
defaults: [
"CtsNetTestCasesDefaults",
"CtsNetTestCasesApiStableDefaults",
],
+ target_sdk_version: "31",
+ package_name: "android.net.cts.maxtargetsdk31", // CTS package names must be unique.
+ instrumentation_target_package: "android.net.cts.maxtargetsdk31",
test_suites: [
"cts",
"general-tests",
- "mts-tethering",
+ "mts-networking",
],
}
android_test {
- name: "CtsNetTestCasesMaxTargetSdk33", // Must match CtsNetTestCasesMaxTargetSdk33 annotation.
- defaults: ["CtsNetTestCasesMaxTargetSdkDefaults"],
- target_sdk_version: "33",
- package_name: "android.net.cts.maxtargetsdk33",
- instrumentation_target_package: "android.net.cts.maxtargetsdk33",
-}
-
-android_test {
- name: "CtsNetTestCasesMaxTargetSdk31", // Must match CtsNetTestCasesMaxTargetSdk31 annotation.
- defaults: ["CtsNetTestCasesMaxTargetSdkDefaults"],
- target_sdk_version: "31",
- package_name: "android.net.cts.maxtargetsdk31", // CTS package names must be unique.
- instrumentation_target_package: "android.net.cts.maxtargetsdk31",
-}
-
-android_test {
name: "CtsNetTestCasesMaxTargetSdk30", // Must match CtsNetTestCasesMaxTargetSdk30 annotation.
- defaults: ["CtsNetTestCasesMaxTargetSdkDefaults"],
+ defaults: [
+ "CtsNetTestCasesDefaults",
+ "CtsNetTestCasesApiStableDefaults",
+ ],
target_sdk_version: "30",
package_name: "android.net.cts.maxtargetsdk30", // CTS package names must be unique.
instrumentation_target_package: "android.net.cts.maxtargetsdk30",
+ test_suites: [
+ "cts",
+ "general-tests",
+ "mts-networking",
+ ],
}
diff --git a/tests/cts/net/src/android/net/cts/NsdManagerTest.kt b/tests/cts/net/src/android/net/cts/NsdManagerTest.kt
index 562e2c6..093c7f8 100644
--- a/tests/cts/net/src/android/net/cts/NsdManagerTest.kt
+++ b/tests/cts/net/src/android/net/cts/NsdManagerTest.kt
@@ -20,8 +20,6 @@
import android.net.ConnectivityManager
import android.net.ConnectivityManager.NetworkCallback
import android.net.LinkProperties
-import android.net.LocalSocket
-import android.net.LocalSocketAddress
import android.net.Network
import android.net.NetworkAgentConfig
import android.net.NetworkCapabilities
@@ -65,7 +63,6 @@
import android.util.Log
import androidx.test.platform.app.InstrumentationRegistry
import androidx.test.runner.AndroidJUnit4
-import com.android.compatibility.common.util.PollingCheck
import com.android.net.module.util.ArrayTrackRecord
import com.android.net.module.util.TrackRecord
import com.android.networkstack.apishim.NsdShimImpl
@@ -75,12 +72,10 @@
import com.android.testutils.TestableNetworkAgent
import com.android.testutils.TestableNetworkCallback
import com.android.testutils.filters.CtsNetTestCasesMaxTargetSdk30
-import com.android.testutils.filters.CtsNetTestCasesMaxTargetSdk33
import com.android.testutils.runAsShell
import com.android.testutils.tryTest
import com.android.testutils.waitForIdle
import java.io.File
-import java.io.IOException
import java.net.ServerSocket
import java.nio.charset.StandardCharsets
import java.util.Random
@@ -768,65 +763,6 @@
}
}
- private fun checkConnectSocketToMdnsd(shouldFail: Boolean) {
- val discoveryRecord = NsdDiscoveryRecord()
- val localSocket = LocalSocket()
- tryTest {
- // Discover any service from NsdManager to enforce NsdService to start the mdnsd.
- nsdManager.discoverServices(serviceType, NsdManager.PROTOCOL_DNS_SD, discoveryRecord)
- discoveryRecord.expectCallback<DiscoveryStarted>()
-
- // Checks the /dev/socket/mdnsd is created.
- val socket = File("/dev/socket/mdnsd")
- val doesSocketExist = PollingCheck.waitFor(
- TIMEOUT_MS,
- {
- socket.exists()
- },
- { isSocketExist ->
- isSocketExist
- },
- )
-
- // If the socket is not created, then no need to check the access.
- if (doesSocketExist) {
- // Create a LocalSocket and try to connect to mdnsd.
- assertFalse("LocalSocket is connected.", localSocket.isConnected)
- val address = LocalSocketAddress("mdnsd", LocalSocketAddress.Namespace.RESERVED)
- if (shouldFail) {
- assertFailsWith<IOException>("Expect fail but socket connected") {
- localSocket.connect(address)
- }
- } else {
- localSocket.connect(address)
- assertTrue("LocalSocket is not connected.", localSocket.isConnected)
- }
- }
- } cleanup {
- localSocket.close()
- nsdManager.stopServiceDiscovery(discoveryRecord)
- discoveryRecord.expectCallback<DiscoveryStopped>()
- }
- }
-
- /**
- * Starting from Android U, the access to the /dev/socket/mdnsd is blocked by the
- * sepolicy(b/265364111).
- */
- @DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.TIRAMISU)
- @Test
- fun testCannotConnectSocketToMdnsd() {
- val targetSdkVersion = context.packageManager
- .getTargetSdkVersion(context.applicationInfo.packageName)
- assumeTrue(targetSdkVersion > Build.VERSION_CODES.TIRAMISU)
- checkConnectSocketToMdnsd(shouldFail = true)
- }
-
- @Test @CtsNetTestCasesMaxTargetSdk33("mdnsd socket is accessible up to target SDK 33")
- fun testCanConnectSocketToMdnsd() {
- checkConnectSocketToMdnsd(shouldFail = false)
- }
-
@Test @CtsNetTestCasesMaxTargetSdk30("Socket is started with the service up to target SDK 30")
fun testManagerCreatesLegacySocket() {
nsdManager // Ensure the lazy-init member is initialized, so NsdManager is created
diff --git a/tests/unit/java/com/android/server/BpfNetMapsTest.java b/tests/unit/java/com/android/server/BpfNetMapsTest.java
index 0e17cd7..d189848 100644
--- a/tests/unit/java/com/android/server/BpfNetMapsTest.java
+++ b/tests/unit/java/com/android/server/BpfNetMapsTest.java
@@ -690,6 +690,80 @@
mBpfNetMaps.setUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, FIREWALL_RULE_ALLOW));
}
+ private void doTestGetUidRule(final List<Integer> enableChains) throws Exception {
+ mUidOwnerMap.updateEntry(new S32(TEST_UID), new UidOwnerValue(0, getMatch(enableChains)));
+
+ for (final int chain: FIREWALL_CHAINS) {
+ final String testCase = "EnabledChains: " + enableChains + " CheckedChain: " + chain;
+ if (enableChains.contains(chain)) {
+ final int expectedRule = mBpfNetMaps.isFirewallAllowList(chain)
+ ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY;
+ assertEquals(testCase, expectedRule, mBpfNetMaps.getUidRule(chain, TEST_UID));
+ } else {
+ final int expectedRule = mBpfNetMaps.isFirewallAllowList(chain)
+ ? FIREWALL_RULE_DENY : FIREWALL_RULE_ALLOW;
+ assertEquals(testCase, expectedRule, mBpfNetMaps.getUidRule(chain, TEST_UID));
+ }
+ }
+ }
+
+ private void doTestGetUidRule(final int enableChain) throws Exception {
+ doTestGetUidRule(List.of(enableChain));
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testGetUidRule() throws Exception {
+ doTestGetUidRule(FIREWALL_CHAIN_DOZABLE);
+ doTestGetUidRule(FIREWALL_CHAIN_STANDBY);
+ doTestGetUidRule(FIREWALL_CHAIN_POWERSAVE);
+ doTestGetUidRule(FIREWALL_CHAIN_RESTRICTED);
+ doTestGetUidRule(FIREWALL_CHAIN_LOW_POWER_STANDBY);
+ doTestGetUidRule(FIREWALL_CHAIN_OEM_DENY_1);
+ doTestGetUidRule(FIREWALL_CHAIN_OEM_DENY_2);
+ doTestGetUidRule(FIREWALL_CHAIN_OEM_DENY_3);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testGetUidRuleMultipleChainEnabled() throws Exception {
+ doTestGetUidRule(List.of(
+ FIREWALL_CHAIN_DOZABLE,
+ FIREWALL_CHAIN_STANDBY));
+ doTestGetUidRule(List.of(
+ FIREWALL_CHAIN_DOZABLE,
+ FIREWALL_CHAIN_STANDBY,
+ FIREWALL_CHAIN_POWERSAVE,
+ FIREWALL_CHAIN_RESTRICTED));
+ doTestGetUidRule(FIREWALL_CHAINS);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testGetUidRuleNoEntry() throws Exception {
+ mUidOwnerMap.clear();
+ for (final int chain: FIREWALL_CHAINS) {
+ final int expectedRule = mBpfNetMaps.isFirewallAllowList(chain)
+ ? FIREWALL_RULE_DENY : FIREWALL_RULE_ALLOW;
+ assertEquals(expectedRule, mBpfNetMaps.getUidRule(chain, TEST_UID));
+ }
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testGetUidRuleInvalidChain() {
+ final Class<ServiceSpecificException> expected = ServiceSpecificException.class;
+ assertThrows(expected, () -> mBpfNetMaps.getUidRule(-1 /* childChain */, TEST_UID));
+ assertThrows(expected, () -> mBpfNetMaps.getUidRule(1000 /* childChain */, TEST_UID));
+ }
+
+ @Test
+ @IgnoreAfter(Build.VERSION_CODES.S_V2)
+ public void testGetUidRuleBeforeT() {
+ assertThrows(UnsupportedOperationException.class,
+ () -> mBpfNetMaps.getUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID));
+ }
+
@Test
@IgnoreUpTo(Build.VERSION_CODES.S_V2)
public void testReplaceUidChain() throws Exception {