Merge "clat: make sure the tun device doesn't yet exist"
diff --git a/Cronet/tests/mts/Android.bp b/Cronet/tests/mts/Android.bp
index 8fec6f3..d13f695 100644
--- a/Cronet/tests/mts/Android.bp
+++ b/Cronet/tests/mts/Android.bp
@@ -19,6 +19,7 @@
java_genrule {
name: "net-http-test-jarjar-rules",
+ defaults: ["CronetTestJavaDefaults"],
tool_files: [
":NetHttpTestsLibPreJarJar{.jar}",
"jarjar_excludes.txt",
@@ -36,6 +37,7 @@
android_library {
name: "NetHttpTestsLibPreJarJar",
+ defaults: ["CronetTestJavaDefaults"],
srcs: [":cronet_aml_javatests_sources"],
sdk_version: "module_current",
min_sdk_version: "30",
@@ -47,9 +49,7 @@
],
libs: [
"android.test.base",
- // Needed for direct access to tethering's hidden apis and to avoid `symbol not found`
- // errors on some builds.
- "framework-tethering.impl",
+ "framework-tethering-pre-jarjar",
// android.net.Network apis
"framework-connectivity",
// android.net.TrafficStats apis
diff --git a/Tethering/Android.bp b/Tethering/Android.bp
index 8810a8c..83ca2b7 100644
--- a/Tethering/Android.bp
+++ b/Tethering/Android.bp
@@ -250,6 +250,9 @@
// e.g. *classpath_fragments.
"com.android.tethering",
],
+ native_shared_libs: [
+ "libnetd_updatable",
+ ],
}
java_library_static {
diff --git a/Tethering/common/TetheringLib/Android.bp b/Tethering/common/TetheringLib/Android.bp
index 74170cb..4f95bdd 100644
--- a/Tethering/common/TetheringLib/Android.bp
+++ b/Tethering/common/TetheringLib/Android.bp
@@ -54,7 +54,6 @@
"//packages/modules/CaptivePortalLogin/tests",
"//packages/modules/Connectivity/Tethering/tests:__subpackages__",
"//packages/modules/Connectivity/tests:__subpackages__",
- "//packages/modules/Connectivity/Cronet/tests:__subpackages__",
"//packages/modules/IPsec/tests/iketests",
"//packages/modules/NetworkStack/tests:__subpackages__",
"//packages/modules/Wifi/service/tests/wifitests",
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index e068d8a..d98fa5f 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -446,11 +446,6 @@
return match;
}
- if (key.tag) {
- update_stats_with_config(skb, egress, &key, *selectedMap);
- key.tag = 0;
- }
-
do_packet_tracing(skb, egress, uid, tag, enable_tracing, kver);
update_stats_with_config(skb, egress, &key, *selectedMap);
update_app_uid_stats_map(skb, egress, &uid);
diff --git a/framework-t/src/android/net/NetworkStatsAccess.java b/framework-t/src/android/net/NetworkStatsAccess.java
index 0585756..23902dc 100644
--- a/framework-t/src/android/net/NetworkStatsAccess.java
+++ b/framework-t/src/android/net/NetworkStatsAccess.java
@@ -17,7 +17,6 @@
package android.net;
import static android.Manifest.permission.READ_NETWORK_USAGE_HISTORY;
-import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.net.NetworkStats.UID_ALL;
import static android.net.TrafficStats.UID_REMOVED;
import static android.net.TrafficStats.UID_TETHERING;
@@ -33,6 +32,8 @@
import android.os.UserHandle;
import android.telephony.TelephonyManager;
+import com.android.net.module.util.PermissionUtils;
+
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -100,6 +101,7 @@
* <li>Device owners.
* <li>Carrier-privileged applications.
* <li>The system UID.
+ * <li>NetworkStack application.
* </ul>
*/
int DEVICE = 3;
@@ -125,9 +127,9 @@
final int appId = UserHandle.getAppId(callingUid);
- final boolean isNetworkStack = context.checkPermission(
- android.Manifest.permission.NETWORK_STACK, callingPid, callingUid)
- == PERMISSION_GRANTED;
+ final boolean isNetworkStack = PermissionUtils.checkAnyPermissionOf(
+ context, callingPid, callingUid, android.Manifest.permission.NETWORK_STACK,
+ NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
if (hasCarrierPrivileges || isDeviceOwner
|| appId == Process.SYSTEM_UID || isNetworkStack) {
diff --git a/framework-t/src/android/net/nsd/NsdManager.java b/framework-t/src/android/net/nsd/NsdManager.java
index 96f2f80..d119db6 100644
--- a/framework-t/src/android/net/nsd/NsdManager.java
+++ b/framework-t/src/android/net/nsd/NsdManager.java
@@ -281,6 +281,9 @@
EVENT_NAMES.put(UNREGISTER_SERVICE_CALLBACK, "UNREGISTER_SERVICE_CALLBACK");
EVENT_NAMES.put(UNREGISTER_SERVICE_CALLBACK_SUCCEEDED,
"UNREGISTER_SERVICE_CALLBACK_SUCCEEDED");
+ EVENT_NAMES.put(MDNS_DISCOVERY_MANAGER_EVENT, "MDNS_DISCOVERY_MANAGER_EVENT");
+ EVENT_NAMES.put(REGISTER_CLIENT, "REGISTER_CLIENT");
+ EVENT_NAMES.put(UNREGISTER_CLIENT, "UNREGISTER_CLIENT");
}
/** @hide */
diff --git a/framework/src/android/net/LinkAddress.java b/framework/src/android/net/LinkAddress.java
index d48b8c7..90f55b3 100644
--- a/framework/src/android/net/LinkAddress.java
+++ b/framework/src/android/net/LinkAddress.java
@@ -487,17 +487,23 @@
*/
@SystemApi
public boolean isGlobalPreferred() {
- /**
- * Note that addresses flagged as IFA_F_OPTIMISTIC are
- * simultaneously flagged as IFA_F_TENTATIVE (when the tentative
- * state has cleared either DAD has succeeded or failed, and both
- * flags are cleared regardless).
- */
- int flags = getFlags();
return (scope == RT_SCOPE_UNIVERSE
&& !isIpv6ULA()
- && (flags & (IFA_F_DADFAILED | IFA_F_DEPRECATED)) == 0L
- && ((flags & IFA_F_TENTATIVE) == 0L || (flags & IFA_F_OPTIMISTIC) != 0L));
+ && isPreferred());
+ }
+
+ /**
+ * Checks if the address is a preferred address.
+ *
+ * @hide
+ */
+ public boolean isPreferred() {
+ // Note that addresses flagged as IFA_F_OPTIMISTIC are simultaneously flagged as
+ // IFA_F_TENTATIVE (when the tentative state has cleared either DAD has succeeded or
+ // failed, and both flags are cleared regardless).
+ int flags = getFlags();
+ return (flags & (IFA_F_DADFAILED | IFA_F_DEPRECATED)) == 0L
+ && ((flags & IFA_F_TENTATIVE) == 0L || (flags & IFA_F_OPTIMISTIC) != 0L);
}
/**
diff --git a/framework/src/android/net/NetworkAgent.java b/framework/src/android/net/NetworkAgent.java
index 8fe20de..177f7e3 100644
--- a/framework/src/android/net/NetworkAgent.java
+++ b/framework/src/android/net/NetworkAgent.java
@@ -281,9 +281,8 @@
*
* arg1 = the hardware slot number of the keepalive to start
* arg2 = interval in seconds
- * obj = AutomaticKeepaliveInfo object
+ * obj = KeepalivePacketData object describing the data to be sent
*
- * Also used internally by ConnectivityService / KeepaliveTracker, with different semantics.
* @hide
*/
public static final int CMD_START_SOCKET_KEEPALIVE = BASE + 11;
@@ -436,6 +435,14 @@
public static final int CMD_DSCP_POLICY_STATUS = BASE + 28;
/**
+ * Sent by the NetworkAgent to ConnectivityService to notify that this network is expected to be
+ * replaced within the specified time by a similar network.
+ * arg1 = timeout in milliseconds
+ * @hide
+ */
+ public static final int EVENT_UNREGISTER_AFTER_REPLACEMENT = BASE + 29;
+
+ /**
* DSCP policy was successfully added.
*/
public static final int DSCP_POLICY_STATUS_SUCCESS = 0;
@@ -477,27 +484,6 @@
@Retention(RetentionPolicy.SOURCE)
public @interface DscpPolicyStatus {}
- /**
- * Sent by the NetworkAgent to ConnectivityService to notify that this network is expected to be
- * replaced within the specified time by a similar network.
- * arg1 = timeout in milliseconds
- * @hide
- */
- public static final int EVENT_UNREGISTER_AFTER_REPLACEMENT = BASE + 29;
-
- /**
- * Sent by AutomaticOnOffKeepaliveTracker periodically (when relevant) to trigger monitor
- * automatic keepalive request.
- *
- * NATT keepalives have an automatic mode where the system only sends keepalive packets when
- * TCP sockets are open over a VPN. The system will check periodically for presence of
- * such open sockets, and this message is what triggers the re-evaluation.
- *
- * obj = A Binder object associated with the keepalive.
- * @hide
- */
- public static final int CMD_MONITOR_AUTOMATIC_KEEPALIVE = BASE + 30;
-
private static NetworkInfo getLegacyNetworkInfo(final NetworkAgentConfig config) {
final NetworkInfo ni = new NetworkInfo(config.legacyType, config.legacySubType,
config.legacyTypeName, config.legacySubTypeName);
diff --git a/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp b/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
index cdcb0f8..64a7a98 100644
--- a/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
+++ b/service-t/native/libs/libnetworkstats/BpfNetworkStats.cpp
@@ -126,7 +126,13 @@
if (!statsEntry.ok()) {
return base::ResultError(statsEntry.error().message(), statsEntry.error().code());
}
- lines->push_back(populateStatsEntry(key, statsEntry.value(), ifname));
+ stats_line newLine = populateStatsEntry(key, statsEntry.value(), ifname);
+ lines->push_back(newLine);
+ if (newLine.tag) {
+ // account tagged traffic in the untagged stats (for historical reasons?)
+ newLine.tag = 0;
+ lines->push_back(newLine);
+ }
return Result<void>();
};
Result<void> res = statsMap.iterate(processDetailUidStats);
@@ -236,21 +242,20 @@
std::sort(lines->begin(), lines->end());
// Similar to std::unique(), but aggregates the duplicates rather than discarding them.
- size_t nextOutput = 0;
+ size_t currentOutput = 0;
for (size_t i = 1; i < lines->size(); i++) {
- if (lines->at(nextOutput) == lines->at(i)) {
- lines->at(nextOutput) += lines->at(i);
+ // note that == operator only compares the 'key' portion: iface/uid/tag/set
+ if (lines->at(currentOutput) == lines->at(i)) {
+ // while += operator only affects the 'data' portion: {rx,tx}{Bytes,Packets}
+ lines->at(currentOutput) += lines->at(i);
} else {
- nextOutput++;
- if (nextOutput != i) {
- lines->at(nextOutput) = lines->at(i);
- }
+ // okay, we're done aggregating the current line, move to the next one
+ lines->at(++currentOutput) = lines->at(i);
}
}
- if (lines->size() != nextOutput + 1) {
- lines->resize(nextOutput + 1);
- }
+ // possibly shrink the vector - currentOutput is the last line with valid data
+ lines->resize(currentOutput + 1);
}
// True if lhs equals to rhs, only compare iface, uid, tag and set.
diff --git a/service-t/native/libs/libnetworkstats/BpfNetworkStatsTest.cpp b/service-t/native/libs/libnetworkstats/BpfNetworkStatsTest.cpp
index bf42b62..f8d9ec8 100644
--- a/service-t/native/libs/libnetworkstats/BpfNetworkStatsTest.cpp
+++ b/service-t/native/libs/libnetworkstats/BpfNetworkStatsTest.cpp
@@ -291,7 +291,7 @@
populateFakeStats(TEST_UID2, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
std::vector<stats_line> lines;
ASSERT_EQ(0, parseBpfNetworkStatsDetailInternal(&lines, mFakeStatsMap, mFakeIfaceIndexNameMap));
- ASSERT_EQ((unsigned long)4, lines.size());
+ ASSERT_EQ((unsigned long)7, lines.size());
}
TEST_F(BpfNetworkStatsHelperTest, TestGetStatsWithSkippedIface) {
@@ -409,12 +409,18 @@
.txPackets = TEST_PACKET0,
.txBytes = TEST_BYTES0,
};
- StatsValue value3 = {
+ StatsValue value3 = { // value1 *2
.rxPackets = TEST_PACKET0 * 2,
.rxBytes = TEST_BYTES0 * 2,
.txPackets = TEST_PACKET1 * 2,
.txBytes = TEST_BYTES1 * 2,
};
+ StatsValue value5 = { // value2 + value3
+ .rxPackets = TEST_PACKET1 + TEST_PACKET0 * 2,
+ .rxBytes = TEST_BYTES1 + TEST_BYTES0 * 2,
+ .txPackets = TEST_PACKET0 + TEST_PACKET1 * 2,
+ .txBytes = TEST_BYTES0 + TEST_BYTES1 * 2,
+ };
std::vector<stats_line> lines;
@@ -426,8 +432,9 @@
// Test 1 line stats.
populateFakeStats(TEST_UID1, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
ASSERT_EQ(0, parseBpfNetworkStatsDetailInternal(&lines, mFakeStatsMap, mFakeIfaceIndexNameMap));
- ASSERT_EQ((size_t) 1, lines.size());
- expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, TEST_TAG, lines[0]);
+ ASSERT_EQ((size_t) 2, lines.size()); // TEST_TAG != 0 -> 1 entry becomes 2 lines
+ expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, 0, lines[0]);
+ expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, TEST_TAG, lines[1]);
lines.clear();
// These items should not be grouped.
@@ -437,7 +444,7 @@
mFakeStatsMap);
populateFakeStats(TEST_UID2, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
ASSERT_EQ(0, parseBpfNetworkStatsDetailInternal(&lines, mFakeStatsMap, mFakeIfaceIndexNameMap));
- ASSERT_EQ((size_t) 5, lines.size());
+ ASSERT_EQ((size_t) 9, lines.size());
lines.clear();
// These items should be grouped.
@@ -445,14 +452,18 @@
populateFakeStats(TEST_UID2, TEST_TAG, IFACE_INDEX3, TEST_COUNTERSET0, value1, mFakeStatsMap);
ASSERT_EQ(0, parseBpfNetworkStatsDetailInternal(&lines, mFakeStatsMap, mFakeIfaceIndexNameMap));
- ASSERT_EQ((size_t) 5, lines.size());
+ ASSERT_EQ((size_t) 9, lines.size());
// Verify Sorted & Grouped.
- expectStatsLineEqual(value3, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, TEST_TAG, lines[0]);
- expectStatsLineEqual(value2, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET1, TEST_TAG, lines[1]);
- expectStatsLineEqual(value2, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, TEST_TAG + 1, lines[2]);
- expectStatsLineEqual(value3, IFACE_NAME1, TEST_UID2, TEST_COUNTERSET0, TEST_TAG, lines[3]);
- expectStatsLineEqual(value2, IFACE_NAME2, TEST_UID1, TEST_COUNTERSET0, TEST_TAG, lines[4]);
+ expectStatsLineEqual(value5, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, 0, lines[0]);
+ expectStatsLineEqual(value2, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET1, 0, lines[1]);
+ expectStatsLineEqual(value3, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, TEST_TAG, lines[2]);
+ expectStatsLineEqual(value2, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET1, TEST_TAG, lines[3]);
+ expectStatsLineEqual(value2, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, TEST_TAG + 1, lines[4]);
+ expectStatsLineEqual(value3, IFACE_NAME1, TEST_UID2, TEST_COUNTERSET0, 0, lines[5]);
+ expectStatsLineEqual(value3, IFACE_NAME1, TEST_UID2, TEST_COUNTERSET0, TEST_TAG, lines[6]);
+ expectStatsLineEqual(value2, IFACE_NAME2, TEST_UID1, TEST_COUNTERSET0, 0, lines[7]);
+ expectStatsLineEqual(value2, IFACE_NAME2, TEST_UID1, TEST_COUNTERSET0, TEST_TAG, lines[8]);
lines.clear();
// Perform test on IfaceStats.
@@ -485,39 +496,48 @@
.txPackets = TEST_PACKET1,
.txBytes = TEST_BYTES1,
};
+ StatsValue value4 = { // value1 * 4
+ .rxPackets = TEST_PACKET0 * 4,
+ .rxBytes = TEST_BYTES0 * 4,
+ .txPackets = TEST_PACKET1 * 4,
+ .txBytes = TEST_BYTES1 * 4,
+ };
// Mutate uid, 0 < TEST_UID1 < INT_MAX < INT_MIN < UINT_MAX.
- populateFakeStats(0, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
- populateFakeStats(UINT_MAX, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
- populateFakeStats(INT_MIN, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
- populateFakeStats(INT_MAX, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(0, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(UINT_MAX, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(INT_MIN, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(INT_MAX, TEST_TAG, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
// Mutate tag, 0 < TEST_TAG < INT_MAX < INT_MIN < UINT_MAX.
- populateFakeStats(TEST_UID1, INT_MAX, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
- populateFakeStats(TEST_UID1, INT_MIN, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
- populateFakeStats(TEST_UID1, 0, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(TEST_UID1, INT_MAX, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(TEST_UID1, INT_MIN, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
+ populateFakeStats(TEST_UID1, 0, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
populateFakeStats(TEST_UID1, UINT_MAX, IFACE_INDEX1, TEST_COUNTERSET0, value1, mFakeStatsMap);
// TODO: Mutate counterSet and enlarge TEST_MAP_SIZE if overflow on counterSet is possible.
std::vector<stats_line> lines;
ASSERT_EQ(0, parseBpfNetworkStatsDetailInternal(&lines, mFakeStatsMap, mFakeIfaceIndexNameMap));
- ASSERT_EQ((size_t) 8, lines.size());
+ ASSERT_EQ((size_t) 12, lines.size());
// Uid 0 first
- expectStatsLineEqual(value1, IFACE_NAME1, 0, TEST_COUNTERSET0, TEST_TAG, lines[0]);
+ expectStatsLineEqual(value1, IFACE_NAME1, 0, TEST_COUNTERSET0, 0, lines[0]);
+ expectStatsLineEqual(value1, IFACE_NAME1, 0, TEST_COUNTERSET0, TEST_TAG, lines[1]);
// Test uid, mutate tag.
- expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, 0, lines[1]);
- expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, INT_MAX, lines[2]);
- expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, INT_MIN, lines[3]);
- expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, UINT_MAX, lines[4]);
+ expectStatsLineEqual(value4, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, 0, lines[2]);
+ expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, INT_MAX, lines[3]);
+ expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, INT_MIN, lines[4]);
+ expectStatsLineEqual(value1, IFACE_NAME1, TEST_UID1, TEST_COUNTERSET0, UINT_MAX, lines[5]);
// Mutate uid.
- expectStatsLineEqual(value1, IFACE_NAME1, INT_MAX, TEST_COUNTERSET0, TEST_TAG, lines[5]);
- expectStatsLineEqual(value1, IFACE_NAME1, INT_MIN, TEST_COUNTERSET0, TEST_TAG, lines[6]);
- expectStatsLineEqual(value1, IFACE_NAME1, UINT_MAX, TEST_COUNTERSET0, TEST_TAG, lines[7]);
- lines.clear();
+ expectStatsLineEqual(value1, IFACE_NAME1, INT_MAX, TEST_COUNTERSET0, 0, lines[6]);
+ expectStatsLineEqual(value1, IFACE_NAME1, INT_MAX, TEST_COUNTERSET0, TEST_TAG, lines[7]);
+ expectStatsLineEqual(value1, IFACE_NAME1, INT_MIN, TEST_COUNTERSET0, 0, lines[8]);
+ expectStatsLineEqual(value1, IFACE_NAME1, INT_MIN, TEST_COUNTERSET0, TEST_TAG, lines[9]);
+ expectStatsLineEqual(value1, IFACE_NAME1, UINT_MAX, TEST_COUNTERSET0, 0, lines[10]);
+ expectStatsLineEqual(value1, IFACE_NAME1, UINT_MAX, TEST_COUNTERSET0, TEST_TAG, lines[11]);
}
} // namespace bpf
} // namespace android
diff --git a/service-t/src/com/android/server/NsdService.java b/service-t/src/com/android/server/NsdService.java
index a658791..c5104d8 100644
--- a/service-t/src/com/android/server/NsdService.java
+++ b/service-t/src/com/android/server/NsdService.java
@@ -1330,6 +1330,9 @@
mDeps = deps;
mMdnsSocketProvider = deps.makeMdnsSocketProvider(ctx, handler.getLooper());
+ // Netlink monitor starts on boot, and intentionally never stopped, to ensure that all
+ // address events are received.
+ handler.post(mMdnsSocketProvider::startNetLinkMonitor);
mMdnsSocketClient =
new MdnsMultinetworkSocketClient(handler.getLooper(), mMdnsSocketProvider);
mMdnsDiscoveryManager =
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsServiceTypeClient.java b/service-t/src/com/android/server/connectivity/mdns/MdnsServiceTypeClient.java
index f87804b..5298aef 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsServiceTypeClient.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsServiceTypeClient.java
@@ -174,6 +174,7 @@
this.searchOptions = searchOptions;
if (listeners.put(listener, searchOptions) == null) {
for (MdnsResponse existingResponse : instanceNameToResponse.values()) {
+ if (!responseMatchesOptions(existingResponse, searchOptions)) continue;
final MdnsServiceInfo info =
buildMdnsServiceInfoFromResponse(existingResponse, serviceTypeLabels);
listener.onServiceNameDiscovered(info);
@@ -199,6 +200,13 @@
}
}
+ private boolean responseMatchesOptions(@NonNull MdnsResponse response,
+ @NonNull MdnsSearchOptions options) {
+ if (options.getResolveInstanceName() == null) return true;
+ // DNS is case-insensitive, so ignore case in the comparison
+ return options.getResolveInstanceName().equalsIgnoreCase(response.getServiceInstanceName());
+ }
+
/**
* Unregisters {@code listener} from receiving discovery event of mDNS service instances.
*
@@ -274,6 +282,7 @@
buildMdnsServiceInfoFromResponse(response, serviceTypeLabels);
for (int i = 0; i < listeners.size(); i++) {
+ if (!responseMatchesOptions(response, listeners.valueAt(i))) continue;
final MdnsServiceBrowserListener listener = listeners.keyAt(i);
if (newServiceFound) {
listener.onServiceNameDiscovered(serviceInfo);
@@ -295,6 +304,7 @@
return;
}
for (int i = 0; i < listeners.size(); i++) {
+ if (!responseMatchesOptions(response, listeners.valueAt(i))) continue;
final MdnsServiceBrowserListener listener = listeners.keyAt(i);
final MdnsServiceInfo serviceInfo =
buildMdnsServiceInfoFromResponse(response, serviceTypeLabels);
@@ -512,6 +522,10 @@
== 0) {
iter.remove();
for (int i = 0; i < listeners.size(); i++) {
+ if (!responseMatchesOptions(existingResponse,
+ listeners.valueAt(i))) {
+ continue;
+ }
final MdnsServiceBrowserListener listener = listeners.keyAt(i);
String serviceInstanceName =
existingResponse.getServiceInstanceName();
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsSocketProvider.java b/service-t/src/com/android/server/connectivity/mdns/MdnsSocketProvider.java
index 0952e88..8017ee0 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsSocketProvider.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsSocketProvider.java
@@ -36,10 +36,12 @@
import android.os.Looper;
import android.util.ArrayMap;
import android.util.Log;
+import android.util.SparseArray;
import com.android.internal.annotations.VisibleForTesting;
import com.android.net.module.util.CollectionUtils;
import com.android.net.module.util.LinkPropertiesUtils.CompareResult;
+import com.android.net.module.util.SharedLog;
import com.android.server.connectivity.mdns.util.MdnsLogger;
import java.io.IOException;
@@ -65,6 +67,7 @@
// Note: mdnsresponder mDNSEmbeddedAPI.h uses 8940 for Ethernet jumbo frames.
private static final int READ_BUFFER_SIZE = 2048;
private static final MdnsLogger LOGGER = new MdnsLogger(TAG);
+ private static final int IFACE_IDX_NOT_EXIST = -1;
@NonNull private final Context mContext;
@NonNull private final Looper mLooper;
@NonNull private final Handler mHandler;
@@ -81,6 +84,9 @@
new ArrayMap<>();
private final List<String> mLocalOnlyInterfaces = new ArrayList<>();
private final List<String> mTetheredInterfaces = new ArrayList<>();
+ // mIfaceIdxToLinkProperties should not be cleared in maybeStopMonitoringSockets() because
+ // the netlink monitor is never stop and the old states must be kept.
+ private final SparseArray<LinkProperties> mIfaceIdxToLinkProperties = new SparseArray<>();
private final byte[] mPacketReadBuffer = new byte[READ_BUFFER_SIZE];
private boolean mMonitoringSockets = false;
private boolean mRequestStop = false;
@@ -126,8 +132,8 @@
}
};
- mSocketNetlinkMonitor = SocketNetLinkMonitorFactory.createNetLinkMonitor(mHandler,
- LOGGER.mLog);
+ mSocketNetlinkMonitor = mDependencies.createSocketNetlinkMonitor(mHandler, LOGGER.mLog,
+ new NetLinkMessageProcessor());
}
/**
@@ -148,8 +154,83 @@
@NonNull byte[] packetReadBuffer) throws IOException {
return new MdnsInterfaceSocket(networkInterface, port, looper, packetReadBuffer);
}
- }
+ /*** Get network interface by given interface name */
+ public int getNetworkInterfaceIndexByName(@NonNull final String ifaceName) {
+ final NetworkInterface iface;
+ try {
+ iface = NetworkInterface.getByName(ifaceName);
+ } catch (SocketException e) {
+ Log.e(TAG, "Error querying interface", e);
+ return IFACE_IDX_NOT_EXIST;
+ }
+ if (iface == null) {
+ Log.e(TAG, "Interface not found: " + ifaceName);
+ return IFACE_IDX_NOT_EXIST;
+ }
+ return iface.getIndex();
+ }
+ /*** Creates a SocketNetlinkMonitor */
+ public ISocketNetLinkMonitor createSocketNetlinkMonitor(@NonNull final Handler handler,
+ @NonNull final SharedLog log,
+ @NonNull final NetLinkMonitorCallBack cb) {
+ return SocketNetLinkMonitorFactory.createNetLinkMonitor(handler, log, cb);
+ }
+ }
+ /**
+ * The callback interface for the netlink monitor messages.
+ */
+ public interface NetLinkMonitorCallBack {
+ /**
+ * Handles the interface address add or update.
+ */
+ void addOrUpdateInterfaceAddress(int ifaceIdx, @NonNull LinkAddress newAddress);
+
+
+ /**
+ * Handles the interface address delete.
+ */
+ void deleteInterfaceAddress(int ifaceIdx, @NonNull LinkAddress deleteAddress);
+ }
+ private class NetLinkMessageProcessor implements NetLinkMonitorCallBack {
+
+ @Override
+ public void addOrUpdateInterfaceAddress(int ifaceIdx,
+ @NonNull final LinkAddress newAddress) {
+
+ LinkProperties linkProperties;
+ linkProperties = mIfaceIdxToLinkProperties.get(ifaceIdx);
+ if (linkProperties == null) {
+ linkProperties = new LinkProperties();
+ mIfaceIdxToLinkProperties.put(ifaceIdx, linkProperties);
+ }
+ boolean updated = linkProperties.addLinkAddress(newAddress);
+
+ if (!updated) {
+ return;
+ }
+ maybeUpdateTetheringSocketAddress(ifaceIdx, linkProperties.getLinkAddresses());
+ }
+
+ @Override
+ public void deleteInterfaceAddress(int ifaceIdx, @NonNull LinkAddress deleteAddress) {
+ LinkProperties linkProperties;
+ boolean updated = false;
+ linkProperties = mIfaceIdxToLinkProperties.get(ifaceIdx);
+ if (linkProperties != null) {
+ updated = linkProperties.removeLinkAddress(deleteAddress);
+ if (linkProperties.getLinkAddresses().isEmpty()) {
+ mIfaceIdxToLinkProperties.remove(ifaceIdx);
+ }
+ }
+
+ if (linkProperties == null || !updated) {
+ return;
+ }
+ maybeUpdateTetheringSocketAddress(ifaceIdx, linkProperties.getLinkAddresses());
+
+ }
+ }
/*** Data class for storing socket related info */
private static class SocketInfo {
final MdnsInterfaceSocket mSocket;
@@ -190,6 +271,15 @@
}
mMonitoringSockets = true;
}
+ /**
+ * Start netlink monitor.
+ */
+ public void startNetLinkMonitor() {
+ ensureRunningOnHandlerThread(mHandler);
+ if (mSocketNetlinkMonitor.isSupported()) {
+ mSocketNetlinkMonitor.startMonitoring();
+ }
+ }
private void maybeStopMonitoringSockets() {
if (!mMonitoringSockets) return; // Already unregistered.
@@ -203,10 +293,6 @@
final TetheringManager tetheringManager = mContext.getSystemService(
TetheringManager.class);
tetheringManager.unregisterTetheringEventCallback(mTetheringEventCallback);
-
- if (mSocketNetlinkMonitor.isSupported()) {
- mHandler.post(mSocketNetlinkMonitor::stopMonitoring);
- }
// Clear all saved status.
mActiveNetworksLinkProperties.clear();
mNetworkSockets.clear();
@@ -215,6 +301,8 @@
mTetheredInterfaces.clear();
mMonitoringSockets = false;
}
+ // The netlink monitor is not stopped here because the MdnsSocketProvider need to listen
+ // to all the netlink updates when the system is up and running.
}
/*** Request to stop monitoring sockets and unregister callbacks */
@@ -259,21 +347,38 @@
if (socketInfo == null) {
createSocket(networkKey, lp);
} else {
- // Update the addresses of this socket.
- final List<LinkAddress> addresses = lp.getLinkAddresses();
- socketInfo.mAddresses.clear();
- socketInfo.mAddresses.addAll(addresses);
- // Try to join the group again.
- socketInfo.mSocket.joinGroup(addresses);
-
- notifyAddressesChanged(network, socketInfo.mSocket, lp);
+ updateSocketInfoAddress(network, socketInfo, lp.getLinkAddresses());
+ }
+ }
+ private void maybeUpdateTetheringSocketAddress(int ifaceIndex,
+ @NonNull final List<LinkAddress> updatedAddresses) {
+ for (int i = 0; i < mTetherInterfaceSockets.size(); ++i) {
+ String tetheringInterfaceName = mTetherInterfaceSockets.keyAt(i);
+ if (mDependencies.getNetworkInterfaceIndexByName(tetheringInterfaceName)
+ == ifaceIndex) {
+ updateSocketInfoAddress(null /* network */,
+ mTetherInterfaceSockets.valueAt(i), updatedAddresses);
+ return;
+ }
}
}
- private static LinkProperties createLPForTetheredInterface(String interfaceName) {
- final LinkProperties linkProperties = new LinkProperties();
+ private void updateSocketInfoAddress(@Nullable final Network network,
+ @NonNull final SocketInfo socketInfo,
+ @NonNull final List<LinkAddress> addresses) {
+ // Update the addresses of this socket.
+ socketInfo.mAddresses.clear();
+ socketInfo.mAddresses.addAll(addresses);
+ // Try to join the group again.
+ socketInfo.mSocket.joinGroup(addresses);
+
+ notifyAddressesChanged(network, socketInfo.mSocket, addresses);
+ }
+ private LinkProperties createLPForTetheredInterface(@NonNull final String interfaceName,
+ int ifaceIndex) {
+ final LinkProperties linkProperties =
+ new LinkProperties(mIfaceIdxToLinkProperties.get(ifaceIndex));
linkProperties.setInterfaceName(interfaceName);
- // TODO: Use NetlinkMonitor to update addresses for tethering interfaces.
return linkProperties;
}
@@ -292,7 +397,8 @@
final CompareResult<String> interfaceDiff = new CompareResult<>(
current, updated);
for (String name : interfaceDiff.added) {
- createSocket(LOCAL_NET, createLPForTetheredInterface(name));
+ int ifaceIndex = mDependencies.getNetworkInterfaceIndexByName(name);
+ createSocket(LOCAL_NET, createLPForTetheredInterface(name, ifaceIndex));
}
for (String name : interfaceDiff.removed) {
removeTetherInterfaceSocket(name);
@@ -332,14 +438,10 @@
final MdnsInterfaceSocket socket = mDependencies.createMdnsInterfaceSocket(
networkInterface.getNetworkInterface(), MdnsConstants.MDNS_PORT, mLooper,
mPacketReadBuffer);
- final List<LinkAddress> addresses;
+ final List<LinkAddress> addresses = lp.getLinkAddresses();
if (networkKey == LOCAL_NET) {
- addresses = CollectionUtils.map(
- networkInterface.getInterfaceAddresses(),
- i -> new LinkAddress(i.getAddress(), i.getNetworkPrefixLength()));
mTetherInterfaceSockets.put(interfaceName, new SocketInfo(socket, addresses));
} else {
- addresses = lp.getLinkAddresses();
mNetworkSockets.put(((NetworkAsKey) networkKey).mNetwork,
new SocketInfo(socket, addresses));
}
@@ -422,12 +524,12 @@
}
private void notifyAddressesChanged(Network network, MdnsInterfaceSocket socket,
- LinkProperties lp) {
+ List<LinkAddress> addresses) {
for (int i = 0; i < mCallbacksToRequestedNetworks.size(); i++) {
final Network requestedNetwork = mCallbacksToRequestedNetworks.valueAt(i);
if (isNetworkMatched(requestedNetwork, network)) {
mCallbacksToRequestedNetworks.keyAt(i)
- .onAddressesChanged(network, socket, lp.getLinkAddresses());
+ .onAddressesChanged(network, socket, addresses);
}
}
}
@@ -451,7 +553,10 @@
private void retrieveAndNotifySocketFromInterface(String interfaceName, SocketCallback cb) {
final SocketInfo socketInfo = mTetherInterfaceSockets.get(interfaceName);
if (socketInfo == null) {
- createSocket(LOCAL_NET, createLPForTetheredInterface(interfaceName));
+ int ifaceIndex = mDependencies.getNetworkInterfaceIndexByName(interfaceName);
+ createSocket(
+ LOCAL_NET,
+ createLPForTetheredInterface(interfaceName, ifaceIndex));
} else {
// Notify the socket for requested network.
cb.onSocketCreated(
diff --git a/service-t/src/com/android/server/connectivity/mdns/SocketNetLinkMonitorFactory.java b/service-t/src/com/android/server/connectivity/mdns/SocketNetLinkMonitorFactory.java
index 8f6aecc..4650255 100644
--- a/service-t/src/com/android/server/connectivity/mdns/SocketNetLinkMonitorFactory.java
+++ b/service-t/src/com/android/server/connectivity/mdns/SocketNetLinkMonitorFactory.java
@@ -31,8 +31,8 @@
* Creates a new netlink monitor.
*/
public static ISocketNetLinkMonitor createNetLinkMonitor(@NonNull final Handler handler,
- @NonNull SharedLog log) {
- return new SocketNetlinkMonitor(handler, log);
+ @NonNull SharedLog log, @NonNull MdnsSocketProvider.NetLinkMonitorCallBack cb) {
+ return new SocketNetlinkMonitor(handler, log, cb);
}
private SocketNetLinkMonitorFactory() {
diff --git a/service-t/src/com/android/server/connectivity/mdns/internal/SocketNetlinkMonitor.java b/service-t/src/com/android/server/connectivity/mdns/internal/SocketNetlinkMonitor.java
index e053413..6395b53 100644
--- a/service-t/src/com/android/server/connectivity/mdns/internal/SocketNetlinkMonitor.java
+++ b/service-t/src/com/android/server/connectivity/mdns/internal/SocketNetlinkMonitor.java
@@ -17,28 +17,64 @@
package com.android.server.connectivity.mdns.internal;
import android.annotation.NonNull;
+import android.net.LinkAddress;
import android.os.Handler;
import android.system.OsConstants;
+import android.util.Log;
import com.android.net.module.util.SharedLog;
import com.android.net.module.util.ip.NetlinkMonitor;
import com.android.net.module.util.netlink.NetlinkConstants;
import com.android.net.module.util.netlink.NetlinkMessage;
+import com.android.net.module.util.netlink.RtNetlinkAddressMessage;
+import com.android.net.module.util.netlink.StructIfaddrMsg;
import com.android.server.connectivity.mdns.ISocketNetLinkMonitor;
+import com.android.server.connectivity.mdns.MdnsSocketProvider;
/**
* The netlink monitor for MdnsSocketProvider.
*/
public class SocketNetlinkMonitor extends NetlinkMonitor implements ISocketNetLinkMonitor {
- public SocketNetlinkMonitor(@NonNull final Handler handler, @NonNull SharedLog log) {
- super(handler, log, SocketNetlinkMonitor.class.getSimpleName(), OsConstants.NETLINK_ROUTE,
- NetlinkConstants.RTMGRP_IPV4_IFADDR | NetlinkConstants.RTMGRP_IPV6_IFADDR);
- }
+ public static final String TAG = SocketNetlinkMonitor.class.getSimpleName();
+ @NonNull
+ private final MdnsSocketProvider.NetLinkMonitorCallBack mCb;
+ public SocketNetlinkMonitor(@NonNull final Handler handler,
+ @NonNull SharedLog log,
+ @NonNull final MdnsSocketProvider.NetLinkMonitorCallBack cb) {
+ super(handler, log, TAG, OsConstants.NETLINK_ROUTE,
+ NetlinkConstants.RTMGRP_IPV4_IFADDR | NetlinkConstants.RTMGRP_IPV6_IFADDR);
+ mCb = cb;
+ }
@Override
public void processNetlinkMessage(NetlinkMessage nlMsg, long whenMs) {
+ if (nlMsg instanceof RtNetlinkAddressMessage) {
+ processRtNetlinkAddressMessage((RtNetlinkAddressMessage) nlMsg);
+ }
+ }
+ /**
+ * Process the RTM_NEWADDR and RTM_DELADDR netlink message.
+ */
+ private void processRtNetlinkAddressMessage(RtNetlinkAddressMessage msg) {
+ final StructIfaddrMsg ifaddrMsg = msg.getIfaddrHeader();
+ final LinkAddress la = new LinkAddress(msg.getIpAddress(), ifaddrMsg.prefixLen,
+ msg.getFlags(), ifaddrMsg.scope);
+ if (!la.isPreferred()) {
+ // Skip the unusable ip address.
+ return;
+ }
+ switch (msg.getHeader().nlmsg_type) {
+ case NetlinkConstants.RTM_NEWADDR:
+ mCb.addOrUpdateInterfaceAddress(ifaddrMsg.index, la);
+ break;
+ case NetlinkConstants.RTM_DELADDR:
+ mCb.deleteInterfaceAddress(ifaddrMsg.index, la);
+ break;
+ default:
+ Log.e(TAG, "Unknown rtnetlink address msg type " + msg.getHeader().nlmsg_type);
+ }
}
@Override
diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
index 6078e28..e63e423 100644
--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
@@ -500,7 +500,9 @@
if (ret == 0) {
ALOGE("Failed to SIGTERM clatd pid=%d, try SIGKILL", pid);
// TODO: fix that kill failed or waitpid doesn't return.
- kill(pid, SIGKILL);
+ if (kill(pid, SIGKILL)) {
+ ALOGE("Failed to SIGKILL clatd pid=%d: %s", pid, strerror(errno));
+ }
ret = waitpid(pid, &status, 0);
}
if (ret == -1) {
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 2af30dd..ba503e0 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -98,6 +98,7 @@
import static com.android.net.module.util.DeviceConfigUtils.TETHERING_MODULE_NAME;
import static com.android.net.module.util.NetworkMonitorUtils.isPrivateDnsValidationRequired;
+import static com.android.net.module.util.PermissionUtils.checkAnyPermissionOf;
import static com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf;
import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission;
import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr;
@@ -463,7 +464,11 @@
private String mCurrentTcpBufferSizes;
private static final SparseArray<String> sMagicDecoderRing = MessageUtils.findMessageNames(
- new Class[] { ConnectivityService.class, NetworkAgent.class, NetworkAgentInfo.class });
+ new Class[] {
+ ConnectivityService.class,
+ NetworkAgent.class,
+ NetworkAgentInfo.class,
+ AutomaticOnOffKeepaliveTracker.class });
private enum ReapUnvalidatedNetworks {
// Tear down networks that have no chance (e.g. even if validated) of becoming
@@ -2324,11 +2329,12 @@
if (newNc.getNetworkSpecifier() != null) {
newNc.setNetworkSpecifier(newNc.getNetworkSpecifier().redact());
}
- if (!checkAnyPermissionOf(callerPid, callerUid, android.Manifest.permission.NETWORK_STACK,
+ if (!checkAnyPermissionOf(mContext, callerPid, callerUid,
+ android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)) {
newNc.setAdministratorUids(new int[0]);
}
- if (!checkAnyPermissionOf(
+ if (!checkAnyPermissionOf(mContext,
callerPid, callerUid, android.Manifest.permission.NETWORK_FACTORY)) {
newNc.setAllowedUids(new ArraySet<>());
newNc.setSubscriptionIds(Collections.emptySet());
@@ -2837,15 +2843,6 @@
setUidBlockedReasons(uid, blockedReasons);
}
- private boolean checkAnyPermissionOf(int pid, int uid, String... permissions) {
- for (String permission : permissions) {
- if (mContext.checkPermission(permission, pid, uid) == PERMISSION_GRANTED) {
- return true;
- }
- }
- return false;
- }
-
private void enforceInternetPermission() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.INTERNET,
@@ -3004,13 +3001,13 @@
}
private boolean checkNetworkStackPermission(int pid, int uid) {
- return checkAnyPermissionOf(pid, uid,
+ return checkAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
private boolean checkNetworkSignalStrengthWakeupPermission(int pid, int uid) {
- return checkAnyPermissionOf(pid, uid,
+ return checkAnyPermissionOf(mContext, pid, uid,
android.Manifest.permission.NETWORK_SIGNAL_STRENGTH_WAKEUP,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
android.Manifest.permission.NETWORK_SETTINGS);
@@ -5008,7 +5005,7 @@
}
private RequestInfoPerUidCounter getRequestCounter(NetworkRequestInfo nri) {
- return checkAnyPermissionOf(
+ return checkAnyPermissionOf(mContext,
nri.mPid, nri.mUid, NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)
? mSystemNetworkRequestCounter : mNetworkRequestCounter;
}
@@ -5605,12 +5602,13 @@
handleConfigureAlwaysOnNetworks();
break;
}
- // Sent by KeepaliveTracker to process an app request on the state machine thread.
- case NetworkAgent.CMD_START_SOCKET_KEEPALIVE: {
+ // Sent by AutomaticOnOffKeepaliveTracker to process an app request on the
+ // handler thread.
+ case AutomaticOnOffKeepaliveTracker.CMD_REQUEST_START_KEEPALIVE: {
mKeepaliveTracker.handleStartKeepalive(msg);
break;
}
- case NetworkAgent.CMD_MONITOR_AUTOMATIC_KEEPALIVE: {
+ case AutomaticOnOffKeepaliveTracker.CMD_MONITOR_AUTOMATIC_KEEPALIVE: {
final AutomaticOnOffKeepalive ki =
mKeepaliveTracker.getKeepaliveForBinder((IBinder) msg.obj);
if (null == ki) return; // The callback was unregistered before the alarm fired
diff --git a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
index acce95d..881c92d 100644
--- a/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
+++ b/service/src/com/android/server/connectivity/AutomaticOnOffKeepaliveTracker.java
@@ -16,7 +16,6 @@
package com.android.server.connectivity;
-import static android.net.NetworkAgent.CMD_START_SOCKET_KEEPALIVE;
import static android.net.SocketKeepalive.ERROR_INVALID_SOCKET;
import static android.net.SocketKeepalive.MIN_INTERVAL_SEC;
import static android.net.SocketKeepalive.SUCCESS_PAUSED;
@@ -40,7 +39,6 @@
import android.net.ISocketKeepaliveCallback;
import android.net.MarkMaskParcel;
import android.net.Network;
-import android.net.NetworkAgent;
import android.net.SocketKeepalive.InvalidSocketException;
import android.os.FileUtils;
import android.os.Handler;
@@ -94,6 +92,29 @@
private static final int ADJUST_TCP_POLLING_DELAY_MS = 2000;
private static final String AUTOMATIC_ON_OFF_KEEPALIVE_VERSION =
"automatic_on_off_keepalive_version";
+
+ // ConnectivityService parses message constants from itself and AutomaticOnOffKeepaliveTracker
+ // with MessageUtils for debugging purposes, and crashes if some messages have the same values.
+ private static final int BASE = 2000;
+ /**
+ * Sent by AutomaticOnOffKeepaliveTracker periodically (when relevant) to trigger monitor
+ * automatic keepalive request.
+ *
+ * NATT keepalives have an automatic mode where the system only sends keepalive packets when
+ * TCP sockets are open over a VPN. The system will check periodically for presence of
+ * such open sockets, and this message is what triggers the re-evaluation.
+ *
+ * obj = A Binder object associated with the keepalive.
+ */
+ public static final int CMD_MONITOR_AUTOMATIC_KEEPALIVE = BASE + 1;
+
+ /**
+ * Sent by AutomaticOnOffKeepaliveTracker to ConnectivityService to start a keepalive.
+ *
+ * obj = AutomaticKeepaliveInfo object
+ */
+ public static final int CMD_REQUEST_START_KEEPALIVE = BASE + 2;
+
/**
* States for {@code #AutomaticOnOffKeepalive}.
*
@@ -202,7 +223,7 @@
throw new InvalidSocketException(ERROR_INVALID_SOCKET, e);
}
mAlarmListener = () -> mConnectivityServiceHandler.obtainMessage(
- NetworkAgent.CMD_MONITOR_AUTOMATIC_KEEPALIVE, mCallback.asBinder())
+ CMD_MONITOR_AUTOMATIC_KEEPALIVE, mCallback.asBinder())
.sendToTarget();
} else {
mAutomaticOnOffState = STATE_ALWAYS_ON;
@@ -482,9 +503,8 @@
+ " → " + dstAddrString + ":" + dstPort
+ " auto=" + autoKi
+ " underpinned=" + underpinnedNetwork);
- mConnectivityServiceHandler.obtainMessage(NetworkAgent.CMD_START_SOCKET_KEEPALIVE,
- // TODO : move ConnectivityService#encodeBool to a static lib.
- automaticOnOffKeepalives ? 1 : 0, 0, autoKi).sendToTarget();
+ mConnectivityServiceHandler.obtainMessage(CMD_REQUEST_START_KEEPALIVE, autoKi)
+ .sendToTarget();
} catch (InvalidSocketException e) {
mKeepaliveTracker.notifyErrorCallback(cb, e.error);
}
@@ -517,9 +537,8 @@
+ " → " + dstAddrString + ":" + dstPort
+ " auto=" + autoKi
+ " underpinned=" + underpinnedNetwork);
- mConnectivityServiceHandler.obtainMessage(NetworkAgent.CMD_START_SOCKET_KEEPALIVE,
- // TODO : move ConnectivityService#encodeBool to a static lib.
- automaticOnOffKeepalives ? 1 : 0, 0, autoKi).sendToTarget();
+ mConnectivityServiceHandler.obtainMessage(CMD_REQUEST_START_KEEPALIVE, autoKi)
+ .sendToTarget();
} catch (InvalidSocketException e) {
mKeepaliveTracker.notifyErrorCallback(cb, e.error);
}
@@ -547,7 +566,7 @@
final AutomaticOnOffKeepalive autoKi = new AutomaticOnOffKeepalive(ki,
false /* autoOnOff, tcp keepalives are never auto on/off */,
null /* underpinnedNetwork, tcp keepalives do not refer to this */);
- mConnectivityServiceHandler.obtainMessage(CMD_START_SOCKET_KEEPALIVE, autoKi)
+ mConnectivityServiceHandler.obtainMessage(CMD_REQUEST_START_KEEPALIVE, autoKi)
.sendToTarget();
} catch (InvalidSocketException e) {
mKeepaliveTracker.notifyErrorCallback(cb, e.error);
diff --git a/tests/cts/hostside/AndroidTest.xml b/tests/cts/hostside/AndroidTest.xml
index 7a73313..e83e36a 100644
--- a/tests/cts/hostside/AndroidTest.xml
+++ b/tests/cts/hostside/AndroidTest.xml
@@ -16,6 +16,7 @@
<configuration description="Config for CTS net host test cases">
<option name="test-suite-tag" value="cts" />
<option name="config-descriptor:metadata" key="component" value="networking" />
+ <option name="config-descriptor:metadata" key="token" value="SIM_CARD" />
<option name="config-descriptor:metadata" key="parameter" value="instant_app" />
<option name="config-descriptor:metadata" key="parameter" value="not_multi_abi" />
<option name="config-descriptor:metadata" key="parameter" value="secondary_user" />
diff --git a/tests/unit/java/android/net/NetworkStatsAccessTest.java b/tests/unit/java/android/net/NetworkStatsAccessTest.java
index a74056b..8b86211 100644
--- a/tests/unit/java/android/net/NetworkStatsAccessTest.java
+++ b/tests/unit/java/android/net/NetworkStatsAccessTest.java
@@ -78,6 +78,7 @@
setHasAppOpsPermission(AppOpsManager.MODE_DEFAULT, false);
setHasReadHistoryPermission(false);
setHasNetworkStackPermission(false);
+ setHasMainlineNetworkStackPermission(false);
}
@After
@@ -154,6 +155,10 @@
setHasNetworkStackPermission(false);
assertEquals(NetworkStatsAccess.Level.DEFAULT,
NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG));
+
+ setHasMainlineNetworkStackPermission(true);
+ assertEquals(NetworkStatsAccess.Level.DEVICE,
+ NetworkStatsAccess.checkAccessLevel(mContext, TEST_PID, TEST_UID, TEST_PKG));
}
private void setHasCarrierPrivileges(boolean hasPrivileges) {
@@ -189,4 +194,10 @@
TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED
: PackageManager.PERMISSION_DENIED);
}
+
+ private void setHasMainlineNetworkStackPermission(boolean hasPermission) {
+ when(mContext.checkPermission(NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
+ TEST_PID, TEST_UID)).thenReturn(hasPermission ? PackageManager.PERMISSION_GRANTED
+ : PackageManager.PERMISSION_DENIED);
+ }
}
diff --git a/tests/unit/java/com/android/server/connectivity/AutomaticOnOffKeepaliveTrackerTest.java b/tests/unit/java/com/android/server/connectivity/AutomaticOnOffKeepaliveTrackerTest.java
index 696eff4..3eb1b26 100644
--- a/tests/unit/java/com/android/server/connectivity/AutomaticOnOffKeepaliveTrackerTest.java
+++ b/tests/unit/java/com/android/server/connectivity/AutomaticOnOffKeepaliveTrackerTest.java
@@ -47,7 +47,6 @@
import android.net.MarkMaskParcel;
import android.net.NattKeepalivePacketData;
import android.net.Network;
-import android.net.NetworkAgent;
import android.net.NetworkCapabilities;
import android.net.NetworkInfo;
import android.os.Binder;
@@ -268,11 +267,11 @@
@Override
public void handleMessage(@NonNull final Message msg) {
switch (msg.what) {
- case NetworkAgent.CMD_START_SOCKET_KEEPALIVE:
- Log.d(TAG, "Test handler received CMD_START_SOCKET_KEEPALIVE : " + msg);
+ case AutomaticOnOffKeepaliveTracker.CMD_REQUEST_START_KEEPALIVE:
+ Log.d(TAG, "Test handler received CMD_REQUEST_START_KEEPALIVE : " + msg);
mAOOKeepaliveTracker.handleStartKeepalive(msg);
break;
- case NetworkAgent.CMD_MONITOR_AUTOMATIC_KEEPALIVE:
+ case AutomaticOnOffKeepaliveTracker.CMD_MONITOR_AUTOMATIC_KEEPALIVE:
Log.d(TAG, "Test handler received CMD_MONITOR_AUTOMATIC_KEEPALIVE : " + msg);
mLastAutoKi = mAOOKeepaliveTracker.getKeepaliveForBinder((IBinder) msg.obj);
break;
diff --git a/tests/unit/java/com/android/server/connectivity/VpnTest.java b/tests/unit/java/com/android/server/connectivity/VpnTest.java
index dd9177ee..c599d9d 100644
--- a/tests/unit/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/unit/java/com/android/server/connectivity/VpnTest.java
@@ -72,6 +72,7 @@
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.argThat;
import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.ArgumentMatchers.longThat;
import static org.mockito.Mockito.after;
import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.doAnswer;
@@ -279,12 +280,11 @@
private static final String TEST_IFACE_NAME = "TEST_IFACE";
private static final int TEST_TUNNEL_RESOURCE_ID = 0x2345;
private static final long TEST_TIMEOUT_MS = 500L;
+ private static final long TIMEOUT_CROSSTHREAD_MS = 20_000L;
private static final String PRIMARY_USER_APP_EXCLUDE_KEY =
"VPNAPPEXCLUDED_27_com.testvpn.vpn";
static final String PKGS_BYTES = getPackageByteString(List.of(PKGS));
private static final Range<Integer> PRIMARY_USER_RANGE = uidRangeForUser(PRIMARY_USER.id);
- // Same as IkeSessionParams#IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT
- private static final int IKE_NATT_KEEPALIVE_DELAY_SEC_DEFAULT = 10;
private static final int TEST_KEEPALIVE_TIMER = 800;
private static final int TEST_SUB_ID = 1234;
private static final String TEST_MCCMNC = "12345";
@@ -308,14 +308,51 @@
@Mock private SubscriptionManager mSubscriptionManager;
@Mock private IpSecService mIpSecService;
@Mock private VpnProfileStore mVpnProfileStore;
- @Mock private ScheduledThreadPoolExecutor mExecutor;
- @Mock private ScheduledFuture mScheduledFuture;
+ private final TestExecutor mExecutor;
@Mock DeviceIdleInternal mDeviceIdleInternal;
private final VpnProfile mVpnProfile;
private IpSecManager mIpSecManager;
private TestDeps mTestDeps;
+ public static class TestExecutor extends ScheduledThreadPoolExecutor {
+ public static final long REAL_DELAY = -1;
+
+ // For the purposes of the test, run all scheduled tasks after 10ms to save
+ // execution time, unless overridden by the specific test. Set to REAL_DELAY
+ // to actually wait for the delay specified by the real call to schedule().
+ public long delayMs = 10;
+ // If this is true, execute() will call the runnable inline. This is useful because
+ // super.execute() calls schedule(), which messes with checks that scheduled() is
+ // called a given number of times.
+ public boolean executeDirect = false;
+
+ public TestExecutor() {
+ super(1);
+ }
+
+ @Override
+ public void execute(final Runnable command) {
+ // See |executeDirect| for why this is necessary.
+ if (executeDirect) {
+ command.run();
+ } else {
+ super.execute(command);
+ }
+ }
+
+ @Override
+ public ScheduledFuture<?> schedule(final Runnable command, final long delay,
+ TimeUnit unit) {
+ if (0 == delay || delayMs == REAL_DELAY) {
+ // super.execute() calls schedule() with 0, so use the real delay if it's 0.
+ return super.schedule(command, delay, unit);
+ } else {
+ return super.schedule(command, delayMs, TimeUnit.MILLISECONDS);
+ }
+ }
+ }
+
public VpnTest() throws Exception {
// Build an actual VPN profile that is capable of being converted to and from an
// Ikev2VpnProfile
@@ -323,6 +360,7 @@
new Ikev2VpnProfile.Builder(TEST_VPN_SERVER, TEST_VPN_IDENTITY);
builder.setAuthPsk(TEST_VPN_PSK);
builder.setBypassable(true /* isBypassable */);
+ mExecutor = spy(new TestExecutor());
mVpnProfile = builder.build().toVpnProfile();
}
@@ -388,7 +426,6 @@
// Set up mIkev2SessionCreator and mExecutor
resetIkev2SessionCreator(mIkeSessionWrapper);
- resetExecutor(mScheduledFuture);
}
private void resetIkev2SessionCreator(Vpn.IkeSessionWrapper ikeSession) {
@@ -397,18 +434,6 @@
.thenReturn(ikeSession);
}
- private void resetExecutor(ScheduledFuture scheduledFuture) {
- doAnswer(
- (invocation) -> {
- ((Runnable) invocation.getArgument(0)).run();
- return null;
- })
- .when(mExecutor)
- .execute(any());
- when(mExecutor.schedule(
- any(Runnable.class), anyLong(), any())).thenReturn(mScheduledFuture);
- }
-
@After
public void tearDown() throws Exception {
doReturn(PERMISSION_DENIED).when(mContext).checkCallingOrSelfPermission(any());
@@ -524,9 +549,9 @@
}
private void verifyPowerSaveTempWhitelistApp(String packageName) {
- verify(mDeviceIdleInternal).addPowerSaveTempWhitelistApp(anyInt(), eq(packageName),
- anyLong(), anyInt(), eq(false), eq(PowerWhitelistManager.REASON_VPN),
- eq("VpnManager event"));
+ verify(mDeviceIdleInternal, timeout(TEST_TIMEOUT_MS)).addPowerSaveTempWhitelistApp(
+ anyInt(), eq(packageName), anyLong(), anyInt(), eq(false),
+ eq(PowerWhitelistManager.REASON_VPN), eq("VpnManager event"));
}
@Test
@@ -765,7 +790,8 @@
@Test
public void testPrepare_throwSecurityExceptionWhenGivenPackageDoesNotBelongToTheCaller()
throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ mTestDeps.mIgnoreCallingUidChecks = false;
+ final Vpn vpn = createVpn();
assertThrows(SecurityException.class,
() -> vpn.prepare("com.not.vpn.owner", null, VpnManager.TYPE_VPN_SERVICE));
assertThrows(SecurityException.class,
@@ -777,7 +803,7 @@
@Test
public void testPrepare_bothOldPackageAndNewPackageAreNull() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
assertTrue(vpn.prepare(null, null, VpnManager.TYPE_VPN_SERVICE));
}
@@ -860,17 +886,14 @@
assertEquals(expected, vpn.getProfileNameForPackage(TEST_VPN_PKG));
}
- private Vpn createVpnAndSetupUidChecks(String... grantedOps) throws Exception {
- return createVpnAndSetupUidChecks(PRIMARY_USER, grantedOps);
+ private Vpn createVpn(String... grantedOps) throws Exception {
+ return createVpn(PRIMARY_USER, grantedOps);
}
- private Vpn createVpnAndSetupUidChecks(UserInfo user, String... grantedOps) throws Exception {
+ private Vpn createVpn(UserInfo user, String... grantedOps) throws Exception {
final Vpn vpn = createVpn(user.id);
setMockedUsers(user);
- when(mPackageManager.getPackageUidAsUser(eq(TEST_VPN_PKG), anyInt()))
- .thenReturn(Process.myUid());
-
for (final String opStr : grantedOps) {
when(mAppOps.noteOpNoThrow(opStr, Process.myUid(), TEST_VPN_PKG,
null /* attributionTag */, null /* message */))
@@ -899,7 +922,7 @@
public void testProvisionVpnProfileNoIpsecTunnels() throws Exception {
when(mPackageManager.hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS))
.thenReturn(false);
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
try {
checkProvisionVpnProfile(
@@ -910,7 +933,7 @@
}
private Vpn prepareVpnForVerifyAppExclusionList() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
when(mVpnProfileStore.get(PRIMARY_USER_APP_EXCLUDE_KEY))
@@ -1026,7 +1049,7 @@
@Test
public void testProvisionVpnProfilePreconsented() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
checkProvisionVpnProfile(
vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
@@ -1034,7 +1057,7 @@
@Test
public void testProvisionVpnProfileNotPreconsented() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
// Expect that both the ACTIVATE_VPN and ACTIVATE_PLATFORM_VPN were tried, but the caller
// had neither.
@@ -1044,14 +1067,14 @@
@Test
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_VPN);
checkProvisionVpnProfile(vpn, true /* expectedResult */, AppOpsManager.OPSTR_ACTIVATE_VPN);
}
@Test
public void testProvisionVpnProfileTooLarge() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
final VpnProfile bigProfile = new VpnProfile("");
bigProfile.name = new String(new byte[Vpn.MAX_VPN_PROFILE_SIZE_BYTES + 1]);
@@ -1066,7 +1089,7 @@
@Test
public void testProvisionVpnProfileRestrictedUser() throws Exception {
final Vpn vpn =
- createVpnAndSetupUidChecks(
+ createVpn(
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
try {
@@ -1078,7 +1101,7 @@
@Test
public void testDeleteVpnProfile() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
vpn.deleteVpnProfile(TEST_VPN_PKG);
@@ -1089,7 +1112,7 @@
@Test
public void testDeleteVpnProfileRestrictedUser() throws Exception {
final Vpn vpn =
- createVpnAndSetupUidChecks(
+ createVpn(
RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
try {
@@ -1101,7 +1124,7 @@
@Test
public void testGetVpnProfilePrivileged() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(new VpnProfile("").encode());
@@ -1120,7 +1143,7 @@
eq(null) /* message */);
verify(mAppOps).startOp(
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(packageName),
eq(null) /* attributionTag */,
eq(null) /* message */);
@@ -1130,14 +1153,14 @@
// Add a small delay to double confirm that finishOp is only called once.
verify(mAppOps, after(100)).finishOp(
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(packageName),
eq(null) /* attributionTag */);
}
@Test
public void testStartVpnProfile() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
@@ -1150,7 +1173,7 @@
@Test
public void testStartVpnProfileVpnServicePreconsented() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
@@ -1164,7 +1187,7 @@
@Test
public void testStartVpnProfileNotConsented() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
try {
vpn.startVpnProfile(TEST_VPN_PKG);
@@ -1189,7 +1212,7 @@
@Test
public void testStartVpnProfileMissingProfile() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG))).thenReturn(null);
@@ -1211,9 +1234,7 @@
@Test
public void testStartVpnProfileRestrictedUser() throws Exception {
- final Vpn vpn =
- createVpnAndSetupUidChecks(
- RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
try {
vpn.startVpnProfile(TEST_VPN_PKG);
@@ -1224,9 +1245,7 @@
@Test
public void testStopVpnProfileRestrictedUser() throws Exception {
- final Vpn vpn =
- createVpnAndSetupUidChecks(
- RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(RESTRICTED_PROFILE_A, AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
try {
vpn.stopVpnProfile(TEST_VPN_PKG);
@@ -1237,7 +1256,7 @@
@Test
public void testStartOpAndFinishOpWillBeCalledWhenPlatformVpnIsOnAndOff() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
vpn.startVpnProfile(TEST_VPN_PKG);
@@ -1245,14 +1264,14 @@
// Add a small delay to make sure that startOp is only called once.
verify(mAppOps, after(100).times(1)).startOp(
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_MANAGER),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(TEST_VPN_PKG),
eq(null) /* attributionTag */,
eq(null) /* message */);
// Check that the startOp is not called with OPSTR_ESTABLISH_VPN_SERVICE.
verify(mAppOps, never()).startOp(
eq(AppOpsManager.OPSTR_ESTABLISH_VPN_SERVICE),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(TEST_VPN_PKG),
eq(null) /* attributionTag */,
eq(null) /* message */);
@@ -1262,7 +1281,9 @@
@Test
public void testStartOpWithSeamlessHandover() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
+ // Create with SYSTEM_USER so that establish() will match the user ID when checking
+ // against Binder.getCallerUid
+ final Vpn vpn = createVpn(SYSTEM_USER, AppOpsManager.OPSTR_ACTIVATE_VPN);
assertTrue(vpn.prepare(TEST_VPN_PKG, null, VpnManager.TYPE_VPN_SERVICE));
final VpnConfig config = new VpnConfig();
config.user = "VpnTest";
@@ -1293,12 +1314,12 @@
}
private void verifyVpnManagerEvent(String sessionKey, String category, int errorClass,
- int errorCode, String[] packageName, VpnProfileState... profileState) {
+ int errorCode, String[] packageName, @NonNull VpnProfileState... profileState) {
final Context userContext =
mContext.createContextAsUser(UserHandle.of(PRIMARY_USER.id), 0 /* flags */);
final ArgumentCaptor<Intent> intentArgumentCaptor = ArgumentCaptor.forClass(Intent.class);
- final int verifyTimes = (profileState == null) ? 1 : profileState.length;
+ final int verifyTimes = profileState.length;
verify(userContext, times(verifyTimes)).startService(intentArgumentCaptor.capture());
for (int i = 0; i < verifyTimes; i++) {
@@ -1329,10 +1350,8 @@
VpnManager.EXTRA_UNDERLYING_LINK_PROPERTIES));
}
- if (profileState != null) {
- assertEquals(profileState[i], intent.getParcelableExtra(
- VpnManager.EXTRA_VPN_PROFILE_STATE, VpnProfileState.class));
- }
+ assertEquals(profileState[i], intent.getParcelableExtra(
+ VpnManager.EXTRA_VPN_PROFILE_STATE, VpnProfileState.class));
}
reset(userContext);
}
@@ -1341,7 +1360,11 @@
// CATEGORY_EVENT_DEACTIVATED_BY_USER is not an error event, so both of errorClass and
// errorCode won't be set.
verifyVpnManagerEvent(sessionKey, VpnManager.CATEGORY_EVENT_DEACTIVATED_BY_USER,
- -1 /* errorClass */, -1 /* errorCode */, packageName, null /* profileState */);
+ -1 /* errorClass */, -1 /* errorCode */, packageName,
+ // VPN NetworkAgnet does not switch to CONNECTED in the test, and the state is not
+ // important here. Verify that the state as it is, i.e. CONNECTING state.
+ new VpnProfileState(VpnProfileState.STATE_CONNECTING,
+ sessionKey, false /* alwaysOn */, false /* lockdown */));
}
private void verifyAlwaysOnStateChanged(String[] packageName, VpnProfileState... profileState) {
@@ -1358,7 +1381,7 @@
// this is checked with CONTROL_VPN so simulate holding CONTROL_VPN in order to pass the
// security checks.
doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
@@ -1450,7 +1473,7 @@
@Test
public void testReconnectVpnManagerVpnWithAlwaysOnEnabled() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
vpn.startVpnProfile(TEST_VPN_PKG);
@@ -1474,46 +1497,73 @@
}
@Test
+ public void testLockdown_enableDisableWhileConnected() throws Exception {
+ final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
+ createIkeConfig(createIkeConnectInfo(), true /* isMobikeEnabled */));
+
+ final InOrder order = inOrder(mTestDeps);
+ order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
+ .newNetworkAgent(any(), any(), any(), any(), any(), any(),
+ argThat(config -> config.allowBypass), any(), any());
+
+ // Make VPN lockdown.
+ assertTrue(vpnSnapShot.vpn.setAlwaysOnPackage(TEST_VPN_PKG, true /* lockdown */,
+ null /* lockdownAllowlist */));
+
+ order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
+ .newNetworkAgent(any(), any(), any(), any(), any(), any(),
+ argThat(config -> !config.allowBypass), any(), any());
+
+ // Disable lockdown.
+ assertTrue(vpnSnapShot.vpn.setAlwaysOnPackage(TEST_VPN_PKG, false /* lockdown */,
+ null /* lockdownAllowlist */));
+
+ order.verify(mTestDeps, timeout(TIMEOUT_CROSSTHREAD_MS))
+ .newNetworkAgent(any(), any(), any(), any(), any(), any(),
+ argThat(config -> config.allowBypass), any(), any());
+ }
+
+ @Test
public void testSetPackageAuthorizationVpnService() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_SERVICE));
verify(mAppOps)
.setMode(
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(TEST_VPN_PKG),
eq(AppOpsManager.MODE_ALLOWED));
}
@Test
public void testSetPackageAuthorizationPlatformVpn() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, TYPE_VPN_PLATFORM));
verify(mAppOps)
.setMode(
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(TEST_VPN_PKG),
eq(AppOpsManager.MODE_ALLOWED));
}
@Test
public void testSetPackageAuthorizationRevokeAuthorization() throws Exception {
- final Vpn vpn = createVpnAndSetupUidChecks();
+ final Vpn vpn = createVpn();
assertTrue(vpn.setPackageAuthorization(TEST_VPN_PKG, VpnManager.TYPE_VPN_NONE));
verify(mAppOps)
.setMode(
eq(AppOpsManager.OPSTR_ACTIVATE_VPN),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(TEST_VPN_PKG),
eq(AppOpsManager.MODE_IGNORED));
verify(mAppOps)
.setMode(
eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
- eq(Process.myUid()),
+ eq(UserHandle.getUid(PRIMARY_USER.id, Process.myUid())),
eq(TEST_VPN_PKG),
eq(AppOpsManager.MODE_IGNORED));
}
@@ -1551,7 +1601,7 @@
final ArgumentCaptor<IkeSessionCallback> captor =
ArgumentCaptor.forClass(IkeSessionCallback.class);
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(mVpnProfile.encode());
@@ -1574,10 +1624,7 @@
// same process with the real case.
if (errorCode == VpnManager.ERROR_CODE_NETWORK_LOST) {
cb.onLost(TEST_NETWORK);
- final ArgumentCaptor<Runnable> runnableCaptor =
- ArgumentCaptor.forClass(Runnable.class);
- verify(mExecutor).schedule(runnableCaptor.capture(), anyLong(), any());
- runnableCaptor.getValue().run();
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), anyLong(), any());
} else {
final IkeSessionCallback ikeCb = captor.getValue();
ikeCb.onClosedWithException(exception);
@@ -1586,7 +1633,10 @@
verifyPowerSaveTempWhitelistApp(TEST_VPN_PKG);
reset(mDeviceIdleInternal);
verifyVpnManagerEvent(sessionKey, category, errorType, errorCode,
- new String[] {TEST_VPN_PKG}, null /* profileState */);
+ // VPN NetworkAgnet does not switch to CONNECTED in the test, and the state is not
+ // important here. Verify that the state as it is, i.e. CONNECTING state.
+ new String[] {TEST_VPN_PKG}, new VpnProfileState(VpnProfileState.STATE_CONNECTING,
+ sessionKey, false /* alwaysOn */, false /* lockdown */));
if (errorType == VpnManager.ERROR_CLASS_NOT_RECOVERABLE) {
verify(mConnectivityManager, timeout(TEST_TIMEOUT_MS))
.unregisterNetworkCallback(eq(cb));
@@ -1602,25 +1652,23 @@
}
private IkeSessionCallback verifyRetryAndGetNewIkeCb(int retryIndex) {
- final ArgumentCaptor<Runnable> runnableCaptor =
- ArgumentCaptor.forClass(Runnable.class);
final ArgumentCaptor<IkeSessionCallback> ikeCbCaptor =
ArgumentCaptor.forClass(IkeSessionCallback.class);
// Verify retry is scheduled
- final long expectedDelay = mTestDeps.getNextRetryDelaySeconds(retryIndex);
- verify(mExecutor).schedule(runnableCaptor.capture(), eq(expectedDelay), any());
+ final long expectedDelayMs = mTestDeps.getNextRetryDelayMs(retryIndex);
+ final ArgumentCaptor<Long> delayCaptor = ArgumentCaptor.forClass(Long.class);
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), delayCaptor.capture(),
+ eq(TimeUnit.MILLISECONDS));
+ final List<Long> delays = delayCaptor.getAllValues();
+ assertEquals(expectedDelayMs, (long) delays.get(delays.size() - 1));
- // Mock the event of firing the retry task
- runnableCaptor.getValue().run();
-
- verify(mIkev2SessionCreator)
+ verify(mIkev2SessionCreator, timeout(TEST_TIMEOUT_MS + expectedDelayMs))
.createIkeSession(any(), any(), any(), any(), ikeCbCaptor.capture(), any());
// Forget the mIkev2SessionCreator#createIkeSession call and mExecutor#schedule call
// for the next retry verification
resetIkev2SessionCreator(mIkeSessionWrapper);
- resetExecutor(mScheduledFuture);
return ikeCbCaptor.getValue();
}
@@ -1878,12 +1926,14 @@
any(), any(), anyString(), any(), any(), any(), any(), any(), any());
doReturn(TEST_NETWORK).when(mMockNetworkAgent).getNetwork();
- final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ final Vpn vpn = createVpn(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
.thenReturn(vpnProfile.encode());
vpn.startVpnProfile(TEST_VPN_PKG);
final NetworkCallback nwCb = triggerOnAvailableAndGetCallback();
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), anyLong(), any());
+ reset(mExecutor);
// Mock the setup procedure by firing callbacks
final Pair<IkeSessionCallback, ChildSessionCallback> cbPair =
@@ -2088,12 +2138,78 @@
vpnSnapShot.nwCb.onCapabilitiesChanged(
TEST_NETWORK_2, new NetworkCapabilities.Builder().build());
// Verify MOBIKE is triggered
- verify(mIkeSessionWrapper).setNetwork(TEST_NETWORK_2,
+ verify(mIkeSessionWrapper, timeout(TEST_TIMEOUT_MS)).setNetwork(TEST_NETWORK_2,
expectedIpVersion, expectedEncapType, expectedKeepalive);
vpnSnapShot.vpn.mVpnRunner.exitVpnRunner();
}
+ @Test
+ public void testLinkPropertiesUpdateTriggerReevaluation() throws Exception {
+ final boolean hasV6 = true;
+
+ mockCarrierConfig(TEST_SUB_ID, TelephonyManager.SIM_STATE_LOADED, TEST_KEEPALIVE_TIMER,
+ PREFERRED_IKE_PROTOCOL_IPV6_ESP);
+ final IkeSessionParams params = getTestIkeSessionParams(hasV6,
+ new IkeFqdnIdentification(TEST_IDENTITY), TEST_KEEPALIVE_TIMER);
+ final IkeTunnelConnectionParams tunnelParams =
+ new IkeTunnelConnectionParams(params, CHILD_PARAMS);
+ final Ikev2VpnProfile ikeProfile = new Ikev2VpnProfile.Builder(tunnelParams)
+ .setBypassable(true)
+ .setAutomaticNattKeepaliveTimerEnabled(false)
+ .setAutomaticIpVersionSelectionEnabled(true)
+ .build();
+ final PlatformVpnSnapshot vpnSnapShot =
+ verifySetupPlatformVpn(ikeProfile.toVpnProfile(),
+ createIkeConfig(createIkeConnectInfo(), true /* isMobikeEnabled */),
+ hasV6 /* mtuSupportsIpv6 */,
+ false /* areLongLivedTcpConnectionsExpensive */);
+ reset(mExecutor);
+
+ // Simulate a new network coming up
+ final LinkProperties lp = new LinkProperties();
+ lp.addLinkAddress(new LinkAddress("192.0.2.2/32"));
+
+ // Have the executor use the real delay to make sure schedule() was called only
+ // once for all calls. Also, arrange for execute() not to call schedule() to avoid
+ // messing with the checks for schedule().
+ mExecutor.delayMs = TestExecutor.REAL_DELAY;
+ mExecutor.executeDirect = true;
+ vpnSnapShot.nwCb.onAvailable(TEST_NETWORK_2);
+ vpnSnapShot.nwCb.onCapabilitiesChanged(
+ TEST_NETWORK_2, new NetworkCapabilities.Builder().build());
+ vpnSnapShot.nwCb.onLinkPropertiesChanged(TEST_NETWORK_2, new LinkProperties(lp));
+ verify(mExecutor).schedule(any(Runnable.class), longThat(it -> it > 0), any());
+ reset(mExecutor);
+
+ final InOrder order = inOrder(mIkeSessionWrapper);
+
+ // Verify the network is started
+ order.verify(mIkeSessionWrapper, timeout(TIMEOUT_CROSSTHREAD_MS)).setNetwork(TEST_NETWORK_2,
+ ESP_IP_VERSION_AUTO, ESP_ENCAP_TYPE_AUTO, TEST_KEEPALIVE_TIMER);
+
+ // Send the same properties, check that no migration is scheduled
+ vpnSnapShot.nwCb.onLinkPropertiesChanged(TEST_NETWORK_2, new LinkProperties(lp));
+ verify(mExecutor, never()).schedule(any(Runnable.class), anyLong(), any());
+
+ // Add v6 address, verify MOBIKE is triggered
+ lp.addLinkAddress(new LinkAddress("2001:db8::1/64"));
+ vpnSnapShot.nwCb.onLinkPropertiesChanged(TEST_NETWORK_2, new LinkProperties(lp));
+ order.verify(mIkeSessionWrapper, timeout(TIMEOUT_CROSSTHREAD_MS)).setNetwork(TEST_NETWORK_2,
+ ESP_IP_VERSION_AUTO, ESP_ENCAP_TYPE_AUTO, TEST_KEEPALIVE_TIMER);
+
+ // Add another v4 address, verify MOBIKE is triggered
+ final LinkProperties stacked = new LinkProperties();
+ stacked.setInterfaceName("v4-" + lp.getInterfaceName());
+ stacked.addLinkAddress(new LinkAddress("192.168.0.1/32"));
+ lp.addStackedLink(stacked);
+ vpnSnapShot.nwCb.onLinkPropertiesChanged(TEST_NETWORK_2, new LinkProperties(lp));
+ order.verify(mIkeSessionWrapper, timeout(TIMEOUT_CROSSTHREAD_MS)).setNetwork(TEST_NETWORK_2,
+ ESP_IP_VERSION_AUTO, ESP_ENCAP_TYPE_AUTO, TEST_KEEPALIVE_TIMER);
+
+ vpnSnapShot.vpn.mVpnRunner.exitVpnRunner();
+ }
+
private void mockCarrierConfig(int subId, int simStatus, int keepaliveTimer, int ikeProtocol) {
final SubscriptionInfo subscriptionInfo = mock(SubscriptionInfo.class);
doReturn(subId).when(subscriptionInfo).getSubscriptionId();
@@ -2247,7 +2363,7 @@
reset(mIkeSessionWrapper);
mockCarrierConfig(TEST_SUB_ID, simState, TEST_KEEPALIVE_TIMER, preferredIpProto);
vpnSnapShot.nwCb.onCapabilitiesChanged(TEST_NETWORK_2, nc);
- verify(mIkeSessionWrapper).setNetwork(TEST_NETWORK_2,
+ verify(mIkeSessionWrapper, timeout(TEST_TIMEOUT_MS)).setNetwork(TEST_NETWORK_2,
expectedIpVersion, expectedEncapType, expectedKeepaliveTimer);
if (expectedReadFromCarrierConfig) {
final ArgumentCaptor<NetworkCapabilities> ncCaptor =
@@ -2296,17 +2412,16 @@
// Mock network loss and verify a cleanup task is scheduled
vpnSnapShot.nwCb.onLost(TEST_NETWORK);
- verify(mExecutor).schedule(any(Runnable.class), anyLong(), any());
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), anyLong(), any());
// Mock new network comes up and the cleanup task is cancelled
vpnSnapShot.nwCb.onAvailable(TEST_NETWORK_2);
- verify(mScheduledFuture).cancel(anyBoolean());
verify(mIkeSessionWrapper, never()).setNetwork(any(), anyInt(), anyInt(), anyInt());
vpnSnapShot.nwCb.onCapabilitiesChanged(TEST_NETWORK_2,
new NetworkCapabilities.Builder().build());
// Verify MOBIKE is triggered
- verify(mIkeSessionWrapper).setNetwork(eq(TEST_NETWORK_2),
+ verify(mIkeSessionWrapper, timeout(TEST_TIMEOUT_MS)).setNetwork(eq(TEST_NETWORK_2),
eq(ESP_IP_VERSION_AUTO) /* ipVersion */,
eq(ESP_ENCAP_TYPE_AUTO) /* encapType */,
eq(DEFAULT_UDP_PORT_4500_NAT_TIMEOUT_SEC_INT) /* keepaliveDelay */);
@@ -2405,7 +2520,7 @@
vpnSnapShot.nwCb.onCapabilitiesChanged(
TEST_NETWORK_2, new NetworkCapabilities.Builder().build());
// Verify the old IKE Session is killed
- verify(mIkeSessionWrapper).kill();
+ verify(mIkeSessionWrapper, timeout(TEST_TIMEOUT_MS)).kill();
// Capture callbacks of the new IKE Session
final Pair<IkeSessionCallback, ChildSessionCallback> cbPair =
@@ -2437,19 +2552,16 @@
// Forget the #sendLinkProperties during first setup.
reset(mMockNetworkAgent);
- final ArgumentCaptor<Runnable> runnableCaptor =
- ArgumentCaptor.forClass(Runnable.class);
-
// Mock network loss
vpnSnapShot.nwCb.onLost(TEST_NETWORK);
// Mock the grace period expires
- verify(mExecutor).schedule(runnableCaptor.capture(), anyLong(), any());
- runnableCaptor.getValue().run();
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), anyLong(), any());
final ArgumentCaptor<LinkProperties> lpCaptor =
ArgumentCaptor.forClass(LinkProperties.class);
- verify(mMockNetworkAgent).doSendLinkProperties(lpCaptor.capture());
+ verify(mMockNetworkAgent, timeout(TEST_TIMEOUT_MS))
+ .doSendLinkProperties(lpCaptor.capture());
final LinkProperties lp = lpCaptor.getValue();
assertNull(lp.getInterfaceName());
@@ -2547,9 +2659,7 @@
// variables(timer counter and boolean) was reset.
((Vpn.IkeV2VpnRunner) vpnSnapShot.vpn.mVpnRunner).onValidationStatus(
NetworkAgent.VALIDATION_STATUS_NOT_VALID);
- final ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
- verify(mExecutor).schedule(runnableCaptor.capture(), anyLong(), any());
- runnableCaptor.getValue().run();
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), anyLong(), any());
verify(mIkev2SessionCreator, never()).createIkeSession(
any(), any(), any(), any(), any(), any());
}
@@ -2575,17 +2685,16 @@
NetworkAgent.VALIDATION_STATUS_NOT_VALID);
// Verify reset is scheduled and run.
- final ArgumentCaptor<Runnable> runnableCaptor = ArgumentCaptor.forClass(Runnable.class);
- verify(mExecutor).schedule(runnableCaptor.capture(), anyLong(), any());
+ verify(mExecutor, atLeastOnce()).schedule(any(Runnable.class), anyLong(), any());
// Another invalid status reported should not trigger other scheduled recovery.
reset(mExecutor);
((Vpn.IkeV2VpnRunner) vpnSnapShot.vpn.mVpnRunner).onValidationStatus(
NetworkAgent.VALIDATION_STATUS_NOT_VALID);
- verify(mExecutor, never()).schedule(runnableCaptor.capture(), anyLong(), any());
+ verify(mExecutor, never()).schedule(any(Runnable.class), anyLong(), any());
- runnableCaptor.getValue().run();
- verify(mIkev2SessionCreator).createIkeSession(any(), any(), any(), any(), any(), any());
+ verify(mIkev2SessionCreator, timeout(TEST_TIMEOUT_MS))
+ .createIkeSession(any(), any(), any(), any(), any(), any());
}
@Test
@@ -2857,15 +2966,23 @@
}
@Override
- public long getNextRetryDelaySeconds(int retryCount) {
+ public long getNextRetryDelayMs(int retryCount) {
// Simply return retryCount as the delay seconds for retrying.
- return retryCount;
+ return retryCount * 1000;
}
@Override
public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
return mExecutor;
}
+
+ public boolean mIgnoreCallingUidChecks = true;
+ @Override
+ public void verifyCallingUidAndPackage(Context context, String packageName, int userId) {
+ if (!mIgnoreCallingUidChecks) {
+ super.verifyCallingUidAndPackage(context, packageName, userId);
+ }
+ }
}
/**
diff --git a/tests/unit/java/com/android/server/connectivity/mdns/MdnsServiceTypeClientTests.java b/tests/unit/java/com/android/server/connectivity/mdns/MdnsServiceTypeClientTests.java
index 5d58f5d..746994f 100644
--- a/tests/unit/java/com/android/server/connectivity/mdns/MdnsServiceTypeClientTests.java
+++ b/tests/unit/java/com/android/server/connectivity/mdns/MdnsServiceTypeClientTests.java
@@ -992,6 +992,71 @@
mockNetwork);
}
+ @Test
+ public void testProcessResponse_ResolveExcludesOtherServices() {
+ client = new MdnsServiceTypeClient(
+ SERVICE_TYPE, mockSocketClient, currentThreadExecutor, mockNetwork);
+
+ final String requestedInstance = "instance1";
+ final String otherInstance = "instance2";
+ final String ipV4Address = "192.0.2.0";
+ final String ipV6Address = "2001:db8::";
+
+ final MdnsSearchOptions resolveOptions = MdnsSearchOptions.newBuilder()
+ // Use different case in the options
+ .setResolveInstanceName("Instance1").build();
+
+ client.startSendAndReceive(mockListenerOne, resolveOptions);
+ client.startSendAndReceive(mockListenerTwo, MdnsSearchOptions.getDefaultOptions());
+
+ // Complete response from instanceName
+ client.processResponse(createResponse(
+ requestedInstance, ipV4Address, 5353, SERVICE_TYPE_LABELS,
+ Collections.emptyMap() /* textAttributes */, TEST_TTL),
+ INTERFACE_INDEX, mockNetwork);
+
+ // Complete response from otherInstanceName
+ client.processResponse(createResponse(
+ otherInstance, ipV4Address, 5353, SERVICE_TYPE_LABELS,
+ Collections.emptyMap() /* textAttributes */, TEST_TTL),
+ INTERFACE_INDEX, mockNetwork);
+
+ // Address update from otherInstanceName
+ client.processResponse(createResponse(
+ otherInstance, ipV6Address, 5353, SERVICE_TYPE_LABELS,
+ Collections.emptyMap(), TEST_TTL), INTERFACE_INDEX, mockNetwork);
+
+ // Goodbye from otherInstanceName
+ client.processResponse(createResponse(
+ otherInstance, ipV6Address, 5353, SERVICE_TYPE_LABELS,
+ Collections.emptyMap(), 0L /* ttl */), INTERFACE_INDEX, mockNetwork);
+
+ // mockListenerOne gets notified for the requested instance
+ verify(mockListenerOne).onServiceNameDiscovered(matchServiceName(requestedInstance));
+ verify(mockListenerOne).onServiceFound(matchServiceName(requestedInstance));
+
+ // ...but does not get any callback for the other instance
+ verify(mockListenerOne, never()).onServiceFound(matchServiceName(otherInstance));
+ verify(mockListenerOne, never()).onServiceNameDiscovered(matchServiceName(otherInstance));
+ verify(mockListenerOne, never()).onServiceUpdated(matchServiceName(otherInstance));
+ verify(mockListenerOne, never()).onServiceRemoved(matchServiceName(otherInstance));
+
+ // mockListenerTwo gets notified for both though
+ final InOrder inOrder = inOrder(mockListenerTwo);
+ inOrder.verify(mockListenerTwo).onServiceNameDiscovered(
+ matchServiceName(requestedInstance));
+ inOrder.verify(mockListenerTwo).onServiceFound(matchServiceName(requestedInstance));
+
+ inOrder.verify(mockListenerTwo).onServiceNameDiscovered(matchServiceName(otherInstance));
+ inOrder.verify(mockListenerTwo).onServiceFound(matchServiceName(otherInstance));
+ inOrder.verify(mockListenerTwo).onServiceUpdated(matchServiceName(otherInstance));
+ inOrder.verify(mockListenerTwo).onServiceRemoved(matchServiceName(otherInstance));
+ }
+
+ private static MdnsServiceInfo matchServiceName(String name) {
+ return argThat(info -> info.getServiceInstanceName().equals(name));
+ }
+
// verifies that the right query was enqueued with the right delay, and send query by executing
// the runnable.
private void verifyAndSendQuery(int index, long timeInMs, boolean expectsUnicastResponse) {
diff --git a/tests/unit/java/com/android/server/connectivity/mdns/MdnsSocketProviderTest.java b/tests/unit/java/com/android/server/connectivity/mdns/MdnsSocketProviderTest.java
index d9420b8..2d73c98 100644
--- a/tests/unit/java/com/android/server/connectivity/mdns/MdnsSocketProviderTest.java
+++ b/tests/unit/java/com/android/server/connectivity/mdns/MdnsSocketProviderTest.java
@@ -21,6 +21,8 @@
import static android.net.NetworkCapabilities.TRANSPORT_VPN;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+import static com.android.net.module.util.netlink.StructNlMsgHdr.NLM_F_ACK;
+import static com.android.net.module.util.netlink.StructNlMsgHdr.NLM_F_REQUEST;
import static com.android.testutils.ContextUtils.mockService;
import static org.junit.Assert.assertEquals;
@@ -30,6 +32,7 @@
import static org.mockito.ArgumentMatchers.anyInt;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.any;
+import static org.mockito.Mockito.doAnswer;
import static org.mockito.Mockito.doCallRealMethod;
import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.mock;
@@ -49,9 +52,19 @@
import android.os.Build;
import android.os.Handler;
import android.os.HandlerThread;
+import android.system.OsConstants;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
import com.android.net.module.util.ArrayTrackRecord;
+import com.android.net.module.util.SharedLog;
+import com.android.net.module.util.netlink.NetlinkConstants;
+import com.android.net.module.util.netlink.RtNetlinkAddressMessage;
+import com.android.net.module.util.netlink.StructIfaddrMsg;
+import com.android.net.module.util.netlink.StructNlMsgHdr;
import com.android.server.connectivity.mdns.MdnsSocketProvider.Dependencies;
+import com.android.server.connectivity.mdns.internal.SocketNetlinkMonitor;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRunner;
import com.android.testutils.HandlerUtils;
@@ -64,20 +77,28 @@
import org.mockito.MockitoAnnotations;
import java.io.IOException;
+import java.net.Inet6Address;
+import java.net.InetAddress;
import java.util.Collections;
import java.util.List;
@RunWith(DevSdkIgnoreRunner.class)
@DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.S_V2)
public class MdnsSocketProviderTest {
+ private static final String TAG = MdnsSocketProviderTest.class.getSimpleName();
private static final String TEST_IFACE_NAME = "test";
private static final String LOCAL_ONLY_IFACE_NAME = "local_only";
private static final String TETHERED_IFACE_NAME = "tethered";
+ private static final int TETHERED_IFACE_IDX = 32;
private static final long DEFAULT_TIMEOUT = 2000L;
private static final long NO_CALLBACK_TIMEOUT = 200L;
private static final LinkAddress LINKADDRV4 = new LinkAddress("192.0.2.0/24");
private static final LinkAddress LINKADDRV6 =
new LinkAddress("2001:0db8:85a3:0000:0000:8a2e:0370:7334/64");
+
+ private static final LinkAddress LINKADDRV6_FLAG_CHANGE =
+ new LinkAddress("2001:0db8:85a3:0000:0000:8a2e:0370:7334/64", 1 /* flags */,
+ 0 /* scope */);
private static final Network TEST_NETWORK = new Network(123);
@Mock private Context mContext;
@Mock private Dependencies mDeps;
@@ -91,6 +112,7 @@
private NetworkCallback mNetworkCallback;
private TetheringEventCallback mTetheringEventCallback;
+ private TestNetLinkMonitor mTestSocketNetLinkMonitor;
@Before
public void setUp() throws IOException {
MockitoAnnotations.initMocks(this);
@@ -116,9 +138,21 @@
doReturn(mTetheredIfaceWrapper).when(mDeps).getNetworkInterfaceByName(TETHERED_IFACE_NAME);
doReturn(mock(MdnsInterfaceSocket.class))
.when(mDeps).createMdnsInterfaceSocket(any(), anyInt(), any(), any());
+ doReturn(TETHERED_IFACE_IDX).when(mDeps).getNetworkInterfaceIndexByName(
+ TETHERED_IFACE_NAME);
final HandlerThread thread = new HandlerThread("MdnsSocketProviderTest");
thread.start();
mHandler = new Handler(thread.getLooper());
+
+ doReturn(mTestSocketNetLinkMonitor).when(mDeps).createSocketNetlinkMonitor(any(), any(),
+ any());
+ doAnswer(inv -> {
+ mTestSocketNetLinkMonitor = new TestNetLinkMonitor(inv.getArgument(0),
+ inv.getArgument(1),
+ inv.getArgument(2));
+ return mTestSocketNetLinkMonitor;
+ }).when(mDeps).createSocketNetlinkMonitor(any(), any(),
+ any());
mSocketProvider = new MdnsSocketProvider(mContext, thread.getLooper(), mDeps);
}
@@ -135,6 +169,23 @@
mNetworkCallback = nwCallbackCaptor.getValue();
mTetheringEventCallback = teCallbackCaptor.getValue();
+
+ mHandler.post(mSocketProvider::startNetLinkMonitor);
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+ }
+
+ private static class TestNetLinkMonitor extends SocketNetlinkMonitor {
+ TestNetLinkMonitor(@NonNull Handler handler,
+ @NonNull SharedLog log,
+ @Nullable MdnsSocketProvider.NetLinkMonitorCallBack cb) {
+ super(handler, log, cb);
+ }
+
+ @Override
+ public void startMonitoring() { }
+
+ @Override
+ public void stopMonitoring() { }
}
private class TestSocketCallback implements MdnsSocketProvider.SocketCallback {
@@ -301,6 +352,87 @@
testCallback3.expectedInterfaceDestroyedForNetwork(null /* network */);
}
+ private RtNetlinkAddressMessage createNetworkAddressUpdateNetLink(
+ short msgType, LinkAddress linkAddress, int ifIndex, int flags) {
+ final StructNlMsgHdr nlmsghdr = new StructNlMsgHdr();
+ nlmsghdr.nlmsg_type = msgType;
+ nlmsghdr.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
+ nlmsghdr.nlmsg_seq = 1;
+
+ InetAddress ip = linkAddress.getAddress();
+
+ final byte family =
+ (byte) ((ip instanceof Inet6Address) ? OsConstants.AF_INET6 : OsConstants.AF_INET);
+ StructIfaddrMsg structIfaddrMsg = new StructIfaddrMsg(family,
+ (short) linkAddress.getPrefixLength(),
+ (short) linkAddress.getFlags(), (short) linkAddress.getScope(), ifIndex);
+
+ return new RtNetlinkAddressMessage(nlmsghdr, structIfaddrMsg, ip,
+ null /* structIfacacheInfo */, flags);
+ }
+
+ @Test
+ public void testDownstreamNetworkAddressUpdateFromNetlink() {
+ startMonitoringSockets();
+ final TestSocketCallback testCallbackAll = new TestSocketCallback();
+ mHandler.post(() -> mSocketProvider.requestSocket(null /* network */, testCallbackAll));
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+
+ // Address add message arrived before the interface is created.
+ RtNetlinkAddressMessage addIpv4AddrMsg = createNetworkAddressUpdateNetLink(
+ NetlinkConstants.RTM_NEWADDR,
+ LINKADDRV4,
+ TETHERED_IFACE_IDX,
+ 0 /* flags */);
+ mHandler.post(
+ () -> mTestSocketNetLinkMonitor.processNetlinkMessage(addIpv4AddrMsg,
+ 0 /* whenMs */));
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+
+ // Interface is created.
+ mHandler.post(() -> mTetheringEventCallback.onTetheredInterfacesChanged(
+ List.of(TETHERED_IFACE_NAME)));
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+ verify(mTetheredIfaceWrapper).getNetworkInterface();
+ testCallbackAll.expectedSocketCreatedForNetwork(null /* network */, List.of(LINKADDRV4));
+
+ // Old Address removed.
+ RtNetlinkAddressMessage removeIpv4AddrMsg = createNetworkAddressUpdateNetLink(
+ NetlinkConstants.RTM_DELADDR,
+ LINKADDRV4,
+ TETHERED_IFACE_IDX,
+ 0 /* flags */);
+ mHandler.post(
+ () -> mTestSocketNetLinkMonitor.processNetlinkMessage(removeIpv4AddrMsg,
+ 0 /* whenMs */));
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+ testCallbackAll.expectedAddressesChangedForNetwork(null /* network */, List.of());
+
+ // New address added.
+ RtNetlinkAddressMessage addIpv6AddrMsg = createNetworkAddressUpdateNetLink(
+ NetlinkConstants.RTM_NEWADDR,
+ LINKADDRV6,
+ TETHERED_IFACE_IDX,
+ 0 /* flags */);
+ mHandler.post(() -> mTestSocketNetLinkMonitor.processNetlinkMessage(addIpv6AddrMsg,
+ 0 /* whenMs */));
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+ testCallbackAll.expectedAddressesChangedForNetwork(null /* network */, List.of(LINKADDRV6));
+
+ // Address updated
+ RtNetlinkAddressMessage updateIpv6AddrMsg = createNetworkAddressUpdateNetLink(
+ NetlinkConstants.RTM_NEWADDR,
+ LINKADDRV6,
+ TETHERED_IFACE_IDX,
+ 1 /* flags */);
+ mHandler.post(
+ () -> mTestSocketNetLinkMonitor.processNetlinkMessage(updateIpv6AddrMsg,
+ 0 /* whenMs */));
+ HandlerUtils.waitForIdle(mHandler, DEFAULT_TIMEOUT);
+ testCallbackAll.expectedAddressesChangedForNetwork(null /* network */,
+ List.of(LINKADDRV6_FLAG_CHANGE));
+ }
+
@Test
public void testAddressesChanged() throws Exception {
startMonitoringSockets();