Merge "Remove the package name from PermissionMonitor dump logs"
diff --git a/Tethering/Android.bp b/Tethering/Android.bp
index 19d0d5f..28edc8a 100644
--- a/Tethering/Android.bp
+++ b/Tethering/Android.bp
@@ -134,7 +134,7 @@
"-Wthread-safety",
],
- ldflags: ["-Wl,--exclude-libs=ALL,-error-limit=0"],
+ ldflags: ["-Wl,--exclude-libs=ALL,--error-limit=0"],
}
// Common defaults for compiling the actual APK.
@@ -231,4 +231,4 @@
cmd: "$(location stats-log-api-gen) --java $(out) --module network_tethering" +
" --javaPackage com.android.networkstack.tethering.metrics --javaClass TetheringStatsLog",
out: ["com/android/networkstack/tethering/metrics/TetheringStatsLog.java"],
-}
\ No newline at end of file
+}
diff --git a/Tethering/apex/Android.bp b/Tethering/apex/Android.bp
index 76c5d5c..b3cae7c 100644
--- a/Tethering/apex/Android.bp
+++ b/Tethering/apex/Android.bp
@@ -134,11 +134,11 @@
hidden_api: {
max_target_r_low_priority: [
"hiddenapi/hiddenapi-max-target-r-loprio.txt",
- ],
+ ],
max_target_o_low_priority: [
"hiddenapi/hiddenapi-max-target-o-low-priority.txt",
"hiddenapi/hiddenapi-max-target-o-low-priority-tiramisu.txt",
- ],
+ ],
unsupported: [
"hiddenapi/hiddenapi-unsupported.txt",
"hiddenapi/hiddenapi-unsupported-tiramisu.txt",
diff --git a/bpf_progs/Android.bp b/bpf_progs/Android.bp
index b1144b4..78fca29 100644
--- a/bpf_progs/Android.bp
+++ b/bpf_progs/Android.bp
@@ -27,11 +27,11 @@
host_supported: false,
header_libs: [
"bpf_headers",
- "libnetdbinder_utils_headers", // for XtBpfProgLocations.h
+ "netd_mainline_headers",
],
export_header_lib_headers: [
"bpf_headers",
- "libnetdbinder_utils_headers", // for XtBpfProgLocations.h
+ "netd_mainline_headers",
],
export_include_dirs: ["."],
cflags: [
diff --git a/bpf_progs/bpf_shared.h b/bpf_progs/bpf_shared.h
index 4b3ba2f..fd449a3 100644
--- a/bpf_progs/bpf_shared.h
+++ b/bpf_progs/bpf_shared.h
@@ -116,7 +116,7 @@
/* -=-=-=-=- WARNING -=-=-=-=-
*
* These 4 xt_bpf program paths are actually defined by:
- * //system/netd/include/binder_utils/XtBpfProgLocations.h
+ * //system/netd/include/mainline/XtBpfProgLocations.h
* which is intentionally a non-automerged location.
*
* They are *UNCHANGEABLE* due to being hard coded in Android T's netd binary
@@ -190,9 +190,9 @@
STRUCT_SIZE(UidOwnerValue, 2 * 4); // 8
// Entry in the configuration map that stores which UID rules are enabled.
-#define UID_RULES_CONFIGURATION_KEY 1
+#define UID_RULES_CONFIGURATION_KEY 0
// Entry in the configuration map that stores which stats map is currently in use.
-#define CURRENT_STATS_MAP_CONFIGURATION_KEY 2
+#define CURRENT_STATS_MAP_CONFIGURATION_KEY 1
typedef struct {
uint32_t iif; // The input interface index
diff --git a/bpf_progs/clat_mark.h b/bpf_progs/clat_mark.h
new file mode 100644
index 0000000..874d6ae
--- /dev/null
+++ b/bpf_progs/clat_mark.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+/* -=-=-=-=-= WARNING -=-=-=-=-=-
+ *
+ * DO *NOT* *EVER* CHANGE THIS CONSTANT
+ *
+ * This is aidl::android::net::INetd::CLAT_MARK but we can't use that from
+ * pure C code (ie. the eBPF clat program).
+ *
+ * It must match the iptables rules setup by netd on Android T.
+ *
+ * This mark value is used by the eBPF clatd program to mark ingress non-offloaded clat
+ * packets for later dropping in ip6tables bw_raw_PREROUTING.
+ * They need to be dropped *after* the clat daemon (via receive on an AF_PACKET socket)
+ * sees them and thus cannot be dropped from the bpf program itself.
+ */
+static const uint32_t CLAT_MARK = 0xDEADC1A7;
diff --git a/bpf_progs/clatd.c b/bpf_progs/clatd.c
index c5b8555..66e9616 100644
--- a/bpf_progs/clatd.c
+++ b/bpf_progs/clatd.c
@@ -36,16 +36,11 @@
#include "bpf_helpers.h"
#include "bpf_net_helpers.h"
#include "bpf_shared.h"
+#include "clat_mark.h"
// From kernel:include/net/ip.h
#define IP_DF 0x4000 // Flag: "Don't Fragment"
-// Used for iptables drops ingress clat packet. Beware of clat mark change may break the device
-// which is using the old clat mark in netd platform code. The reason is that the clat mark is a
-// mainline constant since T+ but netd iptable rules (ex: bandwidth control, firewall, and so on)
-// are set in stone.
-#define CLAT_MARK 0xdeadc1a7
-
DEFINE_BPF_MAP_GRW(clat_ingress6_map, HASH, ClatIngress6Key, ClatIngress6Value, 16, AID_SYSTEM)
static inline __always_inline int nat64(struct __sk_buff* skb, bool is_ethernet) {
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index 8f72f7c..44f76de 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -53,15 +53,24 @@
// For maps netd does not need to access
#define DEFINE_BPF_MAP_NO_NETD(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries) \
- DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, AID_NET_BW_ACCT, 0060)
+ DEFINE_BPF_MAP_EXT(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, \
+ AID_ROOT, AID_NET_BW_ACCT, 0060, "fs_bpf_net_shared", "", false)
// For maps netd only needs read only access to
#define DEFINE_BPF_MAP_RO_NETD(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries) \
- DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, AID_NET_BW_ACCT, 0460)
+ DEFINE_BPF_MAP_EXT(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, \
+ AID_ROOT, AID_NET_BW_ACCT, 0460, "fs_bpf_netd_readonly", "", false)
// For maps netd needs to be able to read and write
#define DEFINE_BPF_MAP_RW_NETD(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries) \
- DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, AID_ROOT, AID_NET_BW_ACCT, 0660)
+ DEFINE_BPF_MAP_UGM(the_map, TYPE, TypeOfKey, TypeOfValue, num_entries, \
+ AID_ROOT, AID_NET_BW_ACCT, 0660)
+
+// Bpf map arrays on creation are preinitialized to 0 and do not support deletion of a key,
+// see: kernel/bpf/arraymap.c array_map_delete_elem() returns -EINVAL (from both syscall and ebpf)
+// Additionally on newer kernels the bpf jit can optimize out the lookups.
+// only valid indexes are [0..CONFIGURATION_MAP_SIZE-1]
+DEFINE_BPF_MAP_RO_NETD(configuration_map, ARRAY, uint32_t, uint32_t, CONFIGURATION_MAP_SIZE)
DEFINE_BPF_MAP_RW_NETD(cookie_tag_map, HASH, uint64_t, UidTagValue, COOKIE_UID_MAP_SIZE)
DEFINE_BPF_MAP_NO_NETD(uid_counterset_map, HASH, uint32_t, uint8_t, UID_COUNTERSET_MAP_SIZE)
@@ -69,13 +78,26 @@
DEFINE_BPF_MAP_RW_NETD(stats_map_A, HASH, StatsKey, StatsValue, STATS_MAP_SIZE)
DEFINE_BPF_MAP_RO_NETD(stats_map_B, HASH, StatsKey, StatsValue, STATS_MAP_SIZE)
DEFINE_BPF_MAP_NO_NETD(iface_stats_map, HASH, uint32_t, StatsValue, IFACE_STATS_MAP_SIZE)
-DEFINE_BPF_MAP_RW_NETD(configuration_map, HASH, uint32_t, uint32_t, CONFIGURATION_MAP_SIZE)
DEFINE_BPF_MAP_NO_NETD(uid_owner_map, HASH, uint32_t, UidOwnerValue, UID_OWNER_MAP_SIZE)
DEFINE_BPF_MAP_RW_NETD(uid_permission_map, HASH, uint32_t, uint8_t, UID_OWNER_MAP_SIZE)
/* never actually used from ebpf */
DEFINE_BPF_MAP_NO_NETD(iface_index_name_map, HASH, uint32_t, IfaceValue, IFACE_INDEX_NAME_MAP_SIZE)
+// iptables xt_bpf programs need to be usable by both netd and netutils_wrappers
+#define DEFINE_XTBPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog) \
+ DEFINE_BPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog)
+
+// programs that need to be usable by netd, but not by netutils_wrappers
+#define DEFINE_NETD_BPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog) \
+ DEFINE_BPF_PROG_EXT(SECTION_NAME, prog_uid, prog_gid, the_prog, \
+ KVER_NONE, KVER_INF, false, "fs_bpf_netd_readonly", "")
+
+// programs that only need to be usable by the system server
+#define DEFINE_SYS_BPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog) \
+ DEFINE_BPF_PROG_EXT(SECTION_NAME, prog_uid, prog_gid, the_prog, \
+ KVER_NONE, KVER_INF, false, "fs_bpf_net_shared", "")
+
static __always_inline int is_system_uid(uint32_t uid) {
// MIN_SYSTEM_UID is AID_ROOT == 0, so uint32_t is *always* >= 0
// MAX_SYSTEM_UID is AID_NOBODY == 9999, while AID_APP_START == 10000
@@ -308,18 +330,18 @@
return match;
}
-DEFINE_BPF_PROG("cgroupskb/ingress/stats", AID_ROOT, AID_SYSTEM, bpf_cgroup_ingress)
+DEFINE_NETD_BPF_PROG("cgroupskb/ingress/stats", AID_ROOT, AID_SYSTEM, bpf_cgroup_ingress)
(struct __sk_buff* skb) {
return bpf_traffic_account(skb, BPF_INGRESS);
}
-DEFINE_BPF_PROG("cgroupskb/egress/stats", AID_ROOT, AID_SYSTEM, bpf_cgroup_egress)
+DEFINE_NETD_BPF_PROG("cgroupskb/egress/stats", AID_ROOT, AID_SYSTEM, bpf_cgroup_egress)
(struct __sk_buff* skb) {
return bpf_traffic_account(skb, BPF_EGRESS);
}
// WARNING: Android T's non-updatable netd depends on the name of this program.
-DEFINE_BPF_PROG("skfilter/egress/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_egress_prog)
+DEFINE_XTBPF_PROG("skfilter/egress/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_egress_prog)
(struct __sk_buff* skb) {
// Clat daemon does not generate new traffic, all its traffic is accounted for already
// on the v4-* interfaces (except for the 20 (or 28) extra bytes of IPv6 vs IPv4 overhead,
@@ -339,7 +361,7 @@
}
// WARNING: Android T's non-updatable netd depends on the name of this program.
-DEFINE_BPF_PROG("skfilter/ingress/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_ingress_prog)
+DEFINE_XTBPF_PROG("skfilter/ingress/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_ingress_prog)
(struct __sk_buff* skb) {
// Clat daemon traffic is not accounted by virtue of iptables raw prerouting drop rule
// (in clat_raw_PREROUTING chain), which triggers before this (in bw_raw_PREROUTING chain).
@@ -351,7 +373,8 @@
return BPF_MATCH;
}
-DEFINE_BPF_PROG("schedact/ingress/account", AID_ROOT, AID_NET_ADMIN, tc_bpf_ingress_account_prog)
+DEFINE_SYS_BPF_PROG("schedact/ingress/account", AID_ROOT, AID_NET_ADMIN,
+ tc_bpf_ingress_account_prog)
(struct __sk_buff* skb) {
if (is_received_skb(skb)) {
// Account for ingress traffic before tc drops it.
@@ -362,7 +385,7 @@
}
// WARNING: Android T's non-updatable netd depends on the name of this program.
-DEFINE_BPF_PROG("skfilter/allowlist/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_allowlist_prog)
+DEFINE_XTBPF_PROG("skfilter/allowlist/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_allowlist_prog)
(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
if (is_system_uid(sock_uid)) return BPF_MATCH;
@@ -380,7 +403,7 @@
}
// WARNING: Android T's non-updatable netd depends on the name of this program.
-DEFINE_BPF_PROG("skfilter/denylist/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_denylist_prog)
+DEFINE_XTBPF_PROG("skfilter/denylist/xtbpf", AID_ROOT, AID_NET_ADMIN, xt_bpf_denylist_prog)
(struct __sk_buff* skb) {
uint32_t sock_uid = bpf_get_socket_uid(skb);
UidOwnerValue* denylistMatch = bpf_uid_owner_map_lookup_elem(&sock_uid);
@@ -388,7 +411,7 @@
return BPF_NOMATCH;
}
-DEFINE_BPF_PROG("cgroupsock/inet/create", AID_ROOT, AID_ROOT, inet_socket_create)
+DEFINE_NETD_BPF_PROG("cgroupsock/inet/create", AID_ROOT, AID_ROOT, inet_socket_create)
(struct bpf_sock* sk) {
uint64_t gid_uid = bpf_get_current_uid_gid();
/*
diff --git a/framework/jarjar-excludes.txt b/framework/jarjar-excludes.txt
new file mode 100644
index 0000000..1311765
--- /dev/null
+++ b/framework/jarjar-excludes.txt
@@ -0,0 +1,25 @@
+# INetworkStatsProvider / INetworkStatsProviderCallback are referenced from net-tests-utils, which
+# may be used by tests that do not apply connectivity jarjar rules.
+# TODO: move files to a known internal package (like android.net.connectivity.visiblefortesting)
+# so that they do not need jarjar
+android\.net\.netstats\.provider\.INetworkStatsProvider(\$.+)?
+android\.net\.netstats\.provider\.INetworkStatsProviderCallback(\$.+)?
+
+# INetworkAgent / INetworkAgentRegistry are used in NetworkAgentTest
+# TODO: move files to android.net.connectivity.visiblefortesting
+android\.net\.INetworkAgent(\$.+)?
+android\.net\.INetworkAgentRegistry(\$.+)?
+
+# IConnectivityDiagnosticsCallback used in ConnectivityDiagnosticsManagerTest
+# TODO: move files to android.net.connectivity.visiblefortesting
+android\.net\.IConnectivityDiagnosticsCallback(\$.+)?
+
+
+# KeepaliveUtils is used by ConnectivityManager CTS
+# TODO: move into service-connectivity so framework-connectivity stops using
+# ServiceConnectivityResources (callers need high permissions to find/query the resource apk anyway)
+# and have a ConnectivityManager test API instead
+android\.net\.util\.KeepaliveUtils(\$.+)?
+
+# TODO (b/217115866): add jarjar rules for Nearby
+android\.nearby\..+
diff --git a/netd/BpfHandler.cpp b/netd/BpfHandler.cpp
index 5ae8ab6..fad6bbb 100644
--- a/netd/BpfHandler.cpp
+++ b/netd/BpfHandler.cpp
@@ -101,8 +101,6 @@
RETURN_IF_NOT_OK(mStatsMapA.init(STATS_MAP_A_PATH));
RETURN_IF_NOT_OK(mStatsMapB.init(STATS_MAP_B_PATH));
RETURN_IF_NOT_OK(mConfigurationMap.init(CONFIGURATION_MAP_PATH));
- RETURN_IF_NOT_OK(mConfigurationMap.writeValue(CURRENT_STATS_MAP_CONFIGURATION_KEY, SELECT_MAP_A,
- BPF_ANY));
RETURN_IF_NOT_OK(mUidPermissionMap.init(UID_PERMISSION_MAP_PATH));
ALOGI("%s successfully", __func__);
diff --git a/netd/BpfHandler.h b/netd/BpfHandler.h
index 7e3b94d..5ee04d1 100644
--- a/netd/BpfHandler.h
+++ b/netd/BpfHandler.h
@@ -63,7 +63,7 @@
BpfMap<uint64_t, UidTagValue> mCookieTagMap;
BpfMap<StatsKey, StatsValue> mStatsMapA;
BpfMapRO<StatsKey, StatsValue> mStatsMapB;
- BpfMap<uint32_t, uint32_t> mConfigurationMap;
+ BpfMapRO<uint32_t, uint32_t> mConfigurationMap;
BpfMap<uint32_t, uint8_t> mUidPermissionMap;
std::mutex mMutex;
diff --git a/netd/BpfHandlerTest.cpp b/netd/BpfHandlerTest.cpp
index c0f7e45..99160da 100644
--- a/netd/BpfHandlerTest.cpp
+++ b/netd/BpfHandlerTest.cpp
@@ -49,7 +49,7 @@
BpfHandler mBh;
BpfMap<uint64_t, UidTagValue> mFakeCookieTagMap;
BpfMap<StatsKey, StatsValue> mFakeStatsMapA;
- BpfMap<uint32_t, uint32_t> mFakeConfigurationMap;
+ BpfMapRO<uint32_t, uint32_t> mFakeConfigurationMap;
BpfMap<uint32_t, uint8_t> mFakeUidPermissionMap;
void SetUp() {
@@ -62,7 +62,7 @@
mFakeStatsMapA.resetMap(BPF_MAP_TYPE_HASH, TEST_MAP_SIZE);
ASSERT_VALID(mFakeStatsMapA);
- mFakeConfigurationMap.resetMap(BPF_MAP_TYPE_HASH, 1);
+ mFakeConfigurationMap.resetMap(BPF_MAP_TYPE_ARRAY, CONFIGURATION_MAP_SIZE);
ASSERT_VALID(mFakeConfigurationMap);
mFakeUidPermissionMap.resetMap(BPF_MAP_TYPE_HASH, TEST_MAP_SIZE);
@@ -75,8 +75,8 @@
mBh.mConfigurationMap = mFakeConfigurationMap;
ASSERT_VALID(mBh.mConfigurationMap);
// Always write to stats map A by default.
- ASSERT_RESULT_OK(mBh.mConfigurationMap.writeValue(CURRENT_STATS_MAP_CONFIGURATION_KEY,
- SELECT_MAP_A, BPF_ANY));
+ static_assert(SELECT_MAP_A == 0, "bpf map arrays are zero-initialized");
+
mBh.mUidPermissionMap = mFakeUidPermissionMap;
ASSERT_VALID(mBh.mUidPermissionMap);
}
diff --git a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java
index 79802fb..c4ea9ae 100644
--- a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java
+++ b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java
@@ -488,8 +488,6 @@
if (null != capabilities) {
setCapabilities(capabilities);
}
- // Send an abort callback if a request is filed before the previous one has completed.
- maybeSendNetworkManagementCallbackForAbort();
// TODO: Update this logic to only do a restart if required. Although a restart may
// be required due to the capabilities or ipConfiguration values, not all
// capabilities changes require a restart.
@@ -651,6 +649,8 @@
mIpClientCallback.awaitIpClientShutdown();
mIpClient = null;
}
+ // Send an abort callback if an updateInterface request was in progress.
+ maybeSendNetworkManagementCallbackForAbort();
mIpClientCallback = null;
if (mNetworkAgent != null) {
@@ -662,7 +662,6 @@
public void destroy() {
mNetworkProvider.unregisterNetworkOffer(mNetworkOfferCallback);
- maybeSendNetworkManagementCallbackForAbort();
stop();
mRequests.clear();
}
diff --git a/service-t/src/com/android/server/ethernet/EthernetTracker.java b/service-t/src/com/android/server/ethernet/EthernetTracker.java
index 6405795..3e71093 100644
--- a/service-t/src/com/android/server/ethernet/EthernetTracker.java
+++ b/service-t/src/com/android/server/ethernet/EthernetTracker.java
@@ -269,6 +269,8 @@
+ ", ipConfig: " + ipConfig);
}
+ // TODO: do the right thing if the interface was in server mode: either fail this operation,
+ // or take the interface out of server mode.
final IpConfiguration localIpConfig = ipConfig == null
? null : new IpConfiguration(ipConfig);
if (ipConfig != null) {
@@ -579,8 +581,8 @@
}
if (DBG) Log.i(TAG, "maybeTrackInterface: " + iface);
- // TODO: avoid making an interface default if it has configured NetworkCapabilities.
- if (mDefaultInterface == null) {
+ // Do not make an interface default if it has configured NetworkCapabilities.
+ if (mDefaultInterface == null && !mNetworkCapabilities.containsKey(iface)) {
mDefaultInterface = iface;
}
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index ff6e45d..e41034a 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -76,8 +76,10 @@
import android.content.IntentFilter;
import android.content.pm.ApplicationInfo;
import android.content.pm.PackageManager;
+import android.content.res.Resources;
import android.database.ContentObserver;
import android.net.ConnectivityManager;
+import android.net.ConnectivityResources;
import android.net.DataUsageRequest;
import android.net.INetd;
import android.net.INetworkStatsService;
@@ -140,6 +142,7 @@
import android.util.SparseIntArray;
import android.util.proto.ProtoOutputStream;
+import com.android.connectivity.resources.R;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.FileRotator;
@@ -255,7 +258,8 @@
"netstats_import_legacy_target_attempts";
static final int DEFAULT_NETSTATS_IMPORT_LEGACY_TARGET_ATTEMPTS = 1;
static final String NETSTATS_IMPORT_ATTEMPTS_COUNTER_NAME = "import.attempts";
- static final String NETSTATS_IMPORT_SUCCESS_COUNTER_NAME = "import.successes";
+ static final String NETSTATS_IMPORT_SUCCESSES_COUNTER_NAME = "import.successes";
+ static final String NETSTATS_IMPORT_FALLBACKS_COUNTER_NAME = "import.fallbacks";
private final Context mContext;
private final NetworkStatsFactory mStatsFactory;
@@ -275,10 +279,11 @@
private final AlertObserver mAlertObserver = new AlertObserver();
// Persistent counters that backed by AtomicFile which stored in the data directory as a file,
- // to track attempts/successes count across reboot. Note that these counter values will be
- // rollback as the module rollbacks.
+ // to track attempts/successes/fallbacks count across reboot. Note that these counter values
+ // will be rollback as the module rollbacks.
private PersistentInt mImportLegacyAttemptsCounter = null;
private PersistentInt mImportLegacySuccessesCounter = null;
+ private PersistentInt mImportLegacyFallbacksCounter = null;
@VisibleForTesting
public static final String ACTION_NETWORK_STATS_POLL =
@@ -626,21 +631,14 @@
}
/**
- * Create the persistent counter that counts total import legacy stats attempts.
+ * Create a persistent counter for given directory and name.
*/
- public PersistentInt createImportLegacyAttemptsCounter(@NonNull Path path)
+ public PersistentInt createPersistentCounter(@NonNull Path dir, @NonNull String name)
throws IOException {
// TODO: Modify PersistentInt to call setStartTime every time a write is made.
// Create and pass a real logger here.
- return new PersistentInt(path.toString(), null /* logger */);
- }
-
- /**
- * Create the persistent counter that counts total import legacy stats successes.
- */
- public PersistentInt createImportLegacySuccessesCounter(@NonNull Path path)
- throws IOException {
- return new PersistentInt(path.toString(), null /* logger */);
+ final String path = dir.resolve(name).toString();
+ return new PersistentInt(path, null /* logger */);
}
/**
@@ -770,6 +768,11 @@
return null;
}
}
+
+ /** Gets whether the build is userdebug. */
+ public boolean isDebuggable() {
+ return Build.isDebuggable();
+ }
}
/**
@@ -918,10 +921,12 @@
return;
}
try {
- mImportLegacyAttemptsCounter = mDeps.createImportLegacyAttemptsCounter(
- mStatsDir.toPath().resolve(NETSTATS_IMPORT_ATTEMPTS_COUNTER_NAME));
- mImportLegacySuccessesCounter = mDeps.createImportLegacySuccessesCounter(
- mStatsDir.toPath().resolve(NETSTATS_IMPORT_SUCCESS_COUNTER_NAME));
+ mImportLegacyAttemptsCounter = mDeps.createPersistentCounter(mStatsDir.toPath(),
+ NETSTATS_IMPORT_ATTEMPTS_COUNTER_NAME);
+ mImportLegacySuccessesCounter = mDeps.createPersistentCounter(mStatsDir.toPath(),
+ NETSTATS_IMPORT_SUCCESSES_COUNTER_NAME);
+ mImportLegacyFallbacksCounter = mDeps.createPersistentCounter(mStatsDir.toPath(),
+ NETSTATS_IMPORT_FALLBACKS_COUNTER_NAME);
} catch (IOException e) {
Log.wtf(TAG, "Failed to create persistent counters, skip.", e);
return;
@@ -929,15 +934,33 @@
final int targetAttempts = mDeps.getImportLegacyTargetAttempts();
final int attempts;
+ final int fallbacks;
+ final boolean runComparison;
try {
attempts = mImportLegacyAttemptsCounter.get();
+ // Fallbacks counter would be set to non-zero value to indicate the migration was
+ // not successful.
+ fallbacks = mImportLegacyFallbacksCounter.get();
+ runComparison = shouldRunComparison();
} catch (IOException e) {
- Log.wtf(TAG, "Failed to read attempts counter, skip.", e);
+ Log.wtf(TAG, "Failed to read counters, skip.", e);
return;
}
- if (attempts >= targetAttempts) return;
- Log.i(TAG, "Starting import : attempts " + attempts + "/" + targetAttempts);
+ // If the target number of attempts are reached, don't import any data.
+ // However, if comparison is requested, still read the legacy data and compare
+ // it to the importer output. This allows OEMs to debug issues with the
+ // importer code and to collect signals from the field.
+ final boolean dryRunImportOnly =
+ fallbacks != 0 && runComparison && (attempts >= targetAttempts);
+ // Return if target attempts are reached and there is no need to dry run.
+ if (attempts >= targetAttempts && !dryRunImportOnly) return;
+
+ if (dryRunImportOnly) {
+ Log.i(TAG, "Starting import : only perform read");
+ } else {
+ Log.i(TAG, "Starting import : attempts " + attempts + "/" + targetAttempts);
+ }
final MigrationInfo[] migrations = new MigrationInfo[]{
new MigrationInfo(mDevRecorder), new MigrationInfo(mXtRecorder),
@@ -945,68 +968,57 @@
};
// Legacy directories will be created by recorders if they do not exist
- final File legacyBaseDir = mDeps.getLegacyStatsDir();
- final NetworkStatsRecorder[] legacyRecorders = new NetworkStatsRecorder[]{
- buildRecorder(PREFIX_DEV, mSettings.getDevConfig(), false, legacyBaseDir),
- buildRecorder(PREFIX_XT, mSettings.getXtConfig(), false, legacyBaseDir),
- buildRecorder(PREFIX_UID, mSettings.getUidConfig(), false, legacyBaseDir),
- buildRecorder(PREFIX_UID_TAG, mSettings.getUidTagConfig(), true, legacyBaseDir)
- };
+ final NetworkStatsRecorder[] legacyRecorders;
+ if (runComparison) {
+ final File legacyBaseDir = mDeps.getLegacyStatsDir();
+ legacyRecorders = new NetworkStatsRecorder[]{
+ buildRecorder(PREFIX_DEV, mSettings.getDevConfig(), false, legacyBaseDir),
+ buildRecorder(PREFIX_XT, mSettings.getXtConfig(), false, legacyBaseDir),
+ buildRecorder(PREFIX_UID, mSettings.getUidConfig(), false, legacyBaseDir),
+ buildRecorder(PREFIX_UID_TAG, mSettings.getUidTagConfig(), true, legacyBaseDir)
+ };
+ } else {
+ legacyRecorders = null;
+ }
long migrationEndTime = Long.MIN_VALUE;
- boolean endedWithFallback = false;
try {
// First, read all legacy collections. This is OEM code and it can throw. Don't
// commit any data to disk until all are read.
for (int i = 0; i < migrations.length; i++) {
- String errMsg = null;
- Throwable exception = null;
final MigrationInfo migration = migrations[i];
- // Read the collection from platform code, and using fallback method if throws.
+ // Read the collection from platform code, and set fallbacks counter if throws
+ // for better debugging.
try {
migration.collection = readPlatformCollectionForRecorder(migration.recorder);
} catch (Throwable e) {
- errMsg = "Failed to read stats from platform";
- exception = e;
- }
-
- // Also read the collection with legacy method
- final NetworkStatsRecorder legacyRecorder = legacyRecorders[i];
-
- final NetworkStatsCollection legacyStats;
- try {
- legacyStats = legacyRecorder.getOrLoadCompleteLocked();
- } catch (Throwable e) {
- Log.wtf(TAG, "Failed to read stats with legacy method for recorder " + i, e);
- if (exception != null) {
- throw exception;
+ if (dryRunImportOnly) {
+ Log.wtf(TAG, "Platform data read failed. ", e);
+ return;
} else {
- // Use newer stats, since that's all that is available
- continue;
+ // Data is not imported successfully, set fallbacks counter to non-zero
+ // value to trigger dry run every later boot when the runComparison is
+ // true, in order to make it easier to debug issues.
+ tryIncrementLegacyFallbacksCounter();
+ // Re-throw for error handling. This will increase attempts counter.
+ throw e;
}
}
- if (errMsg == null) {
- try {
- errMsg = compareStats(migration.collection, legacyStats);
- } catch (Throwable e) {
- errMsg = "Failed to compare migrated stats with all stats";
- exception = e;
+ if (runComparison) {
+ final boolean success =
+ compareImportedToLegacyStats(migration, legacyRecorders[i]);
+ if (!success && !dryRunImportOnly) {
+ tryIncrementLegacyFallbacksCounter();
}
}
-
- if (errMsg != null) {
- Log.wtf(TAG, "NetworkStats import for migration " + i
- + " returned invalid data: " + errMsg, exception);
- // Fall back to legacy stats for this boot. The stats for old data will be
- // re-imported again on next boot until they succeed the import. This is fine
- // since every import clears the previous stats for the imported timespan.
- migration.collection = legacyStats;
- endedWithFallback = true;
- }
}
+ // For cases where the fallbacks are not zero but target attempts counts reached,
+ // only perform reads above and return here.
+ if (dryRunImportOnly) return;
+
// Find the latest end time.
for (final MigrationInfo migration : migrations) {
final long migrationEnd = migration.collection.getEndMillis();
@@ -1029,11 +1041,7 @@
migration.recorder.importCollectionLocked(migration.collection);
}
- if (endedWithFallback) {
- Log.wtf(TAG, "Imported platform collections with legacy fallback");
- } else {
- Log.i(TAG, "Successfully imported platform collections");
- }
+ // Success normally or uses fallback method.
} catch (Throwable e) {
// The code above calls OEM code that may behave differently across devices.
// It can throw any exception including RuntimeExceptions and
@@ -1073,8 +1081,9 @@
// Success ! No need to import again next time.
try {
mImportLegacyAttemptsCounter.set(targetAttempts);
+ Log.i(TAG, "Successfully imported platform collections");
// The successes counter is only for debugging. Hence, the synchronization
- // between these two counters are not very critical.
+ // between successes counter and attempts counter are not very critical.
final int successCount = mImportLegacySuccessesCounter.get();
mImportLegacySuccessesCounter.set(successCount + 1);
} catch (IOException e) {
@@ -1082,6 +1091,68 @@
}
}
+ void tryIncrementLegacyFallbacksCounter() {
+ try {
+ final int fallbacks = mImportLegacyFallbacksCounter.get();
+ mImportLegacyFallbacksCounter.set(fallbacks + 1);
+ } catch (IOException e) {
+ Log.wtf(TAG, "Failed to update fallback counter.", e);
+ }
+ }
+
+ @VisibleForTesting
+ boolean shouldRunComparison() {
+ final ConnectivityResources resources = new ConnectivityResources(mContext);
+ // 0 if id not found.
+ Boolean overlayValue = null;
+ try {
+ switch (resources.get().getInteger(R.integer.config_netstats_validate_import)) {
+ case 1:
+ overlayValue = Boolean.TRUE;
+ break;
+ case 0:
+ overlayValue = Boolean.FALSE;
+ break;
+ }
+ } catch (Resources.NotFoundException e) {
+ // Overlay value is not defined.
+ }
+ return overlayValue != null ? overlayValue : mDeps.isDebuggable();
+ }
+
+ /**
+ * Compare imported data with the data returned by legacy recorders.
+ *
+ * @return true if the data matches, false if the data does not match or throw with exceptions.
+ */
+ private boolean compareImportedToLegacyStats(@NonNull MigrationInfo migration,
+ @NonNull NetworkStatsRecorder legacyRecorder) {
+ final NetworkStatsCollection legacyStats;
+ try {
+ legacyStats = legacyRecorder.getOrLoadCompleteLocked();
+ } catch (Throwable e) {
+ Log.wtf(TAG, "Failed to read stats with legacy method for recorder "
+ + legacyRecorder.getCookie(), e);
+ // Cannot read data from legacy method, skip comparison.
+ return false;
+ }
+
+ // The result of comparison is only for logging.
+ try {
+ final String error = compareStats(migration.collection, legacyStats);
+ if (error != null) {
+ Log.wtf(TAG, "Unexpected comparison result for recorder "
+ + legacyRecorder.getCookie() + ": " + error);
+ return false;
+ }
+ } catch (Throwable e) {
+ Log.wtf(TAG, "Failed to compare migrated stats with legacy stats for recorder "
+ + legacyRecorder.getCookie(), e);
+ return false;
+ }
+ return true;
+ }
+
private static String str(NetworkStatsCollection.Key key) {
StringBuilder sb = new StringBuilder()
.append(key.ident.toString())
@@ -2506,6 +2577,9 @@
pw.print("platform legacy stats import successes count",
mImportLegacySuccessesCounter.get());
pw.println();
+ pw.print("platform legacy stats import fallbacks count",
+ mImportLegacyFallbacksCounter.get());
+ pw.println();
} catch (IOException e) {
pw.println("(failed to dump platform legacy stats import counters)");
}
diff --git a/service/ServiceConnectivityResources/res/values/config.xml b/service/ServiceConnectivityResources/res/values/config.xml
index 81782f9..bff6953 100644
--- a/service/ServiceConnectivityResources/res/values/config.xml
+++ b/service/ServiceConnectivityResources/res/values/config.xml
@@ -179,4 +179,13 @@
Only supported up to S. On T+, the Wi-Fi code should use unregisterAfterReplacement in order
to ensure that apps see the network disconnect and reconnect. -->
<integer translatable="false" name="config_validationFailureAfterRoamIgnoreTimeMillis">-1</integer>
+
+ <!-- Whether the network stats service should run compare on the result of
+ {@link NetworkStatsDataMigrationUtils#readPlatformCollection} and the result
+ of reading from legacy recorders. Possible values are:
+ 0 = never compare,
+ 1 = always compare,
+ 2 = compare on debuggable builds (default value)
+ -->
+ <integer translatable="false" name="config_netstats_validate_import">2</integer>
</resources>
diff --git a/service/ServiceConnectivityResources/res/values/overlayable.xml b/service/ServiceConnectivityResources/res/values/overlayable.xml
index b92dd08..3389d63 100644
--- a/service/ServiceConnectivityResources/res/values/overlayable.xml
+++ b/service/ServiceConnectivityResources/res/values/overlayable.xml
@@ -41,6 +41,7 @@
<item type="array" name="config_ethernet_interfaces"/>
<item type="string" name="config_ethernet_iface_regex"/>
<item type="integer" name="config_validationFailureAfterRoamIgnoreTimeMillis" />
+ <item type="integer" name="config_netstats_validate_import" />
</policy>
</overlayable>
</resources>
diff --git a/service/jarjar-excludes.txt b/service/jarjar-excludes.txt
new file mode 100644
index 0000000..b0d6763
--- /dev/null
+++ b/service/jarjar-excludes.txt
@@ -0,0 +1,9 @@
+# Classes loaded by SystemServer via their hardcoded name, so they can't be jarjared
+com\.android\.server\.ConnectivityServiceInitializer(\$.+)?
+com\.android\.server\.NetworkStatsServiceInitializer(\$.+)?
+
+# Do not jarjar com.android.server, as several unit tests fail because they lose
+# package-private visibility between jarjared and non-jarjared classes.
+# TODO: fix the tests and also jarjar com.android.server, or at least only exclude a package that
+# is specific to the module like com.android.server.connectivity
+com\.android\.server\..+
diff --git a/service/native/TrafficController.cpp b/service/native/TrafficController.cpp
index adc1925..4dc056d 100644
--- a/service/native/TrafficController.cpp
+++ b/service/native/TrafficController.cpp
@@ -56,7 +56,6 @@
using bpf::BpfMap;
using bpf::synchronizeKernelRCU;
using netdutils::DumpWriter;
-using netdutils::getIfaceList;
using netdutils::NetlinkListener;
using netdutils::NetlinkListenerInterface;
using netdutils::ScopedIndent;
@@ -111,14 +110,6 @@
return matchType;
}
-bool TrafficController::hasUpdateDeviceStatsPermission(uid_t uid) {
- // This implementation is the same logic as method ActivityManager#checkComponentPermission.
- // It implies that the calling uid can never be the same as PER_USER_RANGE.
- uint32_t appId = uid % PER_USER_RANGE;
- return ((appId == AID_ROOT) || (appId == AID_SYSTEM) ||
- mPrivilegedUser.find(appId) != mPrivilegedUser.end());
-}
-
const std::string UidPermissionTypeToString(int permission) {
if (permission == INetd::PERMISSION_NONE) {
return "PERMISSION_NONE";
@@ -198,16 +189,6 @@
Status TrafficController::start() {
RETURN_IF_NOT_OK(initMaps());
- // Fetch the list of currently-existing interfaces. At this point NetlinkHandler is
- // already running, so it will call addInterface() when any new interface appears.
- // TODO: Clean-up addInterface() after interface monitoring is in
- // NetworkStatsService.
- std::map<std::string, uint32_t> ifacePairs;
- ASSIGN_OR_RETURN(ifacePairs, getIfaceList());
- for (const auto& ifacePair:ifacePairs) {
- addInterface(ifacePair.first.c_str(), ifacePair.second);
- }
-
auto result = makeSkDestroyListener();
if (!isOk(result)) {
ALOGE("Unable to create SkDestroyListener: %s", toString(result).c_str());
@@ -245,22 +226,6 @@
return netdutils::status::ok;
}
-int TrafficController::addInterface(const char* name, uint32_t ifaceIndex) {
- IfaceValue iface;
- if (ifaceIndex == 0) {
- ALOGE("Unknown interface %s(%d)", name, ifaceIndex);
- return -1;
- }
-
- strlcpy(iface.name, name, sizeof(IfaceValue));
- Status res = mIfaceIndexNameMap.writeValue(ifaceIndex, iface, BPF_ANY);
- if (!isOk(res)) {
- ALOGE("Failed to add iface %s(%d): %s", name, ifaceIndex, strerror(res.code()));
- return -res.code();
- }
- return 0;
-}
-
Status TrafficController::updateOwnerMapEntry(UidOwnerMatchType match, uid_t uid, FirewallRule rule,
FirewallType type) {
std::lock_guard guard(mMutex);
diff --git a/service/native/TrafficControllerTest.cpp b/service/native/TrafficControllerTest.cpp
index b77c465..7730c13 100644
--- a/service/native/TrafficControllerTest.cpp
+++ b/service/native/TrafficControllerTest.cpp
@@ -98,7 +98,7 @@
mFakeStatsMapA.resetMap(BPF_MAP_TYPE_HASH, TEST_MAP_SIZE);
ASSERT_VALID(mFakeStatsMapA);
- mFakeConfigurationMap.resetMap(BPF_MAP_TYPE_HASH, 1);
+ mFakeConfigurationMap.resetMap(BPF_MAP_TYPE_ARRAY, CONFIGURATION_MAP_SIZE);
ASSERT_VALID(mFakeConfigurationMap);
mFakeUidOwnerMap.resetMap(BPF_MAP_TYPE_HASH, TEST_MAP_SIZE);
@@ -122,8 +122,8 @@
ASSERT_VALID(mTc.mConfigurationMap);
// Always write to stats map A by default.
- ASSERT_RESULT_OK(mTc.mConfigurationMap.writeValue(CURRENT_STATS_MAP_CONFIGURATION_KEY,
- SELECT_MAP_A, BPF_ANY));
+ static_assert(SELECT_MAP_A == 0);
+
mTc.mUidOwnerMap = mFakeUidOwnerMap;
ASSERT_VALID(mTc.mUidOwnerMap);
mTc.mUidPermissionMap = mFakeUidPermissionMap;
diff --git a/service/native/include/Common.h b/service/native/include/Common.h
index 3f28991..03f449a 100644
--- a/service/native/include/Common.h
+++ b/service/native/include/Common.h
@@ -17,9 +17,12 @@
#pragma once
// TODO: deduplicate with the constants in NetdConstants.h.
#include <aidl/android/net/INetd.h>
+#include "clat_mark.h"
using aidl::android::net::INetd;
+static_assert(INetd::CLAT_MARK == CLAT_MARK, "must be 0xDEADC1A7");
+
enum FirewallRule { ALLOW = INetd::FIREWALL_RULE_ALLOW, DENY = INetd::FIREWALL_RULE_DENY };
// ALLOWLIST means the firewall denies all by default, uids must be explicitly ALLOWed
diff --git a/service/native/include/TrafficController.h b/service/native/include/TrafficController.h
index c921ff2..8512929 100644
--- a/service/native/include/TrafficController.h
+++ b/service/native/include/TrafficController.h
@@ -45,11 +45,6 @@
*/
netdutils::Status swapActiveStatsMap() EXCLUDES(mMutex);
- /*
- * Add the interface name and index pair into the eBPF map.
- */
- int addInterface(const char* name, uint32_t ifaceIndex);
-
int changeUidOwnerRule(ChildChain chain, const uid_t uid, FirewallRule rule, FirewallType type);
int removeUidOwnerRule(const uid_t uid);
@@ -187,8 +182,6 @@
// need to call back to system server for permission check.
std::set<uid_t> mPrivilegedUser GUARDED_BY(mMutex);
- bool hasUpdateDeviceStatsPermission(uid_t uid) REQUIRES(mMutex);
-
// For testing
friend class TrafficControllerTest;
};
diff --git a/tests/cts/hostside/src/com/android/cts/net/HostsideNetworkTestCase.java b/tests/cts/hostside/src/com/android/cts/net/HostsideNetworkTestCase.java
index cc07fd1..d0567ae 100644
--- a/tests/cts/hostside/src/com/android/cts/net/HostsideNetworkTestCase.java
+++ b/tests/cts/hostside/src/com/android/cts/net/HostsideNetworkTestCase.java
@@ -34,8 +34,6 @@
import java.io.FileNotFoundException;
import java.util.Map;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
abstract class HostsideNetworkTestCase extends DeviceTestCase implements IAbiReceiver,
IBuildReceiver {
@@ -171,18 +169,19 @@
}
}
- private static final Pattern UID_PATTERN =
- Pattern.compile(".*userId=([0-9]+)$", Pattern.MULTILINE);
-
protected int getUid(String packageName) throws DeviceNotAvailableException {
- final String output = runCommand("dumpsys package " + packageName);
- final Matcher matcher = UID_PATTERN.matcher(output);
- while (matcher.find()) {
- final String match = matcher.group(1);
- return Integer.parseInt(match);
+ final int currentUser = getDevice().getCurrentUser();
+ final String uidLines = runCommand(
+ "cmd package list packages -U --user " + currentUser + " " + packageName);
+ for (String uidLine : uidLines.split("\n")) {
+ if (uidLine.startsWith("package:" + packageName + " uid:")) {
+ final String[] uidLineParts = uidLine.split(":");
+ // 3rd entry is package uid
+ return Integer.parseInt(uidLineParts[2].trim());
+ }
}
- throw new RuntimeException("Did not find regexp '" + UID_PATTERN + "' on adb output\n"
- + output);
+ throw new IllegalStateException("Failed to find the test app on the device; pkg="
+ + packageName + ", u=" + currentUser);
}
protected String runCommand(String command) throws DeviceNotAvailableException {
diff --git a/tests/cts/net/native/src/BpfCompatTest.cpp b/tests/cts/net/native/src/BpfCompatTest.cpp
index 97ecb9e..e52533b 100644
--- a/tests/cts/net/native/src/BpfCompatTest.cpp
+++ b/tests/cts/net/native/src/BpfCompatTest.cpp
@@ -31,8 +31,13 @@
std::ifstream elfFile(elfPath, std::ios::in | std::ios::binary);
ASSERT_TRUE(elfFile.is_open());
- EXPECT_EQ(48, readSectionUint("size_of_bpf_map_def", elfFile, 0));
- EXPECT_EQ(28, readSectionUint("size_of_bpf_prog_def", elfFile, 0));
+ if (android::modules::sdklevel::IsAtLeastT()) {
+ EXPECT_EQ(116, readSectionUint("size_of_bpf_map_def", elfFile, 0));
+ EXPECT_EQ(92, readSectionUint("size_of_bpf_prog_def", elfFile, 0));
+ } else {
+ EXPECT_EQ(48, readSectionUint("size_of_bpf_map_def", elfFile, 0));
+ EXPECT_EQ(28, readSectionUint("size_of_bpf_prog_def", elfFile, 0));
+ }
}
TEST(BpfTest, bpfStructSizeTestPreT) {
diff --git a/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt b/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt
index 0344604..1b77d5f 100644
--- a/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt
+++ b/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt
@@ -33,7 +33,6 @@
import android.net.NetworkCapabilities.TRANSPORT_WIFI
import android.net.NetworkRequest
import android.net.Uri
-import android.net.cts.NetworkValidationTestUtil.clearValidationTestUrlsDeviceConfig
import android.net.cts.NetworkValidationTestUtil.setHttpUrlDeviceConfig
import android.net.cts.NetworkValidationTestUtil.setHttpsUrlDeviceConfig
import android.net.cts.NetworkValidationTestUtil.setUrlExpirationDeviceConfig
@@ -60,6 +59,8 @@
import org.junit.Assume.assumeTrue
import org.junit.Assume.assumeFalse
import org.junit.Before
+import org.junit.BeforeClass
+import org.junit.Rule
import org.junit.runner.RunWith
import java.util.concurrent.CompletableFuture
import java.util.concurrent.TimeUnit
@@ -99,34 +100,42 @@
private val server = TestHttpServer("localhost")
+ @get:Rule
+ val deviceConfigRule = DeviceConfigRule(retryCountBeforeSIfConfigChanged = 5)
+
+ companion object {
+ @JvmStatic @BeforeClass
+ fun setUpClass() {
+ runAsShell(READ_DEVICE_CONFIG) {
+ // Verify that the test URLs are not normally set on the device, but do not fail if
+ // the test URLs are set to what this test uses (URLs on localhost), in case the
+ // test was interrupted manually and rerun.
+ assertEmptyOrLocalhostUrl(TEST_CAPTIVE_PORTAL_HTTPS_URL)
+ assertEmptyOrLocalhostUrl(TEST_CAPTIVE_PORTAL_HTTP_URL)
+ }
+ NetworkValidationTestUtil.clearValidationTestUrlsDeviceConfig()
+ }
+
+ private fun assertEmptyOrLocalhostUrl(urlKey: String) {
+ val url = DeviceConfig.getProperty(NAMESPACE_CONNECTIVITY, urlKey)
+ assertTrue(TextUtils.isEmpty(url) || LOCALHOST_HOSTNAME == Uri.parse(url).host,
+ "$urlKey must not be set in production scenarios (current value: $url)")
+ }
+ }
+
@Before
fun setUp() {
- runAsShell(READ_DEVICE_CONFIG) {
- // Verify that the test URLs are not normally set on the device, but do not fail if the
- // test URLs are set to what this test uses (URLs on localhost), in case the test was
- // interrupted manually and rerun.
- assertEmptyOrLocalhostUrl(TEST_CAPTIVE_PORTAL_HTTPS_URL)
- assertEmptyOrLocalhostUrl(TEST_CAPTIVE_PORTAL_HTTP_URL)
- }
- clearValidationTestUrlsDeviceConfig()
server.start()
}
@After
fun tearDown() {
- clearValidationTestUrlsDeviceConfig()
if (pm.hasSystemFeature(FEATURE_WIFI)) {
- reconnectWifi()
+ deviceConfigRule.runAfterNextCleanup { reconnectWifi() }
}
server.stop()
}
- private fun assertEmptyOrLocalhostUrl(urlKey: String) {
- val url = DeviceConfig.getProperty(NAMESPACE_CONNECTIVITY, urlKey)
- assertTrue(TextUtils.isEmpty(url) || LOCALHOST_HOSTNAME == Uri.parse(url).host,
- "$urlKey must not be set in production scenarios (current value: $url)")
- }
-
@Test
fun testCaptivePortalIsNotDefaultNetwork() {
assumeTrue(pm.hasSystemFeature(FEATURE_TELEPHONY))
@@ -154,12 +163,13 @@
server.addResponse(Request(TEST_HTTPS_URL_PATH), Status.INTERNAL_ERROR)
val headers = mapOf("Location" to makeUrl(TEST_PORTAL_URL_PATH))
server.addResponse(Request(TEST_HTTP_URL_PATH), Status.REDIRECT, headers)
- setHttpsUrlDeviceConfig(makeUrl(TEST_HTTPS_URL_PATH))
- setHttpUrlDeviceConfig(makeUrl(TEST_HTTP_URL_PATH))
+ setHttpsUrlDeviceConfig(deviceConfigRule, makeUrl(TEST_HTTPS_URL_PATH))
+ setHttpUrlDeviceConfig(deviceConfigRule, makeUrl(TEST_HTTP_URL_PATH))
Log.d(TAG, "Set portal URLs to $TEST_HTTPS_URL_PATH and $TEST_HTTP_URL_PATH")
// URL expiration needs to be in the next 10 minutes
assertTrue(WIFI_CONNECT_TIMEOUT_MS < TimeUnit.MINUTES.toMillis(10))
- setUrlExpirationDeviceConfig(System.currentTimeMillis() + WIFI_CONNECT_TIMEOUT_MS)
+ setUrlExpirationDeviceConfig(deviceConfigRule,
+ System.currentTimeMillis() + WIFI_CONNECT_TIMEOUT_MS)
// Wait for a captive portal to be detected on the network
val wifiNetworkFuture = CompletableFuture<Network>()
@@ -215,4 +225,4 @@
utils.ensureWifiDisconnected(null /* wifiNetworkToCheck */)
utils.ensureWifiConnected()
}
-}
\ No newline at end of file
+}
diff --git a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
index 08cf0d7..766d62f 100644
--- a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
@@ -249,6 +249,10 @@
@Rule
public final DevSdkIgnoreRule ignoreRule = new DevSdkIgnoreRule();
+ @Rule
+ public final DeviceConfigRule mTestValidationConfigRule = new DeviceConfigRule(
+ 5 /* retryCountBeforeSIfConfigChanged */);
+
private static final String TAG = ConnectivityManagerTest.class.getSimpleName();
public static final int TYPE_MOBILE = ConnectivityManager.TYPE_MOBILE;
@@ -2765,9 +2769,8 @@
// Accept partial connectivity network should result in a validated network
expectNetworkHasCapability(network, NET_CAPABILITY_VALIDATED, WIFI_CONNECT_TIMEOUT_MS);
} finally {
- resetValidationConfig();
- // Reconnect wifi to reset the wifi status
- reconnectWifi();
+ mHttpServer.stop();
+ mTestValidationConfigRule.runAfterNextCleanup(this::reconnectWifi);
}
}
@@ -2792,11 +2795,13 @@
// Reject partial connectivity network should cause the network being torn down
assertEquals(network, cb.waitForLost());
} finally {
- resetValidationConfig();
+ mHttpServer.stop();
// Wifi will not automatically reconnect to the network. ensureWifiDisconnected cannot
// apply here. Thus, turn off wifi first and restart to restore.
- runShellCommand("svc wifi disable");
- mCtsNetUtils.ensureWifiConnected();
+ mTestValidationConfigRule.runAfterNextCleanup(() -> {
+ runShellCommand("svc wifi disable");
+ mCtsNetUtils.ensureWifiConnected();
+ });
}
}
@@ -2832,11 +2837,13 @@
});
waitForLost(wifiCb);
} finally {
- resetValidationConfig();
+ mHttpServer.stop();
/// Wifi will not automatically reconnect to the network. ensureWifiDisconnected cannot
// apply here. Thus, turn off wifi first and restart to restore.
- runShellCommand("svc wifi disable");
- mCtsNetUtils.ensureWifiConnected();
+ mTestValidationConfigRule.runAfterNextCleanup(() -> {
+ runShellCommand("svc wifi disable");
+ mCtsNetUtils.ensureWifiConnected();
+ });
}
}
@@ -2896,9 +2903,8 @@
wifiCb.assertNoCallbackThat(NO_CALLBACK_TIMEOUT_MS, c -> isValidatedCaps(c));
} finally {
resetAvoidBadWifi(previousAvoidBadWifi);
- resetValidationConfig();
- // Reconnect wifi to reset the wifi status
- reconnectWifi();
+ mHttpServer.stop();
+ mTestValidationConfigRule.runAfterNextCleanup(this::reconnectWifi);
}
}
@@ -2942,11 +2948,6 @@
return future.get(timeout, TimeUnit.MILLISECONDS);
}
- private void resetValidationConfig() {
- NetworkValidationTestUtil.clearValidationTestUrlsDeviceConfig();
- mHttpServer.stop();
- }
-
private void prepareHttpServer() throws Exception {
runAsShell(READ_DEVICE_CONFIG, () -> {
// Verify that the test URLs are not normally set on the device, but do not fail if the
@@ -3019,9 +3020,11 @@
mHttpServer.addResponse(new TestHttpServer.Request(
TEST_HTTP_URL_PATH, Method.GET, "" /* queryParameters */),
httpStatusCode, null /* locationHeader */, "" /* content */);
- NetworkValidationTestUtil.setHttpsUrlDeviceConfig(makeUrl(TEST_HTTPS_URL_PATH));
- NetworkValidationTestUtil.setHttpUrlDeviceConfig(makeUrl(TEST_HTTP_URL_PATH));
- NetworkValidationTestUtil.setUrlExpirationDeviceConfig(
+ NetworkValidationTestUtil.setHttpsUrlDeviceConfig(mTestValidationConfigRule,
+ makeUrl(TEST_HTTPS_URL_PATH));
+ NetworkValidationTestUtil.setHttpUrlDeviceConfig(mTestValidationConfigRule,
+ makeUrl(TEST_HTTP_URL_PATH));
+ NetworkValidationTestUtil.setUrlExpirationDeviceConfig(mTestValidationConfigRule,
System.currentTimeMillis() + WIFI_CONNECT_TIMEOUT_MS);
}
@@ -3374,6 +3377,7 @@
}
@Test @IgnoreUpTo(SC_V2)
+ @AppModeFull(reason = "Socket cannot bind in instant app mode")
public void testFirewallBlocking() {
// Following tests affect the actual state of networking on the device after the test.
// This might cause unexpected behaviour of the device. So, we skip them for now.
diff --git a/tests/cts/net/src/android/net/cts/DeviceConfigRule.kt b/tests/cts/net/src/android/net/cts/DeviceConfigRule.kt
new file mode 100644
index 0000000..d31a4e0
--- /dev/null
+++ b/tests/cts/net/src/android/net/cts/DeviceConfigRule.kt
@@ -0,0 +1,124 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.cts
+
+import android.Manifest.permission.READ_DEVICE_CONFIG
+import android.Manifest.permission.WRITE_DEVICE_CONFIG
+import android.provider.DeviceConfig
+import android.util.Log
+import com.android.modules.utils.build.SdkLevel
+import com.android.testutils.runAsShell
+import com.android.testutils.tryTest
+import org.junit.rules.TestRule
+import org.junit.runner.Description
+import org.junit.runners.model.Statement
+
+private val TAG = DeviceConfigRule::class.simpleName
+
+/**
+ * A [TestRule] that helps set [DeviceConfig] for tests and clean up the test configuration
+ * automatically on teardown.
+ *
+ * The rule can also optionally retry tests when they fail following an external change of
+ * DeviceConfig before S; this typically happens because device config flags are synced while the
+ * test is running, and DisableConfigSyncTargetPreparer is only usable starting from S.
+ *
+ * @param retryCountBeforeSIfConfigChanged if > 0, when the test fails before S, check if
+ * the configs that were set through this rule were changed, and retry the test
+ * up to the specified number of times if yes.
+ */
+class DeviceConfigRule @JvmOverloads constructor(
+ val retryCountBeforeSIfConfigChanged: Int = 0
+) : TestRule {
+ // Maps (namespace, key) -> value
+ private val originalConfig = mutableMapOf<Pair<String, String>, String?>()
+ private val usedConfig = mutableMapOf<Pair<String, String>, String?>()
+
+ /**
+ * Actions to be run after cleanup of the config, for the current test only.
+ */
+ private val currentTestCleanupActions = mutableListOf<Runnable>()
+
+ override fun apply(base: Statement, description: Description): Statement {
+ return TestValidationUrlStatement(base, description)
+ }
+
+ private inner class TestValidationUrlStatement(
+ private val base: Statement,
+ private val description: Description
+ ) : Statement() {
+ override fun evaluate() {
+ var retryCount = if (SdkLevel.isAtLeastS()) 1 else retryCountBeforeSIfConfigChanged + 1
+ while (retryCount > 0) {
+ retryCount--
+ tryTest {
+ base.evaluate()
+ // Can't use break/return out of a loop here because this is a tryTest lambda,
+ // so set retryCount to exit instead
+ retryCount = 0
+ }.catch<Throwable> { e -> // junit AssertionFailedError does not extend Exception
+ if (retryCount == 0) throw e
+ usedConfig.forEach { (key, value) ->
+ val currentValue = runAsShell(READ_DEVICE_CONFIG) {
+ DeviceConfig.getProperty(key.first, key.second)
+ }
+ if (currentValue != value) {
+ Log.w(TAG, "Test failed with unexpected device config change, retrying")
+ return@catch
+ }
+ }
+ throw e
+ } cleanupStep {
+ runAsShell(WRITE_DEVICE_CONFIG) {
+ originalConfig.forEach { (key, value) ->
+ DeviceConfig.setProperty(
+ key.first, key.second, value, false /* makeDefault */)
+ }
+ }
+ } cleanupStep {
+ originalConfig.clear()
+ usedConfig.clear()
+ } cleanup {
+ currentTestCleanupActions.forEach { it.run() }
+ currentTestCleanupActions.clear()
+ }
+ }
+ }
+ }
+
+ /**
+ * Set a configuration key/value. After the test case ends, it will be restored to the value it
+ * had when this method was first called.
+ */
+ fun setConfig(namespace: String, key: String, value: String?) {
+ runAsShell(READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG) {
+ val keyPair = Pair(namespace, key)
+ if (!originalConfig.containsKey(keyPair)) {
+ originalConfig[keyPair] = DeviceConfig.getProperty(namespace, key)
+ }
+ usedConfig[keyPair] = value
+ DeviceConfig.setProperty(namespace, key, value, false /* makeDefault */)
+ }
+ }
+
+ /**
+ * Add an action to be run after config cleanup when the current test case ends.
+ */
+ fun runAfterNextCleanup(action: Runnable) {
+ currentTestCleanupActions.add(action)
+ }
+}
diff --git a/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt b/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
index db24b44..54d6818 100644
--- a/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
+++ b/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
@@ -30,11 +30,14 @@
import android.net.EthernetManager.STATE_LINK_UP
import android.net.EthernetManager.TetheredInterfaceCallback
import android.net.EthernetManager.TetheredInterfaceRequest
+import android.net.EthernetNetworkManagementException
import android.net.EthernetNetworkSpecifier
+import android.net.EthernetNetworkUpdateRequest
import android.net.InetAddresses
import android.net.IpConfiguration
import android.net.MacAddress
import android.net.Network
+import android.net.NetworkCapabilities
import android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED
import android.net.NetworkCapabilities.TRANSPORT_ETHERNET
import android.net.NetworkCapabilities.TRANSPORT_TEST
@@ -44,8 +47,8 @@
import android.net.cts.EthernetManagerTest.EthernetStateListener.CallbackEntry.InterfaceStateChanged
import android.os.Build
import android.os.Handler
-import android.os.HandlerExecutor
import android.os.Looper
+import android.os.OutcomeReceiver
import android.os.SystemProperties
import android.platform.test.annotations.AppModeFull
import android.util.ArraySet
@@ -53,6 +56,7 @@
import com.android.net.module.util.ArrayTrackRecord
import com.android.net.module.util.TrackRecord
import com.android.testutils.anyNetwork
+import com.android.testutils.ConnectivityModuleTest
import com.android.testutils.DevSdkIgnoreRule
import com.android.testutils.DevSdkIgnoreRunner
import com.android.testutils.RecorderCallback.CallbackEntry.Available
@@ -94,35 +98,42 @@
@AppModeFull(reason = "Instant apps can't access EthernetManager")
// EthernetManager is not updatable before T, so tests do not need to be backwards compatible.
@RunWith(DevSdkIgnoreRunner::class)
+// This test depends on behavior introduced post-T as part of connectivity module updates
+@ConnectivityModuleTest
@DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.S_V2)
class EthernetManagerTest {
private val context by lazy { InstrumentationRegistry.getInstrumentation().context }
private val em by lazy { context.getSystemService(EthernetManager::class.java) }
private val cm by lazy { context.getSystemService(ConnectivityManager::class.java) }
+ private val handler by lazy { Handler(Looper.getMainLooper()) }
private val ifaceListener = EthernetStateListener()
private val createdIfaces = ArrayList<EthernetTestInterface>()
private val addedListeners = ArrayList<EthernetStateListener>()
- private val networkRequests = ArrayList<TestableNetworkCallback>()
+ private val registeredCallbacks = ArrayList<TestableNetworkCallback>()
private var tetheredInterfaceRequest: TetheredInterfaceRequest? = null
private class EthernetTestInterface(
context: Context,
- private val handler: Handler
+ private val handler: Handler,
+ hasCarrier: Boolean
) {
private val tapInterface: TestNetworkInterface
private val packetReader: TapPacketReader
private val raResponder: RouterAdvertisementResponder
- val interfaceName get() = tapInterface.interfaceName
+ private val tnm: TestNetworkManager
+ val name get() = tapInterface.interfaceName
init {
- tapInterface = runAsShell(MANAGE_TEST_NETWORKS) {
- val tnm = context.getSystemService(TestNetworkManager::class.java)
- tnm.createTapInterface(false /* bringUp */)
+ tnm = runAsShell(MANAGE_TEST_NETWORKS) {
+ context.getSystemService(TestNetworkManager::class.java)
}
- val mtu = 1500
+ tapInterface = runAsShell(MANAGE_TEST_NETWORKS) {
+ tnm.createTapInterface(hasCarrier, false /* bringUp */)
+ }
+ val mtu = tapInterface.mtu
packetReader = TapPacketReader(handler, tapInterface.fileDescriptor.fileDescriptor, mtu)
raResponder = RouterAdvertisementResponder(packetReader)
raResponder.addRouterEntry(MacAddress.fromString("01:23:45:67:89:ab"),
@@ -132,6 +143,12 @@
raResponder.start()
}
+ fun setCarrierEnabled(enabled: Boolean) {
+ runAsShell(MANAGE_TEST_NETWORKS) {
+ tnm.setCarrierEnabled(tapInterface, enabled)
+ }
+ }
+
fun destroy() {
raResponder.stop()
handler.post({ packetReader.stop() })
@@ -172,7 +189,7 @@
}
fun expectCallback(iface: EthernetTestInterface, state: Int, role: Int) {
- expectCallback(createChangeEvent(iface.interfaceName, state, role))
+ expectCallback(createChangeEvent(iface.name, state, role))
}
fun createChangeEvent(iface: String, state: Int, role: Int) =
@@ -190,7 +207,7 @@
}
fun eventuallyExpect(iface: EthernetTestInterface, state: Int, role: Int) {
- eventuallyExpect(iface.interfaceName, state, role)
+ eventuallyExpect(iface.name, state, role)
}
fun assertNoCallback() {
@@ -227,6 +244,35 @@
}
}
+ private class EthernetOutcomeReceiver :
+ OutcomeReceiver<String, EthernetNetworkManagementException> {
+ private val result = CompletableFuture<String>()
+
+ override fun onResult(iface: String) {
+ result.complete(iface)
+ }
+
+ override fun onError(e: EthernetNetworkManagementException) {
+ result.completeExceptionally(e)
+ }
+
+ fun expectResult(expected: String) {
+ assertEquals(expected, result.get(TIMEOUT_MS, TimeUnit.MILLISECONDS))
+ }
+
+ fun expectError() {
+ // Assert that the future fails with EthernetNetworkManagementException from the
+ // completeExceptionally() call inside onUnavailable.
+ assertFailsWith(EthernetNetworkManagementException::class) {
+ try {
+ result.get()
+ } catch (e: ExecutionException) {
+ throw e.cause!!
+ }
+ }
+ }
+ }
+
@Before
fun setUp() {
setIncludeTestInterfaces(true)
@@ -243,26 +289,28 @@
for (listener in addedListeners) {
em.removeInterfaceStateListener(listener)
}
- networkRequests.forEach { cm.unregisterNetworkCallback(it) }
+ registeredCallbacks.forEach { cm.unregisterNetworkCallback(it) }
releaseTetheredInterface()
}
private fun addInterfaceStateListener(listener: EthernetStateListener) {
runAsShell(CONNECTIVITY_USE_RESTRICTED_NETWORKS) {
- em.addInterfaceStateListener(HandlerExecutor(Handler(Looper.getMainLooper())), listener)
+ em.addInterfaceStateListener(handler::post, listener)
}
addedListeners.add(listener)
}
- private fun createInterface(): EthernetTestInterface {
+ private fun createInterface(hasCarrier: Boolean = true): EthernetTestInterface {
val iface = EthernetTestInterface(
context,
- Handler(Looper.getMainLooper())
+ handler,
+ hasCarrier
).also { createdIfaces.add(it) }
- with(ifaceListener) {
- // when an interface comes up, we should always see a down cb before an up cb.
- eventuallyExpect(iface, STATE_LINK_DOWN, ROLE_CLIENT)
- expectCallback(iface, STATE_LINK_UP, ROLE_CLIENT)
+
+ // when an interface comes up, we should always see a down cb before an up cb.
+ ifaceListener.eventuallyExpect(iface, STATE_LINK_DOWN, ROLE_CLIENT)
+ if (hasCarrier) {
+ ifaceListener.expectCallback(iface, STATE_LINK_UP, ROLE_CLIENT)
}
return iface
}
@@ -282,18 +330,20 @@
private fun requestNetwork(request: NetworkRequest): TestableNetworkCallback {
return TestableNetworkCallback().also {
cm.requestNetwork(request, it)
- networkRequests.add(it)
+ registeredCallbacks.add(it)
}
}
- private fun releaseNetwork(cb: TestableNetworkCallback) {
- cm.unregisterNetworkCallback(cb)
- networkRequests.remove(cb)
+ private fun registerNetworkListener(request: NetworkRequest): TestableNetworkCallback {
+ return TestableNetworkCallback().also {
+ cm.registerNetworkCallback(request, it)
+ registeredCallbacks.add(it)
+ }
}
private fun requestTetheredInterface() = TetheredInterfaceListener().also {
tetheredInterfaceRequest = runAsShell(NETWORK_SETTINGS) {
- em.requestTetheredInterface(HandlerExecutor(Handler(Looper.getMainLooper())), it)
+ em.requestTetheredInterface(handler::post, it)
}
}
@@ -304,22 +354,65 @@
}
}
+ private fun releaseRequest(cb: TestableNetworkCallback) {
+ cm.unregisterNetworkCallback(cb)
+ registeredCallbacks.remove(cb)
+ }
+
+ private fun disableInterface(iface: EthernetTestInterface) = EthernetOutcomeReceiver().also {
+ runAsShell(MANAGE_TEST_NETWORKS) {
+ em.disableInterface(iface.name, handler::post, it)
+ }
+ }
+
+ private fun enableInterface(iface: EthernetTestInterface) = EthernetOutcomeReceiver().also {
+ runAsShell(MANAGE_TEST_NETWORKS) {
+ em.enableInterface(iface.name, handler::post, it)
+ }
+ }
+
+ private fun updateConfiguration(
+ iface: EthernetTestInterface,
+ ipConfig: IpConfiguration? = null,
+ capabilities: NetworkCapabilities? = null
+ ) = EthernetOutcomeReceiver().also {
+ runAsShell(MANAGE_TEST_NETWORKS) {
+ em.updateConfiguration(
+ iface.name,
+ EthernetNetworkUpdateRequest.Builder()
+ .setIpConfiguration(ipConfig)
+ .setNetworkCapabilities(capabilities).build(),
+ handler::post,
+ it)
+ }
+ }
+
+ // NetworkRequest.Builder does not create a copy of the passed NetworkRequest, so in order to
+ // keep ETH_REQUEST as it is, a defensive copy is created here.
private fun NetworkRequest.createCopyWithEthernetSpecifier(ifaceName: String) =
NetworkRequest.Builder(NetworkRequest(ETH_REQUEST))
.setNetworkSpecifier(EthernetNetworkSpecifier(ifaceName)).build()
// It can take multiple seconds for the network to become available.
private fun TestableNetworkCallback.expectAvailable() =
- expectCallback<Available>(anyNetwork(), 5000/*ms timeout*/).network
+ expectCallback<Available>(anyNetwork(), 5000 /* ms timeout */).network
// b/233534110: eventuallyExpect<Lost>() does not advance ReadHead, use
// eventuallyExpect(Lost::class) instead.
private fun TestableNetworkCallback.eventuallyExpectLost(n: Network? = null) =
eventuallyExpect(Lost::class, TIMEOUT_MS) { n?.equals(it.network) ?: true }
- private fun TestableNetworkCallback.assertNotLost(n: Network? = null) =
+ private fun TestableNetworkCallback.assertNeverLost(n: Network? = null) =
assertNoCallbackThat() { it is Lost && (n?.equals(it.network) ?: true) }
+ private fun TestableNetworkCallback.assertNeverAvailable(n: Network? = null) =
+ assertNoCallbackThat() { it is Available && (n?.equals(it.network) ?: true) }
+
+ private fun TestableNetworkCallback.expectCapabilitiesWithInterfaceName(name: String) =
+ expectCapabilitiesThat(anyNetwork()) {
+ it.networkSpecifier == EthernetNetworkSpecifier(name)
+ }
+
@Test
fun testCallbacks() {
// If an interface exists when the callback is registered, it is reported on registration.
@@ -398,11 +491,8 @@
assertTrue(polledIfaces.add(iface), "Duplicate interface $iface returned")
assertTrue(ifaces.contains(iface), "Untracked interface $iface returned")
// If the event's iface was created in the test, additional criteria can be validated.
- createdIfaces.find { it.interfaceName.equals(iface) }?.let {
- assertEquals(event,
- listener.createChangeEvent(it.interfaceName,
- STATE_LINK_UP,
- ROLE_CLIENT))
+ createdIfaces.find { it.name.equals(iface) }?.let {
+ assertEquals(event, listener.createChangeEvent(it.name, STATE_LINK_UP, ROLE_CLIENT))
}
}
// Assert all callbacks are accounted for.
@@ -411,87 +501,75 @@
@Test
fun testGetInterfaceList() {
- setIncludeTestInterfaces(true)
-
// Create two test interfaces and check the return list contains the interface names.
val iface1 = createInterface()
val iface2 = createInterface()
var ifaces = em.getInterfaceList()
assertTrue(ifaces.size > 0)
- assertTrue(ifaces.contains(iface1.interfaceName))
- assertTrue(ifaces.contains(iface2.interfaceName))
+ assertTrue(ifaces.contains(iface1.name))
+ assertTrue(ifaces.contains(iface2.name))
// Remove one existing test interface and check the return list doesn't contain the
// removed interface name.
removeInterface(iface1)
ifaces = em.getInterfaceList()
- assertFalse(ifaces.contains(iface1.interfaceName))
- assertTrue(ifaces.contains(iface2.interfaceName))
+ assertFalse(ifaces.contains(iface1.name))
+ assertTrue(ifaces.contains(iface2.name))
removeInterface(iface2)
}
@Test
fun testNetworkRequest_withSingleExistingInterface() {
- setIncludeTestInterfaces(true)
createInterface()
// install a listener which will later be used to verify the Lost callback
- val listenerCb = TestableNetworkCallback()
- cm.registerNetworkCallback(ETH_REQUEST, listenerCb)
- networkRequests.add(listenerCb)
+ val listenerCb = registerNetworkListener(ETH_REQUEST)
val cb = requestNetwork(ETH_REQUEST)
val network = cb.expectAvailable()
- cb.assertNotLost()
- releaseNetwork(cb)
+ cb.assertNeverLost()
+ releaseRequest(cb)
listenerCb.eventuallyExpectLost(network)
}
@Test
fun testNetworkRequest_beforeSingleInterfaceIsUp() {
- setIncludeTestInterfaces(true)
-
val cb = requestNetwork(ETH_REQUEST)
- // bring up interface after network has been requested
+ // bring up interface after network has been requested.
+ // Note: there is no guarantee that the NetworkRequest has been processed before the
+ // interface is actually created. That being said, it takes a few seconds between calling
+ // createInterface and the interface actually being properly registered with the ethernet
+ // module, so it is extremely unlikely that the CS handler thread has not run until then.
val iface = createInterface()
val network = cb.expectAvailable()
// remove interface before network request has been removed
- cb.assertNotLost()
+ cb.assertNeverLost()
removeInterface(iface)
cb.eventuallyExpectLost()
-
- releaseNetwork(cb)
}
@Test
fun testNetworkRequest_withMultipleInterfaces() {
- setIncludeTestInterfaces(true)
-
val iface1 = createInterface()
val iface2 = createInterface()
- val cb = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface2.interfaceName))
+ val cb = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface2.name))
val network = cb.expectAvailable()
- cb.expectCapabilitiesThat(network) {
- it.networkSpecifier == EthernetNetworkSpecifier(iface2.interfaceName)
- }
+ cb.expectCapabilitiesWithInterfaceName(iface2.name)
removeInterface(iface1)
- cb.assertNotLost()
+ cb.assertNeverLost()
removeInterface(iface2)
cb.eventuallyExpectLost()
-
- releaseNetwork(cb)
}
@Test
fun testNetworkRequest_withInterfaceBeingReplaced() {
- setIncludeTestInterfaces(true)
val iface1 = createInterface()
val cb = requestNetwork(ETH_REQUEST)
@@ -499,36 +577,67 @@
// create another network and verify the request sticks to the current network
val iface2 = createInterface()
- cb.assertNotLost()
+ cb.assertNeverLost()
// remove iface1 and verify the request brings up iface2
removeInterface(iface1)
cb.eventuallyExpectLost(network)
val network2 = cb.expectAvailable()
-
- releaseNetwork(cb)
}
@Test
fun testNetworkRequest_withMultipleInterfacesAndRequests() {
- setIncludeTestInterfaces(true)
val iface1 = createInterface()
val iface2 = createInterface()
- val cb1 = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface1.interfaceName))
- val cb2 = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface2.interfaceName))
+ val cb1 = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface1.name))
+ val cb2 = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface2.name))
val cb3 = requestNetwork(ETH_REQUEST)
cb1.expectAvailable()
+ cb1.expectCapabilitiesWithInterfaceName(iface1.name)
cb2.expectAvailable()
+ cb2.expectCapabilitiesWithInterfaceName(iface2.name)
+ // this request can be matched by either network.
cb3.expectAvailable()
- cb1.assertNotLost()
- cb2.assertNotLost()
- cb3.assertNotLost()
+ cb1.assertNeverLost()
+ cb2.assertNeverLost()
+ cb3.assertNeverLost()
+ }
- releaseNetwork(cb1)
- releaseNetwork(cb2)
- releaseNetwork(cb3)
+ @Test
+ fun testNetworkRequest_ensureProperRefcounting() {
+ // create first request before interface is up / exists; create another request after it has
+ // been created; release one of them and check that the network stays up.
+ val listener = registerNetworkListener(ETH_REQUEST)
+ val cb1 = requestNetwork(ETH_REQUEST)
+
+ val iface = createInterface()
+ val network = cb1.expectAvailable()
+
+ val cb2 = requestNetwork(ETH_REQUEST)
+ cb2.expectAvailable()
+
+ // release the first request; this used to trigger b/197548738
+ releaseRequest(cb1)
+
+ cb2.assertNeverLost()
+ releaseRequest(cb2)
+ listener.eventuallyExpectLost(network)
+ }
+
+ @Test
+ fun testNetworkRequest_forInterfaceWhileTogglingCarrier() {
+ val iface = createInterface(false /* hasCarrier */)
+
+ val cb = requestNetwork(ETH_REQUEST)
+ cb.assertNeverAvailable()
+
+ iface.setCarrierEnabled(true)
+ cb.expectAvailable()
+
+ iface.setCarrierEnabled(false)
+ cb.eventuallyExpectLost()
}
}
diff --git a/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt b/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
index 391d03a..462c8a3 100644
--- a/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
+++ b/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
@@ -16,16 +16,11 @@
package android.net.cts
-import android.Manifest
+import android.Manifest.permission.WRITE_DEVICE_CONFIG
import android.net.util.NetworkStackUtils
import android.provider.DeviceConfig
import android.provider.DeviceConfig.NAMESPACE_CONNECTIVITY
-import android.util.Log
import com.android.testutils.runAsShell
-import com.android.testutils.tryTest
-import java.util.concurrent.CompletableFuture
-import java.util.concurrent.Executor
-import java.util.concurrent.TimeUnit
/**
* Collection of utility methods for configuring network validation.
@@ -38,9 +33,14 @@
* Clear the test network validation URLs.
*/
@JvmStatic fun clearValidationTestUrlsDeviceConfig() {
- setHttpsUrlDeviceConfig(null)
- setHttpUrlDeviceConfig(null)
- setUrlExpirationDeviceConfig(null)
+ runAsShell(WRITE_DEVICE_CONFIG) {
+ DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
+ NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL, null, false)
+ DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
+ NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL, null, false)
+ DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
+ NetworkStackUtils.TEST_URL_EXPIRATION_TIME, null, false)
+ }
}
/**
@@ -48,71 +48,28 @@
*
* @see NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL
*/
- @JvmStatic fun setHttpsUrlDeviceConfig(url: String?) =
- setConfig(NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL, url)
+ @JvmStatic
+ fun setHttpsUrlDeviceConfig(rule: DeviceConfigRule, url: String?) =
+ rule.setConfig(NAMESPACE_CONNECTIVITY,
+ NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL, url)
/**
* Set the test validation HTTP URL.
*
* @see NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL
*/
- @JvmStatic fun setHttpUrlDeviceConfig(url: String?) =
- setConfig(NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL, url)
+ @JvmStatic
+ fun setHttpUrlDeviceConfig(rule: DeviceConfigRule, url: String?) =
+ rule.setConfig(NAMESPACE_CONNECTIVITY,
+ NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL, url)
/**
* Set the test validation URL expiration.
*
* @see NetworkStackUtils.TEST_URL_EXPIRATION_TIME
*/
- @JvmStatic fun setUrlExpirationDeviceConfig(timestamp: Long?) =
- setConfig(NetworkStackUtils.TEST_URL_EXPIRATION_TIME, timestamp?.toString())
-
- private fun setConfig(configKey: String, value: String?): String? {
- Log.i(TAG, "Setting config \"$configKey\" to \"$value\"")
- val readWritePermissions = arrayOf(
- Manifest.permission.READ_DEVICE_CONFIG,
- Manifest.permission.WRITE_DEVICE_CONFIG)
-
- val existingValue = runAsShell(*readWritePermissions) {
- DeviceConfig.getProperty(NAMESPACE_CONNECTIVITY, configKey)
- }
- if (existingValue == value) {
- // Already the correct value. There may be a race if a change is already in flight,
- // but if multiple threads update the config there is no way to fix that anyway.
- Log.i(TAG, "\$configKey\" already had value \"$value\"")
- return value
- }
-
- val future = CompletableFuture<String>()
- val listener = DeviceConfig.OnPropertiesChangedListener {
- // The listener receives updates for any change to any key, so don't react to
- // changes that do not affect the relevant key
- if (!it.keyset.contains(configKey)) return@OnPropertiesChangedListener
- if (it.getString(configKey, null) == value) {
- future.complete(value)
- }
- }
-
- return tryTest {
- runAsShell(*readWritePermissions) {
- DeviceConfig.addOnPropertiesChangedListener(
- NAMESPACE_CONNECTIVITY,
- inlineExecutor,
- listener)
- DeviceConfig.setProperty(
- NAMESPACE_CONNECTIVITY,
- configKey,
- value,
- false /* makeDefault */)
- // Don't drop the permission until the config is applied, just in case
- future.get(TIMEOUT_MS, TimeUnit.MILLISECONDS)
- }.also {
- Log.i(TAG, "Config \"$configKey\" successfully set to \"$value\"")
- }
- } cleanup {
- DeviceConfig.removeOnPropertiesChangedListener(listener)
- }
- }
-
- private val inlineExecutor get() = Executor { r -> r.run() }
+ @JvmStatic
+ fun setUrlExpirationDeviceConfig(rule: DeviceConfigRule, timestamp: Long?) =
+ rule.setConfig(NAMESPACE_CONNECTIVITY,
+ NetworkStackUtils.TEST_URL_EXPIRATION_TIME, timestamp?.toString())
}
diff --git a/tests/native/connectivity_native_test.cpp b/tests/native/connectivity_native_test.cpp
index 3db5265..29b14ca 100644
--- a/tests/native/connectivity_native_test.cpp
+++ b/tests/native/connectivity_native_test.cpp
@@ -233,54 +233,29 @@
}
TEST_F(ConnectivityNativeBinderTest, BlockNegativePort) {
- int retry = 0;
- ndk::ScopedAStatus status;
- do {
- status = mService->blockPortForBind(-1);
- // TODO: find out why transaction failed is being thrown on the first attempt.
- } while (status.getExceptionCode() == EX_TRANSACTION_FAILED && retry++ < 5);
+ ndk::ScopedAStatus status = mService->blockPortForBind(-1);
EXPECT_EQ(EX_ILLEGAL_ARGUMENT, status.getExceptionCode());
}
TEST_F(ConnectivityNativeBinderTest, UnblockNegativePort) {
- int retry = 0;
- ndk::ScopedAStatus status;
- do {
- status = mService->unblockPortForBind(-1);
- // TODO: find out why transaction failed is being thrown on the first attempt.
- } while (status.getExceptionCode() == EX_TRANSACTION_FAILED && retry++ < 5);
+ ndk::ScopedAStatus status = mService->unblockPortForBind(-1);
EXPECT_EQ(EX_ILLEGAL_ARGUMENT, status.getExceptionCode());
}
TEST_F(ConnectivityNativeBinderTest, BlockMaxPort) {
- int retry = 0;
- ndk::ScopedAStatus status;
- do {
- status = mService->blockPortForBind(65536);
- // TODO: find out why transaction failed is being thrown on the first attempt.
- } while (status.getExceptionCode() == EX_TRANSACTION_FAILED && retry++ < 5);
+ ndk::ScopedAStatus status = mService->blockPortForBind(65536);
EXPECT_EQ(EX_ILLEGAL_ARGUMENT, status.getExceptionCode());
}
TEST_F(ConnectivityNativeBinderTest, UnblockMaxPort) {
- int retry = 0;
- ndk::ScopedAStatus status;
- do {
- status = mService->unblockPortForBind(65536);
- // TODO: find out why transaction failed is being thrown on the first attempt.
- } while (status.getExceptionCode() == EX_TRANSACTION_FAILED && retry++ < 5);
+ ndk::ScopedAStatus status = mService->unblockPortForBind(65536);
EXPECT_EQ(EX_ILLEGAL_ARGUMENT, status.getExceptionCode());
}
TEST_F(ConnectivityNativeBinderTest, CheckPermission) {
- int retry = 0;
int curUid = getuid();
EXPECT_EQ(0, seteuid(FIRST_APPLICATION_UID + 2000)) << "seteuid failed: " << strerror(errno);
- ndk::ScopedAStatus status;
- do {
- status = mService->blockPortForBind(5555);
- // TODO: find out why transaction failed is being thrown on the first attempt.
- } while (status.getExceptionCode() == EX_TRANSACTION_FAILED && retry++ < 5);
+ ndk::ScopedAStatus status = mService->blockPortForBind(5555);
EXPECT_EQ(EX_SECURITY, status.getExceptionCode());
EXPECT_EQ(0, seteuid(curUid)) << "seteuid failed: " << strerror(errno);
}
diff --git a/tests/unit/java/com/android/server/connectivity/VpnTest.java b/tests/unit/java/com/android/server/connectivity/VpnTest.java
index cdfa190..e8702b9 100644
--- a/tests/unit/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/unit/java/com/android/server/connectivity/VpnTest.java
@@ -27,7 +27,9 @@
import static android.net.ConnectivityManager.NetworkCallback;
import static android.net.INetd.IF_STATE_DOWN;
import static android.net.INetd.IF_STATE_UP;
+import static android.net.RouteInfo.RTN_UNREACHABLE;
import static android.net.VpnManager.TYPE_VPN_PLATFORM;
+import static android.net.ipsec.ike.IkeSessionConfiguration.EXTENSION_TYPE_MOBIKE;
import static android.os.Build.VERSION_CODES.S_V2;
import static android.os.UserHandle.PER_USER_RANGE;
@@ -39,6 +41,7 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.junit.Assume.assumeTrue;
@@ -59,6 +62,7 @@
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.reset;
+import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.timeout;
import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
@@ -83,7 +87,9 @@
import android.net.InetAddresses;
import android.net.InterfaceConfigurationParcel;
import android.net.IpPrefix;
+import android.net.IpSecConfig;
import android.net.IpSecManager;
+import android.net.IpSecTransform;
import android.net.IpSecTunnelInterfaceResponse;
import android.net.LinkAddress;
import android.net.LinkProperties;
@@ -100,7 +106,12 @@
import android.net.VpnProfileState;
import android.net.VpnService;
import android.net.VpnTransportInfo;
+import android.net.ipsec.ike.ChildSessionCallback;
+import android.net.ipsec.ike.ChildSessionConfiguration;
import android.net.ipsec.ike.IkeSessionCallback;
+import android.net.ipsec.ike.IkeSessionConfiguration;
+import android.net.ipsec.ike.IkeSessionConnectionInfo;
+import android.net.ipsec.ike.IkeTrafficSelector;
import android.net.ipsec.ike.exceptions.IkeException;
import android.net.ipsec.ike.exceptions.IkeNetworkLostException;
import android.net.ipsec.ike.exceptions.IkeNonProtocolException;
@@ -121,6 +132,7 @@
import android.security.Credentials;
import android.util.ArrayMap;
import android.util.ArraySet;
+import android.util.Pair;
import android.util.Range;
import androidx.test.filters.SmallTest;
@@ -155,6 +167,7 @@
import java.io.FileWriter;
import java.io.IOException;
import java.net.Inet4Address;
+import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
@@ -165,6 +178,8 @@
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.ScheduledFuture;
+import java.util.concurrent.ScheduledThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
@@ -198,11 +213,37 @@
static final Network EGRESS_NETWORK = new Network(101);
static final String EGRESS_IFACE = "wlan0";
static final String TEST_VPN_PKG = "com.testvpn.vpn";
+ private static final String TEST_VPN_CLIENT = "2.4.6.8";
private static final String TEST_VPN_SERVER = "1.2.3.4";
private static final String TEST_VPN_IDENTITY = "identity";
private static final byte[] TEST_VPN_PSK = "psk".getBytes();
+ private static final int IP4_PREFIX_LEN = 32;
+ private static final int MIN_PORT = 0;
+ private static final int MAX_PORT = 65535;
+
+ private static final InetAddress TEST_VPN_CLIENT_IP =
+ InetAddresses.parseNumericAddress(TEST_VPN_CLIENT);
+ private static final InetAddress TEST_VPN_SERVER_IP =
+ InetAddresses.parseNumericAddress(TEST_VPN_SERVER);
+ private static final InetAddress TEST_VPN_CLIENT_IP_2 =
+ InetAddresses.parseNumericAddress("192.0.2.200");
+ private static final InetAddress TEST_VPN_SERVER_IP_2 =
+ InetAddresses.parseNumericAddress("192.0.2.201");
+ private static final InetAddress TEST_VPN_INTERNAL_IP =
+ InetAddresses.parseNumericAddress("198.51.100.10");
+ private static final InetAddress TEST_VPN_INTERNAL_DNS =
+ InetAddresses.parseNumericAddress("8.8.8.8");
+
+ private static final IkeTrafficSelector IN_TS =
+ new IkeTrafficSelector(MIN_PORT, MAX_PORT, TEST_VPN_INTERNAL_IP, TEST_VPN_INTERNAL_IP);
+ private static final IkeTrafficSelector OUT_TS =
+ new IkeTrafficSelector(MIN_PORT, MAX_PORT,
+ InetAddresses.parseNumericAddress("0.0.0.0"),
+ InetAddresses.parseNumericAddress("255.255.255.255"));
+
private static final Network TEST_NETWORK = new Network(Integer.MAX_VALUE);
+ private static final Network TEST_NETWORK_2 = new Network(Integer.MAX_VALUE - 1);
private static final String TEST_IFACE_NAME = "TEST_IFACE";
private static final int TEST_TUNNEL_RESOURCE_ID = 0x2345;
private static final long TEST_TIMEOUT_MS = 500L;
@@ -234,15 +275,21 @@
@Mock private AppOpsManager mAppOps;
@Mock private NotificationManager mNotificationManager;
@Mock private Vpn.SystemServices mSystemServices;
+ @Mock private Vpn.IkeSessionWrapper mIkeSessionWrapper;
@Mock private Vpn.Ikev2SessionCreator mIkev2SessionCreator;
+ @Mock private NetworkAgent mMockNetworkAgent;
@Mock private ConnectivityManager mConnectivityManager;
@Mock private IpSecService mIpSecService;
@Mock private VpnProfileStore mVpnProfileStore;
+ @Mock private ScheduledThreadPoolExecutor mExecutor;
+ @Mock private ScheduledFuture mScheduledFuture;
@Mock DeviceIdleInternal mDeviceIdleInternal;
private final VpnProfile mVpnProfile;
private IpSecManager mIpSecManager;
+ private TestDeps mTestDeps;
+
public VpnTest() throws Exception {
// Build an actual VPN profile that is capable of being converted to and from an
// Ikev2VpnProfile
@@ -257,6 +304,7 @@
MockitoAnnotations.initMocks(this);
mIpSecManager = new IpSecManager(mContext, mIpSecService);
+ mTestDeps = spy(new TestDeps());
when(mContext.getPackageManager()).thenReturn(mPackageManager);
setMockedPackages(mPackages);
@@ -297,6 +345,28 @@
// itself, so set the default value of Context#checkCallingOrSelfPermission to
// PERMISSION_DENIED.
doReturn(PERMISSION_DENIED).when(mContext).checkCallingOrSelfPermission(any());
+
+ // Set up mIkev2SessionCreator and mExecutor
+ resetIkev2SessionCreator(mIkeSessionWrapper);
+ resetExecutor(mScheduledFuture);
+ }
+
+ private void resetIkev2SessionCreator(Vpn.IkeSessionWrapper ikeSession) {
+ reset(mIkev2SessionCreator);
+ when(mIkev2SessionCreator.createIkeSession(any(), any(), any(), any(), any(), any()))
+ .thenReturn(ikeSession);
+ }
+
+ private void resetExecutor(ScheduledFuture scheduledFuture) {
+ doAnswer(
+ (invocation) -> {
+ ((Runnable) invocation.getArgument(0)).run();
+ return null;
+ })
+ .when(mExecutor)
+ .execute(any());
+ when(mExecutor.schedule(
+ any(Runnable.class), anyLong(), any())).thenReturn(mScheduledFuture);
}
@After
@@ -1344,25 +1414,38 @@
verify(mConnectivityManager, timeout(TEST_TIMEOUT_MS))
.unregisterNetworkCallback(eq(cb));
} else if (errorType == VpnManager.ERROR_CLASS_RECOVERABLE) {
- // To prevent spending much time to test the retry function, only retry 2 times here.
int retryIndex = 0;
- verify(mIkev2SessionCreator,
- timeout(((TestDeps) vpn.mDeps).getNextRetryDelaySeconds(retryIndex++) * 1000
- + TEST_TIMEOUT_MS))
- .createIkeSession(any(), any(), any(), any(), captor.capture(), any());
+ final IkeSessionCallback ikeCb2 = verifyRetryAndGetNewIkeCb(retryIndex++);
- // Capture a new IkeSessionCallback to get the latest token.
- reset(mIkev2SessionCreator);
- final IkeSessionCallback ikeCb2 = captor.getValue();
ikeCb2.onClosedWithException(exception);
- verify(mIkev2SessionCreator,
- timeout(((TestDeps) vpn.mDeps).getNextRetryDelaySeconds(retryIndex++) * 1000
- + TEST_TIMEOUT_MS))
- .createIkeSession(any(), any(), any(), any(), captor.capture(), any());
- reset(mIkev2SessionCreator);
+ verifyRetryAndGetNewIkeCb(retryIndex++);
}
}
+ private IkeSessionCallback verifyRetryAndGetNewIkeCb(int retryIndex) {
+ final ArgumentCaptor<Runnable> runnableCaptor =
+ ArgumentCaptor.forClass(Runnable.class);
+ final ArgumentCaptor<IkeSessionCallback> ikeCbCaptor =
+ ArgumentCaptor.forClass(IkeSessionCallback.class);
+
+ // Verify retry is scheduled
+ final long expectedDelay = mTestDeps.getNextRetryDelaySeconds(retryIndex);
+ verify(mExecutor).schedule(runnableCaptor.capture(), eq(expectedDelay), any());
+
+ // Mock the event of firing the retry task
+ runnableCaptor.getValue().run();
+
+ verify(mIkev2SessionCreator)
+ .createIkeSession(any(), any(), any(), any(), ikeCbCaptor.capture(), any());
+
+ // Forget the mIkev2SessionCreator#createIkeSession call and mExecutor#schedule call
+ // for the next retry verification
+ resetIkev2SessionCreator(mIkeSessionWrapper);
+ resetExecutor(mScheduledFuture);
+
+ return ikeCbCaptor.getValue();
+ }
+
@Test
public void testStartPlatformVpnAuthenticationFailed() throws Exception {
final IkeProtocolException exception = mock(IkeProtocolException.class);
@@ -1491,11 +1574,266 @@
return vpn;
}
+ private IkeSessionConnectionInfo createIkeConnectInfo() {
+ return new IkeSessionConnectionInfo(TEST_VPN_CLIENT_IP, TEST_VPN_SERVER_IP, TEST_NETWORK);
+ }
+
+ private IkeSessionConnectionInfo createIkeConnectInfo_2() {
+ return new IkeSessionConnectionInfo(
+ TEST_VPN_CLIENT_IP_2, TEST_VPN_SERVER_IP_2, TEST_NETWORK_2);
+ }
+
+ private IkeSessionConfiguration createIkeConfig(
+ IkeSessionConnectionInfo ikeConnectInfo, boolean isMobikeEnabled) {
+ final IkeSessionConfiguration.Builder builder =
+ new IkeSessionConfiguration.Builder(ikeConnectInfo);
+
+ if (isMobikeEnabled) {
+ builder.addIkeExtension(EXTENSION_TYPE_MOBIKE);
+ }
+
+ return builder.build();
+ }
+
+ private ChildSessionConfiguration createChildConfig() {
+ return new ChildSessionConfiguration.Builder(Arrays.asList(IN_TS), Arrays.asList(OUT_TS))
+ .addInternalAddress(new LinkAddress(TEST_VPN_INTERNAL_IP, IP4_PREFIX_LEN))
+ .addInternalDnsServer(TEST_VPN_INTERNAL_DNS)
+ .build();
+ }
+
+ private IpSecTransform createIpSecTransform() {
+ return new IpSecTransform(mContext, new IpSecConfig());
+ }
+
+ private void verifyApplyTunnelModeTransforms(int expectedTimes) throws Exception {
+ verify(mIpSecService, times(expectedTimes)).applyTunnelModeTransform(
+ eq(TEST_TUNNEL_RESOURCE_ID), eq(IpSecManager.DIRECTION_IN),
+ anyInt(), anyString());
+ verify(mIpSecService, times(expectedTimes)).applyTunnelModeTransform(
+ eq(TEST_TUNNEL_RESOURCE_ID), eq(IpSecManager.DIRECTION_OUT),
+ anyInt(), anyString());
+ }
+
+ private Pair<IkeSessionCallback, ChildSessionCallback> verifyCreateIkeAndCaptureCbs()
+ throws Exception {
+ final ArgumentCaptor<IkeSessionCallback> ikeCbCaptor =
+ ArgumentCaptor.forClass(IkeSessionCallback.class);
+ final ArgumentCaptor<ChildSessionCallback> childCbCaptor =
+ ArgumentCaptor.forClass(ChildSessionCallback.class);
+
+ verify(mIkev2SessionCreator, timeout(TEST_TIMEOUT_MS)).createIkeSession(
+ any(), any(), any(), any(), ikeCbCaptor.capture(), childCbCaptor.capture());
+
+ return new Pair<>(ikeCbCaptor.getValue(), childCbCaptor.getValue());
+ }
+
+ private static class PlatformVpnSnapshot {
+ public final Vpn vpn;
+ public final NetworkCallback nwCb;
+ public final IkeSessionCallback ikeCb;
+ public final ChildSessionCallback childCb;
+
+ PlatformVpnSnapshot(Vpn vpn, NetworkCallback nwCb,
+ IkeSessionCallback ikeCb, ChildSessionCallback childCb) {
+ this.vpn = vpn;
+ this.nwCb = nwCb;
+ this.ikeCb = ikeCb;
+ this.childCb = childCb;
+ }
+ }
+
+ private PlatformVpnSnapshot verifySetupPlatformVpn(IkeSessionConfiguration ikeConfig)
+ throws Exception {
+ doReturn(mMockNetworkAgent).when(mTestDeps)
+ .newNetworkAgent(
+ any(), any(), anyString(), any(), any(), any(), any(), any());
+
+ final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ when(mVpnProfileStore.get(vpn.getProfileNameForPackage(TEST_VPN_PKG)))
+ .thenReturn(mVpnProfile.encode());
+
+ vpn.startVpnProfile(TEST_VPN_PKG);
+ final NetworkCallback nwCb = triggerOnAvailableAndGetCallback();
+
+ // Mock the setup procedure by firing callbacks
+ final Pair<IkeSessionCallback, ChildSessionCallback> cbPair =
+ verifyCreateIkeAndCaptureCbs();
+ final IkeSessionCallback ikeCb = cbPair.first;
+ final ChildSessionCallback childCb = cbPair.second;
+
+ ikeCb.onOpened(ikeConfig);
+ childCb.onIpSecTransformCreated(createIpSecTransform(), IpSecManager.DIRECTION_IN);
+ childCb.onIpSecTransformCreated(createIpSecTransform(), IpSecManager.DIRECTION_OUT);
+ childCb.onOpened(createChildConfig());
+
+ // Verification VPN setup
+ verifyApplyTunnelModeTransforms(1);
+
+ ArgumentCaptor<LinkProperties> lpCaptor = ArgumentCaptor.forClass(LinkProperties.class);
+ ArgumentCaptor<NetworkCapabilities> ncCaptor =
+ ArgumentCaptor.forClass(NetworkCapabilities.class);
+ verify(mTestDeps).newNetworkAgent(
+ any(), any(), anyString(), ncCaptor.capture(), lpCaptor.capture(),
+ any(), any(), any());
+
+ // Check LinkProperties
+ final LinkProperties lp = lpCaptor.getValue();
+ final List<RouteInfo> expectedRoutes = Arrays.asList(
+ new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null /*gateway*/,
+ TEST_IFACE_NAME, RouteInfo.RTN_UNICAST),
+ new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null /*gateway*/,
+ TEST_IFACE_NAME, RTN_UNREACHABLE));
+ assertEquals(expectedRoutes, lp.getRoutes());
+
+ // Check internal addresses
+ final List<LinkAddress> expectedAddresses =
+ Arrays.asList(new LinkAddress(TEST_VPN_INTERNAL_IP, IP4_PREFIX_LEN));
+ assertEquals(expectedAddresses, lp.getLinkAddresses());
+
+ // Check internal DNS
+ assertEquals(Arrays.asList(TEST_VPN_INTERNAL_DNS), lp.getDnsServers());
+
+ // Check NetworkCapabilities
+ assertEquals(Arrays.asList(TEST_NETWORK), ncCaptor.getValue().getUnderlyingNetworks());
+
+ return new PlatformVpnSnapshot(vpn, nwCb, ikeCb, childCb);
+ }
+
@Test
public void testStartPlatformVpn() throws Exception {
- startLegacyVpn(createVpn(primaryUser.id), mVpnProfile);
- // TODO: Test the Ikev2VpnRunner started up properly. Relies on utility methods added in
- // a subsequent patch.
+ final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
+ createIkeConfig(createIkeConnectInfo(), true /* isMobikeEnabled */));
+ vpnSnapShot.vpn.mVpnRunner.exitVpnRunner();
+ }
+
+ @Test
+ public void testStartPlatformVpnMobility_mobikeEnabled() throws Exception {
+ final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
+ createIkeConfig(createIkeConnectInfo(), true /* isMobikeEnabled */));
+
+ // Mock network loss and verify a cleanup task is scheduled
+ vpnSnapShot.nwCb.onLost(TEST_NETWORK);
+ verify(mExecutor).schedule(any(Runnable.class), anyLong(), any());
+
+ // Mock new network comes up and the cleanup task is cancelled
+ vpnSnapShot.nwCb.onAvailable(TEST_NETWORK_2);
+ verify(mScheduledFuture).cancel(anyBoolean());
+
+ // Verify MOBIKE is triggered
+ verify(mIkeSessionWrapper).setNetwork(TEST_NETWORK_2);
+
+ // Mock the MOBIKE procedure
+ vpnSnapShot.ikeCb.onIkeSessionConnectionInfoChanged(createIkeConnectInfo_2());
+ vpnSnapShot.childCb.onIpSecTransformsMigrated(
+ createIpSecTransform(), createIpSecTransform());
+
+ verify(mIpSecService).setNetworkForTunnelInterface(
+ eq(TEST_TUNNEL_RESOURCE_ID), eq(TEST_NETWORK_2), anyString());
+
+ // Expect 2 times: one for initial setup and one for MOBIKE
+ verifyApplyTunnelModeTransforms(2);
+
+ // Verify mNetworkCapabilities and mNetworkAgent are updated
+ assertEquals(
+ Collections.singletonList(TEST_NETWORK_2),
+ vpnSnapShot.vpn.mNetworkCapabilities.getUnderlyingNetworks());
+ verify(mMockNetworkAgent)
+ .setUnderlyingNetworks(Collections.singletonList(TEST_NETWORK_2));
+
+ vpnSnapShot.vpn.mVpnRunner.exitVpnRunner();
+ }
+
+ @Test
+ public void testStartPlatformVpnReestablishes_mobikeDisabled() throws Exception {
+ final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
+ createIkeConfig(createIkeConnectInfo(), false /* isMobikeEnabled */));
+
+ // Forget the first IKE creation to be prepared to capture callbacks of the second
+ // IKE session
+ resetIkev2SessionCreator(mock(Vpn.IkeSessionWrapper.class));
+
+ // Mock network switch
+ vpnSnapShot.nwCb.onLost(TEST_NETWORK);
+ vpnSnapShot.nwCb.onAvailable(TEST_NETWORK_2);
+
+ // Verify the old IKE Session is killed
+ verify(mIkeSessionWrapper).kill();
+
+ // Capture callbacks of the new IKE Session
+ final Pair<IkeSessionCallback, ChildSessionCallback> cbPair =
+ verifyCreateIkeAndCaptureCbs();
+ final IkeSessionCallback ikeCb = cbPair.first;
+ final ChildSessionCallback childCb = cbPair.second;
+
+ // Mock the IKE Session setup
+ ikeCb.onOpened(createIkeConfig(createIkeConnectInfo_2(), false /* isMobikeEnabled */));
+
+ childCb.onIpSecTransformCreated(createIpSecTransform(), IpSecManager.DIRECTION_IN);
+ childCb.onIpSecTransformCreated(createIpSecTransform(), IpSecManager.DIRECTION_OUT);
+ childCb.onOpened(createChildConfig());
+
+ // Expect 2 times since there have been two Session setups
+ verifyApplyTunnelModeTransforms(2);
+
+ // Verify mNetworkCapabilities and mNetworkAgent are updated
+ assertEquals(
+ Collections.singletonList(TEST_NETWORK_2),
+ vpnSnapShot.vpn.mNetworkCapabilities.getUnderlyingNetworks());
+ verify(mMockNetworkAgent)
+ .setUnderlyingNetworks(Collections.singletonList(TEST_NETWORK_2));
+
+ vpnSnapShot.vpn.mVpnRunner.exitVpnRunner();
+ }
+
+ private void verifyHandlingNetworkLoss() throws Exception {
+ final ArgumentCaptor<LinkProperties> lpCaptor =
+ ArgumentCaptor.forClass(LinkProperties.class);
+ verify(mMockNetworkAgent).sendLinkProperties(lpCaptor.capture());
+ final LinkProperties lp = lpCaptor.getValue();
+
+ assertNull(lp.getInterfaceName());
+ final List<RouteInfo> expectedRoutes = Arrays.asList(
+ new RouteInfo(new IpPrefix(Inet4Address.ANY, 0), null /*gateway*/,
+ null /*iface*/, RTN_UNREACHABLE),
+ new RouteInfo(new IpPrefix(Inet6Address.ANY, 0), null /*gateway*/,
+ null /*iface*/, RTN_UNREACHABLE));
+ assertEquals(expectedRoutes, lp.getRoutes());
+ }
+
+ @Test
+ public void testStartPlatformVpnHandlesNetworkLoss_mobikeEnabled() throws Exception {
+ final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
+ createIkeConfig(createIkeConnectInfo(), false /* isMobikeEnabled */));
+
+ // Forget the #sendLinkProperties during first setup.
+ reset(mMockNetworkAgent);
+
+ final ArgumentCaptor<Runnable> runnableCaptor =
+ ArgumentCaptor.forClass(Runnable.class);
+
+ // Mock network loss
+ vpnSnapShot.nwCb.onLost(TEST_NETWORK);
+
+ // Mock the grace period expires
+ verify(mExecutor).schedule(runnableCaptor.capture(), anyLong(), any());
+ runnableCaptor.getValue().run();
+
+ verifyHandlingNetworkLoss();
+ }
+
+ @Test
+ public void testStartPlatformVpnHandlesNetworkLoss_mobikeDisabled() throws Exception {
+ final PlatformVpnSnapshot vpnSnapShot = verifySetupPlatformVpn(
+ createIkeConfig(createIkeConnectInfo(), false /* isMobikeEnabled */));
+
+ // Forget the #sendLinkProperties during first setup.
+ reset(mMockNetworkAgent);
+
+ // Mock network loss
+ vpnSnapShot.nwCb.onLost(TEST_NETWORK);
+
+ verifyHandlingNetworkLoss();
}
@Test
@@ -1578,7 +1916,8 @@
}
}
- private final class TestDeps extends Vpn.Dependencies {
+ // Make it public and un-final so as to spy it
+ public class TestDeps extends Vpn.Dependencies {
public final CompletableFuture<String[]> racoonArgs = new CompletableFuture();
public final CompletableFuture<String[]> mtpdArgs = new CompletableFuture();
public final File mStateFile;
@@ -1713,10 +2052,16 @@
return mDeviceIdleInternal;
}
+ @Override
public long getNextRetryDelaySeconds(int retryCount) {
// Simply return retryCount as the delay seconds for retrying.
return retryCount;
}
+
+ @Override
+ public ScheduledThreadPoolExecutor newScheduledThreadPoolExecutor() {
+ return mExecutor;
+ }
}
/**
@@ -1728,7 +2073,7 @@
when(mContext.createContextAsUser(eq(UserHandle.of(userId)), anyInt()))
.thenReturn(asUserContext);
final TestLooper testLooper = new TestLooper();
- final Vpn vpn = new Vpn(testLooper.getLooper(), mContext, new TestDeps(), mNetService,
+ final Vpn vpn = new Vpn(testLooper.getLooper(), mContext, mTestDeps, mNetService,
mNetd, userId, mVpnProfileStore, mSystemServices, mIkev2SessionCreator);
verify(mConnectivityManager, times(1)).registerNetworkProvider(argThat(
provider -> provider.getName().contains("VpnNetworkProvider")
diff --git a/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java b/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java
index 4f849d2..2178b33 100644
--- a/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java
+++ b/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java
@@ -92,6 +92,8 @@
private Handler mHandler;
private EthernetNetworkFactory mNetFactory = null;
private IpClientCallbacks mIpClientCallbacks;
+ private NetworkOfferCallback mNetworkOfferCallback;
+ private NetworkRequest mRequestToKeepNetworkUp;
@Mock private Context mContext;
@Mock private Resources mResources;
@Mock private EthernetNetworkFactory.Dependencies mDeps;
@@ -244,7 +246,9 @@
ArgumentCaptor<NetworkOfferCallback> captor = ArgumentCaptor.forClass(
NetworkOfferCallback.class);
verify(mNetworkProvider).registerNetworkOffer(any(), any(), any(), captor.capture());
- captor.getValue().onNetworkNeeded(createDefaultRequest());
+ mRequestToKeepNetworkUp = createDefaultRequest();
+ mNetworkOfferCallback = captor.getValue();
+ mNetworkOfferCallback.onNetworkNeeded(mRequestToKeepNetworkUp);
verifyStart(ipConfig);
clearInvocations(mDeps);
@@ -625,6 +629,14 @@
}
@Test
+ public void testUpdateInterfaceAbortsOnNetworkUneededRemovesAllRequests() throws Exception {
+ initEthernetNetworkFactory();
+ verifyNetworkManagementCallIsAbortedWhenInterrupted(
+ TEST_IFACE,
+ () -> mNetworkOfferCallback.onNetworkUnneeded(mRequestToKeepNetworkUp));
+ }
+
+ @Test
public void testUpdateInterfaceCallsListenerCorrectlyOnConcurrentRequests() throws Exception {
initEthernetNetworkFactory();
final NetworkCapabilities capabilities = createDefaultFilterCaps();
diff --git a/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java b/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
index 4fbbc75..1385d8b 100644
--- a/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
+++ b/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
@@ -67,6 +67,9 @@
import static com.android.net.module.util.NetworkStatsUtils.SUBSCRIBER_ID_MATCH_RULE_EXACT;
import static com.android.server.net.NetworkStatsService.ACTION_NETWORK_STATS_POLL;
+import static com.android.server.net.NetworkStatsService.NETSTATS_IMPORT_ATTEMPTS_COUNTER_NAME;
+import static com.android.server.net.NetworkStatsService.NETSTATS_IMPORT_FALLBACKS_COUNTER_NAME;
+import static com.android.server.net.NetworkStatsService.NETSTATS_IMPORT_SUCCESSES_COUNTER_NAME;
import static com.android.testutils.DevSdkIgnoreRuleKt.SC_V2;
import static org.junit.Assert.assertEquals;
@@ -92,13 +95,16 @@
import android.app.AlarmManager;
import android.content.Context;
import android.content.Intent;
+import android.content.res.Resources;
import android.database.ContentObserver;
+import android.net.ConnectivityResources;
import android.net.DataUsageRequest;
import android.net.INetd;
import android.net.INetworkStatsSession;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkCapabilities;
+import android.net.NetworkIdentity;
import android.net.NetworkStateSnapshot;
import android.net.NetworkStats;
import android.net.NetworkStatsCollection;
@@ -125,6 +131,7 @@
import androidx.test.InstrumentationRegistry;
import androidx.test.filters.SmallTest;
+import com.android.connectivity.resources.R;
import com.android.internal.util.FileRotator;
import com.android.internal.util.test.BroadcastInterceptingContext;
import com.android.net.module.util.IBpfMap;
@@ -152,6 +159,7 @@
import org.mockito.MockitoAnnotations;
import java.io.File;
+import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.time.Clock;
@@ -161,6 +169,7 @@
import java.time.temporal.ChronoUnit;
import java.util.Map;
import java.util.Objects;
+import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -242,6 +251,9 @@
private int mImportLegacyTargetAttempts = 0;
private @Mock PersistentInt mImportLegacyAttemptsCounter;
private @Mock PersistentInt mImportLegacySuccessesCounter;
+ private @Mock PersistentInt mImportLegacyFallbacksCounter;
+ private @Mock Resources mResources;
+ private Boolean mIsDebuggable;
private class MockContext extends BroadcastInterceptingContext {
private final Context mBaseContext;
@@ -302,6 +314,12 @@
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
+
+ // Setup mock resources.
+ final Context mockResContext = mock(Context.class);
+ doReturn(mResources).when(mockResContext).getResources();
+ ConnectivityResources.setResourcesContextForTest(mockResContext);
+
final Context context = InstrumentationRegistry.getContext();
mServiceContext = new MockContext(context);
when(mLocationPermissionChecker.checkCallersLocationPermission(
@@ -382,15 +400,18 @@
}
@Override
- public PersistentInt createImportLegacyAttemptsCounter(
- @androidx.annotation.NonNull Path path) {
- return mImportLegacyAttemptsCounter;
- }
-
- @Override
- public PersistentInt createImportLegacySuccessesCounter(
- @androidx.annotation.NonNull Path path) {
- return mImportLegacySuccessesCounter;
+ public PersistentInt createPersistentCounter(@androidx.annotation.NonNull Path dir,
+ @androidx.annotation.NonNull String name) throws IOException {
+ switch (name) {
+ case NETSTATS_IMPORT_ATTEMPTS_COUNTER_NAME:
+ return mImportLegacyAttemptsCounter;
+ case NETSTATS_IMPORT_SUCCESSES_COUNTER_NAME:
+ return mImportLegacySuccessesCounter;
+ case NETSTATS_IMPORT_FALLBACKS_COUNTER_NAME:
+ return mImportLegacyFallbacksCounter;
+ default:
+ throw new IllegalArgumentException("Unknown counter name: " + name);
+ }
}
@Override
@@ -454,6 +475,11 @@
public IBpfMap<UidStatsMapKey, StatsMapValue> getAppUidStatsMap() {
return mAppUidStatsMap;
}
+
+ @Override
+ public boolean isDebuggable() {
+ return mIsDebuggable == Boolean.TRUE;
+ }
};
}
@@ -1890,6 +1916,114 @@
// will decrease the retry counter by 1.
}
+ @Test
+ public void testDataMigration_differentFromFallback() throws Exception {
+ assertStatsFilesExist(false);
+ expectDefaultSettings();
+
+ NetworkStateSnapshot[] states = new NetworkStateSnapshot[]{buildWifiState()};
+
+ mService.notifyNetworkStatus(NETWORKS_WIFI, states, getActiveIface(states),
+ new UnderlyingNetworkInfo[0]);
+
+ // modify some number on wifi, and trigger poll event
+ incrementCurrentTime(HOUR_IN_MILLIS);
+ expectNetworkStatsSummary(new NetworkStats(getElapsedRealtime(), 1)
+ .insertEntry(TEST_IFACE, 1024L, 8L, 2048L, 16L));
+ expectNetworkStatsUidDetail(new NetworkStats(getElapsedRealtime(), 1)
+ .insertEntry(TEST_IFACE, UID_BLUE, SET_DEFAULT, TAG_NONE, 128L, 1L, 128L, 1L, 0L));
+ forcePollAndWaitForIdle();
+ // Simulate shutdown to force persisting data
+ mServiceContext.sendBroadcast(new Intent(Intent.ACTION_SHUTDOWN));
+ assertStatsFilesExist(true);
+
+ // Move the files to the legacy directory to simulate an import from old data
+ for (File f : mStatsDir.listFiles()) {
+ Files.move(f.toPath(), mLegacyStatsDir.toPath().resolve(f.getName()));
+ }
+ assertStatsFilesExist(false);
+
+ // Prepare some unexpected data.
+ final NetworkIdentity testWifiIdent = new NetworkIdentity.Builder().setType(TYPE_WIFI)
+ .setWifiNetworkKey(TEST_WIFI_NETWORK_KEY).build();
+ final NetworkStatsCollection.Key unexpectedUidAllkey = new NetworkStatsCollection.Key(
+ Set.of(testWifiIdent), UID_ALL, SET_DEFAULT, 0);
+ final NetworkStatsCollection.Key unexpectedUidBluekey = new NetworkStatsCollection.Key(
+ Set.of(testWifiIdent), UID_BLUE, SET_DEFAULT, 0);
+ final NetworkStatsHistory unexpectedHistory = new NetworkStatsHistory
+ .Builder(965L /* bucketDuration */, 1)
+ .addEntry(new NetworkStatsHistory.Entry(TEST_START, 3L, 55L, 4L, 31L, 10L, 5L))
+ .build();
+
+ // Simulate the platform stats collection somehow is different from what is read from
+ // the fallback method. The service should read them as is. This usually happens when an
+ // OEM has changed the implementation of NetworkStatsDataMigrationUtils inside the platform.
+ final NetworkStatsCollection summaryCollection =
+ getLegacyCollection(PREFIX_XT, false /* includeTags */);
+ summaryCollection.recordHistory(unexpectedUidAllkey, unexpectedHistory);
+ final NetworkStatsCollection uidCollection =
+ getLegacyCollection(PREFIX_UID, false /* includeTags */);
+ uidCollection.recordHistory(unexpectedUidBluekey, unexpectedHistory);
+ mPlatformNetworkStatsCollection.put(PREFIX_DEV, summaryCollection);
+ mPlatformNetworkStatsCollection.put(PREFIX_XT, summaryCollection);
+ mPlatformNetworkStatsCollection.put(PREFIX_UID, uidCollection);
+ mPlatformNetworkStatsCollection.put(PREFIX_UID_TAG,
+ getLegacyCollection(PREFIX_UID_TAG, true /* includeTags */));
+
+ // Mock zero usage and boot through serviceReady(), verify there is no imported data.
+ expectDefaultSettings();
+ expectNetworkStatsUidDetail(buildEmptyStats());
+ expectSystemReady();
+ mService.systemReady();
+ assertStatsFilesExist(false);
+
+ // Set the flag and reboot, verify the imported data is not there until next boot.
+ mStoreFilesInApexData = true;
+ mImportLegacyTargetAttempts = 3;
+ mServiceContext.sendBroadcast(new Intent(Intent.ACTION_SHUTDOWN));
+ assertStatsFilesExist(false);
+
+ // Boot through systemReady() again.
+ expectDefaultSettings();
+ expectNetworkStatsUidDetail(buildEmptyStats());
+ expectSystemReady();
+ mService.systemReady();
+
+ // Verify the result read from public API matches the result returned from the importer.
+ assertNetworkTotal(sTemplateWifi, 1024L + 55L, 8L + 4L, 2048L + 31L, 16L + 10L, 0 + 5);
+ assertUidTotal(sTemplateWifi, UID_BLUE,
+ 128L + 55L, 1L + 4L, 128L + 31L, 1L + 10L, 0 + 5);
+ assertStatsFilesExist(true);
+ verify(mImportLegacyAttemptsCounter).set(3);
+ verify(mImportLegacySuccessesCounter).set(1);
+ }
+
+ @Test
+ public void testShouldRunComparison() {
+ for (Boolean isDebuggable : Set.of(Boolean.TRUE, Boolean.FALSE)) {
+ mIsDebuggable = isDebuggable;
+ // Verify return false regardless of the device is debuggable.
+ doReturn(0).when(mResources)
+ .getInteger(R.integer.config_netstats_validate_import);
+ assertShouldRunComparison(false, isDebuggable);
+ // Verify return true regardless of the device is debuggable.
+ doReturn(1).when(mResources)
+ .getInteger(R.integer.config_netstats_validate_import);
+ assertShouldRunComparison(true, isDebuggable);
+ // Verify return true iff the device is debuggable.
+ for (int testValue : Set.of(-1, 2)) {
+ doReturn(testValue).when(mResources)
+ .getInteger(R.integer.config_netstats_validate_import);
+ assertShouldRunComparison(isDebuggable, isDebuggable);
+ }
+ }
+ }
+
+ private void assertShouldRunComparison(boolean expected, boolean isDebuggable) {
+ assertEquals("shouldRunComparison (debuggable=" + isDebuggable + "): ",
+ expected, mService.shouldRunComparison());
+ }
+
private NetworkStatsRecorder makeTestRecorder(File directory, String prefix, Config config,
boolean includeTags) {
final NetworkStats.NonMonotonicObserver observer =
@@ -1901,7 +2035,7 @@
}
private NetworkStatsCollection getLegacyCollection(String prefix, boolean includeTags) {
- final NetworkStatsRecorder recorder = makeTestRecorder(mLegacyStatsDir, PREFIX_DEV,
+ final NetworkStatsRecorder recorder = makeTestRecorder(mLegacyStatsDir, prefix,
mSettings.getDevConfig(), includeTags);
return recorder.getOrLoadCompleteLocked();
}
diff --git a/tools/Android.bp b/tools/Android.bp
new file mode 100644
index 0000000..1fa93bb
--- /dev/null
+++ b/tools/Android.bp
@@ -0,0 +1,91 @@
+//
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ // See: http://go/android-license-faq
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+// Build tool used to generate jarjar rules for all classes in a jar, except those that are
+// API, UnsupportedAppUsage or otherwise excluded.
+python_binary_host {
+ name: "jarjar-rules-generator",
+ srcs: [
+ "gen_jarjar.py",
+ ],
+ main: "gen_jarjar.py",
+ version: {
+ py2: {
+ enabled: false,
+ },
+ py3: {
+ enabled: true,
+ },
+ },
+ visibility: ["//packages/modules/Connectivity:__subpackages__"],
+}
+
+genrule_defaults {
+ name: "jarjar-rules-combine-defaults",
+ // Concat files with a line break in the middle
+ cmd: "for src in $(in); do cat $${src}; echo; done > $(out)",
+ defaults_visibility: ["//packages/modules/Connectivity:__subpackages__"],
+}
+
+java_library {
+ name: "jarjar-rules-generator-testjavalib",
+ srcs: ["testdata/java/**/*.java"],
+ visibility: ["//visibility:private"],
+}
+
+// TODO(b/233723405) - Remove this workaround.
+// Temporary work around of b/233723405. Using the module_lib stub directly
+// in the test causes it to sometimes get the dex jar and sometimes get the
+// classes jar due to b/233111644. Statically including it here instead
+// ensures that it will always get the classes jar.
+java_library {
+ name: "framework-connectivity.stubs.module_lib-for-test",
+ visibility: ["//visibility:private"],
+ static_libs: [
+ "framework-connectivity.stubs.module_lib",
+ ],
+ // Not strictly necessary but specified as this MUST not have generate
+ // a dex jar as that will break the tests.
+ compile_dex: false,
+}
+
+python_test_host {
+ name: "jarjar-rules-generator-test",
+ srcs: [
+ "gen_jarjar.py",
+ "gen_jarjar_test.py",
+ ],
+ data: [
+ "testdata/test-jarjar-excludes.txt",
+ "testdata/test-unsupportedappusage.txt",
+ ":framework-connectivity.stubs.module_lib-for-test",
+ ":jarjar-rules-generator-testjavalib",
+ ],
+ main: "gen_jarjar_test.py",
+ version: {
+ py2: {
+ enabled: false,
+ },
+ py3: {
+ enabled: true,
+ },
+ },
+}
diff --git a/tools/gen_jarjar.py b/tools/gen_jarjar.py
new file mode 100755
index 0000000..4c2cf54
--- /dev/null
+++ b/tools/gen_jarjar.py
@@ -0,0 +1,133 @@
+#
+# Copyright (C) 2022 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+""" This script generates jarjar rule files to add a jarjar prefix to all classes, except those
+that are API, unsupported API or otherwise excluded."""
+
+import argparse
+import io
+import re
+import subprocess
+from xml import sax
+from xml.sax.handler import ContentHandler
+from zipfile import ZipFile
+
+
+def parse_arguments(argv):
+ parser = argparse.ArgumentParser()
+ parser.add_argument(
+ '--jars', nargs='+',
+ help='Path to pre-jarjar JAR. Can be followed by multiple space-separated paths.')
+ parser.add_argument(
+ '--prefix', required=True,
+ help='Package prefix to use for jarjared classes, '
+ 'for example "com.android.connectivity" (does not end with a dot).')
+ parser.add_argument(
+ '--output', required=True, help='Path to output jarjar rules file.')
+ parser.add_argument(
+ '--apistubs', nargs='*', default=[],
+ help='Path to API stubs jar. Classes that are API will not be jarjared. Can be followed by '
+ 'multiple space-separated paths.')
+ parser.add_argument(
+ '--unsupportedapi', nargs='*', default=[],
+ help='Path to UnsupportedAppUsage hidden API .txt lists. '
+ 'Classes that have UnsupportedAppUsage API will not be jarjared. Can be followed by '
+ 'multiple space-separated paths.')
+ parser.add_argument(
+ '--excludes', nargs='*', default=[],
+ help='Path to files listing classes that should not be jarjared. Can be followed by '
+ 'multiple space-separated paths. '
+ 'Each file should contain one full-match regex per line. Empty lines or lines '
+ 'starting with "#" are ignored.')
+ return parser.parse_args(argv)
+
+
+def _list_toplevel_jar_classes(jar):
+ """List all classes in a .class .jar file that are not inner classes."""
+ return {_get_toplevel_class(c) for c in _list_jar_classes(jar)}
+
+def _list_jar_classes(jar):
+ with ZipFile(jar, 'r') as zip:
+ files = zip.namelist()
+ assert 'classes.dex' not in files, f'Jar file {jar} is dexed, ' \
+ 'expected an intermediate zip of .class files'
+ class_len = len('.class')
+ return [f.replace('/', '.')[:-class_len] for f in files
+ if f.endswith('.class') and not f.endswith('/package-info.class')]
+
+
+def _list_hiddenapi_classes(txt_file):
+ out = set()
+ with open(txt_file, 'r') as f:
+ for line in f:
+ if not line.strip():
+ continue
+ assert line.startswith('L') and ';' in line, f'Class name not recognized: {line}'
+ clazz = line.replace('/', '.').split(';')[0][1:]
+ out.add(_get_toplevel_class(clazz))
+ return out
+
+
+def _get_toplevel_class(clazz):
+ """Return the name of the toplevel (not an inner class) enclosing class of the given class."""
+ if '$' not in clazz:
+ return clazz
+ return clazz.split('$')[0]
+
+
+def _get_excludes(path):
+ out = []
+ with open(path, 'r') as f:
+ for line in f:
+ stripped = line.strip()
+ if not stripped or stripped.startswith('#'):
+ continue
+ out.append(re.compile(stripped))
+ return out
+
+
+def make_jarjar_rules(args):
+ excluded_classes = set()
+ for apistubs_file in args.apistubs:
+ excluded_classes.update(_list_toplevel_jar_classes(apistubs_file))
+
+ for unsupportedapi_file in args.unsupportedapi:
+ excluded_classes.update(_list_hiddenapi_classes(unsupportedapi_file))
+
+ exclude_regexes = []
+ for exclude_file in args.excludes:
+ exclude_regexes.extend(_get_excludes(exclude_file))
+
+ with open(args.output, 'w') as outfile:
+ for jar in args.jars:
+ jar_classes = _list_jar_classes(jar)
+ jar_classes.sort()
+ for clazz in jar_classes:
+ if (_get_toplevel_class(clazz) not in excluded_classes and
+ not any(r.fullmatch(clazz) for r in exclude_regexes)):
+ outfile.write(f'rule {clazz} {args.prefix}.@0\n')
+ # Also include jarjar rules for unit tests of the class, so the package matches
+ outfile.write(f'rule {clazz}Test {args.prefix}.@0\n')
+ outfile.write(f'rule {clazz}Test$* {args.prefix}.@0\n')
+
+
+def _main():
+ # Pass in None to use argv
+ args = parse_arguments(None)
+ make_jarjar_rules(args)
+
+
+if __name__ == '__main__':
+ _main()
diff --git a/tools/gen_jarjar_test.py b/tools/gen_jarjar_test.py
new file mode 100644
index 0000000..8d8e82b
--- /dev/null
+++ b/tools/gen_jarjar_test.py
@@ -0,0 +1,57 @@
+# Copyright (C) 2022 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import gen_jarjar
+import unittest
+
+
+class TestGenJarjar(unittest.TestCase):
+ def test_gen_rules(self):
+ args = gen_jarjar.parse_arguments([
+ "--jars", "jarjar-rules-generator-testjavalib.jar",
+ "--prefix", "jarjar.prefix",
+ "--output", "test-output-rules.txt",
+ "--apistubs", "framework-connectivity.stubs.module_lib.jar",
+ "--unsupportedapi", "testdata/test-unsupportedappusage.txt",
+ "--excludes", "testdata/test-jarjar-excludes.txt",
+ ])
+ gen_jarjar.make_jarjar_rules(args)
+
+ with open(args.output) as out:
+ lines = out.readlines()
+
+ self.assertListEqual([
+ 'rule test.utils.TestUtilClass jarjar.prefix.@0\n',
+ 'rule test.utils.TestUtilClassTest jarjar.prefix.@0\n',
+ 'rule test.utils.TestUtilClassTest$* jarjar.prefix.@0\n',
+ 'rule test.utils.TestUtilClass$TestInnerClass jarjar.prefix.@0\n',
+ 'rule test.utils.TestUtilClass$TestInnerClassTest jarjar.prefix.@0\n',
+ 'rule test.utils.TestUtilClass$TestInnerClassTest$* jarjar.prefix.@0\n'], lines)
+
+
+if __name__ == '__main__':
+ # Need verbosity=2 for the test results parser to find results
+ unittest.main(verbosity=2)
diff --git a/tools/testdata/java/android/net/LinkProperties.java b/tools/testdata/java/android/net/LinkProperties.java
new file mode 100644
index 0000000..bdca377
--- /dev/null
+++ b/tools/testdata/java/android/net/LinkProperties.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net;
+
+/**
+ * Test class with a name matching a public API.
+ */
+public class LinkProperties {
+}
diff --git a/tools/testdata/java/test/jarjarexcluded/JarjarExcludedClass.java b/tools/testdata/java/test/jarjarexcluded/JarjarExcludedClass.java
new file mode 100644
index 0000000..7e3bee1
--- /dev/null
+++ b/tools/testdata/java/test/jarjarexcluded/JarjarExcludedClass.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package test.jarjarexcluded;
+
+/**
+ * Test class that is excluded from jarjar.
+ */
+public class JarjarExcludedClass {
+}
diff --git a/tools/testdata/java/test/unsupportedappusage/TestUnsupportedAppUsageClass.java b/tools/testdata/java/test/unsupportedappusage/TestUnsupportedAppUsageClass.java
new file mode 100644
index 0000000..9d32296
--- /dev/null
+++ b/tools/testdata/java/test/unsupportedappusage/TestUnsupportedAppUsageClass.java
@@ -0,0 +1,21 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package test.unsupportedappusage;
+
+public class TestUnsupportedAppUsageClass {
+ public void testMethod() {}
+}
diff --git a/tools/testdata/java/test/utils/TestUtilClass.java b/tools/testdata/java/test/utils/TestUtilClass.java
new file mode 100644
index 0000000..2162e45
--- /dev/null
+++ b/tools/testdata/java/test/utils/TestUtilClass.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package test.utils;
+
+/**
+ * Sample class to test jarjar rules.
+ */
+public class TestUtilClass {
+ public static class TestInnerClass {}
+}
diff --git a/tools/testdata/test-jarjar-excludes.txt b/tools/testdata/test-jarjar-excludes.txt
new file mode 100644
index 0000000..35d97a2
--- /dev/null
+++ b/tools/testdata/test-jarjar-excludes.txt
@@ -0,0 +1,3 @@
+# Test file for excluded classes
+test\.jarj.rexcluded\.JarjarExcludedCla.s
+test\.jarjarexcluded\.JarjarExcludedClass\$TestInnerCl.ss
diff --git a/tools/testdata/test-unsupportedappusage.txt b/tools/testdata/test-unsupportedappusage.txt
new file mode 100644
index 0000000..331eff9
--- /dev/null
+++ b/tools/testdata/test-unsupportedappusage.txt
@@ -0,0 +1 @@
+Ltest/unsupportedappusage/TestUnsupportedAppUsageClass;->testMethod()V
\ No newline at end of file