Merge changes I41ae1d61,I334860af
* changes:
Make tethering APIs unsupported synchronously when disallowed
Revert "Revert "Add onSupportedTetheringType callback""
diff --git a/Tethering/Android.bp b/Tethering/Android.bp
index bfba5cd..f3d6aee 100644
--- a/Tethering/Android.bp
+++ b/Tethering/Android.bp
@@ -31,7 +31,6 @@
"apishim/**/*.java",
"src/**/*.java",
":framework-connectivity-shared-srcs",
- ":tethering-module-utils-srcs",
":services-tethering-shared-srcs",
":statslog-tethering-java-gen",
],
@@ -47,6 +46,7 @@
"net-utils-framework-common",
"net-utils-device-common",
"net-utils-device-common-bpf",
+ "net-utils-device-common-ip",
"net-utils-device-common-netlink",
"netd-client",
"tetheringstatsprotos",
@@ -211,8 +211,11 @@
sdk {
name: "tethering-module-sdk",
- bootclasspath_fragments: ["com.android.tethering-bootclasspath-fragment"],
- systemserverclasspath_fragments: ["com.android.tethering-systemserverclasspath-fragment"],
+ apexes: [
+ // Adds exportable dependencies of the APEX to the sdk,
+ // e.g. *classpath_fragments.
+ "com.android.tethering",
+ ],
}
java_library_static {
diff --git a/Tethering/apex/Android.bp b/Tethering/apex/Android.bp
index b3cae7c..a7028b7 100644
--- a/Tethering/apex/Android.bp
+++ b/Tethering/apex/Android.bp
@@ -18,6 +18,20 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
+prebuilt_etc {
+ name: "TetheringInProcessFlag",
+ src: "in-process",
+ filename_from_src: true,
+ sub_dir: "flag",
+}
+
+prebuilt_etc {
+ name: "TetheringOutOfProcessFlag",
+ src: "out-of-process",
+ filename_from_src: true,
+ sub_dir: "flag",
+}
+
// Defaults to enable/disable java targets which uses development APIs. "enabled" may have a
// different value depending on the branch.
java_defaults {
@@ -71,10 +85,12 @@
bpfs: [
"block.o",
"clatd.o",
- "dscp_policy.o",
+ "dscpPolicy.o",
"netd.o",
"offload.o",
+ "offload@btf.o",
"test.o",
+ "test@btf.o",
],
apps: [
"ServiceConnectivityResources",
@@ -82,6 +98,7 @@
prebuilts: [
"current_sdkinfo",
"privapp_allowlist_com.android.tethering",
+ "TetheringOutOfProcessFlag",
],
manifest: "manifest.json",
key: "com.android.tethering.key",
@@ -105,6 +122,12 @@
certificate: "com.android.tethering",
}
+filegroup {
+ name: "connectivity-hiddenapi-files",
+ srcs: ["hiddenapi/*.txt"],
+ visibility: ["//packages/modules/Connectivity:__subpackages__"],
+}
+
// Encapsulate the contributions made by the com.android.tethering to the bootclasspath.
bootclasspath_fragment {
name: "com.android.tethering-bootclasspath-fragment",
@@ -183,8 +206,21 @@
base: "com.android.tethering",
package_name: "com.android.tethering.inprocess",
enabled: enable_tethering_next_apex,
+ bpfs: [
+ "block.o",
+ "clatd.o",
+ "dscpPolicy.o",
+ "netd.o",
+ "offload@inprocess.o",
+ "test@inprocess.o",
+ ],
apps: [
"ServiceConnectivityResources",
"InProcessTethering",
],
+ prebuilts: [
+ "current_sdkinfo",
+ "privapp_allowlist_com.android.tethering",
+ "TetheringInProcessFlag",
+ ],
}
diff --git a/Tethering/apex/in-process b/Tethering/apex/in-process
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/Tethering/apex/in-process
diff --git a/Tethering/apex/out-of-process b/Tethering/apex/out-of-process
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/Tethering/apex/out-of-process
diff --git a/Tethering/src/android/net/ip/IpServer.java b/Tethering/src/android/net/ip/IpServer.java
index da7ca56..438b592 100644
--- a/Tethering/src/android/net/ip/IpServer.java
+++ b/Tethering/src/android/net/ip/IpServer.java
@@ -44,7 +44,6 @@
import android.net.dhcp.DhcpServingParamsParcelExt;
import android.net.dhcp.IDhcpEventCallbacks;
import android.net.dhcp.IDhcpServer;
-import android.net.ip.IpNeighborMonitor.NeighborEvent;
import android.net.ip.RouterAdvertisementDaemon.RaParams;
import android.os.Handler;
import android.os.Looper;
@@ -64,6 +63,9 @@
import com.android.net.module.util.InterfaceParams;
import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.SharedLog;
+import com.android.net.module.util.ip.InterfaceController;
+import com.android.net.module.util.ip.IpNeighborMonitor;
+import com.android.net.module.util.ip.IpNeighborMonitor.NeighborEvent;
import com.android.networkstack.tethering.BpfCoordinator;
import com.android.networkstack.tethering.BpfCoordinator.ClientInfo;
import com.android.networkstack.tethering.BpfCoordinator.Ipv6ForwardingRule;
diff --git a/Tethering/src/android/net/ip/NeighborPacketForwarder.java b/Tethering/src/android/net/ip/NeighborPacketForwarder.java
index 723bd63..8384562 100644
--- a/Tethering/src/android/net/ip/NeighborPacketForwarder.java
+++ b/Tethering/src/android/net/ip/NeighborPacketForwarder.java
@@ -23,6 +23,7 @@
import static android.system.OsConstants.SOCK_DGRAM;
import static android.system.OsConstants.SOCK_NONBLOCK;
import static android.system.OsConstants.SOCK_RAW;
+import static android.system.OsConstants.ENODEV;
import android.net.util.SocketUtils;
import android.os.Handler;
@@ -131,7 +132,13 @@
ETH_P_IPV6, mListenIfaceParams.index);
Os.bind(mFd, bindAddress);
} catch (ErrnoException | SocketException e) {
- Log.wtf(mTag, "Failed to create socket", e);
+ // An ENODEV(No such device) will rise if tethering stopped before this function, this
+ // may happen when enable/disable tethering quickly.
+ if (e instanceof ErrnoException && ((ErrnoException) e).errno == ENODEV) {
+ Log.w(mTag, "Failed to create socket because tethered interface is gone", e);
+ } else {
+ Log.wtf(mTag, "Failed to create socket", e);
+ }
closeSocketQuietly(mFd);
return null;
}
diff --git a/Tethering/src/com/android/networkstack/tethering/BpfCoordinator.java b/Tethering/src/com/android/networkstack/tethering/BpfCoordinator.java
index 133ae01..49442a6 100644
--- a/Tethering/src/com/android/networkstack/tethering/BpfCoordinator.java
+++ b/Tethering/src/com/android/networkstack/tethering/BpfCoordinator.java
@@ -23,11 +23,11 @@
import static android.net.NetworkStats.TAG_NONE;
import static android.net.NetworkStats.UID_ALL;
import static android.net.NetworkStats.UID_TETHERING;
-import static android.net.ip.ConntrackMonitor.ConntrackEvent;
import static android.net.netstats.provider.NetworkStatsProvider.QUOTA_UNLIMITED;
import static android.system.OsConstants.ETH_P_IP;
import static android.system.OsConstants.ETH_P_IPV6;
+import static com.android.net.module.util.ip.ConntrackMonitor.ConntrackEvent;
import static com.android.networkstack.tethering.BpfUtils.DOWNSTREAM;
import static com.android.networkstack.tethering.BpfUtils.UPSTREAM;
import static com.android.networkstack.tethering.TetheringConfiguration.DEFAULT_TETHER_OFFLOAD_POLL_INTERVAL_MS;
@@ -40,8 +40,6 @@
import android.net.NetworkStats;
import android.net.NetworkStats.Entry;
import android.net.TetherOffloadRuleParcel;
-import android.net.ip.ConntrackMonitor;
-import android.net.ip.ConntrackMonitor.ConntrackEventConsumer;
import android.net.ip.IpServer;
import android.net.netstats.provider.NetworkStatsProvider;
import android.os.Handler;
@@ -71,6 +69,8 @@
import com.android.net.module.util.bpf.Tether4Value;
import com.android.net.module.util.bpf.TetherStatsKey;
import com.android.net.module.util.bpf.TetherStatsValue;
+import com.android.net.module.util.ip.ConntrackMonitor;
+import com.android.net.module.util.ip.ConntrackMonitor.ConntrackEventConsumer;
import com.android.net.module.util.netlink.ConntrackMessage;
import com.android.net.module.util.netlink.NetlinkConstants;
import com.android.net.module.util.netlink.NetlinkSocket;
diff --git a/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java b/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java
index 741af5c..784ebd5 100644
--- a/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java
+++ b/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java
@@ -296,7 +296,7 @@
* 4th priority : Checks whether provisioning is required from RRO configuration.
*
* @param config
- * @return integer {@see #TETHERING_PROVISIONING_NOT_REQUIRED,
+ * @return integer See {@link #TETHERING_PROVISIONING_NOT_REQUIRED,
* #TETHERING_PROVISIONING_REQUIRED,
* #TETHERING_PROVISIONING_CARRIER_UNSUPPORT}
*/
diff --git a/Tethering/src/com/android/networkstack/tethering/Tethering.java b/Tethering/src/com/android/networkstack/tethering/Tethering.java
index 997acd0..0c59b61 100644
--- a/Tethering/src/com/android/networkstack/tethering/Tethering.java
+++ b/Tethering/src/com/android/networkstack/tethering/Tethering.java
@@ -98,7 +98,6 @@
import android.net.TetheringManager.TetheringRequest;
import android.net.TetheringRequestParcel;
import android.net.ip.IpServer;
-import android.net.shared.NetdUtils;
import android.net.wifi.WifiClient;
import android.net.wifi.WifiManager;
import android.net.wifi.p2p.WifiP2pGroup;
@@ -135,6 +134,7 @@
import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.BaseNetdUnsolicitedEventListener;
import com.android.net.module.util.CollectionUtils;
+import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.SharedLog;
import com.android.networkstack.apishim.common.BluetoothPanShim;
import com.android.networkstack.apishim.common.BluetoothPanShim.TetheredInterfaceCallbackShim;
diff --git a/Tethering/tests/mts/src/android/tethering/mts/TetheringModuleTest.java b/Tethering/tests/mts/src/android/tethering/mts/TetheringModuleTest.java
index 4525568..85ee466 100644
--- a/Tethering/tests/mts/src/android/tethering/mts/TetheringModuleTest.java
+++ b/Tethering/tests/mts/src/android/tethering/mts/TetheringModuleTest.java
@@ -15,27 +15,23 @@
*/
package android.tethering.mts;
-import static android.Manifest.permission.ACCESS_WIFI_STATE;
import static android.Manifest.permission.MANAGE_TEST_NETWORKS;
-import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.Manifest.permission.READ_DEVICE_CONFIG;
-import static android.Manifest.permission.TETHER_PRIVILEGED;
import static android.Manifest.permission.WRITE_SETTINGS;
import static android.net.TetheringManager.TETHERING_WIFI;
import static android.provider.DeviceConfig.NAMESPACE_CONNECTIVITY;
import static com.android.testutils.TestNetworkTrackerKt.initTestNetwork;
+import static com.android.testutils.TestPermissionUtil.runAsShell;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
-import android.app.UiAutomation;
import android.content.Context;
import android.net.IpPrefix;
import android.net.LinkAddress;
import android.net.TetheringInterface;
-import android.net.TetheringManager;
import android.net.cts.util.CtsTetheringUtils;
import android.net.cts.util.CtsTetheringUtils.TestTetheringEventCallback;
import android.provider.DeviceConfig;
@@ -46,7 +42,6 @@
import com.android.testutils.TestNetworkTracker;
-import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -60,26 +55,14 @@
@RunWith(AndroidJUnit4.class)
public class TetheringModuleTest {
private Context mContext;
- private TetheringManager mTm;
private CtsTetheringUtils mCtsTetheringUtils;
- private UiAutomation mUiAutomation =
- InstrumentationRegistry.getInstrumentation().getUiAutomation();
-
@Before
public void setUp() throws Exception {
- mUiAutomation.adoptShellPermissionIdentity(MANAGE_TEST_NETWORKS, NETWORK_SETTINGS,
- WRITE_SETTINGS, READ_DEVICE_CONFIG, TETHER_PRIVILEGED, ACCESS_WIFI_STATE);
mContext = InstrumentationRegistry.getContext();
- mTm = mContext.getSystemService(TetheringManager.class);
mCtsTetheringUtils = new CtsTetheringUtils(mContext);
}
- @After
- public void tearDown() throws Exception {
- mUiAutomation.dropShellPermissionIdentity();
- }
-
@Test
public void testSwitchBasePrefixRangeWhenConflict() throws Exception {
addressConflictTest(true);
@@ -130,10 +113,8 @@
mCtsTetheringUtils.stopWifiTethering(tetherEventCallback);
} finally {
- if (tnt != null) {
- tnt.teardown();
- }
- mTm.stopAllTethering();
+ teardown(tnt);
+ mCtsTetheringUtils.stopAllTethering();
mCtsTetheringUtils.unregisterTetheringEventCallback(tetherEventCallback);
}
}
@@ -169,11 +150,19 @@
}
private TestNetworkTracker setUpTestNetwork(final LinkAddress address) throws Exception {
- return initTestNetwork(mContext, address, 10_000L /* test timeout ms*/);
+ return runAsShell(MANAGE_TEST_NETWORKS, WRITE_SETTINGS,
+ () -> initTestNetwork(mContext, address, 10_000L /* test timeout ms*/));
}
+ private void teardown(TestNetworkTracker tracker) throws Exception {
+ if (tracker == null) return;
+
+ runAsShell(MANAGE_TEST_NETWORKS, () -> tracker.teardown());
+ }
+
public static boolean isFeatureEnabled(final String name, final boolean defaultValue) {
- return DeviceConfig.getBoolean(NAMESPACE_CONNECTIVITY, name, defaultValue);
+ return runAsShell(READ_DEVICE_CONFIG,
+ () -> DeviceConfig.getBoolean(NAMESPACE_CONNECTIVITY, name, defaultValue));
}
}
diff --git a/Tethering/tests/privileged/src/com/android/networkstack/tethering/BpfMapTest.java b/Tethering/tests/privileged/src/com/android/networkstack/tethering/BpfMapTest.java
index 68c1c57..536ab2d 100644
--- a/Tethering/tests/privileged/src/com/android/networkstack/tethering/BpfMapTest.java
+++ b/Tethering/tests/privileged/src/com/android/networkstack/tethering/BpfMapTest.java
@@ -30,6 +30,7 @@
import android.net.MacAddress;
import android.os.Build;
import android.system.ErrnoException;
+import android.system.Os;
import android.system.OsConstants;
import android.util.ArrayMap;
@@ -42,6 +43,7 @@
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.io.File;
import java.net.InetAddress;
import java.util.NoSuchElementException;
import java.util.concurrent.atomic.AtomicInteger;
@@ -393,4 +395,34 @@
assertEquals(OsConstants.ENOENT, expected.errno);
}
}
+
+ private static int getNumOpenFds() {
+ return new File("/proc/" + Os.getpid() + "/fd").listFiles().length;
+ }
+
+ @Test
+ public void testNoFdLeaks() throws Exception {
+ // Due to #setUp has called #initTestMap to open map and BpfMap is using persistent fd
+ // cache, expect that the fd amount is not increased in the iterations.
+ // See the comment of BpfMap#close.
+ final int iterations = 1000;
+ final int before = getNumOpenFds();
+ for (int i = 0; i < iterations; i++) {
+ try (BpfMap<TetherDownstream6Key, Tether6Value> map = new BpfMap<>(
+ TETHER_DOWNSTREAM6_FS_PATH, BpfMap.BPF_F_RDWR,
+ TetherDownstream6Key.class, Tether6Value.class)) {
+ // do nothing
+ }
+ }
+ final int after = getNumOpenFds();
+
+ // Check that the number of open fds is the same as before.
+ // If this exact match becomes flaky, we probably need to distinguish that fd is belong
+ // to "bpf-map".
+ // ex:
+ // $ adb shell ls -all /proc/16196/fd
+ // [..] network_stack 64 2022-07-26 22:01:02.300002956 +0800 749 -> anon_inode:bpf-map
+ // [..] network_stack 64 2022-07-26 22:01:02.188002956 +0800 75 -> anon_inode:[eventfd]
+ assertEquals("Fd leak after " + iterations + " iterations: ", before, after);
+ }
}
diff --git a/Tethering/tests/unit/src/android/net/ip/IpServerTest.java b/Tethering/tests/unit/src/android/net/ip/IpServerTest.java
index ef143de..f242227 100644
--- a/Tethering/tests/unit/src/android/net/ip/IpServerTest.java
+++ b/Tethering/tests/unit/src/android/net/ip/IpServerTest.java
@@ -83,8 +83,6 @@
import android.net.dhcp.IDhcpEventCallbacks;
import android.net.dhcp.IDhcpServer;
import android.net.dhcp.IDhcpServerCallbacks;
-import android.net.ip.IpNeighborMonitor.NeighborEvent;
-import android.net.ip.IpNeighborMonitor.NeighborEventConsumer;
import android.net.ip.RouterAdvertisementDaemon.RaParams;
import android.os.Build;
import android.os.Handler;
@@ -105,6 +103,10 @@
import com.android.net.module.util.bpf.Tether4Value;
import com.android.net.module.util.bpf.TetherStatsKey;
import com.android.net.module.util.bpf.TetherStatsValue;
+import com.android.net.module.util.ip.ConntrackMonitor;
+import com.android.net.module.util.ip.IpNeighborMonitor;
+import com.android.net.module.util.ip.IpNeighborMonitor.NeighborEvent;
+import com.android.net.module.util.ip.IpNeighborMonitor.NeighborEventConsumer;
import com.android.networkstack.tethering.BpfCoordinator;
import com.android.networkstack.tethering.BpfCoordinator.Ipv6ForwardingRule;
import com.android.networkstack.tethering.PrivateAddressCoordinator;
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/BpfCoordinatorTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/BpfCoordinatorTest.java
index 20a222d..fa1d881 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/BpfCoordinatorTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/BpfCoordinatorTest.java
@@ -23,7 +23,6 @@
import static android.net.NetworkStats.TAG_NONE;
import static android.net.NetworkStats.UID_ALL;
import static android.net.NetworkStats.UID_TETHERING;
-import static android.net.ip.ConntrackMonitor.ConntrackEvent;
import static android.net.netstats.provider.NetworkStatsProvider.QUOTA_UNLIMITED;
import static android.system.OsConstants.ETH_P_IP;
import static android.system.OsConstants.ETH_P_IPV6;
@@ -33,6 +32,7 @@
import static com.android.dx.mockito.inline.extended.ExtendedMockito.doReturn;
import static com.android.dx.mockito.inline.extended.ExtendedMockito.staticMockMarker;
+import static com.android.net.module.util.ip.ConntrackMonitor.ConntrackEvent;
import static com.android.net.module.util.netlink.ConntrackMessage.DYING_MASK;
import static com.android.net.module.util.netlink.ConntrackMessage.ESTABLISHED_MASK;
import static com.android.net.module.util.netlink.ConntrackMessage.Tuple;
@@ -82,8 +82,6 @@
import android.net.NetworkStats;
import android.net.TetherOffloadRuleParcel;
import android.net.TetherStatsParcel;
-import android.net.ip.ConntrackMonitor;
-import android.net.ip.ConntrackMonitor.ConntrackEventConsumer;
import android.net.ip.IpServer;
import android.os.Build;
import android.os.Handler;
@@ -104,6 +102,8 @@
import com.android.net.module.util.bpf.Tether4Value;
import com.android.net.module.util.bpf.TetherStatsKey;
import com.android.net.module.util.bpf.TetherStatsValue;
+import com.android.net.module.util.ip.ConntrackMonitor;
+import com.android.net.module.util.ip.ConntrackMonitor.ConntrackEventConsumer;
import com.android.net.module.util.netlink.ConntrackMessage;
import com.android.net.module.util.netlink.NetlinkConstants;
import com.android.net.module.util.netlink.NetlinkSocket;
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
index cc80174..8de7836 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
@@ -152,7 +152,6 @@
import android.net.dhcp.IDhcpEventCallbacks;
import android.net.dhcp.IDhcpServer;
import android.net.ip.DadProxy;
-import android.net.ip.IpNeighborMonitor;
import android.net.ip.IpServer;
import android.net.ip.RouterAdvertisementDaemon;
import android.net.util.NetworkConstants;
@@ -189,6 +188,7 @@
import com.android.net.module.util.CollectionUtils;
import com.android.net.module.util.InterfaceParams;
import com.android.net.module.util.SharedLog;
+import com.android.net.module.util.ip.IpNeighborMonitor;
import com.android.networkstack.apishim.common.BluetoothPanShim;
import com.android.networkstack.apishim.common.BluetoothPanShim.TetheredInterfaceCallbackShim;
import com.android.networkstack.apishim.common.BluetoothPanShim.TetheredInterfaceRequestShim;
diff --git a/bpf_progs/Android.bp b/bpf_progs/Android.bp
index 78fca29..c2e28f4 100644
--- a/bpf_progs/Android.bp
+++ b/bpf_progs/Android.bp
@@ -72,8 +72,8 @@
}
bpf {
- name: "dscp_policy.o",
- srcs: ["dscp_policy.c"],
+ name: "dscpPolicy.o",
+ srcs: ["dscpPolicy.c"],
btf: true,
cflags: [
"-Wall",
@@ -92,6 +92,29 @@
}
bpf {
+ name: "offload@btf.o",
+ srcs: ["offload@btf.c"],
+ btf: true,
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-DBTF",
+ ],
+}
+
+bpf {
+ name: "offload@inprocess.o",
+ srcs: ["offload@inprocess.c"],
+ btf: true,
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-DBTF",
+ "-DINPROCESS",
+ ],
+}
+
+bpf {
name: "test.o",
srcs: ["test.c"],
cflags: [
@@ -101,6 +124,29 @@
}
bpf {
+ name: "test@btf.o",
+ srcs: ["test@btf.c"],
+ btf: true,
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-DBTF",
+ ],
+}
+
+bpf {
+ name: "test@inprocess.o",
+ srcs: ["test@inprocess.c"],
+ btf: true,
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-DBTF",
+ "-DINPROCESS",
+ ],
+}
+
+bpf {
name: "clatd.o",
srcs: ["clatd.c"],
btf: true,
diff --git a/bpf_progs/dscpPolicy.c b/bpf_progs/dscpPolicy.c
new file mode 100644
index 0000000..f308931
--- /dev/null
+++ b/bpf_progs/dscpPolicy.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <linux/bpf.h>
+#include <linux/if_ether.h>
+#include <linux/if_packet.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <linux/pkt_cls.h>
+#include <linux/tcp.h>
+#include <linux/types.h>
+#include <netinet/in.h>
+#include <netinet/udp.h>
+#include <stdint.h>
+#include <string.h>
+
+// The resulting .o needs to load on the Android T beta 3 bpfloader
+#define BPFLOADER_MIN_VER BPFLOADER_T_BETA3_VERSION
+
+#include "bpf_helpers.h"
+#include "dscpPolicy.h"
+
+#define ECN_MASK 3
+#define IP4_OFFSET(field, header) ((header) + offsetof(struct iphdr, field))
+#define UPDATE_TOS(dscp, tos) ((dscp) << 2) | ((tos) & ECN_MASK)
+
+DEFINE_BPF_MAP_GRW(socket_policy_cache_map, HASH, uint64_t, RuleEntry, CACHE_MAP_SIZE, AID_SYSTEM)
+
+DEFINE_BPF_MAP_GRW(ipv4_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
+DEFINE_BPF_MAP_GRW(ipv6_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
+
+static inline __always_inline void match_policy(struct __sk_buff* skb, bool ipv4) {
+ void* data = (void*)(long)skb->data;
+ const void* data_end = (void*)(long)skb->data_end;
+
+ const int l2_header_size = sizeof(struct ethhdr);
+ struct ethhdr* eth = data;
+
+ if (data + l2_header_size > data_end) return;
+
+ int hdr_size = 0;
+
+ // used for map lookup
+ uint64_t cookie = bpf_get_socket_cookie(skb);
+ if (!cookie) return;
+
+ uint16_t sport = 0;
+ uint16_t dport = 0;
+ uint8_t protocol = 0; // TODO: Use are reserved value? Or int (-1) and cast to uint below?
+ struct in6_addr src_ip = {};
+ struct in6_addr dst_ip = {};
+ uint8_t tos = 0; // Only used for IPv4
+ uint32_t old_first_u32 = 0; // Only used for IPv6
+ if (ipv4) {
+ const struct iphdr* const iph = (void*)(eth + 1);
+ hdr_size = l2_header_size + sizeof(struct iphdr);
+ // Must have ipv4 header
+ if (data + hdr_size > data_end) return;
+
+ // IP version must be 4
+ if (iph->version != 4) return;
+
+ // We cannot handle IP options, just standard 20 byte == 5 dword minimal IPv4 header
+ if (iph->ihl != 5) return;
+
+ // V4 mapped address in in6_addr sets 10/11 position to 0xff.
+ src_ip.s6_addr32[2] = htonl(0x0000ffff);
+ dst_ip.s6_addr32[2] = htonl(0x0000ffff);
+
+ // Copy IPv4 address into in6_addr for easy comparison below.
+ src_ip.s6_addr32[3] = iph->saddr;
+ dst_ip.s6_addr32[3] = iph->daddr;
+ protocol = iph->protocol;
+ tos = iph->tos;
+ } else {
+ struct ipv6hdr* ip6h = (void*)(eth + 1);
+ hdr_size = l2_header_size + sizeof(struct ipv6hdr);
+ // Must have ipv6 header
+ if (data + hdr_size > data_end) return;
+
+ if (ip6h->version != 6) return;
+
+ src_ip = ip6h->saddr;
+ dst_ip = ip6h->daddr;
+ protocol = ip6h->nexthdr;
+ old_first_u32 = *(uint32_t*)ip6h;
+ }
+
+ switch (protocol) {
+ case IPPROTO_UDP:
+ case IPPROTO_UDPLITE: {
+ struct udphdr* udp;
+ udp = data + hdr_size;
+ if ((void*)(udp + 1) > data_end) return;
+ sport = udp->source;
+ dport = udp->dest;
+ } break;
+ case IPPROTO_TCP: {
+ struct tcphdr* tcp;
+ tcp = data + hdr_size;
+ if ((void*)(tcp + 1) > data_end) return;
+ sport = tcp->source;
+ dport = tcp->dest;
+ } break;
+ default:
+ return;
+ }
+
+ RuleEntry* existing_rule = bpf_socket_policy_cache_map_lookup_elem(&cookie);
+
+ if (existing_rule && v6_equal(src_ip, existing_rule->src_ip) &&
+ v6_equal(dst_ip, existing_rule->dst_ip) && skb->ifindex == existing_rule->ifindex &&
+ ntohs(sport) == htons(existing_rule->src_port) &&
+ ntohs(dport) == htons(existing_rule->dst_port) && protocol == existing_rule->proto) {
+ if (existing_rule->dscp_val < 0) return;
+ if (ipv4) {
+ uint8_t newTos = UPDATE_TOS(existing_rule->dscp_val, tos);
+ bpf_l3_csum_replace(skb, IP4_OFFSET(check, l2_header_size), htons(tos), htons(newTos),
+ sizeof(uint16_t));
+ bpf_skb_store_bytes(skb, IP4_OFFSET(tos, l2_header_size), &newTos, sizeof(newTos), 0);
+ } else {
+ uint32_t new_first_u32 =
+ htonl(ntohl(old_first_u32) & 0xF03FFFFF | (existing_rule->dscp_val << 22));
+ bpf_skb_store_bytes(skb, l2_header_size, &new_first_u32, sizeof(uint32_t),
+ BPF_F_RECOMPUTE_CSUM);
+ }
+ return;
+ }
+
+ // Linear scan ipv4_dscp_policies_map since no stored params match skb.
+ int best_score = 0;
+ int8_t new_dscp = -1;
+
+ for (register uint64_t i = 0; i < MAX_POLICIES; i++) {
+ int score = 0;
+ uint8_t temp_mask = 0;
+ // Using a uint64 in for loop prevents infinite loop during BPF load,
+ // but the key is uint32, so convert back.
+ uint32_t key = i;
+
+ DscpPolicy* policy;
+ if (ipv4) {
+ policy = bpf_ipv4_dscp_policies_map_lookup_elem(&key);
+ } else {
+ policy = bpf_ipv6_dscp_policies_map_lookup_elem(&key);
+ }
+
+ // If the policy lookup failed, present_fields is 0, or iface index does not match
+ // index on skb buff, then we can continue to next policy.
+ if (!policy || policy->present_fields == 0 || policy->ifindex != skb->ifindex) continue;
+
+ if ((policy->present_fields & SRC_IP_MASK_FLAG) == SRC_IP_MASK_FLAG &&
+ v6_equal(src_ip, policy->src_ip)) {
+ score++;
+ temp_mask |= SRC_IP_MASK_FLAG;
+ }
+ if ((policy->present_fields & DST_IP_MASK_FLAG) == DST_IP_MASK_FLAG &&
+ v6_equal(dst_ip, policy->dst_ip)) {
+ score++;
+ temp_mask |= DST_IP_MASK_FLAG;
+ }
+ if ((policy->present_fields & SRC_PORT_MASK_FLAG) == SRC_PORT_MASK_FLAG &&
+ ntohs(sport) == htons(policy->src_port)) {
+ score++;
+ temp_mask |= SRC_PORT_MASK_FLAG;
+ }
+ if ((policy->present_fields & DST_PORT_MASK_FLAG) == DST_PORT_MASK_FLAG &&
+ ntohs(dport) >= htons(policy->dst_port_start) &&
+ ntohs(dport) <= htons(policy->dst_port_end)) {
+ score++;
+ temp_mask |= DST_PORT_MASK_FLAG;
+ }
+ if ((policy->present_fields & PROTO_MASK_FLAG) == PROTO_MASK_FLAG &&
+ protocol == policy->proto) {
+ score++;
+ temp_mask |= PROTO_MASK_FLAG;
+ }
+
+ if (score > best_score && temp_mask == policy->present_fields) {
+ best_score = score;
+ new_dscp = policy->dscp_val;
+ }
+ }
+
+ RuleEntry value = {
+ .src_ip = src_ip,
+ .dst_ip = dst_ip,
+ .ifindex = skb->ifindex,
+ .src_port = sport,
+ .dst_port = dport,
+ .proto = protocol,
+ .dscp_val = new_dscp,
+ };
+
+ // Update cache with found policy.
+ bpf_socket_policy_cache_map_update_elem(&cookie, &value, BPF_ANY);
+
+ if (new_dscp < 0) return;
+
+ // Need to store bytes after updating map or program will not load.
+ if (ipv4) {
+ uint8_t new_tos = UPDATE_TOS(new_dscp, tos);
+ bpf_l3_csum_replace(skb, IP4_OFFSET(check, l2_header_size), htons(tos), htons(new_tos), 2);
+ bpf_skb_store_bytes(skb, IP4_OFFSET(tos, l2_header_size), &new_tos, sizeof(new_tos), 0);
+ } else {
+ uint32_t new_first_u32 = htonl(ntohl(old_first_u32) & 0xF03FFFFF | (new_dscp << 22));
+ bpf_skb_store_bytes(skb, l2_header_size, &new_first_u32, sizeof(uint32_t),
+ BPF_F_RECOMPUTE_CSUM);
+ }
+ return;
+}
+
+DEFINE_BPF_PROG_KVER("schedcls/set_dscp_ether", AID_ROOT, AID_SYSTEM, schedcls_set_dscp_ether,
+ KVER(5, 15, 0))
+(struct __sk_buff* skb) {
+ if (skb->pkt_type != PACKET_HOST) return TC_ACT_PIPE;
+
+ if (skb->protocol == htons(ETH_P_IP)) {
+ match_policy(skb, true);
+ } else if (skb->protocol == htons(ETH_P_IPV6)) {
+ match_policy(skb, false);
+ }
+
+ // Always return TC_ACT_PIPE
+ return TC_ACT_PIPE;
+}
+
+LICENSE("Apache 2.0");
+CRITICAL("Connectivity");
diff --git a/bpf_progs/dscp_policy.h b/bpf_progs/dscpPolicy.h
similarity index 84%
rename from bpf_progs/dscp_policy.h
rename to bpf_progs/dscpPolicy.h
index 1637f7a..c1db6ab 100644
--- a/bpf_progs/dscp_policy.h
+++ b/bpf_progs/dscpPolicy.h
@@ -14,9 +14,8 @@
* limitations under the License.
*/
+#define CACHE_MAP_SIZE 1024
#define MAX_POLICIES 16
-#define MAP_A 1
-#define MAP_B 2
#define SRC_IP_MASK_FLAG 1
#define DST_IP_MASK_FLAG 2
@@ -44,27 +43,27 @@
(void*)BPF_FUNC_skb_ecn_set_ce;
typedef struct {
- struct in6_addr srcIp;
- struct in6_addr dstIp;
+ struct in6_addr src_ip;
+ struct in6_addr dst_ip;
uint32_t ifindex;
- __be16 srcPort;
- __be16 dstPortStart;
- __be16 dstPortEnd;
+ __be16 src_port;
+ __be16 dst_port_start;
+ __be16 dst_port_end;
uint8_t proto;
- uint8_t dscpVal;
- uint8_t presentFields;
+ int8_t dscp_val; // -1 none, or 0..63 DSCP value
+ uint8_t present_fields;
uint8_t pad[3];
} DscpPolicy;
STRUCT_SIZE(DscpPolicy, 2 * 16 + 4 + 3 * 2 + 3 * 1 + 3); // 48
typedef struct {
- struct in6_addr srcIp;
- struct in6_addr dstIp;
+ struct in6_addr src_ip;
+ struct in6_addr dst_ip;
__u32 ifindex;
- __be16 srcPort;
- __be16 dstPort;
+ __be16 src_port;
+ __be16 dst_port;
__u8 proto;
- __u8 dscpVal;
+ __s8 dscp_val; // -1 none, or 0..63 DSCP value
__u8 pad[2];
} RuleEntry;
-STRUCT_SIZE(RuleEntry, 2 * 16 + 1 * 4 + 2 * 2 + 2 * 1 + 2); // 44
\ No newline at end of file
+STRUCT_SIZE(RuleEntry, 2 * 16 + 1 * 4 + 2 * 2 + 2 * 1 + 2); // 44
diff --git a/bpf_progs/dscp_policy.c b/bpf_progs/dscp_policy.c
deleted file mode 100644
index 92ea0e2..0000000
--- a/bpf_progs/dscp_policy.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/*
- * Copyright (C) 2021 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <linux/bpf.h>
-#include <linux/if_ether.h>
-#include <linux/if_packet.h>
-#include <linux/ip.h>
-#include <linux/ipv6.h>
-#include <linux/pkt_cls.h>
-#include <linux/tcp.h>
-#include <linux/types.h>
-#include <netinet/in.h>
-#include <netinet/udp.h>
-#include <stdint.h>
-#include <string.h>
-
-// The resulting .o needs to load on the Android T beta 3 bpfloader
-#define BPFLOADER_MIN_VER BPFLOADER_T_BETA3_VERSION
-
-#include "bpf_helpers.h"
-#include "dscp_policy.h"
-
-#define ECN_MASK 3
-#define IP4_OFFSET(field, header) (header + offsetof(struct iphdr, field))
-#define UPDATE_TOS(dscp, tos) (dscp << 2) | (tos & ECN_MASK)
-#define UPDATE_PRIORITY(dscp) ((dscp >> 2) + 0x60)
-#define UPDATE_FLOW_LABEL(dscp, flow_lbl) ((dscp & 0xf) << 6) + (flow_lbl >> 6)
-
-DEFINE_BPF_MAP_GRW(switch_comp_map, ARRAY, int, uint64_t, 1, AID_SYSTEM)
-
-DEFINE_BPF_MAP_GRW(ipv4_socket_to_policies_map_A, HASH, uint64_t, RuleEntry, MAX_POLICIES,
- AID_SYSTEM)
-DEFINE_BPF_MAP_GRW(ipv4_socket_to_policies_map_B, HASH, uint64_t, RuleEntry, MAX_POLICIES,
- AID_SYSTEM)
-DEFINE_BPF_MAP_GRW(ipv6_socket_to_policies_map_A, HASH, uint64_t, RuleEntry, MAX_POLICIES,
- AID_SYSTEM)
-DEFINE_BPF_MAP_GRW(ipv6_socket_to_policies_map_B, HASH, uint64_t, RuleEntry, MAX_POLICIES,
- AID_SYSTEM)
-
-DEFINE_BPF_MAP_GRW(ipv4_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
-DEFINE_BPF_MAP_GRW(ipv6_dscp_policies_map, ARRAY, uint32_t, DscpPolicy, MAX_POLICIES, AID_SYSTEM)
-
-static inline __always_inline void match_policy(struct __sk_buff* skb, bool ipv4, bool is_eth) {
- void* data = (void*)(long)skb->data;
- const void* data_end = (void*)(long)skb->data_end;
-
- const int l2_header_size = is_eth ? sizeof(struct ethhdr) : 0;
- struct ethhdr* eth = is_eth ? data : NULL;
-
- if (data + l2_header_size > data_end) return;
-
- int zero = 0;
- int hdr_size = 0;
- uint64_t* selectedMap = bpf_switch_comp_map_lookup_elem(&zero);
-
- // use this with HASH map so map lookup only happens once policies have been added?
- if (!selectedMap) {
- return;
- }
-
- // used for map lookup
- uint64_t cookie = bpf_get_socket_cookie(skb);
- if (!cookie) return;
-
- uint16_t sport = 0;
- uint16_t dport = 0;
- uint8_t protocol = 0; // TODO: Use are reserved value? Or int (-1) and cast to uint below?
- struct in6_addr srcIp = {};
- struct in6_addr dstIp = {};
- uint8_t tos = 0; // Only used for IPv4
- uint8_t priority = 0; // Only used for IPv6
- uint8_t flow_lbl = 0; // Only used for IPv6
- if (ipv4) {
- const struct iphdr* const iph = is_eth ? (void*)(eth + 1) : data;
- hdr_size = l2_header_size + sizeof(struct iphdr);
- // Must have ipv4 header
- if (data + hdr_size > data_end) return;
-
- // IP version must be 4
- if (iph->version != 4) return;
-
- // We cannot handle IP options, just standard 20 byte == 5 dword minimal IPv4 header
- if (iph->ihl != 5) return;
-
- // V4 mapped address in in6_addr sets 10/11 position to 0xff.
- srcIp.s6_addr32[2] = htonl(0x0000ffff);
- dstIp.s6_addr32[2] = htonl(0x0000ffff);
-
- // Copy IPv4 address into in6_addr for easy comparison below.
- srcIp.s6_addr32[3] = iph->saddr;
- dstIp.s6_addr32[3] = iph->daddr;
- protocol = iph->protocol;
- tos = iph->tos;
- } else {
- struct ipv6hdr* ip6h = is_eth ? (void*)(eth + 1) : data;
- hdr_size = l2_header_size + sizeof(struct ipv6hdr);
- // Must have ipv6 header
- if (data + hdr_size > data_end) return;
-
- if (ip6h->version != 6) return;
-
- srcIp = ip6h->saddr;
- dstIp = ip6h->daddr;
- protocol = ip6h->nexthdr;
- priority = ip6h->priority;
- flow_lbl = ip6h->flow_lbl[0];
- }
-
- switch (protocol) {
- case IPPROTO_UDP:
- case IPPROTO_UDPLITE: {
- struct udphdr* udp;
- udp = data + hdr_size;
- if ((void*)(udp + 1) > data_end) return;
- sport = udp->source;
- dport = udp->dest;
- } break;
- case IPPROTO_TCP: {
- struct tcphdr* tcp;
- tcp = data + hdr_size;
- if ((void*)(tcp + 1) > data_end) return;
- sport = tcp->source;
- dport = tcp->dest;
- } break;
- default:
- return;
- }
-
- RuleEntry* existingRule;
- if (ipv4) {
- if (*selectedMap == MAP_A) {
- existingRule = bpf_ipv4_socket_to_policies_map_A_lookup_elem(&cookie);
- } else {
- existingRule = bpf_ipv4_socket_to_policies_map_B_lookup_elem(&cookie);
- }
- } else {
- if (*selectedMap == MAP_A) {
- existingRule = bpf_ipv6_socket_to_policies_map_A_lookup_elem(&cookie);
- } else {
- existingRule = bpf_ipv6_socket_to_policies_map_B_lookup_elem(&cookie);
- }
- }
-
- if (existingRule && v6_equal(srcIp, existingRule->srcIp) &&
- v6_equal(dstIp, existingRule->dstIp) && skb->ifindex == existingRule->ifindex &&
- ntohs(sport) == htons(existingRule->srcPort) &&
- ntohs(dport) == htons(existingRule->dstPort) && protocol == existingRule->proto) {
- if (ipv4) {
- uint8_t newTos = UPDATE_TOS(existingRule->dscpVal, tos);
- bpf_l3_csum_replace(skb, IP4_OFFSET(check, l2_header_size), htons(tos), htons(newTos),
- sizeof(uint16_t));
- bpf_skb_store_bytes(skb, IP4_OFFSET(tos, l2_header_size), &newTos, sizeof(newTos), 0);
- } else {
- uint8_t new_priority = UPDATE_PRIORITY(existingRule->dscpVal);
- uint8_t new_flow_label = UPDATE_FLOW_LABEL(existingRule->dscpVal, flow_lbl);
- bpf_skb_store_bytes(skb, 0 + l2_header_size, &new_priority, sizeof(uint8_t), 0);
- bpf_skb_store_bytes(skb, 1 + l2_header_size, &new_flow_label, sizeof(uint8_t), 0);
- }
- return;
- }
-
- // Linear scan ipv4_dscp_policies_map since no stored params match skb.
- int bestScore = -1;
- uint32_t bestMatch = 0;
-
- for (register uint64_t i = 0; i < MAX_POLICIES; i++) {
- int score = 0;
- uint8_t tempMask = 0;
- // Using a uint64 in for loop prevents infinite loop during BPF load,
- // but the key is uint32, so convert back.
- uint32_t key = i;
-
- DscpPolicy* policy;
- if (ipv4) {
- policy = bpf_ipv4_dscp_policies_map_lookup_elem(&key);
- } else {
- policy = bpf_ipv6_dscp_policies_map_lookup_elem(&key);
- }
-
- // If the policy lookup failed, presentFields is 0, or iface index does not match
- // index on skb buff, then we can continue to next policy.
- if (!policy || policy->presentFields == 0 || policy->ifindex != skb->ifindex) continue;
-
- if ((policy->presentFields & SRC_IP_MASK_FLAG) == SRC_IP_MASK_FLAG &&
- v6_equal(srcIp, policy->srcIp)) {
- score++;
- tempMask |= SRC_IP_MASK_FLAG;
- }
- if ((policy->presentFields & DST_IP_MASK_FLAG) == DST_IP_MASK_FLAG &&
- v6_equal(dstIp, policy->dstIp)) {
- score++;
- tempMask |= DST_IP_MASK_FLAG;
- }
- if ((policy->presentFields & SRC_PORT_MASK_FLAG) == SRC_PORT_MASK_FLAG &&
- ntohs(sport) == htons(policy->srcPort)) {
- score++;
- tempMask |= SRC_PORT_MASK_FLAG;
- }
- if ((policy->presentFields & DST_PORT_MASK_FLAG) == DST_PORT_MASK_FLAG &&
- ntohs(dport) >= htons(policy->dstPortStart) &&
- ntohs(dport) <= htons(policy->dstPortEnd)) {
- score++;
- tempMask |= DST_PORT_MASK_FLAG;
- }
- if ((policy->presentFields & PROTO_MASK_FLAG) == PROTO_MASK_FLAG &&
- protocol == policy->proto) {
- score++;
- tempMask |= PROTO_MASK_FLAG;
- }
-
- if (score > bestScore && tempMask == policy->presentFields) {
- bestMatch = i;
- bestScore = score;
- }
- }
-
- uint8_t new_tos = 0; // Can 0 be used as default forwarding value?
- uint8_t new_dscp = 0;
- uint8_t new_priority = 0;
- uint8_t new_flow_lbl = 0;
- if (bestScore > 0) {
- DscpPolicy* policy;
- if (ipv4) {
- policy = bpf_ipv4_dscp_policies_map_lookup_elem(&bestMatch);
- } else {
- policy = bpf_ipv6_dscp_policies_map_lookup_elem(&bestMatch);
- }
-
- if (policy) {
- new_dscp = policy->dscpVal;
- if (ipv4) {
- new_tos = UPDATE_TOS(new_dscp, tos);
- } else {
- new_priority = UPDATE_PRIORITY(new_dscp);
- new_flow_lbl = UPDATE_FLOW_LABEL(new_dscp, flow_lbl);
- }
- }
- } else
- return;
-
- RuleEntry value = {
- .srcIp = srcIp,
- .dstIp = dstIp,
- .ifindex = skb->ifindex,
- .srcPort = sport,
- .dstPort = dport,
- .proto = protocol,
- .dscpVal = new_dscp,
- };
-
- // Update map with new policy.
- if (ipv4) {
- if (*selectedMap == MAP_A) {
- bpf_ipv4_socket_to_policies_map_A_update_elem(&cookie, &value, BPF_ANY);
- } else {
- bpf_ipv4_socket_to_policies_map_B_update_elem(&cookie, &value, BPF_ANY);
- }
- } else {
- if (*selectedMap == MAP_A) {
- bpf_ipv6_socket_to_policies_map_A_update_elem(&cookie, &value, BPF_ANY);
- } else {
- bpf_ipv6_socket_to_policies_map_B_update_elem(&cookie, &value, BPF_ANY);
- }
- }
-
- // Need to store bytes after updating map or program will not load.
- if (ipv4 && new_tos != (tos & 252)) {
- bpf_l3_csum_replace(skb, IP4_OFFSET(check, l2_header_size), htons(tos), htons(new_tos), 2);
- bpf_skb_store_bytes(skb, IP4_OFFSET(tos, l2_header_size), &new_tos, sizeof(new_tos), 0);
- } else if (!ipv4 && (new_priority != priority || new_flow_lbl != flow_lbl)) {
- bpf_skb_store_bytes(skb, l2_header_size, &new_priority, sizeof(new_priority), 0);
- bpf_skb_store_bytes(skb, l2_header_size + 1, &new_flow_lbl, sizeof(new_flow_lbl), 0);
- }
- return;
-}
-
-DEFINE_BPF_PROG_KVER("schedcls/set_dscp_ether", AID_ROOT, AID_SYSTEM,
- schedcls_set_dscp_ether, KVER(5, 15, 0))
-(struct __sk_buff* skb) {
- if (skb->pkt_type != PACKET_HOST) return TC_ACT_PIPE;
-
- if (skb->protocol == htons(ETH_P_IP)) {
- match_policy(skb, true, true);
- } else if (skb->protocol == htons(ETH_P_IPV6)) {
- match_policy(skb, false, true);
- }
-
- // Always return TC_ACT_PIPE
- return TC_ACT_PIPE;
-}
-
-DEFINE_BPF_PROG_KVER("schedcls/set_dscp_raw_ip", AID_ROOT, AID_SYSTEM,
- schedcls_set_dscp_raw_ip, KVER(5, 15, 0))
-(struct __sk_buff* skb) {
- if (skb->protocol == htons(ETH_P_IP)) {
- match_policy(skb, true, false);
- } else if (skb->protocol == htons(ETH_P_IPV6)) {
- match_policy(skb, false, false);
- }
-
- // Always return TC_ACT_PIPE
- return TC_ACT_PIPE;
-}
-
-LICENSE("Apache 2.0");
-CRITICAL("Connectivity");
diff --git a/bpf_progs/offload.c b/bpf_progs/offload.c
index 2ec0792..4eb1e8d 100644
--- a/bpf_progs/offload.c
+++ b/bpf_progs/offload.c
@@ -24,8 +24,27 @@
#define __kernel_udphdr udphdr
#include <linux/udp.h>
+#ifdef BTF
+// BTF is incompatible with bpfloaders < v0.10, hence for S (v0.2) we must
+// ship a different file than for later versions, but we need bpfloader v0.25+
+// for obj@ver.o support
+#define BPFLOADER_MIN_VER BPFLOADER_OBJ_AT_VER_VERSION
+#else /* BTF */
// The resulting .o needs to load on the Android S bpfloader
#define BPFLOADER_MIN_VER BPFLOADER_S_VERSION
+#define BPFLOADER_MAX_VER BPFLOADER_OBJ_AT_VER_VERSION
+#endif /* BTF */
+
+// Warning: values other than AID_ROOT don't work for map uid on BpfLoader < v0.21
+#define TETHERING_UID AID_ROOT
+
+#ifdef INPROCESS
+#define DEFAULT_BPF_MAP_SELINUX_CONTEXT "fs_bpf_net_shared"
+#define DEFAULT_BPF_PROG_SELINUX_CONTEXT "fs_bpf_net_shared"
+#define TETHERING_GID AID_SYSTEM
+#else
+#define TETHERING_GID AID_NETWORK_STACK
+#endif
#include "bpf_helpers.h"
#include "bpf_net_helpers.h"
@@ -73,7 +92,7 @@
// ----- Tethering Error Counters -----
DEFINE_BPF_MAP_GRW(tether_error_map, ARRAY, uint32_t, uint32_t, BPF_TETHER_ERR__MAX,
- AID_NETWORK_STACK)
+ TETHERING_GID)
#define COUNT_AND_RETURN(counter, ret) do { \
uint32_t code = BPF_TETHER_ERR_ ## counter; \
@@ -91,22 +110,22 @@
// ----- Tethering Data Stats and Limits -----
// Tethering stats, indexed by upstream interface.
-DEFINE_BPF_MAP_GRW(tether_stats_map, HASH, TetherStatsKey, TetherStatsValue, 16, AID_NETWORK_STACK)
+DEFINE_BPF_MAP_GRW(tether_stats_map, HASH, TetherStatsKey, TetherStatsValue, 16, TETHERING_GID)
// Tethering data limit, indexed by upstream interface.
// (tethering allowed when stats[iif].rxBytes + stats[iif].txBytes < limit[iif])
-DEFINE_BPF_MAP_GRW(tether_limit_map, HASH, TetherLimitKey, TetherLimitValue, 16, AID_NETWORK_STACK)
+DEFINE_BPF_MAP_GRW(tether_limit_map, HASH, TetherLimitKey, TetherLimitValue, 16, TETHERING_GID)
// ----- IPv6 Support -----
DEFINE_BPF_MAP_GRW(tether_downstream6_map, HASH, TetherDownstream6Key, Tether6Value, 64,
- AID_NETWORK_STACK)
+ TETHERING_GID)
DEFINE_BPF_MAP_GRW(tether_downstream64_map, HASH, TetherDownstream64Key, TetherDownstream64Value,
- 1024, AID_NETWORK_STACK)
+ 1024, TETHERING_GID)
DEFINE_BPF_MAP_GRW(tether_upstream6_map, HASH, TetherUpstream6Key, Tether6Value, 64,
- AID_NETWORK_STACK)
+ TETHERING_GID)
static inline __always_inline int do_forward6(struct __sk_buff* skb, const bool is_ethernet,
const bool downstream) {
@@ -280,13 +299,13 @@
return bpf_redirect(v->oif, 0 /* this is effectively BPF_F_EGRESS */);
}
-DEFINE_BPF_PROG("schedcls/tether_downstream6_ether", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG("schedcls/tether_downstream6_ether", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream6_ether)
(struct __sk_buff* skb) {
return do_forward6(skb, /* is_ethernet */ true, /* downstream */ true);
}
-DEFINE_BPF_PROG("schedcls/tether_upstream6_ether", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG("schedcls/tether_upstream6_ether", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream6_ether)
(struct __sk_buff* skb) {
return do_forward6(skb, /* is_ethernet */ true, /* downstream */ false);
@@ -305,13 +324,13 @@
// and thus a 5.4 kernel always supports this.
//
// Hence, these mandatory (must load successfully) implementations for 5.4+ kernels:
-DEFINE_BPF_PROG_KVER("schedcls/tether_downstream6_rawip$5_4", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("schedcls/tether_downstream6_rawip$5_4", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream6_rawip_5_4, KVER(5, 4, 0))
(struct __sk_buff* skb) {
return do_forward6(skb, /* is_ethernet */ false, /* downstream */ true);
}
-DEFINE_BPF_PROG_KVER("schedcls/tether_upstream6_rawip$5_4", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("schedcls/tether_upstream6_rawip$5_4", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream6_rawip_5_4, KVER(5, 4, 0))
(struct __sk_buff* skb) {
return do_forward6(skb, /* is_ethernet */ false, /* downstream */ false);
@@ -319,7 +338,7 @@
// and these identical optional (may fail to load) implementations for [4.14..5.4) patched kernels:
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_downstream6_rawip$4_14",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream6_rawip_4_14,
KVER(4, 14, 0), KVER(5, 4, 0))
(struct __sk_buff* skb) {
@@ -327,7 +346,7 @@
}
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_upstream6_rawip$4_14",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream6_rawip_4_14,
KVER(4, 14, 0), KVER(5, 4, 0))
(struct __sk_buff* skb) {
@@ -337,13 +356,13 @@
// and define no-op stubs for [4.9,4.14) and unpatched [4.14,5.4) kernels.
// (if the above real 4.14+ program loaded successfully, then bpfloader will have already pinned
// it at the same location this one would be pinned at and will thus skip loading this stub)
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream6_rawip$stub", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream6_rawip$stub", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream6_rawip_stub, KVER_NONE, KVER(5, 4, 0))
(struct __sk_buff* skb) {
return TC_ACT_PIPE;
}
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream6_rawip$stub", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream6_rawip$stub", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream6_rawip_stub, KVER_NONE, KVER(5, 4, 0))
(struct __sk_buff* skb) {
return TC_ACT_PIPE;
@@ -351,9 +370,9 @@
// ----- IPv4 Support -----
-DEFINE_BPF_MAP_GRW(tether_downstream4_map, HASH, Tether4Key, Tether4Value, 1024, AID_NETWORK_STACK)
+DEFINE_BPF_MAP_GRW(tether_downstream4_map, HASH, Tether4Key, Tether4Value, 1024, TETHERING_GID)
-DEFINE_BPF_MAP_GRW(tether_upstream4_map, HASH, Tether4Key, Tether4Value, 1024, AID_NETWORK_STACK)
+DEFINE_BPF_MAP_GRW(tether_upstream4_map, HASH, Tether4Key, Tether4Value, 1024, TETHERING_GID)
static inline __always_inline int do_forward4_bottom(struct __sk_buff* skb,
const int l2_header_size, void* data, const void* data_end,
@@ -645,25 +664,25 @@
// Full featured (required) implementations for 5.8+ kernels (these are S+ by definition)
-DEFINE_BPF_PROG_KVER("schedcls/tether_downstream4_rawip$5_8", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("schedcls/tether_downstream4_rawip$5_8", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_rawip_5_8, KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ false, /* downstream */ true, /* updatetime */ true);
}
-DEFINE_BPF_PROG_KVER("schedcls/tether_upstream4_rawip$5_8", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("schedcls/tether_upstream4_rawip$5_8", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_rawip_5_8, KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ false, /* downstream */ false, /* updatetime */ true);
}
-DEFINE_BPF_PROG_KVER("schedcls/tether_downstream4_ether$5_8", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("schedcls/tether_downstream4_ether$5_8", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_ether_5_8, KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ true, /* downstream */ true, /* updatetime */ true);
}
-DEFINE_BPF_PROG_KVER("schedcls/tether_upstream4_ether$5_8", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("schedcls/tether_upstream4_ether$5_8", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_ether_5_8, KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ true, /* downstream */ false, /* updatetime */ true);
@@ -673,7 +692,7 @@
// (optional, because we need to be able to fallback for 4.14/4.19/5.4 pre-S kernels)
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_rawip$opt",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_rawip_opt,
KVER(4, 14, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
@@ -681,7 +700,7 @@
}
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_rawip$opt",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_rawip_opt,
KVER(4, 14, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
@@ -689,7 +708,7 @@
}
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_ether$opt",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_ether_opt,
KVER(4, 14, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
@@ -697,7 +716,7 @@
}
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_ether$opt",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_ether_opt,
KVER(4, 14, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
@@ -718,13 +737,13 @@
// RAWIP: Required for 5.4-R kernels -- which always support bpf_skb_change_head().
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_rawip$5_4", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_rawip$5_4", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_rawip_5_4, KVER(5, 4, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ false, /* downstream */ true, /* updatetime */ false);
}
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_rawip$5_4", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_rawip$5_4", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_rawip_5_4, KVER(5, 4, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ false, /* downstream */ false, /* updatetime */ false);
@@ -734,7 +753,7 @@
// [Note: fallback for 4.14/4.19 (P/Q) kernels is below in stub section]
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_rawip$4_14",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_rawip_4_14,
KVER(4, 14, 0), KVER(5, 4, 0))
(struct __sk_buff* skb) {
@@ -742,7 +761,7 @@
}
DEFINE_OPTIONAL_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_rawip$4_14",
- AID_ROOT, AID_NETWORK_STACK,
+ TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_rawip_4_14,
KVER(4, 14, 0), KVER(5, 4, 0))
(struct __sk_buff* skb) {
@@ -751,13 +770,13 @@
// ETHER: Required for 4.14-Q/R, 4.19-Q/R & 5.4-R kernels.
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_ether$4_14", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_ether$4_14", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_ether_4_14, KVER(4, 14, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ true, /* downstream */ true, /* updatetime */ false);
}
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_ether$4_14", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_ether$4_14", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_ether_4_14, KVER(4, 14, 0), KVER(5, 8, 0))
(struct __sk_buff* skb) {
return do_forward4(skb, /* is_ethernet */ true, /* downstream */ false, /* updatetime */ false);
@@ -767,13 +786,13 @@
// RAWIP: 4.9-P/Q, 4.14-P/Q & 4.19-Q kernels -- without bpf_skb_change_head() for tc programs
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_rawip$stub", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_rawip$stub", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_rawip_stub, KVER_NONE, KVER(5, 4, 0))
(struct __sk_buff* skb) {
return TC_ACT_PIPE;
}
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_rawip$stub", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_rawip$stub", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_rawip_stub, KVER_NONE, KVER(5, 4, 0))
(struct __sk_buff* skb) {
return TC_ACT_PIPE;
@@ -781,13 +800,13 @@
// ETHER: 4.9-P/Q kernel
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_ether$stub", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_downstream4_ether$stub", TETHERING_UID, TETHERING_GID,
sched_cls_tether_downstream4_ether_stub, KVER_NONE, KVER(4, 14, 0))
(struct __sk_buff* skb) {
return TC_ACT_PIPE;
}
-DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_ether$stub", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER_RANGE("schedcls/tether_upstream4_ether$stub", TETHERING_UID, TETHERING_GID,
sched_cls_tether_upstream4_ether_stub, KVER_NONE, KVER(4, 14, 0))
(struct __sk_buff* skb) {
return TC_ACT_PIPE;
@@ -795,7 +814,7 @@
// ----- XDP Support -----
-DEFINE_BPF_MAP_GRW(tether_dev_map, DEVMAP_HASH, uint32_t, uint32_t, 64, AID_NETWORK_STACK)
+DEFINE_BPF_MAP_GRW(tether_dev_map, DEVMAP_HASH, uint32_t, uint32_t, 64, TETHERING_GID)
static inline __always_inline int do_xdp_forward6(struct xdp_md *ctx, const bool is_ethernet,
const bool downstream) {
@@ -840,7 +859,7 @@
}
#define DEFINE_XDP_PROG(str, func) \
- DEFINE_BPF_PROG_KVER(str, AID_ROOT, AID_NETWORK_STACK, func, KVER(5, 9, 0))(struct xdp_md *ctx)
+ DEFINE_BPF_PROG_KVER(str, TETHERING_UID, TETHERING_GID, func, KVER(5, 9, 0))(struct xdp_md *ctx)
DEFINE_XDP_PROG("xdp/tether_downstream_ether",
xdp_tether_downstream_ether) {
diff --git a/bpf_progs/offload@btf.c b/bpf_progs/offload@btf.c
new file mode 120000
index 0000000..4092e0d
--- /dev/null
+++ b/bpf_progs/offload@btf.c
@@ -0,0 +1 @@
+offload.c
\ No newline at end of file
diff --git a/bpf_progs/offload@inprocess.c b/bpf_progs/offload@inprocess.c
new file mode 120000
index 0000000..4092e0d
--- /dev/null
+++ b/bpf_progs/offload@inprocess.c
@@ -0,0 +1 @@
+offload.c
\ No newline at end of file
diff --git a/bpf_progs/test.c b/bpf_progs/test.c
index f2fcc8c..d42205f 100644
--- a/bpf_progs/test.c
+++ b/bpf_progs/test.c
@@ -18,8 +18,27 @@
#include <linux/in.h>
#include <linux/ip.h>
+#ifdef BTF
+// BTF is incompatible with bpfloaders < v0.10, hence for S (v0.2) we must
+// ship a different file than for later versions, but we need bpfloader v0.25+
+// for obj@ver.o support
+#define BPFLOADER_MIN_VER BPFLOADER_OBJ_AT_VER_VERSION
+#else /* BTF */
// The resulting .o needs to load on the Android S bpfloader
#define BPFLOADER_MIN_VER BPFLOADER_S_VERSION
+#define BPFLOADER_MAX_VER BPFLOADER_OBJ_AT_VER_VERSION
+#endif /* BTF */
+
+// Warning: values other than AID_ROOT don't work for map uid on BpfLoader < v0.21
+#define TETHERING_UID AID_ROOT
+
+#ifdef INPROCESS
+#define DEFAULT_BPF_MAP_SELINUX_CONTEXT "fs_bpf_net_shared"
+#define DEFAULT_BPF_PROG_SELINUX_CONTEXT "fs_bpf_net_shared"
+#define TETHERING_GID AID_SYSTEM
+#else
+#define TETHERING_GID AID_NETWORK_STACK
+#endif
#include "bpf_helpers.h"
#include "bpf_net_helpers.h"
@@ -27,12 +46,11 @@
// Used only by TetheringPrivilegedTests, not by production code.
DEFINE_BPF_MAP_GRW(tether_downstream6_map, HASH, TetherDownstream6Key, Tether6Value, 16,
- AID_NETWORK_STACK)
+ TETHERING_GID)
// Used only by BpfBitmapTest, not by production code.
-DEFINE_BPF_MAP_GRW(bitmap, ARRAY, int, uint64_t, 2,
- AID_NETWORK_STACK)
+DEFINE_BPF_MAP_GRW(bitmap, ARRAY, int, uint64_t, 2, TETHERING_GID)
-DEFINE_BPF_PROG_KVER("xdp/drop_ipv4_udp_ether", AID_ROOT, AID_NETWORK_STACK,
+DEFINE_BPF_PROG_KVER("xdp/drop_ipv4_udp_ether", TETHERING_UID, TETHERING_GID,
xdp_test, KVER(5, 9, 0))
(struct xdp_md *ctx) {
void *data = (void *)(long)ctx->data;
diff --git a/bpf_progs/test@btf.c b/bpf_progs/test@btf.c
new file mode 120000
index 0000000..aeebb26
--- /dev/null
+++ b/bpf_progs/test@btf.c
@@ -0,0 +1 @@
+test.c
\ No newline at end of file
diff --git a/bpf_progs/test@inprocess.c b/bpf_progs/test@inprocess.c
new file mode 120000
index 0000000..aeebb26
--- /dev/null
+++ b/bpf_progs/test@inprocess.c
@@ -0,0 +1 @@
+test.c
\ No newline at end of file
diff --git a/service-t/src/com/android/server/net/CookieTagMapKey.java b/common/src/com/android/net/module/util/bpf/CookieTagMapKey.java
similarity index 95%
rename from service-t/src/com/android/server/net/CookieTagMapKey.java
rename to common/src/com/android/net/module/util/bpf/CookieTagMapKey.java
index 443e5b3..17da7a0 100644
--- a/service-t/src/com/android/server/net/CookieTagMapKey.java
+++ b/common/src/com/android/net/module/util/bpf/CookieTagMapKey.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.server.net;
+package com.android.net.module.util.bpf;
import com.android.net.module.util.Struct;
import com.android.net.module.util.Struct.Field;
diff --git a/service-t/src/com/android/server/net/CookieTagMapValue.java b/common/src/com/android/net/module/util/bpf/CookieTagMapValue.java
similarity index 95%
rename from service-t/src/com/android/server/net/CookieTagMapValue.java
rename to common/src/com/android/net/module/util/bpf/CookieTagMapValue.java
index 93b9195..e1a221f 100644
--- a/service-t/src/com/android/server/net/CookieTagMapValue.java
+++ b/common/src/com/android/net/module/util/bpf/CookieTagMapValue.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package com.android.server.net;
+package com.android.net.module.util.bpf;
import com.android.net.module.util.Struct;
import com.android.net.module.util.Struct.Field;
diff --git a/framework-t/Android.bp b/framework-t/Android.bp
index 1e508a0..80477f1 100644
--- a/framework-t/Android.bp
+++ b/framework-t/Android.bp
@@ -103,7 +103,7 @@
// Do not add static_libs to this library: put them in framework-connectivity instead.
// The jarjar rules are only so that references to jarjared utils in
// framework-connectivity-pre-jarjar match at runtime.
- jarjar_rules: ":connectivity-jarjar-rules",
+ jarjar_rules: ":framework-connectivity-jarjar-rules",
permitted_packages: [
"android.app.usage",
"android.net",
@@ -116,6 +116,7 @@
"//packages/modules/Connectivity/Tethering/apex",
// In preparation for future move
"//packages/modules/Connectivity/apex",
+ "//packages/modules/Connectivity/service", // For R8 only
"//packages/modules/Connectivity/service-t",
"//packages/modules/Nearby/service",
"//frameworks/base",
diff --git a/framework-t/Sources.bp b/framework-t/Sources.bp
index b30ee80..391a562 100644
--- a/framework-t/Sources.bp
+++ b/framework-t/Sources.bp
@@ -14,125 +14,13 @@
// limitations under the License.
//
-// NetworkStats related libraries.
-
-filegroup {
- name: "framework-connectivity-netstats-internal-sources",
- srcs: [
- "src/android/app/usage/*.java",
- "src/android/net/DataUsageRequest.*",
- "src/android/net/INetworkStatsService.aidl",
- "src/android/net/INetworkStatsSession.aidl",
- "src/android/net/NetworkIdentity.java",
- "src/android/net/NetworkIdentitySet.java",
- "src/android/net/NetworkStateSnapshot.*",
- "src/android/net/NetworkStats.*",
- "src/android/net/NetworkStatsAccess.*",
- "src/android/net/NetworkStatsCollection.*",
- "src/android/net/NetworkStatsHistory.*",
- "src/android/net/NetworkTemplate.*",
- "src/android/net/TrafficStats.java",
- "src/android/net/UnderlyingNetworkInfo.*",
- "src/android/net/netstats/**/*.*",
- ],
- path: "src",
- visibility: [
- "//visibility:private",
- ],
-}
-
-filegroup {
- name: "framework-connectivity-netstats-sources",
- srcs: [
- ":framework-connectivity-netstats-internal-sources",
- ],
- visibility: [
- "//visibility:private",
- ],
-}
-
-// Nsd related libraries.
-
-filegroup {
- name: "framework-connectivity-nsd-internal-sources",
- srcs: [
- "src/android/net/nsd/*.aidl",
- "src/android/net/nsd/*.java",
- ],
- path: "src",
- visibility: [
- "//visibility:private",
- ],
-}
-
-filegroup {
- name: "framework-connectivity-nsd-sources",
- srcs: [
- ":framework-connectivity-nsd-internal-sources",
- ],
- visibility: [
- "//visibility:private",
- ],
-}
-
-// IpSec related libraries.
-
-filegroup {
- name: "framework-connectivity-ipsec-sources",
- srcs: [
- "src/android/net/IIpSecService.aidl",
- "src/android/net/IpSec*.*",
- ],
- path: "src",
- visibility: [
- "//visibility:private",
- ],
-}
-
-// Ethernet related libraries.
-
-filegroup {
- name: "framework-connectivity-ethernet-sources",
- srcs: [
- "src/android/net/EthernetManager.java",
- "src/android/net/EthernetNetworkManagementException.java",
- "src/android/net/EthernetNetworkManagementException.aidl",
- "src/android/net/EthernetNetworkSpecifier.java",
- "src/android/net/EthernetNetworkUpdateRequest.java",
- "src/android/net/EthernetNetworkUpdateRequest.aidl",
- "src/android/net/IEthernetManager.aidl",
- "src/android/net/IEthernetServiceListener.aidl",
- "src/android/net/INetworkInterfaceOutcomeReceiver.aidl",
- "src/android/net/ITetheredInterfaceCallback.aidl",
- ],
- path: "src",
- visibility: [
- "//visibility:private",
- ],
-}
-
-// Connectivity-T common libraries.
-
-filegroup {
- name: "framework-connectivity-tiramisu-internal-sources",
- srcs: [
- "src/android/net/ConnectivityFrameworkInitializerTiramisu.java",
- ],
- path: "src",
- visibility: [
- "//visibility:private",
- ],
-}
-
filegroup {
name: "framework-connectivity-tiramisu-updatable-sources",
srcs: [
- ":framework-connectivity-ethernet-sources",
- ":framework-connectivity-ipsec-sources",
- ":framework-connectivity-netstats-sources",
- ":framework-connectivity-nsd-sources",
- ":framework-connectivity-tiramisu-internal-sources",
+ "src/**/*.java",
+ "src/**/*.aidl",
],
+ path: "src",
visibility: [
"//frameworks/base",
"//packages/modules/Connectivity:__subpackages__",
diff --git a/framework-t/src/android/app/usage/NetworkStats.java b/framework-t/src/android/app/usage/NetworkStats.java
index 74fe4bd..26841de 100644
--- a/framework-t/src/android/app/usage/NetworkStats.java
+++ b/framework-t/src/android/app/usage/NetworkStats.java
@@ -1,17 +1,17 @@
/**
* Copyright (C) 2015 The Android Open Source Project
*
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy
- * of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations
- * under the License.
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package android.app.usage;
@@ -36,11 +36,11 @@
import java.util.ArrayList;
/**
- * Class providing enumeration over buckets of network usage statistics. {@link NetworkStats} objects
- * are returned as results to various queries in {@link NetworkStatsManager}.
+ * Class providing enumeration over buckets of network usage statistics. {@link NetworkStats}
+ * objects are returned as results to various queries in {@link NetworkStatsManager}.
*/
public final class NetworkStats implements AutoCloseable {
- private final static String TAG = "NetworkStats";
+ private static final String TAG = "NetworkStats";
private final CloseGuard mCloseGuard = CloseGuard.get();
@@ -616,7 +616,7 @@
/**
* Steps to next uid in enumeration and collects history for that.
*/
- private void stepHistory(){
+ private void stepHistory() {
if (hasNextUid()) {
stepUid();
mHistory = null;
@@ -692,8 +692,8 @@
bucketOut.mMetered = Bucket.METERED_ALL;
bucketOut.mRoaming = Bucket.ROAMING_ALL;
bucketOut.mBeginTimeStamp = mRecycledHistoryEntry.bucketStart;
- bucketOut.mEndTimeStamp = mRecycledHistoryEntry.bucketStart +
- mRecycledHistoryEntry.bucketDuration;
+ bucketOut.mEndTimeStamp = mRecycledHistoryEntry.bucketStart
+ + mRecycledHistoryEntry.bucketDuration;
bucketOut.mRxBytes = mRecycledHistoryEntry.rxBytes;
bucketOut.mRxPackets = mRecycledHistoryEntry.rxPackets;
bucketOut.mTxBytes = mRecycledHistoryEntry.txBytes;
diff --git a/framework-t/src/android/app/usage/NetworkStatsManager.java b/framework-t/src/android/app/usage/NetworkStatsManager.java
index f41475b..d139544 100644
--- a/framework-t/src/android/app/usage/NetworkStatsManager.java
+++ b/framework-t/src/android/app/usage/NetworkStatsManager.java
@@ -19,6 +19,9 @@
import static android.annotation.SystemApi.Client.MODULE_LIBRARIES;
import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+import static android.net.NetworkStats.METERED_YES;
+import static android.net.NetworkTemplate.MATCH_MOBILE;
+import static android.net.NetworkTemplate.MATCH_WIFI;
import android.Manifest;
import android.annotation.CallbackExecutor;
@@ -55,6 +58,7 @@
import java.util.List;
import java.util.Objects;
+import java.util.Set;
import java.util.concurrent.Executor;
/**
@@ -1020,14 +1024,17 @@
switch (networkType) {
case ConnectivityManager.TYPE_MOBILE:
template = subscriberId == null
- ? NetworkTemplate.buildTemplateMobileWildcard()
- : NetworkTemplate.buildTemplateMobileAll(subscriberId);
+ ? new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).build()
+ : new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES)
+ .setSubscriberIds(Set.of(subscriberId)).build();
break;
case ConnectivityManager.TYPE_WIFI:
template = TextUtils.isEmpty(subscriberId)
- ? NetworkTemplate.buildTemplateWifiWildcard()
- : NetworkTemplate.buildTemplateWifi(NetworkTemplate.WIFI_NETWORKID_ALL,
- subscriberId);
+ ? new NetworkTemplate.Builder(MATCH_WIFI).build()
+ : new NetworkTemplate.Builder(MATCH_WIFI)
+ .setSubscriberIds(Set.of(subscriberId)).build();
break;
default:
throw new IllegalArgumentException("Cannot create template for network type "
diff --git a/framework-t/src/android/net/NetworkStats.java b/framework-t/src/android/net/NetworkStats.java
index 0bb98f8..a655a9b 100644
--- a/framework-t/src/android/net/NetworkStats.java
+++ b/framework-t/src/android/net/NetworkStats.java
@@ -1041,7 +1041,7 @@
*/
public long getTotalPackets() {
long total = 0;
- for (int i = size-1; i >= 0; i--) {
+ for (int i = size - 1; i >= 0; i--) {
total += rxPackets[i] + txPackets[i];
}
return total;
diff --git a/framework-t/src/android/net/NetworkStatsCollection.java b/framework-t/src/android/net/NetworkStatsCollection.java
index 6a1d2dd..df42b58 100644
--- a/framework-t/src/android/net/NetworkStatsCollection.java
+++ b/framework-t/src/android/net/NetworkStatsCollection.java
@@ -28,6 +28,10 @@
import static android.net.NetworkStats.SET_DEFAULT;
import static android.net.NetworkStats.TAG_NONE;
import static android.net.NetworkStats.UID_ALL;
+import static android.net.NetworkTemplate.MATCH_BLUETOOTH;
+import static android.net.NetworkTemplate.MATCH_ETHERNET;
+import static android.net.NetworkTemplate.MATCH_MOBILE;
+import static android.net.NetworkTemplate.MATCH_WIFI;
import static android.net.TrafficStats.UID_REMOVED;
import static android.text.format.DateUtils.WEEK_IN_MILLIS;
@@ -774,10 +778,11 @@
/** @hide */
public void dumpCheckin(PrintWriter pw, long start, long end) {
- dumpCheckin(pw, start, end, NetworkTemplate.buildTemplateMobileWildcard(), "cell");
- dumpCheckin(pw, start, end, NetworkTemplate.buildTemplateWifiWildcard(), "wifi");
- dumpCheckin(pw, start, end, NetworkTemplate.buildTemplateEthernet(), "eth");
- dumpCheckin(pw, start, end, NetworkTemplate.buildTemplateBluetooth(), "bt");
+ dumpCheckin(pw, start, end, new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).build(), "cell");
+ dumpCheckin(pw, start, end, new NetworkTemplate.Builder(MATCH_WIFI).build(), "wifi");
+ dumpCheckin(pw, start, end, new NetworkTemplate.Builder(MATCH_ETHERNET).build(), "eth");
+ dumpCheckin(pw, start, end, new NetworkTemplate.Builder(MATCH_BLUETOOTH).build(), "bt");
}
/**
diff --git a/framework-t/src/android/net/netstats/provider/NetworkStatsProvider.java b/framework-t/src/android/net/netstats/provider/NetworkStatsProvider.java
index d37a53d..66d99a1 100644
--- a/framework-t/src/android/net/netstats/provider/NetworkStatsProvider.java
+++ b/framework-t/src/android/net/netstats/provider/NetworkStatsProvider.java
@@ -118,7 +118,7 @@
*
* @param token the token under which these stats were gathered. Providers can call this method
* with the current token as often as they want, until the token changes.
- * {@see NetworkStatsProvider#onRequestStatsUpdate()}
+ * See {@link NetworkStatsProvider#onRequestStatsUpdate(int)}
* @param ifaceStats the {@link NetworkStats} per interface to be reported.
* The provider should not include any traffic that is already counted by
* kernel interface counters.
diff --git a/framework-t/src/android/net/nsd/NsdManager.java b/framework-t/src/android/net/nsd/NsdManager.java
index fad63e5..3fcc11b 100644
--- a/framework-t/src/android/net/nsd/NsdManager.java
+++ b/framework-t/src/android/net/nsd/NsdManager.java
@@ -126,7 +126,7 @@
* http://www.iana.org/form/ports-service. Existing services can be found at
* http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
*
- * {@see NsdServiceInfo}
+ * @see NsdServiceInfo
*/
@SystemService(Context.NSD_SERVICE)
public final class NsdManager {
diff --git a/framework-t/src/android/net/nsd/NsdServiceInfo.java b/framework-t/src/android/net/nsd/NsdServiceInfo.java
index 200c808..6438a60 100644
--- a/framework-t/src/android/net/nsd/NsdServiceInfo.java
+++ b/framework-t/src/android/net/nsd/NsdServiceInfo.java
@@ -34,7 +34,7 @@
/**
* A class representing service information for network service discovery
- * {@see NsdManager}
+ * @see NsdManager
*/
public final class NsdServiceInfo implements Parcelable {
diff --git a/framework/Android.bp b/framework/Android.bp
index 6350e14..fcce7a5 100644
--- a/framework/Android.bp
+++ b/framework/Android.bp
@@ -112,6 +112,7 @@
// because the tethering stubs depend on the connectivity stubs (e.g.,
// TetheringRequest depends on LinkAddress).
"framework-tethering.stubs.module_lib",
+ "framework-wifi.stubs.module_lib",
],
visibility: ["//packages/modules/Connectivity:__subpackages__"]
}
@@ -120,7 +121,7 @@
name: "framework-connectivity",
defaults: ["framework-connectivity-defaults"],
installable: true,
- jarjar_rules: ":connectivity-jarjar-rules",
+ jarjar_rules: ":framework-connectivity-jarjar-rules",
permitted_packages: ["android.net"],
impl_library_visibility: [
"//packages/modules/Connectivity/Tethering/apex",
@@ -211,3 +212,33 @@
"com.android.tethering",
],
}
+
+java_genrule {
+ name: "framework-connectivity-jarjar-rules",
+ tool_files: [
+ ":connectivity-hiddenapi-files",
+ ":framework-connectivity-pre-jarjar{.jar}",
+ ":framework-connectivity-t-pre-jarjar{.jar}",
+ ":framework-connectivity.stubs.module_lib{.jar}",
+ ":framework-connectivity-t.stubs.module_lib{.jar}",
+ "jarjar-excludes.txt",
+ ],
+ tools: [
+ "jarjar-rules-generator",
+ ],
+ out: ["framework_connectivity_jarjar_rules.txt"],
+ cmd: "$(location jarjar-rules-generator) " +
+ "--jars $(location :framework-connectivity-pre-jarjar{.jar}) " +
+ "$(location :framework-connectivity-t-pre-jarjar{.jar}) " +
+ "--prefix android.net.connectivity " +
+ "--apistubs $(location :framework-connectivity.stubs.module_lib{.jar}) " +
+ "$(location :framework-connectivity-t.stubs.module_lib{.jar}) " +
+ "--unsupportedapi $(locations :connectivity-hiddenapi-files) " +
+ "--excludes $(location jarjar-excludes.txt) " +
+ "--output $(out)",
+ visibility: [
+ "//packages/modules/Connectivity/framework:__subpackages__",
+ "//packages/modules/Connectivity/framework-t:__subpackages__",
+ "//packages/modules/Connectivity/service",
+ ],
+}
diff --git a/framework/jni/android_net_NetworkUtils.cpp b/framework/jni/android_net_NetworkUtils.cpp
index 7478b3e..857ece5 100644
--- a/framework/jni/android_net_NetworkUtils.cpp
+++ b/framework/jni/android_net_NetworkUtils.cpp
@@ -232,7 +232,8 @@
return NULL;
}
- jclass class_TcpRepairWindow = env->FindClass("android/net/TcpRepairWindow");
+ jclass class_TcpRepairWindow = env->FindClass(
+ "android/net/connectivity/android/net/TcpRepairWindow");
jmethodID ctor = env->GetMethodID(class_TcpRepairWindow, "<init>", "(IIIIII)V");
return env->NewObject(class_TcpRepairWindow, ctor, trw.snd_wl1, trw.snd_wnd, trw.max_window,
@@ -253,7 +254,7 @@
{ "bindSocketToNetworkHandle", "(Ljava/io/FileDescriptor;J)I", (void*) android_net_utils_bindSocketToNetworkHandle },
{ "attachDropAllBPFFilter", "(Ljava/io/FileDescriptor;)V", (void*) android_net_utils_attachDropAllBPFFilter },
{ "detachBPFFilter", "(Ljava/io/FileDescriptor;)V", (void*) android_net_utils_detachBPFFilter },
- { "getTcpRepairWindow", "(Ljava/io/FileDescriptor;)Landroid/net/TcpRepairWindow;", (void*) android_net_utils_getTcpRepairWindow },
+ { "getTcpRepairWindow", "(Ljava/io/FileDescriptor;)Landroid/net/connectivity/android/net/TcpRepairWindow;", (void*) android_net_utils_getTcpRepairWindow },
{ "resNetworkSend", "(J[BII)Ljava/io/FileDescriptor;", (void*) android_net_utils_resNetworkSend },
{ "resNetworkQuery", "(JLjava/lang/String;III)Ljava/io/FileDescriptor;", (void*) android_net_utils_resNetworkQuery },
{ "resNetworkResult", "(Ljava/io/FileDescriptor;)Landroid/net/DnsResolver$DnsResponse;", (void*) android_net_utils_resNetworkResult },
diff --git a/framework/src/android/net/ConnectivityManager.java b/framework/src/android/net/ConnectivityManager.java
index eeedfd1..28f0699 100644
--- a/framework/src/android/net/ConnectivityManager.java
+++ b/framework/src/android/net/ConnectivityManager.java
@@ -556,7 +556,7 @@
*
* @deprecated Applications should instead use {@link NetworkCapabilities#hasTransport} or
* {@link #requestNetwork(NetworkRequest, NetworkCallback)} to request an
- * appropriate network. {@see NetworkCapabilities} for supported transports.
+ * appropriate network. See {@link NetworkCapabilities} for supported transports.
*/
@Deprecated
public static final int TYPE_MOBILE = 0;
@@ -566,7 +566,7 @@
*
* @deprecated Applications should instead use {@link NetworkCapabilities#hasTransport} or
* {@link #requestNetwork(NetworkRequest, NetworkCallback)} to request an
- * appropriate network. {@see NetworkCapabilities} for supported transports.
+ * appropriate network. See {@link NetworkCapabilities} for supported transports.
*/
@Deprecated
public static final int TYPE_WIFI = 1;
@@ -617,7 +617,7 @@
*
* @deprecated Applications should instead use {@link NetworkCapabilities#hasTransport} or
* {@link #requestNetwork(NetworkRequest, NetworkCallback)} to request an
- * appropriate network. {@see NetworkCapabilities} for supported transports.
+ * appropriate network. See {@link NetworkCapabilities} for supported transports.
*/
@Deprecated
public static final int TYPE_MOBILE_HIPRI = 5;
@@ -627,7 +627,7 @@
*
* @deprecated Applications should instead use {@link NetworkCapabilities#hasTransport} or
* {@link #requestNetwork(NetworkRequest, NetworkCallback)} to request an
- * appropriate network. {@see NetworkCapabilities} for supported transports.
+ * appropriate network. See {@link NetworkCapabilities} for supported transports.
*/
@Deprecated
public static final int TYPE_WIMAX = 6;
@@ -637,7 +637,7 @@
*
* @deprecated Applications should instead use {@link NetworkCapabilities#hasTransport} or
* {@link #requestNetwork(NetworkRequest, NetworkCallback)} to request an
- * appropriate network. {@see NetworkCapabilities} for supported transports.
+ * appropriate network. See {@link NetworkCapabilities} for supported transports.
*/
@Deprecated
public static final int TYPE_BLUETOOTH = 7;
@@ -654,7 +654,7 @@
*
* @deprecated Applications should instead use {@link NetworkCapabilities#hasTransport} or
* {@link #requestNetwork(NetworkRequest, NetworkCallback)} to request an
- * appropriate network. {@see NetworkCapabilities} for supported transports.
+ * appropriate network. See {@link NetworkCapabilities} for supported transports.
*/
@Deprecated
public static final int TYPE_ETHERNET = 9;
@@ -1204,7 +1204,7 @@
/**
* Preference for {@link ProfileNetworkPreference#setPreference(int)}.
- * {@see #setProfileNetworkPreferences(UserHandle, List, Executor, Runnable)}
+ * See {@link #setProfileNetworkPreferences(UserHandle, List, Executor, Runnable)}
* Specify that the traffic for this user should by follow the default rules.
* @hide
*/
@@ -1213,7 +1213,7 @@
/**
* Preference for {@link ProfileNetworkPreference#setPreference(int)}.
- * {@see #setProfileNetworkPreferences(UserHandle, List, Executor, Runnable)}
+ * See {@link #setProfileNetworkPreferences(UserHandle, List, Executor, Runnable)}
* Specify that the traffic for this user should by default go on a network with
* {@link NetworkCapabilities#NET_CAPABILITY_ENTERPRISE}, and on the system default network
* if no such network is available.
@@ -1224,7 +1224,7 @@
/**
* Preference for {@link ProfileNetworkPreference#setPreference(int)}.
- * {@see #setProfileNetworkPreferences(UserHandle, List, Executor, Runnable)}
+ * See {@link #setProfileNetworkPreferences(UserHandle, List, Executor, Runnable)}
* Specify that the traffic for this user should by default go on a network with
* {@link NetworkCapabilities#NET_CAPABILITY_ENTERPRISE} and if no such network is available
* should not go on the system default network
@@ -3383,8 +3383,8 @@
* proxy is likely to break networking on multiple networks. This method is only meant
* for device policy clients looking to do general internal filtering or similar use cases.
*
- * {@see #getGlobalProxy}
- * {@see LinkProperties#getHttpProxy}
+ * @see #getGlobalProxy
+ * @see LinkProperties#getHttpProxy
*
* @param p A {@link ProxyInfo} object defining the new global HTTP proxy. Calling this
* method with a {@code null} value will clear the global HTTP proxy.
@@ -4277,7 +4277,7 @@
* network, unless it becomes the best again at some later time. All callbacks are invoked
* in order on the same thread, which by default is a thread created by the framework running
* in the app.
- * {@see #requestNetwork(NetworkRequest, NetworkCallback, Handler)} to change where the
+ * See {@link #requestNetwork(NetworkRequest, NetworkCallback, Handler)} to change where the
* callbacks are invoked.
*
* <p>This{@link NetworkRequest} will live until released via
@@ -5949,7 +5949,7 @@
*
* @param chain target chain to replace.
* @param uids The list of UIDs to be placed into chain.
- * @throws IllegalStateException if replacing the firewall chain failed.
+ * @throws UnsupportedOperationException if called on pre-T devices.
* @throws IllegalArgumentException if {@code chain} is not a valid chain.
* @hide
*/
diff --git a/framework/src/android/net/DnsResolver.java b/framework/src/android/net/DnsResolver.java
index 164160f..5e637f9 100644
--- a/framework/src/android/net/DnsResolver.java
+++ b/framework/src/android/net/DnsResolver.java
@@ -137,7 +137,7 @@
* @param answer <T> answer to the query.
* @param rcode The response code in the DNS response.
*
- * {@see android.net.DnsResolver#query query()}
+ * @see android.net.DnsResolver#query query()
*/
void onAnswer(@NonNull T answer, int rcode);
/**
diff --git a/framework/src/android/net/DnsResolverServiceManager.java b/framework/src/android/net/DnsResolverServiceManager.java
index 79009e8..e64d2ae 100644
--- a/framework/src/android/net/DnsResolverServiceManager.java
+++ b/framework/src/android/net/DnsResolverServiceManager.java
@@ -29,7 +29,7 @@
private final IBinder mResolver;
- DnsResolverServiceManager(IBinder resolver) {
+ public DnsResolverServiceManager(IBinder resolver) {
mResolver = resolver;
}
diff --git a/framework/src/android/net/ITestNetworkManager.aidl b/framework/src/android/net/ITestNetworkManager.aidl
index d18b931..9432acb 100644
--- a/framework/src/android/net/ITestNetworkManager.aidl
+++ b/framework/src/android/net/ITestNetworkManager.aidl
@@ -30,7 +30,8 @@
interface ITestNetworkManager
{
TestNetworkInterface createInterface(boolean isTun, boolean hasCarrier, boolean bringUp,
- in LinkAddress[] addrs, in @nullable String iface);
+ boolean disableIpv6ProvisioningDelay, in LinkAddress[] addrs,
+ in @nullable String iface);
void setCarrierEnabled(in TestNetworkInterface iface, boolean enabled);
diff --git a/framework/src/android/net/LinkProperties.java b/framework/src/android/net/LinkProperties.java
index a8f707e..b7ee846 100644
--- a/framework/src/android/net/LinkProperties.java
+++ b/framework/src/android/net/LinkProperties.java
@@ -29,6 +29,8 @@
import android.text.TextUtils;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.modules.utils.build.SdkLevel;
+import com.android.net.module.util.CollectionUtils;
import com.android.net.module.util.LinkPropertiesUtils;
import java.net.Inet4Address;
@@ -42,7 +44,6 @@
import java.util.List;
import java.util.Objects;
import java.util.StringJoiner;
-import java.util.stream.Collectors;
/**
* Describes the properties of a network link.
@@ -759,9 +760,15 @@
* @return An unmodifiable {@link List} of {@link RouteInfo} for this link.
*/
public @NonNull List<RouteInfo> getRoutes() {
- if (CompatChanges.isChangeEnabled(EXCLUDED_ROUTES)) {
+ // Before T, there's no throw routes because VpnService is not updatable, so no need to
+ // filter them out.
+ if (CompatChanges.isChangeEnabled(EXCLUDED_ROUTES) || !SdkLevel.isAtLeastT()) {
return Collections.unmodifiableList(mRoutes);
} else {
+ // Apps that added a throw route themselves (not obtaining LinkProperties from the
+ // system) will not see it in getRoutes on T+ if they do not have the compat change
+ // enabled (target SDK < T); but this is expected to be rare and typically only affect
+ // tests creating LinkProperties themselves (like CTS v12, which is only running on S).
return Collections.unmodifiableList(getUnicastRoutes());
}
}
@@ -770,9 +777,7 @@
* Returns all the {@link RouteInfo} of type {@link RouteInfo#RTN_UNICAST} set on this link.
*/
private @NonNull List<RouteInfo> getUnicastRoutes() {
- return mRoutes.stream()
- .filter(route -> route.getType() == RouteInfo.RTN_UNICAST)
- .collect(Collectors.toList());
+ return CollectionUtils.filter(mRoutes, route -> route.getType() == RouteInfo.RTN_UNICAST);
}
/**
diff --git a/framework/src/android/net/NattSocketKeepalive.java b/framework/src/android/net/NattSocketKeepalive.java
index a15d165..56cc923 100644
--- a/framework/src/android/net/NattSocketKeepalive.java
+++ b/framework/src/android/net/NattSocketKeepalive.java
@@ -33,7 +33,7 @@
@NonNull private final InetAddress mDestination;
private final int mResourceId;
- NattSocketKeepalive(@NonNull IConnectivityManager service,
+ public NattSocketKeepalive(@NonNull IConnectivityManager service,
@NonNull Network network,
@NonNull ParcelFileDescriptor pfd,
int resourceId,
@@ -48,7 +48,7 @@
}
@Override
- void startImpl(int intervalSec) {
+ protected void startImpl(int intervalSec) {
mExecutor.execute(() -> {
try {
mService.startNattKeepaliveWithFd(mNetwork, mPfd, mResourceId,
@@ -62,7 +62,7 @@
}
@Override
- void stopImpl() {
+ protected void stopImpl() {
mExecutor.execute(() -> {
try {
if (mSlot != null) {
diff --git a/framework/src/android/net/NetworkAgent.java b/framework/src/android/net/NetworkAgent.java
index 5659a35..1486619 100644
--- a/framework/src/android/net/NetworkAgent.java
+++ b/framework/src/android/net/NetworkAgent.java
@@ -84,7 +84,7 @@
* the correct packets. Devices typically have a small number of slots
* per radio technology, and the specific number of slots for each
* technology is specified in configuration files.
- * {@see SocketKeepalive} for details.
+ * See {@link SocketKeepalive} for details.
*
* @hide
*/
diff --git a/framework/src/android/net/NetworkAgentConfig.java b/framework/src/android/net/NetworkAgentConfig.java
index 0d2b620..b6f3314 100644
--- a/framework/src/android/net/NetworkAgentConfig.java
+++ b/framework/src/android/net/NetworkAgentConfig.java
@@ -252,7 +252,7 @@
/**
* Whether network validation should be performed for this VPN network.
- * {@see #isVpnValidationRequired}
+ * @see #isVpnValidationRequired
* @hide
*/
private boolean mVpnRequiresValidation = false;
diff --git a/framework/src/android/net/NetworkCapabilities.java b/framework/src/android/net/NetworkCapabilities.java
index dbb05a9..ea8a3df 100644
--- a/framework/src/android/net/NetworkCapabilities.java
+++ b/framework/src/android/net/NetworkCapabilities.java
@@ -192,7 +192,7 @@
/**
* Bitfield representing the network's enterprise capability identifier. If any are specified
* they will be satisfied by any Network that matches all of them.
- * {@see addEnterpriseId} for details on how masks are added
+ * See {@link #addEnterpriseId(int)} for details on how masks are added
*/
private int mEnterpriseId;
@@ -1460,7 +1460,7 @@
* Sets the upstream bandwidth for this network in Kbps. This always only refers to
* the estimated first hop transport bandwidth.
* <p>
- * {@see Builder#setLinkUpstreamBandwidthKbps}
+ * @see Builder#setLinkUpstreamBandwidthKbps
*
* @param upKbps the estimated first hop upstream (device to network) bandwidth.
* @hide
@@ -1484,7 +1484,7 @@
* Sets the downstream bandwidth for this network in Kbps. This always only refers to
* the estimated first hop transport bandwidth.
* <p>
- * {@see Builder#setLinkUpstreamBandwidthKbps}
+ * @see Builder#setLinkUpstreamBandwidthKbps
*
* @param downKbps the estimated first hop downstream (network to device) bandwidth.
* @hide
@@ -2534,7 +2534,7 @@
/**
* Set the uid and package name of the app causing this network to exist.
*
- * {@see #setRequestorUid} and {@link #setRequestorPackageName}
+ * See {@link #setRequestorUid} and {@link #setRequestorPackageName}
*
* @param uid UID of the app.
* @param packageName package name of the app.
@@ -2719,7 +2719,7 @@
/**
* Removes the given transport type.
*
- * {@see #addTransportType}.
+ * @see #addTransportType
*
* @param transportType the transport type to be added or removed.
* @return this builder
diff --git a/framework/src/android/net/NetworkProvider.java b/framework/src/android/net/NetworkProvider.java
index 3615075..7edcbae 100644
--- a/framework/src/android/net/NetworkProvider.java
+++ b/framework/src/android/net/NetworkProvider.java
@@ -192,36 +192,21 @@
private class NetworkOfferCallbackProxy extends INetworkOfferCallback.Stub {
@NonNull public final NetworkOfferCallback callback;
@NonNull private final Executor mExecutor;
- /**
- * Boolean flag that prevents onNetworkNeeded / onNetworkUnneeded callbacks from being
- * propagated after unregisterNetworkOffer has been called. Since unregisterNetworkOffer
- * runs on the CS handler thread, it will not go into effect immediately.
- */
- private volatile boolean mIsStale;
NetworkOfferCallbackProxy(@NonNull final NetworkOfferCallback callback,
@NonNull final Executor executor) {
this.callback = callback;
this.mExecutor = executor;
- this.mIsStale = false;
}
@Override
public void onNetworkNeeded(final @NonNull NetworkRequest request) {
- mExecutor.execute(() -> {
- if (!mIsStale) callback.onNetworkNeeded(request);
- });
+ mExecutor.execute(() -> callback.onNetworkNeeded(request));
}
@Override
public void onNetworkUnneeded(final @NonNull NetworkRequest request) {
- mExecutor.execute(() -> {
- if (!mIsStale) callback.onNetworkUnneeded(request);
- });
- }
-
- public void markStale() {
- mIsStale = true;
+ mExecutor.execute(() -> callback.onNetworkUnneeded(request));
}
}
@@ -334,6 +319,11 @@
* if it could beat any of them, and may be advantageous to the provider's implementation that
* can rely on no longer receiving callbacks for a network that they can't bring up anyways.
*
+ * Warning: This method executes asynchronously. The NetworkOfferCallback object can continue
+ * receiving onNetworkNeeded and onNetworkUnneeded callbacks even after this method has
+ * returned. In this case, it is on the caller to take appropriate steps in order to prevent
+ * bringing up a network.
+ *
* @hide
*/
@SystemApi
@@ -342,7 +332,6 @@
final NetworkOfferCallbackProxy proxy = findProxyForCallback(callback);
if (null == proxy) return;
synchronized (mProxies) {
- proxy.markStale();
mProxies.remove(proxy);
}
mContext.getSystemService(ConnectivityManager.class).unofferNetwork(proxy);
diff --git a/framework/src/android/net/ProfileNetworkPreference.java b/framework/src/android/net/ProfileNetworkPreference.java
index fdcab02..8b98721 100644
--- a/framework/src/android/net/ProfileNetworkPreference.java
+++ b/framework/src/android/net/ProfileNetworkPreference.java
@@ -79,7 +79,7 @@
* if included is not empty, then only included UIDs are applied.
* if excluded is not empty, then it is all uids in the user profile except these UIDs.
* @return Array of uids included for the profile preference.
- * {@see #getExcludedUids()}
+ * @see #getExcludedUids()
*/
public @NonNull int[] getIncludedUids() {
return mIncludedUids.clone();
@@ -93,7 +93,7 @@
* <ul>If included is not empty, then only included UIDs are applied.</ul>
* <ul>If excluded is not empty, then it is all uids in the user profile except these UIDs.</ul>
* @return Array of uids not included for the profile preference.
- * {@see #getIncludedUids()}
+ * @see #getIncludedUids()
*/
public @NonNull int[] getExcludedUids() {
return mExcludedUids.clone();
@@ -177,7 +177,7 @@
/**
* This is a array of uids for which profile perefence is set.
* Empty would mean that this preference applies to all uids in the profile.
- * {@see #setExcludedUids(int[])}
+ * @see #setExcludedUids(int[])
* Included UIDs and Excluded UIDs can't both be non-empty.
* if both are empty, it means this request applies to all uids in the user profile.
* if included is not empty, then only included UIDs are applied.
@@ -195,7 +195,7 @@
/**
* This is a array of uids that are excluded for the profile perefence.
- * {@see #setIncludedUids(int[])}
+ * @see #setIncludedUids(int[])
* Included UIDs and Excluded UIDs can't both be non-empty.
* if both are empty, it means this request applies to all uids in the user profile.
* if included is not empty, then only included UIDs are applied.
diff --git a/framework/src/android/net/QosCallbackConnection.java b/framework/src/android/net/QosCallbackConnection.java
index de0fc24..cfceddd 100644
--- a/framework/src/android/net/QosCallbackConnection.java
+++ b/framework/src/android/net/QosCallbackConnection.java
@@ -35,7 +35,7 @@
*
* @hide
*/
-class QosCallbackConnection extends android.net.IQosCallback.Stub {
+public class QosCallbackConnection extends android.net.IQosCallback.Stub {
@NonNull private final ConnectivityManager mConnectivityManager;
@Nullable private volatile QosCallback mCallback;
@@ -56,7 +56,7 @@
* {@link Executor} must run callback sequentially, otherwise the order of
* callbacks cannot be guaranteed.
*/
- QosCallbackConnection(@NonNull final ConnectivityManager connectivityManager,
+ public QosCallbackConnection(@NonNull final ConnectivityManager connectivityManager,
@NonNull final QosCallback callback,
@NonNull final Executor executor) {
mConnectivityManager = Objects.requireNonNull(connectivityManager,
@@ -142,7 +142,7 @@
* There are no synchronization guarantees on exactly when the callback will stop receiving
* messages.
*/
- void stopReceivingMessages() {
+ public void stopReceivingMessages() {
mCallback = null;
}
}
diff --git a/framework/src/android/net/QosCallbackException.java b/framework/src/android/net/QosCallbackException.java
index b80cff4..7de3dd1 100644
--- a/framework/src/android/net/QosCallbackException.java
+++ b/framework/src/android/net/QosCallbackException.java
@@ -57,6 +57,9 @@
private static final String TAG = "QosCallbackException";
// Types of exceptions supported //
+ // The constants are used for the sendQosCallbackError system API, so they must not be changed
+ // as there may be callers relying on their historical values to call that API.
+ // TODO: mark the constants as @SystemApi, since they are necessary to call a system API.
/** {@hide} */
public static final int EX_TYPE_FILTER_NONE = 0;
@@ -67,13 +70,13 @@
public static final int EX_TYPE_FILTER_SOCKET_NOT_BOUND = 2;
/** {@hide} */
- public static final int EX_TYPE_FILTER_SOCKET_NOT_CONNECTED = 3;
+ public static final int EX_TYPE_FILTER_NOT_SUPPORTED = 3;
/** {@hide} */
- public static final int EX_TYPE_FILTER_NOT_SUPPORTED = 4;
+ public static final int EX_TYPE_FILTER_SOCKET_LOCAL_ADDRESS_CHANGED = 4;
/** {@hide} */
- public static final int EX_TYPE_FILTER_SOCKET_LOCAL_ADDRESS_CHANGED = 5;
+ public static final int EX_TYPE_FILTER_SOCKET_NOT_CONNECTED = 5;
/** {@hide} */
public static final int EX_TYPE_FILTER_SOCKET_REMOTE_ADDRESS_CHANGED = 6;
@@ -85,7 +88,7 @@
* {@hide}
*/
@NonNull
- static QosCallbackException createException(@ExceptionType final int type) {
+ public static QosCallbackException createException(@ExceptionType final int type) {
switch (type) {
case EX_TYPE_FILTER_NETWORK_RELEASED:
return new QosCallbackException(new NetworkReleasedException());
diff --git a/framework/src/android/net/QosFilter.java b/framework/src/android/net/QosFilter.java
index b432644..01dc4bb 100644
--- a/framework/src/android/net/QosFilter.java
+++ b/framework/src/android/net/QosFilter.java
@@ -33,13 +33,15 @@
@SystemApi
public abstract class QosFilter {
- /**
- * The constructor is kept hidden from outside this package to ensure that all derived types
- * are known and properly handled when being passed to and from {@link NetworkAgent}.
- *
- * @hide
- */
- QosFilter() {
+ /** @hide */
+ protected QosFilter() {
+ // Ensure that all derived types are known, and known to be properly handled when being
+ // passed to and from NetworkAgent.
+ // For now the only known derived type is QosSocketFilter.
+ if (!(this instanceof QosSocketFilter)) {
+ throw new UnsupportedOperationException(
+ "Unsupported QosFilter type: " + this.getClass().getName());
+ }
}
/**
diff --git a/framework/src/android/net/QosSocketInfo.java b/framework/src/android/net/QosSocketInfo.java
index 49ac22b..da9b356 100644
--- a/framework/src/android/net/QosSocketInfo.java
+++ b/framework/src/android/net/QosSocketInfo.java
@@ -73,9 +73,10 @@
* The parcel file descriptor wrapped around the socket's file descriptor.
*
* @return the parcel file descriptor of the socket
+ * @hide
*/
@NonNull
- ParcelFileDescriptor getParcelFileDescriptor() {
+ public ParcelFileDescriptor getParcelFileDescriptor() {
return mParcelFileDescriptor;
}
diff --git a/framework/src/android/net/SocketKeepalive.java b/framework/src/android/net/SocketKeepalive.java
index f6cae72..57cf5e3 100644
--- a/framework/src/android/net/SocketKeepalive.java
+++ b/framework/src/android/net/SocketKeepalive.java
@@ -52,7 +52,8 @@
* request. If it does, it MUST support at least 3 concurrent keepalive slots.
*/
public abstract class SocketKeepalive implements AutoCloseable {
- static final String TAG = "SocketKeepalive";
+ /** @hide */
+ protected static final String TAG = "SocketKeepalive";
/**
* Success. It indicates there is no error.
@@ -215,15 +216,22 @@
}
}
- @NonNull final IConnectivityManager mService;
- @NonNull final Network mNetwork;
- @NonNull final ParcelFileDescriptor mPfd;
- @NonNull final Executor mExecutor;
- @NonNull final ISocketKeepaliveCallback mCallback;
+ /** @hide */
+ @NonNull protected final IConnectivityManager mService;
+ /** @hide */
+ @NonNull protected final Network mNetwork;
+ /** @hide */
+ @NonNull protected final ParcelFileDescriptor mPfd;
+ /** @hide */
+ @NonNull protected final Executor mExecutor;
+ /** @hide */
+ @NonNull protected final ISocketKeepaliveCallback mCallback;
// TODO: remove slot since mCallback could be used to identify which keepalive to stop.
- @Nullable Integer mSlot;
+ /** @hide */
+ @Nullable protected Integer mSlot;
- SocketKeepalive(@NonNull IConnectivityManager service, @NonNull Network network,
+ /** @hide */
+ public SocketKeepalive(@NonNull IConnectivityManager service, @NonNull Network network,
@NonNull ParcelFileDescriptor pfd,
@NonNull Executor executor, @NonNull Callback callback) {
mService = service;
@@ -303,7 +311,8 @@
startImpl(intervalSec);
}
- abstract void startImpl(int intervalSec);
+ /** @hide */
+ protected abstract void startImpl(int intervalSec);
/**
* Requests that keepalive be stopped. The application must wait for {@link Callback#onStopped}
@@ -313,7 +322,8 @@
stopImpl();
}
- abstract void stopImpl();
+ /** @hide */
+ protected abstract void stopImpl();
/**
* Deactivate this {@link SocketKeepalive} and free allocated resources. The instance won't be
diff --git a/framework/src/android/net/TcpSocketKeepalive.java b/framework/src/android/net/TcpSocketKeepalive.java
index d89814d..7131784 100644
--- a/framework/src/android/net/TcpSocketKeepalive.java
+++ b/framework/src/android/net/TcpSocketKeepalive.java
@@ -24,9 +24,9 @@
import java.util.concurrent.Executor;
/** @hide */
-final class TcpSocketKeepalive extends SocketKeepalive {
+public final class TcpSocketKeepalive extends SocketKeepalive {
- TcpSocketKeepalive(@NonNull IConnectivityManager service,
+ public TcpSocketKeepalive(@NonNull IConnectivityManager service,
@NonNull Network network,
@NonNull ParcelFileDescriptor pfd,
@NonNull Executor executor,
@@ -50,7 +50,7 @@
* acknowledgement.
*/
@Override
- void startImpl(int intervalSec) {
+ protected void startImpl(int intervalSec) {
mExecutor.execute(() -> {
try {
mService.startTcpKeepalive(mNetwork, mPfd, intervalSec, mCallback);
@@ -62,7 +62,7 @@
}
@Override
- void stopImpl() {
+ protected void stopImpl() {
mExecutor.execute(() -> {
try {
if (mSlot != null) {
diff --git a/framework/src/android/net/TestNetworkManager.java b/framework/src/android/net/TestNetworkManager.java
index 788834a..b64299f 100644
--- a/framework/src/android/net/TestNetworkManager.java
+++ b/framework/src/android/net/TestNetworkManager.java
@@ -59,6 +59,8 @@
private static final boolean TUN = true;
private static final boolean BRING_UP = true;
private static final boolean CARRIER_UP = true;
+ // sets disableIpv6ProvisioningDelay to false.
+ private static final boolean USE_IPV6_PROV_DELAY = false;
private static final LinkAddress[] NO_ADDRS = new LinkAddress[0];
/** @hide */
@@ -167,8 +169,8 @@
public TestNetworkInterface createTunInterface(@NonNull Collection<LinkAddress> linkAddrs) {
try {
final LinkAddress[] arr = new LinkAddress[linkAddrs.size()];
- return mService.createInterface(TUN, CARRIER_UP, BRING_UP, linkAddrs.toArray(arr),
- null /* iface */);
+ return mService.createInterface(TUN, CARRIER_UP, BRING_UP, USE_IPV6_PROV_DELAY,
+ linkAddrs.toArray(arr), null /* iface */);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -186,7 +188,8 @@
@NonNull
public TestNetworkInterface createTapInterface() {
try {
- return mService.createInterface(TAP, CARRIER_UP, BRING_UP, NO_ADDRS, null /* iface */);
+ return mService.createInterface(TAP, CARRIER_UP, BRING_UP, USE_IPV6_PROV_DELAY,
+ NO_ADDRS, null /* iface */);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -204,7 +207,8 @@
@NonNull
public TestNetworkInterface createTapInterface(@NonNull LinkAddress[] linkAddrs) {
try {
- return mService.createInterface(TAP, CARRIER_UP, BRING_UP, linkAddrs, null /* iface */);
+ return mService.createInterface(TAP, CARRIER_UP, BRING_UP, USE_IPV6_PROV_DELAY,
+ linkAddrs, null /* iface */);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -223,7 +227,8 @@
@NonNull
public TestNetworkInterface createTapInterface(boolean bringUp) {
try {
- return mService.createInterface(TAP, CARRIER_UP, bringUp, NO_ADDRS, null /* iface */);
+ return mService.createInterface(TAP, CARRIER_UP, bringUp, USE_IPV6_PROV_DELAY,
+ NO_ADDRS, null /* iface */);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -245,7 +250,8 @@
@NonNull
public TestNetworkInterface createTapInterface(boolean bringUp, @NonNull String iface) {
try {
- return mService.createInterface(TAP, CARRIER_UP, bringUp, NO_ADDRS, iface);
+ return mService.createInterface(TAP, CARRIER_UP, bringUp, USE_IPV6_PROV_DELAY,
+ NO_ADDRS, iface);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
@@ -264,7 +270,49 @@
@NonNull
public TestNetworkInterface createTapInterface(boolean carrierUp, boolean bringUp) {
try {
- return mService.createInterface(TAP, carrierUp, bringUp, NO_ADDRS, null /* iface */);
+ return mService.createInterface(TAP, carrierUp, bringUp, USE_IPV6_PROV_DELAY, NO_ADDRS,
+ null /* iface */);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+
+ /**
+ * Create a tap interface for testing purposes.
+ *
+ * @param carrierUp whether the created interface has a carrier or not.
+ * @param bringUp whether to bring up the interface before returning it.
+ * @param disableIpv6ProvisioningDelay whether to disable DAD and RS delay.
+ * @hide
+ */
+ @RequiresPermission(Manifest.permission.MANAGE_TEST_NETWORKS)
+ @NonNull
+ public TestNetworkInterface createTapInterface(boolean carrierUp, boolean bringUp,
+ boolean disableIpv6ProvisioningDelay) {
+ try {
+ return mService.createInterface(TAP, carrierUp, bringUp, disableIpv6ProvisioningDelay,
+ NO_ADDRS, null /* iface */);
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+
+ /**
+ * Create a tap interface for testing purposes.
+ *
+ * @param disableIpv6ProvisioningDelay whether to disable DAD and RS delay.
+ * @param linkAddrs an array of LinkAddresses to assign to the TAP interface
+ * @return A TestNetworkInterface representing the underlying TAP interface. Close the contained
+ * ParcelFileDescriptor to tear down the TAP interface.
+ * @hide
+ */
+ @RequiresPermission(Manifest.permission.MANAGE_TEST_NETWORKS)
+ @NonNull
+ public TestNetworkInterface createTapInterface(boolean disableIpv6ProvisioningDelay,
+ @NonNull LinkAddress[] linkAddrs) {
+ try {
+ return mService.createInterface(TAP, CARRIER_UP, BRING_UP, disableIpv6ProvisioningDelay,
+ linkAddrs, null /* iface */);
} catch (RemoteException e) {
throw e.rethrowFromSystemServer();
}
diff --git a/nearby/OWNERS b/nearby/OWNERS
index 980c221..844ef06 100644
--- a/nearby/OWNERS
+++ b/nearby/OWNERS
@@ -1,4 +1,6 @@
+chenw@google.com
chunzhang@google.com
weiwa@google.com
weiwu@google.com
+xinhe@google.com
xlythe@google.com
diff --git a/service-t/src/com/android/server/NsdService.java b/service-t/src/com/android/server/NsdService.java
index 7115720..8818460 100644
--- a/service-t/src/com/android/server/NsdService.java
+++ b/service-t/src/com/android/server/NsdService.java
@@ -21,7 +21,6 @@
import android.content.Context;
import android.content.Intent;
-import android.content.pm.PackageManager;
import android.net.ConnectivityManager;
import android.net.INetd;
import android.net.LinkProperties;
@@ -51,6 +50,7 @@
import com.android.internal.annotations.VisibleForTesting;
import com.android.internal.util.State;
import com.android.internal.util.StateMachine;
+import com.android.net.module.util.PermissionUtils;
import java.io.FileDescriptor;
import java.io.PrintWriter;
@@ -861,12 +861,7 @@
@Override
public void dump(FileDescriptor fd, PrintWriter pw, String[] args) {
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
- != PackageManager.PERMISSION_GRANTED) {
- pw.println("Permission Denial: can't dump " + TAG
- + " due to missing android.permission.DUMP permission");
- return;
- }
+ if (!PermissionUtils.checkDumpPermission(mContext, TAG, pw)) return;
for (ClientInfo client : mClients.values()) {
pw.println("Client Info");
diff --git a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java
index cedffe1..e5bddf6 100644
--- a/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java
+++ b/service-t/src/com/android/server/ethernet/EthernetNetworkFactory.java
@@ -293,7 +293,7 @@
private final Context mContext;
private final NetworkProvider mNetworkProvider;
private final Dependencies mDeps;
- private final NetworkProvider.NetworkOfferCallback mNetworkOfferCallback;
+ private NetworkProvider.NetworkOfferCallback mNetworkOfferCallback;
private static String sTcpBufferSizes = null; // Lazy initialized.
@@ -400,8 +400,15 @@
}
private class EthernetNetworkOfferCallback implements NetworkProvider.NetworkOfferCallback {
+ private boolean isStale() {
+ return this != mNetworkOfferCallback;
+ }
+
@Override
public void onNetworkNeeded(@NonNull NetworkRequest request) {
+ if (isStale()) {
+ return;
+ }
if (DBG) {
Log.d(TAG, String.format("%s: onNetworkNeeded for request: %s", name, request));
}
@@ -416,6 +423,9 @@
@Override
public void onNetworkUnneeded(@NonNull NetworkRequest request) {
+ if (isStale()) {
+ return;
+ }
if (DBG) {
Log.d(TAG,
String.format("%s: onNetworkUnneeded for request: %s", name, request));
@@ -443,7 +453,6 @@
mContext = context;
mNetworkProvider = networkProvider;
mDeps = deps;
- mNetworkOfferCallback = new EthernetNetworkOfferCallback();
mHwAddress = hwAddress;
}
@@ -640,13 +649,12 @@
if (!up) { // was up, goes down
// retract network offer and stop IpClient.
unregisterNetworkOfferAndStop();
- // If only setting the interface down, send a callback to signal completion.
- EthernetNetworkFactory.maybeSendNetworkManagementCallback(listener, name, null);
} else { // was down, goes up
// register network offer
registerNetworkOffer();
}
+ EthernetNetworkFactory.maybeSendNetworkManagementCallback(listener, name, null);
return true;
}
@@ -669,13 +677,21 @@
}
private void registerNetworkOffer() {
+ // If mNetworkOfferCallback is already set, it should be reused to update the existing
+ // offer.
+ if (mNetworkOfferCallback == null) {
+ mNetworkOfferCallback = new EthernetNetworkOfferCallback();
+ }
mNetworkProvider.registerNetworkOffer(getNetworkScore(),
new NetworkCapabilities(mCapabilities), cmd -> mHandler.post(cmd),
mNetworkOfferCallback);
}
- public void unregisterNetworkOfferAndStop() {
+ private void unregisterNetworkOfferAndStop() {
mNetworkProvider.unregisterNetworkOffer(mNetworkOfferCallback);
+ // Setting mNetworkOfferCallback to null allows the callback object to be identified
+ // as stale.
+ mNetworkOfferCallback = null;
stop();
mRequestIds.clear();
}
diff --git a/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java b/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
index f058f94..dae3d2a 100644
--- a/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
+++ b/service-t/src/com/android/server/ethernet/EthernetServiceImpl.java
@@ -32,7 +32,6 @@
import android.net.IpConfiguration;
import android.net.NetworkCapabilities;
import android.net.NetworkSpecifier;
-import android.os.Binder;
import android.os.Handler;
import android.os.RemoteException;
import android.util.Log;
@@ -188,13 +187,7 @@
@Override
protected void dump(FileDescriptor fd, PrintWriter writer, String[] args) {
final IndentingPrintWriter pw = new IndentingPrintWriter(writer, " ");
- if (mContext.checkCallingOrSelfPermission(android.Manifest.permission.DUMP)
- != PackageManager.PERMISSION_GRANTED) {
- pw.println("Permission Denial: can't dump EthernetService from pid="
- + Binder.getCallingPid()
- + ", uid=" + Binder.getCallingUid());
- return;
- }
+ if (!PermissionUtils.checkDumpPermission(mContext, TAG, pw)) return;
pw.println("Current Ethernet state: ");
pw.increaseIndent();
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index 424dcd9..77931b1 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -24,7 +24,6 @@
import static android.content.Intent.ACTION_UID_REMOVED;
import static android.content.Intent.ACTION_USER_REMOVED;
import static android.content.Intent.EXTRA_UID;
-import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
import static android.net.NetworkStats.DEFAULT_NETWORK_ALL;
@@ -32,6 +31,7 @@
import static android.net.NetworkStats.IFACE_VT;
import static android.net.NetworkStats.INTERFACES_ALL;
import static android.net.NetworkStats.METERED_ALL;
+import static android.net.NetworkStats.METERED_YES;
import static android.net.NetworkStats.ROAMING_ALL;
import static android.net.NetworkStats.SET_ALL;
import static android.net.NetworkStats.SET_DEFAULT;
@@ -42,8 +42,8 @@
import static android.net.NetworkStats.TAG_NONE;
import static android.net.NetworkStats.UID_ALL;
import static android.net.NetworkStatsHistory.FIELD_ALL;
-import static android.net.NetworkTemplate.buildTemplateMobileWildcard;
-import static android.net.NetworkTemplate.buildTemplateWifiWildcard;
+import static android.net.NetworkTemplate.MATCH_MOBILE;
+import static android.net.NetworkTemplate.MATCH_WIFI;
import static android.net.TrafficStats.KB_IN_BYTES;
import static android.net.TrafficStats.MB_IN_BYTES;
import static android.net.TrafficStats.UID_TETHERING;
@@ -158,6 +158,8 @@
import com.android.net.module.util.PermissionUtils;
import com.android.net.module.util.Struct.U32;
import com.android.net.module.util.Struct.U8;
+import com.android.net.module.util.bpf.CookieTagMapKey;
+import com.android.net.module.util.bpf.CookieTagMapValue;
import java.io.File;
import java.io.FileDescriptor;
@@ -304,7 +306,7 @@
/**
* When enabled, all mobile data is reported under {@link NetworkTemplate#NETWORK_TYPE_ALL}.
* When disabled, mobile data is broken down by a granular ratType representative of the
- * actual ratType. {@see android.app.usage.NetworkStatsManager#getCollapsedRatType}.
+ * actual ratType. See {@link android.app.usage.NetworkStatsManager#getCollapsedRatType}.
* Enabling this decreases the level of detail but saves performance, disk space and
* amount of data logged.
*/
@@ -2360,7 +2362,7 @@
NetworkStats.Entry uidTotal;
// collect mobile sample
- template = buildTemplateMobileWildcard();
+ template = new NetworkTemplate.Builder(MATCH_MOBILE).setMeteredness(METERED_YES).build();
devTotal = mDevRecorder.getTotalSinceBootLocked(template);
xtTotal = mXtRecorder.getTotalSinceBootLocked(template);
uidTotal = mUidRecorder.getTotalSinceBootLocked(template);
@@ -2372,7 +2374,7 @@
currentTime);
// collect wifi sample
- template = buildTemplateWifiWildcard();
+ template = new NetworkTemplate.Builder(MATCH_WIFI).build();
devTotal = mDevRecorder.getTotalSinceBootLocked(template);
xtTotal = mXtRecorder.getTotalSinceBootLocked(template);
uidTotal = mUidRecorder.getTotalSinceBootLocked(template);
@@ -2810,30 +2812,12 @@
throw new IllegalStateException("invalid tethering stats " + e);
}
}
- } catch (IllegalStateException e) {
+ } catch (IllegalStateException | ServiceSpecificException e) {
Log.wtf(TAG, "problem reading network stats", e);
}
return stats;
}
- // TODO: It is copied from ConnectivityService, consider refactor these check permission
- // functions to a proper util.
- private boolean checkAnyPermissionOf(String... permissions) {
- for (String permission : permissions) {
- if (mContext.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) {
- return true;
- }
- }
- return false;
- }
-
- private void enforceAnyPermissionOf(String... permissions) {
- if (!checkAnyPermissionOf(permissions)) {
- throw new SecurityException("Requires one of the following permissions: "
- + String.join(", ", permissions) + ".");
- }
- }
-
/**
* Registers a custom provider of {@link android.net.NetworkStats} to combine the network
* statistics that cannot be seen by the kernel to system. To unregister, invoke the
@@ -2848,7 +2832,7 @@
*/
public @NonNull INetworkStatsProviderCallback registerNetworkStatsProvider(
@NonNull String tag, @NonNull INetworkStatsProvider provider) {
- enforceAnyPermissionOf(NETWORK_STATS_PROVIDER,
+ PermissionUtils.enforceAnyPermissionOf(mContext, NETWORK_STATS_PROVIDER,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
Objects.requireNonNull(provider, "provider is null");
Objects.requireNonNull(tag, "tag is null");
diff --git a/service/Android.bp b/service/Android.bp
index 7a4fb33..7dcc888 100644
--- a/service/Android.bp
+++ b/service/Android.bp
@@ -225,12 +225,27 @@
// This library combines system server jars that have access to different bootclasspath jars.
// Lower SDK service jars must not depend on higher SDK jars as that would let them
// transitively depend on the wrong bootclasspath jars. Sources also cannot be added here as
- // they would transitively depend on bootclasspath jars that may not be available.
+ // they would depend on bootclasspath jars that may not be available.
static_libs: [
"service-connectivity-pre-jarjar",
"service-connectivity-tiramisu-pre-jarjar",
"service-nearby-pre-jarjar",
],
+ // The below libraries are not actually needed to build since no source is compiled
+ // (only combining prebuilt static_libs), but they are necessary so that R8 has the right
+ // references to optimize the code. Without these, there will be missing class warnings and
+ // code may be wrongly optimized.
+ // R8 runs after jarjar, so the framework-X libraries need to be the post-jarjar artifacts
+ // (.impl), if they are not just stubs, so that the name of jarjared classes match.
+ libs: [
+ "androidx.annotation_annotation",
+ "framework-annotations-lib",
+ "framework-connectivity.impl",
+ "framework-connectivity-t.impl",
+ "framework-tethering.stubs.module_lib",
+ "framework-wifi.stubs.module_lib",
+ "libprotobuf-java-nano",
+ ],
jarjar_rules: ":connectivity-jarjar-rules",
apex_available: [
"com.android.tethering",
@@ -261,9 +276,15 @@
installable: true,
}
-filegroup {
+genrule {
name: "connectivity-jarjar-rules",
- srcs: ["jarjar-rules.txt"],
+ defaults: ["jarjar-rules-combine-defaults"],
+ srcs: [
+ ":framework-connectivity-jarjar-rules",
+ ":service-connectivity-jarjar-gen",
+ ":service-nearby-jarjar-gen",
+ ],
+ out: ["connectivity-jarjar-rules.txt"],
visibility: ["//packages/modules/Connectivity:__subpackages__"],
}
@@ -274,3 +295,41 @@
srcs: ["src/com/android/server/BpfNetMaps.java"],
visibility: ["//packages/modules/Connectivity:__subpackages__"],
}
+
+java_genrule {
+ name: "service-connectivity-jarjar-gen",
+ tool_files: [
+ ":service-connectivity-pre-jarjar{.jar}",
+ ":service-connectivity-tiramisu-pre-jarjar{.jar}",
+ "jarjar-excludes.txt",
+ ],
+ tools: [
+ "jarjar-rules-generator",
+ ],
+ out: ["service_connectivity_jarjar_rules.txt"],
+ cmd: "$(location jarjar-rules-generator) " +
+ "--jars $(location :service-connectivity-pre-jarjar{.jar}) " +
+ "$(location :service-connectivity-tiramisu-pre-jarjar{.jar}) " +
+ "--prefix android.net.connectivity " +
+ "--excludes $(location jarjar-excludes.txt) " +
+ "--output $(out)",
+ visibility: ["//visibility:private"],
+}
+
+java_genrule {
+ name: "service-nearby-jarjar-gen",
+ tool_files: [
+ ":service-nearby-pre-jarjar{.jar}",
+ "jarjar-excludes.txt",
+ ],
+ tools: [
+ "jarjar-rules-generator",
+ ],
+ out: ["service_nearby_jarjar_rules.txt"],
+ cmd: "$(location jarjar-rules-generator) " +
+ "--jars $(location :service-nearby-pre-jarjar{.jar}) " +
+ "--prefix com.android.server.nearby " +
+ "--excludes $(location jarjar-excludes.txt) " +
+ "--output $(out)",
+ visibility: ["//visibility:private"],
+}
diff --git a/service/jarjar-rules.txt b/service/jarjar-rules.txt
deleted file mode 100644
index 1ad75e3..0000000
--- a/service/jarjar-rules.txt
+++ /dev/null
@@ -1,123 +0,0 @@
-# Classes in framework-connectivity are restricted to the android.net package.
-# This cannot be changed because it is harcoded in ART in S.
-# Any missing jarjar rule for framework-connectivity would be caught by the
-# build as an unexpected class outside of the android.net package.
-rule com.android.net.module.util.** android.net.connectivity.@0
-rule com.android.modules.utils.** android.net.connectivity.@0
-rule android.net.NetworkFactory* android.net.connectivity.@0
-
-# From modules-utils-preconditions
-rule com.android.internal.util.Preconditions* android.net.connectivity.@0
-
-# From framework-connectivity-shared-srcs
-rule android.util.LocalLog* android.net.connectivity.@0
-rule android.util.IndentingPrintWriter* android.net.connectivity.@0
-rule com.android.internal.util.IndentingPrintWriter* android.net.connectivity.@0
-rule com.android.internal.util.MessageUtils* android.net.connectivity.@0
-rule com.android.internal.util.WakeupMessage* android.net.connectivity.@0
-rule com.android.internal.util.FileRotator* android.net.connectivity.@0
-rule com.android.internal.util.ProcFileReader* android.net.connectivity.@0
-
-# From framework-connectivity-protos
-rule com.google.protobuf.** android.net.connectivity.@0
-rule android.service.** android.net.connectivity.@0
-
-rule android.sysprop.** com.android.connectivity.@0
-
-rule com.android.internal.messages.** com.android.connectivity.@0
-
-# From dnsresolver_aidl_interface (newer AIDLs should go to android.net.resolv.aidl)
-rule android.net.resolv.aidl.** com.android.connectivity.@0
-rule android.net.IDnsResolver* com.android.connectivity.@0
-rule android.net.ResolverHostsParcel* com.android.connectivity.@0
-rule android.net.ResolverOptionsParcel* com.android.connectivity.@0
-rule android.net.ResolverParamsParcel* com.android.connectivity.@0
-rule android.net.ResolverParamsParcel* com.android.connectivity.@0
-# Also includes netd event listener AIDL, but this is handled by netd-client rules
-
-# From netd-client (newer AIDLs should go to android.net.netd.aidl)
-rule android.net.netd.aidl.** com.android.connectivity.@0
-# Avoid including android.net.INetdEventCallback, used in tests but not part of the module
-rule android.net.INetd com.android.connectivity.@0
-rule android.net.INetd$* com.android.connectivity.@0
-rule android.net.INetdUnsolicitedEventListener* com.android.connectivity.@0
-rule android.net.InterfaceConfigurationParcel* com.android.connectivity.@0
-rule android.net.MarkMaskParcel* com.android.connectivity.@0
-rule android.net.NativeNetworkConfig* com.android.connectivity.@0
-rule android.net.NativeNetworkType* com.android.connectivity.@0
-rule android.net.NativeVpnType* com.android.connectivity.@0
-rule android.net.RouteInfoParcel* com.android.connectivity.@0
-rule android.net.TetherConfigParcel* com.android.connectivity.@0
-rule android.net.TetherOffloadRuleParcel* com.android.connectivity.@0
-rule android.net.TetherStatsParcel* com.android.connectivity.@0
-rule android.net.UidRangeParcel* com.android.connectivity.@0
-rule android.net.metrics.INetdEventListener* com.android.connectivity.@0
-
-# From netlink-client
-rule android.net.netlink.** com.android.connectivity.@0
-
-# From networkstack-client (newer AIDLs should go to android.net.[networkstack|ipmemorystore].aidl)
-rule android.net.networkstack.aidl.** com.android.connectivity.@0
-rule android.net.ipmemorystore.aidl.** com.android.connectivity.@0
-rule android.net.ipmemorystore.aidl.** com.android.connectivity.@0
-rule android.net.DataStallReportParcelable* com.android.connectivity.@0
-rule android.net.DhcpResultsParcelable* com.android.connectivity.@0
-rule android.net.IIpMemoryStore* com.android.connectivity.@0
-rule android.net.INetworkMonitor* com.android.connectivity.@0
-rule android.net.INetworkStackConnector* com.android.connectivity.@0
-rule android.net.INetworkStackStatusCallback* com.android.connectivity.@0
-rule android.net.InformationElementParcelable* com.android.connectivity.@0
-rule android.net.InitialConfigurationParcelable* com.android.connectivity.@0
-rule android.net.IpMemoryStore* com.android.connectivity.@0
-rule android.net.Layer2InformationParcelable* com.android.connectivity.@0
-rule android.net.Layer2PacketParcelable* com.android.connectivity.@0
-rule android.net.NattKeepalivePacketDataParcelable* com.android.connectivity.@0
-rule android.net.NetworkMonitorManager* com.android.connectivity.@0
-rule android.net.NetworkTestResultParcelable* com.android.connectivity.@0
-rule android.net.PrivateDnsConfigParcel* com.android.connectivity.@0
-rule android.net.ProvisioningConfigurationParcelable* com.android.connectivity.@0
-rule android.net.ScanResultInfoParcelable* com.android.connectivity.@0
-rule android.net.TcpKeepalivePacketDataParcelable* com.android.connectivity.@0
-rule android.net.dhcp.DhcpLeaseParcelable* com.android.connectivity.@0
-rule android.net.dhcp.DhcpServingParamsParcel* com.android.connectivity.@0
-rule android.net.dhcp.IDhcpEventCallbacks* com.android.connectivity.@0
-rule android.net.dhcp.IDhcpServer* com.android.connectivity.@0
-rule android.net.ip.IIpClient* com.android.connectivity.@0
-rule android.net.ip.IpClientCallbacks* com.android.connectivity.@0
-rule android.net.ip.IpClientManager* com.android.connectivity.@0
-rule android.net.ip.IpClientUtil* com.android.connectivity.@0
-rule android.net.ipmemorystore.** com.android.connectivity.@0
-rule android.net.networkstack.** com.android.connectivity.@0
-rule android.net.shared.** com.android.connectivity.@0
-rule android.net.util.KeepalivePacketDataUtil* com.android.connectivity.@0
-
-# From connectivity-module-utils
-rule android.net.shared.** com.android.connectivity.@0
-
-# From services-connectivity-shared-srcs
-rule android.net.util.NetworkConstants* com.android.connectivity.@0
-
-# From modules-utils-statemachine
-rule com.android.internal.util.IState* com.android.connectivity.@0
-rule com.android.internal.util.State* com.android.connectivity.@0
-
-# From the API shims
-rule com.android.networkstack.apishim.** com.android.connectivity.@0
-
-# From filegroup framework-connectivity-protos
-rule android.service.*Proto com.android.connectivity.@0
-
-# From mdns-aidl-interface
-rule android.net.mdns.aidl.** android.net.connectivity.@0
-
-# From nearby-service, including proto
-rule service.proto.** com.android.server.nearby.@0
-rule androidx.annotation.Keep* com.android.server.nearby.@0
-rule androidx.collection.** com.android.server.nearby.@0
-rule androidx.core.** com.android.server.nearby.@0
-rule androidx.versionedparcelable.** com.android.server.nearby.@0
-rule com.google.common.** com.android.server.nearby.@0
-rule android.support.v4.** com.android.server.nearby.@0
-
-# Remaining are connectivity sources in com.android.server and com.android.server.connectivity:
-# TODO: move to a subpackage of com.android.connectivity (such as com.android.connectivity.server)
diff --git a/service/jni/com_android_server_TestNetworkService.cpp b/service/jni/com_android_server_TestNetworkService.cpp
index 9c7a761..a1d0310 100644
--- a/service/jni/com_android_server_TestNetworkService.cpp
+++ b/service/jni/com_android_server_TestNetworkService.cpp
@@ -76,27 +76,47 @@
setTunTapCarrierEnabledImpl(env, iface, tun.get(), hasCarrier);
}
- // Activate interface using an unconnected datagram socket.
- base::unique_fd inet6CtrlSock(socket(AF_INET6, SOCK_DGRAM, 0));
- ifr.ifr_flags = IFF_UP;
// Mark TAP interfaces as supporting multicast
- if (!isTun) ifr.ifr_flags |= IFF_MULTICAST;
+ if (!isTun) {
+ base::unique_fd inet6CtrlSock(socket(AF_INET6, SOCK_DGRAM, 0));
+ ifr.ifr_flags = IFF_MULTICAST;
- if (ioctl(inet6CtrlSock.get(), SIOCSIFFLAGS, &ifr)) {
- throwException(env, errno, "activating", ifr.ifr_name);
- return -1;
+ if (ioctl(inet6CtrlSock.get(), SIOCSIFFLAGS, &ifr)) {
+ throwException(env, errno, "set IFF_MULTICAST", ifr.ifr_name);
+ return -1;
+ }
}
return tun.release();
}
+static void bringUpInterfaceImpl(JNIEnv* env, const char* iface) {
+ // Activate interface using an unconnected datagram socket.
+ base::unique_fd inet6CtrlSock(socket(AF_INET6, SOCK_DGRAM, 0));
+
+ ifreq ifr{};
+ strlcpy(ifr.ifr_name, iface, IFNAMSIZ);
+ if (ioctl(inet6CtrlSock.get(), SIOCGIFFLAGS, &ifr)) {
+ throwException(env, errno, "read flags", iface);
+ return;
+ }
+ ifr.ifr_flags |= IFF_UP;
+ if (ioctl(inet6CtrlSock.get(), SIOCSIFFLAGS, &ifr)) {
+ throwException(env, errno, "set IFF_UP", iface);
+ return;
+ }
+}
+
//------------------------------------------------------------------------------
+
+
static void setTunTapCarrierEnabled(JNIEnv* env, jclass /* clazz */, jstring
jIface, jint tunFd, jboolean enabled) {
ScopedUtfChars iface(env, jIface);
if (!iface.c_str()) {
jniThrowNullPointerException(env, "iface");
+ return;
}
setTunTapCarrierEnabledImpl(env, iface.c_str(), tunFd, enabled);
}
@@ -112,11 +132,21 @@
return createTunTapImpl(env, isTun, hasCarrier, iface.c_str());
}
+static void bringUpInterface(JNIEnv* env, jclass /* clazz */, jstring jIface) {
+ ScopedUtfChars iface(env, jIface);
+ if (!iface.c_str()) {
+ jniThrowNullPointerException(env, "iface");
+ return;
+ }
+ bringUpInterfaceImpl(env, iface.c_str());
+}
+
//------------------------------------------------------------------------------
static const JNINativeMethod gMethods[] = {
{"nativeSetTunTapCarrierEnabled", "(Ljava/lang/String;IZ)V", (void*)setTunTapCarrierEnabled},
{"nativeCreateTunTap", "(ZZLjava/lang/String;)I", (void*)createTunTap},
+ {"nativeBringUpInterface", "(Ljava/lang/String;)V", (void*)bringUpInterface},
};
int register_com_android_server_TestNetworkService(JNIEnv* env) {
diff --git a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
index e2c5a63..de0e20a 100644
--- a/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
+++ b/service/jni/com_android_server_connectivity_ClatCoordinator.cpp
@@ -421,7 +421,7 @@
stopClatdProcess(pid);
}
-static jlong com_android_server_connectivity_ClatCoordinator_tagSocketAsClat(
+static jlong com_android_server_connectivity_ClatCoordinator_getSocketCookie(
JNIEnv* env, jobject clazz, jobject sockJavaFd) {
int sockFd = netjniutils::GetNativeFileDescriptor(env, sockJavaFd);
if (sockFd < 0) {
@@ -435,58 +435,10 @@
return -1;
}
- bpf::BpfMap<uint64_t, UidTagValue> cookieTagMap;
- auto res = cookieTagMap.init(COOKIE_TAG_MAP_PATH);
- if (!res.ok()) {
- throwIOException(env, "failed to init the cookieTagMap", res.error().code());
- return -1;
- }
-
- // Tag raw socket with uid AID_CLAT and set tag as zero because tag is unused in bpf
- // program for counting data usage in netd.c. Tagging socket is used to avoid counting
- // duplicated clat traffic in bpf stat.
- UidTagValue newKey = {.uid = (uint32_t)AID_CLAT, .tag = 0 /* unused */};
- res = cookieTagMap.writeValue(sock_cookie, newKey, BPF_ANY);
- if (!res.ok()) {
- jniThrowExceptionFmt(env, "java/io/IOException", "Failed to tag the socket: %s, fd: %d",
- strerror(res.error().code()), cookieTagMap.getMap().get());
- return -1;
- }
-
- ALOGI("tag uid AID_CLAT to socket fd %d, cookie %" PRIu64 "", sockFd, sock_cookie);
+ ALOGI("Get cookie %" PRIu64 " for socket fd %d", sock_cookie, sockFd);
return static_cast<jlong>(sock_cookie);
}
-static void com_android_server_connectivity_ClatCoordinator_untagSocket(JNIEnv* env, jobject clazz,
- jlong cookie) {
- uint64_t sock_cookie = static_cast<uint64_t>(cookie);
- if (sock_cookie == bpf::NONEXISTENT_COOKIE) {
- jniThrowExceptionFmt(env, "java/io/IOException", "Invalid socket cookie");
- return;
- }
-
- // The reason that deleting entry from cookie tag map directly is that the tag socket destroy
- // listener only monitors on group INET_TCP, INET_UDP, INET6_TCP, INET6_UDP. The other socket
- // types, ex: raw, are not able to be removed automatically by the listener.
- // See TrafficController::makeSkDestroyListener.
- bpf::BpfMap<uint64_t, UidTagValue> cookieTagMap;
- auto res = cookieTagMap.init(COOKIE_TAG_MAP_PATH);
- if (!res.ok()) {
- throwIOException(env, "failed to init the cookieTagMap", res.error().code());
- return;
- }
-
- res = cookieTagMap.deleteValue(sock_cookie);
- if (!res.ok()) {
- jniThrowExceptionFmt(env, "java/io/IOException", "Failed to untag the socket: %s",
- strerror(res.error().code()));
- return;
- }
-
- ALOGI("untag socket cookie %" PRIu64 "", sock_cookie);
- return;
-}
-
/*
* JNI registration.
*/
@@ -516,10 +468,8 @@
{"native_stopClatd",
"(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;I)V",
(void*)com_android_server_connectivity_ClatCoordinator_stopClatd},
- {"native_tagSocketAsClat", "(Ljava/io/FileDescriptor;)J",
- (void*)com_android_server_connectivity_ClatCoordinator_tagSocketAsClat},
- {"native_untagSocket", "(J)V",
- (void*)com_android_server_connectivity_ClatCoordinator_untagSocket},
+ {"native_getSocketCookie", "(Ljava/io/FileDescriptor;)J",
+ (void*)com_android_server_connectivity_ClatCoordinator_getSocketCookie},
};
int register_com_android_server_connectivity_ClatCoordinator(JNIEnv* env) {
diff --git a/service/proguard.flags b/service/proguard.flags
index cffa490..f546e82 100644
--- a/service/proguard.flags
+++ b/service/proguard.flags
@@ -2,8 +2,6 @@
# TODO: instead of keeping everything, consider listing only "entry points"
# (service loader, JNI registered methods, etc) and letting the optimizer do its job
-keep class android.net.** { *; }
--keep class com.android.connectivity.** { *; }
--keep class com.android.net.** { *; }
-keep class !com.android.server.nearby.**,com.android.server.** { *; }
# Prevent proguard from stripping out any nearby-service and fast-pair-lite-protos fields.
@@ -13,5 +11,5 @@
# the schema, keep all the fields.
# This replicates the base proguard rule used by the build by default
# (proguard_basic_keeps.flags), but needs to be specified here because the
-# com.google.protobuf package is jarjared to the below package.
--keepclassmembers class * extends android.net.connectivity.com.google.protobuf.MessageLite { <fields>; }
+# com.google.protobuf package is jarjared to use a package prefix.
+-keepclassmembers class * extends **.com.google.protobuf.MessageLite { <fields>; }
diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index 6599c7f..0ff8810 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java
@@ -24,7 +24,10 @@
import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
+import static android.net.ConnectivityManager.FIREWALL_RULE_ALLOW;
+import static android.net.ConnectivityManager.FIREWALL_RULE_DENY;
import static android.system.OsConstants.EINVAL;
+import static android.system.OsConstants.ENODEV;
import static android.system.OsConstants.ENOENT;
import static android.system.OsConstants.EOPNOTSUPP;
@@ -34,7 +37,6 @@
import android.system.ErrnoException;
import android.system.Os;
import android.util.Log;
-import android.util.SparseLongArray;
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
@@ -44,6 +46,10 @@
import java.io.FileDescriptor;
import java.io.IOException;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.Collectors;
/**
* BpfNetMaps is responsible for providing traffic controller relevant functionality.
@@ -60,6 +66,7 @@
private static final String TAG = "BpfNetMaps";
private final INetd mNetd;
+ private final Dependencies mDeps;
// Use legacy netd for releases before T.
private static boolean sInitialized = false;
@@ -93,22 +100,6 @@
@VisibleForTesting public static final long OEM_DENY_3_MATCH = (1 << 11);
// LINT.ThenChange(packages/modules/Connectivity/bpf_progs/bpf_shared.h)
- // TODO: Use Java BpfMap instead of JNI code (TrafficController) for map update.
- // Currently, BpfNetMaps uses TrafficController for map update and TrafficController
- // (changeUidOwnerRule and toggleUidOwnerMap) also does conversion from "firewall chain" to
- // "match". Migrating map update from JNI to Java BpfMap will solve this duplication.
- private static final SparseLongArray FIREWALL_CHAIN_TO_MATCH = new SparseLongArray();
- static {
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_DOZABLE, DOZABLE_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_STANDBY, STANDBY_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_POWERSAVE, POWERSAVE_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_RESTRICTED, RESTRICTED_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_LOW_POWER_STANDBY, LOW_POWER_STANDBY_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_OEM_DENY_1, OEM_DENY_1_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_OEM_DENY_2, OEM_DENY_2_MATCH);
- FIREWALL_CHAIN_TO_MATCH.put(FIREWALL_CHAIN_OEM_DENY_3, OEM_DENY_3_MATCH);
- }
-
/**
* Set configurationMap for test.
*/
@@ -163,6 +154,19 @@
sInitialized = true;
}
+ /**
+ * Dependencies of BpfNetMaps, for injection in tests.
+ */
+ @VisibleForTesting
+ public static class Dependencies {
+ /**
+ * Get interface index.
+ */
+ public int getIfIndex(final String ifName) {
+ return Os.if_nametoindex(ifName);
+ }
+ }
+
/** Constructor used after T that doesn't need to use netd anymore. */
public BpfNetMaps() {
this(null);
@@ -171,10 +175,16 @@
}
public BpfNetMaps(final INetd netd) {
+ this(netd, new Dependencies());
+ }
+
+ @VisibleForTesting
+ public BpfNetMaps(final INetd netd, final Dependencies deps) {
if (!PRE_T) {
ensureInitialized();
}
mNetd = netd;
+ mDeps = deps;
}
/**
@@ -182,11 +192,50 @@
*/
@VisibleForTesting
public long getMatchByFirewallChain(final int chain) {
- final long match = FIREWALL_CHAIN_TO_MATCH.get(chain, NO_MATCH);
- if (match == NO_MATCH) {
- throw new ServiceSpecificException(EINVAL, "Invalid firewall chain: " + chain);
+ switch (chain) {
+ case FIREWALL_CHAIN_DOZABLE:
+ return DOZABLE_MATCH;
+ case FIREWALL_CHAIN_STANDBY:
+ return STANDBY_MATCH;
+ case FIREWALL_CHAIN_POWERSAVE:
+ return POWERSAVE_MATCH;
+ case FIREWALL_CHAIN_RESTRICTED:
+ return RESTRICTED_MATCH;
+ case FIREWALL_CHAIN_LOW_POWER_STANDBY:
+ return LOW_POWER_STANDBY_MATCH;
+ case FIREWALL_CHAIN_OEM_DENY_1:
+ return OEM_DENY_1_MATCH;
+ case FIREWALL_CHAIN_OEM_DENY_2:
+ return OEM_DENY_2_MATCH;
+ case FIREWALL_CHAIN_OEM_DENY_3:
+ return OEM_DENY_3_MATCH;
+ default:
+ throw new ServiceSpecificException(EINVAL, "Invalid firewall chain: " + chain);
}
- return match;
+ }
+
+ /**
+ * Get if the chain is allow list or not.
+ *
+ * ALLOWLIST means the firewall denies all by default, uids must be explicitly allowed
+ * DENYLIST means the firewall allows all by default, uids must be explicitly denyed
+ */
+ @VisibleForTesting
+ public boolean isFirewallAllowList(final int chain) {
+ switch (chain) {
+ case FIREWALL_CHAIN_DOZABLE:
+ case FIREWALL_CHAIN_POWERSAVE:
+ case FIREWALL_CHAIN_RESTRICTED:
+ case FIREWALL_CHAIN_LOW_POWER_STANDBY:
+ return true;
+ case FIREWALL_CHAIN_STANDBY:
+ case FIREWALL_CHAIN_OEM_DENY_1:
+ case FIREWALL_CHAIN_OEM_DENY_2:
+ case FIREWALL_CHAIN_OEM_DENY_3:
+ return false;
+ default:
+ throw new ServiceSpecificException(EINVAL, "Invalid firewall chain: " + chain);
+ }
}
private void maybeThrow(final int err, final String msg) {
@@ -359,25 +408,46 @@
/**
* Replaces the contents of the specified UID-based firewall chain.
+ * Enables the chain for specified uids and disables the chain for non-specified uids.
*
- * The chain may be an allowlist chain or a denylist chain. A denylist chain contains DROP
- * rules for the specified UIDs and a RETURN rule at the end. An allowlist chain contains RETURN
- * rules for the system UID range (0 to {@code UID_APP} - 1), RETURN rules for the specified
- * UIDs, and a DROP rule at the end. The chain will be created if it does not exist.
- *
- * @param chainName The name of the chain to replace.
- * @param isAllowlist Whether this is an allowlist or denylist chain.
+ * @param chain Target chain.
* @param uids The list of UIDs to allow/deny.
- * @return 0 if the chain was successfully replaced, errno otherwise.
+ * @throws UnsupportedOperationException if called on pre-T devices.
+ * @throws IllegalArgumentException if {@code chain} is not a valid chain.
*/
- public int replaceUidChain(final String chainName, final boolean isAllowlist,
- final int[] uids) {
- synchronized (sUidOwnerMap) {
- final int err = native_replaceUidChain(chainName, isAllowlist, uids);
- if (err != 0) {
- Log.e(TAG, "replaceUidChain failed: " + Os.strerror(-err));
+ public void replaceUidChain(final int chain, final int[] uids) {
+ throwIfPreT("replaceUidChain is not available on pre-T devices");
+
+ final long match;
+ try {
+ match = getMatchByFirewallChain(chain);
+ } catch (ServiceSpecificException e) {
+ // Throws IllegalArgumentException to keep the behavior of
+ // ConnectivityManager#replaceFirewallChain API
+ throw new IllegalArgumentException("Invalid firewall chain: " + chain);
+ }
+ final Set<Integer> uidSet = Arrays.stream(uids).boxed().collect(Collectors.toSet());
+ final Set<Integer> uidSetToRemoveRule = new HashSet<>();
+ try {
+ synchronized (sUidOwnerMap) {
+ sUidOwnerMap.forEach((uid, config) -> {
+ // config could be null if there is a concurrent entry deletion.
+ // http://b/220084230.
+ if (config != null
+ && !uidSet.contains((int) uid.val) && (config.rule & match) != 0) {
+ uidSetToRemoveRule.add((int) uid.val);
+ }
+ });
+
+ for (final int uid : uidSetToRemoveRule) {
+ removeRule(uid, match, "replaceUidChain");
+ }
+ for (final int uid : uids) {
+ addRule(uid, match, "replaceUidChain");
+ }
}
- return -err;
+ } catch (ErrnoException | ServiceSpecificException e) {
+ Log.e(TAG, "replaceUidChain failed: " + e);
}
}
@@ -391,9 +461,17 @@
* cause of the failure.
*/
public void setUidRule(final int childChain, final int uid, final int firewallRule) {
- synchronized (sUidOwnerMap) {
- final int err = native_setUidRule(childChain, uid, firewallRule);
- maybeThrow(err, "Unable to set uid rule");
+ throwIfPreT("setUidRule is not available on pre-T devices");
+
+ final long match = getMatchByFirewallChain(childChain);
+ final boolean isAllowList = isFirewallAllowList(childChain);
+ final boolean add = (firewallRule == FIREWALL_RULE_ALLOW && isAllowList)
+ || (firewallRule == FIREWALL_RULE_DENY && !isAllowList);
+
+ if (add) {
+ addRule(uid, match, "setUidRule");
+ } else {
+ removeRule(uid, match, "setUidRule");
}
}
@@ -419,9 +497,24 @@
mNetd.firewallAddUidInterfaceRules(ifName, uids);
return;
}
- synchronized (sUidOwnerMap) {
- final int err = native_addUidInterfaceRules(ifName, uids);
- maybeThrow(err, "Unable to add uid interface rules");
+ // Null ifName is a wildcard to allow apps to receive packets on all interfaces and ifIndex
+ // is set to 0.
+ final int ifIndex;
+ if (ifName == null) {
+ ifIndex = 0;
+ } else {
+ ifIndex = mDeps.getIfIndex(ifName);
+ if (ifIndex == 0) {
+ throw new ServiceSpecificException(ENODEV,
+ "Failed to get index of interface " + ifName);
+ }
+ }
+ for (final int uid: uids) {
+ try {
+ addRule(uid, IIF_MATCH, ifIndex, "addUidInterfaceRules");
+ } catch (ServiceSpecificException e) {
+ Log.e(TAG, "addRule failed uid=" + uid + " ifName=" + ifName + ", " + e);
+ }
}
}
@@ -441,9 +534,12 @@
mNetd.firewallRemoveUidInterfaceRules(uids);
return;
}
- synchronized (sUidOwnerMap) {
- final int err = native_removeUidInterfaceRules(uids);
- maybeThrow(err, "Unable to remove uid interface rules");
+ for (final int uid: uids) {
+ try {
+ removeRule(uid, IIF_MATCH, "removeUidInterfaceRules");
+ } catch (ServiceSpecificException e) {
+ Log.e(TAG, "removeRule failed uid=" + uid + ", " + e);
+ }
}
}
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 37fc391..ae1f808 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -98,6 +98,9 @@
import static android.system.OsConstants.IPPROTO_UDP;
import static com.android.net.module.util.DeviceConfigUtils.TETHERING_MODULE_NAME;
+import static com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf;
+import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission;
+import static com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr;
import static java.util.Map.Entry;
@@ -450,7 +453,7 @@
* direct device-originated data traffic of the specific UIDs to the correct
* default network for each app.
* Order ints passed to netd must be in the 0~999 range. Larger values code for
- * a lower priority, {@see NativeUidRangeConfig}
+ * a lower priority, see {@link NativeUidRangeConfig}.
*
* Requests that don't code for a per-app preference use PREFERENCE_ORDER_INVALID.
* The default request uses PREFERENCE_ORDER_DEFAULT.
@@ -1956,7 +1959,7 @@
@Override
public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) {
- PermissionUtils.enforceNetworkStackPermission(mContext);
+ enforceNetworkStackPermission(mContext);
return getActiveNetworkForUidInternal(uid, ignoreBlocked);
}
@@ -1979,7 +1982,7 @@
@Override
public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) {
- PermissionUtils.enforceNetworkStackPermission(mContext);
+ enforceNetworkStackPermission(mContext);
final NetworkAgentInfo nai = getNetworkAgentInfoForUid(uid);
if (nai == null) return null;
return getFilteredNetworkInfo(nai, uid, ignoreBlocked);
@@ -2518,7 +2521,7 @@
@Override
public NetworkState[] getAllNetworkState() {
// This contains IMSI details, so make sure the caller is privileged.
- PermissionUtils.enforceNetworkStackPermission(mContext);
+ enforceNetworkStackPermission(mContext);
final ArrayList<NetworkState> result = new ArrayList<>();
for (NetworkStateSnapshot snapshot : getAllNetworkStateSnapshots()) {
@@ -2783,15 +2786,6 @@
setUidBlockedReasons(uid, blockedReasons);
}
- private boolean checkAnyPermissionOf(String... permissions) {
- for (String permission : permissions) {
- if (mContext.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED) {
- return true;
- }
- }
- return false;
- }
-
private boolean checkAnyPermissionOf(int pid, int uid, String... permissions) {
for (String permission : permissions) {
if (mContext.checkPermission(permission, pid, uid) == PERMISSION_GRANTED) {
@@ -2801,13 +2795,6 @@
return false;
}
- private void enforceAnyPermissionOf(String... permissions) {
- if (!checkAnyPermissionOf(permissions)) {
- throw new SecurityException("Requires one of the following permissions: "
- + String.join(", ", permissions) + ".");
- }
- }
-
private void enforceInternetPermission() {
mContext.enforceCallingOrSelfPermission(
android.Manifest.permission.INTERNET,
@@ -2867,7 +2854,7 @@
}
private void enforceSettingsPermission() {
- enforceAnyPermissionOf(
+ enforceAnyPermissionOf(mContext,
android.Manifest.permission.NETWORK_SETTINGS,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
@@ -2875,7 +2862,7 @@
private void enforceNetworkFactoryPermission() {
// TODO: Check for the BLUETOOTH_STACK permission once that is in the API surface.
if (UserHandle.getAppId(getCallingUid()) == Process.BLUETOOTH_UID) return;
- enforceAnyPermissionOf(
+ enforceAnyPermissionOf(mContext,
android.Manifest.permission.NETWORK_FACTORY,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
@@ -2883,7 +2870,7 @@
private void enforceNetworkFactoryOrSettingsPermission() {
// TODO: Check for the BLUETOOTH_STACK permission once that is in the API surface.
if (UserHandle.getAppId(getCallingUid()) == Process.BLUETOOTH_UID) return;
- enforceAnyPermissionOf(
+ enforceAnyPermissionOf(mContext,
android.Manifest.permission.NETWORK_SETTINGS,
android.Manifest.permission.NETWORK_FACTORY,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
@@ -2892,7 +2879,7 @@
private void enforceNetworkFactoryOrTestNetworksPermission() {
// TODO: Check for the BLUETOOTH_STACK permission once that is in the API surface.
if (UserHandle.getAppId(getCallingUid()) == Process.BLUETOOTH_UID) return;
- enforceAnyPermissionOf(
+ enforceAnyPermissionOf(mContext,
android.Manifest.permission.MANAGE_TEST_NETWORKS,
android.Manifest.permission.NETWORK_FACTORY,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
@@ -2909,7 +2896,7 @@
}
private boolean checkSettingsPermission() {
- return checkAnyPermissionOf(
+ return PermissionUtils.checkAnyPermissionOf(mContext,
android.Manifest.permission.NETWORK_SETTINGS,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
@@ -2922,27 +2909,21 @@
}
private void enforceNetworkStackOrSettingsPermission() {
- enforceAnyPermissionOf(
- android.Manifest.permission.NETWORK_SETTINGS,
- android.Manifest.permission.NETWORK_STACK,
- NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+ enforceNetworkStackPermissionOr(mContext,
+ android.Manifest.permission.NETWORK_SETTINGS);
}
private void enforceNetworkStackSettingsOrSetup() {
- enforceAnyPermissionOf(
+ enforceNetworkStackPermissionOr(mContext,
android.Manifest.permission.NETWORK_SETTINGS,
- android.Manifest.permission.NETWORK_SETUP_WIZARD,
- android.Manifest.permission.NETWORK_STACK,
- NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+ android.Manifest.permission.NETWORK_SETUP_WIZARD);
}
private void enforceAirplaneModePermission() {
- enforceAnyPermissionOf(
+ enforceNetworkStackPermissionOr(mContext,
android.Manifest.permission.NETWORK_AIRPLANE_MODE,
android.Manifest.permission.NETWORK_SETTINGS,
- android.Manifest.permission.NETWORK_SETUP_WIZARD,
- android.Manifest.permission.NETWORK_STACK,
- NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
+ android.Manifest.permission.NETWORK_SETUP_WIZARD);
}
private void enforceOemNetworkPreferencesPermission() {
@@ -2958,7 +2939,7 @@
}
private boolean checkNetworkStackPermission() {
- return checkAnyPermissionOf(
+ return PermissionUtils.checkAnyPermissionOf(mContext,
android.Manifest.permission.NETWORK_STACK,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK);
}
@@ -5746,7 +5727,7 @@
@Override
public void setGlobalProxy(@Nullable final ProxyInfo proxyProperties) {
- PermissionUtils.enforceNetworkStackPermission(mContext);
+ enforceNetworkStackPermission(mContext);
mProxyTracker.setGlobalProxy(proxyProperties);
}
@@ -7294,7 +7275,7 @@
Objects.requireNonNull(initialScore, "initialScore must not be null");
Objects.requireNonNull(networkAgentConfig, "networkAgentConfig must not be null");
if (networkCapabilities.hasTransport(TRANSPORT_TEST)) {
- enforceAnyPermissionOf(Manifest.permission.MANAGE_TEST_NETWORKS);
+ enforceAnyPermissionOf(mContext, Manifest.permission.MANAGE_TEST_NETWORKS);
} else {
enforceNetworkFactoryPermission();
}
@@ -10307,7 +10288,8 @@
Objects.requireNonNull(network, "network must not be null");
Objects.requireNonNull(extras, "extras must not be null");
- enforceAnyPermissionOf(android.Manifest.permission.MANAGE_TEST_NETWORKS,
+ enforceAnyPermissionOf(mContext,
+ android.Manifest.permission.MANAGE_TEST_NETWORKS,
android.Manifest.permission.NETWORK_STACK);
final NetworkCapabilities nc = getNetworkCapabilitiesInternal(network);
if (!nc.hasTransport(TRANSPORT_TEST)) {
@@ -10715,7 +10697,7 @@
preferences.add(pref);
}
- PermissionUtils.enforceNetworkStackPermission(mContext);
+ enforceNetworkStackPermission(mContext);
if (DBG) {
log("setProfileNetworkPreferences " + profile + " to " + preferences);
}
@@ -11405,39 +11387,6 @@
public void replaceFirewallChain(final int chain, final int[] uids) {
enforceNetworkStackOrSettingsPermission();
- try {
- switch (chain) {
- case ConnectivityManager.FIREWALL_CHAIN_DOZABLE:
- mBpfNetMaps.replaceUidChain("fw_dozable", true /* isAllowList */, uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_STANDBY:
- mBpfNetMaps.replaceUidChain("fw_standby", false /* isAllowList */, uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_POWERSAVE:
- mBpfNetMaps.replaceUidChain("fw_powersave", true /* isAllowList */, uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_RESTRICTED:
- mBpfNetMaps.replaceUidChain("fw_restricted", true /* isAllowList */, uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY:
- mBpfNetMaps.replaceUidChain("fw_low_power_standby", true /* isAllowList */,
- uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_1:
- mBpfNetMaps.replaceUidChain("fw_oem_deny_1", false /* isAllowList */, uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_2:
- mBpfNetMaps.replaceUidChain("fw_oem_deny_2", false /* isAllowList */, uids);
- break;
- case ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_3:
- mBpfNetMaps.replaceUidChain("fw_oem_deny_3", false /* isAllowList */, uids);
- break;
- default:
- throw new IllegalArgumentException("replaceFirewallChain with invalid chain: "
- + chain);
- }
- } catch (ServiceSpecificException e) {
- throw new IllegalStateException(e);
- }
+ mBpfNetMaps.replaceUidChain(chain, uids);
}
}
diff --git a/service/src/com/android/server/TestNetworkService.java b/service/src/com/android/server/TestNetworkService.java
index 1209579..15d9f13 100644
--- a/service/src/com/android/server/TestNetworkService.java
+++ b/service/src/com/android/server/TestNetworkService.java
@@ -47,7 +47,6 @@
import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
-import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.NetworkStackConstants;
import java.io.IOException;
@@ -83,6 +82,8 @@
private static native void nativeSetTunTapCarrierEnabled(@NonNull String iface, int tunFd,
boolean enabled);
+ private static native void nativeBringUpInterface(String iface);
+
@VisibleForTesting
protected TestNetworkService(@NonNull Context context) {
mHandlerThread = new HandlerThread("TestNetworkServiceThread");
@@ -120,7 +121,7 @@
*/
@Override
public TestNetworkInterface createInterface(boolean isTun, boolean hasCarrier, boolean bringUp,
- LinkAddress[] linkAddrs, @Nullable String iface) {
+ boolean disableIpv6ProvisioningDelay, LinkAddress[] linkAddrs, @Nullable String iface) {
enforceTestNetworkPermissions(mContext);
Objects.requireNonNull(linkAddrs, "missing linkAddrs");
@@ -137,6 +138,14 @@
try {
ParcelFileDescriptor tunIntf = ParcelFileDescriptor.adoptFd(
nativeCreateTunTap(isTun, hasCarrier, interfaceName));
+
+ // Disable DAD and remove router_solicitation_delay before assigning link addresses.
+ if (disableIpv6ProvisioningDelay) {
+ mNetd.setProcSysNet(
+ INetd.IPV6, INetd.CONF, interfaceName, "router_solicitation_delay", "0");
+ mNetd.setProcSysNet(INetd.IPV6, INetd.CONF, interfaceName, "dad_transmits", "0");
+ }
+
for (LinkAddress addr : linkAddrs) {
mNetd.interfaceAddAddress(
interfaceName,
@@ -145,7 +154,7 @@
}
if (bringUp) {
- NetdUtils.setInterfaceUp(mNetd, interfaceName);
+ nativeBringUpInterface(interfaceName);
}
return new TestNetworkInterface(tunIntf, interfaceName);
diff --git a/service/src/com/android/server/connectivity/ClatCoordinator.java b/service/src/com/android/server/connectivity/ClatCoordinator.java
index 5ea586a..6c4a021 100644
--- a/service/src/com/android/server/connectivity/ClatCoordinator.java
+++ b/service/src/com/android/server/connectivity/ClatCoordinator.java
@@ -46,6 +46,8 @@
import com.android.net.module.util.bpf.ClatEgress4Value;
import com.android.net.module.util.bpf.ClatIngress6Key;
import com.android.net.module.util.bpf.ClatIngress6Value;
+import com.android.net.module.util.bpf.CookieTagMapKey;
+import com.android.net.module.util.bpf.CookieTagMapValue;
import java.io.FileDescriptor;
import java.io.IOException;
@@ -63,6 +65,10 @@
public class ClatCoordinator {
private static final String TAG = ClatCoordinator.class.getSimpleName();
+ // Sync from system/core/libcutils/include/private/android_filesystem_config.h
+ @VisibleForTesting
+ static final int AID_CLAT = 1029;
+
// Sync from external/android-clat/clatd.c
// 40 bytes IPv6 header - 20 bytes IPv4 header + 8 bytes fragment header.
@VisibleForTesting
@@ -97,6 +103,8 @@
@VisibleForTesting
static final int PRIO_CLAT = 4;
+ private static final String COOKIE_TAG_MAP_PATH =
+ "/sys/fs/bpf/netd_shared/map_netd_cookie_tag_map";
private static final String CLAT_EGRESS4_MAP_PATH = makeMapPath("egress4");
private static final String CLAT_INGRESS6_MAP_PATH = makeMapPath("ingress6");
@@ -121,6 +129,8 @@
@Nullable
private final IBpfMap<ClatEgress4Key, ClatEgress4Value> mEgressMap;
@Nullable
+ private final IBpfMap<CookieTagMapKey, CookieTagMapValue> mCookieTagMap;
+ @Nullable
private ClatdTracker mClatdTracker = null;
/**
@@ -232,17 +242,10 @@
}
/**
- * Tag socket as clat.
+ * Get socket cookie.
*/
- public long tagSocketAsClat(@NonNull FileDescriptor sock) throws IOException {
- return native_tagSocketAsClat(sock);
- }
-
- /**
- * Untag socket.
- */
- public void untagSocket(long cookie) throws IOException {
- native_untagSocket(cookie);
+ public long getSocketCookie(@NonNull FileDescriptor sock) throws IOException {
+ return native_getSocketCookie(sock);
}
/** Get ingress6 BPF map. */
@@ -279,6 +282,23 @@
}
}
+ /** Get cookie tag map */
+ @Nullable
+ public IBpfMap<CookieTagMapKey, CookieTagMapValue> getBpfCookieTagMap() {
+ // Pre-T devices don't use ClatCoordinator to access clat map. Since Nat464Xlat
+ // initializes a ClatCoordinator object to avoid redundant null pointer check
+ // while using, ignore the BPF map initialization on pre-T devices.
+ // TODO: probably don't initialize ClatCoordinator object on pre-T devices.
+ if (!SdkLevel.isAtLeastT()) return null;
+ try {
+ return new BpfMap<>(COOKIE_TAG_MAP_PATH,
+ BpfMap.BPF_F_RDWR, CookieTagMapKey.class, CookieTagMapValue.class);
+ } catch (ErrnoException e) {
+ Log.wtf(TAG, "Cannot open cookie tag map: " + e);
+ return null;
+ }
+ }
+
/** Checks if the network interface uses an ethernet L2 header. */
public boolean isEthernet(String iface) throws IOException {
return TcUtils.isEthernet(iface);
@@ -388,6 +408,7 @@
mNetd = mDeps.getNetd();
mIngressMap = mDeps.getBpfIngress6Map();
mEgressMap = mDeps.getBpfEgress4Map();
+ mCookieTagMap = mDeps.getBpfCookieTagMap();
}
private void maybeStartBpf(final ClatdTracker tracker) {
@@ -536,6 +557,43 @@
}
}
+ private void tagSocketAsClat(long cookie) throws IOException {
+ if (mCookieTagMap == null) {
+ throw new IOException("Cookie tag map is not initialized");
+ }
+
+ // Tag raw socket with uid AID_CLAT and set tag as zero because tag is unused in bpf
+ // program for counting data usage in netd.c. Tagging socket is used to avoid counting
+ // duplicated clat traffic in bpf stat.
+ final CookieTagMapKey key = new CookieTagMapKey(cookie);
+ final CookieTagMapValue value = new CookieTagMapValue(AID_CLAT, 0 /* tag, unused */);
+ try {
+ mCookieTagMap.insertEntry(key, value);
+ } catch (ErrnoException | IllegalStateException e) {
+ throw new IOException("Could not insert entry (" + key + ", " + value
+ + ") on cookie tag map: " + e);
+ }
+ Log.i(TAG, "tag socket cookie " + cookie);
+ }
+
+ private void untagSocket(long cookie) throws IOException {
+ if (mCookieTagMap == null) {
+ throw new IOException("Cookie tag map is not initialized");
+ }
+
+ // The reason that deleting entry from cookie tag map directly is that the tag socket
+ // destroy listener only monitors on group INET_TCP, INET_UDP, INET6_TCP, INET6_UDP.
+ // The other socket types, ex: raw, are not able to be removed automatically by the
+ // listener. See TrafficController::makeSkDestroyListener.
+ final CookieTagMapKey key = new CookieTagMapKey(cookie);
+ try {
+ mCookieTagMap.deleteEntry(key);
+ } catch (ErrnoException | IllegalStateException e) {
+ throw new IOException("Could not delete entry (" + key + ") on cookie tag map: " + e);
+ }
+ Log.i(TAG, "untag socket cookie " + cookie);
+ }
+
/**
* Start clatd for a given interface and NAT64 prefix.
*/
@@ -686,7 +744,8 @@
// Tag socket as AID_CLAT to avoid duplicated CLAT data usage accounting.
final long cookie;
try {
- cookie = mDeps.tagSocketAsClat(writeSock6.getFileDescriptor());
+ cookie = mDeps.getSocketCookie(writeSock6.getFileDescriptor());
+ tagSocketAsClat(cookie);
} catch (IOException e) {
maybeCleanUp(tunFd, readSock6, writeSock6);
throw new IOException("tag raw socket failed: " + e);
@@ -696,6 +755,11 @@
try {
mDeps.configurePacketSocket(readSock6.getFileDescriptor(), v6Str, ifIndex);
} catch (IOException e) {
+ try {
+ untagSocket(cookie);
+ } catch (IOException e2) {
+ Log.e(TAG, "untagSocket cookie " + cookie + " failed: " + e2);
+ }
maybeCleanUp(tunFd, readSock6, writeSock6);
throw new IOException("configure packet socket failed: " + e);
}
@@ -706,8 +770,11 @@
pid = mDeps.startClatd(tunFd.getFileDescriptor(), readSock6.getFileDescriptor(),
writeSock6.getFileDescriptor(), iface, pfx96Str, v4Str, v6Str);
} catch (IOException e) {
- // TODO: probably refactor to handle the exception of #untagSocket if any.
- mDeps.untagSocket(cookie);
+ try {
+ untagSocket(cookie);
+ } catch (IOException e2) {
+ Log.e(TAG, "untagSocket cookie " + cookie + " failed: " + e2);
+ }
throw new IOException("Error start clatd on " + iface + ": " + e);
} finally {
// The file descriptors have been duplicated (dup2) to clatd in native_startClatd().
@@ -774,7 +841,7 @@
mDeps.stopClatd(mClatdTracker.iface, mClatdTracker.pfx96.getHostAddress(),
mClatdTracker.v4.getHostAddress(), mClatdTracker.v6.getHostAddress(),
mClatdTracker.pid);
- mDeps.untagSocket(mClatdTracker.cookie);
+ untagSocket(mClatdTracker.cookie);
Log.i(TAG, "clatd on " + mClatdTracker.iface + " stopped");
mClatdTracker = null;
@@ -870,6 +937,5 @@
throws IOException;
private static native void native_stopClatd(String iface, String pfx96, String v4, String v6,
int pid) throws IOException;
- private static native long native_tagSocketAsClat(FileDescriptor sock) throws IOException;
- private static native void native_untagSocket(long cookie) throws IOException;
+ private static native long native_getSocketCookie(FileDescriptor sock) throws IOException;
}
diff --git a/service/src/com/android/server/connectivity/DscpPolicyTracker.java b/service/src/com/android/server/connectivity/DscpPolicyTracker.java
index 7829d1a..2bfad10 100644
--- a/service/src/com/android/server/connectivity/DscpPolicyTracker.java
+++ b/service/src/com/android/server/connectivity/DscpPolicyTracker.java
@@ -52,12 +52,12 @@
private static final String TAG = DscpPolicyTracker.class.getSimpleName();
private static final String PROG_PATH =
- "/sys/fs/bpf/net_shared/prog_dscp_policy_schedcls_set_dscp";
+ "/sys/fs/bpf/net_shared/prog_dscpPolicy_schedcls_set_dscp_ether";
// Name is "map + *.o + map_name + map". Can probably shorten this
private static final String IPV4_POLICY_MAP_PATH = makeMapPath(
- "dscp_policy_ipv4_dscp_policies");
+ "dscpPolicy_ipv4_dscp_policies");
private static final String IPV6_POLICY_MAP_PATH = makeMapPath(
- "dscp_policy_ipv6_dscp_policies");
+ "dscpPolicy_ipv6_dscp_policies");
private static final int MAX_POLICIES = 16;
private static String makeMapPath(String which) {
@@ -185,7 +185,7 @@
new DscpPolicyValue(policy.getSourceAddress(),
policy.getDestinationAddress(), ifIndex,
policy.getSourcePort(), policy.getDestinationPortRange(),
- (short) policy.getProtocol(), (short) policy.getDscpValue()));
+ (short) policy.getProtocol(), (byte) policy.getDscpValue()));
}
// Add v6 policy to mBpfDscpIpv6Policies if source and destination address
@@ -196,7 +196,7 @@
new DscpPolicyValue(policy.getSourceAddress(),
policy.getDestinationAddress(), ifIndex,
policy.getSourcePort(), policy.getDestinationPortRange(),
- (short) policy.getProtocol(), (short) policy.getDscpValue()));
+ (short) policy.getProtocol(), (byte) policy.getDscpValue()));
}
ifacePolicies.put(policy.getPolicyId(), addIndex);
@@ -212,8 +212,17 @@
return DSCP_POLICY_STATUS_SUCCESS;
}
+ private boolean isEthernet(String iface) {
+ try {
+ return TcUtils.isEthernet(iface);
+ } catch (IOException e) {
+ Log.e(TAG, "Failed to check ether type", e);
+ }
+ return false;
+ }
+
/**
- * Add the provided DSCP policy to the bpf map. Attach bpf program dscp_policy to iface
+ * Add the provided DSCP policy to the bpf map. Attach bpf program dscpPolicy to iface
* if not already attached. Response will be sent back to nai with status.
*
* DSCP_POLICY_STATUS_SUCCESS - if policy was added successfully
@@ -221,13 +230,17 @@
* DSCP_POLICY_STATUS_REQUEST_DECLINED - Interface index was invalid
*/
public void addDscpPolicy(NetworkAgentInfo nai, DscpPolicy policy) {
- if (!mAttachedIfaces.contains(nai.linkProperties.getInterfaceName())) {
- if (!attachProgram(nai.linkProperties.getInterfaceName())) {
- Log.e(TAG, "Unable to attach program");
- sendStatus(nai, policy.getPolicyId(),
- DSCP_POLICY_STATUS_INSUFFICIENT_PROCESSING_RESOURCES);
- return;
- }
+ String iface = nai.linkProperties.getInterfaceName();
+ if (!isEthernet(iface)) {
+ Log.e(TAG, "DSCP policies are not supported on raw IP interfaces.");
+ sendStatus(nai, policy.getPolicyId(), DSCP_POLICY_STATUS_REQUEST_DECLINED);
+ return;
+ }
+ if (!mAttachedIfaces.contains(iface) && !attachProgram(iface)) {
+ Log.e(TAG, "Unable to attach program");
+ sendStatus(nai, policy.getPolicyId(),
+ DSCP_POLICY_STATUS_INSUFFICIENT_PROCESSING_RESOURCES);
+ return;
}
final int ifIndex = getIfaceIndex(nai);
@@ -314,10 +327,8 @@
private boolean attachProgram(@NonNull String iface) {
try {
NetworkInterface netIface = NetworkInterface.getByName(iface);
- boolean isEth = TcUtils.isEthernet(iface);
- String path = PROG_PATH + (isEth ? "_ether" : "_raw_ip");
TcUtils.tcFilterAddDevBpf(netIface.getIndex(), false, PRIO_DSCP, (short) ETH_P_ALL,
- path);
+ PROG_PATH);
} catch (IOException e) {
Log.e(TAG, "Unable to attach to TC on " + iface + ": " + e);
return false;
diff --git a/service/src/com/android/server/connectivity/DscpPolicyValue.java b/service/src/com/android/server/connectivity/DscpPolicyValue.java
index 6e4e7eb..4bb41da 100644
--- a/service/src/com/android/server/connectivity/DscpPolicyValue.java
+++ b/service/src/com/android/server/connectivity/DscpPolicyValue.java
@@ -52,8 +52,8 @@
@Field(order = 6, type = Type.U8)
public final short proto;
- @Field(order = 7, type = Type.U8)
- public final short dscp;
+ @Field(order = 7, type = Type.S8)
+ public final byte dscp;
@Field(order = 8, type = Type.U8, padding = 3)
public final short mask;
@@ -100,7 +100,7 @@
InetAddress.parseNumericAddress("::").getAddress();
private short makeMask(final byte[] src46, final byte[] dst46, final int srcPort,
- final int dstPortStart, final short proto, final short dscp) {
+ final int dstPortStart, final short proto, final byte dscp) {
short mask = 0;
if (src46 != EMPTY_ADDRESS_FIELD) {
mask |= SRC_IP_MASK;
@@ -122,7 +122,7 @@
private DscpPolicyValue(final InetAddress src46, final InetAddress dst46, final long ifIndex,
final int srcPort, final int dstPortStart, final int dstPortEnd, final short proto,
- final short dscp) {
+ final byte dscp) {
this.src46 = toAddressField(src46);
this.dst46 = toAddressField(dst46);
this.ifIndex = ifIndex;
@@ -142,7 +142,7 @@
public DscpPolicyValue(final InetAddress src46, final InetAddress dst46, final long ifIndex,
final int srcPort, final Range<Integer> dstPort, final short proto,
- final short dscp) {
+ final byte dscp) {
this(src46, dst46, ifIndex, srcPort, dstPort != null ? dstPort.getLower() : -1,
dstPort != null ? dstPort.getUpper() : -1, proto, dscp);
}
@@ -150,7 +150,7 @@
public static final DscpPolicyValue NONE = new DscpPolicyValue(
null /* src46 */, null /* dst46 */, 0 /* ifIndex */, -1 /* srcPort */,
-1 /* dstPortStart */, -1 /* dstPortEnd */, (short) -1 /* proto */,
- (short) 0 /* dscp */);
+ (byte) -1 /* dscp */);
@Override
public String toString() {
diff --git a/service/src/com/android/server/connectivity/FullScore.java b/service/src/com/android/server/connectivity/FullScore.java
index b13ba93..b156045 100644
--- a/service/src/com/android/server/connectivity/FullScore.java
+++ b/service/src/com/android/server/connectivity/FullScore.java
@@ -76,16 +76,16 @@
public static final int POLICY_IS_VPN = 62;
// This network has been selected by the user manually from settings or a 3rd party app
- // at least once. {@see NetworkAgentConfig#explicitlySelected}.
+ // at least once. @see NetworkAgentConfig#explicitlySelected.
/** @hide */
public static final int POLICY_EVER_USER_SELECTED = 61;
// The user has indicated in UI that this network should be used even if it doesn't
- // validate. {@see NetworkAgentConfig#acceptUnvalidated}.
+ // validate. @see NetworkAgentConfig#acceptUnvalidated.
/** @hide */
public static final int POLICY_ACCEPT_UNVALIDATED = 60;
- // This network is unmetered. {@see NetworkCapabilities.NET_CAPABILITY_NOT_METERED}.
+ // This network is unmetered. @see NetworkCapabilities.NET_CAPABILITY_NOT_METERED.
/** @hide */
public static final int POLICY_IS_UNMETERED = 59;
diff --git a/tests/common/Android.bp b/tests/common/Android.bp
index 58731e0..5c9cc63 100644
--- a/tests/common/Android.bp
+++ b/tests/common/Android.bp
@@ -21,9 +21,22 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
+// The target SDK version of the "latest released SDK" CTS tests.
+// This should be updated soon after a new SDK level is finalized.
+// It is different from the target SDK version of production code (e.g., the Tethering,
+// NetworkStack, and CaptivePortalLogin APKs):
+// - The target SDK of production code influences the behaviour of the production code.
+// - The target SDK of the CTS tests validates the behaviour seen by apps that call production APIs.
+// - The behaviour seen by apps that target previous SDKs is tested by previous CTS versions
+// (currently, CTS 10, 11, and 12).
+java_defaults {
+ name: "ConnectivityTestsLatestSdkDefaults",
+ target_sdk_version: "33",
+}
+
java_library {
name: "FrameworksNetCommonTests",
- defaults: ["framework-connectivity-test-defaults"],
+ defaults: ["framework-connectivity-internal-test-defaults"],
srcs: [
"java/**/*.java",
"java/**/*.kt",
@@ -49,6 +62,7 @@
// jarjar stops at the first matching rule, so order of concatenation affects the output.
genrule {
name: "ConnectivityCoverageJarJarRules",
+ defaults: ["jarjar-rules-combine-defaults"],
srcs: [
"tethering-jni-jarjar-rules.txt",
":connectivity-jarjar-rules",
@@ -56,8 +70,6 @@
":NetworkStackJarJarRules",
],
out: ["jarjar-rules-connectivity-coverage.txt"],
- // Concat files with a line break in the middle
- cmd: "for src in $(in); do cat $${src}; echo; done > $(out)",
visibility: ["//visibility:private"],
}
@@ -81,10 +93,10 @@
name: "ConnectivityCoverageTests",
// Tethering started on SDK 30
min_sdk_version: "30",
- target_sdk_version: "31",
test_suites: ["general-tests", "mts-tethering"],
defaults: [
- "framework-connectivity-test-defaults",
+ "ConnectivityTestsLatestSdkDefaults",
+ "framework-connectivity-internal-test-defaults",
"FrameworksNetTests-jni-defaults",
"libnetworkstackutilsjni_deps",
],
diff --git a/tests/common/java/android/net/LinkPropertiesTest.java b/tests/common/java/android/net/LinkPropertiesTest.java
index 9ed2bb3..5ee375f 100644
--- a/tests/common/java/android/net/LinkPropertiesTest.java
+++ b/tests/common/java/android/net/LinkPropertiesTest.java
@@ -36,10 +36,10 @@
import android.system.OsConstants;
import android.util.ArraySet;
-import androidx.core.os.BuildCompat;
import androidx.test.filters.SmallTest;
import androidx.test.runner.AndroidJUnit4;
+import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.LinkPropertiesUtils.CompareResult;
import com.android.testutils.ConnectivityModuleTest;
import com.android.testutils.DevSdkIgnoreRule;
@@ -114,11 +114,6 @@
return InetAddresses.parseNumericAddress(addrString);
}
- private static boolean isAtLeastR() {
- // BuildCompat.isAtLeastR is documented to return false on release SDKs (including R)
- return Build.VERSION.SDK_INT > Build.VERSION_CODES.Q || BuildCompat.isAtLeastR();
- }
-
private void checkEmpty(final LinkProperties lp) {
assertEquals(0, lp.getAllInterfaceNames().size());
assertEquals(0, lp.getAllAddresses().size());
@@ -139,7 +134,7 @@
assertFalse(lp.isIpv6Provisioned());
assertFalse(lp.isPrivateDnsActive());
- if (isAtLeastR()) {
+ if (SdkLevel.isAtLeastR()) {
assertNull(lp.getDhcpServerAddress());
assertFalse(lp.isWakeOnLanSupported());
assertNull(lp.getCaptivePortalApiUrl());
@@ -166,7 +161,7 @@
lp.setMtu(MTU);
lp.setTcpBufferSizes(TCP_BUFFER_SIZES);
lp.setNat64Prefix(new IpPrefix("2001:db8:0:64::/96"));
- if (isAtLeastR()) {
+ if (SdkLevel.isAtLeastR()) {
lp.setDhcpServerAddress(DHCPSERVER);
lp.setWakeOnLanSupported(true);
lp.setCaptivePortalApiUrl(CAPPORT_API_URL);
@@ -210,7 +205,7 @@
assertTrue(source.isIdenticalTcpBufferSizes(target));
assertTrue(target.isIdenticalTcpBufferSizes(source));
- if (isAtLeastR()) {
+ if (SdkLevel.isAtLeastR()) {
assertTrue(source.isIdenticalDhcpServerAddress(target));
assertTrue(source.isIdenticalDhcpServerAddress(source));
@@ -1295,37 +1290,73 @@
assertEquals(2, lp.getRoutes().size());
}
- @Test @IgnoreUpTo(Build.VERSION_CODES.R)
- @CtsNetTestCasesMaxTargetSdk31(reason = "Compat change cannot be overridden when targeting T+")
- @EnableCompatChanges({LinkProperties.EXCLUDED_ROUTES})
- public void testExcludedRoutesEnabled() {
+ private void assertExcludeRoutesVisible() {
final LinkProperties lp = new LinkProperties();
assertEquals(0, lp.getRoutes().size());
- lp.addRoute(new RouteInfo(new IpPrefix(ADDRV4, 0), RTN_UNREACHABLE));
+ lp.addRoute(new RouteInfo(new IpPrefix(ADDRV4, 31), RTN_UNREACHABLE));
assertEquals(1, lp.getRoutes().size());
- lp.addRoute(new RouteInfo(new IpPrefix(ADDRV6, 0), RTN_THROW));
+ lp.addRoute(new RouteInfo(new IpPrefix(ADDRV6, 127), RTN_THROW));
assertEquals(2, lp.getRoutes().size());
lp.addRoute(new RouteInfo(GATEWAY1));
assertEquals(3, lp.getRoutes().size());
+
+ lp.addRoute(new RouteInfo(new IpPrefix(DNS6, 127), RTN_UNICAST));
+ assertEquals(4, lp.getRoutes().size());
+ }
+
+ private void assertExcludeRoutesNotVisible() {
+ final LinkProperties lp = new LinkProperties();
+ assertEquals(0, lp.getRoutes().size());
+
+ lp.addRoute(new RouteInfo(new IpPrefix(ADDRV4, 31), RTN_UNREACHABLE));
+ assertEquals(0, lp.getRoutes().size());
+
+ lp.addRoute(new RouteInfo(new IpPrefix(ADDRV6, 127), RTN_THROW));
+ assertEquals(0, lp.getRoutes().size());
+
+ lp.addRoute(new RouteInfo(GATEWAY1));
+ assertEquals(1, lp.getRoutes().size());
+
+ lp.addRoute(new RouteInfo(new IpPrefix(DNS6, 127), RTN_UNICAST));
+ assertEquals(2, lp.getRoutes().size());
+ }
+
+ private void checkExcludeRoutesNotVisibleAfterS() {
+ if (!SdkLevel.isAtLeastT()) {
+ // RTN_THROW routes are visible on R and S when added by the caller (but they are not
+ // added by the system except for legacy VPN).
+ // This is uncommon usage but was tested by CTSr12.
+ assertExcludeRoutesVisible();
+ } else {
+ assertExcludeRoutesNotVisible();
+ }
+ }
+
+ @Test @IgnoreUpTo(Build.VERSION_CODES.R)
+ @CtsNetTestCasesMaxTargetSdk31(reason = "Testing behaviour for target SDK 31")
+ public void testExcludedRoutesNotVisibleOnTargetSdk31() {
+ checkExcludeRoutesNotVisibleAfterS();
+ }
+
+ @Test
+ public void testExcludedRoutesVisibleOnTargetSdk33AndAbove() {
+ assertExcludeRoutesVisible();
+ }
+
+ @Test @IgnoreUpTo(Build.VERSION_CODES.R)
+ @CtsNetTestCasesMaxTargetSdk31(reason = "Compat change cannot be overridden when targeting T+")
+ @EnableCompatChanges({LinkProperties.EXCLUDED_ROUTES})
+ public void testExcludedRoutesEnabledByCompatChange() {
+ assertExcludeRoutesVisible();
}
@Test @IgnoreUpTo(Build.VERSION_CODES.R)
@CtsNetTestCasesMaxTargetSdk31(reason = "Compat change cannot be overridden when targeting T+")
@DisableCompatChanges({LinkProperties.EXCLUDED_ROUTES})
- public void testExcludedRoutesDisabled() {
- final LinkProperties lp = new LinkProperties();
- assertEquals(0, lp.getRoutes().size());
-
- lp.addRoute(new RouteInfo(new IpPrefix(ADDRV4, 0), RTN_UNREACHABLE));
- assertEquals(0, lp.getRoutes().size());
-
- lp.addRoute(new RouteInfo(new IpPrefix(ADDRV6, 5), RTN_THROW));
- assertEquals(0, lp.getRoutes().size());
-
- lp.addRoute(new RouteInfo(new IpPrefix(ADDRV6, 2), RTN_UNICAST));
- assertEquals(1, lp.getRoutes().size());
+ public void testExcludedRoutesDisabledByCompatChange() {
+ checkExcludeRoutesNotVisibleAfterS();
}
}
diff --git a/tests/common/java/android/net/NetworkProviderTest.kt b/tests/common/java/android/net/NetworkProviderTest.kt
index 3ceacf8..c0e7f61 100644
--- a/tests/common/java/android/net/NetworkProviderTest.kt
+++ b/tests/common/java/android/net/NetworkProviderTest.kt
@@ -30,6 +30,7 @@
import android.os.Looper
import android.util.Log
import androidx.test.InstrumentationRegistry
+import com.android.modules.utils.build.SdkLevel.isAtLeastS
import com.android.net.module.util.ArrayTrackRecord
import com.android.testutils.CompatUtil
import com.android.testutils.ConnectivityModuleTest
@@ -38,7 +39,6 @@
import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo
import com.android.testutils.DevSdkIgnoreRunner
import com.android.testutils.TestableNetworkOfferCallback
-import com.android.testutils.isDevSdkInRange
import org.junit.After
import org.junit.Before
import org.junit.Rule
@@ -376,7 +376,7 @@
doReturn(mCm).`when`(mockContext).getSystemService(Context.CONNECTIVITY_SERVICE)
val provider = createNetworkProvider(mockContext)
// ConnectivityManager not required at creation time after R
- if (!isDevSdkInRange(0, Build.VERSION_CODES.R)) {
+ if (isAtLeastS()) {
verifyNoMoreInteractions(mockContext)
}
diff --git a/tests/cts/hostside/Android.bp b/tests/cts/hostside/Android.bp
index ac84e57..47ea53e 100644
--- a/tests/cts/hostside/Android.bp
+++ b/tests/cts/hostside/Android.bp
@@ -26,7 +26,6 @@
"tradefed",
],
static_libs: [
- "CompatChangeGatingTestBase",
"modules-utils-build-testing",
],
// Tag this module as a cts test artifact
@@ -38,8 +37,6 @@
data: [
":CtsHostsideNetworkTestsApp",
":CtsHostsideNetworkTestsApp2",
- ":CtsHostsideNetworkTestsApp3",
- ":CtsHostsideNetworkTestsApp3PreT",
":CtsHostsideNetworkTestsAppNext",
],
per_testcase_directory: true,
diff --git a/tests/cts/hostside/aidl/com/android/cts/net/hostside/IRemoteSocketFactory.aidl b/tests/cts/hostside/aidl/com/android/cts/net/hostside/IRemoteSocketFactory.aidl
index 68176ad..6986e7e 100644
--- a/tests/cts/hostside/aidl/com/android/cts/net/hostside/IRemoteSocketFactory.aidl
+++ b/tests/cts/hostside/aidl/com/android/cts/net/hostside/IRemoteSocketFactory.aidl
@@ -20,6 +20,7 @@
interface IRemoteSocketFactory {
ParcelFileDescriptor openSocketFd(String host, int port, int timeoutMs);
+ ParcelFileDescriptor openDatagramSocketFd();
String getPackageName();
int getUid();
}
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/RemoteSocketFactoryClient.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/RemoteSocketFactoryClient.java
index 80f99b6..01fbd66 100644
--- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/RemoteSocketFactoryClient.java
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/RemoteSocketFactoryClient.java
@@ -83,9 +83,19 @@
public FileDescriptor openSocketFd(String host, int port, int timeoutMs)
throws RemoteException, ErrnoException, IOException {
// Dup the filedescriptor so ParcelFileDescriptor's finalizer doesn't garbage collect it
- // and cause our fd to become invalid. http://b/35927643 .
- ParcelFileDescriptor pfd = mService.openSocketFd(host, port, timeoutMs);
- FileDescriptor fd = Os.dup(pfd.getFileDescriptor());
+ // and cause fd to become invalid. http://b/35927643.
+ final ParcelFileDescriptor pfd = mService.openSocketFd(host, port, timeoutMs);
+ final FileDescriptor fd = Os.dup(pfd.getFileDescriptor());
+ pfd.close();
+ return fd;
+ }
+
+ public FileDescriptor openDatagramSocketFd()
+ throws RemoteException, ErrnoException, IOException {
+ // Dup the filedescriptor so ParcelFileDescriptor's finalizer doesn't garbage collect it
+ // and cause fd to become invalid. http://b/35927643.
+ final ParcelFileDescriptor pfd = mService.openDatagramSocketFd();
+ final FileDescriptor fd = Os.dup(pfd.getFileDescriptor());
pfd.close();
return fd;
}
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
index dd8b523..5f032be 100755
--- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
@@ -16,6 +16,7 @@
package com.android.cts.net.hostside;
+import static android.Manifest.permission.MANAGE_TEST_NETWORKS;
import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.content.pm.PackageManager.FEATURE_TELEPHONY;
import static android.content.pm.PackageManager.FEATURE_WIFI;
@@ -35,6 +36,8 @@
import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
+import static com.android.networkstack.apishim.ConstantsShim.BLOCKED_REASON_LOCKDOWN_VPN;
+import static com.android.networkstack.apishim.ConstantsShim.BLOCKED_REASON_NONE;
import static com.android.testutils.Cleanup.testAndCleanup;
import static com.android.testutils.DevSdkIgnoreRuleKt.SC_V2;
@@ -59,12 +62,15 @@
import android.database.Cursor;
import android.net.ConnectivityManager;
import android.net.ConnectivityManager.NetworkCallback;
+import android.net.LinkAddress;
import android.net.LinkProperties;
import android.net.Network;
import android.net.NetworkCapabilities;
import android.net.NetworkRequest;
import android.net.Proxy;
import android.net.ProxyInfo;
+import android.net.TestNetworkInterface;
+import android.net.TestNetworkManager;
import android.net.TransportInfo;
import android.net.Uri;
import android.net.VpnManager;
@@ -72,6 +78,7 @@
import android.net.VpnTransportInfo;
import android.net.cts.util.CtsNetUtils;
import android.net.wifi.WifiManager;
+import android.os.Build;
import android.os.Handler;
import android.os.Looper;
import android.os.ParcelFileDescriptor;
@@ -90,11 +97,13 @@
import android.test.MoreAsserts;
import android.text.TextUtils;
import android.util.Log;
+import android.util.Range;
import androidx.test.ext.junit.runners.AndroidJUnit4;
import com.android.compatibility.common.util.BlockingBroadcastReceiver;
import com.android.modules.utils.build.SdkLevel;
+import com.android.net.module.util.PacketBuilder;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
import com.android.testutils.RecorderCallback;
@@ -113,12 +122,14 @@
import java.io.OutputStream;
import java.net.DatagramPacket;
import java.net.DatagramSocket;
+import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.List;
@@ -164,6 +175,12 @@
private static final String PRIVATE_DNS_SPECIFIER_SETTING = "private_dns_specifier";
private static final int NETWORK_CALLBACK_TIMEOUT_MS = 30_000;
+ private static final LinkAddress TEST_IP4_DST_ADDR = new LinkAddress("198.51.100.1/24");
+ private static final LinkAddress TEST_IP4_SRC_ADDR = new LinkAddress("198.51.100.2/24");
+ private static final LinkAddress TEST_IP6_DST_ADDR = new LinkAddress("2001:db8:1:3::1/64");
+ private static final LinkAddress TEST_IP6_SRC_ADDR = new LinkAddress("2001:db8:1:3::2/64");
+ private static final short TEST_SRC_PORT = 5555;
+
public static String TAG = "VpnTest";
public static int TIMEOUT_MS = 3 * 1000;
public static int SOCKET_TIMEOUT_MS = 100;
@@ -1572,4 +1589,180 @@
return future.get(timeout, unit);
}
}
+
+ private static final boolean EXPECT_PASS = false;
+ private static final boolean EXPECT_BLOCK = true;
+
+ @Test @IgnoreUpTo(Build.VERSION_CODES.R)
+ public void testBlockIncomingPackets() throws Exception {
+ assumeTrue(supportedHardware());
+ final Network network = mCM.getActiveNetwork();
+ assertNotNull("Requires a working Internet connection", network);
+
+ final int remoteUid = mRemoteSocketFactoryClient.getUid();
+ final List<Range<Integer>> lockdownRange = List.of(new Range<>(remoteUid, remoteUid));
+ final DetailedBlockedStatusCallback remoteUidCallback = new DetailedBlockedStatusCallback();
+
+ // Create a TUN interface
+ final FileDescriptor tunFd = runWithShellPermissionIdentity(() -> {
+ final TestNetworkManager tnm = getInstrumentation().getContext().getSystemService(
+ TestNetworkManager.class);
+ final TestNetworkInterface iface = tnm.createTunInterface(List.of(
+ TEST_IP4_DST_ADDR, TEST_IP6_DST_ADDR));
+ return iface.getFileDescriptor().getFileDescriptor();
+ }, MANAGE_TEST_NETWORKS);
+
+ // Create a remote UDP socket
+ final FileDescriptor remoteUdpFd = mRemoteSocketFactoryClient.openDatagramSocketFd();
+
+ testAndCleanup(() -> {
+ runWithShellPermissionIdentity(() -> {
+ mCM.registerDefaultNetworkCallbackForUid(remoteUid, remoteUidCallback,
+ new Handler(Looper.getMainLooper()));
+ }, NETWORK_SETTINGS);
+ remoteUidCallback.expectAvailableCallbacks(network);
+
+ // The remote UDP socket can receive packets coming from the TUN interface
+ checkBlockIncomingPacket(tunFd, remoteUdpFd, EXPECT_PASS);
+
+ // Lockdown uid that has the remote UDP socket
+ runWithShellPermissionIdentity(() -> {
+ mCM.setRequireVpnForUids(true /* requireVpn */, lockdownRange);
+ }, NETWORK_SETTINGS);
+
+ // setRequireVpnForUids setup a lockdown rule asynchronously. So it needs to wait for
+ // BlockedStatusCallback to be fired before checking the blocking status of incoming
+ // packets.
+ remoteUidCallback.expectBlockedStatusCallback(network, BLOCKED_REASON_LOCKDOWN_VPN);
+
+ if (SdkLevel.isAtLeastT()) {
+ // On T and above, lockdown rule drop packets not coming from lo regardless of the
+ // VPN connectivity.
+ checkBlockIncomingPacket(tunFd, remoteUdpFd, EXPECT_BLOCK);
+ }
+
+ // Start the VPN that has default routes. This VPN should have interface filtering rule
+ // for incoming packet and drop packets not coming from lo nor the VPN interface.
+ final String allowedApps =
+ mRemoteSocketFactoryClient.getPackageName() + "," + mPackageName;
+ startVpn(new String[]{"192.0.2.2/32", "2001:db8:1:2::ffe/128"},
+ new String[]{"0.0.0.0/0", "::/0"}, allowedApps, "" /* disallowedApplications */,
+ null /* proxyInfo */, null /* underlyingNetworks */,
+ false /* isAlwaysMetered */);
+
+ checkBlockIncomingPacket(tunFd, remoteUdpFd, EXPECT_BLOCK);
+ }, /* cleanup */ () -> {
+ mCM.unregisterNetworkCallback(remoteUidCallback);
+ }, /* cleanup */ () -> {
+ Os.close(tunFd);
+ }, /* cleanup */ () -> {
+ Os.close(remoteUdpFd);
+ }, /* cleanup */ () -> {
+ runWithShellPermissionIdentity(() -> {
+ mCM.setRequireVpnForUids(false /* requireVpn */, lockdownRange);
+ }, NETWORK_SETTINGS);
+ });
+ }
+
+ private ByteBuffer buildIpv4UdpPacket(final Inet4Address dstAddr, final Inet4Address srcAddr,
+ final short dstPort, final short srcPort, final byte[] payload) throws IOException {
+
+ final ByteBuffer buffer = PacketBuilder.allocate(false /* hasEther */,
+ OsConstants.IPPROTO_IP, OsConstants.IPPROTO_UDP, payload.length);
+ final PacketBuilder packetBuilder = new PacketBuilder(buffer);
+
+ packetBuilder.writeIpv4Header(
+ (byte) 0 /* TOS */,
+ (short) 27149 /* ID */,
+ (short) 0x4000 /* flags=DF, offset=0 */,
+ (byte) 64 /* TTL */,
+ (byte) OsConstants.IPPROTO_UDP,
+ srcAddr,
+ dstAddr);
+ packetBuilder.writeUdpHeader(srcPort, dstPort);
+ buffer.put(payload);
+
+ return packetBuilder.finalizePacket();
+ }
+
+ private ByteBuffer buildIpv6UdpPacket(final Inet6Address dstAddr, final Inet6Address srcAddr,
+ final short dstPort, final short srcPort, final byte[] payload) throws IOException {
+
+ final ByteBuffer buffer = PacketBuilder.allocate(false /* hasEther */,
+ OsConstants.IPPROTO_IPV6, OsConstants.IPPROTO_UDP, payload.length);
+ final PacketBuilder packetBuilder = new PacketBuilder(buffer);
+
+ packetBuilder.writeIpv6Header(
+ 0x60000000 /* version=6, traffic class=0, flow label=0 */,
+ (byte) OsConstants.IPPROTO_UDP,
+ (short) 64 /* hop limit */,
+ srcAddr,
+ dstAddr);
+ packetBuilder.writeUdpHeader(srcPort, dstPort);
+ buffer.put(payload);
+
+ return packetBuilder.finalizePacket();
+ }
+
+ private void checkBlockUdp(
+ final FileDescriptor srcTunFd,
+ final FileDescriptor dstUdpFd,
+ final boolean ipv6,
+ final boolean expectBlock) throws Exception {
+ final Random random = new Random();
+ final byte[] sendData = new byte[100];
+ random.nextBytes(sendData);
+ final short dstPort = (short) ((InetSocketAddress) Os.getsockname(dstUdpFd)).getPort();
+
+ ByteBuffer buf;
+ if (ipv6) {
+ buf = buildIpv6UdpPacket(
+ (Inet6Address) TEST_IP6_DST_ADDR.getAddress(),
+ (Inet6Address) TEST_IP6_SRC_ADDR.getAddress(),
+ dstPort, TEST_SRC_PORT, sendData);
+ } else {
+ buf = buildIpv4UdpPacket(
+ (Inet4Address) TEST_IP4_DST_ADDR.getAddress(),
+ (Inet4Address) TEST_IP4_SRC_ADDR.getAddress(),
+ dstPort, TEST_SRC_PORT, sendData);
+ }
+
+ Os.write(srcTunFd, buf);
+
+ final StructPollfd pollfd = new StructPollfd();
+ pollfd.events = (short) POLLIN;
+ pollfd.fd = dstUdpFd;
+ final int ret = Os.poll(new StructPollfd[]{pollfd}, SOCKET_TIMEOUT_MS);
+
+ if (expectBlock) {
+ assertEquals("Expect not to receive a packet but received a packet", 0, ret);
+ } else {
+ assertEquals("Expect to receive a packet but did not receive a packet", 1, ret);
+ final byte[] recvData = new byte[sendData.length];
+ final int readSize = Os.read(dstUdpFd, recvData, 0 /* byteOffset */, recvData.length);
+ assertEquals(recvData.length, readSize);
+ MoreAsserts.assertEquals(sendData, recvData);
+ }
+ }
+
+ private void checkBlockIncomingPacket(
+ final FileDescriptor srcTunFd,
+ final FileDescriptor dstUdpFd,
+ final boolean expectBlock) throws Exception {
+ checkBlockUdp(srcTunFd, dstUdpFd, false /* ipv6 */, expectBlock);
+ checkBlockUdp(srcTunFd, dstUdpFd, true /* ipv6 */, expectBlock);
+ }
+
+ private class DetailedBlockedStatusCallback extends TestableNetworkCallback {
+ public void expectAvailableCallbacks(Network network) {
+ super.expectAvailableCallbacks(network, false /* suspended */, true /* validated */,
+ BLOCKED_REASON_NONE, NETWORK_CALLBACK_TIMEOUT_MS);
+ }
+ public void expectBlockedStatusCallback(Network network, int blockedStatus) {
+ super.expectBlockedStatusCallback(blockedStatus, network, NETWORK_CALLBACK_TIMEOUT_MS);
+ }
+ public void onBlockedStatusChanged(Network network, int blockedReasons) {
+ getHistory().add(new CallbackEntry.BlockedStatusInt(network, blockedReasons));
+ }
+ }
}
diff --git a/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/RemoteSocketFactoryService.java b/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/RemoteSocketFactoryService.java
index b1b7d77..fb6d16f 100644
--- a/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/RemoteSocketFactoryService.java
+++ b/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/RemoteSocketFactoryService.java
@@ -17,16 +17,17 @@
package com.android.cts.net.hostside.app2;
import android.app.Service;
-import android.content.Context;
import android.content.Intent;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
import android.os.Process;
-import android.util.Log;
import com.android.cts.net.hostside.IRemoteSocketFactory;
+import java.io.UncheckedIOException;
+import java.net.DatagramSocket;
import java.net.Socket;
+import java.net.SocketException;
public class RemoteSocketFactoryService extends Service {
@@ -54,6 +55,16 @@
public int getUid() {
return Process.myUid();
}
+
+ @Override
+ public ParcelFileDescriptor openDatagramSocketFd() {
+ try {
+ final DatagramSocket s = new DatagramSocket();
+ return ParcelFileDescriptor.fromDatagramSocket(s);
+ } catch (SocketException e) {
+ throw new UncheckedIOException(e);
+ }
+ }
};
@Override
diff --git a/tests/cts/hostside/app3/Android.bp b/tests/cts/hostside/app3/Android.bp
deleted file mode 100644
index 141cf03..0000000
--- a/tests/cts/hostside/app3/Android.bp
+++ /dev/null
@@ -1,54 +0,0 @@
-//
-// Copyright (C) 2022 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-
-package {
- default_applicable_licenses: ["Android-Apache-2.0"],
-}
-
-java_defaults {
- name: "CtsHostsideNetworkTestsApp3Defaults",
- srcs: ["src/**/*.java"],
- libs: [
- "junit",
- ],
- static_libs: [
- "ctstestrunner-axt",
- "truth-prebuilt",
- ],
-
- // Tag this module as a cts test artifact
- test_suites: [
- "cts",
- "general-tests",
- ],
-}
-
-android_test_helper_app {
- name: "CtsHostsideNetworkTestsApp3",
- defaults: [
- "cts_support_defaults",
- "CtsHostsideNetworkTestsApp3Defaults",
- ],
-}
-
-android_test_helper_app {
- name: "CtsHostsideNetworkTestsApp3PreT",
- target_sdk_version: "31",
- defaults: [
- "cts_support_defaults",
- "CtsHostsideNetworkTestsApp3Defaults",
- ],
-}
diff --git a/tests/cts/hostside/app3/AndroidManifest.xml b/tests/cts/hostside/app3/AndroidManifest.xml
deleted file mode 100644
index eabcacb..0000000
--- a/tests/cts/hostside/app3/AndroidManifest.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2022 The Android Open Source Project
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.net.hostside.app3">
-
- <application android:debuggable="true">
- <uses-library android:name="android.test.runner" />
- </application>
-
- <instrumentation
- android:name="androidx.test.runner.AndroidJUnitRunner"
- android:targetPackage="com.android.cts.net.hostside.app3" />
-
-</manifest>
diff --git a/tests/cts/hostside/app3/src/com/android/cts/net/hostside/app3/ExcludedRoutesGatingTest.java b/tests/cts/hostside/app3/src/com/android/cts/net/hostside/app3/ExcludedRoutesGatingTest.java
deleted file mode 100644
index a1a8209..0000000
--- a/tests/cts/hostside/app3/src/com/android/cts/net/hostside/app3/ExcludedRoutesGatingTest.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * Copyright (C) 2022 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.cts.net.hostside.app3;
-
-import static org.junit.Assert.assertEquals;
-
-import android.Manifest;
-import android.net.IpPrefix;
-import android.net.LinkProperties;
-import android.net.RouteInfo;
-
-import androidx.test.InstrumentationRegistry;
-import androidx.test.runner.AndroidJUnit4;
-
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-/**
- * Tests to verify {@link LinkProperties#getRoutes} behavior, depending on
- * {@LinkProperties#EXCLUDED_ROUTES} change state.
- */
-@RunWith(AndroidJUnit4.class)
-public class ExcludedRoutesGatingTest {
- @Before
- public void setUp() {
- InstrumentationRegistry.getInstrumentation().getUiAutomation()
- .adoptShellPermissionIdentity(Manifest.permission.LOG_COMPAT_CHANGE,
- Manifest.permission.READ_COMPAT_CHANGE_CONFIG);
- }
-
- @After
- public void tearDown() {
- InstrumentationRegistry.getInstrumentation().getUiAutomation()
- .dropShellPermissionIdentity();
- }
-
- @Test
- public void testExcludedRoutesChangeEnabled() {
- final LinkProperties lp = makeLinkPropertiesWithExcludedRoutes();
-
- // Excluded routes change is enabled: non-RTN_UNICAST routes are visible.
- assertEquals(2, lp.getRoutes().size());
- assertEquals(2, lp.getAllRoutes().size());
- }
-
- @Test
- public void testExcludedRoutesChangeDisabled() {
- final LinkProperties lp = makeLinkPropertiesWithExcludedRoutes();
-
- // Excluded routes change is disabled: non-RTN_UNICAST routes are filtered out.
- assertEquals(0, lp.getRoutes().size());
- assertEquals(0, lp.getAllRoutes().size());
- }
-
- private LinkProperties makeLinkPropertiesWithExcludedRoutes() {
- final LinkProperties lp = new LinkProperties();
-
- lp.addRoute(new RouteInfo(new IpPrefix("10.0.0.0/8"), null, null, RouteInfo.RTN_THROW));
- lp.addRoute(new RouteInfo(new IpPrefix("2001:db8::/64"), null, null,
- RouteInfo.RTN_UNREACHABLE));
-
- return lp;
- }
-}
diff --git a/tests/cts/hostside/src/com/android/cts/net/HostsideLinkPropertiesGatingTests.java b/tests/cts/hostside/src/com/android/cts/net/HostsideLinkPropertiesGatingTests.java
deleted file mode 100644
index 9a1fa42..0000000
--- a/tests/cts/hostside/src/com/android/cts/net/HostsideLinkPropertiesGatingTests.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (C) 2022 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.android.cts.net;
-
-import android.compat.cts.CompatChangeGatingTestCase;
-
-import java.util.Set;
-
-/**
- * Tests for the {@link android.net.LinkProperties#EXCLUDED_ROUTES} compatibility change.
- *
- * TODO: see if we can delete this cumbersome host test by moving the coverage to CtsNetTestCases
- * and CtsNetTestCasesMaxTargetSdk31.
- */
-public class HostsideLinkPropertiesGatingTests extends CompatChangeGatingTestCase {
- private static final String TEST_APK = "CtsHostsideNetworkTestsApp3.apk";
- private static final String TEST_APK_PRE_T = "CtsHostsideNetworkTestsApp3PreT.apk";
- private static final String TEST_PKG = "com.android.cts.net.hostside.app3";
- private static final String TEST_CLASS = ".ExcludedRoutesGatingTest";
-
- private static final long EXCLUDED_ROUTES_CHANGE_ID = 186082280;
-
- protected void tearDown() throws Exception {
- uninstallPackage(TEST_PKG, true);
- }
-
- public void testExcludedRoutesChangeEnabled() throws Exception {
- installPackage(TEST_APK, true);
- runDeviceCompatTest("testExcludedRoutesChangeEnabled");
- }
-
- public void testExcludedRoutesChangeDisabledPreT() throws Exception {
- installPackage(TEST_APK_PRE_T, true);
- runDeviceCompatTest("testExcludedRoutesChangeDisabled");
- }
-
- public void testExcludedRoutesChangeDisabledByOverrideOnDebugBuild() throws Exception {
- // Must install APK even when skipping test, because tearDown expects uninstall to succeed.
- installPackage(TEST_APK, true);
-
- // This test uses an app with a target SDK where the compat change is on by default.
- // Because user builds do not allow overriding compat changes, only run this test on debug
- // builds. This seems better than deleting this test and not running it anywhere because we
- // could in the future run this test on userdebug builds in presubmit.
- //
- // We cannot use assumeXyz here because CompatChangeGatingTestCase ultimately inherits from
- // junit.framework.TestCase, which does not understand assumption failures.
- if ("user".equals(getDevice().getProperty("ro.build.type"))) return;
-
- runDeviceCompatTestWithChangeDisabled("testExcludedRoutesChangeDisabled");
- }
-
- public void testExcludedRoutesChangeEnabledByOverridePreT() throws Exception {
- installPackage(TEST_APK_PRE_T, true);
- runDeviceCompatTestWithChangeEnabled("testExcludedRoutesChangeEnabled");
- }
-
- private void runDeviceCompatTest(String methodName) throws Exception {
- runDeviceCompatTest(TEST_PKG, TEST_CLASS, methodName, Set.of(), Set.of());
- }
-
- private void runDeviceCompatTestWithChangeEnabled(String methodName) throws Exception {
- runDeviceCompatTest(TEST_PKG, TEST_CLASS, methodName, Set.of(EXCLUDED_ROUTES_CHANGE_ID),
- Set.of());
- }
-
- private void runDeviceCompatTestWithChangeDisabled(String methodName) throws Exception {
- runDeviceCompatTest(TEST_PKG, TEST_CLASS, methodName, Set.of(),
- Set.of(EXCLUDED_ROUTES_CHANGE_ID));
- }
-}
diff --git a/tests/cts/hostside/src/com/android/cts/net/HostsideVpnTests.java b/tests/cts/hostside/src/com/android/cts/net/HostsideVpnTests.java
index 3821f87..4d90a4a 100644
--- a/tests/cts/hostside/src/com/android/cts/net/HostsideVpnTests.java
+++ b/tests/cts/hostside/src/com/android/cts/net/HostsideVpnTests.java
@@ -116,4 +116,8 @@
public void testInterleavedRoutes() throws Exception {
runDeviceTests(TEST_PKG, TEST_PKG + ".VpnTest", "testInterleavedRoutes");
}
+
+ public void testBlockIncomingPackets() throws Exception {
+ runDeviceTests(TEST_PKG, TEST_PKG + ".VpnTest", "testBlockIncomingPackets");
+ }
}
diff --git a/tests/cts/net/Android.bp b/tests/cts/net/Android.bp
index a6ed762..62f37bb 100644
--- a/tests/cts/net/Android.bp
+++ b/tests/cts/net/Android.bp
@@ -72,9 +72,9 @@
android_test {
name: "CtsNetTestCases",
defaults: ["CtsNetTestCasesDefaults", "ConnectivityNextEnableDefaults"],
- // TODO: CTS should not depend on the entirety of the networkstack code.
static_libs: [
- "NetworkStackApiCurrentLib",
+ "DhcpPacketLib",
+ "NetworkStackApiCurrentShims",
],
test_suites: [
"cts",
@@ -86,7 +86,8 @@
name: "CtsNetTestCasesApiStableDefaults",
// TODO: CTS should not depend on the entirety of the networkstack code.
static_libs: [
- "NetworkStackApiStableLib",
+ "DhcpPacketLib",
+ "NetworkStackApiStableShims",
],
jni_uses_sdk_apis: true,
min_sdk_version: "29",
@@ -98,10 +99,10 @@
android_test {
name: "CtsNetTestCasesLatestSdk",
defaults: [
+ "ConnectivityTestsLatestSdkDefaults",
"CtsNetTestCasesDefaults",
"CtsNetTestCasesApiStableDefaults",
],
- target_sdk_version: "33",
test_suites: [
"general-tests",
"mts-dnsresolver",
diff --git a/tests/cts/net/native/src/BpfCompatTest.cpp b/tests/cts/net/native/src/BpfCompatTest.cpp
index e52533b..5c02b0d 100644
--- a/tests/cts/net/native/src/BpfCompatTest.cpp
+++ b/tests/cts/net/native/src/BpfCompatTest.cpp
@@ -31,7 +31,10 @@
std::ifstream elfFile(elfPath, std::ios::in | std::ios::binary);
ASSERT_TRUE(elfFile.is_open());
- if (android::modules::sdklevel::IsAtLeastT()) {
+ if (android::modules::sdklevel::IsAtLeastU()) {
+ EXPECT_EQ(120, readSectionUint("size_of_bpf_map_def", elfFile, 0));
+ EXPECT_EQ(92, readSectionUint("size_of_bpf_prog_def", elfFile, 0));
+ } else if (android::modules::sdklevel::IsAtLeastT()) {
EXPECT_EQ(116, readSectionUint("size_of_bpf_map_def", elfFile, 0));
EXPECT_EQ(92, readSectionUint("size_of_bpf_prog_def", elfFile, 0));
} else {
@@ -47,8 +50,13 @@
}
TEST(BpfTest, bpfStructSizeTest) {
- doBpfStructSizeTest("/system/etc/bpf/gpu_mem.o");
- doBpfStructSizeTest("/system/etc/bpf/time_in_state.o");
+ if (android::modules::sdklevel::IsAtLeastU()) {
+ doBpfStructSizeTest("/system/etc/bpf/gpuMem.o");
+ doBpfStructSizeTest("/system/etc/bpf/timeInState.o");
+ } else {
+ doBpfStructSizeTest("/system/etc/bpf/gpu_mem.o");
+ doBpfStructSizeTest("/system/etc/bpf/time_in_state.o");
+ }
}
int main(int argc, char **argv) {
diff --git a/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt b/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt
index 1b77d5f..aad8804 100644
--- a/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt
+++ b/tests/cts/net/src/android/net/cts/CaptivePortalTest.kt
@@ -37,9 +37,8 @@
import android.net.cts.NetworkValidationTestUtil.setHttpsUrlDeviceConfig
import android.net.cts.NetworkValidationTestUtil.setUrlExpirationDeviceConfig
import android.net.cts.util.CtsNetUtils
-import android.net.util.NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL
-import android.net.util.NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL
-import android.os.Build
+import com.android.net.module.util.NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTPS_URL
+import com.android.net.module.util.NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTP_URL
import android.platform.test.annotations.AppModeFull
import android.provider.DeviceConfig
import android.provider.DeviceConfig.NAMESPACE_CONNECTIVITY
@@ -47,11 +46,11 @@
import android.util.Log
import androidx.test.platform.app.InstrumentationRegistry.getInstrumentation
import androidx.test.runner.AndroidJUnit4
+import com.android.modules.utils.build.SdkLevel.isAtLeastR
import com.android.testutils.RecorderCallback
import com.android.testutils.TestHttpServer
import com.android.testutils.TestHttpServer.Request
import com.android.testutils.TestableNetworkCallback
-import com.android.testutils.isDevSdkInRange
import com.android.testutils.runAsShell
import fi.iki.elonen.NanoHTTPD.Response.Status
import junit.framework.AssertionFailedError
@@ -196,8 +195,8 @@
assertNotEquals(network, cm.activeNetwork, wifiDefaultMessage)
val startPortalAppPermission =
- if (isDevSdkInRange(0, Build.VERSION_CODES.Q)) CONNECTIVITY_INTERNAL
- else NETWORK_SETTINGS
+ if (isAtLeastR()) NETWORK_SETTINGS
+ else CONNECTIVITY_INTERNAL
runAsShell(startPortalAppPermission) { cm.startCaptivePortalApp(network) }
// Expect the portal content to be fetched at some point after detecting the portal.
diff --git a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
index 766d62f..64238b3 100644
--- a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
@@ -37,9 +37,14 @@
import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.net.ConnectivityManager.EXTRA_NETWORK;
import static android.net.ConnectivityManager.EXTRA_NETWORK_REQUEST;
+import static android.net.ConnectivityManager.FIREWALL_CHAIN_DOZABLE;
+import static android.net.ConnectivityManager.FIREWALL_CHAIN_LOW_POWER_STANDBY;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_1;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_2;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_OEM_DENY_3;
+import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
+import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
+import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
import static android.net.ConnectivityManager.FIREWALL_RULE_ALLOW;
import static android.net.ConnectivityManager.FIREWALL_RULE_DENY;
import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE;
@@ -75,8 +80,6 @@
import static android.net.cts.util.CtsNetUtils.TEST_HOST;
import static android.net.cts.util.CtsNetUtils.TestNetworkCallback;
import static android.net.cts.util.CtsTetheringUtils.TestTetheringEventCallback;
-import static android.net.util.NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL;
-import static android.net.util.NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL;
import static android.os.MessageQueue.OnFileDescriptorEventListener.EVENT_INPUT;
import static android.os.Process.INVALID_UID;
import static android.provider.Settings.Global.NETWORK_METERED_MULTIPATH_PREFERENCE;
@@ -88,6 +91,8 @@
import static com.android.compatibility.common.util.SystemUtil.runShellCommand;
import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
import static com.android.modules.utils.build.SdkLevel.isAtLeastS;
+import static com.android.net.module.util.NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTPS_URL;
+import static com.android.net.module.util.NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTP_URL;
import static com.android.networkstack.apishim.ConstantsShim.BLOCKED_REASON_LOCKDOWN_VPN;
import static com.android.networkstack.apishim.ConstantsShim.BLOCKED_REASON_NONE;
import static com.android.testutils.Cleanup.testAndCleanup;
@@ -186,7 +191,6 @@
import com.android.testutils.CompatUtil;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
-import com.android.testutils.DevSdkIgnoreRuleKt;
import com.android.testutils.DeviceInfoUtils;
import com.android.testutils.DumpTestUtils;
import com.android.testutils.RecorderCallback.CallbackEntry;
@@ -331,11 +335,10 @@
mCtsNetUtils = new CtsNetUtils(mContext);
mTm = mContext.getSystemService(TelephonyManager.class);
- if (DevSdkIgnoreRuleKt.isDevSdkInRange(null /* minExclusive */,
- Build.VERSION_CODES.R /* maxInclusive */)) {
- addLegacySupportedNetworkTypes();
- } else {
+ if (isAtLeastS()) {
addSupportedNetworkTypes();
+ } else {
+ addLegacySupportedNetworkTypes();
}
mUiAutomation = mInstrumentation.getUiAutomation();
@@ -2092,25 +2095,15 @@
try {
// Verify we cannot set Airplane Mode without correct permission:
- try {
- setAndVerifyAirplaneMode(true);
- fail("SecurityException should have been thrown when setAirplaneMode was called"
- + "without holding permission NETWORK_AIRPLANE_MODE.");
- } catch (SecurityException expected) {}
+ assertThrows(SecurityException.class, () -> setAndVerifyAirplaneMode(true));
// disable airplane mode again to reach a known state
runShellCommand("cmd connectivity airplane-mode disable");
- // adopt shell permission which holds NETWORK_AIRPLANE_MODE
- mUiAutomation.adoptShellPermissionIdentity();
+ // Verify we can enable Airplane Mode with correct permission.
+ // TODO: test that NETWORK_AIRPLANE_MODE works as well, once the shell has it.
+ runAsShell(NETWORK_SETTINGS, () -> setAndVerifyAirplaneMode(true));
- // Verify we can enable Airplane Mode with correct permission:
- try {
- setAndVerifyAirplaneMode(true);
- } catch (SecurityException e) {
- fail("SecurityException should not have been thrown when setAirplaneMode(true) was"
- + "called whilst holding the NETWORK_AIRPLANE_MODE permission.");
- }
// Verify that the enabling airplane mode takes effect as expected to prevent flakiness
// caused by fast airplane mode switches. Ensure network lost before turning off
// airplane mode.
@@ -2118,12 +2111,8 @@
if (supportTelephony) waitForLost(telephonyCb);
// Verify we can disable Airplane Mode with correct permission:
- try {
- setAndVerifyAirplaneMode(false);
- } catch (SecurityException e) {
- fail("SecurityException should not have been thrown when setAirplaneMode(false) was"
- + "called whilst holding the NETWORK_AIRPLANE_MODE permission.");
- }
+ runAsShell(NETWORK_SETTINGS, () -> setAndVerifyAirplaneMode(false));
+
// Verify that turning airplane mode off takes effect as expected.
// connectToCell only registers a request, it cannot / does not need to be called twice
mCtsNetUtils.ensureWifiConnected();
@@ -2133,7 +2122,6 @@
// Restore the previous state of airplane mode and permissions:
runShellCommand("cmd connectivity airplane-mode "
+ (isAirplaneModeEnabled ? "enable" : "disable"));
- mUiAutomation.dropShellPermissionIdentity();
}
}
@@ -2500,13 +2488,11 @@
final CtsTetheringUtils tetherUtils = new CtsTetheringUtils(mContext);
try {
tetherEventCallback = tetherUtils.registerTetheringEventCallback();
- // Adopt for NETWORK_SETTINGS permission.
- mUiAutomation.adoptShellPermissionIdentity();
// start tethering
tetherEventCallback.assumeWifiTetheringSupported(mContext);
tetherUtils.startWifiTethering(tetherEventCallback);
// Update setting to verify the behavior.
- mCm.setAirplaneMode(true);
+ setAirplaneMode(true);
ConnectivitySettingsManager.setPrivateDnsMode(mContext,
ConnectivitySettingsManager.PRIVATE_DNS_MODE_OFF);
ConnectivitySettingsManager.setNetworkAvoidBadWifi(mContext,
@@ -2514,7 +2500,7 @@
assertEquals(AIRPLANE_MODE_ON, Settings.Global.getInt(
mContext.getContentResolver(), Settings.Global.AIRPLANE_MODE_ON));
// Verify factoryReset
- mCm.factoryReset();
+ runAsShell(NETWORK_SETTINGS, () -> mCm.factoryReset());
verifySettings(AIRPLANE_MODE_OFF,
ConnectivitySettingsManager.PRIVATE_DNS_MODE_OPPORTUNISTIC,
ConnectivitySettingsManager.NETWORK_AVOID_BAD_WIFI_PROMPT);
@@ -2522,17 +2508,20 @@
tetherEventCallback.expectNoTetheringActive();
} finally {
// Restore settings.
- mCm.setAirplaneMode(false);
+ setAirplaneMode(false);
ConnectivitySettingsManager.setNetworkAvoidBadWifi(mContext, curAvoidBadWifi);
ConnectivitySettingsManager.setPrivateDnsMode(mContext, curPrivateDnsMode);
if (tetherEventCallback != null) {
tetherUtils.unregisterTetheringEventCallback(tetherEventCallback);
}
tetherUtils.stopAllTethering();
- mUiAutomation.dropShellPermissionIdentity();
}
}
+ private void setAirplaneMode(boolean enable) {
+ runAsShell(NETWORK_SETTINGS, () -> mCm.setAirplaneMode(enable));
+ }
+
/**
* Verify that {@link ConnectivityManager#setProfileNetworkPreference} cannot be called
* without required NETWORK_STACK permissions.
@@ -3313,84 +3302,76 @@
private static final boolean EXPECT_PASS = false;
private static final boolean EXPECT_BLOCK = true;
+ private static final boolean ALLOWLIST = true;
+ private static final boolean DENYLIST = false;
- private void doTestFirewallBlockingDenyRule(final int chain) {
+ private void doTestFirewallBlocking(final int chain, final boolean isAllowList) {
+ final int myUid = Process.myUid();
+ final int ruleToAddMatch = isAllowList ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY;
+ final int ruleToRemoveMatch = isAllowList ? FIREWALL_RULE_DENY : FIREWALL_RULE_ALLOW;
+
runWithShellPermissionIdentity(() -> {
- try (DatagramSocket srcSock = new DatagramSocket();
- DatagramSocket dstSock = new DatagramSocket()) {
+ // Firewall chain status will be restored after the test.
+ final boolean wasChainEnabled = mCm.getFirewallChainEnabled(chain);
+ final DatagramSocket srcSock = new DatagramSocket();
+ final DatagramSocket dstSock = new DatagramSocket();
+ testAndCleanup(() -> {
+ if (wasChainEnabled) {
+ mCm.setFirewallChainEnabled(chain, false /* enable */);
+ }
dstSock.setSoTimeout(SOCKET_TIMEOUT_MS);
- // No global config, No uid config
+ // Chain disabled, UID not on chain.
checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
- // Has global config, No uid config
+ // Chain enabled, UID not on chain.
mCm.setFirewallChainEnabled(chain, true /* enable */);
- checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
+ assertTrue(mCm.getFirewallChainEnabled(chain));
+ checkFirewallBlocking(srcSock, dstSock, isAllowList ? EXPECT_BLOCK : EXPECT_PASS);
- // Has global config, Has uid config
- mCm.setUidFirewallRule(chain, Process.myUid(), FIREWALL_RULE_DENY);
- checkFirewallBlocking(srcSock, dstSock, EXPECT_BLOCK);
+ // Chain enabled, UID on chain.
+ mCm.setUidFirewallRule(chain, myUid, ruleToAddMatch);
+ checkFirewallBlocking(srcSock, dstSock, isAllowList ? EXPECT_PASS : EXPECT_BLOCK);
- // No global config, Has uid config
+ // Chain disabled, UID on chain.
mCm.setFirewallChainEnabled(chain, false /* enable */);
+ assertFalse(mCm.getFirewallChainEnabled(chain));
checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
- // No global config, No uid config
- mCm.setUidFirewallRule(chain, Process.myUid(), FIREWALL_RULE_ALLOW);
+ // Chain disabled, UID not on chain.
+ mCm.setUidFirewallRule(chain, myUid, ruleToRemoveMatch);
checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
- } finally {
- mCm.setFirewallChainEnabled(chain, false /* enable */);
- mCm.setUidFirewallRule(chain, Process.myUid(), FIREWALL_RULE_ALLOW);
- }
- }, NETWORK_SETTINGS);
- }
-
- private void doTestFirewallBlockingAllowRule(final int chain) {
- runWithShellPermissionIdentity(() -> {
- try (DatagramSocket srcSock = new DatagramSocket();
- DatagramSocket dstSock = new DatagramSocket()) {
- dstSock.setSoTimeout(SOCKET_TIMEOUT_MS);
-
- // No global config, No uid config
- checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
-
- // Has global config, No uid config
- mCm.setFirewallChainEnabled(chain, true /* enable */);
- checkFirewallBlocking(srcSock, dstSock, EXPECT_BLOCK);
-
- // Has global config, Has uid config
- mCm.setUidFirewallRule(chain, Process.myUid(), FIREWALL_RULE_ALLOW);
- checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
-
- // No global config, Has uid config
- mCm.setFirewallChainEnabled(chain, false /* enable */);
- checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
-
- // No global config, No uid config
- mCm.setUidFirewallRule(chain, Process.myUid(), FIREWALL_RULE_DENY);
- checkFirewallBlocking(srcSock, dstSock, EXPECT_PASS);
- } finally {
- mCm.setFirewallChainEnabled(chain, false /* enable */);
- mCm.setUidFirewallRule(chain, Process.myUid(), FIREWALL_RULE_DENY);
- }
+ }, /* cleanup */ () -> {
+ srcSock.close();
+ dstSock.close();
+ }, /* cleanup */ () -> {
+ // Restore the global chain status
+ mCm.setFirewallChainEnabled(chain, wasChainEnabled);
+ }, /* cleanup */ () -> {
+ try {
+ mCm.setUidFirewallRule(chain, myUid, ruleToRemoveMatch);
+ } catch (IllegalStateException ignored) {
+ // Removing match causes an exception when the rule entry for the uid does
+ // not exist. But this is fine and can be ignored.
+ }
+ });
}, NETWORK_SETTINGS);
}
@Test @IgnoreUpTo(SC_V2)
@AppModeFull(reason = "Socket cannot bind in instant app mode")
public void testFirewallBlocking() {
- // Following tests affect the actual state of networking on the device after the test.
- // This might cause unexpected behaviour of the device. So, we skip them for now.
- // We will enable following tests after adding the logic of firewall state restoring.
- // doTestFirewallBlockingAllowRule(FIREWALL_CHAIN_DOZABLE);
- // doTestFirewallBlockingAllowRule(FIREWALL_CHAIN_POWERSAVE);
- // doTestFirewallBlockingAllowRule(FIREWALL_CHAIN_RESTRICTED);
- // doTestFirewallBlockingAllowRule(FIREWALL_CHAIN_LOW_POWER_STANDBY);
+ // ALLOWLIST means the firewall denies all by default, uids must be explicitly allowed
+ doTestFirewallBlocking(FIREWALL_CHAIN_DOZABLE, ALLOWLIST);
+ doTestFirewallBlocking(FIREWALL_CHAIN_POWERSAVE, ALLOWLIST);
+ doTestFirewallBlocking(FIREWALL_CHAIN_RESTRICTED, ALLOWLIST);
+ doTestFirewallBlocking(FIREWALL_CHAIN_LOW_POWER_STANDBY, ALLOWLIST);
- // doTestFirewallBlockingDenyRule(FIREWALL_CHAIN_STANDBY);
- doTestFirewallBlockingDenyRule(FIREWALL_CHAIN_OEM_DENY_1);
- doTestFirewallBlockingDenyRule(FIREWALL_CHAIN_OEM_DENY_2);
- doTestFirewallBlockingDenyRule(FIREWALL_CHAIN_OEM_DENY_3);
+ // DENYLIST means the firewall allows all by default, uids must be explicitly denyed
+ doTestFirewallBlocking(FIREWALL_CHAIN_STANDBY, DENYLIST);
+ doTestFirewallBlocking(FIREWALL_CHAIN_OEM_DENY_1, DENYLIST);
+ doTestFirewallBlocking(FIREWALL_CHAIN_OEM_DENY_2, DENYLIST);
+ doTestFirewallBlocking(FIREWALL_CHAIN_OEM_DENY_3, DENYLIST);
}
private void assumeTestSApis() {
diff --git a/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt b/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt
index 621b743..b68d3bf 100644
--- a/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt
+++ b/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt
@@ -27,6 +27,8 @@
import android.net.IpPrefix
import android.net.LinkAddress
import android.net.LinkProperties
+import android.net.Network
+import android.net.MacAddress
import android.net.NetworkAgent
import android.net.NetworkAgent.DSCP_POLICY_STATUS_DELETED
import android.net.NetworkAgent.DSCP_POLICY_STATUS_SUCCESS
@@ -45,10 +47,13 @@
import android.net.TestNetworkManager
import android.net.RouteInfo
import android.os.HandlerThread
+import android.os.SystemClock
import android.platform.test.annotations.AppModeFull
+import android.system.ErrnoException
import android.system.Os
import android.system.OsConstants.AF_INET
import android.system.OsConstants.AF_INET6
+import android.system.OsConstants.ENETUNREACH
import android.system.OsConstants.IPPROTO_UDP
import android.system.OsConstants.SOCK_DGRAM
import android.system.OsConstants.SOCK_NONBLOCK
@@ -56,9 +61,15 @@
import android.util.Range
import androidx.test.InstrumentationRegistry
import androidx.test.runner.AndroidJUnit4
+import com.android.net.module.util.NetworkStackConstants.ETHER_TYPE_IPV4
+import com.android.net.module.util.NetworkStackConstants.ETHER_TYPE_IPV6
+import com.android.net.module.util.Struct
+import com.android.net.module.util.structs.EthernetHeader
+import com.android.testutils.ArpResponder
import com.android.testutils.CompatUtil
import com.android.testutils.DevSdkIgnoreRule
import com.android.testutils.assertParcelingIsLossless
+import com.android.testutils.RouterAdvertisementResponder
import com.android.testutils.runAsShell
import com.android.testutils.SC_V2
import com.android.testutils.TapPacketReader
@@ -74,7 +85,7 @@
import org.junit.runner.RunWith
import java.net.Inet4Address
import java.net.Inet6Address
-import java.net.InetAddress
+import java.net.InetSocketAddress
import java.nio.ByteBuffer
import java.nio.ByteOrder
import java.util.regex.Pattern
@@ -103,10 +114,12 @@
private val LOCAL_IPV4_ADDRESS = InetAddresses.parseNumericAddress("192.0.2.1")
private val TEST_TARGET_IPV4_ADDR =
- InetAddresses.parseNumericAddress("8.8.8.8") as Inet4Address
- private val LOCAL_IPV6_ADDRESS = InetAddresses.parseNumericAddress("2001:db8::1")
+ InetAddresses.parseNumericAddress("203.0.113.1") as Inet4Address
private val TEST_TARGET_IPV6_ADDR =
- InetAddresses.parseNumericAddress("2001:4860:4860::8888") as Inet6Address
+ InetAddresses.parseNumericAddress("2001:4860:4860::8888") as Inet6Address
+ private val TEST_ROUTER_IPV6_ADDR =
+ InetAddresses.parseNumericAddress("fe80::1234") as Inet6Address
+ private val TEST_TARGET_MAC_ADDR = MacAddress.fromString("12:34:56:78:9a:bc")
private val realContext = InstrumentationRegistry.getContext()
private val cm = realContext.getSystemService(ConnectivityManager::class.java)
@@ -116,9 +129,12 @@
private val handlerThread = HandlerThread(DscpPolicyTest::class.java.simpleName)
+ private lateinit var srcAddressV6: Inet6Address
private lateinit var iface: TestNetworkInterface
private lateinit var tunNetworkCallback: TestNetworkCallback
private lateinit var reader: TapPacketReader
+ private lateinit var arpResponder: ArpResponder
+ private lateinit var raResponder: RouterAdvertisementResponder
private fun getKernelVersion(): IntArray {
// Example:
@@ -129,6 +145,7 @@
return intArrayOf(Integer.parseInt(m.group(1)), Integer.parseInt(m.group(2)))
}
+ // TODO: replace with DeviceInfoUtils#isKernelVersionAtLeast
private fun kernelIsAtLeast(major: Int, minor: Int): Boolean {
val version = getKernelVersion()
return (version.get(0) > major || (version.get(0) == major && version.get(1) >= minor))
@@ -142,9 +159,10 @@
runAsShell(MANAGE_TEST_NETWORKS) {
val tnm = realContext.getSystemService(TestNetworkManager::class.java)
- iface = tnm.createTunInterface(arrayOf(
- LinkAddress(LOCAL_IPV4_ADDRESS, IP4_PREFIX_LEN),
- LinkAddress(LOCAL_IPV6_ADDRESS, IP6_PREFIX_LEN)))
+ // Only statically configure the IPv4 address; for IPv6, use the SLAAC generated
+ // address.
+ iface = tnm.createTapInterface(true /* disableIpv6ProvisioningDelay */,
+ arrayOf(LinkAddress(LOCAL_IPV4_ADDRESS, IP4_PREFIX_LEN)))
assertNotNull(iface)
}
@@ -154,21 +172,30 @@
iface.fileDescriptor.fileDescriptor,
MAX_PACKET_LENGTH)
reader.startAsyncForTest()
+
+ arpResponder = ArpResponder(reader, mapOf(TEST_TARGET_IPV4_ADDR to TEST_TARGET_MAC_ADDR))
+ arpResponder.start()
+ raResponder = RouterAdvertisementResponder(reader)
+ raResponder.addRouterEntry(TEST_TARGET_MAC_ADDR, TEST_ROUTER_IPV6_ADDR)
+ raResponder.start()
}
@After
fun tearDown() {
if (!kernelIsAtLeast(5, 15)) {
- return;
+ return
}
+ raResponder.stop()
+ arpResponder.stop()
+
agentsToCleanUp.forEach { it.unregister() }
callbacksToCleanUp.forEach { cm.unregisterNetworkCallback(it) }
// reader.stop() cleans up tun fd
reader.handler.post { reader.stop() }
- if (iface.fileDescriptor.fileDescriptor != null)
- Os.close(iface.fileDescriptor.fileDescriptor)
+ // quitSafely processes all events in the queue, except delayed messages.
handlerThread.quitSafely()
+ handlerThread.join()
}
private fun requestNetwork(request: NetworkRequest, callback: TestableNetworkCallback) {
@@ -189,6 +216,39 @@
.build()
}
+ private fun waitForGlobalIpv6Address(network: Network): Inet6Address {
+ // Wait for global IPv6 address to be available
+ val sock = Os.socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)
+ network.bindSocket(sock)
+
+ var inet6Addr: Inet6Address? = null
+ val timeout = SystemClock.elapsedRealtime() + PACKET_TIMEOUT_MS
+ while (timeout > SystemClock.elapsedRealtime()) {
+ try {
+ // Pick any arbitrary port
+ Os.connect(sock, TEST_TARGET_IPV6_ADDR, 12345)
+ val sockAddr = Os.getsockname(sock) as InetSocketAddress
+
+ // TODO: make RouterAdvertisementResponder.SLAAC_PREFIX public and use it here,
+ // or make it configurable and configure it here.
+ if (IpPrefix("2001:db8::/64").contains(sockAddr.address)) {
+ inet6Addr = sockAddr.address as Inet6Address
+ break
+ }
+ } catch (e: ErrnoException) {
+ // ignore ENETUNREACH -- there may not be an address available yet.
+ if (e.errno != ENETUNREACH) {
+ Os.close(sock)
+ throw e
+ }
+ }
+ SystemClock.sleep(10 /* ms */)
+ }
+ Os.close(sock)
+ assertNotNull(inet6Addr)
+ return inet6Addr!!
+ }
+
private fun createConnectedNetworkAgent(
context: Context = realContext,
specifier: String? = iface.getInterfaceName()
@@ -211,9 +271,8 @@
}
val lp = LinkProperties().apply {
addLinkAddress(LinkAddress(LOCAL_IPV4_ADDRESS, IP4_PREFIX_LEN))
- addLinkAddress(LinkAddress(LOCAL_IPV6_ADDRESS, IP6_PREFIX_LEN))
addRoute(RouteInfo(IpPrefix("0.0.0.0/0"), null, null))
- addRoute(RouteInfo(InetAddress.getByName("fe80::1234")))
+ addRoute(RouteInfo(IpPrefix("::/0"), TEST_ROUTER_IPV6_ADDR))
setInterfaceName(specifier)
}
val config = NetworkAgentConfig.Builder().build()
@@ -226,7 +285,9 @@
agent.expectCallback<OnNetworkCreated>()
agent.expectSignalStrengths(intArrayOf())
agent.expectValidationBypassedStatus()
+
val network = agent.network ?: fail("Expected a non-null network")
+ srcAddressV6 = waitForGlobalIpv6Address(network)
return agent to callback
}
@@ -237,7 +298,7 @@
fun sendPacket(
agent: TestableNetworkAgent,
sendV6: Boolean,
- dstPort: Int = 0,
+ dstPort: Int = 0
) {
val testString = "test string"
val testPacket = ByteBuffer.wrap(testString.toByteArray(Charsets.UTF_8))
@@ -249,11 +310,11 @@
val originalPacket = testPacket.readAsArray()
Os.sendto(socket, originalPacket, 0 /* bytesOffset */, originalPacket.size, 0 /* flags */,
- if(sendV6) TEST_TARGET_IPV6_ADDR else TEST_TARGET_IPV4_ADDR, dstPort)
+ if (sendV6) TEST_TARGET_IPV6_ADDR else TEST_TARGET_IPV4_ADDR, dstPort)
Os.close(socket)
}
- fun parseV4PacketDscp(buffer : ByteBuffer) : Int {
+ fun parseV4PacketDscp(buffer: ByteBuffer): Int {
val ip_ver = buffer.get()
val tos = buffer.get()
val length = buffer.getShort()
@@ -265,7 +326,7 @@
return tos.toInt().shr(2)
}
- fun parseV6PacketDscp(buffer : ByteBuffer) : Int {
+ fun parseV6PacketDscp(buffer: ByteBuffer): Int {
val ip_ver = buffer.get()
val tc = buffer.get()
val fl = buffer.getShort()
@@ -279,9 +340,9 @@
}
fun parsePacketIp(
- buffer : ByteBuffer,
- sendV6 : Boolean,
- ) : Boolean {
+ buffer: ByteBuffer,
+ sendV6: Boolean
+ ): Boolean {
val ipAddr = if (sendV6) ByteArray(16) else ByteArray(4)
buffer.get(ipAddr)
val srcIp = if (sendV6) Inet6Address.getByAddress(ipAddr)
@@ -292,20 +353,20 @@
Log.e(TAG, "IP Src:" + srcIp + " dst: " + dstIp)
- if ((sendV6 && srcIp == LOCAL_IPV6_ADDRESS && dstIp == TEST_TARGET_IPV6_ADDR) ||
+ if ((sendV6 && srcIp == srcAddressV6 && dstIp == TEST_TARGET_IPV6_ADDR) ||
(!sendV6 && srcIp == LOCAL_IPV4_ADDRESS && dstIp == TEST_TARGET_IPV4_ADDR)) {
- Log.e(TAG, "IP return true");
+ Log.e(TAG, "IP return true")
return true
}
- Log.e(TAG, "IP return false");
+ Log.e(TAG, "IP return false")
return false
}
fun parsePacketPort(
- buffer : ByteBuffer,
- srcPort : Int,
- dstPort : Int
- ) : Boolean {
+ buffer: ByteBuffer,
+ srcPort: Int,
+ dstPort: Int
+ ): Boolean {
if (srcPort == 0 && dstPort == 0) return true
val packetSrcPort = buffer.getShort().toInt()
@@ -315,26 +376,33 @@
if ((srcPort == 0 || (srcPort != 0 && srcPort == packetSrcPort)) &&
(dstPort == 0 || (dstPort != 0 && dstPort == packetDstPort))) {
- Log.e(TAG, "Port return true");
+ Log.e(TAG, "Port return true")
return true
}
- Log.e(TAG, "Port return false");
+ Log.e(TAG, "Port return false")
return false
}
fun validatePacket(
- agent : TestableNetworkAgent,
- sendV6 : Boolean = false,
- dscpValue : Int = 0,
- dstPort : Int = 0,
+ agent: TestableNetworkAgent,
+ sendV6: Boolean = false,
+ dscpValue: Int = 0,
+ dstPort: Int = 0
) {
- var packetFound = false;
+ var packetFound = false
sendPacket(agent, sendV6, dstPort)
// TODO: grab source port from socket in sendPacket
Log.e(TAG, "find DSCP value:" + dscpValue)
- generateSequence { reader.poll(PACKET_TIMEOUT_MS) }.forEach { packet ->
+ val packets = generateSequence { reader.poll(PACKET_TIMEOUT_MS) }
+ for (packet in packets) {
val buffer = ByteBuffer.wrap(packet, 0, packet.size).order(ByteOrder.BIG_ENDIAN)
+ // TODO: consider using Struct.parse for all packet parsing.
+ val etherHdr = Struct.parse(EthernetHeader::class.java, buffer)
+ val expectedType = if (sendV6) ETHER_TYPE_IPV6 else ETHER_TYPE_IPV4
+ if (etherHdr.etherType != expectedType) {
+ continue
+ }
val dscp = if (sendV6) parseV6PacketDscp(buffer) else parseV4PacketDscp(buffer)
Log.e(TAG, "DSCP value:" + dscp)
@@ -420,7 +488,7 @@
val policy2 = DscpPolicy.Builder(1, 4)
.setDestinationPortRange(Range(5555, 5555))
.setDestinationAddress(TEST_TARGET_IPV6_ADDR)
- .setSourceAddress(LOCAL_IPV6_ADDRESS)
+ .setSourceAddress(srcAddressV6)
.setProtocol(IPPROTO_UDP).build()
agent.sendAddDscpPolicy(policy2)
agent.expectCallback<OnDscpPolicyStatusUpdated>().let {
diff --git a/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt b/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
index 1748612..89b107e 100644
--- a/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
+++ b/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
@@ -21,6 +21,8 @@
import android.content.Context
import android.net.ConnectivityManager
import android.net.EthernetManager
+import android.net.EthernetManager.ETHERNET_STATE_DISABLED
+import android.net.EthernetManager.ETHERNET_STATE_ENABLED
import android.net.EthernetManager.InterfaceStateListener
import android.net.EthernetManager.ROLE_CLIENT
import android.net.EthernetManager.ROLE_NONE
@@ -35,15 +37,19 @@
import android.net.EthernetNetworkUpdateRequest
import android.net.InetAddresses
import android.net.IpConfiguration
+import android.net.LinkAddress
import android.net.MacAddress
import android.net.Network
import android.net.NetworkCapabilities
+import android.net.NetworkCapabilities.NET_CAPABILITY_TEMPORARILY_NOT_METERED
import android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED
import android.net.NetworkCapabilities.TRANSPORT_ETHERNET
import android.net.NetworkCapabilities.TRANSPORT_TEST
import android.net.NetworkRequest
+import android.net.StaticIpConfiguration
import android.net.TestNetworkInterface
import android.net.TestNetworkManager
+import android.net.cts.EthernetManagerTest.EthernetStateListener.CallbackEntry.EthernetStateChanged
import android.net.cts.EthernetManagerTest.EthernetStateListener.CallbackEntry.InterfaceStateChanged
import android.os.Build
import android.os.Handler
@@ -54,16 +60,17 @@
import androidx.test.platform.app.InstrumentationRegistry
import com.android.net.module.util.ArrayTrackRecord
import com.android.net.module.util.TrackRecord
-import com.android.testutils.anyNetwork
import com.android.testutils.ConnectivityModuleTest
-import com.android.testutils.DeviceInfoUtils.isKernelVersionAtLeast
import com.android.testutils.DevSdkIgnoreRule
import com.android.testutils.DevSdkIgnoreRunner
+import com.android.testutils.DeviceInfoUtils.isKernelVersionAtLeast
import com.android.testutils.RecorderCallback.CallbackEntry.Available
+import com.android.testutils.RecorderCallback.CallbackEntry.CapabilitiesChanged
import com.android.testutils.RecorderCallback.CallbackEntry.Lost
import com.android.testutils.RouterAdvertisementResponder
import com.android.testutils.TapPacketReader
import com.android.testutils.TestableNetworkCallback
+import com.android.testutils.anyNetwork
import com.android.testutils.runAsShell
import com.android.testutils.waitForIdle
import org.junit.After
@@ -74,8 +81,9 @@
import java.net.Inet6Address
import java.util.concurrent.CompletableFuture
import java.util.concurrent.ExecutionException
-import java.util.concurrent.TimeoutException
import java.util.concurrent.TimeUnit
+import java.util.concurrent.TimeoutException
+import java.util.function.IntConsumer
import kotlin.test.assertEquals
import kotlin.test.assertFailsWith
import kotlin.test.assertFalse
@@ -84,17 +92,25 @@
import kotlin.test.assertTrue
import kotlin.test.fail
+private const val TAG = "EthernetManagerTest"
// TODO: try to lower this timeout in the future. Currently, ethernet tests are still flaky because
// the interface is not ready fast enough (mostly due to the up / up / down / up issue).
private const val TIMEOUT_MS = 2000L
-private const val NO_CALLBACK_TIMEOUT_MS = 200L
+// Timeout used to confirm no callbacks matching given criteria are received. Must be long enough to
+// process all callbacks including ip provisioning when using the updateConfiguration API.
+private const val NO_CALLBACK_TIMEOUT_MS = 500L
+
private val DEFAULT_IP_CONFIGURATION = IpConfiguration(IpConfiguration.IpAssignment.DHCP,
- IpConfiguration.ProxySettings.NONE, null, null)
+ IpConfiguration.ProxySettings.NONE, null, null)
private val ETH_REQUEST: NetworkRequest = NetworkRequest.Builder()
- .addTransportType(TRANSPORT_TEST)
- .addTransportType(TRANSPORT_ETHERNET)
- .removeCapability(NET_CAPABILITY_TRUSTED)
- .build()
+ .addTransportType(TRANSPORT_TEST)
+ .addTransportType(TRANSPORT_ETHERNET)
+ .removeCapability(NET_CAPABILITY_TRUSTED)
+ .build()
+private val STATIC_IP_CONFIGURATION = IpConfiguration.Builder()
+ .setStaticIpConfiguration(StaticIpConfiguration.Builder()
+ .setIpAddress(LinkAddress("192.0.2.1/30")).build())
+ .build()
@AppModeFull(reason = "Instant apps can't access EthernetManager")
// EthernetManager is not updatable before T, so tests do not need to be backwards compatible.
@@ -161,7 +177,7 @@
private open class EthernetStateListener private constructor(
private val history: ArrayTrackRecord<CallbackEntry>
- ) : InterfaceStateListener,
+ ) : InterfaceStateListener, IntConsumer,
TrackRecord<EthernetStateListener.CallbackEntry> by history {
constructor() : this(ArrayTrackRecord())
@@ -174,6 +190,8 @@
val role: Int,
val configuration: IpConfiguration?
) : CallbackEntry()
+
+ data class EthernetStateChanged(val state: Int) : CallbackEntry()
}
override fun onInterfaceStateChanged(
@@ -185,6 +203,10 @@
add(InterfaceStateChanged(iface, state, role, cfg))
}
+ override fun accept(state: Int) {
+ add(EthernetStateChanged(state))
+ }
+
fun <T : CallbackEntry> expectCallback(expected: T): T {
val event = pollForNextCallback()
assertEquals(expected, event)
@@ -195,6 +217,10 @@
expectCallback(createChangeEvent(iface.name, state, role))
}
+ fun expectCallback(state: Int) {
+ expectCallback(EthernetStateChanged(state))
+ }
+
fun createChangeEvent(iface: String, state: Int, role: Int) =
InterfaceStateChanged(iface, state, role,
if (state != STATE_ABSENT) DEFAULT_IP_CONFIGURATION else null)
@@ -209,6 +235,10 @@
assertNotNull(eventuallyExpect(createChangeEvent(iface.name, state, role)))
}
+ fun eventuallyExpect(state: Int) {
+ assertNotNull(eventuallyExpect(EthernetStateChanged(state)))
+ }
+
fun assertNoCallback() {
val cb = events.poll(NO_CALLBACK_TIMEOUT_MS)
assertNull(cb, "Expected no callback but got $cb")
@@ -280,11 +310,17 @@
@After
fun tearDown() {
- setIncludeTestInterfaces(false)
+ // Reenable ethernet, so ABSENT callbacks are received.
+ setEthernetEnabled(true)
+
for (iface in createdIfaces) {
iface.destroy()
ifaceListener.eventuallyExpect(iface, STATE_ABSENT, ROLE_NONE)
}
+
+ // After test interfaces are removed, disable tracking.
+ setIncludeTestInterfaces(false)
+
for (listener in addedListeners) {
em.removeInterfaceStateListener(listener)
}
@@ -391,6 +427,19 @@
}
}
+ private fun setEthernetEnabled(enabled: Boolean) {
+ runAsShell(NETWORK_SETTINGS) { em.setEthernetEnabled(enabled) }
+
+ val listener = EthernetStateListener()
+ em.addEthernetStateListener(handler::post, listener)
+ try {
+ listener.eventuallyExpect(
+ if (enabled) ETHERNET_STATE_ENABLED else ETHERNET_STATE_DISABLED)
+ } finally {
+ em.removeEthernetStateListener(listener)
+ }
+ }
+
// NetworkRequest.Builder does not create a copy of the passed NetworkRequest, so in order to
// keep ETH_REQUEST as it is, a defensive copy is created here.
private fun NetworkRequest.createCopyWithEthernetSpecifier(ifaceName: String) =
@@ -399,7 +448,10 @@
// It can take multiple seconds for the network to become available.
private fun TestableNetworkCallback.expectAvailable() =
- expectCallback<Available>(anyNetwork(), 5000 /* ms timeout */).network
+ expectCallback<Available>(anyNetwork(), 5000 /* ms timeout */).network
+
+ private fun TestableNetworkCallback.expectLost(n: Network = anyNetwork()) =
+ expectCallback<Lost>(n, 5000 /* ms timeout */)
// b/233534110: eventuallyExpect<Lost>() does not advance ReadHead, use
// eventuallyExpect(Lost::class) instead.
@@ -407,7 +459,9 @@
eventuallyExpect(Lost::class, TIMEOUT_MS) { n?.equals(it.network) ?: true }
private fun TestableNetworkCallback.assertNeverLost(n: Network? = null) =
- assertNoCallbackThat() { it is Lost && (n?.equals(it.network) ?: true) }
+ assertNoCallbackThat(NO_CALLBACK_TIMEOUT_MS) {
+ it is Lost && (n?.equals(it.network) ?: true)
+ }
private fun TestableNetworkCallback.assertNeverAvailable(n: Network? = null) =
assertNoCallbackThat() { it is Available && (n?.equals(it.network) ?: true) }
@@ -417,6 +471,18 @@
it.networkSpecifier == EthernetNetworkSpecifier(name)
}
+ private fun TestableNetworkCallback.expectCapabilitiesWithCapability(cap: Int) =
+ expectCapabilitiesThat(anyNetwork(), TIMEOUT_MS) {
+ it.hasCapability(cap)
+ }
+
+ private fun TestableNetworkCallback.expectLinkPropertiesWithLinkAddress(addr: LinkAddress) =
+ expectLinkPropertiesThat(anyNetwork(), TIMEOUT_MS) {
+ // LinkAddress.equals isn't possible as the system changes the LinkAddress.flags value.
+ // any() must be used since the interface may also have a link-local address.
+ it.linkAddresses.any { x -> x.isSameAddressAs(addr) }
+ }
+
@Test
fun testCallbacks() {
// If an interface exists when the callback is registered, it is reported on registration.
@@ -681,4 +747,80 @@
releaseTetheredInterface()
listener.assertNoCallback()
}
+
+ @Test
+ fun testEnableDisableInterface_withActiveRequest() {
+ val iface = createInterface()
+ val cb = requestNetwork(ETH_REQUEST)
+ cb.expectAvailable()
+ cb.assertNeverLost()
+
+ disableInterface(iface).expectResult(iface.name)
+ cb.eventuallyExpectLost()
+
+ enableInterface(iface).expectResult(iface.name)
+ cb.expectAvailable()
+ }
+
+ @Test
+ fun testUpdateConfiguration_forBothIpConfigAndCapabilities() {
+ val iface = createInterface()
+ val cb = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface.name))
+ val network = cb.expectAvailable()
+ cb.assertNeverLost()
+
+ val testCapability = NET_CAPABILITY_TEMPORARILY_NOT_METERED
+ val nc = NetworkCapabilities
+ .Builder(ETH_REQUEST.networkCapabilities)
+ .addCapability(testCapability)
+ .build()
+ updateConfiguration(iface, STATIC_IP_CONFIGURATION, nc)
+
+ // UpdateConfiguration() currently does a restarts on the ethernet interface therefore lost
+ // will be expected first before available, as part of the restart.
+ cb.expectLost(network)
+ cb.expectAvailable()
+ cb.expectCapabilitiesWithCapability(testCapability)
+ cb.expectLinkPropertiesWithLinkAddress(
+ STATIC_IP_CONFIGURATION.staticIpConfiguration.ipAddress!!)
+ }
+
+ @Test
+ fun testUpdateConfiguration_forOnlyIpConfig() {
+ val iface: EthernetTestInterface = createInterface()
+ val cb = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface.name))
+ val network = cb.expectAvailable()
+ cb.assertNeverLost()
+
+ updateConfiguration(iface, STATIC_IP_CONFIGURATION)
+
+ // UpdateConfiguration() currently does a restarts on the ethernet interface therefore lost
+ // will be expected first before available, as part of the restart.
+ cb.expectLost(network)
+ cb.expectAvailable()
+ cb.expectCallback<CapabilitiesChanged>()
+ cb.expectLinkPropertiesWithLinkAddress(
+ STATIC_IP_CONFIGURATION.staticIpConfiguration.ipAddress!!)
+ }
+
+ @Test
+ fun testUpdateConfiguration_forOnlyCapabilities() {
+ val iface: EthernetTestInterface = createInterface()
+ val cb = requestNetwork(ETH_REQUEST.createCopyWithEthernetSpecifier(iface.name))
+ val network = cb.expectAvailable()
+ cb.assertNeverLost()
+
+ val testCapability = NET_CAPABILITY_TEMPORARILY_NOT_METERED
+ val nc = NetworkCapabilities
+ .Builder(ETH_REQUEST.networkCapabilities)
+ .addCapability(testCapability)
+ .build()
+ updateConfiguration(iface, capabilities = nc)
+
+ // UpdateConfiguration() currently does a restarts on the ethernet interface therefore lost
+ // will be expected first before available, as part of the restart.
+ cb.expectLost(network)
+ cb.expectAvailable()
+ cb.expectCapabilitiesWithCapability(testCapability)
+ }
}
diff --git a/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt b/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
index 462c8a3..375bfb8 100644
--- a/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
+++ b/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
@@ -17,9 +17,9 @@
package android.net.cts
import android.Manifest.permission.WRITE_DEVICE_CONFIG
-import android.net.util.NetworkStackUtils
import android.provider.DeviceConfig
import android.provider.DeviceConfig.NAMESPACE_CONNECTIVITY
+import com.android.net.module.util.NetworkStackConstants
import com.android.testutils.runAsShell
/**
@@ -35,41 +35,41 @@
@JvmStatic fun clearValidationTestUrlsDeviceConfig() {
runAsShell(WRITE_DEVICE_CONFIG) {
DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
- NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL, null, false)
+ NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTPS_URL, null, false)
DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
- NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL, null, false)
+ NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTP_URL, null, false)
DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
- NetworkStackUtils.TEST_URL_EXPIRATION_TIME, null, false)
+ NetworkStackConstants.TEST_URL_EXPIRATION_TIME, null, false)
}
}
/**
* Set the test validation HTTPS URL.
*
- * @see NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL
+ * @see NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTPS_URL
*/
@JvmStatic
fun setHttpsUrlDeviceConfig(rule: DeviceConfigRule, url: String?) =
rule.setConfig(NAMESPACE_CONNECTIVITY,
- NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTPS_URL, url)
+ NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTPS_URL, url)
/**
* Set the test validation HTTP URL.
*
- * @see NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL
+ * @see NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTP_URL
*/
@JvmStatic
fun setHttpUrlDeviceConfig(rule: DeviceConfigRule, url: String?) =
rule.setConfig(NAMESPACE_CONNECTIVITY,
- NetworkStackUtils.TEST_CAPTIVE_PORTAL_HTTP_URL, url)
+ NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTP_URL, url)
/**
* Set the test validation URL expiration.
*
- * @see NetworkStackUtils.TEST_URL_EXPIRATION_TIME
+ * @see NetworkStackConstants.TEST_URL_EXPIRATION_TIME
*/
@JvmStatic
fun setUrlExpirationDeviceConfig(rule: DeviceConfigRule, timestamp: Long?) =
rule.setConfig(NAMESPACE_CONNECTIVITY,
- NetworkStackUtils.TEST_URL_EXPIRATION_TIME, timestamp?.toString())
+ NetworkStackConstants.TEST_URL_EXPIRATION_TIME, timestamp?.toString())
}
diff --git a/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java b/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
index 8c5372d..d5e9c9e 100644
--- a/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
+++ b/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
@@ -16,12 +16,18 @@
package android.net.cts.util;
+import static android.Manifest.permission.ACCESS_NETWORK_STATE;
+import static android.Manifest.permission.ACCESS_WIFI_STATE;
+import static android.Manifest.permission.NETWORK_SETTINGS;
+import static android.Manifest.permission.TETHER_PRIVILEGED;
import static android.net.TetheringManager.TETHERING_WIFI;
import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR;
import static android.net.TetheringManager.TETHER_HARDWARE_OFFLOAD_FAILED;
import static android.net.TetheringManager.TETHER_HARDWARE_OFFLOAD_STARTED;
import static android.net.TetheringManager.TETHER_HARDWARE_OFFLOAD_STOPPED;
+import static com.android.testutils.TestPermissionUtil.runAsShell;
+
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -396,9 +402,14 @@
}
}
+ private static boolean isWifiEnabled(final WifiManager wm) {
+ return runAsShell(ACCESS_WIFI_STATE, () -> wm.isWifiEnabled());
+
+ }
+
private static void waitForWifiEnabled(final Context ctx) throws Exception {
WifiManager wm = ctx.getSystemService(WifiManager.class);
- if (wm.isWifiEnabled()) return;
+ if (isWifiEnabled(wm)) return;
final ConditionVariable mWaiting = new ConditionVariable();
final BroadcastReceiver receiver = new BroadcastReceiver() {
@@ -406,7 +417,7 @@
public void onReceive(Context context, Intent intent) {
String action = intent.getAction();
if (WifiManager.WIFI_STATE_CHANGED_ACTION.equals(action)) {
- if (wm.isWifiEnabled()) mWaiting.open();
+ if (isWifiEnabled(wm)) mWaiting.open();
}
}
};
@@ -414,7 +425,7 @@
ctx.registerReceiver(receiver, new IntentFilter(WifiManager.WIFI_STATE_CHANGED_ACTION));
if (!mWaiting.block(DEFAULT_TIMEOUT_MS)) {
assertTrue("Wifi did not become enabled after " + DEFAULT_TIMEOUT_MS + "ms",
- wm.isWifiEnabled());
+ isWifiEnabled(wm));
}
} finally {
ctx.unregisterReceiver(receiver);
@@ -425,14 +436,16 @@
final TestTetheringEventCallback tetherEventCallback =
new TestTetheringEventCallback();
- mTm.registerTetheringEventCallback(c -> c.run() /* executor */, tetherEventCallback);
- tetherEventCallback.expectCallbackStarted();
+ runAsShell(ACCESS_NETWORK_STATE, NETWORK_SETTINGS, () -> {
+ mTm.registerTetheringEventCallback(c -> c.run() /* executor */, tetherEventCallback);
+ tetherEventCallback.expectCallbackStarted();
+ });
return tetherEventCallback;
}
public void unregisterTetheringEventCallback(final TestTetheringEventCallback callback) {
- mTm.unregisterTetheringEventCallback(callback);
+ runAsShell(ACCESS_NETWORK_STATE, () -> mTm.unregisterTetheringEventCallback(callback));
}
private static List<String> getWifiTetherableInterfaceRegexps(
@@ -446,11 +459,11 @@
if (!pm.hasSystemFeature(PackageManager.FEATURE_WIFI)) return false;
final WifiManager wm = ctx.getSystemService(WifiManager.class);
// Wifi feature flags only work when wifi is on.
- final boolean previousWifiEnabledState = wm.isWifiEnabled();
+ final boolean previousWifiEnabledState = isWifiEnabled(wm);
try {
if (!previousWifiEnabledState) SystemUtil.runShellCommand("svc wifi enable");
waitForWifiEnabled(ctx);
- return wm.isPortableHotspotSupported();
+ return runAsShell(ACCESS_WIFI_STATE, () -> wm.isPortableHotspotSupported());
} finally {
if (!previousWifiEnabledState) SystemUtil.runShellCommand("svc wifi disable");
}
@@ -463,17 +476,20 @@
final StartTetheringCallback startTetheringCallback = new StartTetheringCallback();
final TetheringRequest request = new TetheringRequest.Builder(TETHERING_WIFI)
.setShouldShowEntitlementUi(false).build();
- mTm.startTethering(request, c -> c.run() /* executor */, startTetheringCallback);
- startTetheringCallback.verifyTetheringStarted();
- final TetheringInterface iface =
- callback.expectTetheredInterfacesChanged(wifiRegexs, TETHERING_WIFI);
+ return runAsShell(TETHER_PRIVILEGED, () -> {
+ mTm.startTethering(request, c -> c.run() /* executor */, startTetheringCallback);
+ startTetheringCallback.verifyTetheringStarted();
- callback.expectOneOfOffloadStatusChanged(
- TETHER_HARDWARE_OFFLOAD_STARTED,
- TETHER_HARDWARE_OFFLOAD_FAILED);
+ final TetheringInterface iface =
+ callback.expectTetheredInterfacesChanged(wifiRegexs, TETHERING_WIFI);
- return iface;
+ callback.expectOneOfOffloadStatusChanged(
+ TETHER_HARDWARE_OFFLOAD_STARTED,
+ TETHER_HARDWARE_OFFLOAD_FAILED);
+
+ return iface;
+ });
}
private static class StopSoftApCallback implements SoftApCallback {
@@ -501,23 +517,33 @@
public void expectSoftApDisabled() {
final StopSoftApCallback callback = new StopSoftApCallback();
try {
- mWm.registerSoftApCallback(c -> c.run(), callback);
+ runAsShell(NETWORK_SETTINGS, () -> mWm.registerSoftApCallback(c -> c.run(), callback));
// registerSoftApCallback will immediately call the callback with the current state, so
// this callback will fire even if softAp is already disabled.
callback.waitForSoftApStopped();
} finally {
- mWm.unregisterSoftApCallback(callback);
+ runAsShell(NETWORK_SETTINGS, () -> mWm.unregisterSoftApCallback(callback));
}
}
public void stopWifiTethering(final TestTetheringEventCallback callback) {
- mTm.stopTethering(TETHERING_WIFI);
+ runAsShell(TETHER_PRIVILEGED, () -> {
+ mTm.stopTethering(TETHERING_WIFI);
+ callback.expectNoTetheringActive();
+ callback.expectOneOfOffloadStatusChanged(TETHER_HARDWARE_OFFLOAD_STOPPED);
+ });
expectSoftApDisabled();
- callback.expectNoTetheringActive();
- callback.expectOneOfOffloadStatusChanged(TETHER_HARDWARE_OFFLOAD_STOPPED);
}
public void stopAllTethering() {
- mTm.stopAllTethering();
+ final TestTetheringEventCallback callback = registerTetheringEventCallback();
+ try {
+ runAsShell(TETHER_PRIVILEGED, () -> {
+ mTm.stopAllTethering();
+ callback.expectNoTetheringActive();
+ });
+ } finally {
+ unregisterTetheringEventCallback(callback);
+ }
}
}
diff --git a/tests/cts/tethering/Android.bp b/tests/cts/tethering/Android.bp
index 6096a8b..42949a4 100644
--- a/tests/cts/tethering/Android.bp
+++ b/tests/cts/tethering/Android.bp
@@ -53,10 +53,12 @@
// mainline modules on release devices.
android_test {
name: "CtsTetheringTestLatestSdk",
- defaults: ["CtsTetheringTestDefaults"],
+ defaults: [
+ "ConnectivityTestsLatestSdkDefaults",
+ "CtsTetheringTestDefaults",
+ ],
min_sdk_version: "30",
- target_sdk_version: "33",
static_libs: [
"TetheringIntegrationTestsLatestSdkLib",
diff --git a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
index bd1b74a..274596f 100644
--- a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
+++ b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
@@ -15,6 +15,8 @@
*/
package android.tethering.test;
+import static android.Manifest.permission.MODIFY_PHONE_STATE;
+import static android.Manifest.permission.TETHER_PRIVILEGED;
import static android.content.pm.PackageManager.FEATURE_TELEPHONY;
import static android.net.NetworkCapabilities.NET_CAPABILITY_DUN;
import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
@@ -28,6 +30,8 @@
import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR;
import static android.net.cts.util.CtsTetheringUtils.isAnyIfaceMatch;
+import static com.android.testutils.TestPermissionUtil.runAsShell;
+
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@@ -37,7 +41,6 @@
import static org.junit.Assume.assumeFalse;
import static org.junit.Assume.assumeTrue;
-import android.app.UiAutomation;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
@@ -97,21 +100,8 @@
private static final int DEFAULT_TIMEOUT_MS = 60_000;
- private void adoptShellPermissionIdentity() {
- final UiAutomation uiAutomation =
- InstrumentationRegistry.getInstrumentation().getUiAutomation();
- uiAutomation.adoptShellPermissionIdentity();
- }
-
- private void dropShellPermissionIdentity() {
- final UiAutomation uiAutomation =
- InstrumentationRegistry.getInstrumentation().getUiAutomation();
- uiAutomation.dropShellPermissionIdentity();
- }
-
@Before
public void setUp() throws Exception {
- adoptShellPermissionIdentity();
mContext = InstrumentationRegistry.getContext();
mCm = (ConnectivityManager) mContext.getSystemService(Context.CONNECTIVITY_SERVICE);
mTM = (TetheringManager) mContext.getSystemService(Context.TETHERING_SERVICE);
@@ -128,9 +118,8 @@
@After
public void tearDown() throws Exception {
- mTM.stopAllTethering();
+ mCtsTetheringUtils.stopAllTethering();
mContext.unregisterReceiver(mTetherChangeReceiver);
- dropShellPermissionIdentity();
}
private class TetherChangeReceiver extends BroadcastReceiver {
@@ -208,22 +197,19 @@
mCtsTetheringUtils.registerTetheringEventCallback();
try {
tetherEventCallback.assumeWifiTetheringSupported(mContext);
+ tetherEventCallback.expectNoTetheringActive();
+
+ final String[] wifiRegexs = mTM.getTetherableWifiRegexs();
+ mCtsTetheringUtils.startWifiTethering(tetherEventCallback);
+
+ mTetherChangeReceiver.expectTethering(true /* active */, wifiRegexs);
+
+ mCtsTetheringUtils.stopWifiTethering(tetherEventCallback);
+ mTetherChangeReceiver.expectTethering(false /* active */, wifiRegexs);
} finally {
mCtsTetheringUtils.unregisterTetheringEventCallback(tetherEventCallback);
}
- final String[] wifiRegexs = mTM.getTetherableWifiRegexs();
- final StartTetheringCallback startTetheringCallback = new StartTetheringCallback();
- final TetheringRequest request = new TetheringRequest.Builder(TETHERING_WIFI)
- .setShouldShowEntitlementUi(false).build();
- mTM.startTethering(request, c -> c.run() /* executor */, startTetheringCallback);
- startTetheringCallback.verifyTetheringStarted();
-
- mTetherChangeReceiver.expectTethering(true /* active */, wifiRegexs);
-
- mTM.stopTethering(TETHERING_WIFI);
- mCtsTetheringUtils.expectSoftApDisabled();
- mTetherChangeReceiver.expectTethering(false /* active */, wifiRegexs);
}
@Test
@@ -267,7 +253,7 @@
mCtsTetheringUtils.stopWifiTethering(tetherEventCallback);
try {
- final int ret = mTM.tether(wifiTetheringIface);
+ final int ret = runAsShell(TETHER_PRIVILEGED, () -> mTM.tether(wifiTetheringIface));
// There is no guarantee that the wifi interface will be available after disabling
// the hotspot, so don't fail the test if the call to tether() fails.
if (ret == TETHER_ERROR_NO_ERROR) {
@@ -277,7 +263,7 @@
new TetheringInterface(TETHERING_WIFI, wifiTetheringIface));
}
} finally {
- mTM.untether(wifiTetheringIface);
+ runAsShell(TETHER_PRIVILEGED, () -> mTM.untether(wifiTetheringIface));
}
} finally {
mCtsTetheringUtils.unregisterTetheringEventCallback(tetherEventCallback);
@@ -320,7 +306,7 @@
mCtsTetheringUtils.startWifiTethering(tetherEventCallback);
- mTM.stopAllTethering();
+ mCtsTetheringUtils.stopAllTethering();
tetherEventCallback.expectNoTetheringActive();
} finally {
mCtsTetheringUtils.unregisterTetheringEventCallback(tetherEventCallback);
@@ -329,7 +315,6 @@
@Test
public void testEnableTetheringPermission() throws Exception {
- dropShellPermissionIdentity();
final StartTetheringCallback startTetheringCallback = new StartTetheringCallback();
mTM.startTethering(new TetheringRequest.Builder(TETHERING_WIFI).build(),
c -> c.run() /* executor */, startTetheringCallback);
@@ -352,15 +337,21 @@
private void assertEntitlementResult(final Consumer<EntitlementResultListener> functor,
final int expect) throws Exception {
- final EntitlementResultListener listener = new EntitlementResultListener();
- functor.accept(listener);
+ runAsShell(TETHER_PRIVILEGED, () -> {
+ final EntitlementResultListener listener = new EntitlementResultListener();
+ functor.accept(listener);
- assertEquals(expect, listener.get(DEFAULT_TIMEOUT_MS, TimeUnit.MILLISECONDS));
+ assertEquals(expect, listener.get(DEFAULT_TIMEOUT_MS, TimeUnit.MILLISECONDS));
+ });
+ }
+
+ private boolean isTetheringSupported() {
+ return runAsShell(TETHER_PRIVILEGED, () -> mTM.isTetheringSupported());
}
@Test
public void testRequestLatestEntitlementResult() throws Exception {
- assumeTrue(mTM.isTetheringSupported());
+ assumeTrue(isTetheringSupported());
assumeTrue(mPm.hasSystemFeature(FEATURE_TELEPHONY));
// Verify that requestLatestTetheringEntitlementResult() can get entitlement
// result(TETHER_ERROR_ENTITLEMENT_UNKNOWN due to invalid downstream type) via listener.
@@ -407,7 +398,13 @@
final CarrierConfigManager configManager = (CarrierConfigManager) mContext
.getSystemService(Context.CARRIER_CONFIG_SERVICE);
final int subId = SubscriptionManager.getDefaultSubscriptionId();
- configManager.overrideConfig(subId, bundle);
+ runAsShell(MODIFY_PHONE_STATE, () -> configManager.overrideConfig(subId, bundle));
+ }
+
+ private boolean isTetheringApnRequired() {
+ final TelephonyManager tm = mContext.getSystemService(TelephonyManager.class);
+ return runAsShell(MODIFY_PHONE_STATE, () -> tm.isTetheringApnRequired());
+
}
@Test
@@ -447,10 +444,8 @@
mCtsTetheringUtils.startWifiTethering(tetherEventCallback);
- final TelephonyManager telephonyManager = (TelephonyManager) mContext.getSystemService(
- Context.TELEPHONY_SERVICE);
- final boolean dunRequired = telephonyManager.isTetheringApnRequired();
- final int expectedCap = dunRequired ? NET_CAPABILITY_DUN : NET_CAPABILITY_INTERNET;
+ final int expectedCap = isTetheringApnRequired()
+ ? NET_CAPABILITY_DUN : NET_CAPABILITY_INTERNET;
final Network network = tetherEventCallback.getCurrentValidUpstream();
final NetworkCapabilities netCap = mCm.getNetworkCapabilities(network);
assertTrue(netCap.hasTransport(TRANSPORT_CELLULAR));
diff --git a/tests/integration/Android.bp b/tests/integration/Android.bp
index b3684ac..e3d80a0 100644
--- a/tests/integration/Android.bp
+++ b/tests/integration/Android.bp
@@ -21,7 +21,7 @@
android_test {
name: "FrameworksNetIntegrationTests",
- defaults: ["framework-connectivity-test-defaults"],
+ defaults: ["framework-connectivity-internal-test-defaults"],
platform_apis: true,
certificate: "platform",
srcs: [
@@ -71,8 +71,12 @@
"net-tests-utils",
],
libs: [
- "service-connectivity-for-tests",
+ "service-connectivity-pre-jarjar",
"services.core",
"services.net",
],
+ visibility: [
+ "//packages/modules/Connectivity/tests/integration",
+ "//packages/modules/Connectivity/tests/unit",
+ ],
}
diff --git a/tests/mts/bpf_existence_test.cpp b/tests/mts/bpf_existence_test.cpp
index db39e6f..c7e8b97 100644
--- a/tests/mts/bpf_existence_test.cpp
+++ b/tests/mts/bpf_existence_test.cpp
@@ -31,15 +31,11 @@
using std::set;
using std::string;
+using android::bpf::isAtLeastKernelVersion;
using android::modules::sdklevel::IsAtLeastR;
using android::modules::sdklevel::IsAtLeastS;
using android::modules::sdklevel::IsAtLeastT;
-// Mainline development branches lack the constant for the current development OS.
-#ifndef __ANDROID_API_T__
-#define __ANDROID_API_T__ 33
-#endif
-
#define PLATFORM "/sys/fs/bpf/"
#define TETHERING "/sys/fs/bpf/tethering/"
#define PRIVATE "/sys/fs/bpf/net_private/"
@@ -49,7 +45,8 @@
class BpfExistenceTest : public ::testing::Test {
};
-static const set<string> INTRODUCED_R = {
+// Part of Android R platform, but mainlined in S
+static const set<string> PLATFORM_ONLY_IN_R = {
PLATFORM "map_offload_tether_ingress_map",
PLATFORM "map_offload_tether_limit_map",
PLATFORM "map_offload_tether_stats_map",
@@ -57,7 +54,8 @@
PLATFORM "prog_offload_schedcls_ingress_tether_rawip",
};
-static const set<string> INTRODUCED_S = {
+// Provided by *current* mainline module for S+ devices
+static const set<string> MAINLINE_FOR_S_PLUS = {
TETHERING "map_offload_tether_dev_map",
TETHERING "map_offload_tether_downstream4_map",
TETHERING "map_offload_tether_downstream64_map",
@@ -67,6 +65,7 @@
TETHERING "map_offload_tether_stats_map",
TETHERING "map_offload_tether_upstream4_map",
TETHERING "map_offload_tether_upstream6_map",
+ TETHERING "map_test_bitmap",
TETHERING "map_test_tether_downstream6_map",
TETHERING "prog_offload_schedcls_tether_downstream4_ether",
TETHERING "prog_offload_schedcls_tether_downstream4_rawip",
@@ -78,25 +77,19 @@
TETHERING "prog_offload_schedcls_tether_upstream6_rawip",
};
-static const set<string> REMOVED_S = {
- PLATFORM "map_offload_tether_ingress_map",
- PLATFORM "map_offload_tether_limit_map",
- PLATFORM "map_offload_tether_stats_map",
- PLATFORM "prog_offload_schedcls_ingress_tether_ether",
- PLATFORM "prog_offload_schedcls_ingress_tether_rawip",
+// Provided by *current* mainline module for S+ devices with 5.10+ kernels
+static const set<string> MAINLINE_FOR_S_5_10_PLUS = {
+ TETHERING "prog_test_xdp_drop_ipv4_udp_ether",
};
-static const set<string> INTRODUCED_T = {
+// Provided by *current* mainline module for T+ devices
+static const set<string> MAINLINE_FOR_T_PLUS = {
SHARED "map_block_blocked_ports_map",
SHARED "map_clatd_clat_egress4_map",
SHARED "map_clatd_clat_ingress6_map",
- SHARED "map_dscp_policy_ipv4_dscp_policies_map",
- SHARED "map_dscp_policy_ipv4_socket_to_policies_map_A",
- SHARED "map_dscp_policy_ipv4_socket_to_policies_map_B",
- SHARED "map_dscp_policy_ipv6_dscp_policies_map",
- SHARED "map_dscp_policy_ipv6_socket_to_policies_map_A",
- SHARED "map_dscp_policy_ipv6_socket_to_policies_map_B",
- SHARED "map_dscp_policy_switch_comp_map",
+ SHARED "map_dscpPolicy_ipv4_dscp_policies_map",
+ SHARED "map_dscpPolicy_ipv6_dscp_policies_map",
+ SHARED "map_dscpPolicy_socket_policy_cache_map",
NETD "map_netd_app_uid_stats_map",
NETD "map_netd_configuration_map",
NETD "map_netd_cookie_tag_map",
@@ -121,58 +114,46 @@
NETD "prog_netd_skfilter_ingress_xtbpf",
};
-static const set<string> INTRODUCED_T_5_4 = {
+// Provided by *current* mainline module for T+ devices with 5.4+ kernels
+static const set<string> MAINLINE_FOR_T_5_4_PLUS = {
SHARED "prog_block_bind4_block_port",
SHARED "prog_block_bind6_block_port",
- SHARED "prog_dscp_policy_schedcls_set_dscp_ether",
- SHARED "prog_dscp_policy_schedcls_set_dscp_raw_ip",
};
-static const set<string> REMOVED_T = {
+// Provided by *current* mainline module for T+ devices with 5.15+ kernels
+static const set<string> MAINLINE_FOR_T_5_15_PLUS = {
+ SHARED "prog_dscpPolicy_schedcls_set_dscp_ether",
};
void addAll(set<string>* a, const set<string>& b) {
a->insert(b.begin(), b.end());
}
-void removeAll(set<string>* a, const set<string>& b) {
- for (const auto& toRemove : b) {
- a->erase(toRemove);
- }
-}
+#define DO_EXPECT(B, V) do { \
+ if (B) addAll(expected, (V)); else addAll(unexpected, (V)); \
+} while (0)
void getFileLists(set<string>* expected, set<string>* unexpected) {
unexpected->clear();
expected->clear();
- addAll(unexpected, INTRODUCED_R);
- addAll(unexpected, INTRODUCED_S);
- addAll(unexpected, INTRODUCED_T);
+ // We do not actually check the platform P/Q (netd) and Q (clatd) things
+ // and only verify the mainline module relevant R+ offload maps & progs.
+ //
+ // The goal of this test is to verify compatibility with the tethering mainline module,
+ // and not to test the platform itself, which may have been modified by vendor or oems,
+ // so we should only test for the removal of stuff that was mainline'd,
+ // and for the presence of mainline stuff.
+ DO_EXPECT(IsAtLeastR() && !IsAtLeastS(), PLATFORM_ONLY_IN_R);
- if (IsAtLeastR()) {
- addAll(expected, INTRODUCED_R);
- removeAll(unexpected, INTRODUCED_R);
- // Nothing removed in R.
- }
-
- if (IsAtLeastS()) {
- addAll(expected, INTRODUCED_S);
- removeAll(expected, REMOVED_S);
-
- addAll(unexpected, REMOVED_S);
- removeAll(unexpected, INTRODUCED_S);
- }
+ DO_EXPECT(IsAtLeastS(), MAINLINE_FOR_S_PLUS);
+ DO_EXPECT(IsAtLeastS() && isAtLeastKernelVersion(5, 10, 0), MAINLINE_FOR_S_5_10_PLUS);
// Nothing added or removed in SCv2.
- if (IsAtLeastT()) {
- addAll(expected, INTRODUCED_T);
- if (android::bpf::isAtLeastKernelVersion(5, 4, 0)) addAll(expected, INTRODUCED_T_5_4);
- removeAll(expected, REMOVED_T);
-
- addAll(unexpected, REMOVED_T);
- removeAll(unexpected, INTRODUCED_T);
- }
+ DO_EXPECT(IsAtLeastT(), MAINLINE_FOR_T_PLUS);
+ DO_EXPECT(IsAtLeastT() && isAtLeastKernelVersion(5, 4, 0), MAINLINE_FOR_T_5_4_PLUS);
+ DO_EXPECT(IsAtLeastT() && isAtLeastKernelVersion(5, 15, 0), MAINLINE_FOR_T_5_15_PLUS);
}
void checkFiles() {
diff --git a/tests/unit/java/android/app/usage/NetworkStatsManagerTest.java b/tests/unit/java/android/app/usage/NetworkStatsManagerTest.java
index b1b76ec..71c03ff 100644
--- a/tests/unit/java/android/app/usage/NetworkStatsManagerTest.java
+++ b/tests/unit/java/android/app/usage/NetworkStatsManagerTest.java
@@ -16,6 +16,10 @@
package android.app.usage;
+import static android.net.NetworkStats.METERED_YES;
+import static android.net.NetworkTemplate.MATCH_MOBILE;
+import static android.net.NetworkTemplate.MATCH_WIFI;
+
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
@@ -52,6 +56,8 @@
import org.mockito.MockitoAnnotations;
import org.mockito.invocation.InvocationOnMock;
+import java.util.Set;
+
@RunWith(DevSdkIgnoreRunner.class)
@SmallTest
@DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.S_V2)
@@ -204,20 +210,20 @@
@Test
public void testNetworkTemplateWhenRunningQueryDetails_NoSubscriberId() throws RemoteException {
runQueryDetailsAndCheckTemplate(ConnectivityManager.TYPE_MOBILE,
- null /* subscriberId */, NetworkTemplate.buildTemplateMobileWildcard());
+ null /* subscriberId */, new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).build());
runQueryDetailsAndCheckTemplate(ConnectivityManager.TYPE_WIFI,
- "" /* subscriberId */, NetworkTemplate.buildTemplateWifiWildcard());
+ "" /* subscriberId */, new NetworkTemplate.Builder(MATCH_WIFI).build());
runQueryDetailsAndCheckTemplate(ConnectivityManager.TYPE_WIFI,
- null /* subscriberId */, NetworkTemplate.buildTemplateWifiWildcard());
+ null /* subscriberId */, new NetworkTemplate.Builder(MATCH_WIFI).build());
}
@Test
public void testNetworkTemplateWhenRunningQueryDetails_MergedCarrierWifi()
throws RemoteException {
runQueryDetailsAndCheckTemplate(ConnectivityManager.TYPE_WIFI,
- TEST_SUBSCRIBER_ID,
- NetworkTemplate.buildTemplateWifi(NetworkTemplate.WIFI_NETWORKID_ALL,
- TEST_SUBSCRIBER_ID));
+ TEST_SUBSCRIBER_ID, new NetworkTemplate.Builder(MATCH_WIFI)
+ .setSubscriberIds(Set.of(TEST_SUBSCRIBER_ID)).build());
}
@Test
diff --git a/tests/unit/java/com/android/server/BpfNetMapsTest.java b/tests/unit/java/com/android/server/BpfNetMapsTest.java
index 433b892..61d9eea 100644
--- a/tests/unit/java/com/android/server/BpfNetMapsTest.java
+++ b/tests/unit/java/com/android/server/BpfNetMapsTest.java
@@ -24,6 +24,8 @@
import static android.net.ConnectivityManager.FIREWALL_CHAIN_POWERSAVE;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
+import static android.net.ConnectivityManager.FIREWALL_RULE_ALLOW;
+import static android.net.ConnectivityManager.FIREWALL_RULE_DENY;
import static android.net.INetd.PERMISSION_INTERNET;
import static com.android.server.BpfNetMaps.DOZABLE_MATCH;
@@ -41,6 +43,7 @@
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeFalse;
+import static org.mockito.Mockito.doReturn;
import static org.mockito.Mockito.verify;
import android.net.INetd;
@@ -81,6 +84,7 @@
private static final String TEST_IF_NAME = "wlan0";
private static final int TEST_IF_INDEX = 7;
private static final int NO_IIF = 0;
+ private static final int NULL_IIF = 0;
private static final String CHAINNAME = "fw_dozable";
private static final U32 UID_RULES_CONFIGURATION_KEY = new U32(0);
private static final List<Integer> FIREWALL_CHAINS = List.of(
@@ -97,6 +101,7 @@
private BpfNetMaps mBpfNetMaps;
@Mock INetd mNetd;
+ @Mock BpfNetMaps.Dependencies mDeps;
private final BpfMap<U32, U32> mConfigurationMap = new TestBpfMap<>(U32.class, U32.class);
private final BpfMap<U32, UidOwnerValue> mUidOwnerMap =
new TestBpfMap<>(U32.class, UidOwnerValue.class);
@@ -104,9 +109,10 @@
@Before
public void setUp() throws Exception {
MockitoAnnotations.initMocks(this);
+ doReturn(TEST_IF_INDEX).when(mDeps).getIfIndex(TEST_IF_NAME);
BpfNetMaps.setConfigurationMapForTest(mConfigurationMap);
BpfNetMaps.setUidOwnerMapForTest(mUidOwnerMap);
- mBpfNetMaps = new BpfNetMaps(mNetd);
+ mBpfNetMaps = new BpfNetMaps(mNetd, mDeps);
}
@Test
@@ -120,12 +126,16 @@
verify(mNetd).trafficSetNetPermForUids(PERMISSION_INTERNET, TEST_UIDS);
}
- private void doTestIsChainEnabled(final List<Integer> enableChains) throws Exception {
+ private long getMatch(final List<Integer> chains) {
long match = 0;
- for (final int chain: enableChains) {
+ for (final int chain: chains) {
match |= mBpfNetMaps.getMatchByFirewallChain(chain);
}
- mConfigurationMap.updateEntry(UID_RULES_CONFIGURATION_KEY, new U32(match));
+ return match;
+ }
+
+ private void doTestIsChainEnabled(final List<Integer> enableChains) throws Exception {
+ mConfigurationMap.updateEntry(UID_RULES_CONFIGURATION_KEY, new U32(getMatch(enableChains)));
for (final int chain: FIREWALL_CHAINS) {
final String testCase = "EnabledChains: " + enableChains + " CheckedChain: " + chain;
@@ -458,4 +468,261 @@
assertThrows(UnsupportedOperationException.class,
() -> mBpfNetMaps.updateUidLockdownRule(TEST_UID, true /* add */));
}
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testAddUidInterfaceRules() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+
+ mBpfNetMaps.addUidInterfaceRules(TEST_IF_NAME, TEST_UIDS);
+
+ checkUidOwnerValue(uid0, TEST_IF_INDEX, IIF_MATCH);
+ checkUidOwnerValue(uid1, TEST_IF_INDEX, IIF_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testAddUidInterfaceRulesWithOtherMatch() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ final long match0 = DOZABLE_MATCH;
+ final long match1 = DOZABLE_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH;
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(NO_IIF, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(NO_IIF, match1));
+
+ mBpfNetMaps.addUidInterfaceRules(TEST_IF_NAME, TEST_UIDS);
+
+ checkUidOwnerValue(uid0, TEST_IF_INDEX, match0 | IIF_MATCH);
+ checkUidOwnerValue(uid1, TEST_IF_INDEX, match1 | IIF_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testAddUidInterfaceRulesWithExistingIifMatch() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ final long match0 = IIF_MATCH;
+ final long match1 = IIF_MATCH | DOZABLE_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH;
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(TEST_IF_INDEX + 1, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(NULL_IIF, match1));
+
+ mBpfNetMaps.addUidInterfaceRules(TEST_IF_NAME, TEST_UIDS);
+
+ checkUidOwnerValue(uid0, TEST_IF_INDEX, match0);
+ checkUidOwnerValue(uid1, TEST_IF_INDEX, match1);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testAddUidInterfaceRulesGetIfIndexFail() {
+ doReturn(0).when(mDeps).getIfIndex(TEST_IF_NAME);
+ assertThrows(ServiceSpecificException.class,
+ () -> mBpfNetMaps.addUidInterfaceRules(TEST_IF_NAME, TEST_UIDS));
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testAddUidInterfaceRulesWithNullInterface() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ final long match0 = IIF_MATCH;
+ final long match1 = IIF_MATCH | DOZABLE_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH;
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(TEST_IF_INDEX, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(NULL_IIF, match1));
+
+ mBpfNetMaps.addUidInterfaceRules(null /* ifName */, TEST_UIDS);
+
+ checkUidOwnerValue(uid0, NULL_IIF, match0);
+ checkUidOwnerValue(uid1, NULL_IIF, match1);
+ }
+
+ private void doTestRemoveUidInterfaceRules(final long iif0, final long match0,
+ final long iif1, final long match1) throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(iif0, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(iif1, match1));
+
+ mBpfNetMaps.removeUidInterfaceRules(TEST_UIDS);
+
+ checkUidOwnerValue(uid0, NO_IIF, match0 & ~IIF_MATCH);
+ checkUidOwnerValue(uid1, NO_IIF, match1 & ~IIF_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testRemoveUidInterfaceRules() throws Exception {
+ doTestRemoveUidInterfaceRules(TEST_IF_INDEX, IIF_MATCH, NULL_IIF, IIF_MATCH);
+
+ // IIF_MATCH and other matches are enabled
+ doTestRemoveUidInterfaceRules(TEST_IF_INDEX, IIF_MATCH | DOZABLE_MATCH,
+ NULL_IIF, IIF_MATCH | DOZABLE_MATCH | RESTRICTED_MATCH);
+
+ // IIF_MATCH is not enabled
+ doTestRemoveUidInterfaceRules(NO_IIF, DOZABLE_MATCH,
+ NO_IIF, DOZABLE_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH);
+ }
+
+ private void doTestSetUidRule(final List<Integer> testChains) throws Exception {
+ mUidOwnerMap.updateEntry(new U32(TEST_UID), new UidOwnerValue(TEST_IF_INDEX, IIF_MATCH));
+
+ for (final int chain: testChains) {
+ final int ruleToAddMatch = mBpfNetMaps.isFirewallAllowList(chain)
+ ? FIREWALL_RULE_ALLOW : FIREWALL_RULE_DENY;
+ mBpfNetMaps.setUidRule(chain, TEST_UID, ruleToAddMatch);
+ }
+
+ checkUidOwnerValue(TEST_UID, TEST_IF_INDEX, IIF_MATCH | getMatch(testChains));
+
+ for (final int chain: testChains) {
+ final int ruleToRemoveMatch = mBpfNetMaps.isFirewallAllowList(chain)
+ ? FIREWALL_RULE_DENY : FIREWALL_RULE_ALLOW;
+ mBpfNetMaps.setUidRule(chain, TEST_UID, ruleToRemoveMatch);
+ }
+
+ checkUidOwnerValue(TEST_UID, TEST_IF_INDEX, IIF_MATCH);
+ }
+
+ private void doTestSetUidRule(final int testChain) throws Exception {
+ doTestSetUidRule(List.of(testChain));
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testSetUidRule() throws Exception {
+ doTestSetUidRule(FIREWALL_CHAIN_DOZABLE);
+ doTestSetUidRule(FIREWALL_CHAIN_STANDBY);
+ doTestSetUidRule(FIREWALL_CHAIN_POWERSAVE);
+ doTestSetUidRule(FIREWALL_CHAIN_RESTRICTED);
+ doTestSetUidRule(FIREWALL_CHAIN_LOW_POWER_STANDBY);
+ doTestSetUidRule(FIREWALL_CHAIN_OEM_DENY_1);
+ doTestSetUidRule(FIREWALL_CHAIN_OEM_DENY_2);
+ doTestSetUidRule(FIREWALL_CHAIN_OEM_DENY_3);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testSetUidRuleMultipleChain() throws Exception {
+ doTestSetUidRule(List.of(
+ FIREWALL_CHAIN_DOZABLE,
+ FIREWALL_CHAIN_STANDBY));
+ doTestSetUidRule(List.of(
+ FIREWALL_CHAIN_DOZABLE,
+ FIREWALL_CHAIN_STANDBY,
+ FIREWALL_CHAIN_POWERSAVE,
+ FIREWALL_CHAIN_RESTRICTED));
+ doTestSetUidRule(FIREWALL_CHAINS);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testSetUidRuleRemoveRuleFromUidWithNoRule() {
+ final Class<ServiceSpecificException> expected = ServiceSpecificException.class;
+ assertThrows(expected,
+ () -> mBpfNetMaps.setUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, FIREWALL_RULE_DENY));
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testSetUidRuleInvalidChain() {
+ final Class<ServiceSpecificException> expected = ServiceSpecificException.class;
+ assertThrows(expected,
+ () -> mBpfNetMaps.setUidRule(-1 /* childChain */, TEST_UID, FIREWALL_RULE_ALLOW));
+ assertThrows(expected,
+ () -> mBpfNetMaps.setUidRule(1000 /* childChain */, TEST_UID, FIREWALL_RULE_ALLOW));
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testSetUidRuleInvalidRule() {
+ final Class<ServiceSpecificException> expected = ServiceSpecificException.class;
+ assertThrows(expected, () ->
+ mBpfNetMaps.setUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, -1 /* firewallRule */));
+ assertThrows(expected, () ->
+ mBpfNetMaps.setUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, 1000 /* firewallRule */));
+ }
+
+ @Test
+ @IgnoreAfter(Build.VERSION_CODES.S_V2)
+ public void testSetUidRuleBeforeT() {
+ assertThrows(UnsupportedOperationException.class, () ->
+ mBpfNetMaps.setUidRule(FIREWALL_CHAIN_DOZABLE, TEST_UID, FIREWALL_RULE_ALLOW));
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testReplaceUidChain() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+
+ mBpfNetMaps.replaceUidChain(FIREWALL_CHAIN_DOZABLE, TEST_UIDS);
+
+ checkUidOwnerValue(uid0, NO_IIF, DOZABLE_MATCH);
+ checkUidOwnerValue(uid1, NO_IIF, DOZABLE_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testReplaceUidChainWithOtherMatch() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ final long match0 = POWERSAVE_MATCH;
+ final long match1 = POWERSAVE_MATCH | RESTRICTED_MATCH;
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(NO_IIF, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(NO_IIF, match1));
+
+ mBpfNetMaps.replaceUidChain(FIREWALL_CHAIN_DOZABLE, new int[]{uid1});
+
+ checkUidOwnerValue(uid0, NO_IIF, match0);
+ checkUidOwnerValue(uid1, NO_IIF, match1 | DOZABLE_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testReplaceUidChainWithExistingIifMatch() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ final long match0 = IIF_MATCH;
+ final long match1 = IIF_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH;
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(TEST_IF_INDEX, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(NULL_IIF, match1));
+
+ mBpfNetMaps.replaceUidChain(FIREWALL_CHAIN_DOZABLE, TEST_UIDS);
+
+ checkUidOwnerValue(uid0, TEST_IF_INDEX, match0 | DOZABLE_MATCH);
+ checkUidOwnerValue(uid1, NULL_IIF, match1 | DOZABLE_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testReplaceUidChainRemoveExistingMatch() throws Exception {
+ final int uid0 = TEST_UIDS[0];
+ final int uid1 = TEST_UIDS[1];
+ final long match0 = IIF_MATCH | DOZABLE_MATCH;
+ final long match1 = IIF_MATCH | POWERSAVE_MATCH | RESTRICTED_MATCH;
+ mUidOwnerMap.updateEntry(new U32(uid0), new UidOwnerValue(TEST_IF_INDEX, match0));
+ mUidOwnerMap.updateEntry(new U32(uid1), new UidOwnerValue(NULL_IIF, match1));
+
+ mBpfNetMaps.replaceUidChain(FIREWALL_CHAIN_DOZABLE, new int[]{uid1});
+
+ checkUidOwnerValue(uid0, TEST_IF_INDEX, match0 & ~DOZABLE_MATCH);
+ checkUidOwnerValue(uid1, NULL_IIF, match1 | DOZABLE_MATCH);
+ }
+
+ @Test
+ @IgnoreUpTo(Build.VERSION_CODES.S_V2)
+ public void testReplaceUidChainInvalidChain() {
+ final Class<IllegalArgumentException> expected = IllegalArgumentException.class;
+ assertThrows(expected, () -> mBpfNetMaps.replaceUidChain(-1 /* chain */, TEST_UIDS));
+ assertThrows(expected, () -> mBpfNetMaps.replaceUidChain(1000 /* chain */, TEST_UIDS));
+ }
+
+ @Test
+ @IgnoreAfter(Build.VERSION_CODES.S_V2)
+ public void testReplaceUidChainBeforeT() {
+ assertThrows(UnsupportedOperationException.class,
+ () -> mBpfNetMaps.replaceUidChain(FIREWALL_CHAIN_DOZABLE, TEST_UIDS));
+ }
+
}
diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
index 0919dfc..3264a36 100644
--- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
@@ -9592,24 +9592,23 @@
}
}
- private void doTestReplaceFirewallChain(final int chain, final String chainName,
- final boolean allowList) {
+ private void doTestReplaceFirewallChain(final int chain) {
final int[] uids = new int[] {1001, 1002};
mCm.replaceFirewallChain(chain, uids);
- verify(mBpfNetMaps).replaceUidChain(chainName, allowList, uids);
+ verify(mBpfNetMaps).replaceUidChain(chain, uids);
reset(mBpfNetMaps);
}
@Test @IgnoreUpTo(SC_V2)
public void testReplaceFirewallChain() {
- doTestReplaceFirewallChain(FIREWALL_CHAIN_DOZABLE, "fw_dozable", true);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_STANDBY, "fw_standby", false);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_POWERSAVE, "fw_powersave", true);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_RESTRICTED, "fw_restricted", true);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_LOW_POWER_STANDBY, "fw_low_power_standby", true);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_OEM_DENY_1, "fw_oem_deny_1", false);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_OEM_DENY_2, "fw_oem_deny_2", false);
- doTestReplaceFirewallChain(FIREWALL_CHAIN_OEM_DENY_3, "fw_oem_deny_3", false);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_DOZABLE);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_STANDBY);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_POWERSAVE);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_RESTRICTED);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_LOW_POWER_STANDBY);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_OEM_DENY_1);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_OEM_DENY_2);
+ doTestReplaceFirewallChain(FIREWALL_CHAIN_OEM_DENY_3);
}
@Test @IgnoreUpTo(SC_V2)
@@ -9620,8 +9619,6 @@
() -> mCm.setUidFirewallRule(-1 /* chain */, uid, FIREWALL_RULE_ALLOW));
assertThrows(expected,
() -> mCm.setUidFirewallRule(100 /* chain */, uid, FIREWALL_RULE_ALLOW));
- assertThrows(expected, () -> mCm.replaceFirewallChain(-1 /* chain */, new int[]{uid}));
- assertThrows(expected, () -> mCm.replaceFirewallChain(100 /* chain */, new int[]{uid}));
}
@Test @IgnoreUpTo(SC_V2)
diff --git a/tests/unit/java/com/android/server/NsdServiceTest.java b/tests/unit/java/com/android/server/NsdServiceTest.java
index 9365bee..07884cf 100644
--- a/tests/unit/java/com/android/server/NsdServiceTest.java
+++ b/tests/unit/java/com/android/server/NsdServiceTest.java
@@ -16,6 +16,8 @@
package com.android.server;
+import static android.net.nsd.NsdManager.FAILURE_INTERNAL_ERROR;
+
import static libcore.junit.util.compat.CoreCompatChangeRule.DisableCompatChanges;
import static libcore.junit.util.compat.CoreCompatChangeRule.EnableCompatChanges;
@@ -44,11 +46,15 @@
import android.net.mdns.aidl.DiscoveryInfo;
import android.net.mdns.aidl.GetAddressInfo;
import android.net.mdns.aidl.IMDnsEventListener;
+import android.net.mdns.aidl.RegistrationInfo;
import android.net.mdns.aidl.ResolutionInfo;
import android.net.nsd.INsdManagerCallback;
import android.net.nsd.INsdServiceConnector;
import android.net.nsd.MDnsManager;
import android.net.nsd.NsdManager;
+import android.net.nsd.NsdManager.DiscoveryListener;
+import android.net.nsd.NsdManager.RegistrationListener;
+import android.net.nsd.NsdManager.ResolveListener;
import android.net.nsd.NsdServiceInfo;
import android.os.Binder;
import android.os.Build;
@@ -86,10 +92,15 @@
@SmallTest
@DevSdkIgnoreRule.IgnoreUpTo(Build.VERSION_CODES.S_V2)
public class NsdServiceTest {
-
static final int PROTOCOL = NsdManager.PROTOCOL_DNS_SD;
private static final long CLEANUP_DELAY_MS = 500;
private static final long TIMEOUT_MS = 500;
+ private static final String SERVICE_NAME = "a_name";
+ private static final String SERVICE_TYPE = "a_type";
+ private static final String SERVICE_FULL_NAME = SERVICE_NAME + "." + SERVICE_TYPE;
+ private static final String DOMAIN_NAME = "mytestdevice.local";
+ private static final int PORT = 2201;
+ private static final int IFACE_IDX_ANY = 0;
// Records INsdManagerCallback created when NsdService#connect is called.
// Only accessed on the test thread, since NsdService#connect is called by the NsdManager
@@ -103,6 +114,7 @@
@Mock MDnsManager mMockMDnsM;
HandlerThread mThread;
TestHandler mHandler;
+ NsdService mService;
private static class LinkToDeathRecorder extends Binder {
IBinder.DeathRecipient mDr;
@@ -134,6 +146,8 @@
doReturn(true).when(mMockMDnsM).discover(anyInt(), anyString(), anyInt());
doReturn(true).when(mMockMDnsM).resolve(
anyInt(), anyString(), anyString(), anyString(), anyInt());
+
+ mService = makeService();
}
@After
@@ -147,18 +161,14 @@
@Test
@DisableCompatChanges(NsdManager.RUN_NATIVE_NSD_ONLY_IF_LEGACY_APPS)
public void testPreSClients() throws Exception {
- NsdService service = makeService();
-
// Pre S client connected, the daemon should be started.
- connectClient(service);
- waitForIdle();
+ connectClient(mService);
final INsdManagerCallback cb1 = getCallback();
final IBinder.DeathRecipient deathRecipient1 = verifyLinkToDeath(cb1);
verify(mMockMDnsM, times(1)).registerEventListener(any());
verify(mMockMDnsM, times(1)).startDaemon();
- connectClient(service);
- waitForIdle();
+ connectClient(mService);
final INsdManagerCallback cb2 = getCallback();
final IBinder.DeathRecipient deathRecipient2 = verifyLinkToDeath(cb2);
// Daemon has been started, it should not try to start it again.
@@ -178,19 +188,15 @@
@Test
@EnableCompatChanges(NsdManager.RUN_NATIVE_NSD_ONLY_IF_LEGACY_APPS)
public void testNoDaemonStartedWhenClientsConnect() throws Exception {
- final NsdService service = makeService();
-
// Creating an NsdManager will not cause daemon startup.
- connectClient(service);
- waitForIdle();
+ connectClient(mService);
verify(mMockMDnsM, never()).registerEventListener(any());
verify(mMockMDnsM, never()).startDaemon();
final INsdManagerCallback cb1 = getCallback();
final IBinder.DeathRecipient deathRecipient1 = verifyLinkToDeath(cb1);
// Creating another NsdManager will not cause daemon startup either.
- connectClient(service);
- waitForIdle();
+ connectClient(mService);
verify(mMockMDnsM, never()).registerEventListener(any());
verify(mMockMDnsM, never()).startDaemon();
final INsdManagerCallback cb2 = getCallback();
@@ -216,70 +222,66 @@
@Test
@EnableCompatChanges(NsdManager.RUN_NATIVE_NSD_ONLY_IF_LEGACY_APPS)
public void testClientRequestsAreGCedAtDisconnection() throws Exception {
- NsdService service = makeService();
-
- NsdManager client = connectClient(service);
- waitForIdle();
+ final NsdManager client = connectClient(mService);
final INsdManagerCallback cb1 = getCallback();
final IBinder.DeathRecipient deathRecipient = verifyLinkToDeath(cb1);
verify(mMockMDnsM, never()).registerEventListener(any());
verify(mMockMDnsM, never()).startDaemon();
- NsdServiceInfo request = new NsdServiceInfo("a_name", "a_type");
- request.setPort(2201);
+ final NsdServiceInfo request = new NsdServiceInfo(SERVICE_NAME, SERVICE_TYPE);
+ request.setPort(PORT);
// Client registration request
- NsdManager.RegistrationListener listener1 = mock(NsdManager.RegistrationListener.class);
+ final RegistrationListener listener1 = mock(RegistrationListener.class);
client.registerService(request, PROTOCOL, listener1);
waitForIdle();
- verify(mMockMDnsM, times(1)).registerEventListener(any());
- verify(mMockMDnsM, times(1)).startDaemon();
- verify(mMockMDnsM, times(1)).registerService(
- eq(2), eq("a_name"), eq("a_type"), eq(2201), any(), eq(0));
+ verify(mMockMDnsM).registerEventListener(any());
+ verify(mMockMDnsM).startDaemon();
+ verify(mMockMDnsM).registerService(
+ eq(2), eq(SERVICE_NAME), eq(SERVICE_TYPE), eq(PORT), any(), eq(IFACE_IDX_ANY));
// Client discovery request
- NsdManager.DiscoveryListener listener2 = mock(NsdManager.DiscoveryListener.class);
- client.discoverServices("a_type", PROTOCOL, listener2);
+ final DiscoveryListener listener2 = mock(DiscoveryListener.class);
+ client.discoverServices(SERVICE_TYPE, PROTOCOL, listener2);
waitForIdle();
- verify(mMockMDnsM, times(1)).discover(eq(3), eq("a_type"), eq(0));
+ verify(mMockMDnsM).discover(3 /* id */, SERVICE_TYPE, IFACE_IDX_ANY);
// Client resolve request
- NsdManager.ResolveListener listener3 = mock(NsdManager.ResolveListener.class);
+ final ResolveListener listener3 = mock(ResolveListener.class);
client.resolveService(request, listener3);
waitForIdle();
- verify(mMockMDnsM, times(1)).resolve(
- eq(4), eq("a_name"), eq("a_type"), eq("local."), eq(0));
+ verify(mMockMDnsM).resolve(
+ 4 /* id */, SERVICE_NAME, SERVICE_TYPE, "local." /* domain */, IFACE_IDX_ANY);
// Client disconnects, stop the daemon after CLEANUP_DELAY_MS.
deathRecipient.binderDied();
verifyDelayMaybeStopDaemon(CLEANUP_DELAY_MS);
// checks that request are cleaned
- verify(mMockMDnsM, times(1)).stopOperation(eq(2));
- verify(mMockMDnsM, times(1)).stopOperation(eq(3));
- verify(mMockMDnsM, times(1)).stopOperation(eq(4));
+ verify(mMockMDnsM).stopOperation(2 /* id */);
+ verify(mMockMDnsM).stopOperation(3 /* id */);
+ verify(mMockMDnsM).stopOperation(4 /* id */);
}
@Test
@EnableCompatChanges(NsdManager.RUN_NATIVE_NSD_ONLY_IF_LEGACY_APPS)
public void testCleanupDelayNoRequestActive() throws Exception {
- NsdService service = makeService();
- NsdManager client = connectClient(service);
+ final NsdManager client = connectClient(mService);
- NsdServiceInfo request = new NsdServiceInfo("a_name", "a_type");
- request.setPort(2201);
- NsdManager.RegistrationListener listener1 = mock(NsdManager.RegistrationListener.class);
+ final NsdServiceInfo request = new NsdServiceInfo(SERVICE_NAME, SERVICE_TYPE);
+ request.setPort(PORT);
+ final RegistrationListener listener1 = mock(RegistrationListener.class);
client.registerService(request, PROTOCOL, listener1);
waitForIdle();
- verify(mMockMDnsM, times(1)).registerEventListener(any());
- verify(mMockMDnsM, times(1)).startDaemon();
+ verify(mMockMDnsM).registerEventListener(any());
+ verify(mMockMDnsM).startDaemon();
final INsdManagerCallback cb1 = getCallback();
final IBinder.DeathRecipient deathRecipient = verifyLinkToDeath(cb1);
- verify(mMockMDnsM, times(1)).registerService(
- eq(2), eq("a_name"), eq("a_type"), eq(2201), any(), eq(0));
+ verify(mMockMDnsM).registerService(
+ eq(2), eq(SERVICE_NAME), eq(SERVICE_TYPE), eq(PORT), any(), eq(IFACE_IDX_ANY));
client.unregisterService(listener1);
waitForIdle();
- verify(mMockMDnsM, times(1)).stopOperation(eq(2));
+ verify(mMockMDnsM).stopOperation(2 /* id */);
verifyDelayMaybeStopDaemon(CLEANUP_DELAY_MS);
reset(mMockMDnsM);
@@ -289,38 +291,37 @@
verify(mMockMDnsM, never()).stopDaemon();
}
- @Test
- public void testDiscoverOnTetheringDownstream() throws Exception {
- NsdService service = makeService();
- NsdManager client = connectClient(service);
-
- final String serviceType = "a_type";
- final String serviceName = "a_name";
- final String domainName = "mytestdevice.local";
- final int interfaceIdx = 123;
- final NsdManager.DiscoveryListener discListener = mock(NsdManager.DiscoveryListener.class);
- client.discoverServices(serviceType, NsdManager.PROTOCOL_DNS_SD, discListener);
- waitForIdle();
-
+ private IMDnsEventListener getEventListener() {
final ArgumentCaptor<IMDnsEventListener> listenerCaptor =
ArgumentCaptor.forClass(IMDnsEventListener.class);
verify(mMockMDnsM).registerEventListener(listenerCaptor.capture());
+ return listenerCaptor.getValue();
+ }
+
+ @Test
+ public void testDiscoverOnTetheringDownstream() throws Exception {
+ final NsdManager client = connectClient(mService);
+ final int interfaceIdx = 123;
+ final DiscoveryListener discListener = mock(DiscoveryListener.class);
+ client.discoverServices(SERVICE_TYPE, PROTOCOL, discListener);
+ waitForIdle();
+
+ final IMDnsEventListener eventListener = getEventListener();
final ArgumentCaptor<Integer> discIdCaptor = ArgumentCaptor.forClass(Integer.class);
- verify(mMockMDnsM).discover(discIdCaptor.capture(), eq(serviceType),
+ verify(mMockMDnsM).discover(discIdCaptor.capture(), eq(SERVICE_TYPE),
eq(0) /* interfaceIdx */);
// NsdManager uses a separate HandlerThread to dispatch callbacks (on ServiceHandler), so
// this needs to use a timeout
- verify(discListener, timeout(TIMEOUT_MS)).onDiscoveryStarted(serviceType);
+ verify(discListener, timeout(TIMEOUT_MS)).onDiscoveryStarted(SERVICE_TYPE);
final DiscoveryInfo discoveryInfo = new DiscoveryInfo(
discIdCaptor.getValue(),
IMDnsEventListener.SERVICE_FOUND,
- serviceName,
- serviceType,
- domainName,
+ SERVICE_NAME,
+ SERVICE_TYPE,
+ DOMAIN_NAME,
interfaceIdx,
INetd.LOCAL_NET_ID); // LOCAL_NET_ID (99) used on tethering downstreams
- final IMDnsEventListener eventListener = listenerCaptor.getValue();
eventListener.onServiceDiscoveryStatus(discoveryInfo);
waitForIdle();
@@ -328,31 +329,30 @@
ArgumentCaptor.forClass(NsdServiceInfo.class);
verify(discListener, timeout(TIMEOUT_MS)).onServiceFound(discoveredInfoCaptor.capture());
final NsdServiceInfo foundInfo = discoveredInfoCaptor.getValue();
- assertEquals(serviceName, foundInfo.getServiceName());
- assertEquals(serviceType, foundInfo.getServiceType());
+ assertEquals(SERVICE_NAME, foundInfo.getServiceName());
+ assertEquals(SERVICE_TYPE, foundInfo.getServiceType());
assertNull(foundInfo.getHost());
assertNull(foundInfo.getNetwork());
assertEquals(interfaceIdx, foundInfo.getInterfaceIndex());
// After discovering the service, verify resolving it
- final NsdManager.ResolveListener resolveListener = mock(NsdManager.ResolveListener.class);
+ final ResolveListener resolveListener = mock(ResolveListener.class);
client.resolveService(foundInfo, resolveListener);
waitForIdle();
final ArgumentCaptor<Integer> resolvIdCaptor = ArgumentCaptor.forClass(Integer.class);
- verify(mMockMDnsM).resolve(resolvIdCaptor.capture(), eq(serviceName), eq(serviceType),
+ verify(mMockMDnsM).resolve(resolvIdCaptor.capture(), eq(SERVICE_NAME), eq(SERVICE_TYPE),
eq("local.") /* domain */, eq(interfaceIdx));
final int servicePort = 10123;
- final String serviceFullName = serviceName + "." + serviceType;
final ResolutionInfo resolutionInfo = new ResolutionInfo(
resolvIdCaptor.getValue(),
IMDnsEventListener.SERVICE_RESOLVED,
null /* serviceName */,
null /* serviceType */,
null /* domain */,
- serviceFullName,
- domainName,
+ SERVICE_FULL_NAME,
+ DOMAIN_NAME,
servicePort,
new byte[0] /* txtRecord */,
interfaceIdx);
@@ -362,14 +362,14 @@
waitForIdle();
final ArgumentCaptor<Integer> getAddrIdCaptor = ArgumentCaptor.forClass(Integer.class);
- verify(mMockMDnsM).getServiceAddress(getAddrIdCaptor.capture(), eq(domainName),
+ verify(mMockMDnsM).getServiceAddress(getAddrIdCaptor.capture(), eq(DOMAIN_NAME),
eq(interfaceIdx));
final String serviceAddress = "192.0.2.123";
final GetAddressInfo addressInfo = new GetAddressInfo(
getAddrIdCaptor.getValue(),
IMDnsEventListener.SERVICE_GET_ADDR_SUCCESS,
- serviceFullName,
+ SERVICE_FULL_NAME,
serviceAddress,
interfaceIdx,
INetd.LOCAL_NET_ID);
@@ -380,14 +380,162 @@
ArgumentCaptor.forClass(NsdServiceInfo.class);
verify(resolveListener, timeout(TIMEOUT_MS)).onServiceResolved(resInfoCaptor.capture());
final NsdServiceInfo resolvedService = resInfoCaptor.getValue();
- assertEquals(serviceName, resolvedService.getServiceName());
- assertEquals("." + serviceType, resolvedService.getServiceType());
+ assertEquals(SERVICE_NAME, resolvedService.getServiceName());
+ assertEquals("." + SERVICE_TYPE, resolvedService.getServiceType());
assertEquals(InetAddresses.parseNumericAddress(serviceAddress), resolvedService.getHost());
assertEquals(servicePort, resolvedService.getPort());
assertNull(resolvedService.getNetwork());
assertEquals(interfaceIdx, resolvedService.getInterfaceIndex());
}
+ @Test
+ public void testServiceRegistrationSuccessfulAndFailed() throws Exception {
+ final NsdManager client = connectClient(mService);
+ final NsdServiceInfo request = new NsdServiceInfo(SERVICE_NAME, SERVICE_TYPE);
+ request.setPort(PORT);
+ final RegistrationListener regListener = mock(RegistrationListener.class);
+ client.registerService(request, PROTOCOL, regListener);
+ waitForIdle();
+
+ final IMDnsEventListener eventListener = getEventListener();
+ final ArgumentCaptor<Integer> regIdCaptor = ArgumentCaptor.forClass(Integer.class);
+ verify(mMockMDnsM).registerService(regIdCaptor.capture(),
+ eq(SERVICE_NAME), eq(SERVICE_TYPE), eq(PORT), any(), eq(IFACE_IDX_ANY));
+
+ // Register service successfully.
+ final RegistrationInfo registrationInfo = new RegistrationInfo(
+ regIdCaptor.getValue(),
+ IMDnsEventListener.SERVICE_REGISTERED,
+ SERVICE_NAME,
+ SERVICE_TYPE,
+ PORT,
+ new byte[0] /* txtRecord */,
+ IFACE_IDX_ANY);
+ eventListener.onServiceRegistrationStatus(registrationInfo);
+
+ final ArgumentCaptor<NsdServiceInfo> registeredInfoCaptor =
+ ArgumentCaptor.forClass(NsdServiceInfo.class);
+ verify(regListener, timeout(TIMEOUT_MS))
+ .onServiceRegistered(registeredInfoCaptor.capture());
+ final NsdServiceInfo registeredInfo = registeredInfoCaptor.getValue();
+ assertEquals(SERVICE_NAME, registeredInfo.getServiceName());
+
+ // Fail to register service.
+ final RegistrationInfo registrationFailedInfo = new RegistrationInfo(
+ regIdCaptor.getValue(),
+ IMDnsEventListener.SERVICE_REGISTRATION_FAILED,
+ null /* serviceName */,
+ null /* registrationType */,
+ 0 /* port */,
+ new byte[0] /* txtRecord */,
+ IFACE_IDX_ANY);
+ eventListener.onServiceRegistrationStatus(registrationFailedInfo);
+ verify(regListener, timeout(TIMEOUT_MS))
+ .onRegistrationFailed(any(), eq(FAILURE_INTERNAL_ERROR));
+ }
+
+ @Test
+ public void testServiceDiscoveryFailed() throws Exception {
+ final NsdManager client = connectClient(mService);
+ final DiscoveryListener discListener = mock(DiscoveryListener.class);
+ client.discoverServices(SERVICE_TYPE, PROTOCOL, discListener);
+ waitForIdle();
+
+ final IMDnsEventListener eventListener = getEventListener();
+ final ArgumentCaptor<Integer> discIdCaptor = ArgumentCaptor.forClass(Integer.class);
+ verify(mMockMDnsM).discover(discIdCaptor.capture(), eq(SERVICE_TYPE), eq(IFACE_IDX_ANY));
+ verify(discListener, timeout(TIMEOUT_MS)).onDiscoveryStarted(SERVICE_TYPE);
+
+ // Fail to discover service.
+ final DiscoveryInfo discoveryFailedInfo = new DiscoveryInfo(
+ discIdCaptor.getValue(),
+ IMDnsEventListener.SERVICE_DISCOVERY_FAILED,
+ null /* serviceName */,
+ null /* registrationType */,
+ null /* domainName */,
+ IFACE_IDX_ANY,
+ 0 /* netId */);
+ eventListener.onServiceDiscoveryStatus(discoveryFailedInfo);
+ verify(discListener, timeout(TIMEOUT_MS))
+ .onStartDiscoveryFailed(SERVICE_TYPE, FAILURE_INTERNAL_ERROR);
+ }
+
+ @Test
+ public void testServiceResolutionFailed() throws Exception {
+ final NsdManager client = connectClient(mService);
+ final NsdServiceInfo request = new NsdServiceInfo(SERVICE_NAME, SERVICE_TYPE);
+ final ResolveListener resolveListener = mock(ResolveListener.class);
+ client.resolveService(request, resolveListener);
+ waitForIdle();
+
+ final IMDnsEventListener eventListener = getEventListener();
+ final ArgumentCaptor<Integer> resolvIdCaptor = ArgumentCaptor.forClass(Integer.class);
+ verify(mMockMDnsM).resolve(resolvIdCaptor.capture(), eq(SERVICE_NAME), eq(SERVICE_TYPE),
+ eq("local.") /* domain */, eq(IFACE_IDX_ANY));
+
+ // Fail to resolve service.
+ final ResolutionInfo resolutionFailedInfo = new ResolutionInfo(
+ resolvIdCaptor.getValue(),
+ IMDnsEventListener.SERVICE_RESOLUTION_FAILED,
+ null /* serviceName */,
+ null /* serviceType */,
+ null /* domain */,
+ null /* serviceFullName */,
+ null /* domainName */,
+ 0 /* port */,
+ new byte[0] /* txtRecord */,
+ IFACE_IDX_ANY);
+ eventListener.onServiceResolutionStatus(resolutionFailedInfo);
+ verify(resolveListener, timeout(TIMEOUT_MS))
+ .onResolveFailed(any(), eq(FAILURE_INTERNAL_ERROR));
+ }
+
+ @Test
+ public void testGettingAddressFailed() throws Exception {
+ final NsdManager client = connectClient(mService);
+ final NsdServiceInfo request = new NsdServiceInfo(SERVICE_NAME, SERVICE_TYPE);
+ final ResolveListener resolveListener = mock(ResolveListener.class);
+ client.resolveService(request, resolveListener);
+ waitForIdle();
+
+ final IMDnsEventListener eventListener = getEventListener();
+ final ArgumentCaptor<Integer> resolvIdCaptor = ArgumentCaptor.forClass(Integer.class);
+ verify(mMockMDnsM).resolve(resolvIdCaptor.capture(), eq(SERVICE_NAME), eq(SERVICE_TYPE),
+ eq("local.") /* domain */, eq(IFACE_IDX_ANY));
+
+ // Resolve service successfully.
+ final ResolutionInfo resolutionInfo = new ResolutionInfo(
+ resolvIdCaptor.getValue(),
+ IMDnsEventListener.SERVICE_RESOLVED,
+ null /* serviceName */,
+ null /* serviceType */,
+ null /* domain */,
+ SERVICE_FULL_NAME,
+ DOMAIN_NAME,
+ PORT,
+ new byte[0] /* txtRecord */,
+ IFACE_IDX_ANY);
+ doReturn(true).when(mMockMDnsM).getServiceAddress(anyInt(), any(), anyInt());
+ eventListener.onServiceResolutionStatus(resolutionInfo);
+ waitForIdle();
+
+ final ArgumentCaptor<Integer> getAddrIdCaptor = ArgumentCaptor.forClass(Integer.class);
+ verify(mMockMDnsM).getServiceAddress(getAddrIdCaptor.capture(), eq(DOMAIN_NAME),
+ eq(IFACE_IDX_ANY));
+
+ // Fail to get service address.
+ final GetAddressInfo gettingAddrFailedInfo = new GetAddressInfo(
+ getAddrIdCaptor.getValue(),
+ IMDnsEventListener.SERVICE_GET_ADDR_FAILED,
+ null /* hostname */,
+ null /* address */,
+ IFACE_IDX_ANY,
+ 0 /* netId */);
+ eventListener.onGettingServiceAddressStatus(gettingAddrFailedInfo);
+ verify(resolveListener, timeout(TIMEOUT_MS))
+ .onResolveFailed(any(), eq(FAILURE_INTERNAL_ERROR));
+ }
+
private void waitForIdle() {
HandlerUtils.waitForIdle(mHandler, TIMEOUT_MS);
}
@@ -415,7 +563,10 @@
}
NsdManager connectClient(NsdService service) {
- return new NsdManager(mContext, service);
+ final NsdManager nsdManager = new NsdManager(mContext, service);
+ // Wait for client registration done.
+ waitForIdle();
+ return nsdManager;
}
void verifyDelayMaybeStopDaemon(long cleanupDelayMs) throws Exception {
diff --git a/tests/unit/java/com/android/server/connectivity/ClatCoordinatorTest.java b/tests/unit/java/com/android/server/connectivity/ClatCoordinatorTest.java
index feee293..bbb61cd 100644
--- a/tests/unit/java/com/android/server/connectivity/ClatCoordinatorTest.java
+++ b/tests/unit/java/com/android/server/connectivity/ClatCoordinatorTest.java
@@ -21,6 +21,7 @@
import static android.system.OsConstants.ETH_P_IPV6;
import static com.android.net.module.util.NetworkStackConstants.ETHER_MTU;
+import static com.android.server.connectivity.ClatCoordinator.AID_CLAT;
import static com.android.server.connectivity.ClatCoordinator.CLAT_MAX_MTU;
import static com.android.server.connectivity.ClatCoordinator.EGRESS;
import static com.android.server.connectivity.ClatCoordinator.INGRESS;
@@ -56,6 +57,8 @@
import com.android.net.module.util.bpf.ClatEgress4Value;
import com.android.net.module.util.bpf.ClatIngress6Key;
import com.android.net.module.util.bpf.ClatIngress6Value;
+import com.android.net.module.util.bpf.CookieTagMapKey;
+import com.android.net.module.util.bpf.CookieTagMapValue;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRunner;
import com.android.testutils.TestBpfMap;
@@ -127,11 +130,16 @@
INET6_PFX96, INET6_LOCAL6);
private static final ClatIngress6Value INGRESS_VALUE = new ClatIngress6Value(STACKED_IFINDEX,
INET4_LOCAL4);
+ private static final CookieTagMapKey COOKIE_TAG_KEY = new CookieTagMapKey(RAW_SOCK_COOKIE);
+ private static final CookieTagMapValue COOKIE_TAG_VALUE = new CookieTagMapValue(AID_CLAT,
+ 0 /* tag, unused */);
private final TestBpfMap<ClatIngress6Key, ClatIngress6Value> mIngressMap =
spy(new TestBpfMap<>(ClatIngress6Key.class, ClatIngress6Value.class));
private final TestBpfMap<ClatEgress4Key, ClatEgress4Value> mEgressMap =
spy(new TestBpfMap<>(ClatEgress4Key.class, ClatEgress4Value.class));
+ private final TestBpfMap<CookieTagMapKey, CookieTagMapValue> mCookieTagMap =
+ spy(new TestBpfMap<>(CookieTagMapKey.class, CookieTagMapValue.class));
@Mock private INetd mNetd;
@Spy private TestDependencies mDeps = new TestDependencies();
@@ -313,25 +321,10 @@
}
/**
- * Tag socket as clat.
+ * Get socket cookie.
*/
- @Override
- public long tagSocketAsClat(@NonNull FileDescriptor sock) throws IOException {
- if (Objects.equals(RAW_SOCK_PFD.getFileDescriptor(), sock)) {
- return RAW_SOCK_COOKIE;
- }
- fail("unsupported arg: " + sock);
- return 0;
- }
-
- /**
- * Untag socket.
- */
- @Override
- public void untagSocket(long cookie) throws IOException {
- if (cookie != RAW_SOCK_COOKIE) {
- fail("unsupported arg: " + cookie);
- }
+ public long getSocketCookie(@NonNull FileDescriptor sock) throws IOException {
+ return RAW_SOCK_COOKIE;
}
/** Get ingress6 BPF map. */
@@ -346,6 +339,12 @@
return mEgressMap;
}
+ /** Get cookie tag map */
+ @Override
+ public IBpfMap<CookieTagMapKey, CookieTagMapValue> getBpfCookieTagMap() {
+ return mCookieTagMap;
+ }
+
/** Checks if the network interface uses an ethernet L2 header. */
public boolean isEthernet(String iface) throws IOException {
if (BASE_IFACE.equals(iface)) return true;
@@ -400,8 +399,8 @@
@Test
public void testStartStopClatd() throws Exception {
final ClatCoordinator coordinator = makeClatCoordinator();
- final InOrder inOrder = inOrder(mNetd, mDeps, mIngressMap, mEgressMap);
- clearInvocations(mNetd, mDeps, mIngressMap, mEgressMap);
+ final InOrder inOrder = inOrder(mNetd, mDeps, mIngressMap, mEgressMap, mCookieTagMap);
+ clearInvocations(mNetd, mDeps, mIngressMap, mEgressMap, mCookieTagMap);
// [1] Start clatd.
final String addr6For464xlat = coordinator.clatStart(BASE_IFACE, NETID, NAT64_IP_PREFIX);
@@ -444,8 +443,9 @@
inOrder.verify(mDeps).addAnycastSetsockopt(
argThat(fd -> Objects.equals(RAW_SOCK_PFD.getFileDescriptor(), fd)),
eq(XLAT_LOCAL_IPV6ADDR_STRING), eq(BASE_IFINDEX));
- inOrder.verify(mDeps).tagSocketAsClat(
+ inOrder.verify(mDeps).getSocketCookie(
argThat(fd -> Objects.equals(RAW_SOCK_PFD.getFileDescriptor(), fd)));
+ inOrder.verify(mCookieTagMap).insertEntry(eq(COOKIE_TAG_KEY), eq(COOKIE_TAG_VALUE));
inOrder.verify(mDeps).configurePacketSocket(
argThat(fd -> Objects.equals(PACKET_SOCK_PFD.getFileDescriptor(), fd)),
eq(XLAT_LOCAL_IPV6ADDR_STRING), eq(BASE_IFINDEX));
@@ -481,7 +481,7 @@
inOrder.verify(mIngressMap).deleteEntry(eq(INGRESS_KEY));
inOrder.verify(mDeps).stopClatd(eq(BASE_IFACE), eq(NAT64_PREFIX_STRING),
eq(XLAT_LOCAL_IPV4ADDR_STRING), eq(XLAT_LOCAL_IPV6ADDR_STRING), eq(CLATD_PID));
- inOrder.verify(mDeps).untagSocket(eq(RAW_SOCK_COOKIE));
+ inOrder.verify(mCookieTagMap).deleteEntry(eq(COOKIE_TAG_KEY));
assertNull(coordinator.getClatdTrackerForTesting());
inOrder.verifyNoMoreInteractions();
@@ -680,18 +680,6 @@
}
@Test
- public void testNotStartClatWithNativeFailureTagSocketAsClat() throws Exception {
- class FailureDependencies extends TestDependencies {
- @Override
- public long tagSocketAsClat(@NonNull FileDescriptor sock) throws IOException {
- throw new IOException();
- }
- }
- checkNotStartClat(new FailureDependencies(), true /* needToCloseTunFd */,
- true /* needToClosePacketSockFd */, true /* needToCloseRawSockFd */);
- }
-
- @Test
public void testNotStartClatWithNativeFailureConfigurePacketSocket() throws Exception {
class FailureDependencies extends TestDependencies {
@Override
@@ -718,4 +706,28 @@
checkNotStartClat(new FailureDependencies(), true /* needToCloseTunFd */,
true /* needToClosePacketSockFd */, true /* needToCloseRawSockFd */);
}
+
+ @Test
+ public void testNotStartClatWithNativeFailureGetSocketCookie() throws Exception {
+ class FailureDependencies extends TestDependencies {
+ @Override
+ public long getSocketCookie(@NonNull FileDescriptor sock) throws IOException {
+ throw new IOException();
+ }
+ }
+ checkNotStartClat(new FailureDependencies(), true /* needToCloseTunFd */,
+ true /* needToClosePacketSockFd */, true /* needToCloseRawSockFd */);
+ }
+
+ @Test
+ public void testNotStartClatWithNullCookieTagMap() throws Exception {
+ class FailureDependencies extends TestDependencies {
+ @Override
+ public IBpfMap<CookieTagMapKey, CookieTagMapValue> getBpfCookieTagMap() {
+ return null;
+ }
+ }
+ checkNotStartClat(new FailureDependencies(), true /* needToCloseTunFd */,
+ true /* needToClosePacketSockFd */, true /* needToCloseRawSockFd */);
+ }
}
diff --git a/tests/unit/java/com/android/server/connectivity/VpnTest.java b/tests/unit/java/com/android/server/connectivity/VpnTest.java
index 5c1992d..6f25d1b 100644
--- a/tests/unit/java/com/android/server/connectivity/VpnTest.java
+++ b/tests/unit/java/com/android/server/connectivity/VpnTest.java
@@ -969,6 +969,31 @@
AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN, AppOpsManager.OPSTR_ACTIVATE_VPN);
}
+ private void setAppOpsPermission() {
+ doAnswer(invocation -> {
+ when(mAppOps.noteOpNoThrow(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN,
+ Process.myUid(), TEST_VPN_PKG,
+ null /* attributionTag */, null /* message */))
+ .thenReturn(AppOpsManager.MODE_ALLOWED);
+ return null;
+ }).when(mAppOps).setMode(
+ eq(AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN),
+ eq(Process.myUid()),
+ eq(TEST_VPN_PKG),
+ eq(AppOpsManager.MODE_ALLOWED));
+ }
+
+ @Test
+ public void testProvisionVpnProfileNotPreconsented_withControlVpnPermission() throws Exception {
+ setAppOpsPermission();
+ doReturn(PERMISSION_GRANTED).when(mContext).checkCallingOrSelfPermission(CONTROL_VPN);
+ final Vpn vpn = createVpnAndSetupUidChecks();
+
+ // ACTIVATE_PLATFORM_VPN will be granted if VPN app has CONTROL_VPN permission.
+ checkProvisionVpnProfile(vpn, true /* expectedResult */,
+ AppOpsManager.OPSTR_ACTIVATE_PLATFORM_VPN);
+ }
+
@Test
public void testProvisionVpnProfileVpnServicePreconsented() throws Exception {
final Vpn vpn = createVpnAndSetupUidChecks(AppOpsManager.OPSTR_ACTIVATE_VPN);
@@ -1589,6 +1614,30 @@
assertEquals(LegacyVpnInfo.STATE_FAILED, vpn.getLegacyVpnInfo().state);
}
+ @Test
+ public void testVpnManagerEventWillNotBeSentToSettingsVpn() throws Exception {
+ startLegacyVpn(createVpn(PRIMARY_USER.id), mVpnProfile);
+ triggerOnAvailableAndGetCallback();
+
+ verifyInterfaceSetCfgWithFlags(IF_STATE_UP);
+
+ final IkeNonProtocolException exception = mock(IkeNonProtocolException.class);
+ final IkeTimeoutException ikeTimeoutException =
+ new IkeTimeoutException("IkeTimeoutException");
+ when(exception.getCause()).thenReturn(ikeTimeoutException);
+
+ final ArgumentCaptor<IkeSessionCallback> captor =
+ ArgumentCaptor.forClass(IkeSessionCallback.class);
+ verify(mIkev2SessionCreator, timeout(TEST_TIMEOUT_MS))
+ .createIkeSession(any(), any(), any(), any(), captor.capture(), any());
+ final IkeSessionCallback ikeCb = captor.getValue();
+ ikeCb.onClosedWithException(exception);
+
+ final Context userContext =
+ mContext.createContextAsUser(UserHandle.of(PRIMARY_USER.id), 0 /* flags */);
+ verify(userContext, never()).startService(any());
+ }
+
private void setAndVerifyAlwaysOnPackage(Vpn vpn, int uid, boolean lockdownEnabled) {
assertTrue(vpn.setAlwaysOnPackage(TEST_VPN_PKG, lockdownEnabled, null));
diff --git a/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java b/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java
index 2178b33..503d920 100644
--- a/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java
+++ b/tests/unit/java/com/android/server/ethernet/EthernetNetworkFactoryTest.java
@@ -313,21 +313,28 @@
assertTrue(ret);
verify(mIpClient).shutdown();
- assertEquals(listener.expectOnResult(), TEST_IFACE);
+ assertEquals(TEST_IFACE, listener.expectOnResult());
}
@Test
public void testUpdateInterfaceLinkStateForProvisionedInterface() throws Exception {
initEthernetNetworkFactory();
createAndVerifyProvisionedInterface(TEST_IFACE);
- final TestNetworkManagementListener listener = new TestNetworkManagementListener();
+ final TestNetworkManagementListener listenerDown = new TestNetworkManagementListener();
+ final TestNetworkManagementListener listenerUp = new TestNetworkManagementListener();
- final boolean ret =
- mNetFactory.updateInterfaceLinkState(TEST_IFACE, false /* up */, listener);
+ final boolean retDown =
+ mNetFactory.updateInterfaceLinkState(TEST_IFACE, false /* up */, listenerDown);
- assertTrue(ret);
+ assertTrue(retDown);
verifyStop();
- assertEquals(listener.expectOnResult(), TEST_IFACE);
+ assertEquals(TEST_IFACE, listenerDown.expectOnResult());
+
+ final boolean retUp =
+ mNetFactory.updateInterfaceLinkState(TEST_IFACE, true /* up */, listenerUp);
+
+ assertTrue(retUp);
+ assertEquals(TEST_IFACE, listenerUp.expectOnResult());
}
@Test
@@ -344,7 +351,7 @@
verify(mDeps, never()).makeIpClient(any(), any(), any());
verify(mDeps, never())
.makeEthernetNetworkAgent(any(), any(), any(), any(), any(), any(), any());
- assertEquals(listener.expectOnResult(), TEST_IFACE);
+ assertEquals(TEST_IFACE, listener.expectOnResult());
}
@Test
@@ -609,7 +616,7 @@
mNetFactory.updateInterface(TEST_IFACE, ipConfiguration, capabilities, listener);
triggerOnProvisioningSuccess();
- assertEquals(listener.expectOnResult(), TEST_IFACE);
+ assertEquals(TEST_IFACE, listener.expectOnResult());
}
@Test
@@ -655,6 +662,7 @@
});
assertEquals(successfulListener.expectOnResult(), TEST_IFACE);
+ assertEquals(TEST_IFACE, successfulListener.expectOnResult());
}
private void verifyNetworkManagementCallIsAbortedWhenInterrupted(
@@ -683,7 +691,7 @@
mNetFactory.updateInterface(TEST_IFACE, ipConfiguration, capabilities, listener);
triggerOnProvisioningSuccess();
- assertEquals(listener.expectOnResult(), TEST_IFACE);
+ assertEquals(TEST_IFACE, listener.expectOnResult());
verify(mDeps).makeEthernetNetworkAgent(any(), any(),
eq(capabilities), any(), any(), any(), any());
verifyRestart(ipConfiguration);
@@ -726,4 +734,16 @@
triggerOnProvisioningSuccess();
verifyRestart(initialIpConfig);
}
+
+ @Test
+ public void testOnNetworkNeededOnStaleNetworkOffer() throws Exception {
+ initEthernetNetworkFactory();
+ createAndVerifyProvisionedInterface(TEST_IFACE);
+ mNetFactory.updateInterfaceLinkState(TEST_IFACE, false, null);
+ verify(mNetworkProvider).unregisterNetworkOffer(mNetworkOfferCallback);
+ // It is possible that even after a network offer is unregistered, CS still sends it
+ // onNetworkNeeded() callbacks.
+ mNetworkOfferCallback.onNetworkNeeded(createDefaultRequest());
+ verify(mIpClient, never()).startProvisioning(any());
+ }
}
diff --git a/tests/unit/java/com/android/server/net/NetworkStatsObserversTest.java b/tests/unit/java/com/android/server/net/NetworkStatsObserversTest.java
index 5747e10..292f77e 100644
--- a/tests/unit/java/com/android/server/net/NetworkStatsObserversTest.java
+++ b/tests/unit/java/com/android/server/net/NetworkStatsObserversTest.java
@@ -21,11 +21,12 @@
import static android.net.NetworkStats.DEFAULT_NETWORK_NO;
import static android.net.NetworkStats.DEFAULT_NETWORK_YES;
import static android.net.NetworkStats.METERED_NO;
+import static android.net.NetworkStats.METERED_YES;
import static android.net.NetworkStats.ROAMING_NO;
import static android.net.NetworkStats.SET_DEFAULT;
import static android.net.NetworkStats.TAG_NONE;
-import static android.net.NetworkTemplate.buildTemplateMobileAll;
-import static android.net.NetworkTemplate.buildTemplateWifiWildcard;
+import static android.net.NetworkTemplate.MATCH_MOBILE;
+import static android.net.NetworkTemplate.MATCH_WIFI;
import static android.net.TrafficStats.MB_IN_BYTES;
import static android.text.format.DateUtils.MINUTE_IN_MILLIS;
@@ -67,6 +68,7 @@
import java.util.ArrayList;
import java.util.Objects;
+import java.util.Set;
/**
* Tests for {@link NetworkStatsObservers}.
@@ -84,10 +86,13 @@
private static final int SUBID_1 = 1;
private static final String TEST_SSID = "AndroidAP";
- private static NetworkTemplate sTemplateWifi = buildTemplateWifiWildcard();
- private static NetworkTemplate sTemplateImsi1 = buildTemplateMobileAll(IMSI_1);
- private static NetworkTemplate sTemplateImsi2 = buildTemplateMobileAll(IMSI_2);
-
+ private static NetworkTemplate sTemplateWifi = new NetworkTemplate.Builder(MATCH_WIFI).build();
+ private static NetworkTemplate sTemplateImsi1 = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setSubscriberIds(Set.of(IMSI_1))
+ .setMeteredness(METERED_YES).build();
+ private static NetworkTemplate sTemplateImsi2 = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setSubscriberIds(Set.of(IMSI_2))
+ .setMeteredness(METERED_YES).build();
private static final int PID_SYSTEM = 1234;
private static final int PID_RED = 1235;
private static final int PID_BLUE = 1236;
diff --git a/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java b/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
index f9cbb10..484d717 100644
--- a/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
+++ b/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
@@ -46,14 +46,10 @@
import static android.net.NetworkStats.TAG_NONE;
import static android.net.NetworkStats.UID_ALL;
import static android.net.NetworkStatsHistory.FIELD_ALL;
-import static android.net.NetworkTemplate.MATCH_MOBILE_WILDCARD;
-import static android.net.NetworkTemplate.NETWORK_TYPE_ALL;
+import static android.net.NetworkTemplate.MATCH_MOBILE;
+import static android.net.NetworkTemplate.MATCH_WIFI;
import static android.net.NetworkTemplate.OEM_MANAGED_NO;
import static android.net.NetworkTemplate.OEM_MANAGED_YES;
-import static android.net.NetworkTemplate.buildTemplateMobileAll;
-import static android.net.NetworkTemplate.buildTemplateMobileWithRatType;
-import static android.net.NetworkTemplate.buildTemplateWifi;
-import static android.net.NetworkTemplate.buildTemplateWifiWildcard;
import static android.net.TrafficStats.MB_IN_BYTES;
import static android.net.TrafficStats.UID_REMOVED;
import static android.net.TrafficStats.UID_TETHERING;
@@ -65,7 +61,6 @@
import static android.text.format.DateUtils.MINUTE_IN_MILLIS;
import static android.text.format.DateUtils.WEEK_IN_MILLIS;
-import static com.android.net.module.util.NetworkStatsUtils.SUBSCRIBER_ID_MATCH_RULE_EXACT;
import static com.android.server.net.NetworkStatsService.ACTION_NETWORK_STATS_POLL;
import static com.android.server.net.NetworkStatsService.NETSTATS_IMPORT_ATTEMPTS_COUNTER_NAME;
import static com.android.server.net.NetworkStatsService.NETSTATS_IMPORT_FALLBACKS_COUNTER_NAME;
@@ -138,6 +133,8 @@
import com.android.net.module.util.LocationPermissionChecker;
import com.android.net.module.util.Struct.U32;
import com.android.net.module.util.Struct.U8;
+import com.android.net.module.util.bpf.CookieTagMapKey;
+import com.android.net.module.util.bpf.CookieTagMapValue;
import com.android.server.net.NetworkStatsService.AlertObserver;
import com.android.server.net.NetworkStatsService.NetworkStatsSettings;
import com.android.server.net.NetworkStatsService.NetworkStatsSettings.Config;
@@ -192,11 +189,14 @@
private static final String IMSI_2 = "310260";
private static final String TEST_WIFI_NETWORK_KEY = "WifiNetworkKey";
- private static NetworkTemplate sTemplateWifi = buildTemplateWifi(TEST_WIFI_NETWORK_KEY);
- private static NetworkTemplate sTemplateCarrierWifi1 =
- buildTemplateWifi(NetworkTemplate.WIFI_NETWORKID_ALL, IMSI_1);
- private static NetworkTemplate sTemplateImsi1 = buildTemplateMobileAll(IMSI_1);
- private static NetworkTemplate sTemplateImsi2 = buildTemplateMobileAll(IMSI_2);
+ private static NetworkTemplate sTemplateWifi = new NetworkTemplate.Builder(MATCH_WIFI)
+ .setWifiNetworkKeys(Set.of(TEST_WIFI_NETWORK_KEY)).build();
+ private static NetworkTemplate sTemplateCarrierWifi1 = new NetworkTemplate.Builder(MATCH_WIFI)
+ .setSubscriberIds(Set.of(IMSI_1)).build();
+ private static NetworkTemplate sTemplateImsi1 = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).setSubscriberIds(Set.of(IMSI_1)).build();
+ private static NetworkTemplate sTemplateImsi2 = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).setSubscriberIds(Set.of(IMSI_2)).build();
private static final Network WIFI_NETWORK = new Network(100);
private static final Network MOBILE_NETWORK = new Network(101);
@@ -833,15 +833,15 @@
@Test
public void testMobileStatsByRatType() throws Exception {
- final NetworkTemplate template3g =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_UMTS,
- METERED_YES);
- final NetworkTemplate template4g =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_LTE,
- METERED_YES);
- final NetworkTemplate template5g =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_NR,
- METERED_YES);
+ final NetworkTemplate template3g = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_UMTS)
+ .setMeteredness(METERED_YES).build();
+ final NetworkTemplate template4g = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_LTE)
+ .setMeteredness(METERED_YES).build();
+ final NetworkTemplate template5g = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_NR)
+ .setMeteredness(METERED_YES).build();
final NetworkStateSnapshot[] states =
new NetworkStateSnapshot[]{buildMobileState(IMSI_1)};
@@ -912,12 +912,13 @@
@Test
public void testMobileStatsMeteredness() throws Exception {
// Create metered 5g template.
- final NetworkTemplate templateMetered5g =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_NR,
- METERED_YES);
+ final NetworkTemplate templateMetered5g = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_NR)
+ .setMeteredness(METERED_YES).build();
// Create non-metered 5g template
- final NetworkTemplate templateNonMetered5g =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_NR, METERED_NO);
+ final NetworkTemplate templateNonMetered5g = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_NR)
+ .setMeteredness(METERED_NO).build();
expectDefaultSettings();
expectNetworkStatsSummary(buildEmptyStats());
@@ -950,33 +951,20 @@
@Test
public void testMobileStatsOemManaged() throws Exception {
- final NetworkTemplate templateOemPaid = new NetworkTemplate(MATCH_MOBILE_WILDCARD,
- /*subscriberId=*/null, /*matchSubscriberIds=*/null,
- /*matchWifiNetworkKeys=*/new String[0], METERED_ALL, ROAMING_ALL,
- DEFAULT_NETWORK_ALL, NETWORK_TYPE_ALL, OEM_PAID, SUBSCRIBER_ID_MATCH_RULE_EXACT);
+ final NetworkTemplate templateOemPaid = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setOemManaged(OEM_PAID).build();
- final NetworkTemplate templateOemPrivate = new NetworkTemplate(MATCH_MOBILE_WILDCARD,
- /*subscriberId=*/null, /*matchSubscriberIds=*/null,
- /*matchWifiNetworkKeys=*/new String[0], METERED_ALL, ROAMING_ALL,
- DEFAULT_NETWORK_ALL, NETWORK_TYPE_ALL, OEM_PRIVATE, SUBSCRIBER_ID_MATCH_RULE_EXACT);
+ final NetworkTemplate templateOemPrivate = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setOemManaged(OEM_PRIVATE).build();
- final NetworkTemplate templateOemAll = new NetworkTemplate(MATCH_MOBILE_WILDCARD,
- /*subscriberId=*/null, /*matchSubscriberIds=*/null,
- /*matchWifiNetworkKeys=*/new String[0], METERED_ALL, ROAMING_ALL,
- DEFAULT_NETWORK_ALL, NETWORK_TYPE_ALL, OEM_PAID | OEM_PRIVATE,
- SUBSCRIBER_ID_MATCH_RULE_EXACT);
+ final NetworkTemplate templateOemAll = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setOemManaged(OEM_PAID | OEM_PRIVATE).build();
- final NetworkTemplate templateOemYes = new NetworkTemplate(MATCH_MOBILE_WILDCARD,
- /*subscriberId=*/null, /*matchSubscriberIds=*/null,
- /*matchWifiNetworkKeys=*/new String[0], METERED_ALL, ROAMING_ALL,
- DEFAULT_NETWORK_ALL, NETWORK_TYPE_ALL, OEM_MANAGED_YES,
- SUBSCRIBER_ID_MATCH_RULE_EXACT);
+ final NetworkTemplate templateOemYes = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setOemManaged(OEM_MANAGED_YES).build();
- final NetworkTemplate templateOemNone = new NetworkTemplate(MATCH_MOBILE_WILDCARD,
- /*subscriberId=*/null, /*matchSubscriberIds=*/null,
- /*matchWifiNetworkKeys=*/new String[0], METERED_ALL, ROAMING_ALL,
- DEFAULT_NETWORK_ALL, NETWORK_TYPE_ALL, OEM_MANAGED_NO,
- SUBSCRIBER_ID_MATCH_RULE_EXACT);
+ final NetworkTemplate templateOemNone = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setOemManaged(OEM_MANAGED_NO).build();
// OEM_PAID network comes online.
NetworkStateSnapshot[] states = new NetworkStateSnapshot[]{
@@ -1156,7 +1144,9 @@
final ZonedDateTime end =
ZonedDateTime.ofInstant(mClock.instant(), ZoneId.systemDefault());
final ZonedDateTime start = end.truncatedTo(ChronoUnit.HOURS);
- NetworkStats stats = mSession.getSummaryForNetwork(buildTemplateWifi(TEST_WIFI_NETWORK_KEY),
+ NetworkStats stats = mSession.getSummaryForNetwork(
+ new NetworkTemplate.Builder(MATCH_WIFI)
+ .setWifiNetworkKeys(Set.of(TEST_WIFI_NETWORK_KEY)).build(),
start.toInstant().toEpochMilli(), end.toInstant().toEpochMilli());
assertEquals(1, stats.size());
assertValues(stats, IFACE_ALL, UID_ALL, SET_ALL, TAG_NONE, METERED_ALL, ROAMING_ALL,
@@ -1668,14 +1658,14 @@
public void testDynamicWatchForNetworkRatTypeChanges() throws Exception {
// Build 3G template, type unknown template to get stats while network type is unknown
// and type all template to get the sum of all network type stats.
- final NetworkTemplate template3g =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_UMTS,
- METERED_YES);
- final NetworkTemplate templateUnknown =
- buildTemplateMobileWithRatType(null, TelephonyManager.NETWORK_TYPE_UNKNOWN,
- METERED_YES);
- final NetworkTemplate templateAll =
- buildTemplateMobileWithRatType(null, NETWORK_TYPE_ALL, METERED_YES);
+ final NetworkTemplate template3g = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_UMTS)
+ .setMeteredness(METERED_YES).build();
+ final NetworkTemplate templateUnknown = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setRatType(TelephonyManager.NETWORK_TYPE_UNKNOWN)
+ .setMeteredness(METERED_YES).build();
+ final NetworkTemplate templateAll = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).build();
final NetworkStateSnapshot[] states =
new NetworkStateSnapshot[]{buildMobileState(IMSI_1)};
@@ -1772,8 +1762,8 @@
forcePollAndWaitForIdle();
// Verify mobile summary is not changed by the operation count.
- final NetworkTemplate templateMobile =
- buildTemplateMobileWithRatType(null, NETWORK_TYPE_ALL, METERED_YES);
+ final NetworkTemplate templateMobile = new NetworkTemplate.Builder(MATCH_MOBILE)
+ .setMeteredness(METERED_YES).build();
final NetworkStats statsMobile = mSession.getSummaryForAllUid(
templateMobile, Long.MIN_VALUE, Long.MAX_VALUE, true);
assertValues(statsMobile, IFACE_ALL, UID_RED, SET_ALL, TAG_NONE, METERED_ALL, ROAMING_ALL,
@@ -1784,7 +1774,7 @@
// Verify the operation count is blamed onto the default network.
// TODO: Blame onto the default network is not very reasonable. Consider blame onto the
// network that generates the traffic.
- final NetworkTemplate templateWifi = buildTemplateWifiWildcard();
+ final NetworkTemplate templateWifi = new NetworkTemplate.Builder(MATCH_WIFI).build();
final NetworkStats statsWifi = mSession.getSummaryForAllUid(
templateWifi, Long.MIN_VALUE, Long.MAX_VALUE, true);
assertValues(statsWifi, IFACE_ALL, UID_RED, SET_ALL, 0xF00D, METERED_ALL, ROAMING_ALL,