Merge "Address review feedback" into main
diff --git a/Cronet/tests/common/Android.bp b/Cronet/tests/common/Android.bp
index e17081a..a484adb 100644
--- a/Cronet/tests/common/Android.bp
+++ b/Cronet/tests/common/Android.bp
@@ -28,7 +28,10 @@
name: "NetHttpCoverageTests",
enforce_default_target_sdk_version: true,
min_sdk_version: "30",
- test_suites: ["general-tests", "mts-tethering"],
+ test_suites: [
+ "general-tests",
+ "mts-tethering",
+ ],
static_libs: [
"modules-utils-native-coverage-listener",
"CtsNetHttpTestsLib",
@@ -37,6 +40,8 @@
jarjar_rules: ":net-http-test-jarjar-rules",
compile_multilib: "both", // Include both the 32 and 64 bit versions
jni_libs: [
- "cronet_aml_components_cronet_android_cronet_tests__testing"
+ "cronet_aml_components_cronet_android_cronet_tests__testing",
+ "cronet_aml_third_party_netty_tcnative_netty_tcnative_so__testing",
],
+ data: [":cronet_javatests_resources"],
}
diff --git a/Cronet/tests/common/AndroidTest.xml b/Cronet/tests/common/AndroidTest.xml
index 33c3184..bded8fb 100644
--- a/Cronet/tests/common/AndroidTest.xml
+++ b/Cronet/tests/common/AndroidTest.xml
@@ -19,6 +19,11 @@
<option name="install-arg" value="-t" />
</target_preparer>
<option name="test-tag" value="NetHttpCoverageTests" />
+
+ <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
+ <option name="push-file" key="net" value="/storage/emulated/0/chromium_tests_root/net" />
+ <option name="push-file" key="test_server" value="/storage/emulated/0/chromium_tests_root/components/cronet/testing/test_server" />
+ </target_preparer>
<!-- Tethering/Connectivity is a SDK 30+ module -->
<!-- TODO Switch back to Sdk30 when b/270049141 is fixed -->
<object type="module_controller"
@@ -42,11 +47,14 @@
<option name="exclude-filter" value="org.chromium.net.CronetUrlRequestTest#testSSLCertificateError" />
<!-- b/316559294 -->
<option name="exclude-filter" value="org.chromium.net.NQETest#testQuicDisabled" />
+ <!-- b/316559294 -->
+ <option name="exclude-filter" value="org.chromium.net.NQETest#testPrefsWriteRead" />
<!-- b/316554711-->
<option name="exclude-filter" value="org.chromium.net.NetworkChangesTest" />
<!-- b/316550794 -->
<option name="exclude-filter" value="org.chromium.net.impl.CronetLoggerTest#testEngineCreation" />
<option name="hidden-api-checks" value="false"/>
+ <option name="isolated-storage" value="false"/>
<option
name="device-listeners"
value="com.android.modules.utils.testing.NativeCoverageHackInstrumentationListener" />
diff --git a/Cronet/tests/mts/Android.bp b/Cronet/tests/mts/Android.bp
index 63905c8..743a1ca 100644
--- a/Cronet/tests/mts/Android.bp
+++ b/Cronet/tests/mts/Android.bp
@@ -48,19 +48,20 @@
}
android_test {
- name: "NetHttpTests",
- defaults: [
+ name: "NetHttpTests",
+ defaults: [
"mts-target-sdk-version-current",
- ],
- static_libs: ["NetHttpTestsLibPreJarJar"],
- jarjar_rules: ":net-http-test-jarjar-rules",
- jni_libs: [
+ ],
+ static_libs: ["NetHttpTestsLibPreJarJar"],
+ jarjar_rules: ":net-http-test-jarjar-rules",
+ jni_libs: [
"cronet_aml_components_cronet_android_cronet__testing",
"cronet_aml_components_cronet_android_cronet_tests__testing",
- ],
- test_suites: [
- "general-tests",
- "mts-tethering",
- ],
+ "cronet_aml_third_party_netty_tcnative_netty_tcnative_so__testing",
+ ],
+ test_suites: [
+ "general-tests",
+ "mts-tethering",
+ ],
+ data: [":cronet_javatests_resources"],
}
-
diff --git a/Cronet/tests/mts/AndroidManifest.xml b/Cronet/tests/mts/AndroidManifest.xml
index f597134..2c56e3a 100644
--- a/Cronet/tests/mts/AndroidManifest.xml
+++ b/Cronet/tests/mts/AndroidManifest.xml
@@ -19,6 +19,7 @@
package="android.net.http.mts">
<uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
+ <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.INTERNET"/>
<application android:networkSecurityConfig="@xml/network_security_config">
diff --git a/Cronet/tests/mts/AndroidTest.xml b/Cronet/tests/mts/AndroidTest.xml
index 3470531..bccbe29 100644
--- a/Cronet/tests/mts/AndroidTest.xml
+++ b/Cronet/tests/mts/AndroidTest.xml
@@ -24,6 +24,11 @@
<option name="test-file-name" value="NetHttpTests.apk" />
</target_preparer>
+ <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
+ <option name="push-file" key="net" value="/storage/emulated/0/chromium_tests_root/net" />
+ <option name="push-file" key="test_server" value="/storage/emulated/0/chromium_tests_root/components/cronet/testing/test_server" />
+ </target_preparer>
+
<option name="test-tag" value="NetHttpTests" />
<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
<option name="package" value="android.net.http.mts" />
@@ -42,11 +47,14 @@
<option name="exclude-filter" value="org.chromium.net.CronetUrlRequestTest#testSSLCertificateError" />
<!-- b/316559294 -->
<option name="exclude-filter" value="org.chromium.net.NQETest#testQuicDisabled" />
+ <!-- b/316559294 -->
+ <option name="exclude-filter" value="org.chromium.net.NQETest#testPrefsWriteRead" />
<!-- b/316554711-->
- <option name="exclude-filter" value="org.chromium.net.NetworkChangesTest" />
+ <option name="exclude-filter" value="org.chromium.net.NetworkChangesTest" />
<!-- b/316550794 -->
<option name="exclude-filter" value="org.chromium.net.impl.CronetLoggerTest#testEngineCreation" />
<option name="hidden-api-checks" value="false"/>
+ <option name="isolated-storage" value="false"/>
</test>
<!-- Only run NetHttpTests in MTS if the Tethering Mainline module is installed. -->
diff --git a/Cronet/tests/mts/jarjar_excludes.txt b/Cronet/tests/mts/jarjar_excludes.txt
index fd0a0f6..b5cdf6e 100644
--- a/Cronet/tests/mts/jarjar_excludes.txt
+++ b/Cronet/tests/mts/jarjar_excludes.txt
@@ -2,6 +2,8 @@
com\.android\.testutils\..+
# jarjar-gen can't handle some kotlin object expression, exclude packages that include them
androidx\..+
+# don't jarjar netty as it does JNI
+io\.netty\..+
kotlin\.test\..+
kotlin\.reflect\..+
org\.mockito\..+
@@ -12,10 +14,16 @@
org\.chromium\.base\..+
J\.cronet_tests_N(\$.+)?
+# don't jarjar automatically generated FooJni files.
+org\.chromium\.net\..+Jni(\$.+)?
+
# Do not jarjar the tests and its utils as they also do JNI with cronet_tests.so
org\.chromium\.net\..*Test.*(\$.+)?
org\.chromium\.net\.NativeTestServer(\$.+)?
org\.chromium\.net\.MockUrlRequestJobFactory(\$.+)?
org\.chromium\.net\.QuicTestServer(\$.+)?
org\.chromium\.net\.MockCertVerifier(\$.+)?
-org\.chromium\.net\.LogcatCapture(\$.+)?
\ No newline at end of file
+org\.chromium\.net\.LogcatCapture(\$.+)?
+org\.chromium\.net\.ReportingCollector(\$.+)?
+org\.chromium\.net\.Http2TestServer(\$.+)?
+org\.chromium\.net\.Http2TestHandler(\$.+)?
\ No newline at end of file
diff --git a/Cronet/tests/mts/res/raw/quicroot.pem b/Cronet/tests/mts/res/raw/quicroot.pem
new file mode 100644
index 0000000..af21b3e
--- /dev/null
+++ b/Cronet/tests/mts/res/raw/quicroot.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/jCCAeagAwIBAgIUXOi6XoxnMUjJg4jeOwRhsdqEqEQwDQYJKoZIhvcNAQEL
+BQAwFzEVMBMGA1UEAwwMVGVzdCBSb290IENBMB4XDTIzMDYwMTExMjcwMFoXDTMz
+MDUyOTExMjcwMFowFzEVMBMGA1UEAwwMVGVzdCBSb290IENBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9xCMPMIvfmJWz25AG/VtgWbqNs67HXQbXWf
+pDF2wjQpHVOYbfl7Zgly5O+5es1aUbJaGyZ9G6xuYSXKFnnYLoP7M86O05fQQBAj
+K+IE5nO6136ksCAfxCFTFfn4vhPvK8Vba5rqox4WeIXYKvHYSoiHz0ELrnFOHcyN
+Innyze7bLtkMCA1ShHpmvDCR+U3Uj6JwOfoirn29jjU/48/ORha7dcJYtYXk2eGo
+RJfrtIx20tXAaKaGnXOCGYbEVXTeQkQPqKFVzqP7+KYS/Y8eNFV35ugpLNES+44T
+bQ2QruTZdrNRjJkEoyiB/E53a0OUltB/R7Z0L0xstnKfsAf3OwIDAQABo0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUVdXNh2lk
+51/6hMmz0Z+OpIe8+f0wDQYJKoZIhvcNAQELBQADggEBADNg7G8n6DUrQ5doXzm9
+kOp5siX6iPs0zFReXKhIT1Gef63l3tb7AdPedF03aj9XkUt0shhNOGG5SK2k5KBQ
+MJc9muYRCAyo2xMr3rFUQdI5B51SCy5HeAMralgTHXN0Hv+TH04YfRrACVmr+5ke
+pH3bF1gYaT+Zy5/pHJnV5lcwS6/H44g9XXWIopjWCwbfzKxIuWofqL4fiToPSIYu
+MCUI4bKZipcJT5O6rdz/S9lbgYVjOJ4HAoT2icNQqNMMfULKevmF8SdJzfNd35yn
+tAKTROhIE2aQRVCclrjo/T3eyjWGGoJlGmxKbeCf/rXzcn1BRtk/UzLnbUFFlg5l
+axw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/Cronet/tests/mts/res/xml/network_security_config.xml b/Cronet/tests/mts/res/xml/network_security_config.xml
index d44c36f..32b7171 100644
--- a/Cronet/tests/mts/res/xml/network_security_config.xml
+++ b/Cronet/tests/mts/res/xml/network_security_config.xml
@@ -17,18 +17,31 @@
-->
<network-security-config>
- <domain-config cleartextTrafficPermitted="true">
- <!-- Used as the base URL by native test server (net::EmbeddedTestServer) -->
- <domain includeSubdomains="true">127.0.0.1</domain>
- <!-- Used by CronetHttpURLConnectionTest#testIOExceptionInterruptRethrown -->
- <domain includeSubdomains="true">localhost</domain>
- <!-- Used by CronetHttpURLConnectionTest#testBadIP -->
- <domain includeSubdomains="true">0.0.0.0</domain>
- <!-- Used by CronetHttpURLConnectionTest#testSetUseCachesFalse -->
- <domain includeSubdomains="true">host-cache-test-host</domain>
- <!-- Used by CronetHttpURLConnectionTest#testBadHostname -->
- <domain includeSubdomains="true">this-weird-host-name-does-not-exist</domain>
- <!-- Used by CronetUrlRequestContextTest#testHostResolverRules -->
- <domain includeSubdomains="true">some-weird-hostname</domain>
- </domain-config>
+ <base-config>
+ <trust-anchors>
+ <certificates src="@raw/quicroot"/>
+ <certificates src="system"/>
+ </trust-anchors>
+ </base-config>
+ <!-- Since Android 9 (API 28) cleartext support is disabled by default, this
+ causes some of our tests to fail (see crbug/1220357).
+ The following configs allow http requests for the domains used in these
+ tests.
+
+ TODO(stefanoduo): Figure out if we really need to use http for these tests
+ -->
+ <domain-config cleartextTrafficPermitted="true">
+ <!-- Used as the base URL by native test server (net::EmbeddedTestServer) -->
+ <domain includeSubdomains="true">127.0.0.1</domain>
+ <!-- Used by CronetHttpURLConnectionTest#testIOExceptionInterruptRethrown -->
+ <domain includeSubdomains="true">localhost</domain>
+ <!-- Used by CronetHttpURLConnectionTest#testBadIP -->
+ <domain includeSubdomains="true">0.0.0.0</domain>
+ <!-- Used by CronetHttpURLConnectionTest#testSetUseCachesFalse -->
+ <domain includeSubdomains="true">host-cache-test-host</domain>
+ <!-- Used by CronetHttpURLConnectionTest#testBadHostname -->
+ <domain includeSubdomains="true">this-weird-host-name-does-not-exist</domain>
+ <!-- Used by CronetUrlRequestContextTest#testHostResolverRules -->
+ <domain includeSubdomains="true">some-weird-hostname</domain>
+ </domain-config>
</network-security-config>
\ No newline at end of file
diff --git a/framework-t/src/android/net/NetworkStatsAccess.java b/framework-t/src/android/net/NetworkStatsAccess.java
index 23902dc..7fe499b 100644
--- a/framework-t/src/android/net/NetworkStatsAccess.java
+++ b/framework-t/src/android/net/NetworkStatsAccess.java
@@ -23,6 +23,7 @@
import android.Manifest;
import android.annotation.IntDef;
+import android.annotation.Nullable;
import android.app.AppOpsManager;
import android.app.admin.DevicePolicyManager;
import android.content.Context;
@@ -109,7 +110,7 @@
/** Returns the {@link NetworkStatsAccess.Level} for the given caller. */
public static @NetworkStatsAccess.Level int checkAccessLevel(
- Context context, int callingPid, int callingUid, String callingPackage) {
+ Context context, int callingPid, int callingUid, @Nullable String callingPackage) {
final DevicePolicyManager mDpm = context.getSystemService(DevicePolicyManager.class);
final TelephonyManager tm = (TelephonyManager)
context.getSystemService(Context.TELEPHONY_SERVICE);
diff --git a/framework/jni/android_net_NetworkUtils.cpp b/framework/jni/android_net_NetworkUtils.cpp
index 5403be7..51eaf1c 100644
--- a/framework/jni/android_net_NetworkUtils.cpp
+++ b/framework/jni/android_net_NetworkUtils.cpp
@@ -24,6 +24,7 @@
#include <string.h>
#include <bpf/BpfClassic.h>
+#include <bpf/KernelUtils.h>
#include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
#include <nativehelper/JNIPlatformHelp.h>
#include <nativehelper/ScopedPrimitiveArray.h>
@@ -250,6 +251,10 @@
}
}
+static jboolean android_net_utils_isKernel64Bit(JNIEnv *env, jclass clazz) {
+ return bpf::isKernel64Bit();
+}
+
// ----------------------------------------------------------------------------
/*
@@ -272,6 +277,7 @@
{ "getDnsNetwork", "()Landroid/net/Network;", (void*) android_net_utils_getDnsNetwork },
{ "setsockoptBytes", "(Ljava/io/FileDescriptor;II[B)V",
(void*) android_net_utils_setsockoptBytes},
+ { "isKernel64Bit", "()Z", (void*) android_net_utils_isKernel64Bit },
};
// clang-format on
diff --git a/framework/src/android/net/NetworkUtils.java b/framework/src/android/net/NetworkUtils.java
index fbdc024..785c029 100644
--- a/framework/src/android/net/NetworkUtils.java
+++ b/framework/src/android/net/NetworkUtils.java
@@ -438,4 +438,6 @@
public static native void setsockoptBytes(FileDescriptor fd, int level, int option,
byte[] value) throws ErrnoException;
+ /** Returns whether the Linux Kernel is 64 bit */
+ public static native boolean isKernel64Bit();
}
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index eb75461..7cf6293 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -492,9 +492,10 @@
*/
private static class OpenSessionKey {
public final int uid;
+ @Nullable
public final String packageName;
- OpenSessionKey(int uid, @NonNull String packageName) {
+ OpenSessionKey(int uid, @Nullable String packageName) {
this.uid = uid;
this.packageName = packageName;
}
@@ -1461,7 +1462,7 @@
return now - lastCallTime < POLL_RATE_LIMIT_MS;
}
- private int restrictFlagsForCaller(int flags, @NonNull String callingPackage) {
+ private int restrictFlagsForCaller(int flags, @Nullable String callingPackage) {
// All non-privileged callers are not allowed to turn off POLL_ON_OPEN.
final boolean isPrivileged = PermissionUtils.checkAnyPermissionOf(mContext,
NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK,
@@ -1478,7 +1479,8 @@
return flags;
}
- private INetworkStatsSession openSessionInternal(final int flags, final String callingPackage) {
+ private INetworkStatsSession openSessionInternal(
+ final int flags, @Nullable final String callingPackage) {
final int restrictedFlags = restrictFlagsForCaller(flags, callingPackage);
if ((restrictedFlags & (NetworkStatsManager.FLAG_POLL_ON_OPEN
| NetworkStatsManager.FLAG_POLL_FORCE)) != 0) {
@@ -1495,6 +1497,7 @@
return new INetworkStatsSession.Stub() {
private final int mCallingUid = Binder.getCallingUid();
+ @Nullable
private final String mCallingPackage = callingPackage;
private final @NetworkStatsAccess.Level int mAccessLevel = checkAccessLevel(
callingPackage);
@@ -1633,7 +1636,7 @@
}
private void enforceTemplatePermissions(@NonNull NetworkTemplate template,
- @NonNull String callingPackage) {
+ @Nullable String callingPackage) {
// For a template with wifi network keys, it is possible for a malicious
// client to track the user locations via querying data usage. Thus, enforce
// fine location permission check.
@@ -1654,7 +1657,7 @@
}
}
- private @NetworkStatsAccess.Level int checkAccessLevel(String callingPackage) {
+ private @NetworkStatsAccess.Level int checkAccessLevel(@Nullable String callingPackage) {
return NetworkStatsAccess.checkAccessLevel(
mContext, Binder.getCallingPid(), Binder.getCallingUid(), callingPackage);
}
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 3391323..1264b0c 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -3021,26 +3021,6 @@
return false;
}
- private int getAppUid(final String app, final UserHandle user) {
- final PackageManager pm =
- mContext.createContextAsUser(user, 0 /* flags */).getPackageManager();
- final long token = Binder.clearCallingIdentity();
- try {
- return pm.getPackageUid(app, 0 /* flags */);
- } catch (PackageManager.NameNotFoundException e) {
- return -1;
- } finally {
- Binder.restoreCallingIdentity(token);
- }
- }
-
- private void verifyCallingUidAndPackage(String packageName, int callingUid) {
- final UserHandle user = UserHandle.getUserHandleForUid(callingUid);
- if (getAppUid(packageName, user) != callingUid) {
- throw new SecurityException(packageName + " does not belong to uid " + callingUid);
- }
- }
-
/**
* Ensure that a network route exists to deliver traffic to the specified
* host via the specified network interface.
@@ -3056,7 +3036,8 @@
if (disallowedBecauseSystemCaller()) {
return false;
}
- verifyCallingUidAndPackage(callingPackageName, mDeps.getCallingUid());
+ PermissionUtils.enforcePackageNameMatchesUid(
+ mContext, mDeps.getCallingUid(), callingPackageName);
enforceChangePermission(callingPackageName, callingAttributionTag);
if (mProtectedNetworks.contains(networkType)) {
enforceConnectivityRestrictedNetworksPermission(true /* checkUidsAllowedList */);
diff --git a/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java b/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java
index cd1f31c..f6bee69 100644
--- a/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java
+++ b/staticlibs/framework/com/android/net/module/util/LocationPermissionChecker.java
@@ -189,8 +189,9 @@
* @param message A message describing why the permission was checked. Only needed if this is
* not inside of a two-way binder call from the data receiver
*/
- public boolean checkCallersLocationPermission(String pkgName, @Nullable String featureId,
- int uid, boolean coarseForTargetSdkLessThanQ, @Nullable String message) {
+ public boolean checkCallersLocationPermission(@Nullable String pkgName,
+ @Nullable String featureId, int uid, boolean coarseForTargetSdkLessThanQ,
+ @Nullable String message) {
boolean isTargetSdkLessThanQ = isTargetSdkLessThan(pkgName, Build.VERSION_CODES.Q, uid);
diff --git a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
index 8315b8f..f167d3d 100644
--- a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
+++ b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
@@ -27,7 +27,9 @@
import android.annotation.Nullable;
import android.content.Context;
import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
import android.os.Binder;
+import android.os.UserHandle;
import java.io.PrintWriter;
import java.util.ArrayList;
@@ -183,4 +185,33 @@
}
return result;
}
+
+ /**
+ * Enforces that the given package name belongs to the given uid.
+ *
+ * @param context {@link android.content.Context} for the process.
+ * @param uid User ID to check the package ownership for.
+ * @param packageName Package name to verify.
+ * @throws SecurityException If the package does not belong to the specified uid.
+ */
+ public static void enforcePackageNameMatchesUid(
+ @NonNull Context context, int uid, @Nullable String packageName) {
+ final UserHandle user = UserHandle.getUserHandleForUid(uid);
+ if (getAppUid(context, packageName, user) != uid) {
+ throw new SecurityException(packageName + " does not belong to uid " + uid);
+ }
+ }
+
+ private static int getAppUid(Context context, final String app, final UserHandle user) {
+ final PackageManager pm =
+ context.createContextAsUser(user, 0 /* flags */).getPackageManager();
+ final long token = Binder.clearCallingIdentity();
+ try {
+ return pm.getPackageUid(app, 0 /* flags */);
+ } catch (PackageManager.NameNotFoundException e) {
+ return -1;
+ } finally {
+ Binder.restoreCallingIdentity(token);
+ }
+ }
}
diff --git a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
index c5a91a4..d5b43fb 100644
--- a/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
+++ b/staticlibs/tests/unit/src/com/android/net/module/util/PermissionUtilsTest.kt
@@ -19,6 +19,7 @@
import android.Manifest.permission.NETWORK_STACK
import android.content.Context
import android.content.pm.PackageManager
+import android.content.pm.PackageManager.NameNotFoundException
import android.content.pm.PackageManager.PERMISSION_DENIED
import android.content.pm.PackageManager.PERMISSION_GRANTED
import android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK
@@ -28,6 +29,7 @@
import com.android.net.module.util.PermissionUtils.enforceAnyPermissionOf
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermission
import com.android.net.module.util.PermissionUtils.enforceNetworkStackPermissionOr
+import com.android.net.module.util.PermissionUtils.enforcePackageNameMatchesUid
import com.android.net.module.util.PermissionUtils.enforceSystemFeature
import com.android.testutils.DevSdkIgnoreRule
import com.android.testutils.DevSdkIgnoreRunner
@@ -42,7 +44,10 @@
import org.junit.runner.RunWith
import org.mockito.ArgumentMatchers
import org.mockito.ArgumentMatchers.any
+import org.mockito.ArgumentMatchers.anyInt
+import org.mockito.ArgumentMatchers.eq
import org.mockito.Mockito.doReturn
+import org.mockito.Mockito.doThrow
import org.mockito.Mockito.mock
/** Tests for PermissionUtils */
@@ -53,6 +58,9 @@
val ignoreRule = DevSdkIgnoreRule()
private val TEST_PERMISSION1 = "android.permission.TEST_PERMISSION1"
private val TEST_PERMISSION2 = "android.permission.TEST_PERMISSION2"
+ private val TEST_UID1 = 1234
+ private val TEST_UID2 = 1235
+ private val TEST_PACKAGE_NAME = "test.package"
private val mockContext = mock(Context::class.java)
private val mockPackageManager = mock(PackageManager::class.java)
@@ -61,6 +69,7 @@
@Before
fun setup() {
doReturn(mockPackageManager).`when`(mockContext).packageManager
+ doReturn(mockContext).`when`(mockContext).createContextAsUser(any(), anyInt())
}
@Test
@@ -141,4 +150,24 @@
Assert.fail("Exception should have not been thrown with system feature enabled")
}
}
+
+ @Test
+ fun testEnforcePackageNameMatchesUid() {
+ // Verify name not found throws.
+ doThrow(NameNotFoundException()).`when`(mockPackageManager)
+ .getPackageUid(eq(TEST_PACKAGE_NAME), anyInt())
+ assertFailsWith<SecurityException> {
+ enforcePackageNameMatchesUid(mockContext, TEST_UID1, TEST_PACKAGE_NAME)
+ }
+
+ // Verify uid mismatch throws.
+ doReturn(TEST_UID1).`when`(mockPackageManager)
+ .getPackageUid(eq(TEST_PACKAGE_NAME), anyInt())
+ assertFailsWith<SecurityException> {
+ enforcePackageNameMatchesUid(mockContext, TEST_UID2, TEST_PACKAGE_NAME)
+ }
+
+ // Verify uid match passes.
+ enforcePackageNameMatchesUid(mockContext, TEST_UID1, TEST_PACKAGE_NAME)
+ }
}
diff --git a/tests/unit/java/android/net/NetworkUtilsTest.java b/tests/unit/java/android/net/NetworkUtilsTest.java
index 5d789b4..2bf2211 100644
--- a/tests/unit/java/android/net/NetworkUtilsTest.java
+++ b/tests/unit/java/android/net/NetworkUtilsTest.java
@@ -21,8 +21,14 @@
import static android.system.OsConstants.SOCK_DGRAM;
import static android.system.OsConstants.SOL_SOCKET;
import static android.system.OsConstants.SO_RCVTIMEO;
+
+import static com.android.compatibility.common.util.PropertyUtil.getVsrApiLevel;
+
import static junit.framework.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
+
import android.os.Build;
import android.system.ErrnoException;
import android.system.Os;
@@ -38,7 +44,6 @@
import org.junit.runner.RunWith;
import java.io.FileDescriptor;
-import java.io.IOException;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
@@ -167,4 +172,10 @@
assertEquals(writeTimeval, readTimeval);
SocketUtils.closeSocketQuietly(sock);
}
+
+ @Test
+ public void testIsKernel64Bit() {
+ assumeTrue(getVsrApiLevel() > Build.VERSION_CODES.TIRAMISU);
+ assertTrue(NetworkUtils.isKernel64Bit());
+ }
}
diff --git a/tests/unit/java/com/android/server/connectivity/NetworkRequestStateStatsMetricsTest.java b/tests/unit/java/com/android/server/connectivity/NetworkRequestStateStatsMetricsTest.java
index e8b62f8..8dc0528 100644
--- a/tests/unit/java/com/android/server/connectivity/NetworkRequestStateStatsMetricsTest.java
+++ b/tests/unit/java/com/android/server/connectivity/NetworkRequestStateStatsMetricsTest.java
@@ -27,7 +27,6 @@
import static org.mockito.Mockito.clearInvocations;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.timeout;
-import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import android.net.NetworkCapabilities;
@@ -99,11 +98,10 @@
// This call will be used to calculate NR received time
Mockito.when(mNRStateInfoDeps.getElapsedRealtime()).thenReturn(nrStartTime);
mNetworkRequestStateStatsMetrics.onNetworkRequestReceived(NOT_METERED_WIFI_NETWORK_REQUEST);
- HandlerUtils.waitForIdle(mHandlerThread, TIMEOUT_MS);
ArgumentCaptor<NetworkRequestStateInfo> networkRequestStateInfoCaptor =
ArgumentCaptor.forClass(NetworkRequestStateInfo.class);
- verify(mNRStateStatsDeps, times(1))
+ verify(mNRStateStatsDeps, timeout(TIMEOUT_MS))
.writeStats(networkRequestStateInfoCaptor.capture());
NetworkRequestStateInfo nrStateInfoSent = networkRequestStateInfoCaptor.getValue();
@@ -120,9 +118,8 @@
// This call will be used to calculate NR removed time
Mockito.when(mNRStateInfoDeps.getElapsedRealtime()).thenReturn(nrEndTime);
mNetworkRequestStateStatsMetrics.onNetworkRequestRemoved(NOT_METERED_WIFI_NETWORK_REQUEST);
- HandlerUtils.waitForIdle(mHandlerThread, TIMEOUT_MS);
- verify(mNRStateStatsDeps, times(1))
+ verify(mNRStateStatsDeps, timeout(TIMEOUT_MS))
.writeStats(networkRequestStateInfoCaptor.capture());
nrStateInfoSent = networkRequestStateInfoCaptor.getValue();
@@ -147,8 +144,7 @@
@Test
public void testNoMessagesWhenNetworkRequestReceived() {
mNetworkRequestStateStatsMetrics.onNetworkRequestReceived(NOT_METERED_WIFI_NETWORK_REQUEST);
- HandlerUtils.waitForIdle(mHandlerThread, TIMEOUT_MS);
- verify(mNRStateStatsDeps, times(1))
+ verify(mNRStateStatsDeps, timeout(TIMEOUT_MS))
.writeStats(any(NetworkRequestStateInfo.class));
clearInvocations(mNRStateStatsDeps);
@@ -184,7 +180,7 @@
// Check only first MAX_QUEUED_REQUESTS events are logged.
ArgumentCaptor<NetworkRequestStateInfo> networkRequestStateInfoCaptor =
ArgumentCaptor.forClass(NetworkRequestStateInfo.class);
- verify(mNRStateStatsDeps, timeout(100).times(
+ verify(mNRStateStatsDeps, timeout(TIMEOUT_MS).times(
NetworkRequestStateStatsMetrics.MAX_QUEUED_REQUESTS))
.writeStats(networkRequestStateInfoCaptor.capture());
for (int i = 0; i < NetworkRequestStateStatsMetrics.MAX_QUEUED_REQUESTS; i++) {