Merge "cts: fix android.net.cts.VpnServiceTest#testProtect_int flake" into main
diff --git a/staticlibs/Android.bp b/staticlibs/Android.bp
index 59a63f2..621759e 100644
--- a/staticlibs/Android.bp
+++ b/staticlibs/Android.bp
@@ -74,7 +74,10 @@
       "framework-configinfrastructure",
       "framework-connectivity.stubs.module_lib",
   ],
-  lint: { strict_updatability_linting: true },
+  lint: {
+      strict_updatability_linting: true,
+      error_checks: ["NewApi"],
+  },
 }
 
 java_defaults {
@@ -141,7 +144,10 @@
         "com.android.tethering",
         "//apex_available:platform",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 java_library {
@@ -169,7 +175,10 @@
         "com.android.tethering",
         "//apex_available:platform",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 java_library {
@@ -194,7 +203,10 @@
         "com.android.tethering",
         "//apex_available:platform",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 java_library {
@@ -223,7 +235,10 @@
         "com.android.tethering",
         "//apex_available:platform",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 java_library {
@@ -258,7 +273,10 @@
         "//packages/modules/Wifi/framework/tests:__subpackages__",
         "//packages/apps/Settings",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
     errorprone: {
         enabled: true,
         // Error-prone checking only warns of problems when building. To make the build fail with
@@ -301,7 +319,10 @@
         "//packages/modules/Bluetooth/android/app",
         "//packages/modules/Wifi/service:__subpackages__",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 java_library {
@@ -323,7 +344,10 @@
         "com.android.tethering",
         "//apex_available:platform",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 java_library {
@@ -346,7 +370,10 @@
         "com.android.tethering",
         "//apex_available:platform",
     ],
-    lint: { strict_updatability_linting: true },
+    lint: {
+        strict_updatability_linting: true,
+        error_checks: ["NewApi"],
+    },
 }
 
 // Limited set of utilities for use by service-connectivity-mdns-standalone-build-test, to make sure
diff --git a/staticlibs/device/com/android/net/module/util/SocketUtils.java b/staticlibs/device/com/android/net/module/util/SocketUtils.java
index 9878ea5..5e6a6c6 100644
--- a/staticlibs/device/com/android/net/module/util/SocketUtils.java
+++ b/staticlibs/device/com/android/net/module/util/SocketUtils.java
@@ -19,6 +19,8 @@
 import static android.net.util.SocketUtils.closeSocket;
 
 import android.annotation.NonNull;
+import android.annotation.RequiresApi;
+import android.os.Build;
 import android.system.NetlinkSocketAddress;
 
 import java.io.FileDescriptor;
@@ -39,7 +41,7 @@
     /**
      * Make a socket address to communicate with netlink.
      */
-    @NonNull
+    @NonNull @RequiresApi(Build.VERSION_CODES.S)
     public static SocketAddress makeNetlinkSocketAddress(int portId, int groupsMask) {
         return new NetlinkSocketAddress(portId, groupsMask);
     }
diff --git a/staticlibs/lint-baseline.xml b/staticlibs/lint-baseline.xml
deleted file mode 100644
index d413b2a..0000000
--- a/staticlibs/lint-baseline.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<issues format="6" by="lint 8.0.0-dev" type="baseline" dependencies="true" variant="all" version="8.0.0-dev">
-
-    <issue
-        id="NewApi"
-        message="Call requires API level 30 (current min is 29): `android.net.LinkProperties#getAddresses`"
-        errorLine1="        final Collection&lt;InetAddress&gt; leftAddresses = left.getAddresses();"
-        errorLine2="                                                           ~~~~~~~~~~~~">
-        <location
-            file="frameworks/libs/net/common/framework/com/android/net/module/util/LinkPropertiesUtils.java"
-            line="158"
-            column="60"/>
-    </issue>
-
-    <issue
-        id="NewApi"
-        message="Call requires API level 30 (current min is 29): `android.net.LinkProperties#getAddresses`"
-        errorLine1="        final Collection&lt;InetAddress&gt; rightAddresses = right.getAddresses();"
-        errorLine2="                                                             ~~~~~~~~~~~~">
-        <location
-            file="frameworks/libs/net/common/framework/com/android/net/module/util/LinkPropertiesUtils.java"
-            line="159"
-            column="62"/>
-    </issue>
-
-    <issue
-        id="NewApi"
-        message="Call requires API level 30 (current min is 29): `android.net.NetworkStats#addEntry`"
-        errorLine1="            stats = stats.addEntry(entry);"
-        errorLine2="                          ~~~~~~~~">
-        <location
-            file="frameworks/libs/net/common/framework/com/android/net/module/util/NetworkStatsUtils.java"
-            line="113"
-            column="27"/>
-    </issue>
-
-    <issue
-        id="NewApi"
-        message="Call requires API level 30 (current min is 29): `new android.net.NetworkStats.Entry`"
-        errorLine1="        return new android.net.NetworkStats.Entry("
-        errorLine2="               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~">
-        <location
-            file="frameworks/libs/net/common/framework/com/android/net/module/util/NetworkStatsUtils.java"
-            line="120"
-            column="16"/>
-    </issue>
-
-    <issue
-        id="NewApi"
-        message="Call requires API level 30 (current min is 29): `new android.net.NetworkStats`"
-        errorLine1="        android.net.NetworkStats stats = new android.net.NetworkStats(0L, 0);"
-        errorLine2="                                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~">
-        <location
-            file="frameworks/libs/net/common/framework/com/android/net/module/util/NetworkStatsUtils.java"
-            line="108"
-            column="42"/>
-    </issue>
-
-    <issue
-        id="NewApi"
-        message="Call requires API level 31 (current min is 29): `new android.system.NetlinkSocketAddress`"
-        errorLine1="        return new NetlinkSocketAddress(portId, groupsMask);"
-        errorLine2="               ~~~~~~~~~~~~~~~~~~~~~~~~">
-        <location
-            file="frameworks/libs/net/common/device/com/android/net/module/util/SocketUtils.java"
-            line="44"
-            column="16"/>
-    </issue>
-
-</issues>
\ No newline at end of file
diff --git a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
index d2c9481..62614c1 100644
--- a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
@@ -47,6 +47,7 @@
 import static android.net.ConnectivityManager.FIREWALL_CHAIN_RESTRICTED;
 import static android.net.ConnectivityManager.FIREWALL_CHAIN_STANDBY;
 import static android.net.ConnectivityManager.FIREWALL_RULE_ALLOW;
+import static android.net.ConnectivityManager.FIREWALL_RULE_DEFAULT;
 import static android.net.ConnectivityManager.FIREWALL_RULE_DENY;
 import static android.net.ConnectivityManager.PROFILE_NETWORK_PREFERENCE_ENTERPRISE;
 import static android.net.ConnectivityManager.TYPE_BLUETOOTH;
@@ -3591,6 +3592,15 @@
         }
     }
 
+    private void setUidFirewallRule(final int chain, final int uid, final int rule) {
+        try {
+            mCm.setUidFirewallRule(chain, uid, rule);
+        } catch (IllegalStateException ignored) {
+            // Removing match causes an exception when the rule entry for the uid does
+            // not exist. But this is fine and can be ignored.
+        }
+    }
+
     private static final boolean EXPECT_OPEN = false;
     private static final boolean EXPECT_CLOSE = true;
 
@@ -3599,6 +3609,8 @@
         runWithShellPermissionIdentity(() -> {
             // Firewall chain status will be restored after the test.
             final boolean wasChainEnabled = mCm.getFirewallChainEnabled(chain);
+            final int myUid = Process.myUid();
+            final int previousMyUidFirewallRule = mCm.getUidFirewallRule(chain, myUid);
             final int previousUidFirewallRule = mCm.getUidFirewallRule(chain, targetUid);
             final Socket socket = new Socket(TEST_HOST, HTTP_PORT);
             socket.setSoTimeout(NETWORK_REQUEST_TIMEOUT_MS);
@@ -3606,12 +3618,12 @@
                 mCm.setFirewallChainEnabled(chain, false /* enable */);
                 assertSocketOpen(socket);
 
-                try {
-                    mCm.setUidFirewallRule(chain, targetUid, rule);
-                } catch (IllegalStateException ignored) {
-                    // Removing match causes an exception when the rule entry for the uid does
-                    // not exist. But this is fine and can be ignored.
+                setUidFirewallRule(chain, targetUid, rule);
+                if (targetUid != myUid) {
+                    // If this test does not set rule on myUid, remove existing rule on myUid
+                    setUidFirewallRule(chain, myUid, FIREWALL_RULE_DEFAULT);
                 }
+
                 mCm.setFirewallChainEnabled(chain, true /* enable */);
 
                 if (expectClose) {
@@ -3624,11 +3636,9 @@
                     mCm.setFirewallChainEnabled(chain, wasChainEnabled);
                 }, /* cleanup */ () -> {
                     // Restore the uid firewall rule status
-                    try {
-                        mCm.setUidFirewallRule(chain, targetUid, previousUidFirewallRule);
-                    } catch (IllegalStateException ignored) {
-                        // Removing match causes an exception when the rule entry for the uid does
-                        // not exist. But this is fine and can be ignored.
+                    setUidFirewallRule(chain, targetUid, previousUidFirewallRule);
+                    if (targetUid != myUid) {
+                        setUidFirewallRule(chain, myUid, previousMyUidFirewallRule);
                     }
                 }, /* cleanup */ () -> {
                     socket.close();