Merge "EthernetTetheringTest: testTetherUdpV4Dns"
diff --git a/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java b/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java
index 4c08b27..876b945 100644
--- a/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java
+++ b/Tethering/tests/integration/src/android/net/EthernetTetheringTest.java
@@ -32,7 +32,6 @@
import static android.system.OsConstants.IPPROTO_IPV6;
import static android.system.OsConstants.IPPROTO_UDP;
-import static com.android.net.module.util.BpfDump.BASE64_DELIMITER;
import static com.android.net.module.util.ConnectivityUtils.isIPv6ULA;
import static com.android.net.module.util.HexDump.dumpHexString;
import static com.android.net.module.util.NetworkStackConstants.ETHER_TYPE_IPV4;
@@ -67,8 +66,6 @@
import android.os.SystemClock;
import android.os.SystemProperties;
import android.os.VintfRuntimeInfo;
-import android.text.TextUtils;
-import android.util.Base64;
import android.util.Log;
import android.util.Pair;
@@ -78,6 +75,7 @@
import androidx.test.filters.MediumTest;
import androidx.test.runner.AndroidJUnit4;
+import com.android.net.module.util.BpfDump;
import com.android.net.module.util.Ipv6Utils;
import com.android.net.module.util.PacketBuilder;
import com.android.net.module.util.Struct;
@@ -110,7 +108,6 @@
import java.net.NetworkInterface;
import java.net.SocketException;
import java.nio.ByteBuffer;
-import java.nio.ByteOrder;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
@@ -1339,32 +1336,6 @@
runUdp4Test(true /* verifyBpf */);
}
- @Nullable
- private <K extends Struct, V extends Struct> Pair<K, V> parseMapKeyValue(
- Class<K> keyClass, Class<V> valueClass, @NonNull String dumpStr) {
- Log.w(TAG, "Parsing string: " + dumpStr);
-
- String[] keyValueStrs = dumpStr.split(BASE64_DELIMITER);
- if (keyValueStrs.length != 2 /* key + value */) {
- fail("The length is " + keyValueStrs.length + " but expect 2. "
- + "Split string(s): " + TextUtils.join(",", keyValueStrs));
- }
-
- final byte[] keyBytes = Base64.decode(keyValueStrs[0], Base64.DEFAULT);
- Log.d(TAG, "keyBytes: " + dumpHexString(keyBytes));
- final ByteBuffer keyByteBuffer = ByteBuffer.wrap(keyBytes);
- keyByteBuffer.order(ByteOrder.nativeOrder());
- final K k = Struct.parse(keyClass, keyByteBuffer);
-
- final byte[] valueBytes = Base64.decode(keyValueStrs[1], Base64.DEFAULT);
- Log.d(TAG, "valueBytes: " + dumpHexString(valueBytes));
- final ByteBuffer valueByteBuffer = ByteBuffer.wrap(valueBytes);
- valueByteBuffer.order(ByteOrder.nativeOrder());
- final V v = Struct.parse(valueClass, valueByteBuffer);
-
- return new Pair<>(k, v);
- }
-
@NonNull
private <K extends Struct, V extends Struct> HashMap<K, V> dumpAndParseRawMap(
Class<K> keyClass, Class<V> valueClass, @NonNull String mapArg)
@@ -1375,7 +1346,8 @@
final HashMap<K, V> map = new HashMap<>();
for (final String line : rawMapStr.split(LINE_DELIMITER)) {
- final Pair<K, V> rule = parseMapKeyValue(keyClass, valueClass, line.trim());
+ final Pair<K, V> rule =
+ BpfDump.fromBase64EncodedString(keyClass, valueClass, line.trim());
map.put(rule.first, rule.second);
}
return map;
diff --git a/service-t/src/com/android/server/NsdService.java b/service-t/src/com/android/server/NsdService.java
index 8818460..1226eea 100644
--- a/service-t/src/com/android/server/NsdService.java
+++ b/service-t/src/com/android/server/NsdService.java
@@ -295,6 +295,13 @@
if (DBG) Log.d(TAG, "Discover services");
args = (ListenerArgs) msg.obj;
clientInfo = mClients.get(args.connector);
+ // If the binder death notification for a INsdManagerCallback was received
+ // before any calls are received by NsdService, the clientInfo would be
+ // cleared and cause NPE. Add a null check here to prevent this corner case.
+ if (clientInfo == null) {
+ Log.e(TAG, "Unknown connector in discovery");
+ break;
+ }
if (requestLimitReached(clientInfo)) {
clientInfo.onDiscoverServicesFailed(
@@ -321,6 +328,13 @@
if (DBG) Log.d(TAG, "Stop service discovery");
args = (ListenerArgs) msg.obj;
clientInfo = mClients.get(args.connector);
+ // If the binder death notification for a INsdManagerCallback was received
+ // before any calls are received by NsdService, the clientInfo would be
+ // cleared and cause NPE. Add a null check here to prevent this corner case.
+ if (clientInfo == null) {
+ Log.e(TAG, "Unknown connector in stop discovery");
+ break;
+ }
try {
id = clientInfo.mClientIds.get(clientId);
@@ -341,6 +355,14 @@
if (DBG) Log.d(TAG, "Register service");
args = (ListenerArgs) msg.obj;
clientInfo = mClients.get(args.connector);
+ // If the binder death notification for a INsdManagerCallback was received
+ // before any calls are received by NsdService, the clientInfo would be
+ // cleared and cause NPE. Add a null check here to prevent this corner case.
+ if (clientInfo == null) {
+ Log.e(TAG, "Unknown connector in registration");
+ break;
+ }
+
if (requestLimitReached(clientInfo)) {
clientInfo.onRegisterServiceFailed(
clientId, NsdManager.FAILURE_MAX_LIMIT);
@@ -363,6 +385,9 @@
if (DBG) Log.d(TAG, "unregister service");
args = (ListenerArgs) msg.obj;
clientInfo = mClients.get(args.connector);
+ // If the binder death notification for a INsdManagerCallback was received
+ // before any calls are received by NsdService, the clientInfo would be
+ // cleared and cause NPE. Add a null check here to prevent this corner case.
if (clientInfo == null) {
Log.e(TAG, "Unknown connector in unregistration");
break;
@@ -380,6 +405,13 @@
if (DBG) Log.d(TAG, "Resolve service");
args = (ListenerArgs) msg.obj;
clientInfo = mClients.get(args.connector);
+ // If the binder death notification for a INsdManagerCallback was received
+ // before any calls are received by NsdService, the clientInfo would be
+ // cleared and cause NPE. Add a null check here to prevent this corner case.
+ if (clientInfo == null) {
+ Log.e(TAG, "Unknown connector in resolution");
+ break;
+ }
if (clientInfo.mResolvedService != null) {
clientInfo.onResolveServiceFailed(
diff --git a/service-t/src/com/android/server/net/NetworkStatsService.java b/service-t/src/com/android/server/net/NetworkStatsService.java
index 96c615b..c4ffdec 100644
--- a/service-t/src/com/android/server/net/NetworkStatsService.java
+++ b/service-t/src/com/android/server/net/NetworkStatsService.java
@@ -154,6 +154,7 @@
import com.android.net.module.util.BaseNetdUnsolicitedEventListener;
import com.android.net.module.util.BestClock;
import com.android.net.module.util.BinderUtils;
+import com.android.net.module.util.BpfDump;
import com.android.net.module.util.BpfMap;
import com.android.net.module.util.CollectionUtils;
import com.android.net.module.util.DeviceConfigUtils;
@@ -2532,6 +2533,7 @@
// usage: dumpsys netstats --full --uid --tag --poll --checkin
final boolean poll = argSet.contains("--poll") || argSet.contains("poll");
final boolean checkin = argSet.contains("--checkin");
+ final boolean bpfRawMap = argSet.contains("--bpfRawMap");
final boolean fullHistory = argSet.contains("--full") || argSet.contains("full");
final boolean includeUid = argSet.contains("--uid") || argSet.contains("detail");
final boolean includeTag = argSet.contains("--tag") || argSet.contains("detail");
@@ -2573,6 +2575,11 @@
return;
}
+ if (bpfRawMap) {
+ dumpRawMapLocked(pw, args);
+ return;
+ }
+
pw.println("Directory:");
pw.increaseIndent();
pw.println(mStatsDir);
@@ -2743,6 +2750,38 @@
proto.flush();
}
+ private <K extends Struct, V extends Struct> void dumpRawMap(IBpfMap<K, V> map,
+ IndentingPrintWriter pw) throws ErrnoException {
+ if (map == null) {
+ pw.println("Map is null");
+ return;
+ }
+ if (map.isEmpty()) {
+ pw.println("No entries");
+ return;
+ }
+ // If there is a concurrent entry deletion, value could be null. http://b/220084230.
+ // Also, map.forEach could restart iteration from the beginning and dump could contain
+ // duplicated entries. User of this dump needs to take care of the duplicated entries.
+ map.forEach((k, v) -> {
+ if (v != null) {
+ pw.println(BpfDump.toBase64EncodedString(k, v));
+ }
+ });
+ }
+
+ @GuardedBy("mStatsLock")
+ private void dumpRawMapLocked(final IndentingPrintWriter pw, final String[] args) {
+ if (CollectionUtils.contains(args, "--cookieTagMap")) {
+ try {
+ dumpRawMap(mCookieTagMap, pw);
+ } catch (ErrnoException e) {
+ pw.println("Error dumping cookieTag map: " + e);
+ }
+ return;
+ }
+ }
+
private static void dumpInterfaces(ProtoOutputStream proto, long tag,
ArrayMap<String, NetworkIdentitySet> ifaces) {
for (int i = 0; i < ifaces.size(); i++) {
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 1ac95a1..218cbde 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -257,6 +257,7 @@
import com.android.net.module.util.LinkPropertiesUtils.CompareResult;
import com.android.net.module.util.LocationPermissionChecker;
import com.android.net.module.util.NetworkCapabilitiesUtils;
+import com.android.net.module.util.PerUidCounter;
import com.android.net.module.util.PermissionUtils;
import com.android.net.module.util.TcUtils;
import com.android.net.module.util.netlink.InetDiagMessage;
@@ -386,9 +387,9 @@
protected final PermissionMonitor mPermissionMonitor;
@VisibleForTesting
- final PerUidCounter mNetworkRequestCounter;
+ final RequestInfoPerUidCounter mNetworkRequestCounter;
@VisibleForTesting
- final PerUidCounter mSystemNetworkRequestCounter;
+ final RequestInfoPerUidCounter mSystemNetworkRequestCounter;
private volatile boolean mLockdownEnabled;
@@ -1186,71 +1187,6 @@
}
/**
- * Keeps track of the number of requests made under different uids.
- */
- // TODO: Remove the hack and use com.android.net.module.util.PerUidCounter instead.
- public static class PerUidCounter {
- private final int mMaxCountPerUid;
-
- // Map from UID to number of NetworkRequests that UID has filed.
- @VisibleForTesting
- @GuardedBy("mUidToNetworkRequestCount")
- final SparseIntArray mUidToNetworkRequestCount = new SparseIntArray();
-
- /**
- * Constructor
- *
- * @param maxCountPerUid the maximum count per uid allowed
- */
- public PerUidCounter(final int maxCountPerUid) {
- mMaxCountPerUid = maxCountPerUid;
- }
-
- /**
- * Increments the request count of the given uid. Throws an exception if the number
- * of open requests for the uid exceeds the value of maxCounterPerUid which is the value
- * passed into the constructor. see: {@link #PerUidCounter(int)}.
- *
- * @throws ServiceSpecificException with
- * {@link ConnectivityManager.Errors.TOO_MANY_REQUESTS} if the number of requests for
- * the uid exceed the allowed number.
- *
- * @param uid the uid that the request was made under
- */
- public void incrementCountOrThrow(final int uid) {
- synchronized (mUidToNetworkRequestCount) {
- final int newRequestCount = mUidToNetworkRequestCount.get(uid, 0) + 1;
- if (newRequestCount >= mMaxCountPerUid) {
- throw new ServiceSpecificException(
- ConnectivityManager.Errors.TOO_MANY_REQUESTS,
- "Uid " + uid + " exceeded its allotted requests limit");
- }
- mUidToNetworkRequestCount.put(uid, newRequestCount);
- }
- }
-
- /**
- * Decrements the request count of the given uid.
- *
- * @param uid the uid that the request was made under
- */
- public void decrementCount(final int uid) {
- synchronized (mUidToNetworkRequestCount) {
- /* numToDecrement */
- final int newRequestCount = mUidToNetworkRequestCount.get(uid, 0) - 1;
- if (newRequestCount < 0) {
- logwtf("BUG: too small request count " + newRequestCount + " for UID " + uid);
- } else if (newRequestCount == 0) {
- mUidToNetworkRequestCount.delete(uid);
- } else {
- mUidToNetworkRequestCount.put(uid, newRequestCount);
- }
- }
- }
-
- }
-
- /**
* Dependencies of ConnectivityService, for injection in tests.
*/
@VisibleForTesting
@@ -1464,8 +1400,13 @@
mNetIdManager = mDeps.makeNetIdManager();
mContext = Objects.requireNonNull(context, "missing Context");
mResources = deps.getResources(mContext);
- mNetworkRequestCounter = new PerUidCounter(MAX_NETWORK_REQUESTS_PER_UID);
- mSystemNetworkRequestCounter = new PerUidCounter(MAX_NETWORK_REQUESTS_PER_SYSTEM_UID);
+ // The legacy PerUidCounter is buggy and throwing exception at count == limit.
+ // Pass limit - 1 to maintain backward compatibility.
+ // TODO: Remove the workaround.
+ mNetworkRequestCounter =
+ new RequestInfoPerUidCounter(MAX_NETWORK_REQUESTS_PER_UID - 1);
+ mSystemNetworkRequestCounter =
+ new RequestInfoPerUidCounter(MAX_NETWORK_REQUESTS_PER_SYSTEM_UID - 1);
mMetricsLog = logger;
mNetworkRanker = new NetworkRanker();
@@ -4763,7 +4704,7 @@
}
}
}
- nri.decrementRequestCount();
+ nri.mPerUidCounter.decrementCount(nri.mUid);
mNetworkRequestInfoLogs.log("RELEASE " + nri);
checkNrisConsistency(nri);
@@ -4866,7 +4807,7 @@
}
}
- private PerUidCounter getRequestCounter(NetworkRequestInfo nri) {
+ private RequestInfoPerUidCounter getRequestCounter(NetworkRequestInfo nri) {
return checkAnyPermissionOf(
nri.mPid, nri.mUid, NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK)
? mSystemNetworkRequestCounter : mNetworkRequestCounter;
@@ -6236,7 +6177,7 @@
final String mCallingAttributionTag;
// Counter keeping track of this NRI.
- final PerUidCounter mPerUidCounter;
+ final RequestInfoPerUidCounter mPerUidCounter;
// Effective UID of this request. This is different from mUid when a privileged process
// files a request on behalf of another UID. This UID is used to determine blocked status,
@@ -6402,10 +6343,6 @@
return Collections.unmodifiableList(tempRequests);
}
- void decrementRequestCount() {
- mPerUidCounter.decrementCount(mUid);
- }
-
void linkDeathRecipient() {
if (null != mBinder) {
try {
@@ -6467,6 +6404,38 @@
}
}
+ // Keep backward compatibility since the ServiceSpecificException is used by
+ // the API surface, see {@link ConnectivityManager#convertServiceException}.
+ public static class RequestInfoPerUidCounter extends PerUidCounter {
+ RequestInfoPerUidCounter(int maxCountPerUid) {
+ super(maxCountPerUid);
+ }
+
+ @Override
+ public synchronized void incrementCountOrThrow(int uid) {
+ try {
+ super.incrementCountOrThrow(uid);
+ } catch (IllegalStateException e) {
+ throw new ServiceSpecificException(
+ ConnectivityManager.Errors.TOO_MANY_REQUESTS,
+ "Uid " + uid + " exceeded its allotted requests limit");
+ }
+ }
+
+ @Override
+ public synchronized void decrementCountOrThrow(int uid) {
+ throw new UnsupportedOperationException("Use decrementCount instead.");
+ }
+
+ public synchronized void decrementCount(int uid) {
+ try {
+ super.decrementCountOrThrow(uid);
+ } catch (IllegalStateException e) {
+ logwtf("Exception when decrement per uid request count: ", e);
+ }
+ }
+ }
+
// This checks that the passed capabilities either do not request a
// specific SSID/SignalStrength, or the calling app has permission to do so.
private void ensureSufficientPermissionsForRequest(NetworkCapabilities nc,
@@ -9963,7 +9932,7 @@
// Decrement the reference count for this NetworkRequestInfo. The reference count is
// incremented when the NetworkRequestInfo is created as part of
// enforceRequestCountLimit().
- nri.decrementRequestCount();
+ nri.mPerUidCounter.decrementCount(nri.mUid);
return;
}
@@ -10029,7 +9998,7 @@
// Decrement the reference count for this NetworkRequestInfo. The reference count is
// incremented when the NetworkRequestInfo is created as part of
// enforceRequestCountLimit().
- nri.decrementRequestCount();
+ nri.mPerUidCounter.decrementCount(nri.mUid);
iCb.unlinkToDeath(cbInfo, 0);
}
diff --git a/service/src/com/android/server/connectivity/QosCallbackTracker.java b/service/src/com/android/server/connectivity/QosCallbackTracker.java
index b6ab47b..336a399 100644
--- a/service/src/com/android/server/connectivity/QosCallbackTracker.java
+++ b/service/src/com/android/server/connectivity/QosCallbackTracker.java
@@ -52,7 +52,7 @@
private final Handler mConnectivityServiceHandler;
@NonNull
- private final ConnectivityService.PerUidCounter mNetworkRequestCounter;
+ private final ConnectivityService.RequestInfoPerUidCounter mNetworkRequestCounter;
/**
* Each agent gets a unique callback id that is used to proxy messages back to the original
@@ -78,7 +78,7 @@
* uid
*/
public QosCallbackTracker(@NonNull final Handler connectivityServiceHandler,
- final ConnectivityService.PerUidCounter networkRequestCounter) {
+ final ConnectivityService.RequestInfoPerUidCounter networkRequestCounter) {
mConnectivityServiceHandler = connectivityServiceHandler;
mNetworkRequestCounter = networkRequestCounter;
}
diff --git a/tests/cts/hostside/app2/Android.bp b/tests/cts/hostside/app2/Android.bp
index edfaf9f..db92f5c 100644
--- a/tests/cts/hostside/app2/Android.bp
+++ b/tests/cts/hostside/app2/Android.bp
@@ -21,7 +21,7 @@
android_test_helper_app {
name: "CtsHostsideNetworkTestsApp2",
defaults: ["cts_support_defaults"],
- sdk_version: "test_current",
+ platform_apis: true,
static_libs: [
"androidx.annotation_annotation",
"CtsHostsideNetworkTestsAidl",
diff --git a/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/MyBroadcastReceiver.java b/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/MyBroadcastReceiver.java
index 771b404..825f2c9 100644
--- a/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/MyBroadcastReceiver.java
+++ b/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/MyBroadcastReceiver.java
@@ -48,6 +48,7 @@
import android.widget.Toast;
import java.net.HttpURLConnection;
+import java.net.InetAddress;
import java.net.URL;
/**
@@ -182,6 +183,11 @@
checkStatus = false;
checkDetails = "Exception getting " + address + ": " + e;
}
+ // If the app tries to make a network connection in the foreground immediately after
+ // trying to do the same when it's network access was blocked, it could receive a
+ // UnknownHostException due to the cached DNS entry. So, clear the dns cache after
+ // every network access for now until we have a fix on the platform side.
+ InetAddress.clearDnsCache();
Log.d(TAG, checkDetails);
final String state, detailedState;
if (networkInfo != null) {
diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
index 8bf0ca5..01db1c3 100644
--- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
@@ -35,7 +35,6 @@
import static android.content.Intent.ACTION_PACKAGE_REPLACED;
import static android.content.Intent.ACTION_USER_ADDED;
import static android.content.Intent.ACTION_USER_REMOVED;
-import static android.content.Intent.ACTION_USER_UNLOCKED;
import static android.content.pm.PackageInfo.REQUESTED_PERMISSION_GRANTED;
import static android.content.pm.PackageManager.FEATURE_ETHERNET;
import static android.content.pm.PackageManager.FEATURE_WIFI;
@@ -375,6 +374,7 @@
import com.android.server.connectivity.UidRangeUtils;
import com.android.server.connectivity.Vpn;
import com.android.server.connectivity.VpnProfileStore;
+import com.android.server.net.LockdownVpnTracker;
import com.android.server.net.NetworkPinner;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRunner;
@@ -522,7 +522,6 @@
private MockContext mServiceContext;
private HandlerThread mCsHandlerThread;
- private HandlerThread mVMSHandlerThread;
private ConnectivityServiceDependencies mDeps;
private ConnectivityService mService;
private WrappedConnectivityManager mCm;
@@ -538,7 +537,6 @@
private TestNetIdManager mNetIdManager;
private QosCallbackMockHelper mQosCallbackMockHelper;
private QosCallbackTracker mQosCallbackTracker;
- private VpnManagerService mVpnManagerService;
private TestNetworkCallback mDefaultNetworkCallback;
private TestNetworkCallback mSystemDefaultNetworkCallback;
private TestNetworkCallback mProfileDefaultNetworkCallback;
@@ -1586,32 +1584,6 @@
return ranges.stream().map(r -> new UidRangeParcel(r, r)).toArray(UidRangeParcel[]::new);
}
- private VpnManagerService makeVpnManagerService() {
- final VpnManagerService.Dependencies deps = new VpnManagerService.Dependencies() {
- public int getCallingUid() {
- return mDeps.getCallingUid();
- }
-
- public HandlerThread makeHandlerThread() {
- return mVMSHandlerThread;
- }
-
- @Override
- public VpnProfileStore getVpnProfileStore() {
- return mVpnProfileStore;
- }
-
- public INetd getNetd() {
- return mMockNetd;
- }
-
- public INetworkManagementService getINetworkManagementService() {
- return mNetworkManagementService;
- }
- };
- return new VpnManagerService(mServiceContext, deps);
- }
-
private void assertVpnTransportInfo(NetworkCapabilities nc, int type) {
assertNotNull(nc);
final TransportInfo ti = nc.getTransportInfo();
@@ -1623,17 +1595,12 @@
private void processBroadcast(Intent intent) {
mServiceContext.sendBroadcast(intent);
- HandlerUtils.waitForIdle(mVMSHandlerThread, TIMEOUT_MS);
waitForIdle();
}
private void mockVpn(int uid) {
- synchronized (mVpnManagerService.mVpns) {
- int userId = UserHandle.getUserId(uid);
- mMockVpn = new MockVpn(userId);
- // Every running user always has a Vpn in the mVpns array, even if no VPN is running.
- mVpnManagerService.mVpns.put(userId, mMockVpn);
- }
+ int userId = UserHandle.getUserId(uid);
+ mMockVpn = new MockVpn(userId);
}
private void mockUidNetworkingBlocked() {
@@ -1810,7 +1777,6 @@
initAlarmManager(mAlarmManager, mAlarmManagerThread.getThreadHandler());
mCsHandlerThread = new HandlerThread("TestConnectivityService");
- mVMSHandlerThread = new HandlerThread("TestVpnManagerService");
mProxyTracker = new ProxyTracker(mServiceContext, mock(Handler.class),
16 /* EVENT_PROXY_HAS_CHANGED */);
@@ -1839,8 +1805,7 @@
mCm = new WrappedConnectivityManager(InstrumentationRegistry.getContext(), mService);
mService.systemReadyInternal();
verify(mMockDnsResolver).registerUnsolicitedEventListener(any());
- mVpnManagerService = makeVpnManagerService();
- mVpnManagerService.systemReady();
+
mockVpn(Process.myUid());
mCm.bindProcessToNetwork(null);
mQosCallbackTracker = mock(QosCallbackTracker.class);
@@ -8463,12 +8428,8 @@
doReturn(UserHandle.getUid(RESTRICTED_USER, VPN_UID)).when(mPackageManager)
.getPackageUidAsUser(ALWAYS_ON_PACKAGE, RESTRICTED_USER);
- final Intent addedIntent = new Intent(ACTION_USER_ADDED);
- addedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(RESTRICTED_USER));
- addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, RESTRICTED_USER);
-
- // Send a USER_ADDED broadcast for it.
- processBroadcast(addedIntent);
+ // New user added
+ mMockVpn.onUserAdded(RESTRICTED_USER);
// Expect that the VPN UID ranges contain both |uid| and the UID range for the newly-added
// restricted user.
@@ -8492,11 +8453,8 @@
&& caps.hasTransport(TRANSPORT_VPN)
&& !caps.hasTransport(TRANSPORT_WIFI));
- // Send a USER_REMOVED broadcast and expect to lose the UID range for the restricted user.
- final Intent removedIntent = new Intent(ACTION_USER_REMOVED);
- removedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(RESTRICTED_USER));
- removedIntent.putExtra(Intent.EXTRA_USER_HANDLE, RESTRICTED_USER);
- processBroadcast(removedIntent);
+ // User removed and expect to lose the UID range for the restricted user.
+ mMockVpn.onUserRemoved(RESTRICTED_USER);
// Expect that the VPN gains the UID range for the restricted user, and that the capability
// change made just before that (i.e., loss of TRANSPORT_WIFI) is preserved.
@@ -8549,6 +8507,7 @@
doReturn(asList(PRIMARY_USER_INFO, RESTRICTED_USER_INFO)).when(mUserManager)
.getAliveUsers();
// TODO: check that VPN app within restricted profile still has access, etc.
+ mMockVpn.onUserAdded(RESTRICTED_USER);
final Intent addedIntent = new Intent(ACTION_USER_ADDED);
addedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(RESTRICTED_USER));
addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, RESTRICTED_USER);
@@ -8560,6 +8519,7 @@
doReturn(asList(PRIMARY_USER_INFO)).when(mUserManager).getAliveUsers();
// Send a USER_REMOVED broadcast and expect to lose the UID range for the restricted user.
+ mMockVpn.onUserRemoved(RESTRICTED_USER);
final Intent removedIntent = new Intent(ACTION_USER_REMOVED);
removedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(RESTRICTED_USER));
removedIntent.putExtra(Intent.EXTRA_USER_HANDLE, RESTRICTED_USER);
@@ -9255,7 +9215,7 @@
doAsUid(Process.SYSTEM_UID, () -> mCm.unregisterNetworkCallback(perUidCb));
}
- private void setupLegacyLockdownVpn() {
+ private VpnProfile setupLegacyLockdownVpn() {
final String profileName = "testVpnProfile";
final byte[] profileTag = profileName.getBytes(StandardCharsets.UTF_8);
doReturn(profileTag).when(mVpnProfileStore).get(Credentials.LOCKDOWN_VPN);
@@ -9267,6 +9227,8 @@
profile.type = VpnProfile.TYPE_IPSEC_XAUTH_PSK;
final byte[] encodedProfile = profile.encode();
doReturn(encodedProfile).when(mVpnProfileStore).get(Credentials.VPN + profileName);
+
+ return profile;
}
private void establishLegacyLockdownVpn(Network underlying) throws Exception {
@@ -9299,21 +9261,28 @@
new Handler(ConnectivityThread.getInstanceLooper()));
// Pretend lockdown VPN was configured.
- setupLegacyLockdownVpn();
+ final VpnProfile profile = setupLegacyLockdownVpn();
// LockdownVpnTracker disables the Vpn teardown code and enables lockdown.
// Check the VPN's state before it does so.
assertTrue(mMockVpn.getEnableTeardown());
assertFalse(mMockVpn.getLockdown());
- // Send a USER_UNLOCKED broadcast so CS starts LockdownVpnTracker.
- final int userId = UserHandle.getUserId(Process.myUid());
- final Intent addedIntent = new Intent(ACTION_USER_UNLOCKED);
- addedIntent.putExtra(Intent.EXTRA_USER, UserHandle.of(userId));
- addedIntent.putExtra(Intent.EXTRA_USER_HANDLE, userId);
- processBroadcast(addedIntent);
+ // VMSHandlerThread was used inside VpnManagerService and taken into LockDownVpnTracker.
+ // VpnManagerService was decoupled from this test but this handlerThread is still required
+ // in LockDownVpnTracker. Keep it until LockDownVpnTracker related verification is moved to
+ // its own test.
+ final HandlerThread VMSHandlerThread = new HandlerThread("TestVpnManagerService");
+ VMSHandlerThread.start();
+ // LockdownVpnTracker is created from VpnManagerService but VpnManagerService is decoupled
+ // from ConnectivityServiceTest. Create it directly to simulate LockdownVpnTracker is
+ // created.
+ // TODO: move LockdownVpnTracker related tests to its own test.
// Lockdown VPN disables teardown and enables lockdown.
+ final LockdownVpnTracker lockdownVpnTracker = new LockdownVpnTracker(mServiceContext,
+ VMSHandlerThread.getThreadHandler(), mMockVpn, profile);
+ lockdownVpnTracker.init();
assertFalse(mMockVpn.getEnableTeardown());
assertTrue(mMockVpn.getLockdown());
@@ -9483,6 +9452,8 @@
mMockVpn.expectStopVpnRunnerPrivileged();
callback.expectCallback(CallbackEntry.LOST, mMockVpn);
b2.expectBroadcast();
+
+ VMSHandlerThread.quitSafely();
}
@Test @IgnoreUpTo(Build.VERSION_CODES.S_V2)
@@ -15764,7 +15735,7 @@
final int otherAppUid = UserHandle.getUid(TEST_WORK_PROFILE_USER_ID,
UserHandle.getAppId(Process.myUid() + 1));
final int remainingCount = ConnectivityService.MAX_NETWORK_REQUESTS_PER_UID
- - mService.mNetworkRequestCounter.mUidToNetworkRequestCount.get(otherAppUid)
+ - mService.mNetworkRequestCounter.get(otherAppUid)
- 1;
final NetworkCallback[] callbacks = new NetworkCallback[remainingCount];
doAsUid(otherAppUid, () -> {
@@ -15818,8 +15789,7 @@
@NonNull final ThrowingRunnable r) throws Exception {
final ArraySet<TestNetworkCallback> callbacks = new ArraySet<>();
try {
- final int requestCount = mService.mSystemNetworkRequestCounter
- .mUidToNetworkRequestCount.get(Process.myUid());
+ final int requestCount = mService.mSystemNetworkRequestCounter.get(Process.myUid());
// The limit is hit when total requests = limit - 1, and exceeded with a crash when
// total requests >= limit.
final int countToFile =
@@ -15832,8 +15802,7 @@
callbacks.add(cb);
}
assertEquals(MAX_NETWORK_REQUESTS_PER_SYSTEM_UID - 1 - countToLeaveAvailable,
- mService.mSystemNetworkRequestCounter
- .mUidToNetworkRequestCount.get(Process.myUid()));
+ mService.mSystemNetworkRequestCounter.get(Process.myUid()));
});
// Code to run to check if it triggers a max request count limit error.
r.run();
diff --git a/tests/unit/java/com/android/server/NsdServiceTest.java b/tests/unit/java/com/android/server/NsdServiceTest.java
index 1813393..5808beb 100644
--- a/tests/unit/java/com/android/server/NsdServiceTest.java
+++ b/tests/unit/java/com/android/server/NsdServiceTest.java
@@ -536,6 +536,25 @@
.onResolveFailed(any(), eq(FAILURE_INTERNAL_ERROR));
}
+ @Test
+ public void testNoCrashWhenProcessResolutionAfterBinderDied() throws Exception {
+ final NsdManager client = connectClient(mService);
+ final INsdManagerCallback cb = getCallback();
+ final IBinder.DeathRecipient deathRecipient = verifyLinkToDeath(cb);
+ deathRecipient.binderDied();
+
+ final NsdServiceInfo request = new NsdServiceInfo(SERVICE_NAME, SERVICE_TYPE);
+ final ResolveListener resolveListener = mock(ResolveListener.class);
+ client.resolveService(request, resolveListener);
+ waitForIdle();
+
+ verify(mMockMDnsM, never()).registerEventListener(any());
+ verify(mMockMDnsM, never()).startDaemon();
+ verify(mMockMDnsM, never()).resolve(anyInt() /* id */, anyString() /* serviceName */,
+ anyString() /* registrationType */, anyString() /* domain */,
+ anyInt()/* interfaceIdx */);
+ }
+
private void waitForIdle() {
HandlerUtils.waitForIdle(mHandler, TIMEOUT_MS);
}
diff --git a/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java b/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
index f64e35b..153f121 100644
--- a/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
+++ b/tests/unit/java/com/android/server/net/NetworkStatsServiceTest.java
@@ -122,6 +122,7 @@
import android.system.ErrnoException;
import android.telephony.TelephonyManager;
import android.util.ArrayMap;
+import android.util.Pair;
import androidx.annotation.Nullable;
import androidx.test.InstrumentationRegistry;
@@ -130,8 +131,10 @@
import com.android.connectivity.resources.R;
import com.android.internal.util.FileRotator;
import com.android.internal.util.test.BroadcastInterceptingContext;
+import com.android.net.module.util.BpfDump;
import com.android.net.module.util.IBpfMap;
import com.android.net.module.util.LocationPermissionChecker;
+import com.android.net.module.util.Struct;
import com.android.net.module.util.Struct.U32;
import com.android.net.module.util.Struct.U8;
import com.android.net.module.util.bpf.CookieTagMapKey;
@@ -168,6 +171,7 @@
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
+import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
@@ -212,6 +216,11 @@
private static final long WAIT_TIMEOUT = 2 * 1000; // 2 secs
private static final int INVALID_TYPE = -1;
+ private static final String DUMPSYS_BPF_RAW_MAP = "--bpfRawMap";
+ private static final String DUMPSYS_COOKIE_TAG_MAP = "--cookieTagMap";
+ private static final String LINE_DELIMITER = "\\n";
+
+
private long mElapsedRealtime;
private File mStatsDir;
@@ -2333,12 +2342,27 @@
dump.contains(message));
}
- private String getDump() {
+ private String getDump(final String[] args) {
final StringWriter sw = new StringWriter();
- mService.dump(new FileDescriptor(), new PrintWriter(sw), new String[]{});
+ mService.dump(new FileDescriptor(), new PrintWriter(sw), args);
return sw.toString();
}
+ private String getDump() {
+ return getDump(new String[]{});
+ }
+
+ private <K extends Struct, V extends Struct> Map<K, V> parseBpfRawMap(
+ Class<K> keyClass, Class<V> valueClass, String dumpStr) {
+ final HashMap<K, V> map = new HashMap<>();
+ for (final String line : dumpStr.split(LINE_DELIMITER)) {
+ final Pair<K, V> keyValue =
+ BpfDump.fromBase64EncodedString(keyClass, valueClass, line.trim());
+ map.put(keyValue.first, keyValue.second);
+ }
+ return map;
+ }
+
@Test
public void testDumpCookieTagMap() throws ErrnoException {
initBpfMapsWithTagData(UID_BLUE);
@@ -2350,6 +2374,23 @@
}
@Test
+ public void testDumpCookieTagMapBpfRawMap() throws ErrnoException {
+ initBpfMapsWithTagData(UID_BLUE);
+
+ final String dump = getDump(new String[]{DUMPSYS_BPF_RAW_MAP, DUMPSYS_COOKIE_TAG_MAP});
+ Map<CookieTagMapKey, CookieTagMapValue> cookieTagMap = parseBpfRawMap(
+ CookieTagMapKey.class, CookieTagMapValue.class, dump);
+
+ final CookieTagMapValue val1 = cookieTagMap.get(new CookieTagMapKey(2002));
+ assertEquals(1, val1.tag);
+ assertEquals(1002, val1.uid);
+
+ final CookieTagMapValue val2 = cookieTagMap.get(new CookieTagMapKey(3002));
+ assertEquals(2, val2.tag);
+ assertEquals(1002, val2.uid);
+ }
+
+ @Test
public void testDumpUidCounterSetMap() throws ErrnoException {
initBpfMapsWithTagData(UID_BLUE);