Merge "Allow any transport with TEST if the network is restricted"
diff --git a/framework/Android.bp b/framework/Android.bp
index 017ff51..657d5a3 100644
--- a/framework/Android.bp
+++ b/framework/Android.bp
@@ -25,6 +25,7 @@
java_library {
name: "framework-connectivity-protos",
+ sdk_version: "module_current",
proto: {
type: "nano",
},
@@ -82,8 +83,7 @@
name: "framework-connectivity",
api_only: true,
defaults: ["framework-module-defaults"],
- // TODO: build against module API
- platform_apis: true,
+ installable: true,
srcs: [
":framework-connectivity-sources",
],
@@ -100,18 +100,56 @@
libs: [
"unsupportedappusage",
],
- permitted_packages: ["android.net", "com.android.connectivity.aidl"],
+ permitted_packages: ["android.net"],
+}
+
+cc_defaults {
+ name: "libframework-connectivity-defaults",
+ cflags: [
+ "-Wall",
+ "-Werror",
+ "-Wno-unused-parameter",
+ "-Wthread-safety",
+ ],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ "libnativehelper",
+ "libnetd_client",
+ ],
+ header_libs: [
+ "dnsproxyd_protocol_headers",
+ ],
+}
+
+cc_library_static {
+ name: "libconnectivityframeworkutils",
+ defaults: ["libframework-connectivity-defaults"],
+ srcs: [
+ "jni/android_net_NetworkUtils.cpp",
+ ],
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.tethering",
+ ],
+}
+
+cc_library_shared {
+ name: "libframework-connectivity-jni",
+ defaults: ["libframework-connectivity-defaults"],
+ srcs: [
+ "jni/onload.cpp",
+ ],
+ static_libs: ["libconnectivityframeworkutils"],
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.tethering",
+ ],
}
java_library {
name: "framework-connectivity.impl",
- // Instead of building against private API (framework.jar),
- // build against core_platform + framework-minus-apex + module
- // stub libs. This allows framework.jar to depend on this library,
- // so it can be part of the private API until all clients have been migrated.
- // TODO: just build against module_api, and remove this jar from
- // the private API.
- sdk_version: "core_platform",
+ sdk_version: "module_current",
srcs: [
":framework-connectivity-sources",
],
@@ -122,12 +160,11 @@
],
},
libs: [
- "framework-minus-apex",
- // TODO: just framework-tethering, framework-wifi when building against module_api
- "framework-tethering.stubs.module_lib",
- "framework-wifi.stubs.module_lib",
+ // TODO (b/183097033) remove once module_current includes core_current
+ "stable.core.platform.api.stubs",
+ "framework-tethering",
+ "framework-wifi",
"unsupportedappusage",
- "ServiceConnectivityResources",
],
static_libs: [
"framework-connectivity-protos",
@@ -136,5 +173,5 @@
jarjar_rules: "jarjar-rules.txt",
apex_available: ["com.android.tethering"],
installable: true,
- permitted_packages: ["android.net", "com.android.connectivity.aidl"],
+ permitted_packages: ["android.net"],
}
diff --git a/framework/api/module-lib-current.txt b/framework/api/module-lib-current.txt
index a8e2517..a60f87c 100644
--- a/framework/api/module-lib-current.txt
+++ b/framework/api/module-lib-current.txt
@@ -109,7 +109,7 @@
public final class NetworkCapabilities implements android.os.Parcelable {
method @Nullable public java.util.Set<android.util.Range<java.lang.Integer>> getUids();
- method public boolean hasUnwantedCapability(int);
+ method public boolean hasForbiddenCapability(int);
field public static final long REDACT_ALL = -1L; // 0xffffffffffffffffL
field public static final long REDACT_FOR_ACCESS_FINE_LOCATION = 1L; // 0x1L
field public static final long REDACT_FOR_LOCAL_MAC_ADDRESS = 2L; // 0x2L
@@ -123,13 +123,13 @@
}
public class NetworkRequest implements android.os.Parcelable {
- method @NonNull public int[] getUnwantedCapabilities();
- method public boolean hasUnwantedCapability(int);
+ method @NonNull public int[] getForbiddenCapabilities();
+ method public boolean hasForbiddenCapability(int);
}
public static class NetworkRequest.Builder {
- method @NonNull public android.net.NetworkRequest.Builder addUnwantedCapability(int);
- method @NonNull public android.net.NetworkRequest.Builder removeUnwantedCapability(int);
+ method @NonNull public android.net.NetworkRequest.Builder addForbiddenCapability(int);
+ method @NonNull public android.net.NetworkRequest.Builder removeForbiddenCapability(int);
method @NonNull public android.net.NetworkRequest.Builder setUids(@Nullable java.util.Set<android.util.Range<java.lang.Integer>>);
}
diff --git a/core/jni/android_net_NetworkUtils.cpp b/framework/jni/android_net_NetworkUtils.cpp
similarity index 93%
rename from core/jni/android_net_NetworkUtils.cpp
rename to framework/jni/android_net_NetworkUtils.cpp
index 1cee895..48e262a 100644
--- a/core/jni/android_net_NetworkUtils.cpp
+++ b/framework/jni/android_net_NetworkUtils.cpp
@@ -30,13 +30,13 @@
#include <DnsProxydProtocol.h> // NETID_USE_LOCAL_NAMESERVERS
#include <cutils/properties.h>
+#include <nativehelper/JNIHelp.h>
#include <nativehelper/JNIPlatformHelp.h>
#include <nativehelper/ScopedLocalRef.h>
#include <utils/Log.h>
#include <utils/misc.h>
#include "NetdClient.h"
-#include "core_jni_helpers.h"
#include "jni.h"
extern "C" {
@@ -52,6 +52,19 @@
// FrameworkListener limits the size of commands to 4096 bytes.
constexpr int MAXCMDSIZE = 4096;
+static inline jclass FindClassOrDie(JNIEnv* env, const char* class_name) {
+ jclass clazz = env->FindClass(class_name);
+ LOG_ALWAYS_FATAL_IF(clazz == NULL, "Unable to find class %s", class_name);
+ return clazz;
+}
+
+template <typename T>
+static inline T MakeGlobalRefOrDie(JNIEnv* env, T in) {
+ jobject res = env->NewGlobalRef(in);
+ LOG_ALWAYS_FATAL_IF(res == NULL, "Unable to create global reference.");
+ return static_cast<T>(res);
+}
+
static void android_net_utils_attachDropAllBPFFilter(JNIEnv *env, jobject clazz, jobject javaFd)
{
struct sock_filter filter_code[] = {
@@ -254,8 +267,8 @@
int register_android_net_NetworkUtils(JNIEnv* env)
{
- return RegisterMethodsOrDie(env, NETUTILS_PKG_NAME, gNetworkUtilMethods,
- NELEM(gNetworkUtilMethods));
+ return jniRegisterNativeMethods(env, NETUTILS_PKG_NAME, gNetworkUtilMethods,
+ NELEM(gNetworkUtilMethods));
}
}; // namespace android
diff --git a/framework/jni/onload.cpp b/framework/jni/onload.cpp
new file mode 100644
index 0000000..435f434
--- /dev/null
+++ b/framework/jni/onload.cpp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <nativehelper/JNIHelp.h>
+#include <log/log.h>
+
+namespace android {
+
+int register_android_net_NetworkUtils(JNIEnv* env);
+
+extern "C" jint JNI_OnLoad(JavaVM* vm, void*) {
+ JNIEnv *env;
+ if (vm->GetEnv(reinterpret_cast<void**>(&env), JNI_VERSION_1_6) != JNI_OK) {
+ ALOGE("GetEnv failed");
+ return JNI_ERR;
+ }
+
+ if (register_android_net_NetworkUtils(env) < 0) {
+ return JNI_ERR;
+ }
+
+ return JNI_VERSION_1_6;
+}
+
+};
\ No newline at end of file
diff --git a/framework/src/android/net/NetworkCapabilities.java b/framework/src/android/net/NetworkCapabilities.java
index 8e26ceb..4a99d29 100644
--- a/framework/src/android/net/NetworkCapabilities.java
+++ b/framework/src/android/net/NetworkCapabilities.java
@@ -183,7 +183,7 @@
throw new UnsupportedOperationException(
"Cannot clear NetworkCapabilities when mRedactions is set");
}
- mNetworkCapabilities = mTransportTypes = mUnwantedNetworkCapabilities = 0;
+ mNetworkCapabilities = mTransportTypes = mForbiddenNetworkCapabilities = 0;
mLinkUpBandwidthKbps = mLinkDownBandwidthKbps = LINK_BANDWIDTH_UNSPECIFIED;
mNetworkSpecifier = null;
mTransportInfo = null;
@@ -219,7 +219,7 @@
mUids = (nc.mUids == null) ? null : new ArraySet<>(nc.mUids);
setAdministratorUids(nc.getAdministratorUids());
mOwnerUid = nc.mOwnerUid;
- mUnwantedNetworkCapabilities = nc.mUnwantedNetworkCapabilities;
+ mForbiddenNetworkCapabilities = nc.mForbiddenNetworkCapabilities;
mSSID = nc.mSSID;
mPrivateDnsBroken = nc.mPrivateDnsBroken;
mRequestorUid = nc.mRequestorUid;
@@ -237,7 +237,7 @@
/**
* If any capabilities specified here they must not exist in the matching Network.
*/
- private long mUnwantedNetworkCapabilities;
+ private long mForbiddenNetworkCapabilities;
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@@ -586,21 +586,21 @@
* @hide
*/
public @NonNull NetworkCapabilities addCapability(@NetCapability int capability) {
- // If the given capability was previously added to the list of unwanted capabilities
- // then the capability will also be removed from the list of unwanted capabilities.
- // TODO: Consider adding unwanted capabilities to the public API and mention this
+ // If the given capability was previously added to the list of forbidden capabilities
+ // then the capability will also be removed from the list of forbidden capabilities.
+ // TODO: Consider adding forbidden capabilities to the public API and mention this
// in the documentation.
checkValidCapability(capability);
mNetworkCapabilities |= 1L << capability;
- // remove from unwanted capability list
- mUnwantedNetworkCapabilities &= ~(1L << capability);
+ // remove from forbidden capability list
+ mForbiddenNetworkCapabilities &= ~(1L << capability);
return this;
}
/**
- * Adds the given capability to the list of unwanted capabilities of this
+ * Adds the given capability to the list of forbidden capabilities of this
* {@code NetworkCapability} instance. Note that when searching for a network to
- * satisfy a request, the network must not contain any capability from unwanted capability
+ * satisfy a request, the network must not contain any capability from forbidden capability
* list.
* <p>
* If the capability was previously added to the list of required capabilities (for
@@ -610,9 +610,9 @@
* @see #addCapability(int)
* @hide
*/
- public void addUnwantedCapability(@NetCapability int capability) {
+ public void addForbiddenCapability(@NetCapability int capability) {
checkValidCapability(capability);
- mUnwantedNetworkCapabilities |= 1L << capability;
+ mForbiddenNetworkCapabilities |= 1L << capability;
mNetworkCapabilities &= ~(1L << capability); // remove from requested capabilities
}
@@ -632,16 +632,16 @@
}
/**
- * Removes (if found) the given unwanted capability from this {@code NetworkCapability}
- * instance that were added via addUnwantedCapability(int) or setCapabilities(int[], int[]).
+ * Removes (if found) the given forbidden capability from this {@code NetworkCapability}
+ * instance that were added via addForbiddenCapability(int) or setCapabilities(int[], int[]).
*
* @param capability the capability to be removed.
* @return This NetworkCapabilities instance, to facilitate chaining.
* @hide
*/
- public @NonNull NetworkCapabilities removeUnwantedCapability(@NetCapability int capability) {
+ public @NonNull NetworkCapabilities removeForbiddenCapability(@NetCapability int capability) {
checkValidCapability(capability);
- mUnwantedNetworkCapabilities &= ~(1L << capability);
+ mForbiddenNetworkCapabilities &= ~(1L << capability);
return this;
}
@@ -670,13 +670,13 @@
}
/**
- * Gets all the unwanted capabilities set on this {@code NetworkCapability} instance.
+ * Gets all the forbidden capabilities set on this {@code NetworkCapability} instance.
*
- * @return an array of unwanted capability values for this instance.
+ * @return an array of forbidden capability values for this instance.
* @hide
*/
- public @NetCapability int[] getUnwantedCapabilities() {
- return NetworkCapabilitiesUtils.unpackBits(mUnwantedNetworkCapabilities);
+ public @NetCapability int[] getForbiddenCapabilities() {
+ return NetworkCapabilitiesUtils.unpackBits(mForbiddenNetworkCapabilities);
}
@@ -687,9 +687,9 @@
* @hide
*/
public void setCapabilities(@NetCapability int[] capabilities,
- @NetCapability int[] unwantedCapabilities) {
+ @NetCapability int[] forbiddenCapabilities) {
mNetworkCapabilities = NetworkCapabilitiesUtils.packBits(capabilities);
- mUnwantedNetworkCapabilities = NetworkCapabilitiesUtils.packBits(unwantedCapabilities);
+ mForbiddenNetworkCapabilities = NetworkCapabilitiesUtils.packBits(forbiddenCapabilities);
}
/**
@@ -714,9 +714,9 @@
/** @hide */
@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
- public boolean hasUnwantedCapability(@NetCapability int capability) {
+ public boolean hasForbiddenCapability(@NetCapability int capability) {
return isValidCapability(capability)
- && ((mUnwantedNetworkCapabilities & (1L << capability)) != 0);
+ && ((mForbiddenNetworkCapabilities & (1L << capability)) != 0);
}
/**
@@ -746,14 +746,14 @@
private void combineNetCapabilities(@NonNull NetworkCapabilities nc) {
final long wantedCaps = this.mNetworkCapabilities | nc.mNetworkCapabilities;
- final long unwantedCaps =
- this.mUnwantedNetworkCapabilities | nc.mUnwantedNetworkCapabilities;
- if ((wantedCaps & unwantedCaps) != 0) {
+ final long forbiddenCaps =
+ this.mForbiddenNetworkCapabilities | nc.mForbiddenNetworkCapabilities;
+ if ((wantedCaps & forbiddenCaps) != 0) {
throw new IllegalArgumentException(
- "Cannot have the same capability in wanted and unwanted lists.");
+ "Cannot have the same capability in wanted and forbidden lists.");
}
this.mNetworkCapabilities = wantedCaps;
- this.mUnwantedNetworkCapabilities = unwantedCaps;
+ this.mForbiddenNetworkCapabilities = forbiddenCaps;
}
/**
@@ -764,7 +764,7 @@
* @hide
*/
public @Nullable String describeFirstNonRequestableCapability() {
- final long nonRequestable = (mNetworkCapabilities | mUnwantedNetworkCapabilities)
+ final long nonRequestable = (mNetworkCapabilities | mForbiddenNetworkCapabilities)
& NON_REQUESTABLE_CAPABILITIES;
if (nonRequestable != 0) {
@@ -781,28 +781,28 @@
private boolean satisfiedByNetCapabilities(@NonNull NetworkCapabilities nc,
boolean onlyImmutable) {
long requestedCapabilities = mNetworkCapabilities;
- long requestedUnwantedCapabilities = mUnwantedNetworkCapabilities;
+ long requestedForbiddenCapabilities = mForbiddenNetworkCapabilities;
long providedCapabilities = nc.mNetworkCapabilities;
if (onlyImmutable) {
requestedCapabilities &= ~MUTABLE_CAPABILITIES;
- requestedUnwantedCapabilities &= ~MUTABLE_CAPABILITIES;
+ requestedForbiddenCapabilities &= ~MUTABLE_CAPABILITIES;
}
return ((providedCapabilities & requestedCapabilities) == requestedCapabilities)
- && ((requestedUnwantedCapabilities & providedCapabilities) == 0);
+ && ((requestedForbiddenCapabilities & providedCapabilities) == 0);
}
/** @hide */
public boolean equalsNetCapabilities(@NonNull NetworkCapabilities nc) {
return (nc.mNetworkCapabilities == this.mNetworkCapabilities)
- && (nc.mUnwantedNetworkCapabilities == this.mUnwantedNetworkCapabilities);
+ && (nc.mForbiddenNetworkCapabilities == this.mForbiddenNetworkCapabilities);
}
private boolean equalsNetCapabilitiesRequestable(@NonNull NetworkCapabilities that) {
- return ((this.mNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES) ==
- (that.mNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES))
- && ((this.mUnwantedNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES) ==
- (that.mUnwantedNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES));
+ return ((this.mNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES)
+ == (that.mNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES))
+ && ((this.mForbiddenNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES)
+ == (that.mForbiddenNetworkCapabilities & ~NON_REQUESTABLE_CAPABILITIES));
}
/**
@@ -1728,7 +1728,7 @@
* Combine a set of Capabilities to this one. Useful for coming up with the complete set.
* <p>
* Note that this method may break an invariant of having a particular capability in either
- * wanted or unwanted lists but never in both. Requests that have the same capability in
+ * wanted or forbidden lists but never in both. Requests that have the same capability in
* both lists will never be satisfied.
* @hide
*/
@@ -1869,8 +1869,8 @@
public int hashCode() {
return (int) (mNetworkCapabilities & 0xFFFFFFFF)
+ ((int) (mNetworkCapabilities >> 32) * 3)
- + ((int) (mUnwantedNetworkCapabilities & 0xFFFFFFFF) * 5)
- + ((int) (mUnwantedNetworkCapabilities >> 32) * 7)
+ + ((int) (mForbiddenNetworkCapabilities & 0xFFFFFFFF) * 5)
+ + ((int) (mForbiddenNetworkCapabilities >> 32) * 7)
+ ((int) (mTransportTypes & 0xFFFFFFFF) * 11)
+ ((int) (mTransportTypes >> 32) * 13)
+ mLinkUpBandwidthKbps * 17
@@ -1905,7 +1905,7 @@
@Override
public void writeToParcel(Parcel dest, int flags) {
dest.writeLong(mNetworkCapabilities);
- dest.writeLong(mUnwantedNetworkCapabilities);
+ dest.writeLong(mForbiddenNetworkCapabilities);
dest.writeLong(mTransportTypes);
dest.writeInt(mLinkUpBandwidthKbps);
dest.writeInt(mLinkDownBandwidthKbps);
@@ -1929,7 +1929,7 @@
NetworkCapabilities netCap = new NetworkCapabilities();
netCap.mNetworkCapabilities = in.readLong();
- netCap.mUnwantedNetworkCapabilities = in.readLong();
+ netCap.mForbiddenNetworkCapabilities = in.readLong();
netCap.mTransportTypes = in.readLong();
netCap.mLinkUpBandwidthKbps = in.readInt();
netCap.mLinkDownBandwidthKbps = in.readInt();
@@ -1983,9 +1983,9 @@
appendStringRepresentationOfBitMaskToStringBuilder(sb, mNetworkCapabilities,
NetworkCapabilities::capabilityNameOf, "&");
}
- if (0 != mUnwantedNetworkCapabilities) {
- sb.append(" Unwanted: ");
- appendStringRepresentationOfBitMaskToStringBuilder(sb, mUnwantedNetworkCapabilities,
+ if (0 != mForbiddenNetworkCapabilities) {
+ sb.append(" Forbidden: ");
+ appendStringRepresentationOfBitMaskToStringBuilder(sb, mForbiddenNetworkCapabilities,
NetworkCapabilities::capabilityNameOf, "&");
}
if (mLinkUpBandwidthKbps > 0) {
@@ -2454,7 +2454,8 @@
* For example {@code TRANSPORT_WIFI} and {@code TRANSPORT_ETHERNET} added to a
* {@code NetworkCapabilities} would cause either a Wi-Fi network or an Ethernet network
* to be selected. This is logically different than
- * {@code NetworkCapabilities.NET_CAPABILITY_*}.
+ * {@code NetworkCapabilities.NET_CAPABILITY_*}. Also note that multiple networks with the
+ * same transport type may be active concurrently.
*
* @param transportType the transport type to be added or removed.
* @return this builder
diff --git a/framework/src/android/net/NetworkRequest.java b/framework/src/android/net/NetworkRequest.java
index 8c4f419..dd88c5a 100644
--- a/framework/src/android/net/NetworkRequest.java
+++ b/framework/src/android/net/NetworkRequest.java
@@ -311,7 +311,7 @@
*
* @see #addCapability(int)
*
- * @param capability The capability to add to unwanted capability list.
+ * @param capability The capability to add to forbidden capability list.
* @return The builder to facilitate chaining.
*
* @hide
@@ -319,15 +319,15 @@
@NonNull
@SuppressLint("MissingGetterMatchingBuilder")
@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
- public Builder addUnwantedCapability(@NetworkCapabilities.NetCapability int capability) {
- mNetworkCapabilities.addUnwantedCapability(capability);
+ public Builder addForbiddenCapability(@NetworkCapabilities.NetCapability int capability) {
+ mNetworkCapabilities.addForbiddenCapability(capability);
return this;
}
/**
- * Removes (if found) the given unwanted capability from this builder instance.
+ * Removes (if found) the given forbidden capability from this builder instance.
*
- * @param capability The unwanted capability to remove.
+ * @param capability The forbidden capability to remove.
* @return The builder to facilitate chaining.
*
* @hide
@@ -335,8 +335,9 @@
@NonNull
@SuppressLint("BuilderSetStyle")
@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
- public Builder removeUnwantedCapability(@NetworkCapabilities.NetCapability int capability) {
- mNetworkCapabilities.removeUnwantedCapability(capability);
+ public Builder removeForbiddenCapability(
+ @NetworkCapabilities.NetCapability int capability) {
+ mNetworkCapabilities.removeForbiddenCapability(capability);
return this;
}
@@ -598,13 +599,13 @@
}
/**
- * @see Builder#addUnwantedCapability(int)
+ * @see Builder#addForbiddenCapability(int)
*
* @hide
*/
@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
- public boolean hasUnwantedCapability(@NetCapability int capability) {
- return networkCapabilities.hasUnwantedCapability(capability);
+ public boolean hasForbiddenCapability(@NetCapability int capability) {
+ return networkCapabilities.hasForbiddenCapability(capability);
}
/**
@@ -709,18 +710,18 @@
}
/**
- * Gets all the unwanted capabilities set on this {@code NetworkRequest} instance.
+ * Gets all the forbidden capabilities set on this {@code NetworkRequest} instance.
*
- * @return an array of unwanted capability values for this instance.
+ * @return an array of forbidden capability values for this instance.
*
* @hide
*/
@NonNull
@SystemApi(client = SystemApi.Client.MODULE_LIBRARIES)
- public @NetCapability int[] getUnwantedCapabilities() {
- // No need to make a defensive copy here as NC#getUnwantedCapabilities() already returns
+ public @NetCapability int[] getForbiddenCapabilities() {
+ // No need to make a defensive copy here as NC#getForbiddenCapabilities() already returns
// a new array.
- return networkCapabilities.getUnwantedCapabilities();
+ return networkCapabilities.getForbiddenCapabilities();
}
/**
diff --git a/services/core/java/com/android/server/connectivity/PermissionMonitor.java b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
index 7837e6e..506cadb 100644
--- a/services/core/java/com/android/server/connectivity/PermissionMonitor.java
+++ b/services/core/java/com/android/server/connectivity/PermissionMonitor.java
@@ -338,7 +338,8 @@
return currentPermission;
}
try {
- final PackageInfo app = mPackageManager.getPackageInfo(name, GET_PERMISSIONS);
+ final PackageInfo app = mPackageManager.getPackageInfo(name,
+ GET_PERMISSIONS | MATCH_ANY_USER);
final boolean isNetwork = hasNetworkPermission(app);
final boolean hasRestrictedPermission = hasRestrictedNetworkPermission(app);
if (isNetwork || hasRestrictedPermission) {
@@ -664,6 +665,7 @@
break;
case INetd.PERMISSION_UNINSTALLED:
uninstalledAppIds.add(netdPermissionsAppIds.keyAt(i));
+ break;
default:
Log.e(TAG, "unknown permission type: " + permissions + "for uid: "
+ netdPermissionsAppIds.keyAt(i));
diff --git a/tests/net/common/java/android/net/NetworkCapabilitiesTest.java b/tests/net/common/java/android/net/NetworkCapabilitiesTest.java
index 33f2c67..b178bad 100644
--- a/tests/net/common/java/android/net/NetworkCapabilitiesTest.java
+++ b/tests/net/common/java/android/net/NetworkCapabilitiesTest.java
@@ -390,9 +390,11 @@
@Test
public void testOemPaid() {
NetworkCapabilities nc = new NetworkCapabilities();
- // By default OEM_PAID is neither in the unwanted or required lists and the network is not
+ // By default OEM_PAID is neither in the required or forbidden lists and the network is not
// restricted.
- assertFalse(nc.hasUnwantedCapability(NET_CAPABILITY_OEM_PAID));
+ if (isAtLeastS()) {
+ assertFalse(nc.hasForbiddenCapability(NET_CAPABILITY_OEM_PAID));
+ }
assertFalse(nc.hasCapability(NET_CAPABILITY_OEM_PAID));
nc.maybeMarkCapabilitiesRestricted();
assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
@@ -417,9 +419,9 @@
@Test @IgnoreUpTo(Build.VERSION_CODES.R)
public void testOemPrivate() {
NetworkCapabilities nc = new NetworkCapabilities();
- // By default OEM_PRIVATE is neither in the unwanted or required lists and the network is
+ // By default OEM_PRIVATE is neither in the required or forbidden lists and the network is
// not restricted.
- assertFalse(nc.hasUnwantedCapability(NET_CAPABILITY_OEM_PRIVATE));
+ assertFalse(nc.hasForbiddenCapability(NET_CAPABILITY_OEM_PRIVATE));
assertFalse(nc.hasCapability(NET_CAPABILITY_OEM_PRIVATE));
nc.maybeMarkCapabilitiesRestricted();
assertTrue(nc.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
@@ -441,8 +443,8 @@
assertFalse(nr.satisfiedByNetworkCapabilities(new NetworkCapabilities()));
}
- @Test
- public void testUnwantedCapabilities() {
+ @Test @IgnoreUpTo(Build.VERSION_CODES.R)
+ public void testForbiddenCapabilities() {
NetworkCapabilities network = new NetworkCapabilities();
NetworkCapabilities request = new NetworkCapabilities();
@@ -450,19 +452,19 @@
request.satisfiedByNetworkCapabilities(network));
// Requesting absence of capabilities that network doesn't have. Request should satisfy.
- request.addUnwantedCapability(NET_CAPABILITY_WIFI_P2P);
- request.addUnwantedCapability(NET_CAPABILITY_NOT_METERED);
+ request.addForbiddenCapability(NET_CAPABILITY_WIFI_P2P);
+ request.addForbiddenCapability(NET_CAPABILITY_NOT_METERED);
assertTrue(request.satisfiedByNetworkCapabilities(network));
- assertArrayEquals(new int[] {NET_CAPABILITY_WIFI_P2P,
+ assertArrayEquals(new int[]{NET_CAPABILITY_WIFI_P2P,
NET_CAPABILITY_NOT_METERED},
- request.getUnwantedCapabilities());
+ request.getForbiddenCapabilities());
// This is a default capability, just want to make sure its there because we use it below.
assertTrue(network.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
- // Verify that adding unwanted capability will effectively remove it from capability list.
- request.addUnwantedCapability(NET_CAPABILITY_NOT_RESTRICTED);
- assertTrue(request.hasUnwantedCapability(NET_CAPABILITY_NOT_RESTRICTED));
+ // Verify that adding forbidden capability will effectively remove it from capability list.
+ request.addForbiddenCapability(NET_CAPABILITY_NOT_RESTRICTED);
+ assertTrue(request.hasForbiddenCapability(NET_CAPABILITY_NOT_RESTRICTED));
assertFalse(request.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
// Now this request won't be satisfied because network contains NOT_RESTRICTED.
@@ -470,10 +472,10 @@
network.removeCapability(NET_CAPABILITY_NOT_RESTRICTED);
assertTrue(request.satisfiedByNetworkCapabilities(network));
- // Verify that adding capability will effectively remove it from unwanted list
+ // Verify that adding capability will effectively remove it from forbidden list
request.addCapability(NET_CAPABILITY_NOT_RESTRICTED);
assertTrue(request.hasCapability(NET_CAPABILITY_NOT_RESTRICTED));
- assertFalse(request.hasUnwantedCapability(NET_CAPABILITY_NOT_RESTRICTED));
+ assertFalse(request.hasForbiddenCapability(NET_CAPABILITY_NOT_RESTRICTED));
assertFalse(request.satisfiedByNetworkCapabilities(network));
network.addCapability(NET_CAPABILITY_NOT_RESTRICTED);
@@ -512,24 +514,20 @@
assertTrue(nc1.equalsNetCapabilities(nc2));
assertEquals(nc1, nc2);
- nc1.addUnwantedCapability(NET_CAPABILITY_INTERNET);
- assertFalse(nc1.equalsNetCapabilities(nc2));
- nc2.addUnwantedCapability(NET_CAPABILITY_INTERNET);
- assertTrue(nc1.equalsNetCapabilities(nc2));
if (isAtLeastS()) {
- // Remove a required capability doesn't affect unwanted capabilities.
- // This is a behaviour change from S.
+ nc1.addForbiddenCapability(NET_CAPABILITY_INTERNET);
+ assertFalse(nc1.equalsNetCapabilities(nc2));
+ nc2.addForbiddenCapability(NET_CAPABILITY_INTERNET);
+ assertTrue(nc1.equalsNetCapabilities(nc2));
+
+ // Remove a required capability doesn't affect forbidden capabilities.
+ // This is a behaviour change from R to S.
nc1.removeCapability(NET_CAPABILITY_INTERNET);
assertTrue(nc1.equalsNetCapabilities(nc2));
- nc1.removeUnwantedCapability(NET_CAPABILITY_INTERNET);
+ nc1.removeForbiddenCapability(NET_CAPABILITY_INTERNET);
assertFalse(nc1.equalsNetCapabilities(nc2));
- nc2.removeUnwantedCapability(NET_CAPABILITY_INTERNET);
- assertTrue(nc1.equalsNetCapabilities(nc2));
- } else {
- nc1.removeCapability(NET_CAPABILITY_INTERNET);
- assertFalse(nc1.equalsNetCapabilities(nc2));
- nc2.removeCapability(NET_CAPABILITY_INTERNET);
+ nc2.removeForbiddenCapability(NET_CAPABILITY_INTERNET);
assertTrue(nc1.equalsNetCapabilities(nc2));
}
}
@@ -581,31 +579,25 @@
NetworkCapabilities nc1 = new NetworkCapabilities();
NetworkCapabilities nc2 = new NetworkCapabilities();
- nc1.addUnwantedCapability(NET_CAPABILITY_CAPTIVE_PORTAL);
+ if (isAtLeastS()) {
+ nc1.addForbiddenCapability(NET_CAPABILITY_CAPTIVE_PORTAL);
+ }
nc1.addCapability(NET_CAPABILITY_NOT_ROAMING);
assertNotEquals(nc1, nc2);
nc2.combineCapabilities(nc1);
assertEquals(nc1, nc2);
assertTrue(nc2.hasCapability(NET_CAPABILITY_NOT_ROAMING));
- assertTrue(nc2.hasUnwantedCapability(NET_CAPABILITY_CAPTIVE_PORTAL));
-
- // This will effectively move NOT_ROAMING capability from required to unwanted for nc1.
- nc1.addUnwantedCapability(NET_CAPABILITY_NOT_ROAMING);
+ if (isAtLeastS()) {
+ assertTrue(nc2.hasForbiddenCapability(NET_CAPABILITY_CAPTIVE_PORTAL));
+ }
if (isAtLeastS()) {
- // From S, it is not allowed to have the same capability in both wanted and
- // unwanted list.
+ // This will effectively move NOT_ROAMING capability from required to forbidden for nc1.
+ nc1.addForbiddenCapability(NET_CAPABILITY_NOT_ROAMING);
+ // It is not allowed to have the same capability in both wanted and forbidden list.
assertThrows(IllegalArgumentException.class, () -> nc2.combineCapabilities(nc1));
- // Remove unwanted capability to continue other tests.
- nc1.removeUnwantedCapability(NET_CAPABILITY_NOT_ROAMING);
- } else {
- nc2.combineCapabilities(nc1);
- // We will get this capability in both requested and unwanted lists thus this request
- // will never be satisfied.
- assertTrue(nc2.hasCapability(NET_CAPABILITY_NOT_ROAMING));
- assertTrue(nc2.hasUnwantedCapability(NET_CAPABILITY_NOT_ROAMING));
- // For R or below, remove unwanted capability via removeCapability.
- nc1.removeCapability(NET_CAPABILITY_NOT_ROAMING);
+ // Remove forbidden capability to continue other tests.
+ nc1.removeForbiddenCapability(NET_CAPABILITY_NOT_ROAMING);
}
nc1.setSSID(TEST_SSID);
@@ -683,14 +675,11 @@
public void testSetCapabilities() {
final int[] REQUIRED_CAPABILITIES = new int[] {
NET_CAPABILITY_INTERNET, NET_CAPABILITY_NOT_VPN };
- final int[] UNWANTED_CAPABILITIES = new int[] {
- NET_CAPABILITY_NOT_RESTRICTED, NET_CAPABILITY_NOT_METERED
- };
NetworkCapabilities nc1 = new NetworkCapabilities();
NetworkCapabilities nc2 = new NetworkCapabilities();
- nc1.setCapabilities(REQUIRED_CAPABILITIES, UNWANTED_CAPABILITIES);
+ nc1.setCapabilities(REQUIRED_CAPABILITIES);
assertArrayEquals(REQUIRED_CAPABILITIES, nc1.getCapabilities());
// Verify that setting and adding capabilities leads to the same object state.
@@ -698,10 +687,25 @@
for (int cap : REQUIRED_CAPABILITIES) {
nc2.addCapability(cap);
}
- for (int cap : UNWANTED_CAPABILITIES) {
- nc2.addUnwantedCapability(cap);
- }
assertEquals(nc1, nc2);
+
+ if (isAtLeastS()) {
+ final int[] forbiddenCapabilities = new int[]{
+ NET_CAPABILITY_NOT_METERED, NET_CAPABILITY_NOT_RESTRICTED };
+
+ nc1.setCapabilities(REQUIRED_CAPABILITIES, forbiddenCapabilities);
+ assertArrayEquals(REQUIRED_CAPABILITIES, nc1.getCapabilities());
+ assertArrayEquals(forbiddenCapabilities, nc1.getForbiddenCapabilities());
+
+ nc2.clearAll();
+ for (int cap : REQUIRED_CAPABILITIES) {
+ nc2.addCapability(cap);
+ }
+ for (int cap : forbiddenCapabilities) {
+ nc2.addForbiddenCapability(cap);
+ }
+ assertEquals(nc1, nc2);
+ }
}
@Test
@@ -769,23 +773,32 @@
NetworkCapabilities nc1 = new NetworkCapabilities();
NetworkCapabilities nc2 = new NetworkCapabilities();
- nc1.addUnwantedCapability(NET_CAPABILITY_CAPTIVE_PORTAL);
+ if (isAtLeastS()) {
+ nc1.addForbiddenCapability(NET_CAPABILITY_CAPTIVE_PORTAL);
+ }
nc1.addCapability(NET_CAPABILITY_NOT_ROAMING);
assertNotEquals(nc1, nc2);
nc2.set(nc1);
assertEquals(nc1, nc2);
assertTrue(nc2.hasCapability(NET_CAPABILITY_NOT_ROAMING));
- assertTrue(nc2.hasUnwantedCapability(NET_CAPABILITY_CAPTIVE_PORTAL));
+ if (isAtLeastS()) {
+ assertTrue(nc2.hasForbiddenCapability(NET_CAPABILITY_CAPTIVE_PORTAL));
+ }
- // This will effectively move NOT_ROAMING capability from required to unwanted for nc1.
- nc1.addUnwantedCapability(NET_CAPABILITY_NOT_ROAMING);
+ if (isAtLeastS()) {
+ // This will effectively move NOT_ROAMING capability from required to forbidden for nc1.
+ nc1.addForbiddenCapability(NET_CAPABILITY_NOT_ROAMING);
+ }
nc1.setSSID(TEST_SSID);
nc2.set(nc1);
assertEquals(nc1, nc2);
- // Contrary to combineCapabilities, set() will have removed the NOT_ROAMING capability
- // from nc2.
- assertFalse(nc2.hasCapability(NET_CAPABILITY_NOT_ROAMING));
- assertTrue(nc2.hasUnwantedCapability(NET_CAPABILITY_NOT_ROAMING));
+ if (isAtLeastS()) {
+ // Contrary to combineCapabilities, set() will have removed the NOT_ROAMING capability
+ // from nc2.
+ assertFalse(nc2.hasCapability(NET_CAPABILITY_NOT_ROAMING));
+ assertTrue(nc2.hasForbiddenCapability(NET_CAPABILITY_NOT_ROAMING));
+ }
+
if (isAtLeastR()) {
assertTrue(TEST_SSID.equals(nc2.getSsid()));
}
diff --git a/tests/net/integration/src/com/android/server/net/integrationtests/TestNetworkStackService.kt b/tests/net/integration/src/com/android/server/net/integrationtests/TestNetworkStackService.kt
index a44ad1e..eff6658 100644
--- a/tests/net/integration/src/com/android/server/net/integrationtests/TestNetworkStackService.kt
+++ b/tests/net/integration/src/com/android/server/net/integrationtests/TestNetworkStackService.kt
@@ -61,7 +61,6 @@
private class NetworkMonitorDeps(private val privateDnsBypassNetwork: Network) :
NetworkMonitor.Dependencies() {
override fun getPrivateDnsBypassNetwork(network: Network?) = privateDnsBypassNetwork
- override fun sendNetworkConditionsBroadcast(context: Context, broadcast: Intent) = Unit
}
private inner class TestNetworkStackConnector(context: Context) : NetworkStackConnector(
@@ -98,4 +97,4 @@
cb.onNetworkMonitorCreated(NetworkMonitorConnector(nm, TestPermissionChecker()))
}
}
-}
\ No newline at end of file
+}
diff --git a/tests/net/java/com/android/server/ConnectivityServiceTest.java b/tests/net/java/com/android/server/ConnectivityServiceTest.java
index bc06a6e..90a4d6f 100644
--- a/tests/net/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/net/java/com/android/server/ConnectivityServiceTest.java
@@ -2809,8 +2809,9 @@
private void grantUsingBackgroundNetworksPermissionForUid(
final int uid, final String packageName) throws Exception {
- when(mPackageManager.getPackageInfo(eq(packageName), eq(GET_PERMISSIONS)))
- .thenReturn(buildPackageInfo(true, uid));
+ when(mPackageManager.getPackageInfo(
+ eq(packageName), eq(GET_PERMISSIONS | MATCH_ANY_USER)))
+ .thenReturn(buildPackageInfo(true /* hasSystemPermission */, uid));
mService.mPermissionMonitor.onPackageAdded(packageName, uid);
}
diff --git a/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java b/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
index d7535a9..02a5808 100644
--- a/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
+++ b/tests/net/java/com/android/server/connectivity/PermissionMonitorTest.java
@@ -479,13 +479,14 @@
public void testUidFilteringDuringVpnConnectDisconnectAndUidUpdates() throws Exception {
when(mPackageManager.getInstalledPackages(eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn(
Arrays.asList(new PackageInfo[] {
- buildPackageInfo(/* SYSTEM */ true, SYSTEM_UID1, MOCK_USER1),
- buildPackageInfo(/* SYSTEM */ false, MOCK_UID1, MOCK_USER1),
- buildPackageInfo(/* SYSTEM */ false, MOCK_UID2, MOCK_USER1),
- buildPackageInfo(/* SYSTEM */ false, VPN_UID, MOCK_USER1)
+ buildPackageInfo(true /* hasSystemPermission */, SYSTEM_UID1, MOCK_USER1),
+ buildPackageInfo(false /* hasSystemPermission */, MOCK_UID1, MOCK_USER1),
+ buildPackageInfo(false /* hasSystemPermission */, MOCK_UID2, MOCK_USER1),
+ buildPackageInfo(false /* hasSystemPermission */, VPN_UID, MOCK_USER1)
}));
- when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE1), eq(GET_PERMISSIONS))).thenReturn(
- buildPackageInfo(false, MOCK_UID1, MOCK_USER1));
+ when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE1),
+ eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn(
+ buildPackageInfo(false /* hasSystemPermission */, MOCK_UID1, MOCK_USER1));
mPermissionMonitor.startMonitoring();
// Every app on user 0 except MOCK_UID2 are under VPN.
final Set<UidRange> vpnRange1 = new HashSet<>(Arrays.asList(new UidRange[] {
@@ -530,11 +531,12 @@
public void testUidFilteringDuringPackageInstallAndUninstall() throws Exception {
when(mPackageManager.getInstalledPackages(eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn(
Arrays.asList(new PackageInfo[] {
- buildPackageInfo(true, SYSTEM_UID1, MOCK_USER1),
- buildPackageInfo(false, VPN_UID, MOCK_USER1)
+ buildPackageInfo(true /* hasSystemPermission */, SYSTEM_UID1, MOCK_USER1),
+ buildPackageInfo(false /* hasSystemPermission */, VPN_UID, MOCK_USER1)
}));
- when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE1), eq(GET_PERMISSIONS))).thenReturn(
- buildPackageInfo(false, MOCK_UID1, MOCK_USER1));
+ when(mPackageManager.getPackageInfo(eq(MOCK_PACKAGE1),
+ eq(GET_PERMISSIONS | MATCH_ANY_USER))).thenReturn(
+ buildPackageInfo(false /* hasSystemPermission */, MOCK_UID1, MOCK_USER1));
mPermissionMonitor.startMonitoring();
final Set<UidRange> vpnRange = Collections.singleton(UidRange.createForUser(MOCK_USER1));