Merge "Remove qtaguid support from native"
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
index 8de7836..66ad167 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
@@ -837,9 +837,9 @@
}
private void verifyInterfaceServingModeStarted(String ifname) throws Exception {
- verify(mNetd, times(1)).interfaceSetCfg(any(InterfaceConfigurationParcel.class));
- verify(mNetd, times(1)).tetherInterfaceAdd(ifname);
- verify(mNetd, times(1)).networkAddInterface(INetd.LOCAL_NET_ID, ifname);
+ verify(mNetd).interfaceSetCfg(any(InterfaceConfigurationParcel.class));
+ verify(mNetd).tetherInterfaceAdd(ifname);
+ verify(mNetd).networkAddInterface(INetd.LOCAL_NET_ID, ifname);
verify(mNetd, times(2)).networkAddRoute(eq(INetd.LOCAL_NET_ID), eq(ifname),
anyString(), anyString());
}
@@ -934,6 +934,52 @@
failingLocalOnlyHotspotLegacyApBroadcast(false);
}
+ private void verifyStopHotpot() throws Exception {
+ verify(mNetd).tetherApplyDnsInterfaces();
+ verify(mNetd).tetherInterfaceRemove(TEST_WLAN_IFNAME);
+ verify(mNetd).networkRemoveInterface(INetd.LOCAL_NET_ID, TEST_WLAN_IFNAME);
+ // interfaceSetCfg() called once for enabling and twice disabling IPv4.
+ verify(mNetd, times(3)).interfaceSetCfg(any(InterfaceConfigurationParcel.class));
+ verify(mNetd).tetherStop();
+ verify(mNetd).ipfwdDisableForwarding(TETHERING_NAME);
+ verify(mWifiManager, times(3)).updateInterfaceIpState(
+ TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_UNSPECIFIED);
+ verifyNoMoreInteractions(mNetd);
+ verifyNoMoreInteractions(mWifiManager);
+ // Asking for the last error after the per-interface state machine
+ // has been reaped yields an unknown interface error.
+ assertEquals(TETHER_ERROR_UNKNOWN_IFACE, mTethering.getLastErrorForTest(TEST_WLAN_IFNAME));
+ }
+
+ private void verifyStartHotspot() throws Exception {
+ verifyStartHotspot(false /* isLocalOnly */);
+ }
+
+ private void verifyStartHotspot(boolean isLocalOnly) throws Exception {
+ verifyInterfaceServingModeStarted(TEST_WLAN_IFNAME);
+ verifyTetheringBroadcast(TEST_WLAN_IFNAME, EXTRA_AVAILABLE_TETHER);
+ verify(mWifiManager).updateInterfaceIpState(
+ TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_UNSPECIFIED);
+
+ verify(mNetd).ipfwdEnableForwarding(TETHERING_NAME);
+ verify(mNetd).tetherStartWithConfiguration(any());
+ verifyNoMoreInteractions(mNetd);
+
+ final int expectedState = isLocalOnly ? IFACE_IP_MODE_LOCAL_ONLY : IFACE_IP_MODE_TETHERED;
+ verify(mWifiManager).updateInterfaceIpState(TEST_WLAN_IFNAME, expectedState);
+ verifyNoMoreInteractions(mWifiManager);
+
+ verify(mUpstreamNetworkMonitor).startObserveAllNetworks();
+ if (isLocalOnly) {
+ // There are 2 IpServer state change events: STATE_AVAILABLE -> STATE_LOCAL_ONLY.
+ verify(mNotificationUpdater, times(2)).onDownstreamChanged(DOWNSTREAM_NONE);
+ } else {
+ // There are 2 IpServer state change events: STATE_AVAILABLE -> STATE_TETHERED.
+ verify(mNotificationUpdater).onDownstreamChanged(DOWNSTREAM_NONE);
+ verify(mNotificationUpdater).onDownstreamChanged(eq(1 << TETHERING_WIFI));
+ }
+ }
+
public void workingLocalOnlyHotspotEnrichedApBroadcast(
boolean emulateInterfaceStatusChanged) throws Exception {
// Emulate externally-visible WifiManager effects, causing the
@@ -944,20 +990,8 @@
}
sendWifiApStateChanged(WIFI_AP_STATE_ENABLED, TEST_WLAN_IFNAME, IFACE_IP_MODE_LOCAL_ONLY);
- verifyInterfaceServingModeStarted(TEST_WLAN_IFNAME);
- verifyTetheringBroadcast(TEST_WLAN_IFNAME, EXTRA_AVAILABLE_TETHER);
- verify(mNetd, times(1)).ipfwdEnableForwarding(TETHERING_NAME);
- verify(mNetd, times(1)).tetherStartWithConfiguration(any());
- verifyNoMoreInteractions(mNetd);
- verify(mWifiManager).updateInterfaceIpState(
- TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_UNSPECIFIED);
- verify(mWifiManager).updateInterfaceIpState(
- TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_LOCAL_ONLY);
- verifyNoMoreInteractions(mWifiManager);
+ verifyStartHotspot(true /* isLocalOnly */);
verifyTetheringBroadcast(TEST_WLAN_IFNAME, EXTRA_ACTIVE_LOCAL_ONLY);
- verify(mUpstreamNetworkMonitor, times(1)).startObserveAllNetworks();
- // There are 2 IpServer state change events: STATE_AVAILABLE -> STATE_LOCAL_ONLY
- verify(mNotificationUpdater, times(2)).onDownstreamChanged(DOWNSTREAM_NONE);
// Emulate externally-visible WifiManager effects, when hotspot mode
// is being torn down.
@@ -965,20 +999,7 @@
mTethering.interfaceRemoved(TEST_WLAN_IFNAME);
mLooper.dispatchAll();
- verify(mNetd, times(1)).tetherApplyDnsInterfaces();
- verify(mNetd, times(1)).tetherInterfaceRemove(TEST_WLAN_IFNAME);
- verify(mNetd, times(1)).networkRemoveInterface(INetd.LOCAL_NET_ID, TEST_WLAN_IFNAME);
- // interfaceSetCfg() called once for enabling and twice disabling IPv4.
- verify(mNetd, times(3)).interfaceSetCfg(any(InterfaceConfigurationParcel.class));
- verify(mNetd, times(1)).tetherStop();
- verify(mNetd, times(1)).ipfwdDisableForwarding(TETHERING_NAME);
- verify(mWifiManager, times(3)).updateInterfaceIpState(
- TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_UNSPECIFIED);
- verifyNoMoreInteractions(mNetd);
- verifyNoMoreInteractions(mWifiManager);
- // Asking for the last error after the per-interface state machine
- // has been reaped yields an unknown interface error.
- assertEquals(TETHER_ERROR_UNKNOWN_IFACE, mTethering.getLastErrorForTest(TEST_WLAN_IFNAME));
+ verifyStopHotpot();
}
/**
@@ -1499,26 +1520,11 @@
mTethering.interfaceStatusChanged(TEST_WLAN_IFNAME, true);
sendWifiApStateChanged(WIFI_AP_STATE_ENABLED, TEST_WLAN_IFNAME, IFACE_IP_MODE_TETHERED);
- verifyInterfaceServingModeStarted(TEST_WLAN_IFNAME);
- verifyTetheringBroadcast(TEST_WLAN_IFNAME, EXTRA_AVAILABLE_TETHER);
- verify(mNetd, times(1)).ipfwdEnableForwarding(TETHERING_NAME);
- verify(mNetd, times(1)).tetherStartWithConfiguration(any());
- verify(mNetd, times(2)).networkAddRoute(eq(INetd.LOCAL_NET_ID), eq(TEST_WLAN_IFNAME),
- anyString(), anyString());
- verifyNoMoreInteractions(mNetd);
- verify(mWifiManager).updateInterfaceIpState(
- TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_UNSPECIFIED);
- verify(mWifiManager).updateInterfaceIpState(
- TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_TETHERED);
- verifyNoMoreInteractions(mWifiManager);
+ verifyStartHotspot();
verifyTetheringBroadcast(TEST_WLAN_IFNAME, EXTRA_ACTIVE_TETHER);
- verify(mUpstreamNetworkMonitor, times(1)).startObserveAllNetworks();
// In tethering mode, in the default configuration, an explicit request
// for a mobile network is also made.
verify(mUpstreamNetworkMonitor, times(1)).setTryCell(true);
- // There are 2 IpServer state change events: STATE_AVAILABLE -> STATE_TETHERED
- verify(mNotificationUpdater, times(1)).onDownstreamChanged(DOWNSTREAM_NONE);
- verify(mNotificationUpdater, times(1)).onDownstreamChanged(eq(1 << TETHERING_WIFI));
/////
// We do not currently emulate any upstream being found.
@@ -1540,20 +1546,7 @@
mTethering.interfaceRemoved(TEST_WLAN_IFNAME);
mLooper.dispatchAll();
- verify(mNetd, times(1)).tetherApplyDnsInterfaces();
- verify(mNetd, times(1)).tetherInterfaceRemove(TEST_WLAN_IFNAME);
- verify(mNetd, times(1)).networkRemoveInterface(INetd.LOCAL_NET_ID, TEST_WLAN_IFNAME);
- // interfaceSetCfg() called once for enabling and twice for disabling IPv4.
- verify(mNetd, times(3)).interfaceSetCfg(any(InterfaceConfigurationParcel.class));
- verify(mNetd, times(1)).tetherStop();
- verify(mNetd, times(1)).ipfwdDisableForwarding(TETHERING_NAME);
- verify(mWifiManager, times(3)).updateInterfaceIpState(
- TEST_WLAN_IFNAME, WifiManager.IFACE_IP_MODE_UNSPECIFIED);
- verifyNoMoreInteractions(mNetd);
- verifyNoMoreInteractions(mWifiManager);
- // Asking for the last error after the per-interface state machine
- // has been reaped yields an unknown interface error.
- assertEquals(TETHER_ERROR_UNKNOWN_IFACE, mTethering.getLastErrorForTest(TEST_WLAN_IFNAME));
+ verifyStopHotpot();
}
// TODO: Test with and without interfaceStatusChanged().
diff --git a/bpf_progs/bpf_tethering.h b/bpf_progs/bpf_tethering.h
index f9ef6ef..9dae6c9 100644
--- a/bpf_progs/bpf_tethering.h
+++ b/bpf_progs/bpf_tethering.h
@@ -26,31 +26,33 @@
// - The BPF programs in Tethering/bpf_progs/
// - JNI code that depends on the bpf_connectivity_headers library.
-#define BPF_TETHER_ERRORS \
- ERR(INVALID_IP_VERSION) \
- ERR(LOW_TTL) \
- ERR(INVALID_TCP_HEADER) \
- ERR(TCP_CONTROL_PACKET) \
- ERR(NON_GLOBAL_SRC) \
- ERR(NON_GLOBAL_DST) \
- ERR(LOCAL_SRC_DST) \
- ERR(NO_STATS_ENTRY) \
- ERR(NO_LIMIT_ENTRY) \
- ERR(BELOW_IPV4_MTU) \
- ERR(BELOW_IPV6_MTU) \
- ERR(LIMIT_REACHED) \
- ERR(CHANGE_HEAD_FAILED) \
- ERR(TOO_SHORT) \
- ERR(HAS_IP_OPTIONS) \
- ERR(IS_IP_FRAG) \
- ERR(CHECKSUM) \
- ERR(NON_TCP_UDP) \
- ERR(NON_TCP) \
- ERR(SHORT_L4_HEADER) \
- ERR(SHORT_TCP_HEADER) \
- ERR(SHORT_UDP_HEADER) \
- ERR(UDP_CSUM_ZERO) \
- ERR(TRUNCATED_IPV4) \
+#define BPF_TETHER_ERRORS \
+ ERR(INVALID_IPV4_VERSION) \
+ ERR(INVALID_IPV6_VERSION) \
+ ERR(LOW_TTL) \
+ ERR(INVALID_TCP_HEADER) \
+ ERR(TCPV4_CONTROL_PACKET) \
+ ERR(TCPV6_CONTROL_PACKET) \
+ ERR(NON_GLOBAL_SRC) \
+ ERR(NON_GLOBAL_DST) \
+ ERR(LOCAL_SRC_DST) \
+ ERR(NO_STATS_ENTRY) \
+ ERR(NO_LIMIT_ENTRY) \
+ ERR(BELOW_IPV4_MTU) \
+ ERR(BELOW_IPV6_MTU) \
+ ERR(LIMIT_REACHED) \
+ ERR(CHANGE_HEAD_FAILED) \
+ ERR(TOO_SHORT) \
+ ERR(HAS_IP_OPTIONS) \
+ ERR(IS_IP_FRAG) \
+ ERR(CHECKSUM) \
+ ERR(NON_TCP_UDP) \
+ ERR(NON_TCP) \
+ ERR(SHORT_L4_HEADER) \
+ ERR(SHORT_TCP_HEADER) \
+ ERR(SHORT_UDP_HEADER) \
+ ERR(UDP_CSUM_ZERO) \
+ ERR(TRUNCATED_IPV4) \
ERR(_MAX)
#define ERR(x) BPF_TETHER_ERR_ ##x,
diff --git a/bpf_progs/dscpPolicy.c b/bpf_progs/dscpPolicy.c
index f308931..3e4456f 100644
--- a/bpf_progs/dscpPolicy.c
+++ b/bpf_progs/dscpPolicy.c
@@ -57,7 +57,7 @@
uint64_t cookie = bpf_get_socket_cookie(skb);
if (!cookie) return;
- uint16_t sport = 0;
+ __be16 sport = 0;
uint16_t dport = 0;
uint8_t protocol = 0; // TODO: Use are reserved value? Or int (-1) and cast to uint below?
struct in6_addr src_ip = {};
@@ -106,14 +106,14 @@
udp = data + hdr_size;
if ((void*)(udp + 1) > data_end) return;
sport = udp->source;
- dport = udp->dest;
+ dport = ntohs(udp->dest);
} break;
case IPPROTO_TCP: {
struct tcphdr* tcp;
tcp = data + hdr_size;
if ((void*)(tcp + 1) > data_end) return;
sport = tcp->source;
- dport = tcp->dest;
+ dport = ntohs(tcp->dest);
} break;
default:
return;
@@ -121,10 +121,13 @@
RuleEntry* existing_rule = bpf_socket_policy_cache_map_lookup_elem(&cookie);
- if (existing_rule && v6_equal(src_ip, existing_rule->src_ip) &&
- v6_equal(dst_ip, existing_rule->dst_ip) && skb->ifindex == existing_rule->ifindex &&
- ntohs(sport) == htons(existing_rule->src_port) &&
- ntohs(dport) == htons(existing_rule->dst_port) && protocol == existing_rule->proto) {
+ if (existing_rule &&
+ v6_equal(src_ip, existing_rule->src_ip) &&
+ v6_equal(dst_ip, existing_rule->dst_ip) &&
+ skb->ifindex == existing_rule->ifindex &&
+ sport == existing_rule->src_port &&
+ dport == existing_rule->dst_port &&
+ protocol == existing_rule->proto) {
if (existing_rule->dscp_val < 0) return;
if (ipv4) {
uint8_t newTos = UPDATE_TOS(existing_rule->dscp_val, tos);
@@ -145,8 +148,6 @@
int8_t new_dscp = -1;
for (register uint64_t i = 0; i < MAX_POLICIES; i++) {
- int score = 0;
- uint8_t temp_mask = 0;
// Using a uint64 in for loop prevents infinite loop during BPF load,
// but the key is uint32, so convert back.
uint32_t key = i;
@@ -158,38 +159,35 @@
policy = bpf_ipv6_dscp_policies_map_lookup_elem(&key);
}
- // If the policy lookup failed, present_fields is 0, or iface index does not match
- // index on skb buff, then we can continue to next policy.
- if (!policy || policy->present_fields == 0 || policy->ifindex != skb->ifindex) continue;
+ // If the policy lookup failed, just continue (this should not ever happen)
+ if (!policy) continue;
- if ((policy->present_fields & SRC_IP_MASK_FLAG) == SRC_IP_MASK_FLAG &&
- v6_equal(src_ip, policy->src_ip)) {
- score++;
- temp_mask |= SRC_IP_MASK_FLAG;
- }
- if ((policy->present_fields & DST_IP_MASK_FLAG) == DST_IP_MASK_FLAG &&
- v6_equal(dst_ip, policy->dst_ip)) {
- score++;
- temp_mask |= DST_IP_MASK_FLAG;
- }
- if ((policy->present_fields & SRC_PORT_MASK_FLAG) == SRC_PORT_MASK_FLAG &&
- ntohs(sport) == htons(policy->src_port)) {
- score++;
- temp_mask |= SRC_PORT_MASK_FLAG;
- }
- if ((policy->present_fields & DST_PORT_MASK_FLAG) == DST_PORT_MASK_FLAG &&
- ntohs(dport) >= htons(policy->dst_port_start) &&
- ntohs(dport) <= htons(policy->dst_port_end)) {
- score++;
- temp_mask |= DST_PORT_MASK_FLAG;
- }
- if ((policy->present_fields & PROTO_MASK_FLAG) == PROTO_MASK_FLAG &&
- protocol == policy->proto) {
- score++;
- temp_mask |= PROTO_MASK_FLAG;
- }
+ // If policy iface index does not match skb, then skip to next policy.
+ if (policy->ifindex != skb->ifindex) continue;
- if (score > best_score && temp_mask == policy->present_fields) {
+ int score = 0;
+
+ if (policy->present_fields & PROTO_MASK_FLAG) {
+ if (protocol != policy->proto) continue;
+ score += 0xFFFF;
+ }
+ if (policy->present_fields & SRC_IP_MASK_FLAG) {
+ if (v6_not_equal(src_ip, policy->src_ip)) continue;
+ score += 0xFFFF;
+ }
+ if (policy->present_fields & DST_IP_MASK_FLAG) {
+ if (v6_not_equal(dst_ip, policy->dst_ip)) continue;
+ score += 0xFFFF;
+ }
+ if (policy->present_fields & SRC_PORT_MASK_FLAG) {
+ if (sport != policy->src_port) continue;
+ score += 0xFFFF;
+ }
+ if (dport < policy->dst_port_start) continue;
+ if (dport > policy->dst_port_end) continue;
+ score += 0xFFFF + policy->dst_port_start - policy->dst_port_end;
+
+ if (score > best_score) {
best_score = score;
new_dscp = policy->dscp_val;
}
diff --git a/bpf_progs/dscpPolicy.h b/bpf_progs/dscpPolicy.h
index c1db6ab..e565966 100644
--- a/bpf_progs/dscpPolicy.h
+++ b/bpf_progs/dscpPolicy.h
@@ -20,16 +20,22 @@
#define SRC_IP_MASK_FLAG 1
#define DST_IP_MASK_FLAG 2
#define SRC_PORT_MASK_FLAG 4
-#define DST_PORT_MASK_FLAG 8
-#define PROTO_MASK_FLAG 16
+#define PROTO_MASK_FLAG 8
#define STRUCT_SIZE(name, size) _Static_assert(sizeof(name) == (size), "Incorrect struct size.")
-#define v6_equal(a, b) \
- (((a.s6_addr32[0] ^ b.s6_addr32[0]) | \
- (a.s6_addr32[1] ^ b.s6_addr32[1]) | \
- (a.s6_addr32[2] ^ b.s6_addr32[2]) | \
- (a.s6_addr32[3] ^ b.s6_addr32[3])) == 0)
+// Retrieve the first (ie. high) 64 bits of an IPv6 address (in network order)
+#define v6_hi_be64(v) (*(uint64_t*)&((v).s6_addr32[0]))
+
+// Retrieve the last (ie. low) 64 bits of an IPv6 address (in network order)
+#define v6_lo_be64(v) (*(uint64_t*)&((v).s6_addr32[2]))
+
+// This returns a non-zero u64 iff a != b
+#define v6_not_equal(a, b) ((v6_hi_be64(a) ^ v6_hi_be64(b)) \
+ | (v6_lo_be64(a) ^ v6_lo_be64(b)))
+
+// Returns 'a == b' as boolean
+#define v6_equal(a, b) (!v6_not_equal((a), (b)))
// TODO: these are already defined in packages/modules/Connectivity/bpf_progs/bpf_net_helpers.h.
// smove to common location in future.
@@ -47,8 +53,8 @@
struct in6_addr dst_ip;
uint32_t ifindex;
__be16 src_port;
- __be16 dst_port_start;
- __be16 dst_port_end;
+ uint16_t dst_port_start;
+ uint16_t dst_port_end;
uint8_t proto;
int8_t dscp_val; // -1 none, or 0..63 DSCP value
uint8_t present_fields;
@@ -59,11 +65,11 @@
typedef struct {
struct in6_addr src_ip;
struct in6_addr dst_ip;
- __u32 ifindex;
+ uint32_t ifindex;
__be16 src_port;
- __be16 dst_port;
- __u8 proto;
- __s8 dscp_val; // -1 none, or 0..63 DSCP value
- __u8 pad[2];
+ uint16_t dst_port;
+ uint8_t proto;
+ int8_t dscp_val; // -1 none, or 0..63 DSCP value
+ uint8_t pad[2];
} RuleEntry;
STRUCT_SIZE(RuleEntry, 2 * 16 + 1 * 4 + 2 * 2 + 2 * 1 + 2); // 44
diff --git a/bpf_progs/netd.c b/bpf_progs/netd.c
index eb78cb3..10559dd 100644
--- a/bpf_progs/netd.c
+++ b/bpf_progs/netd.c
@@ -85,10 +85,18 @@
DEFINE_BPF_MAP_NO_NETD(iface_index_name_map, HASH, uint32_t, IfaceValue, IFACE_INDEX_NAME_MAP_SIZE)
// iptables xt_bpf programs need to be usable by both netd and netutils_wrappers
+// selinux contexts, because even non-xt_bpf iptables mutations are implemented as
+// a full table dump, followed by an update in userspace, and then a reload into the kernel,
+// where any already in-use xt_bpf matchers are serialized as the path to the pinned
+// program (see XT_BPF_MODE_PATH_PINNED) and then the iptables binary (or rather
+// the kernel acting on behalf of it) must be able to retrieve the pinned program
+// for the reload to succeed
#define DEFINE_XTBPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog) \
DEFINE_BPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog)
// programs that need to be usable by netd, but not by netutils_wrappers
+// (this is because these are currently attached by the mainline provided libnetd_updatable .so
+// which is loaded into netd and thus runs as netd uid/gid/selinux context)
#define DEFINE_NETD_BPF_PROG(SECTION_NAME, prog_uid, prog_gid, the_prog) \
DEFINE_BPF_PROG_EXT(SECTION_NAME, prog_uid, prog_gid, the_prog, \
KVER_NONE, KVER_INF, false, "fs_bpf_netd_readonly", "")
diff --git a/bpf_progs/offload.c b/bpf_progs/offload.c
index 898f2e2..bb9fc34 100644
--- a/bpf_progs/offload.c
+++ b/bpf_progs/offload.c
@@ -155,7 +155,7 @@
if (is_ethernet && (eth->h_proto != htons(ETH_P_IPV6))) return TC_ACT_PIPE;
// IP version must be 6
- if (ip6->version != 6) TC_PUNT(INVALID_IP_VERSION);
+ if (ip6->version != 6) TC_PUNT(INVALID_IPV6_VERSION);
// Cannot decrement during forward if already zero or would be zero,
// Let the kernel's stack handle these cases and generate appropriate ICMP errors.
@@ -171,7 +171,7 @@
TC_PUNT(INVALID_TCP_HEADER);
// Do not offload TCP packets with any one of the SYN/FIN/RST flags
- if (tcph->syn || tcph->fin || tcph->rst) TC_PUNT(TCP_CONTROL_PACKET);
+ if (tcph->syn || tcph->fin || tcph->rst) TC_PUNT(TCPV6_CONTROL_PACKET);
}
// Protect against forwarding packets sourced from ::1 or fe80::/64 or other weirdness.
@@ -370,7 +370,7 @@
// If hardware offload is running and programming flows based on conntrack entries, try not
// to interfere with it, so do not offload TCP packets with any one of the SYN/FIN/RST flags
- if (tcph->syn || tcph->fin || tcph->rst) TC_PUNT(TCP_CONTROL_PACKET);
+ if (tcph->syn || tcph->fin || tcph->rst) TC_PUNT(TCPV4_CONTROL_PACKET);
} else { // UDP
// Make sure we can get at the udp header
if (data + l2_header_size + sizeof(*ip) + sizeof(*udph) > data_end)
@@ -576,7 +576,7 @@
if (is_ethernet && (eth->h_proto != htons(ETH_P_IP))) return TC_ACT_PIPE;
// IP version must be 4
- if (ip->version != 4) TC_PUNT(INVALID_IP_VERSION);
+ if (ip->version != 4) TC_PUNT(INVALID_IPV4_VERSION);
// We cannot handle IP options, just standard 20 byte == 5 dword minimal IPv4 header
if (ip->ihl != 5) TC_PUNT(HAS_IP_OPTIONS);
diff --git a/framework/src/android/net/NetworkScore.java b/framework/src/android/net/NetworkScore.java
index 7be7deb..815e2b0 100644
--- a/framework/src/android/net/NetworkScore.java
+++ b/framework/src/android/net/NetworkScore.java
@@ -181,7 +181,7 @@
@Override
public String toString() {
- return "Score(" + mLegacyInt + " ; Policies : " + mPolicies + ")";
+ return "Score(Policies : " + mPolicies + ")";
}
@Override
diff --git a/service-t/src/com/android/server/ethernet/EthernetConfigStore.java b/service-t/src/com/android/server/ethernet/EthernetConfigStore.java
index 6006539..e4445d0 100644
--- a/service-t/src/com/android/server/ethernet/EthernetConfigStore.java
+++ b/service-t/src/com/android/server/ethernet/EthernetConfigStore.java
@@ -107,8 +107,13 @@
}
private void loadConfigFileLocked(final String filepath) {
+ // readIpConfigurations can return null when the version is invalid.
final ArrayMap<String, IpConfiguration> configs =
IpConfigStore.readIpConfigurations(filepath);
+ if (configs == null) {
+ Log.e(TAG, "IpConfigStore#readIpConfigurations() returned null");
+ return;
+ }
mIpConfigurations.putAll(configs);
}
diff --git a/service-t/src/com/android/server/ethernet/EthernetTracker.java b/service-t/src/com/android/server/ethernet/EthernetTracker.java
index 3e71093..be9beed 100644
--- a/service-t/src/com/android/server/ethernet/EthernetTracker.java
+++ b/service-t/src/com/android/server/ethernet/EthernetTracker.java
@@ -87,14 +87,17 @@
private static final String TEST_IFACE_REGEXP = TEST_TAP_PREFIX + "\\d+";
/**
- * Interface names we track. This is a product-dependent regular expression, plus,
- * if setIncludeTestInterfaces is true, any test interfaces.
+ * Interface names we track. This is a product-dependent regular expression.
+ * Use isValidEthernetInterface to check if a interface name is a valid ethernet interface (this
+ * includes test interfaces if setIncludeTestInterfaces is set to true).
*/
- private volatile String mIfaceMatch;
+ private final String mIfaceMatch;
+
/**
* Track test interfaces if true, don't track otherwise.
+ * Volatile is needed as getInterfaceList() does not run on the handler thread.
*/
- private boolean mIncludeTestInterfaces = false;
+ private volatile boolean mIncludeTestInterfaces = false;
/** Mapping between {iface name | mac address} -> {NetworkCapabilities} */
private final ConcurrentHashMap<String, NetworkCapabilities> mNetworkCapabilities =
@@ -161,7 +164,7 @@
mDeps = deps;
// Interface match regex.
- updateIfaceMatchRegexp();
+ mIfaceMatch = mDeps.getInterfaceRegexFromResource(mContext);
// Read default Ethernet interface configuration from resources
final String[] interfaceConfigs = mDeps.getInterfaceConfigFromResource(context);
@@ -320,9 +323,17 @@
Log.e(TAG, "Could not get list of interfaces " + e);
return interfaceList;
}
- final String ifaceMatch = mIfaceMatch;
+
+ // There is a possible race with setIncludeTestInterfaces() which can affect
+ // isValidEthernetInterface (it returns true for test interfaces if setIncludeTestInterfaces
+ // is set to true).
+ // setIncludeTestInterfaces() is only used in tests, and since getInterfaceList() does not
+ // run on the handler thread, the behavior around setIncludeTestInterfaces() is
+ // indeterminate either way. This can easily be circumvented by waiting on a callback from
+ // a test interface after calling setIncludeTestInterfaces() before calling this function.
+ // In production code, this has no effect.
for (String iface : ifaces) {
- if (iface.matches(ifaceMatch)) interfaceList.add(iface);
+ if (isValidEthernetInterface(iface)) interfaceList.add(iface);
}
return interfaceList;
}
@@ -357,7 +368,6 @@
public void setIncludeTestInterfaces(boolean include) {
mHandler.post(() -> {
mIncludeTestInterfaces = include;
- updateIfaceMatchRegexp();
if (!include) {
removeTestData();
}
@@ -569,7 +579,7 @@
}
private void maybeTrackInterface(String iface) {
- if (!iface.matches(mIfaceMatch)) {
+ if (!isValidEthernetInterface(iface)) {
return;
}
@@ -840,12 +850,8 @@
return ret;
}
- private void updateIfaceMatchRegexp() {
- final String match = mDeps.getInterfaceRegexFromResource(mContext);
- mIfaceMatch = mIncludeTestInterfaces
- ? "(" + match + "|" + TEST_IFACE_REGEXP + ")"
- : match;
- Log.d(TAG, "Interface match regexp set to '" + mIfaceMatch + "'");
+ private boolean isValidEthernetInterface(String iface) {
+ return iface.matches(mIfaceMatch) || isValidTestInterface(iface);
}
/**
diff --git a/service/native/TrafficController.cpp b/service/native/TrafficController.cpp
index 71329ad..303112f 100644
--- a/service/native/TrafficController.cpp
+++ b/service/native/TrafficController.cpp
@@ -612,6 +612,8 @@
ScopedIndent indentPreBpfModule(dw);
dw.blankline();
+ dw.println("mCookieTagMap status: %s",
+ getMapStatus(mCookieTagMap.getMap(), COOKIE_TAG_MAP_PATH).c_str());
dw.println("mStatsMapA status: %s",
getMapStatus(mStatsMapA.getMap(), STATS_MAP_A_PATH).c_str());
dw.println("mStatsMapB status: %s",
@@ -647,6 +649,21 @@
ScopedIndent indentForMapContent(dw);
+ // Print CookieTagMap content.
+ // TagSocketTest in CTS was using the output of mCookieTagMap dump.
+ // So, mCookieTagMap dump can not be removed until the previous CTS support period is over.
+ dumpBpfMap("mCookieTagMap", dw, "");
+ const auto printCookieTagInfo = [&dw](const uint64_t& key, const UidTagValue& value,
+ const BpfMap<uint64_t, UidTagValue>&) {
+ dw.println("cookie=%" PRIu64 " tag=0x%x uid=%u", key, value.tag, value.uid);
+ return base::Result<void>();
+ };
+ base::Result<void> res = mCookieTagMap.iterateWithValue(printCookieTagInfo);
+ if (!res.ok()) {
+ dw.println("mCookieTagMap print end with error: %s", res.error().message().c_str());
+ }
+
+
// Print uidStatsMap content.
std::string statsHeader = StringPrintf("ifaceIndex ifaceName tag_hex uid_int cnt_set rxBytes"
" rxPackets txBytes txPackets");
@@ -663,7 +680,7 @@
value.rxPackets, value.txBytes, value.txPackets);
return base::Result<void>();
};
- base::Result<void> res = mStatsMapA.iterateWithValue(printStatsInfo);
+ res = mStatsMapA.iterateWithValue(printStatsInfo);
if (!res.ok()) {
dw.println("mStatsMapA print end with error: %s", res.error().message().c_str());
}
diff --git a/service/native/TrafficControllerTest.cpp b/service/native/TrafficControllerTest.cpp
index 256a2a0..d08ffee 100644
--- a/service/native/TrafficControllerTest.cpp
+++ b/service/native/TrafficControllerTest.cpp
@@ -791,6 +791,8 @@
// ifaceIndex ifaceName tag_hex uid_int cnt_set rxBytes rxPackets txBytes txPackets
// 999 test0 0x2a 10086 1 100 1 0 0
std::vector<std::string> expectedLines = {
+ "mCookieTagMap:",
+ fmt::format("cookie={} tag={:#x} uid={}", TEST_COOKIE, TEST_TAG, TEST_UID),
"mStatsMapA",
"ifaceIndex ifaceName tag_hex uid_int cnt_set rxBytes rxPackets txBytes txPackets",
fmt::format("{} {} {:#x} {} {} {} {} {} {}",
@@ -826,6 +828,7 @@
"Read value of map -1 failed: Bad file descriptor";
std::vector<std::string> expectedLines = {
+ fmt::format("mCookieTagMap {}", kErrIterate),
fmt::format("mStatsMapA {}", kErrIterate),
fmt::format("mStatsMapB {}", kErrIterate),
fmt::format("mIfaceIndexNameMap {}", kErrIterate),
diff --git a/service/src/com/android/server/BpfNetMaps.java b/service/src/com/android/server/BpfNetMaps.java
index 7e6285a..594223c 100644
--- a/service/src/com/android/server/BpfNetMaps.java
+++ b/service/src/com/android/server/BpfNetMaps.java
@@ -40,7 +40,6 @@
import android.system.Os;
import android.util.Log;
-import com.android.internal.annotations.GuardedBy;
import com.android.internal.annotations.VisibleForTesting;
import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.BpfMap;
@@ -365,7 +364,13 @@
*/
public void addNaughtyApp(final int uid) {
throwIfPreT("addNaughtyApp is not available on pre-T devices");
- addRule(uid, PENALTY_BOX_MATCH, "addNaughtyApp");
+
+ if (sEnableJavaBpfMap) {
+ addRule(uid, PENALTY_BOX_MATCH, "addNaughtyApp");
+ } else {
+ final int err = native_addNaughtyApp(uid);
+ maybeThrow(err, "Unable to add naughty app");
+ }
}
/**
@@ -377,7 +382,13 @@
*/
public void removeNaughtyApp(final int uid) {
throwIfPreT("removeNaughtyApp is not available on pre-T devices");
- removeRule(uid, PENALTY_BOX_MATCH, "removeNaughtyApp");
+
+ if (sEnableJavaBpfMap) {
+ removeRule(uid, PENALTY_BOX_MATCH, "removeNaughtyApp");
+ } else {
+ final int err = native_removeNaughtyApp(uid);
+ maybeThrow(err, "Unable to remove naughty app");
+ }
}
/**
@@ -389,7 +400,13 @@
*/
public void addNiceApp(final int uid) {
throwIfPreT("addNiceApp is not available on pre-T devices");
- addRule(uid, HAPPY_BOX_MATCH, "addNiceApp");
+
+ if (sEnableJavaBpfMap) {
+ addRule(uid, HAPPY_BOX_MATCH, "addNiceApp");
+ } else {
+ final int err = native_addNiceApp(uid);
+ maybeThrow(err, "Unable to add nice app");
+ }
}
/**
@@ -401,7 +418,13 @@
*/
public void removeNiceApp(final int uid) {
throwIfPreT("removeNiceApp is not available on pre-T devices");
- removeRule(uid, HAPPY_BOX_MATCH, "removeNiceApp");
+
+ if (sEnableJavaBpfMap) {
+ removeRule(uid, HAPPY_BOX_MATCH, "removeNiceApp");
+ } else {
+ final int err = native_removeNiceApp(uid);
+ maybeThrow(err, "Unable to remove nice app");
+ }
}
/**
@@ -468,36 +491,73 @@
public void replaceUidChain(final int chain, final int[] uids) {
throwIfPreT("replaceUidChain is not available on pre-T devices");
- final long match;
- try {
- match = getMatchByFirewallChain(chain);
- } catch (ServiceSpecificException e) {
- // Throws IllegalArgumentException to keep the behavior of
- // ConnectivityManager#replaceFirewallChain API
- throw new IllegalArgumentException("Invalid firewall chain: " + chain);
- }
- final Set<Integer> uidSet = Arrays.stream(uids).boxed().collect(Collectors.toSet());
- final Set<Integer> uidSetToRemoveRule = new HashSet<>();
- try {
- synchronized (sUidOwnerMap) {
- sUidOwnerMap.forEach((uid, config) -> {
- // config could be null if there is a concurrent entry deletion.
- // http://b/220084230.
- if (config != null
- && !uidSet.contains((int) uid.val) && (config.rule & match) != 0) {
- uidSetToRemoveRule.add((int) uid.val);
- }
- });
-
- for (final int uid : uidSetToRemoveRule) {
- removeRule(uid, match, "replaceUidChain");
- }
- for (final int uid : uids) {
- addRule(uid, match, "replaceUidChain");
- }
+ if (sEnableJavaBpfMap) {
+ final long match;
+ try {
+ match = getMatchByFirewallChain(chain);
+ } catch (ServiceSpecificException e) {
+ // Throws IllegalArgumentException to keep the behavior of
+ // ConnectivityManager#replaceFirewallChain API
+ throw new IllegalArgumentException("Invalid firewall chain: " + chain);
}
- } catch (ErrnoException | ServiceSpecificException e) {
- Log.e(TAG, "replaceUidChain failed: " + e);
+ final Set<Integer> uidSet = Arrays.stream(uids).boxed().collect(Collectors.toSet());
+ final Set<Integer> uidSetToRemoveRule = new HashSet<>();
+ try {
+ synchronized (sUidOwnerMap) {
+ sUidOwnerMap.forEach((uid, config) -> {
+ // config could be null if there is a concurrent entry deletion.
+ // http://b/220084230.
+ if (config != null
+ && !uidSet.contains((int) uid.val) && (config.rule & match) != 0) {
+ uidSetToRemoveRule.add((int) uid.val);
+ }
+ });
+
+ for (final int uid : uidSetToRemoveRule) {
+ removeRule(uid, match, "replaceUidChain");
+ }
+ for (final int uid : uids) {
+ addRule(uid, match, "replaceUidChain");
+ }
+ }
+ } catch (ErrnoException | ServiceSpecificException e) {
+ Log.e(TAG, "replaceUidChain failed: " + e);
+ }
+ } else {
+ final int err;
+ switch (chain) {
+ case FIREWALL_CHAIN_DOZABLE:
+ err = native_replaceUidChain("fw_dozable", true /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_STANDBY:
+ err = native_replaceUidChain("fw_standby", false /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_POWERSAVE:
+ err = native_replaceUidChain("fw_powersave", true /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_RESTRICTED:
+ err = native_replaceUidChain("fw_restricted", true /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_LOW_POWER_STANDBY:
+ err = native_replaceUidChain(
+ "fw_low_power_standby", true /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_OEM_DENY_1:
+ err = native_replaceUidChain("fw_oem_deny_1", false /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_OEM_DENY_2:
+ err = native_replaceUidChain("fw_oem_deny_2", false /* isAllowList */, uids);
+ break;
+ case FIREWALL_CHAIN_OEM_DENY_3:
+ err = native_replaceUidChain("fw_oem_deny_3", false /* isAllowList */, uids);
+ break;
+ default:
+ throw new IllegalArgumentException("replaceFirewallChain with invalid chain: "
+ + chain);
+ }
+ if (err != 0) {
+ Log.e(TAG, "replaceUidChain failed: " + Os.strerror(-err));
+ }
}
}
@@ -513,15 +573,20 @@
public void setUidRule(final int childChain, final int uid, final int firewallRule) {
throwIfPreT("setUidRule is not available on pre-T devices");
- final long match = getMatchByFirewallChain(childChain);
- final boolean isAllowList = isFirewallAllowList(childChain);
- final boolean add = (firewallRule == FIREWALL_RULE_ALLOW && isAllowList)
- || (firewallRule == FIREWALL_RULE_DENY && !isAllowList);
+ if (sEnableJavaBpfMap) {
+ final long match = getMatchByFirewallChain(childChain);
+ final boolean isAllowList = isFirewallAllowList(childChain);
+ final boolean add = (firewallRule == FIREWALL_RULE_ALLOW && isAllowList)
+ || (firewallRule == FIREWALL_RULE_DENY && !isAllowList);
- if (add) {
- addRule(uid, match, "setUidRule");
+ if (add) {
+ addRule(uid, match, "setUidRule");
+ } else {
+ removeRule(uid, match, "setUidRule");
+ }
} else {
- removeRule(uid, match, "setUidRule");
+ final int err = native_setUidRule(childChain, uid, firewallRule);
+ maybeThrow(err, "Unable to set uid rule");
}
}
@@ -547,24 +612,30 @@
mNetd.firewallAddUidInterfaceRules(ifName, uids);
return;
}
- // Null ifName is a wildcard to allow apps to receive packets on all interfaces and ifIndex
- // is set to 0.
- final int ifIndex;
- if (ifName == null) {
- ifIndex = 0;
+
+ if (sEnableJavaBpfMap) {
+ // Null ifName is a wildcard to allow apps to receive packets on all interfaces and
+ // ifIndex is set to 0.
+ final int ifIndex;
+ if (ifName == null) {
+ ifIndex = 0;
+ } else {
+ ifIndex = mDeps.getIfIndex(ifName);
+ if (ifIndex == 0) {
+ throw new ServiceSpecificException(ENODEV,
+ "Failed to get index of interface " + ifName);
+ }
+ }
+ for (final int uid : uids) {
+ try {
+ addRule(uid, IIF_MATCH, ifIndex, "addUidInterfaceRules");
+ } catch (ServiceSpecificException e) {
+ Log.e(TAG, "addRule failed uid=" + uid + " ifName=" + ifName + ", " + e);
+ }
+ }
} else {
- ifIndex = mDeps.getIfIndex(ifName);
- if (ifIndex == 0) {
- throw new ServiceSpecificException(ENODEV,
- "Failed to get index of interface " + ifName);
- }
- }
- for (final int uid: uids) {
- try {
- addRule(uid, IIF_MATCH, ifIndex, "addUidInterfaceRules");
- } catch (ServiceSpecificException e) {
- Log.e(TAG, "addRule failed uid=" + uid + " ifName=" + ifName + ", " + e);
- }
+ final int err = native_addUidInterfaceRules(ifName, uids);
+ maybeThrow(err, "Unable to add uid interface rules");
}
}
@@ -584,12 +655,18 @@
mNetd.firewallRemoveUidInterfaceRules(uids);
return;
}
- for (final int uid: uids) {
- try {
- removeRule(uid, IIF_MATCH, "removeUidInterfaceRules");
- } catch (ServiceSpecificException e) {
- Log.e(TAG, "removeRule failed uid=" + uid + ", " + e);
+
+ if (sEnableJavaBpfMap) {
+ for (final int uid : uids) {
+ try {
+ removeRule(uid, IIF_MATCH, "removeUidInterfaceRules");
+ } catch (ServiceSpecificException e) {
+ Log.e(TAG, "removeRule failed uid=" + uid + ", " + e);
+ }
}
+ } else {
+ final int err = native_removeUidInterfaceRules(uids);
+ maybeThrow(err, "Unable to remove uid interface rules");
}
}
@@ -603,10 +680,16 @@
*/
public void updateUidLockdownRule(final int uid, final boolean add) {
throwIfPreT("updateUidLockdownRule is not available on pre-T devices");
- if (add) {
- addRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+
+ if (sEnableJavaBpfMap) {
+ if (add) {
+ addRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+ } else {
+ removeRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+ }
} else {
- removeRule(uid, LOCKDOWN_VPN_MATCH, "updateUidLockdownRule");
+ final int err = native_updateUidLockdownRule(uid, add);
+ maybeThrow(err, "Unable to update lockdown rule");
}
}
@@ -657,24 +740,15 @@
}
private static native void native_init();
- @GuardedBy("sUidOwnerMap")
private native int native_addNaughtyApp(int uid);
- @GuardedBy("sUidOwnerMap")
private native int native_removeNaughtyApp(int uid);
- @GuardedBy("sUidOwnerMap")
private native int native_addNiceApp(int uid);
- @GuardedBy("sUidOwnerMap")
private native int native_removeNiceApp(int uid);
private native int native_setChildChain(int childChain, boolean enable);
- @GuardedBy("sUidOwnerMap")
private native int native_replaceUidChain(String name, boolean isAllowlist, int[] uids);
- @GuardedBy("sUidOwnerMap")
private native int native_setUidRule(int childChain, int uid, int firewallRule);
- @GuardedBy("sUidOwnerMap")
private native int native_addUidInterfaceRules(String ifName, int[] uids);
- @GuardedBy("sUidOwnerMap")
private native int native_removeUidInterfaceRules(int[] uids);
- @GuardedBy("sUidOwnerMap")
private native int native_updateUidLockdownRule(int uid, boolean add);
private native int native_swapActiveStatsMap();
private native void native_setPermissionForUids(int permissions, int[] uids);
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index 7b5026d..7342efa 100644
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -380,7 +380,7 @@
// See ConnectivitySettingsManager.CONNECTIVITY_RELEASE_PENDING_INTENT_DELAY_MS
private final int mReleasePendingIntentDelayMs;
- private MockableSystemProperties mSystemProperties;
+ private final MockableSystemProperties mSystemProperties;
@VisibleForTesting
protected final PermissionMonitor mPermissionMonitor;
@@ -396,7 +396,7 @@
* Stale copy of uid blocked reasons provided by NPMS. As long as they are accessed only in
* internal handler thread, they don't need a lock.
*/
- private SparseIntArray mUidBlockedReasons = new SparseIntArray();
+ private final SparseIntArray mUidBlockedReasons = new SparseIntArray();
private final Context mContext;
private final ConnectivityResources mResources;
@@ -412,9 +412,8 @@
@VisibleForTesting
protected INetd mNetd;
private DscpPolicyTracker mDscpPolicyTracker = null;
- private NetworkStatsManager mStatsManager;
- private NetworkPolicyManager mPolicyManager;
- private final NetdCallback mNetdCallback;
+ private final NetworkStatsManager mStatsManager;
+ private final NetworkPolicyManager mPolicyManager;
private final BpfNetMaps mBpfNetMaps;
/**
@@ -780,7 +779,7 @@
private boolean mSystemReady;
private Intent mInitialBroadcast;
- private PowerManager.WakeLock mNetTransitionWakeLock;
+ private final PowerManager.WakeLock mNetTransitionWakeLock;
private final PowerManager.WakeLock mPendingIntentWakeLock;
// A helper object to track the current default HTTP proxy. ConnectivityService needs to tell
@@ -790,10 +789,10 @@
final private SettingsObserver mSettingsObserver;
- private UserManager mUserManager;
+ private final UserManager mUserManager;
// the set of network types that can only be enabled by system/sig apps
- private List<Integer> mProtectedNetworks;
+ private final List<Integer> mProtectedNetworks;
private Set<String> mWolSupportedInterfaces;
@@ -803,10 +802,10 @@
private final LocationPermissionChecker mLocationPermissionChecker;
- private KeepaliveTracker mKeepaliveTracker;
- private QosCallbackTracker mQosCallbackTracker;
- private NetworkNotificationManager mNotifier;
- private LingerMonitor mLingerMonitor;
+ private final KeepaliveTracker mKeepaliveTracker;
+ private final QosCallbackTracker mQosCallbackTracker;
+ private final NetworkNotificationManager mNotifier;
+ private final LingerMonitor mLingerMonitor;
// sequence number of NetworkRequests
private int mNextNetworkRequestId = NetworkRequest.FIRST_REQUEST_ID;
@@ -834,7 +833,7 @@
private final IpConnectivityLog mMetricsLog;
@GuardedBy("mBandwidthRequests")
- private final SparseArray<Integer> mBandwidthRequests = new SparseArray(10);
+ private final SparseArray<Integer> mBandwidthRequests = new SparseArray<>(10);
@VisibleForTesting
final MultinetworkPolicyTracker mMultinetworkPolicyTracker;
@@ -893,7 +892,7 @@
* - getRestoreTimerForType(type) is also synchronized on mTypeLists.
* - dump is thread-safe with respect to concurrent add and remove calls.
*/
- private final ArrayList<NetworkAgentInfo> mTypeLists[];
+ private final ArrayList<NetworkAgentInfo>[] mTypeLists;
@NonNull
private final ConnectivityService mService;
@@ -1096,8 +1095,7 @@
}
}
- // send out another legacy broadcast - currently only used for suspend/unsuspend
- // toggle
+ // send out another legacy broadcast - currently only used for suspend/unsuspend toggle
public void update(NetworkAgentInfo nai) {
final boolean isDefault = mService.isDefaultNetwork(nai);
final DetailedState state = nai.networkInfo.getDetailedState();
@@ -1221,31 +1219,16 @@
*/
public void incrementCountOrThrow(final int uid) {
synchronized (mUidToNetworkRequestCount) {
- incrementCountOrThrow(uid, 1 /* numToIncrement */);
+ final int newRequestCount = mUidToNetworkRequestCount.get(uid, 0) + 1;
+ if (newRequestCount >= mMaxCountPerUid) {
+ throw new ServiceSpecificException(
+ ConnectivityManager.Errors.TOO_MANY_REQUESTS,
+ "Uid " + uid + " exceeded its allotted requests limit");
+ }
+ mUidToNetworkRequestCount.put(uid, newRequestCount);
}
}
- private void incrementCountOrThrow(final int uid, final int numToIncrement) {
- final int newRequestCount =
- mUidToNetworkRequestCount.get(uid, 0) + numToIncrement;
- if (newRequestCount >= mMaxCountPerUid
- // HACK : the system server is allowed to go over the request count limit
- // when it is creating requests on behalf of another app (but not itself,
- // so it can still detect its own request leaks). This only happens in the
- // per-app API flows in which case the old requests for that particular
- // UID will be removed soon.
- // TODO : instead of this hack, addPerAppDefaultNetworkRequests and other
- // users of transact() should unregister the requests to decrease the count
- // before they increase it again by creating a new NRI. Then remove the
- // transact() method.
- && (Process.myUid() == uid || Process.myUid() != Binder.getCallingUid())) {
- throw new ServiceSpecificException(
- ConnectivityManager.Errors.TOO_MANY_REQUESTS,
- "Uid " + uid + " exceeded its allotted requests limit");
- }
- mUidToNetworkRequestCount.put(uid, newRequestCount);
- }
-
/**
* Decrements the request count of the given uid.
*
@@ -1253,21 +1236,18 @@
*/
public void decrementCount(final int uid) {
synchronized (mUidToNetworkRequestCount) {
- decrementCount(uid, 1 /* numToDecrement */);
+ /* numToDecrement */
+ final int newRequestCount = mUidToNetworkRequestCount.get(uid, 0) - 1;
+ if (newRequestCount < 0) {
+ logwtf("BUG: too small request count " + newRequestCount + " for UID " + uid);
+ } else if (newRequestCount == 0) {
+ mUidToNetworkRequestCount.delete(uid);
+ } else {
+ mUidToNetworkRequestCount.put(uid, newRequestCount);
+ }
}
}
- private void decrementCount(final int uid, final int numToDecrement) {
- final int newRequestCount =
- mUidToNetworkRequestCount.get(uid, 0) - numToDecrement;
- if (newRequestCount < 0) {
- logwtf("BUG: too small request count " + newRequestCount + " for UID " + uid);
- } else if (newRequestCount == 0) {
- mUidToNetworkRequestCount.delete(uid);
- } else {
- mUidToNetworkRequestCount.put(uid, newRequestCount);
- }
- }
}
/**
@@ -1376,7 +1356,11 @@
/**
* @see CarrierPrivilegeAuthenticator
+ *
+ * This method returns null in versions before T, where carrier privilege
+ * authentication is not supported.
*/
+ @Nullable
public CarrierPrivilegeAuthenticator makeCarrierPrivilegeAuthenticator(
@NonNull final Context context, @NonNull final TelephonyManager tm) {
if (SdkLevel.isAtLeastT()) {
@@ -1396,7 +1380,7 @@
/**
* Get the BpfNetMaps implementation to use in ConnectivityService.
- * @param netd
+ * @param netd a netd binder
* @return BpfNetMaps implementation.
*/
public BpfNetMaps getBpfNetMaps(Context context, INetd netd) {
@@ -1581,9 +1565,9 @@
mNetworkActivityTracker = new LegacyNetworkActivityTracker(mContext, mHandler, mNetd);
- mNetdCallback = new NetdCallback();
+ final NetdCallback netdCallback = new NetdCallback();
try {
- mNetd.registerUnsolicitedEventListener(mNetdCallback);
+ mNetd.registerUnsolicitedEventListener(netdCallback);
} catch (RemoteException | ServiceSpecificException e) {
loge("Error registering event listener :" + e);
}
@@ -1722,11 +1706,6 @@
mHandler.sendEmptyMessage(EVENT_INGRESS_RATE_LIMIT_CHANGED);
}
- private void handleAlwaysOnNetworkRequest(NetworkRequest networkRequest, int id) {
- final boolean enable = mContext.getResources().getBoolean(id);
- handleAlwaysOnNetworkRequest(networkRequest, enable);
- }
-
private void handleAlwaysOnNetworkRequest(
NetworkRequest networkRequest, String settingName, boolean defaultValue) {
final boolean enable = toBool(Settings.Global.getInt(
@@ -1769,12 +1748,12 @@
Settings.Global.getUriFor(Settings.Global.HTTP_PROXY),
EVENT_APPLY_GLOBAL_HTTP_PROXY);
- // Watch for whether or not to keep mobile data always on.
+ // Watch for whether to keep mobile data always on.
mSettingsObserver.observe(
Settings.Global.getUriFor(ConnectivitySettingsManager.MOBILE_DATA_ALWAYS_ON),
EVENT_CONFIGURE_ALWAYS_ON_NETWORKS);
- // Watch for whether or not to keep wifi always on.
+ // Watch for whether to keep wifi always on.
mSettingsObserver.observe(
Settings.Global.getUriFor(ConnectivitySettingsManager.WIFI_ALWAYS_REQUESTED),
EVENT_CONFIGURE_ALWAYS_ON_NETWORKS);
@@ -1804,6 +1783,7 @@
}
@VisibleForTesting
+ @Nullable
protected NetworkAgentInfo getNetworkAgentInfoForNetwork(Network network) {
if (network == null) {
return null;
@@ -1818,6 +1798,7 @@
}
// TODO: determine what to do when more than one VPN applies to |uid|.
+ @Nullable
private NetworkAgentInfo getVpnForUid(int uid) {
synchronized (mNetworkForNetId) {
for (int i = 0; i < mNetworkForNetId.size(); i++) {
@@ -1830,6 +1811,7 @@
return null;
}
+ @Nullable
private Network[] getVpnUnderlyingNetworks(int uid) {
if (mLockdownEnabled) return null;
final NetworkAgentInfo nai = getVpnForUid(uid);
@@ -1941,6 +1923,7 @@
* active
*/
@Override
+ @Nullable
public NetworkInfo getActiveNetworkInfo() {
enforceAccessPermission();
final int uid = mDeps.getCallingUid();
@@ -1952,17 +1935,20 @@
}
@Override
+ @Nullable
public Network getActiveNetwork() {
enforceAccessPermission();
return getActiveNetworkForUidInternal(mDeps.getCallingUid(), false);
}
@Override
+ @Nullable
public Network getActiveNetworkForUid(int uid, boolean ignoreBlocked) {
enforceNetworkStackPermission(mContext);
return getActiveNetworkForUidInternal(uid, ignoreBlocked);
}
+ @Nullable
private Network getActiveNetworkForUidInternal(final int uid, boolean ignoreBlocked) {
final NetworkAgentInfo vpnNai = getVpnForUid(uid);
if (vpnNai != null) {
@@ -1981,6 +1967,7 @@
}
@Override
+ @Nullable
public NetworkInfo getActiveNetworkInfoForUid(int uid, boolean ignoreBlocked) {
enforceNetworkStackPermission(mContext);
final NetworkAgentInfo nai = getNetworkAgentInfoForUid(uid);
@@ -2017,6 +2004,7 @@
}
@Override
+ @Nullable
public NetworkInfo getNetworkInfo(int networkType) {
enforceAccessPermission();
final int uid = mDeps.getCallingUid();
@@ -2035,6 +2023,7 @@
}
@Override
+ @Nullable
public NetworkInfo getNetworkInfoForUid(Network network, int uid, boolean ignoreBlocked) {
enforceAccessPermission();
final NetworkAgentInfo nai = getNetworkAgentInfoForNetwork(network);
@@ -2057,6 +2046,7 @@
}
@Override
+ @Nullable
public Network getNetworkForType(int networkType) {
enforceAccessPermission();
if (!mLegacyTypeTracker.isTypeSupported(networkType)) {
@@ -2074,6 +2064,7 @@
}
@Override
+ @NonNull
public Network[] getAllNetworks() {
enforceAccessPermission();
synchronized (mNetworkForNetId) {
@@ -2534,7 +2525,7 @@
snapshot.getNetwork(), snapshot.getSubscriberId()));
}
}
- return result.toArray(new NetworkState[result.size()]);
+ return result.toArray(new NetworkState[0]);
}
@Override
@@ -2632,7 +2623,7 @@
try {
addr = InetAddress.getByAddress(hostAddress);
} catch (UnknownHostException e) {
- if (DBG) log("requestRouteToHostAddress got " + e.toString());
+ if (DBG) log("requestRouteToHostAddress got " + e);
return false;
}
@@ -2643,7 +2634,7 @@
NetworkAgentInfo nai = mLegacyTypeTracker.getNetworkForType(networkType);
if (nai == null) {
- if (mLegacyTypeTracker.isTypeSupported(networkType) == false) {
+ if (!mLegacyTypeTracker.isTypeSupported(networkType)) {
if (DBG) log("requestRouteToHostAddress on unsupported network: " + networkType);
} else {
if (DBG) log("requestRouteToHostAddress on down network: " + networkType);
@@ -2736,7 +2727,7 @@
// the caller thread of registerNetworkAgent. Thus, it's not allowed to register netd
// event callback for certain nai. e.g. cellular. Register here to pass to
// NetworkMonitor instead.
- // TODO: Move the Dns Event to NetworkMonitor. NetdEventListenerService only allow one
+ // TODO: Move the Dns Event to NetworkMonitor. NetdEventListenerService only allows one
// callback from each caller type. Need to re-factor NetdEventListenerService to allow
// multiple NetworkMonitor registrants.
if (nai != null && nai.satisfies(mDefaultRequest.mRequests.get(0))) {
@@ -3101,8 +3092,9 @@
mHandler.sendMessage(mHandler.obtainMessage(EVENT_CONFIGURE_ALWAYS_ON_NETWORKS));
// Update mobile data preference if necessary.
- // Note that empty uid list can be skip here only because no uid rules applied before system
- // ready. Normally, the empty uid list means to clear the uids rules on netd.
+ // Note that updating can be skipped here if the list is empty only because no uid
+ // rules are applied before system ready. Normally, the empty uid list means to clear
+ // the uids rules on netd.
if (!ConnectivitySettingsManager.getMobileDataPreferredUids(mContext).isEmpty()) {
updateMobileDataPreferredUids();
}
@@ -3216,7 +3208,7 @@
}
private void dumpNetworkDiagnostics(IndentingPrintWriter pw) {
- final List<NetworkDiagnostics> netDiags = new ArrayList<NetworkDiagnostics>();
+ final List<NetworkDiagnostics> netDiags = new ArrayList<>();
final long DIAG_TIME_MS = 5000;
for (NetworkAgentInfo nai : networksSortedById()) {
PrivateDnsConfig privateDnsCfg = mDnsManager.getPrivateDnsConfig(nai.network);
@@ -3604,12 +3596,11 @@
switch (msg.what) {
case NetworkAgent.EVENT_NETWORK_CAPABILITIES_CHANGED: {
- nai.declaredCapabilitiesUnsanitized =
- new NetworkCapabilities((NetworkCapabilities) arg.second);
- final NetworkCapabilities sanitized = sanitizedCapabilitiesFromAgent(
- mCarrierPrivilegeAuthenticator, nai);
+ nai.setDeclaredCapabilities((NetworkCapabilities) arg.second);
+ final NetworkCapabilities sanitized =
+ nai.getDeclaredCapabilitiesSanitized(mCarrierPrivilegeAuthenticator);
maybeUpdateWifiRoamTimestamp(nai, sanitized);
- updateCapabilities(nai.getCurrentScore(), nai, sanitized);
+ updateCapabilities(nai.getScore(), nai, sanitized);
break;
}
case NetworkAgent.EVENT_NETWORK_PROPERTIES_CHANGED: {
@@ -3877,7 +3868,7 @@
log(nai.toShortString() + " validation " + (valid ? "passed" : "failed") + logMsg);
}
if (valid != nai.lastValidated) {
- final int oldScore = nai.getCurrentScore();
+ final FullScore oldScore = nai.getScore();
nai.lastValidated = valid;
nai.everValidated |= valid;
updateCapabilities(oldScore, nai, nai.networkCapabilities);
@@ -3953,7 +3944,7 @@
}
@Override
- public void handleMessage(Message msg) {
+ public void handleMessage(@NonNull Message msg) {
if (!maybeHandleNetworkMonitorMessage(msg)
&& !maybeHandleNetworkAgentInfoMessage(msg)) {
maybeHandleNetworkAgentMessage(msg);
@@ -4422,12 +4413,14 @@
}
config = new NativeNetworkConfig(nai.network.getNetId(), NativeNetworkType.VIRTUAL,
INetd.PERMISSION_NONE,
- (nai.networkAgentConfig == null || !nai.networkAgentConfig.allowBypass),
+ !nai.networkAgentConfig.allowBypass /* secure */,
getVpnType(nai), nai.networkAgentConfig.excludeLocalRouteVpn);
} else {
config = new NativeNetworkConfig(nai.network.getNetId(), NativeNetworkType.PHYSICAL,
- getNetworkPermission(nai.networkCapabilities), /*secure=*/ false,
- VpnManager.TYPE_VPN_NONE, /*excludeLocalRoutes=*/ false);
+ getNetworkPermission(nai.networkCapabilities),
+ false /* secure */,
+ VpnManager.TYPE_VPN_NONE,
+ false /* excludeLocalRoutes */);
}
mNetd.networkCreate(config);
mDnsResolver.createNetworkCache(nai.network.getNetId());
@@ -7260,8 +7253,7 @@
* later : see {@link #updateLinkProperties}.
* @param networkCapabilities the initial capabilites of this network. They can be updated
* later : see {@link #updateCapabilities}.
- * @param initialScore the initial score of the network. See
- * {@link NetworkAgentInfo#getCurrentScore}.
+ * @param initialScore the initial score of the network. See {@link NetworkAgentInfo#getScore}.
* @param networkAgentConfig metadata about the network. This is never updated.
* @param providerId the ID of the provider owning this NetworkAgent.
* @return the network created for this agent.
@@ -7296,18 +7288,23 @@
NetworkScore currentScore, NetworkAgentConfig networkAgentConfig, int providerId,
int uid) {
+ // Make a copy of the passed NI, LP, NC as the caller may hold a reference to them
+ // and mutate them at any time.
+ final NetworkInfo niCopy = new NetworkInfo(networkInfo);
+ final NetworkCapabilities ncCopy = new NetworkCapabilities(networkCapabilities);
+ final LinkProperties lpCopy = new LinkProperties(linkProperties);
+
// At this point the capabilities/properties are untrusted and unverified, e.g. checks that
- // the capabilities' access UID comply with security limitations. They will be sanitized
+ // the capabilities' access UIDs comply with security limitations. They will be sanitized
// as the NAI registration finishes, in handleRegisterNetworkAgent(). This is
// because some of the checks must happen on the handler thread.
final NetworkAgentInfo nai = new NetworkAgentInfo(na,
- new Network(mNetIdManager.reserveNetId()), new NetworkInfo(networkInfo),
- linkProperties, networkCapabilities,
+ new Network(mNetIdManager.reserveNetId()), niCopy, lpCopy, ncCopy,
currentScore, mContext, mTrackerHandler, new NetworkAgentConfig(networkAgentConfig),
this, mNetd, mDnsResolver, providerId, uid, mLingerDelayMs,
mQosCallbackTracker, mDeps);
- final String extraInfo = networkInfo.getExtraInfo();
+ final String extraInfo = niCopy.getExtraInfo();
final String name = TextUtils.isEmpty(extraInfo)
? nai.networkCapabilities.getSsid() : extraInfo;
if (DBG) log("registerNetworkAgent " + nai);
@@ -7322,19 +7319,12 @@
private void handleRegisterNetworkAgent(NetworkAgentInfo nai, INetworkMonitor networkMonitor) {
if (VDBG) log("Network Monitor created for " + nai);
- // nai.nc and nai.lp are the same object that was passed by the network agent if the agent
- // lives in the same process as this code (e.g. wifi), so make sure this code doesn't
- // mutate their object. TODO : make this copy much earlier to avoid them mutating it
- // while the network monitor is starting.
- final LinkProperties lp = new LinkProperties(nai.linkProperties);
// Store a copy of the declared capabilities.
- nai.declaredCapabilitiesUnsanitized = new NetworkCapabilities(nai.networkCapabilities);
+ nai.setDeclaredCapabilities(nai.networkCapabilities);
// Make sure the LinkProperties and NetworkCapabilities reflect what the agent info said.
- final NetworkCapabilities nc =
- sanitizedCapabilitiesFromAgent(mCarrierPrivilegeAuthenticator, nai);
- nai.getAndSetNetworkCapabilities(mixInCapabilities(nai, nc));
- processLinkPropertiesFromAgent(nai, lp);
- nai.linkProperties = lp;
+ nai.getAndSetNetworkCapabilities(mixInCapabilities(nai,
+ nai.getDeclaredCapabilitiesSanitized(mCarrierPrivilegeAuthenticator)));
+ processLinkPropertiesFromAgent(nai, nai.linkProperties);
nai.onNetworkMonitorCreated(networkMonitor);
@@ -7795,38 +7785,6 @@
}
}
- /**
- * Sanitize capabilities coming from a network agent.
- *
- * Agents have restrictions on what capabilities they can send to Connectivity. For example,
- * they can't change the owner UID from what they declared before, and complex restrictions
- * apply to the accessUids field.
- * They also should not mutate immutable capabilities, although for backward-compatibility
- * this is not enforced and limited to just a log.
- *
- * This method returns a sanitized copy of the passed capabilities to make sure they don't
- * contain stuff they should not, and should generally be called by code that accesses
- * {@link NetworkAgentInfo#declaredCapabilitiesUnsanitized}.
- */
- // TODO : move this to NetworkAgentInfo
- private NetworkCapabilities sanitizedCapabilitiesFromAgent(
- final CarrierPrivilegeAuthenticator carrierPrivilegeAuthenticator,
- @NonNull final NetworkAgentInfo nai) {
- final NetworkCapabilities nc = new NetworkCapabilities(nai.declaredCapabilitiesUnsanitized);
- if (nc.hasConnectivityManagedCapability()) {
- Log.wtf(TAG, "BUG: " + nai + " has CS-managed capability.");
- }
- if (nai.networkCapabilities.getOwnerUid() != nc.getOwnerUid()) {
- Log.e(TAG, nai.toShortString() + ": ignoring attempt to change owner from "
- + nai.networkCapabilities.getOwnerUid() + " to " + nc.getOwnerUid());
- nc.setOwnerUid(nai.networkCapabilities.getOwnerUid());
- }
- NetworkAgentInfo.restrictCapabilitiesFromNetworkAgent(nc, nai.creatorUid,
- mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE),
- carrierPrivilegeAuthenticator);
- return nc;
- }
-
/** Modifies |newNc| based on the capabilities of |underlyingNetworks| and |agentCaps|. */
@VisibleForTesting
void applyUnderlyingCapabilities(@Nullable Network[] underlyingNetworks,
@@ -7952,7 +7910,7 @@
if (nai.propagateUnderlyingCapabilities()) {
applyUnderlyingCapabilities(nai.declaredUnderlyingNetworks,
- sanitizedCapabilitiesFromAgent(mCarrierPrivilegeAuthenticator, nai),
+ nai.getDeclaredCapabilitiesSanitized(mCarrierPrivilegeAuthenticator),
newNc);
}
@@ -7994,7 +7952,7 @@
* @param nai the network having its capabilities updated.
* @param nc the new network capabilities.
*/
- private void updateCapabilities(final int oldScore, @NonNull final NetworkAgentInfo nai,
+ private void updateCapabilities(final FullScore oldScore, @NonNull final NetworkAgentInfo nai,
@NonNull final NetworkCapabilities nc) {
NetworkCapabilities newNc = mixInCapabilities(nai, nc);
if (Objects.equals(nai.networkCapabilities, newNc)) return;
@@ -8005,7 +7963,7 @@
updateAllowedUids(nai, prevNc, newNc);
nai.updateScoreForNetworkAgentUpdate();
- if (nai.getCurrentScore() == oldScore && newNc.equalRequestableCapabilities(prevNc)) {
+ if (nai.getScore().equals(oldScore) && newNc.equalRequestableCapabilities(prevNc)) {
// If the requestable capabilities haven't changed, and the score hasn't changed, then
// the change we're processing can't affect any requests, it can only affect the listens
// on this network. We might have been called by rematchNetworkAndRequests when a
@@ -8049,7 +8007,7 @@
/** Convenience method to update the capabilities for a given network. */
private void updateCapabilitiesForNetwork(NetworkAgentInfo nai) {
- updateCapabilities(nai.getCurrentScore(), nai, nai.networkCapabilities);
+ updateCapabilities(nai.getScore(), nai, nai.networkCapabilities);
}
/**
@@ -8359,8 +8317,11 @@
releasePendingNetworkRequestWithDelay(pendingIntent);
}
+ // networkAgent is only allowed to be null if notificationType is
+ // CALLBACK_UNAVAIL. This is because UNAVAIL is about no network being
+ // available, while all other cases are about some particular network.
private void callCallbackForRequest(@NonNull final NetworkRequestInfo nri,
- @NonNull final NetworkAgentInfo networkAgent, final int notificationType,
+ @Nullable final NetworkAgentInfo networkAgent, final int notificationType,
final int arg1) {
if (nri.mMessenger == null) {
// Default request has no msgr. Also prevents callbacks from being invoked for
@@ -8382,14 +8343,13 @@
switch (notificationType) {
case ConnectivityManager.CALLBACK_AVAILABLE: {
final NetworkCapabilities nc =
- networkCapabilitiesRestrictedForCallerPermissions(
- networkAgent.networkCapabilities, nri.mPid, nri.mUid);
- putParcelable(
- bundle,
createWithLocationInfoSanitizedIfNecessaryWhenParceled(
- nc, includeLocationSensitiveInfo, nri.mPid, nri.mUid,
+ networkCapabilitiesRestrictedForCallerPermissions(
+ networkAgent.networkCapabilities, nri.mPid, nri.mUid),
+ includeLocationSensitiveInfo, nri.mPid, nri.mUid,
nrForCallback.getRequestorPackageName(),
- nri.mCallingAttributionTag));
+ nri.mCallingAttributionTag);
+ putParcelable(bundle, nc);
putParcelable(bundle, linkPropertiesRestrictedForCallerPermissions(
networkAgent.linkProperties, nri.mPid, nri.mUid));
// For this notification, arg1 contains the blocked status.
@@ -8843,15 +8803,22 @@
@NonNull final Set<NetworkRequestInfo> networkRequests) {
ensureRunningOnConnectivityServiceThread();
// TODO: This may be slow, and should be optimized.
- final long now = SystemClock.elapsedRealtime();
+ final long start = SystemClock.elapsedRealtime();
final NetworkReassignment changes = computeNetworkReassignment(networkRequests);
+ final long computed = SystemClock.elapsedRealtime();
+ applyNetworkReassignment(changes, start);
+ final long applied = SystemClock.elapsedRealtime();
+ issueNetworkNeeds();
+ final long end = SystemClock.elapsedRealtime();
if (VDBG || DDBG) {
+ log(String.format("Rematched networks [computed %dms] [applied %dms] [issued %d]",
+ computed - start, applied - computed, end - applied));
log(changes.debugString());
} else if (DBG) {
- log(changes.toString()); // Shorter form, only one line of log
+ // Shorter form, only one line of log
+ log(String.format("%s [c %d] [a %d] [i %d]", changes.toString(),
+ computed - start, applied - computed, end - applied));
}
- applyNetworkReassignment(changes, now);
- issueNetworkNeeds();
}
private void applyNetworkReassignment(@NonNull final NetworkReassignment changes,
@@ -9523,9 +9490,7 @@
final UnderlyingNetworkInfo[] underlyingNetworkInfos = getAllVpnInfo();
try {
final ArrayList<NetworkStateSnapshot> snapshots = new ArrayList<>();
- for (final NetworkStateSnapshot snapshot : getAllNetworkStateSnapshots()) {
- snapshots.add(snapshot);
- }
+ snapshots.addAll(getAllNetworkStateSnapshots());
mStatsManager.notifyNetworkStatus(getDefaultNetworks(),
snapshots, activeIface, Arrays.asList(underlyingNetworkInfos));
} catch (Exception ignored) {
@@ -9912,14 +9877,12 @@
private static class NetworkTestedResults {
private final int mNetId;
private final int mTestResult;
- private final long mTimestampMillis;
@Nullable private final String mRedirectUrl;
private NetworkTestedResults(
int netId, int testResult, long timestampMillis, @Nullable String redirectUrl) {
mNetId = netId;
mTestResult = testResult;
- mTimestampMillis = timestampMillis;
mRedirectUrl = redirectUrl;
}
}
@@ -10343,14 +10306,14 @@
}
@Override
- public void onInterfaceLinkStateChanged(String iface, boolean up) {
+ public void onInterfaceLinkStateChanged(@NonNull String iface, boolean up) {
for (NetworkAgentInfo nai : mNetworkAgentInfos) {
nai.clatd.interfaceLinkStateChanged(iface, up);
}
}
@Override
- public void onInterfaceRemoved(String iface) {
+ public void onInterfaceRemoved(@NonNull String iface) {
for (NetworkAgentInfo nai : mNetworkAgentInfos) {
nai.clatd.interfaceRemoved(iface);
}
@@ -10373,10 +10336,10 @@
@GuardedBy("mActiveIdleTimers")
private boolean mNetworkActive;
@GuardedBy("mActiveIdleTimers")
- private final ArrayMap<String, IdleTimerParams> mActiveIdleTimers = new ArrayMap();
+ private final ArrayMap<String, IdleTimerParams> mActiveIdleTimers = new ArrayMap<>();
private final Handler mHandler;
- private class IdleTimerParams {
+ private static class IdleTimerParams {
public final int timeout;
public final int transportType;
@@ -10422,7 +10385,7 @@
try {
mNetworkActivityListeners.getBroadcastItem(i).onNetworkActive();
} catch (RemoteException | RuntimeException e) {
- loge("Fail to send network activie to listener " + e);
+ loge("Fail to send network activity to listener " + e);
}
}
} finally {
@@ -10643,8 +10606,8 @@
@VisibleForTesting
public void registerQosCallbackInternal(@NonNull final QosFilter filter,
@NonNull final IQosCallback callback, @NonNull final NetworkAgentInfo nai) {
- if (filter == null) throw new IllegalArgumentException("filter must be non-null");
- if (callback == null) throw new IllegalArgumentException("callback must be non-null");
+ Objects.requireNonNull(filter, "filter must be non-null");
+ Objects.requireNonNull(callback, "callback must be non-null");
if (!nai.networkCapabilities.hasCapability(NET_CAPABILITY_NOT_RESTRICTED)) {
// TODO: Check allowed list here and ensure that either a) any QoS callback registered
@@ -10722,8 +10685,7 @@
+ "or the device owner must be set. ");
}
- final List<ProfileNetworkPreferenceList.Preference> preferenceList =
- new ArrayList<ProfileNetworkPreferenceList.Preference>();
+ final List<ProfileNetworkPreferenceList.Preference> preferenceList = new ArrayList<>();
boolean hasDefaultPreference = false;
for (final ProfileNetworkPreference preference : preferences) {
final NetworkCapabilities nc;
@@ -10804,7 +10766,7 @@
uidRangeSet = UidRangeUtils.removeRangeSetFromUidRange(profileUids,
disallowUidRangeSet);
} else {
- uidRangeSet = new ArraySet<UidRange>();
+ uidRangeSet = new ArraySet<>();
uidRangeSet.add(profileUids);
}
}
@@ -10813,8 +10775,7 @@
private boolean isEnterpriseIdentifierValid(
@NetworkCapabilities.EnterpriseId int identifier) {
- if ((identifier >= NET_ENTERPRISE_ID_1)
- && (identifier <= NET_ENTERPRISE_ID_5)) {
+ if ((identifier >= NET_ENTERPRISE_ID_1) && (identifier <= NET_ENTERPRISE_ID_5)) {
return true;
}
return false;
@@ -10886,6 +10847,7 @@
removeDefaultNetworkRequestsForPreference(PREFERENCE_ORDER_PROFILE);
addPerAppDefaultNetworkRequests(
createNrisFromProfileNetworkPreferences(mProfileNetworkPreferences));
+
// Finally, rematch.
rematchAllNetworksAndRequests();
diff --git a/service/src/com/android/server/connectivity/DscpPolicyValue.java b/service/src/com/android/server/connectivity/DscpPolicyValue.java
index 4bb41da..fed96b4 100644
--- a/service/src/com/android/server/connectivity/DscpPolicyValue.java
+++ b/service/src/com/android/server/connectivity/DscpPolicyValue.java
@@ -43,10 +43,10 @@
@Field(order = 3, type = Type.UBE16)
public final int srcPort;
- @Field(order = 4, type = Type.UBE16)
+ @Field(order = 4, type = Type.U16)
public final int dstPortStart;
- @Field(order = 5, type = Type.UBE16)
+ @Field(order = 5, type = Type.U16)
public final int dstPortEnd;
@Field(order = 6, type = Type.U8)
@@ -61,8 +61,7 @@
private static final int SRC_IP_MASK = 0x1;
private static final int DST_IP_MASK = 0x02;
private static final int SRC_PORT_MASK = 0x4;
- private static final int DST_PORT_MASK = 0x8;
- private static final int PROTO_MASK = 0x10;
+ private static final int PROTO_MASK = 0x8;
private boolean ipEmpty(final byte[] ip) {
for (int i = 0; i < ip.length; i++) {
@@ -111,9 +110,6 @@
if (srcPort != -1) {
mask |= SRC_PORT_MASK;
}
- if (dstPortStart != -1 && dstPortEnd != -1) {
- mask |= DST_PORT_MASK;
- }
if (proto != -1) {
mask |= PROTO_MASK;
}
@@ -131,7 +127,7 @@
// If they are -1 BpfMap write will throw errors.
this.srcPort = srcPort != -1 ? srcPort : 0;
this.dstPortStart = dstPortStart != -1 ? dstPortStart : 0;
- this.dstPortEnd = dstPortEnd != -1 ? dstPortEnd : 0;
+ this.dstPortEnd = dstPortEnd != -1 ? dstPortEnd : 65535;
this.proto = proto != -1 ? proto : 0;
this.dscp = dscp;
diff --git a/service/src/com/android/server/connectivity/FullScore.java b/service/src/com/android/server/connectivity/FullScore.java
index b156045..c4754eb 100644
--- a/service/src/com/android/server/connectivity/FullScore.java
+++ b/service/src/com/android/server/connectivity/FullScore.java
@@ -49,10 +49,6 @@
public class FullScore {
private static final String TAG = FullScore.class.getSimpleName();
- // This will be removed soon. Do *NOT* depend on it for any new code that is not part of
- // a migration.
- private final int mLegacyInt;
-
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@IntDef(prefix = {"POLICY_"}, value = {
@@ -146,9 +142,7 @@
private final int mKeepConnectedReason;
- FullScore(final int legacyInt, final long policies,
- @KeepConnectedReason final int keepConnectedReason) {
- mLegacyInt = legacyInt;
+ FullScore(final long policies, @KeepConnectedReason final int keepConnectedReason) {
mPolicies = policies;
mKeepConnectedReason = keepConnectedReason;
}
@@ -170,7 +164,7 @@
public static FullScore fromNetworkScore(@NonNull final NetworkScore score,
@NonNull final NetworkCapabilities caps, @NonNull final NetworkAgentConfig config,
final boolean everValidated, final boolean yieldToBadWiFi, final boolean destroyed) {
- return withPolicies(score.getLegacyInt(), score.getPolicies(),
+ return withPolicies(score.getPolicies(),
score.getKeepConnectedReason(),
caps.hasCapability(NET_CAPABILITY_VALIDATED),
caps.hasTransport(TRANSPORT_VPN),
@@ -216,7 +210,7 @@
// A prospective score is invincible if the legacy int in the filter is over the maximum
// score.
final boolean invincible = score.getLegacyInt() > NetworkRanker.LEGACY_INT_MAX;
- return withPolicies(score.getLegacyInt(), score.getPolicies(), KEEP_CONNECTED_NONE,
+ return withPolicies(score.getPolicies(), KEEP_CONNECTED_NONE,
mayValidate, vpn, unmetered, everValidated, everUserSelected, acceptUnvalidated,
yieldToBadWiFi, destroyed, invincible);
}
@@ -236,7 +230,7 @@
final boolean everValidated,
final boolean yieldToBadWifi,
final boolean destroyed) {
- return withPolicies(mLegacyInt, mPolicies, mKeepConnectedReason,
+ return withPolicies(mPolicies, mKeepConnectedReason,
caps.hasCapability(NET_CAPABILITY_VALIDATED),
caps.hasTransport(TRANSPORT_VPN),
caps.hasCapability(NET_CAPABILITY_NOT_METERED),
@@ -251,8 +245,7 @@
// TODO : this shouldn't manage bad wifi avoidance – instead this should be done by the
// telephony factory, so that it depends on the carrier. For now this is handled by
// connectivity for backward compatibility.
- private static FullScore withPolicies(@NonNull final int legacyInt,
- final long externalPolicies,
+ private static FullScore withPolicies(final long externalPolicies,
@KeepConnectedReason final int keepConnectedReason,
final boolean isValidated,
final boolean isVpn,
@@ -263,7 +256,7 @@
final boolean yieldToBadWiFi,
final boolean destroyed,
final boolean invincible) {
- return new FullScore(legacyInt, (externalPolicies & EXTERNAL_POLICIES_MASK)
+ return new FullScore((externalPolicies & EXTERNAL_POLICIES_MASK)
| (isValidated ? 1L << POLICY_IS_VALIDATED : 0)
| (isVpn ? 1L << POLICY_IS_VPN : 0)
| (isUnmetered ? 1L << POLICY_IS_UNMETERED : 0)
@@ -280,8 +273,7 @@
* Returns this score but with the specified yield to bad wifi policy.
*/
public FullScore withYieldToBadWiFi(final boolean newYield) {
- return new FullScore(mLegacyInt,
- newYield ? mPolicies | (1L << POLICY_YIELD_TO_BAD_WIFI)
+ return new FullScore(newYield ? mPolicies | (1L << POLICY_YIELD_TO_BAD_WIFI)
: mPolicies & ~(1L << POLICY_YIELD_TO_BAD_WIFI),
mKeepConnectedReason);
}
@@ -290,49 +282,7 @@
* Returns this score but validated.
*/
public FullScore asValidated() {
- return new FullScore(mLegacyInt, mPolicies | (1L << POLICY_IS_VALIDATED),
- mKeepConnectedReason);
- }
-
- /**
- * For backward compatibility, get the legacy int.
- * This will be removed before S is published.
- */
- public int getLegacyInt() {
- return getLegacyInt(false /* pretendValidated */);
- }
-
- public int getLegacyIntAsValidated() {
- return getLegacyInt(true /* pretendValidated */);
- }
-
- // TODO : remove these two constants
- // Penalty applied to scores of Networks that have not been validated.
- private static final int UNVALIDATED_SCORE_PENALTY = 40;
-
- // Score for a network that can be used unvalidated
- private static final int ACCEPT_UNVALIDATED_NETWORK_SCORE = 100;
-
- private int getLegacyInt(boolean pretendValidated) {
- // If the user has chosen this network at least once, give it the maximum score when
- // checking to pretend it's validated, or if it doesn't need to validate because the
- // user said to use it even if it doesn't validate.
- // This ensures that networks that have been selected in UI are not torn down before the
- // user gets a chance to prefer it when a higher-scoring network (e.g., Ethernet) is
- // available.
- if (hasPolicy(POLICY_EVER_USER_SELECTED)
- && (hasPolicy(POLICY_ACCEPT_UNVALIDATED) || pretendValidated)) {
- return ACCEPT_UNVALIDATED_NETWORK_SCORE;
- }
-
- int score = mLegacyInt;
- // Except for VPNs, networks are subject to a penalty for not being validated.
- // Apply the penalty unless the network is a VPN, or it's validated or pretending to be.
- if (!hasPolicy(POLICY_IS_VALIDATED) && !pretendValidated && !hasPolicy(POLICY_IS_VPN)) {
- score -= UNVALIDATED_SCORE_PENALTY;
- }
- if (score < 0) score = 0;
- return score;
+ return new FullScore(mPolicies | (1L << POLICY_IS_VALIDATED), mKeepConnectedReason);
}
/**
@@ -350,15 +300,32 @@
return mKeepConnectedReason;
}
+ @Override
+ public boolean equals(final Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+
+ final FullScore fullScore = (FullScore) o;
+
+ if (mPolicies != fullScore.mPolicies) return false;
+ return mKeepConnectedReason == fullScore.mKeepConnectedReason;
+ }
+
+ @Override
+ public int hashCode() {
+ return 2 * ((int) mPolicies)
+ + 3 * (int) (mPolicies >>> 32)
+ + 5 * mKeepConnectedReason;
+ }
+
// Example output :
- // Score(50 ; Policies : EVER_USER_SELECTED&IS_VALIDATED)
+ // Score(Policies : EVER_USER_SELECTED&IS_VALIDATED ; KeepConnected : )
@Override
public String toString() {
final StringJoiner sj = new StringJoiner(
"&", // delimiter
- "Score(" + mLegacyInt + " ; KeepConnected : " + mKeepConnectedReason
- + " ; Policies : ", // prefix
- ")"); // suffix
+ "Score(Policies : ", // prefix
+ " ; KeepConnected : " + mKeepConnectedReason + ")"); // suffix
for (int i = NetworkScore.MIN_AGENT_MANAGED_POLICY;
i <= NetworkScore.MAX_AGENT_MANAGED_POLICY; ++i) {
if (hasPolicy(i)) sj.add(policyNameOf(i));
diff --git a/service/src/com/android/server/connectivity/NetworkAgentInfo.java b/service/src/com/android/server/connectivity/NetworkAgentInfo.java
index 04031af..04f378f 100644
--- a/service/src/com/android/server/connectivity/NetworkAgentInfo.java
+++ b/service/src/com/android/server/connectivity/NetworkAgentInfo.java
@@ -26,6 +26,7 @@
import android.annotation.NonNull;
import android.annotation.Nullable;
import android.content.Context;
+import android.content.pm.PackageManager;
import android.net.CaptivePortalData;
import android.net.DscpPolicy;
import android.net.IDnsResolver;
@@ -66,6 +67,7 @@
import com.android.server.ConnectivityService;
import java.io.PrintWriter;
+import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@@ -104,7 +106,7 @@
// for example:
// a. a captive portal is present, or
// b. a WiFi router whose Internet backhaul is down, or
-// c. a wireless connection stops transfering packets temporarily (e.g. device is in elevator
+// c. a wireless connection stops transferring packets temporarily (e.g. device is in elevator
// or tunnel) but does not disconnect from the AP/cell tower, or
// d. a stand-alone device offering a WiFi AP without an uplink for configuration purposes.
// 5. registered, created, connected, validated
@@ -157,7 +159,7 @@
// the network is no longer considered "lingering". After the linger timer expires, if the network
// is satisfying one or more background NetworkRequests it is kept up in the background. If it is
// not, ConnectivityService disconnects the NetworkAgent's AsyncChannel.
-public class NetworkAgentInfo implements Comparable<NetworkAgentInfo>, NetworkRanker.Scoreable {
+public class NetworkAgentInfo implements NetworkRanker.Scoreable {
@NonNull public NetworkInfo networkInfo;
// This Network object should always be used if possible, so as to encourage reuse of the
@@ -184,9 +186,8 @@
//
// As the name implies, these capabilities are not sanitized and are not to
// be trusted. Most callers should simply use the {@link networkCapabilities}
- // field instead, and callers who need the declared capabilities should generally
- // pass these to {@link ConnectivityService#sanitizedCapabilitiesFromAgent} before using them.
- public @Nullable NetworkCapabilities declaredCapabilitiesUnsanitized;
+ // field instead.
+ private @Nullable NetworkCapabilities mDeclaredCapabilitiesUnsanitized;
// Indicates if netd has been told to create this Network. From this point on the appropriate
// routing rules are setup and routes are added so packets can begin flowing over the Network.
@@ -240,6 +241,53 @@
// URL, Terms & Conditions URL, and network friendly name.
public CaptivePortalData networkAgentPortalData;
+ /**
+ * Sets the capabilities sent by the agent for later retrieval.
+ *
+ * This method does not sanitize the capabilities ; instead, use
+ * {@link #getDeclaredCapabilitiesSanitized} to retrieve a sanitized
+ * copy of the capabilities as they were passed here.
+ *
+ * This method makes a defensive copy to avoid issues where the passed object is later mutated.
+ *
+ * @param caps the caps sent by the agent
+ */
+ public void setDeclaredCapabilities(@NonNull final NetworkCapabilities caps) {
+ mDeclaredCapabilitiesUnsanitized = new NetworkCapabilities(caps);
+ }
+
+ /**
+ * Get the latest capabilities sent by the network agent, after sanitizing them.
+ *
+ * These are the capabilities as they were sent by the agent (but sanitized to conform to
+ * their restrictions). They are NOT the capabilities currently applying to this agent ;
+ * for that, use {@link #networkCapabilities}.
+ *
+ * Agents have restrictions on what capabilities they can send to Connectivity. For example,
+ * they can't change the owner UID from what they declared before, and complex restrictions
+ * apply to the allowedUids field.
+ * They also should not mutate immutable capabilities, although for backward-compatibility
+ * this is not enforced and limited to just a log.
+ *
+ * @param carrierPrivilegeAuthenticator the authenticator, to check access UIDs.
+ */
+ public NetworkCapabilities getDeclaredCapabilitiesSanitized(
+ final CarrierPrivilegeAuthenticator carrierPrivilegeAuthenticator) {
+ final NetworkCapabilities nc = new NetworkCapabilities(mDeclaredCapabilitiesUnsanitized);
+ if (nc.hasConnectivityManagedCapability()) {
+ Log.wtf(TAG, "BUG: " + this + " has CS-managed capability.");
+ }
+ if (networkCapabilities.getOwnerUid() != nc.getOwnerUid()) {
+ Log.e(TAG, toShortString() + ": ignoring attempt to change owner from "
+ + networkCapabilities.getOwnerUid() + " to " + nc.getOwnerUid());
+ nc.setOwnerUid(networkCapabilities.getOwnerUid());
+ }
+ restrictCapabilitiesFromNetworkAgent(nc, creatorUid,
+ mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE),
+ carrierPrivilegeAuthenticator);
+ return nc;
+ }
+
// Networks are lingered when they become unneeded as a result of their NetworkRequests being
// satisfied by a higher-scoring network. so as to allow communication to wrap up before the
// network is taken down. This usually only happens to the default network. Lingering ends with
@@ -370,6 +418,8 @@
private final Handler mHandler;
private final QosCallbackTracker mQosCallbackTracker;
+ private final long mCreationTime;
+
public NetworkAgentInfo(INetworkAgent na, Network net, NetworkInfo info,
@NonNull LinkProperties lp, @NonNull NetworkCapabilities nc,
@NonNull NetworkScore score, Context context,
@@ -402,6 +452,7 @@
declaredUnderlyingNetworks = (nc.getUnderlyingNetworks() != null)
? nc.getUnderlyingNetworks().toArray(new Network[0])
: null;
+ mCreationTime = System.currentTimeMillis();
}
private class AgentDeathMonitor implements IBinder.DeathRecipient {
@@ -967,18 +1018,6 @@
return mScore;
}
- // Get the current score for this Network. This may be modified from what the
- // NetworkAgent sent, as it has modifiers applied to it.
- public int getCurrentScore() {
- return mScore.getLegacyInt();
- }
-
- // Get the current score for this Network as if it was validated. This may be modified from
- // what the NetworkAgent sent, as it has modifiers applied to it.
- public int getCurrentScoreAsValidated() {
- return mScore.getLegacyIntAsValidated();
- }
-
/**
* Mix-in the ConnectivityService-managed bits in the score.
*/
@@ -1283,6 +1322,7 @@
return "NetworkAgentInfo{"
+ "network{" + network + "} handle{" + network.getNetworkHandle() + "} ni{"
+ networkInfo.toShortString() + "} "
+ + "created=" + Instant.ofEpochMilli(mCreationTime) + " "
+ mScore + " "
+ (created ? " created" : "")
+ (destroyed ? " destroyed" : "")
@@ -1316,12 +1356,6 @@
+ transportNamesOf(networkCapabilities.getTransportTypes()) + "]";
}
- // Enables sorting in descending order of score.
- @Override
- public int compareTo(NetworkAgentInfo other) {
- return other.getCurrentScore() - getCurrentScore();
- }
-
/**
* Null-guarding version of NetworkAgentInfo#toShortString()
*/
diff --git a/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt b/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt
index be2911b..1f76773 100644
--- a/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt
+++ b/tests/cts/net/src/android/net/cts/DscpPolicyTest.kt
@@ -16,10 +16,8 @@
package android.net.cts
-import android.net.cts.util.CtsNetUtils.TestNetworkCallback
-
-import android.app.Instrumentation
import android.Manifest.permission.MANAGE_TEST_NETWORKS
+import android.app.Instrumentation
import android.content.Context
import android.net.ConnectivityManager
import android.net.DscpPolicy
@@ -27,8 +25,8 @@
import android.net.IpPrefix
import android.net.LinkAddress
import android.net.LinkProperties
-import android.net.Network
import android.net.MacAddress
+import android.net.Network
import android.net.NetworkAgent
import android.net.NetworkAgent.DSCP_POLICY_STATUS_DELETED
import android.net.NetworkAgent.DSCP_POLICY_STATUS_SUCCESS
@@ -43,9 +41,10 @@
import android.net.NetworkCapabilities.NET_CAPABILITY_TRUSTED
import android.net.NetworkCapabilities.TRANSPORT_TEST
import android.net.NetworkRequest
+import android.net.RouteInfo
import android.net.TestNetworkInterface
import android.net.TestNetworkManager
-import android.net.RouteInfo
+import android.net.cts.util.CtsNetUtils.TestNetworkCallback
import android.os.HandlerThread
import android.os.SystemClock
import android.platform.test.annotations.AppModeFull
@@ -61,6 +60,7 @@
import android.util.Range
import androidx.test.InstrumentationRegistry
import androidx.test.runner.AndroidJUnit4
+import com.android.net.module.util.IpUtils
import com.android.net.module.util.NetworkStackConstants.ETHER_TYPE_IPV4
import com.android.net.module.util.NetworkStackConstants.ETHER_TYPE_IPV6
import com.android.net.module.util.Struct
@@ -69,33 +69,31 @@
import com.android.testutils.CompatUtil
import com.android.testutils.ConnectivityModuleTest
import com.android.testutils.DevSdkIgnoreRule
-import com.android.testutils.assertParcelingIsLossless
import com.android.testutils.RouterAdvertisementResponder
-import com.android.testutils.runAsShell
import com.android.testutils.SC_V2
import com.android.testutils.TapPacketReader
import com.android.testutils.TestableNetworkAgent
-import com.android.testutils.TestableNetworkAgent.CallbackEntry.OnNetworkCreated
import com.android.testutils.TestableNetworkAgent.CallbackEntry.OnDscpPolicyStatusUpdated
+import com.android.testutils.TestableNetworkAgent.CallbackEntry.OnNetworkCreated
import com.android.testutils.TestableNetworkCallback
-import com.android.net.module.util.IpUtils
+import com.android.testutils.assertParcelingIsLossless
+import com.android.testutils.runAsShell
+import java.net.Inet4Address
+import java.net.Inet6Address
+import java.net.InetSocketAddress
+import java.nio.ByteBuffer
+import java.nio.ByteOrder
+import java.util.regex.Pattern
+import kotlin.test.assertEquals
+import kotlin.test.assertNotNull
+import kotlin.test.assertTrue
+import kotlin.test.fail
import org.junit.After
import org.junit.Assume.assumeTrue
import org.junit.Before
import org.junit.Rule
import org.junit.Test
import org.junit.runner.RunWith
-import java.net.Inet4Address
-import java.net.Inet6Address
-import java.net.InetSocketAddress
-import java.nio.ByteBuffer
-import java.nio.ByteOrder
-import java.util.Arrays
-import java.util.regex.Pattern
-import kotlin.test.assertEquals
-import kotlin.test.assertNotNull
-import kotlin.test.assertTrue
-import kotlin.test.fail
private const val MAX_PACKET_LENGTH = 1500
@@ -222,31 +220,32 @@
private fun waitForGlobalIpv6Address(network: Network): Inet6Address {
// Wait for global IPv6 address to be available
- val sock = Os.socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)
- network.bindSocket(sock)
-
var inet6Addr: Inet6Address? = null
- val timeout = SystemClock.elapsedRealtime() + PACKET_TIMEOUT_MS
val onLinkPrefix = raResponder.prefix
- while (timeout > SystemClock.elapsedRealtime()) {
+ val startTime = SystemClock.elapsedRealtime()
+ while (SystemClock.elapsedRealtime() - startTime < PACKET_TIMEOUT_MS) {
+ SystemClock.sleep(1 /* ms */)
+ val sock = Os.socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP)
try {
- // Pick any arbitrary port
- Os.connect(sock, TEST_TARGET_IPV6_ADDR, 12345)
+ network.bindSocket(sock)
+
+ try {
+ // Pick any arbitrary port
+ Os.connect(sock, TEST_TARGET_IPV6_ADDR, 12345)
+ } catch (e: ErrnoException) {
+ // there may not be an address available yet.
+ if (e.errno == ENETUNREACH) continue
+ throw e
+ }
val sockAddr = Os.getsockname(sock) as InetSocketAddress
if (onLinkPrefix.contains(sockAddr.address)) {
inet6Addr = sockAddr.address as Inet6Address
break
}
- } catch (e: ErrnoException) {
- // ignore ENETUNREACH -- there may not be an address available yet.
- if (e.errno != ENETUNREACH) {
- Os.close(sock)
- throw e
- }
+ } finally {
+ Os.close(sock)
}
- SystemClock.sleep(10 /* ms */)
}
- Os.close(sock)
assertNotNull(inet6Addr)
return inet6Addr!!
}
diff --git a/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt b/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
index 650450f..ce8584f 100644
--- a/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
+++ b/tests/cts/net/src/android/net/cts/EthernetManagerTest.kt
@@ -80,6 +80,7 @@
import org.junit.Test
import org.junit.runner.RunWith
import java.net.Inet6Address
+import java.util.Random
import java.util.concurrent.CompletableFuture
import java.util.concurrent.ExecutionException
import java.util.concurrent.TimeUnit
@@ -155,8 +156,9 @@
val mtu = tapInterface.mtu
packetReader = TapPacketReader(handler, tapInterface.fileDescriptor.fileDescriptor, mtu)
raResponder = RouterAdvertisementResponder(packetReader)
- raResponder.addRouterEntry(MacAddress.fromString("01:23:45:67:89:ab"),
- InetAddresses.parseNumericAddress("fe80::abcd") as Inet6Address)
+ val iidString = "fe80::${Integer.toHexString(Random().nextInt(65536))}"
+ val linklocal = InetAddresses.parseNumericAddress(iidString) as Inet6Address
+ raResponder.addRouterEntry(MacAddress.fromString("01:23:45:67:89:ab"), linklocal)
packetReader.startAsyncForTest()
raResponder.start()
diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
index 1a624e3..06f7300 100644
--- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
@@ -241,6 +241,7 @@
import android.net.ConnectivityThread;
import android.net.DataStallReportParcelable;
import android.net.EthernetManager;
+import android.net.EthernetNetworkSpecifier;
import android.net.IConnectivityDiagnosticsCallback;
import android.net.IDnsResolver;
import android.net.INetd;
@@ -8531,8 +8532,7 @@
// Enable always-on VPN lockdown. The main user loses network access because no VPN is up.
final ArrayList<String> allowList = new ArrayList<>();
- mVpnManagerService.setAlwaysOnVpnPackage(PRIMARY_USER, ALWAYS_ON_PACKAGE,
- true /* lockdown */, allowList);
+ mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList);
waitForIdle();
assertNull(mCm.getActiveNetworkForUid(uid));
// This is arguably overspecified: a UID that is not running doesn't have an active network.
@@ -8564,8 +8564,7 @@
assertNull(mCm.getActiveNetworkForUid(uid));
assertNotNull(mCm.getActiveNetworkForUid(restrictedUid));
- mVpnManagerService.setAlwaysOnVpnPackage(PRIMARY_USER, null, false /* lockdown */,
- allowList);
+ mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList);
waitForIdle();
}
@@ -9023,10 +9022,8 @@
new Handler(ConnectivityThread.getInstanceLooper()));
final int uid = Process.myUid();
- final int userId = UserHandle.getUserId(uid);
final ArrayList<String> allowList = new ArrayList<>();
- mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */,
- allowList);
+ mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList);
waitForIdle();
final Set<Integer> excludedUids = new ArraySet<Integer>();
@@ -9056,7 +9053,7 @@
assertNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);
// Disable lockdown, expect to see the network unblocked.
- mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList);
+ mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList);
callback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);
defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);
vpnUidCallback.assertNoCallback();
@@ -9071,8 +9068,7 @@
// Add our UID to the allowlist and re-enable lockdown, expect network is not blocked.
allowList.add(TEST_PACKAGE_NAME);
- mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */,
- allowList);
+ mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList);
callback.assertNoCallback();
defaultCallback.assertNoCallback();
vpnUidCallback.assertNoCallback();
@@ -9110,12 +9106,11 @@
// Disable lockdown, remove our UID from the allowlist, and re-enable lockdown.
// Everything should now be blocked.
- mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList);
+ mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList);
waitForIdle();
expectNetworkRejectNonSecureVpn(inOrder, false, uidRangeParcelsAlsoExcludingUs);
allowList.clear();
- mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */,
- allowList);
+ mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList);
waitForIdle();
expectNetworkRejectNonSecureVpn(inOrder, true, uidRangeParcels);
defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent);
@@ -9130,7 +9125,7 @@
assertNetworkInfo(TYPE_WIFI, DetailedState.BLOCKED);
// Disable lockdown. Everything is unblocked.
- mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList);
+ mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList);
defaultCallback.expectBlockedStatusCallback(false, mWiFiNetworkAgent);
assertBlockedCallbackInAnyOrder(callback, false, mWiFiNetworkAgent, mCellNetworkAgent);
vpnUidCallback.assertNoCallback();
@@ -9144,8 +9139,7 @@
// Enable and disable an always-on VPN package without lockdown. Expect no changes.
reset(mMockNetd);
- mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, false /* lockdown */,
- allowList);
+ mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, false /* lockdown */, allowList);
inOrder.verify(mMockNetd, never()).networkRejectNonSecureVpn(anyBoolean(), any());
callback.assertNoCallback();
defaultCallback.assertNoCallback();
@@ -9158,7 +9152,7 @@
assertNetworkInfo(TYPE_MOBILE, DetailedState.DISCONNECTED);
assertNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
- mVpnManagerService.setAlwaysOnVpnPackage(userId, null, false /* lockdown */, allowList);
+ mMockVpn.setAlwaysOnPackage(null, false /* lockdown */, allowList);
inOrder.verify(mMockNetd, never()).networkRejectNonSecureVpn(anyBoolean(), any());
callback.assertNoCallback();
defaultCallback.assertNoCallback();
@@ -9172,8 +9166,7 @@
assertNetworkInfo(TYPE_WIFI, DetailedState.CONNECTED);
// Enable lockdown and connect a VPN. The VPN is not blocked.
- mVpnManagerService.setAlwaysOnVpnPackage(userId, ALWAYS_ON_PACKAGE, true /* lockdown */,
- allowList);
+ mMockVpn.setAlwaysOnPackage(ALWAYS_ON_PACKAGE, true /* lockdown */, allowList);
defaultCallback.expectBlockedStatusCallback(true, mWiFiNetworkAgent);
assertBlockedCallbackInAnyOrder(callback, true, mWiFiNetworkAgent, mCellNetworkAgent);
vpnUidCallback.assertNoCallback();
@@ -15707,6 +15700,45 @@
mCm.unregisterNetworkCallback(cb);
}
+ @Test
+ public void testSanitizedCapabilitiesFromAgentDoesNotMutateArgument()
+ throws Exception {
+ // This NetworkCapabilities builds an usual object to maximize the chance that this requires
+ // sanitization, so we have a high chance to detect any changes to the original.
+ final NetworkCapabilities unsanitized = new NetworkCapabilities.Builder()
+ .withoutDefaultCapabilities()
+ .addTransportType(TRANSPORT_WIFI)
+ .addCapability(NET_CAPABILITY_INTERNET)
+ .setOwnerUid(12345)
+ .setAdministratorUids(new int[] {12345, 23456, 34567})
+ .setLinkUpstreamBandwidthKbps(20)
+ .setLinkDownstreamBandwidthKbps(10)
+ .setNetworkSpecifier(new EthernetNetworkSpecifier("foobar"))
+ .setTransportInfo(new WifiInfo.Builder().setBssid("AA:AA:AA:AA:AA:AA").build())
+ .setSignalStrength(-75)
+ .setSsid("SSID1")
+ .setRequestorUid(98765)
+ .setRequestorPackageName("TestPackage")
+ .setSubscriptionIds(Collections.singleton(Process.myUid()))
+ .setUids(UidRange.toIntRanges(uidRangesForUids(
+ UserHandle.getUid(PRIMARY_USER, 10100),
+ UserHandle.getUid(SECONDARY_USER, 10101),
+ UserHandle.getUid(TERTIARY_USER, 10043))))
+ .setAllowedUids(Set.of(45678, 56789, 65432))
+ .setUnderlyingNetworks(List.of(new Network(99999)))
+ .build();
+ final NetworkCapabilities copyOfUnsanitized = new NetworkCapabilities(unsanitized);
+ final NetworkInfo info = new NetworkInfo(TYPE_MOBILE, TelephonyManager.NETWORK_TYPE_LTE,
+ ConnectivityManager.getNetworkTypeName(TYPE_MOBILE),
+ TelephonyManager.getNetworkTypeName(TelephonyManager.NETWORK_TYPE_LTE));
+ final NetworkAgentInfo agent = fakeNai(unsanitized, info);
+ agent.setDeclaredCapabilities(unsanitized);
+ final NetworkCapabilities sanitized = agent.getDeclaredCapabilitiesSanitized(
+ null /* carrierPrivilegeAuthenticator */);
+ assertEquals(copyOfUnsanitized, unsanitized);
+ assertNotEquals(sanitized, unsanitized);
+ }
+
/**
* Validate request counts are counted accurately on setProfileNetworkPreference on set/replace.
*/
diff --git a/tests/unit/java/com/android/server/connectivity/FullScoreTest.kt b/tests/unit/java/com/android/server/connectivity/FullScoreTest.kt
index c03a9cd..a194131 100644
--- a/tests/unit/java/com/android/server/connectivity/FullScoreTest.kt
+++ b/tests/unit/java/com/android/server/connectivity/FullScoreTest.kt
@@ -18,6 +18,8 @@
import android.net.NetworkAgentConfig
import android.net.NetworkCapabilities
+import android.net.NetworkScore
+import android.net.NetworkScore.KEEP_CONNECTED_FOR_HANDOVER
import android.net.NetworkScore.KEEP_CONNECTED_NONE
import android.os.Build
import android.text.TextUtils
@@ -25,6 +27,7 @@
import android.util.Log
import androidx.test.filters.SmallTest
import com.android.server.connectivity.FullScore.MAX_CS_MANAGED_POLICY
+import com.android.server.connectivity.FullScore.MIN_CS_MANAGED_POLICY
import com.android.server.connectivity.FullScore.POLICY_ACCEPT_UNVALIDATED
import com.android.server.connectivity.FullScore.POLICY_EVER_USER_SELECTED
import com.android.server.connectivity.FullScore.POLICY_IS_DESTROYED
@@ -40,6 +43,7 @@
import kotlin.reflect.full.staticProperties
import kotlin.test.assertEquals
import kotlin.test.assertFalse
+import kotlin.test.assertNotEquals
import kotlin.test.assertTrue
@RunWith(DevSdkIgnoreRunner::class)
@@ -83,33 +87,10 @@
}
@Test
- fun testGetLegacyInt() {
- val ns = FullScore(50, 0L /* policy */, KEEP_CONNECTED_NONE)
- assertEquals(10, ns.legacyInt) // -40 penalty for not being validated
- assertEquals(50, ns.legacyIntAsValidated)
-
- val vpnNs = FullScore(101, 0L /* policy */, KEEP_CONNECTED_NONE).withPolicies(vpn = true)
- assertEquals(101, vpnNs.legacyInt) // VPNs are not subject to unvalidation penalty
- assertEquals(101, vpnNs.legacyIntAsValidated)
- assertEquals(101, vpnNs.withPolicies(validated = true).legacyInt)
- assertEquals(101, vpnNs.withPolicies(validated = true).legacyIntAsValidated)
-
- val validatedNs = ns.withPolicies(validated = true)
- assertEquals(50, validatedNs.legacyInt) // No penalty, this is validated
- assertEquals(50, validatedNs.legacyIntAsValidated)
-
- val chosenNs = ns.withPolicies(onceChosen = true)
- assertEquals(10, chosenNs.legacyInt)
- assertEquals(100, chosenNs.legacyIntAsValidated)
- assertEquals(10, chosenNs.withPolicies(acceptUnvalidated = true).legacyInt)
- assertEquals(50, chosenNs.withPolicies(acceptUnvalidated = true).legacyIntAsValidated)
- }
-
- @Test
fun testToString() {
- val string = FullScore(10, 0L /* policy */, KEEP_CONNECTED_NONE)
+ val string = FullScore(0L /* policy */, KEEP_CONNECTED_NONE)
.withPolicies(vpn = true, acceptUnvalidated = true).toString()
- assertTrue(string.contains("Score(10"), string)
+ assertTrue(string.contains("Score("), string)
assertTrue(string.contains("ACCEPT_UNVALIDATED"), string)
assertTrue(string.contains("IS_VPN"), string)
assertFalse(string.contains("IS_VALIDATED"), string)
@@ -131,7 +112,7 @@
@Test
fun testHasPolicy() {
- val ns = FullScore(50, 0L /* policy */, KEEP_CONNECTED_NONE)
+ val ns = FullScore(0L /* policy */, KEEP_CONNECTED_NONE)
assertFalse(ns.hasPolicy(POLICY_IS_VALIDATED))
assertFalse(ns.hasPolicy(POLICY_IS_VPN))
assertFalse(ns.hasPolicy(POLICY_EVER_USER_SELECTED))
@@ -148,12 +129,23 @@
val policies = getAllPolicies()
policies.forEach { policy ->
- assertTrue(policy.get() as Int >= FullScore.MIN_CS_MANAGED_POLICY)
- assertTrue(policy.get() as Int <= FullScore.MAX_CS_MANAGED_POLICY)
+ assertTrue(policy.get() as Int >= MIN_CS_MANAGED_POLICY)
+ assertTrue(policy.get() as Int <= MAX_CS_MANAGED_POLICY)
}
- assertEquals(FullScore.MIN_CS_MANAGED_POLICY,
- policies.minOfOrNull { it.get() as Int })
- assertEquals(FullScore.MAX_CS_MANAGED_POLICY,
- policies.maxOfOrNull { it.get() as Int })
+ assertEquals(MIN_CS_MANAGED_POLICY, policies.minOfOrNull { it.get() as Int })
+ assertEquals(MAX_CS_MANAGED_POLICY, policies.maxOfOrNull { it.get() as Int })
+ }
+
+ @Test
+ fun testEquals() {
+ val ns1 = FullScore(0L /* policy */, KEEP_CONNECTED_NONE)
+ val ns2 = FullScore(0L /* policy */, KEEP_CONNECTED_NONE)
+ val ns3 = FullScore(0L /* policy */, KEEP_CONNECTED_FOR_HANDOVER)
+ val ns4 = NetworkScore.Builder().setLegacyInt(50).build()
+ assertEquals(ns1, ns1)
+ assertEquals(ns2, ns1)
+ assertNotEquals(ns1.withPolicies(validated = true), ns1)
+ assertNotEquals(ns3, ns1)
+ assertFalse(ns1.equals(ns4))
}
}
diff --git a/tests/unit/java/com/android/server/connectivity/IpConnectivityMetricsTest.java b/tests/unit/java/com/android/server/connectivity/IpConnectivityMetricsTest.java
index 063ccd3..ad8613f 100644
--- a/tests/unit/java/com/android/server/connectivity/IpConnectivityMetricsTest.java
+++ b/tests/unit/java/com/android/server/connectivity/IpConnectivityMetricsTest.java
@@ -138,18 +138,16 @@
private void logDefaultNetworkEvent(long timeMs, NetworkAgentInfo nai,
NetworkAgentInfo oldNai) {
final Network network = (nai != null) ? nai.network() : null;
- final int score = (nai != null) ? nai.getCurrentScore() : 0;
final boolean validated = (nai != null) ? nai.lastValidated : false;
final LinkProperties lp = (nai != null) ? nai.linkProperties : null;
final NetworkCapabilities nc = (nai != null) ? nai.networkCapabilities : null;
final Network prevNetwork = (oldNai != null) ? oldNai.network() : null;
- final int prevScore = (oldNai != null) ? oldNai.getCurrentScore() : 0;
final LinkProperties prevLp = (oldNai != null) ? oldNai.linkProperties : null;
final NetworkCapabilities prevNc = (oldNai != null) ? oldNai.networkCapabilities : null;
- mService.mDefaultNetworkMetrics.logDefaultNetworkEvent(timeMs, network, score, validated,
- lp, nc, prevNetwork, prevScore, prevLp, prevNc);
+ mService.mDefaultNetworkMetrics.logDefaultNetworkEvent(timeMs, network, 0 /* legacyScore */,
+ validated, lp, nc, prevNetwork, 0 /* prevLegacyScore */, prevLp, prevNc);
}
@Test
public void testDefaultNetworkEvents() throws Exception {
@@ -158,15 +156,15 @@
NetworkAgentInfo[][] defaultNetworks = {
// nothing -> cell
- {null, makeNai(100, 10, false, true, cell)},
+ {null, makeNai(100, false, true, cell)},
// cell -> wifi
- {makeNai(100, 50, true, true, cell), makeNai(101, 20, true, false, wifi)},
+ {makeNai(100, true, true, cell), makeNai(101, true, false, wifi)},
// wifi -> nothing
- {makeNai(101, 60, true, false, wifi), null},
+ {makeNai(101, true, false, wifi), null},
// nothing -> cell
- {null, makeNai(102, 10, true, true, cell)},
+ {null, makeNai(102, true, true, cell)},
// cell -> wifi
- {makeNai(102, 50, true, true, cell), makeNai(103, 20, true, false, wifi)},
+ {makeNai(102, true, true, cell), makeNai(103, true, false, wifi)},
};
long timeMs = mService.mDefaultNetworkMetrics.creationTimeMs;
@@ -204,8 +202,8 @@
" transports: 1",
" default_network_event <",
" default_network_duration_ms: 2002",
- " final_score: 50",
- " initial_score: 10",
+ " final_score: 0",
+ " initial_score: 0",
" ip_support: 3",
" no_default_network_duration_ms: 0",
" previous_default_network_link_layer: 0",
@@ -221,8 +219,8 @@
" transports: 2",
" default_network_event <",
" default_network_duration_ms: 4004",
- " final_score: 60",
- " initial_score: 20",
+ " final_score: 0",
+ " initial_score: 0",
" ip_support: 1",
" no_default_network_duration_ms: 0",
" previous_default_network_link_layer: 2",
@@ -255,8 +253,8 @@
" transports: 1",
" default_network_event <",
" default_network_duration_ms: 16016",
- " final_score: 50",
- " initial_score: 10",
+ " final_score: 0",
+ " initial_score: 0",
" ip_support: 3",
" no_default_network_duration_ms: 0",
" previous_default_network_link_layer: 4",
@@ -348,8 +346,8 @@
long timeMs = mService.mDefaultNetworkMetrics.creationTimeMs;
final long cell = BitUtils.packBits(new int[]{NetworkCapabilities.TRANSPORT_CELLULAR});
final long wifi = BitUtils.packBits(new int[]{NetworkCapabilities.TRANSPORT_WIFI});
- NetworkAgentInfo cellNai = makeNai(100, 50, false, true, cell);
- NetworkAgentInfo wifiNai = makeNai(101, 60, true, false, wifi);
+ final NetworkAgentInfo cellNai = makeNai(100, false, true, cell);
+ final NetworkAgentInfo wifiNai = makeNai(101, true, false, wifi);
logDefaultNetworkEvent(timeMs + 200L, cellNai, null);
logDefaultNetworkEvent(timeMs + 300L, wifiNai, cellNai);
@@ -463,8 +461,8 @@
" transports: 1",
" default_network_event <",
" default_network_duration_ms: 100",
- " final_score: 50",
- " initial_score: 50",
+ " final_score: 0",
+ " initial_score: 0",
" ip_support: 2",
" no_default_network_duration_ms: 0",
" previous_default_network_link_layer: 0",
@@ -611,10 +609,9 @@
mNetdListener.onWakeupEvent(prefix, uid, ether, ip, mac, srcIp, dstIp, sport, dport, now);
}
- NetworkAgentInfo makeNai(int netId, int score, boolean ipv4, boolean ipv6, long transports) {
+ NetworkAgentInfo makeNai(int netId, boolean ipv4, boolean ipv6, long transports) {
NetworkAgentInfo nai = mock(NetworkAgentInfo.class);
when(nai.network()).thenReturn(new Network(netId));
- when(nai.getCurrentScore()).thenReturn(score);
nai.linkProperties = new LinkProperties();
nai.networkCapabilities = new NetworkCapabilities();
nai.lastValidated = true;
diff --git a/tests/unit/java/com/android/server/connectivity/NetworkOfferTest.kt b/tests/unit/java/com/android/server/connectivity/NetworkOfferTest.kt
index d03c567..f9a0927 100644
--- a/tests/unit/java/com/android/server/connectivity/NetworkOfferTest.kt
+++ b/tests/unit/java/com/android/server/connectivity/NetworkOfferTest.kt
@@ -42,7 +42,7 @@
@Test
fun testOfferNeededUnneeded() {
- val score = FullScore(50, POLICY_NONE, KEEP_CONNECTED_NONE)
+ val score = FullScore(POLICY_NONE, KEEP_CONNECTED_NONE)
val offer = NetworkOffer(score, NetworkCapabilities.Builder().build(), mockCallback,
1 /* providerId */)
val request1 = mock(NetworkRequest::class.java)
diff --git a/tests/unit/java/com/android/server/connectivity/NetworkRankerTest.kt b/tests/unit/java/com/android/server/connectivity/NetworkRankerTest.kt
index 4408958..6f9f430 100644
--- a/tests/unit/java/com/android/server/connectivity/NetworkRankerTest.kt
+++ b/tests/unit/java/com/android/server/connectivity/NetworkRankerTest.kt
@@ -33,7 +33,7 @@
import org.junit.runner.RunWith
import kotlin.test.assertEquals
-private fun score(vararg policies: Int) = FullScore(0,
+private fun score(vararg policies: Int) = FullScore(
policies.fold(0L) { acc, e -> acc or (1L shl e) }, KEEP_CONNECTED_NONE)
private fun caps(transport: Int) = NetworkCapabilities.Builder().addTransportType(transport).build()