Merge "Change ethernet enabled state from int to using boolean" into main
diff --git a/Tethering/common/TetheringLib/Android.bp b/Tethering/common/TetheringLib/Android.bp
index 2f3307a..e2498e4 100644
--- a/Tethering/common/TetheringLib/Android.bp
+++ b/Tethering/common/TetheringLib/Android.bp
@@ -33,6 +33,10 @@
// Using for test only
"//cts/tests/netlegacy22.api",
+
+ // TODO: b/374174952 Remove it when VCN CTS is moved to Connectivity/
+ "//cts/tests/tests/vcn",
+
"//external/sl4a:__subpackages__",
"//frameworks/base/core/tests/bandwidthtests",
"//frameworks/base/core/tests/benchmarks",
diff --git a/Tethering/common/TetheringLib/api/module-lib-current.txt b/Tethering/common/TetheringLib/api/module-lib-current.txt
index 460c216..e893894 100644
--- a/Tethering/common/TetheringLib/api/module-lib-current.txt
+++ b/Tethering/common/TetheringLib/api/module-lib-current.txt
@@ -46,5 +46,10 @@
method @Deprecated @NonNull public java.util.List<java.lang.String> getTetherableWifiRegexs();
}
+ public static final class TetheringManager.TetheringRequest implements android.os.Parcelable {
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") @Nullable public String getPackageName();
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") public int getUid();
+ }
+
}
diff --git a/Tethering/common/TetheringLib/api/system-current.txt b/Tethering/common/TetheringLib/api/system-current.txt
index 3efaac2..0e85956 100644
--- a/Tethering/common/TetheringLib/api/system-current.txt
+++ b/Tethering/common/TetheringLib/api/system-current.txt
@@ -21,8 +21,10 @@
public final class TetheringInterface implements android.os.Parcelable {
ctor public TetheringInterface(int, @NonNull String);
+ ctor @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") public TetheringInterface(int, @NonNull String, @Nullable android.net.wifi.SoftApConfiguration);
method public int describeContents();
method @NonNull public String getInterface();
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") @Nullable @RequiresPermission(value=android.Manifest.permission.NETWORK_SETTINGS, conditional=true) public android.net.wifi.SoftApConfiguration getSoftApConfiguration();
method public int getType();
method public void writeToParcel(@NonNull android.os.Parcel, int);
field @NonNull public static final android.os.Parcelable.Creator<android.net.TetheringInterface> CREATOR;
@@ -97,16 +99,16 @@
}
public static final class TetheringManager.TetheringRequest implements android.os.Parcelable {
- method @FlaggedApi("com.android.net.flags.tethering_request_with_soft_ap_config") public int describeContents();
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") public int describeContents();
method @Nullable public android.net.LinkAddress getClientStaticIpv4Address();
method public int getConnectivityScope();
method @Nullable public android.net.LinkAddress getLocalIpv4Address();
method public boolean getShouldShowEntitlementUi();
- method @FlaggedApi("com.android.net.flags.tethering_request_with_soft_ap_config") @Nullable public android.net.wifi.SoftApConfiguration getSoftApConfiguration();
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") @Nullable public android.net.wifi.SoftApConfiguration getSoftApConfiguration();
method public int getTetheringType();
method public boolean isExemptFromEntitlementCheck();
- method @FlaggedApi("com.android.net.flags.tethering_request_with_soft_ap_config") public void writeToParcel(@NonNull android.os.Parcel, int);
- field @FlaggedApi("com.android.net.flags.tethering_request_with_soft_ap_config") @NonNull public static final android.os.Parcelable.Creator<android.net.TetheringManager.TetheringRequest> CREATOR;
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") public void writeToParcel(@NonNull android.os.Parcel, int);
+ field @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") @NonNull public static final android.os.Parcelable.Creator<android.net.TetheringManager.TetheringRequest> CREATOR;
}
public static class TetheringManager.TetheringRequest.Builder {
@@ -115,7 +117,7 @@
method @NonNull @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public android.net.TetheringManager.TetheringRequest.Builder setConnectivityScope(int);
method @NonNull @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public android.net.TetheringManager.TetheringRequest.Builder setExemptFromEntitlementCheck(boolean);
method @NonNull @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public android.net.TetheringManager.TetheringRequest.Builder setShouldShowEntitlementUi(boolean);
- method @FlaggedApi("com.android.net.flags.tethering_request_with_soft_ap_config") @NonNull @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public android.net.TetheringManager.TetheringRequest.Builder setSoftApConfiguration(@Nullable android.net.wifi.SoftApConfiguration);
+ method @FlaggedApi("com.android.net.flags.tethering_with_soft_ap_config") @NonNull @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public android.net.TetheringManager.TetheringRequest.Builder setSoftApConfiguration(@Nullable android.net.wifi.SoftApConfiguration);
method @NonNull @RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED) public android.net.TetheringManager.TetheringRequest.Builder setStaticIpv4Addresses(@NonNull android.net.LinkAddress, @NonNull android.net.LinkAddress);
}
diff --git a/Tethering/common/TetheringLib/src/android/net/TetheringInterface.java b/Tethering/common/TetheringLib/src/android/net/TetheringInterface.java
index 84cdef1..0464fe0 100644
--- a/Tethering/common/TetheringLib/src/android/net/TetheringInterface.java
+++ b/Tethering/common/TetheringLib/src/android/net/TetheringInterface.java
@@ -16,13 +16,19 @@
package android.net;
+import android.annotation.FlaggedApi;
import android.annotation.NonNull;
import android.annotation.Nullable;
+import android.annotation.RequiresPermission;
+import android.annotation.SuppressLint;
import android.annotation.SystemApi;
import android.net.TetheringManager.TetheringType;
+import android.net.wifi.SoftApConfiguration;
import android.os.Parcel;
import android.os.Parcelable;
+import com.android.net.flags.Flags;
+
import java.util.Objects;
/**
@@ -33,15 +39,21 @@
public final class TetheringInterface implements Parcelable {
private final int mType;
private final String mInterface;
+ @Nullable
+ private final SoftApConfiguration mSoftApConfig;
+ @SuppressLint("UnflaggedApi")
public TetheringInterface(@TetheringType int type, @NonNull String iface) {
+ this(type, iface, null);
+ }
+
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
+ public TetheringInterface(@TetheringType int type, @NonNull String iface,
+ @Nullable SoftApConfiguration softApConfig) {
Objects.requireNonNull(iface);
mType = type;
mInterface = iface;
- }
-
- private TetheringInterface(@NonNull Parcel in) {
- this(in.readInt(), in.readString());
+ mSoftApConfig = softApConfig;
}
/** Get tethering type. */
@@ -55,22 +67,36 @@
return mInterface;
}
+ /**
+ * Get the SoftApConfiguration provided for this interface, if any. This will only be populated
+ * for apps with the same uid that specified the configuration, or apps with permission
+ * {@link android.Manifest.permission.NETWORK_SETTINGS}.
+ */
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
+ @RequiresPermission(value = android.Manifest.permission.NETWORK_SETTINGS, conditional = true)
+ @Nullable
+ public SoftApConfiguration getSoftApConfiguration() {
+ return mSoftApConfig;
+ }
+
@Override
public void writeToParcel(@NonNull Parcel dest, int flags) {
dest.writeInt(mType);
dest.writeString(mInterface);
+ dest.writeParcelable(mSoftApConfig, flags);
}
@Override
public int hashCode() {
- return Objects.hash(mType, mInterface);
+ return Objects.hash(mType, mInterface, mSoftApConfig);
}
@Override
public boolean equals(@Nullable Object obj) {
if (!(obj instanceof TetheringInterface)) return false;
final TetheringInterface other = (TetheringInterface) obj;
- return mType == other.mType && mInterface.equals(other.mInterface);
+ return mType == other.mType && mInterface.equals(other.mInterface)
+ && Objects.equals(mSoftApConfig, other.mSoftApConfig);
}
@Override
@@ -82,8 +108,10 @@
public static final Creator<TetheringInterface> CREATOR = new Creator<TetheringInterface>() {
@NonNull
@Override
+ @SuppressLint("UnflaggedApi")
public TetheringInterface createFromParcel(@NonNull Parcel in) {
- return new TetheringInterface(in);
+ return new TetheringInterface(in.readInt(), in.readString(),
+ in.readParcelable(SoftApConfiguration.class.getClassLoader()));
}
@NonNull
@@ -97,6 +125,8 @@
@Override
public String toString() {
return "TetheringInterface {mType=" + mType
- + ", mInterface=" + mInterface + "}";
+ + ", mInterface=" + mInterface
+ + ((mSoftApConfig == null) ? "" : ", mSoftApConfig=" + mSoftApConfig)
+ + "}";
}
}
diff --git a/Tethering/common/TetheringLib/src/android/net/TetheringManager.java b/Tethering/common/TetheringLib/src/android/net/TetheringManager.java
index 411971d..bc771da 100644
--- a/Tethering/common/TetheringLib/src/android/net/TetheringManager.java
+++ b/Tethering/common/TetheringLib/src/android/net/TetheringManager.java
@@ -33,6 +33,7 @@
import android.os.IBinder;
import android.os.Parcel;
import android.os.Parcelable;
+import android.os.Process;
import android.os.RemoteException;
import android.os.ResultReceiver;
import android.util.ArrayMap;
@@ -53,6 +54,7 @@
import java.util.List;
import java.util.Objects;
import java.util.Set;
+import java.util.StringJoiner;
import java.util.concurrent.Executor;
import java.util.function.Supplier;
@@ -207,6 +209,20 @@
*/
public static final int MAX_TETHERING_TYPE = TETHERING_VIRTUAL;
+ private static String typeToString(@TetheringType int type) {
+ switch (type) {
+ case TETHERING_INVALID: return "TETHERING_INVALID";
+ case TETHERING_WIFI: return "TETHERING_WIFI";
+ case TETHERING_USB: return "TETHERING_USB";
+ case TETHERING_BLUETOOTH: return "TETHERING_BLUETOOTH";
+ case TETHERING_WIFI_P2P: return "TETHERING_WIFI_P2P";
+ case TETHERING_NCM: return "TETHERING_NCM";
+ case TETHERING_ETHERNET: return "TETHERING_ETHERNET";
+ default:
+ return "TETHERING_UNKNOWN(" + type + ")";
+ }
+ }
+
/** @hide */
@Retention(RetentionPolicy.SOURCE)
@IntDef(value = {
@@ -688,6 +704,17 @@
})
public @interface ConnectivityScope {}
+ private static String connectivityScopeToString(@ConnectivityScope int scope) {
+ switch (scope) {
+ case CONNECTIVITY_SCOPE_GLOBAL:
+ return "CONNECTIVITY_SCOPE_GLOBAL";
+ case CONNECTIVITY_SCOPE_LOCAL:
+ return "CONNECTIVITY_SCOPE_LOCAL";
+ default:
+ return "CONNECTIVITY_SCOPE_UNKNOWN(" + scope + ")";
+ }
+ }
+
/**
* Use with {@link #startTethering} to specify additional parameters when starting tethering.
*/
@@ -698,7 +725,7 @@
/**
* @hide
*/
- @FlaggedApi(Flags.FLAG_TETHERING_REQUEST_WITH_SOFT_AP_CONFIG)
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
public TetheringRequest(@NonNull final TetheringRequestParcel request) {
mRequestParcel = request;
}
@@ -707,7 +734,7 @@
mRequestParcel = in.readParcelable(TetheringRequestParcel.class.getClassLoader());
}
- @FlaggedApi(Flags.FLAG_TETHERING_REQUEST_WITH_SOFT_AP_CONFIG)
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
@NonNull
public static final Creator<TetheringRequest> CREATOR = new Creator<>() {
@Override
@@ -721,13 +748,13 @@
}
};
- @FlaggedApi(Flags.FLAG_TETHERING_REQUEST_WITH_SOFT_AP_CONFIG)
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
@Override
public int describeContents() {
return 0;
}
- @FlaggedApi(Flags.FLAG_TETHERING_REQUEST_WITH_SOFT_AP_CONFIG)
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
@Override
public void writeToParcel(@NonNull Parcel dest, int flags) {
dest.writeParcelable(mRequestParcel, flags);
@@ -746,6 +773,7 @@
mBuilderParcel.exemptFromEntitlementCheck = false;
mBuilderParcel.showProvisioningUi = true;
mBuilderParcel.connectivityScope = getDefaultConnectivityScope(type);
+ mBuilderParcel.uid = Process.INVALID_UID;
mBuilderParcel.softApConfig = null;
}
@@ -818,7 +846,7 @@
* @param softApConfig SoftApConfiguration to use.
* @throws IllegalArgumentException if the tethering type isn't TETHERING_WIFI.
*/
- @FlaggedApi(Flags.FLAG_TETHERING_REQUEST_WITH_SOFT_AP_CONFIG)
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
@RequiresPermission(android.Manifest.permission.TETHER_PRIVILEGED)
@NonNull
public Builder setSoftApConfiguration(@Nullable SoftApConfiguration softApConfig) {
@@ -913,13 +941,54 @@
/**
* Get the desired SoftApConfiguration of the request, if one was specified.
*/
- @FlaggedApi(Flags.FLAG_TETHERING_REQUEST_WITH_SOFT_AP_CONFIG)
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
@Nullable
public SoftApConfiguration getSoftApConfiguration() {
return mRequestParcel.softApConfig;
}
/**
+ * Sets the UID of the app that sent this request. This should always be overridden when
+ * receiving TetheringRequest from an external source.
+ * @hide
+ */
+ public void setUid(int uid) {
+ mRequestParcel.uid = uid;
+ }
+
+ /**
+ * Sets the package name of the app that sent this request. This should always be overridden
+ * when receiving a TetheringRequest from an external source.
+ * @hide
+ */
+ public void setPackageName(String packageName) {
+ mRequestParcel.packageName = packageName;
+ }
+
+ /**
+ * Gets the UID of the app that sent this request. This defaults to
+ * {@link Process#INVALID_UID} if unset.
+ * @hide
+ */
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
+ @SystemApi(client = MODULE_LIBRARIES)
+ public int getUid() {
+ return mRequestParcel.uid;
+ }
+
+ /**
+ * Gets the package name of the app that sent this request. This defaults to {@code null} if
+ * unset.
+ * @hide
+ */
+ @FlaggedApi(Flags.FLAG_TETHERING_WITH_SOFT_AP_CONFIG)
+ @SystemApi(client = MODULE_LIBRARIES)
+ @Nullable
+ public String getPackageName() {
+ return mRequestParcel.packageName;
+ }
+
+ /**
* Get a TetheringRequestParcel from the configuration
* @hide
*/
@@ -929,13 +998,31 @@
/** String of TetheringRequest detail. */
public String toString() {
- return "TetheringRequest [ type= " + mRequestParcel.tetheringType
- + ", localIPv4Address= " + mRequestParcel.localIPv4Address
- + ", staticClientAddress= " + mRequestParcel.staticClientAddress
- + ", exemptFromEntitlementCheck= " + mRequestParcel.exemptFromEntitlementCheck
- + ", showProvisioningUi= " + mRequestParcel.showProvisioningUi
- + ", softApConfig= " + mRequestParcel.softApConfig
- + " ]";
+ StringJoiner sj = new StringJoiner(", ", "TetheringRequest[ ", " ]");
+ sj.add(typeToString(mRequestParcel.tetheringType));
+ if (mRequestParcel.localIPv4Address != null) {
+ sj.add("localIpv4Address=" + mRequestParcel.localIPv4Address);
+ }
+ if (mRequestParcel.staticClientAddress != null) {
+ sj.add("staticClientAddress=" + mRequestParcel.staticClientAddress);
+ }
+ if (mRequestParcel.exemptFromEntitlementCheck) {
+ sj.add("exemptFromEntitlementCheck");
+ }
+ if (mRequestParcel.showProvisioningUi) {
+ sj.add("showProvisioningUi");
+ }
+ sj.add(connectivityScopeToString(mRequestParcel.connectivityScope));
+ if (mRequestParcel.softApConfig != null) {
+ sj.add("softApConfig=" + mRequestParcel.softApConfig);
+ }
+ if (mRequestParcel.uid != Process.INVALID_UID) {
+ sj.add("uid=" + mRequestParcel.uid);
+ }
+ if (mRequestParcel.packageName != null) {
+ sj.add("packageName=" + mRequestParcel.packageName);
+ }
+ return sj.toString();
}
@Override
@@ -950,7 +1037,9 @@
&& parcel.exemptFromEntitlementCheck == otherParcel.exemptFromEntitlementCheck
&& parcel.showProvisioningUi == otherParcel.showProvisioningUi
&& parcel.connectivityScope == otherParcel.connectivityScope
- && Objects.equals(parcel.softApConfig, otherParcel.softApConfig);
+ && Objects.equals(parcel.softApConfig, otherParcel.softApConfig)
+ && parcel.uid == otherParcel.uid
+ && Objects.equals(parcel.packageName, otherParcel.packageName);
}
@Override
@@ -958,7 +1047,8 @@
TetheringRequestParcel parcel = getParcel();
return Objects.hash(parcel.tetheringType, parcel.localIPv4Address,
parcel.staticClientAddress, parcel.exemptFromEntitlementCheck,
- parcel.showProvisioningUi, parcel.connectivityScope, parcel.softApConfig);
+ parcel.showProvisioningUi, parcel.connectivityScope, parcel.softApConfig,
+ parcel.uid, parcel.packageName);
}
}
diff --git a/Tethering/common/TetheringLib/src/android/net/TetheringRequestParcel.aidl b/Tethering/common/TetheringLib/src/android/net/TetheringRequestParcel.aidl
index ea7a353..789d5bb 100644
--- a/Tethering/common/TetheringLib/src/android/net/TetheringRequestParcel.aidl
+++ b/Tethering/common/TetheringLib/src/android/net/TetheringRequestParcel.aidl
@@ -31,4 +31,6 @@
boolean showProvisioningUi;
int connectivityScope;
SoftApConfiguration softApConfig;
+ int uid;
+ String packageName;
}
diff --git a/Tethering/src/android/net/ip/IpServer.java b/Tethering/src/android/net/ip/IpServer.java
index a0604f2..ebc9e4e 100644
--- a/Tethering/src/android/net/ip/IpServer.java
+++ b/Tethering/src/android/net/ip/IpServer.java
@@ -69,8 +69,8 @@
import com.android.internal.util.MessageUtils;
import com.android.internal.util.State;
import com.android.modules.utils.build.SdkLevel;
-import com.android.net.module.util.InterfaceParams;
import com.android.net.module.util.IIpv4PrefixRequest;
+import com.android.net.module.util.InterfaceParams;
import com.android.net.module.util.NetdUtils;
import com.android.net.module.util.RoutingCoordinatorManager;
import com.android.net.module.util.SharedLog;
@@ -168,10 +168,10 @@
/**
* Request Tethering change.
*
- * @param tetheringType the downstream type of this IpServer.
+ * @param request the TetheringRequest this IpServer was enabled with.
* @param enabled enable or disable tethering.
*/
- public void requestEnableTethering(int tetheringType, boolean enabled) { }
+ public void requestEnableTethering(TetheringRequest request, boolean enabled) { }
}
/** Capture IpServer dependencies, for injection. */
@@ -293,6 +293,9 @@
private LinkAddress mIpv4Address;
+ @Nullable
+ private TetheringRequest mTetheringRequest;
+
private final TetheringMetrics mTetheringMetrics;
private final Handler mHandler;
@@ -406,6 +409,12 @@
return mIpv4PrefixRequest;
}
+ /** The TetheringRequest the IpServer started with. */
+ @Nullable
+ public TetheringRequest getTetheringRequest() {
+ return mTetheringRequest;
+ }
+
/**
* Get the latest list of DHCP leases that was reported. Must be called on the IpServer looper
* thread.
@@ -1033,6 +1042,7 @@
switch (message.what) {
case CMD_TETHER_REQUESTED:
mLastError = TETHER_ERROR_NO_ERROR;
+ mTetheringRequest = (TetheringRequest) message.obj;
switch (message.arg1) {
case STATE_LOCAL_ONLY:
maybeConfigureStaticIp((TetheringRequest) message.obj);
@@ -1168,8 +1178,8 @@
handleNewPrefixRequest((IpPrefix) message.obj);
break;
case CMD_NOTIFY_PREFIX_CONFLICT:
- mLog.i("restart tethering: " + mInterfaceType);
- mCallback.requestEnableTethering(mInterfaceType, false /* enabled */);
+ mLog.i("restart tethering: " + mIfaceName);
+ mCallback.requestEnableTethering(mTetheringRequest, false /* enabled */);
transitionTo(mWaitingForRestartState);
break;
case CMD_SERVICE_FAILED_TO_START:
@@ -1453,12 +1463,12 @@
case CMD_TETHER_UNREQUESTED:
transitionTo(mInitialState);
mLog.i("Untethered (unrequested) and restarting " + mIfaceName);
- mCallback.requestEnableTethering(mInterfaceType, true /* enabled */);
+ mCallback.requestEnableTethering(mTetheringRequest, true /* enabled */);
break;
case CMD_INTERFACE_DOWN:
transitionTo(mUnavailableState);
mLog.i("Untethered (interface down) and restarting " + mIfaceName);
- mCallback.requestEnableTethering(mInterfaceType, true /* enabled */);
+ mCallback.requestEnableTethering(mTetheringRequest, true /* enabled */);
break;
default:
return false;
diff --git a/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java b/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java
index cd57c8d..fb16226 100644
--- a/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java
+++ b/Tethering/src/com/android/networkstack/tethering/EntitlementManager.java
@@ -167,6 +167,11 @@
} else {
mLog.e("Current user (" + currentUserId
+ ") is not allowed to perform entitlement check.");
+ // If the user is not allowed to perform an entitlement check
+ // (e.g., a non-admin user), notify the receiver immediately.
+ // This is necessary because the entitlement check app cannot
+ // be launched to conduct the check and deliver the results.
+ receiver.send(TETHER_ERROR_PROVISIONING_FAILED, null);
return null;
}
} else {
diff --git a/Tethering/src/com/android/networkstack/tethering/Tethering.java b/Tethering/src/com/android/networkstack/tethering/Tethering.java
index df255f3..f33ef37 100644
--- a/Tethering/src/com/android/networkstack/tethering/Tethering.java
+++ b/Tethering/src/com/android/networkstack/tethering/Tethering.java
@@ -109,6 +109,7 @@
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
+import android.os.Process;
import android.os.RemoteCallbackList;
import android.os.RemoteException;
import android.os.ResultReceiver;
@@ -216,10 +217,12 @@
* Cookie added when registering {@link android.net.TetheringManager.TetheringEventCallback}.
*/
private static class CallbackCookie {
- public final boolean hasListClientsPermission;
+ public final int uid;
+ public final boolean hasSystemPrivilege;
- private CallbackCookie(boolean hasListClientsPermission) {
- this.hasListClientsPermission = hasListClientsPermission;
+ private CallbackCookie(int uid, boolean hasSystemPrivilege) {
+ this.uid = uid;
+ this.hasSystemPrivilege = hasSystemPrivilege;
}
}
@@ -263,7 +266,6 @@
private boolean mRndisEnabled; // track the RNDIS function enabled state
private boolean mNcmEnabled; // track the NCM function enabled state
private Network mTetherUpstream;
- private TetherStatesParcel mTetherStatesParcel;
private boolean mDataSaverEnabled = false;
private String mWifiP2pTetherInterface = null;
private int mOffloadStatus = TETHER_HARDWARE_OFFLOAD_STOPPED;
@@ -1091,21 +1093,55 @@
}
// TODO: Figure out how to update for local hotspot mode interfaces.
- private void sendTetherStateChangedBroadcast() {
+ private void notifyTetherStatesChanged() {
if (!isTetheringSupported()) return;
+ sendTetherStatesChangedCallback();
+ sendTetherStatesChangedBroadcast();
+
+ int downstreamTypesMask = DOWNSTREAM_NONE;
+ for (int i = 0; i < mTetherStates.size(); i++) {
+ final TetherState tetherState = mTetherStates.valueAt(i);
+ final int type = tetherState.ipServer.interfaceType();
+ if (tetherState.lastState != IpServer.STATE_TETHERED) continue;
+ switch (type) {
+ case TETHERING_USB:
+ case TETHERING_WIFI:
+ case TETHERING_BLUETOOTH:
+ downstreamTypesMask |= (1 << type);
+ break;
+ default:
+ // Do nothing.
+ break;
+ }
+ }
+ mNotificationUpdater.onDownstreamChanged(downstreamTypesMask);
+ }
+
+ /**
+ * Builds a TetherStatesParcel for the specified CallbackCookie. SoftApConfiguration will only
+ * be included if the cookie has the same uid as the app that specified the configuration, or
+ * if the cookie has system privilege.
+ *
+ * @param cookie CallbackCookie of the receiving app.
+ * @return TetherStatesParcel with information redacted for the specified cookie.
+ */
+ private TetherStatesParcel buildTetherStatesParcel(CallbackCookie cookie) {
final ArrayList<TetheringInterface> available = new ArrayList<>();
final ArrayList<TetheringInterface> tethered = new ArrayList<>();
final ArrayList<TetheringInterface> localOnly = new ArrayList<>();
final ArrayList<TetheringInterface> errored = new ArrayList<>();
final ArrayList<Integer> lastErrors = new ArrayList<>();
- int downstreamTypesMask = DOWNSTREAM_NONE;
for (int i = 0; i < mTetherStates.size(); i++) {
final TetherState tetherState = mTetherStates.valueAt(i);
final int type = tetherState.ipServer.interfaceType();
final String iface = mTetherStates.keyAt(i);
- final TetheringInterface tetheringIface = new TetheringInterface(type, iface);
+ final TetheringRequest request = tetherState.ipServer.getTetheringRequest();
+ final boolean includeSoftApConfig = request != null && cookie != null
+ && (cookie.uid == request.getUid() || cookie.hasSystemPrivilege);
+ final TetheringInterface tetheringIface = new TetheringInterface(type, iface,
+ includeSoftApConfig ? request.getSoftApConfiguration() : null);
if (tetherState.lastError != TETHER_ERROR_NO_ERROR) {
errored.add(tetheringIface);
lastErrors.add(tetherState.lastError);
@@ -1118,41 +1154,16 @@
case TETHERING_USB:
case TETHERING_WIFI:
case TETHERING_BLUETOOTH:
- downstreamTypesMask |= (1 << type);
break;
default:
// Do nothing.
+ break;
}
tethered.add(tetheringIface);
}
}
- mTetherStatesParcel = buildTetherStatesParcel(available, localOnly, tethered, errored,
- lastErrors);
- reportTetherStateChanged(mTetherStatesParcel);
-
- mContext.sendStickyBroadcastAsUser(buildStateChangeIntent(available, localOnly, tethered,
- errored), UserHandle.ALL);
- if (DBG) {
- Log.d(TAG, String.format(
- "reportTetherStateChanged %s=[%s] %s=[%s] %s=[%s] %s=[%s]",
- "avail", TextUtils.join(",", available),
- "local_only", TextUtils.join(",", localOnly),
- "tether", TextUtils.join(",", tethered),
- "error", TextUtils.join(",", errored)));
- }
-
- mNotificationUpdater.onDownstreamChanged(downstreamTypesMask);
- }
-
- private TetherStatesParcel buildTetherStatesParcel(
- final ArrayList<TetheringInterface> available,
- final ArrayList<TetheringInterface> localOnly,
- final ArrayList<TetheringInterface> tethered,
- final ArrayList<TetheringInterface> errored,
- final ArrayList<Integer> lastErrors) {
final TetherStatesParcel parcel = new TetherStatesParcel();
-
parcel.availableList = available.toArray(new TetheringInterface[0]);
parcel.tetheredList = tethered.toArray(new TetheringInterface[0]);
parcel.localOnlyList = localOnly.toArray(new TetheringInterface[0]);
@@ -1161,23 +1172,23 @@
for (int i = 0; i < lastErrors.size(); i++) {
parcel.lastErrorList[i] = lastErrors.get(i);
}
-
return parcel;
}
- private Intent buildStateChangeIntent(final ArrayList<TetheringInterface> available,
- final ArrayList<TetheringInterface> localOnly,
- final ArrayList<TetheringInterface> tethered,
- final ArrayList<TetheringInterface> errored) {
+ private void sendTetherStatesChangedBroadcast() {
final Intent bcast = new Intent(ACTION_TETHER_STATE_CHANGED);
bcast.addFlags(Intent.FLAG_RECEIVER_REPLACE_PENDING);
- bcast.putStringArrayListExtra(EXTRA_AVAILABLE_TETHER, toIfaces(available));
- bcast.putStringArrayListExtra(EXTRA_ACTIVE_LOCAL_ONLY, toIfaces(localOnly));
- bcast.putStringArrayListExtra(EXTRA_ACTIVE_TETHER, toIfaces(tethered));
- bcast.putStringArrayListExtra(EXTRA_ERRORED_TETHER, toIfaces(errored));
-
- return bcast;
+ TetherStatesParcel parcel = buildTetherStatesParcel(null /* cookie */);
+ bcast.putStringArrayListExtra(
+ EXTRA_AVAILABLE_TETHER, toIfaces(Arrays.asList(parcel.availableList)));
+ bcast.putStringArrayListExtra(
+ EXTRA_ACTIVE_LOCAL_ONLY, toIfaces(Arrays.asList(parcel.localOnlyList)));
+ bcast.putStringArrayListExtra(
+ EXTRA_ACTIVE_TETHER, toIfaces(Arrays.asList(parcel.tetheredList)));
+ bcast.putStringArrayListExtra(
+ EXTRA_ERRORED_TETHER, toIfaces(Arrays.asList(parcel.erroredIfaceList)));
+ mContext.sendStickyBroadcastAsUser(bcast, UserHandle.ALL);
}
private class StateReceiver extends BroadcastReceiver {
@@ -2192,9 +2203,9 @@
break;
}
case EVENT_REQUEST_CHANGE_DOWNSTREAM: {
- final int tetheringType = message.arg1;
- final Boolean enabled = (Boolean) message.obj;
- enableTetheringInternal(tetheringType, enabled, null);
+ final boolean enabled = message.arg1 == 1;
+ final TetheringRequest request = (TetheringRequest) message.obj;
+ enableTetheringInternal(request.getTetheringType(), enabled, null);
break;
}
default:
@@ -2391,19 +2402,19 @@
/** Register tethering event callback */
void registerTetheringEventCallback(ITetheringEventCallback callback) {
- final boolean hasListPermission =
- hasCallingPermission(NETWORK_SETTINGS)
- || hasCallingPermission(PERMISSION_MAINLINE_NETWORK_STACK)
- || hasCallingPermission(NETWORK_STACK);
+ final int uid = mDeps.getBinderCallingUid();
+ final boolean hasSystemPrivilege = hasCallingPermission(NETWORK_SETTINGS)
+ || hasCallingPermission(PERMISSION_MAINLINE_NETWORK_STACK)
+ || hasCallingPermission(NETWORK_STACK);
mHandler.post(() -> {
- mTetheringEventCallbacks.register(callback, new CallbackCookie(hasListPermission));
+ CallbackCookie cookie = new CallbackCookie(uid, hasSystemPrivilege);
+ mTetheringEventCallbacks.register(callback, cookie);
final TetheringCallbackStartedParcel parcel = new TetheringCallbackStartedParcel();
parcel.supportedTypes = mSupportedTypeBitmap;
parcel.upstreamNetwork = mTetherUpstream;
parcel.config = mConfig.toStableParcelable();
- parcel.states =
- mTetherStatesParcel != null ? mTetherStatesParcel : emptyTetherStatesParcel();
- parcel.tetheredClients = hasListPermission
+ parcel.states = buildTetherStatesParcel(cookie);
+ parcel.tetheredClients = hasSystemPrivilege
? mConnectedClientsTracker.getLastTetheredClients()
: Collections.emptyList();
parcel.offloadStatus = mOffloadStatus;
@@ -2415,17 +2426,6 @@
});
}
- private TetherStatesParcel emptyTetherStatesParcel() {
- final TetherStatesParcel parcel = new TetherStatesParcel();
- parcel.availableList = new TetheringInterface[0];
- parcel.tetheredList = new TetheringInterface[0];
- parcel.localOnlyList = new TetheringInterface[0];
- parcel.erroredIfaceList = new TetheringInterface[0];
- parcel.lastErrorList = new int[0];
-
- return parcel;
- }
-
private boolean hasCallingPermission(@NonNull String permission) {
return mContext.checkCallingOrSelfPermission(permission) == PERMISSION_GRANTED;
}
@@ -2484,12 +2484,14 @@
}
}
- private void reportTetherStateChanged(TetherStatesParcel states) {
+ private void sendTetherStatesChangedCallback() {
final int length = mTetheringEventCallbacks.beginBroadcast();
try {
for (int i = 0; i < length; i++) {
try {
- mTetheringEventCallbacks.getBroadcastItem(i).onTetherStatesChanged(states);
+ TetherStatesParcel parcel = buildTetherStatesParcel(
+ (CallbackCookie) mTetheringEventCallbacks.getBroadcastCookie(i));
+ mTetheringEventCallbacks.getBroadcastItem(i).onTetherStatesChanged(parcel);
} catch (RemoteException e) {
// Not really very much to do here.
}
@@ -2497,6 +2499,18 @@
} finally {
mTetheringEventCallbacks.finishBroadcast();
}
+
+ if (DBG) {
+ // Use a CallbackCookie with system privilege so nothing is redacted.
+ TetherStatesParcel parcel = buildTetherStatesParcel(
+ new CallbackCookie(Process.SYSTEM_UID, true /* hasSystemPrivilege */));
+ Log.d(TAG, String.format(
+ "sendTetherStatesChangedCallback %s=[%s] %s=[%s] %s=[%s] %s=[%s]",
+ "avail", TextUtils.join(",", Arrays.asList(parcel.availableList)),
+ "local_only", TextUtils.join(",", Arrays.asList(parcel.localOnlyList)),
+ "tether", TextUtils.join(",", Arrays.asList(parcel.tetheredList)),
+ "error", TextUtils.join(",", Arrays.asList(parcel.erroredIfaceList))));
+ }
}
private void reportTetherClientsChanged(List<TetheredClient> clients) {
@@ -2506,7 +2520,7 @@
try {
final CallbackCookie cookie =
(CallbackCookie) mTetheringEventCallbacks.getBroadcastCookie(i);
- if (!cookie.hasListClientsPermission) continue;
+ if (!cookie.hasSystemPrivilege) continue;
mTetheringEventCallbacks.getBroadcastItem(i).onTetherClientsChanged(clients);
} catch (RemoteException e) {
// Not really very much to do here.
@@ -2741,7 +2755,7 @@
return;
}
mTetherMainSM.sendMessage(which, state, 0, who);
- sendTetherStateChangedBroadcast();
+ notifyTetherStatesChanged();
}
@Override
@@ -2769,9 +2783,9 @@
}
@Override
- public void requestEnableTethering(int tetheringType, boolean enabled) {
+ public void requestEnableTethering(TetheringRequest request, boolean enabled) {
mTetherMainSM.sendMessage(TetherMainSM.EVENT_REQUEST_CHANGE_DOWNSTREAM,
- tetheringType, 0, enabled ? Boolean.TRUE : Boolean.FALSE);
+ enabled ? 1 : 0, 0, request);
}
}
diff --git a/Tethering/src/com/android/networkstack/tethering/TetheringDependencies.java b/Tethering/src/com/android/networkstack/tethering/TetheringDependencies.java
index a4823ca..d89bf4d 100644
--- a/Tethering/src/com/android/networkstack/tethering/TetheringDependencies.java
+++ b/Tethering/src/com/android/networkstack/tethering/TetheringDependencies.java
@@ -25,6 +25,7 @@
import android.net.INetd;
import android.net.connectivity.ConnectivityInternalApiUtil;
import android.net.ip.IpServer;
+import android.os.Binder;
import android.os.Build;
import android.os.Handler;
import android.os.IBinder;
@@ -36,7 +37,6 @@
import androidx.annotation.RequiresApi;
import com.android.modules.utils.build.SdkLevel;
-import com.android.net.module.util.PrivateAddressCoordinator;
import com.android.net.module.util.RoutingCoordinatorManager;
import com.android.net.module.util.RoutingCoordinatorService;
import com.android.net.module.util.SharedLog;
@@ -201,4 +201,11 @@
public WearableConnectionManager makeWearableConnectionManager(Context ctx) {
return new WearableConnectionManager(ctx);
}
+
+ /**
+ * Wrapper to get the binder calling uid for unit testing.
+ */
+ public int getBinderCallingUid() {
+ return Binder.getCallingUid();
+ }
}
diff --git a/Tethering/src/com/android/networkstack/tethering/TetheringNotificationUpdater.java b/Tethering/src/com/android/networkstack/tethering/TetheringNotificationUpdater.java
index a0198cc..a29f0c2 100644
--- a/Tethering/src/com/android/networkstack/tethering/TetheringNotificationUpdater.java
+++ b/Tethering/src/com/android/networkstack/tethering/TetheringNotificationUpdater.java
@@ -85,7 +85,6 @@
static final int ROAMING_NOTIFICATION_ID = 1003;
@VisibleForTesting
static final int NO_ICON_ID = 0;
- @VisibleForTesting
static final int DOWNSTREAM_NONE = 0;
// Refer to TelephonyManager#getSimCarrierId for more details about carrier id.
@VisibleForTesting
diff --git a/Tethering/src/com/android/networkstack/tethering/TetheringService.java b/Tethering/src/com/android/networkstack/tethering/TetheringService.java
index 454cbf1..3cb5f99 100644
--- a/Tethering/src/com/android/networkstack/tethering/TetheringService.java
+++ b/Tethering/src/com/android/networkstack/tethering/TetheringService.java
@@ -28,6 +28,7 @@
import static android.net.TetheringManager.TETHER_ERROR_UNSUPPORTED;
import static android.net.dhcp.IDhcpServer.STATUS_UNKNOWN_ERROR;
+import android.app.AppOpsManager;
import android.app.Service;
import android.bluetooth.BluetoothAdapter;
import android.bluetooth.BluetoothManager;
@@ -138,8 +139,10 @@
listener)) {
return;
}
- // TODO(b/216524590): Add UID/packageName of caller to TetheringRequest here
- mTethering.startTethering(new TetheringRequest(request), callerPkg, listener);
+ TetheringRequest external = new TetheringRequest(request);
+ external.setUid(getBinderCallingUid());
+ external.setPackageName(callerPkg);
+ mTethering.startTethering(external, callerPkg, listener);
}
@Override
@@ -238,6 +241,12 @@
final String callingAttributionTag, final boolean onlyAllowPrivileged,
final IIntResultListener listener) {
try {
+ if (!checkPackageNameMatchesUid(getBinderCallingUid(), callerPkg)) {
+ Log.e(TAG, "Package name " + callerPkg + " does not match UID "
+ + getBinderCallingUid());
+ listener.onResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
+ return true;
+ }
if (!hasTetherChangePermission(callerPkg, callingAttributionTag,
onlyAllowPrivileged)) {
listener.onResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
@@ -256,6 +265,12 @@
private boolean checkAndNotifyCommonError(final String callerPkg,
final String callingAttributionTag, final ResultReceiver receiver) {
+ if (!checkPackageNameMatchesUid(getBinderCallingUid(), callerPkg)) {
+ Log.e(TAG, "Package name " + callerPkg + " does not match UID "
+ + getBinderCallingUid());
+ receiver.send(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION, null);
+ return true;
+ }
if (!hasTetherChangePermission(callerPkg, callingAttributionTag,
false /* onlyAllowPrivileged */)) {
receiver.send(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION, null);
@@ -290,9 +305,9 @@
if (mTethering.isTetherProvisioningRequired()) return false;
- int uid = Binder.getCallingUid();
+ int uid = getBinderCallingUid();
- // If callerPkg's uid is not same as Binder.getCallingUid(),
+ // If callerPkg's uid is not same as getBinderCallingUid(),
// checkAndNoteWriteSettingsOperation will return false and the operation will be
// denied.
return mService.checkAndNoteWriteSettingsOperation(mService, uid, callerPkg,
@@ -305,6 +320,14 @@
return mService.checkCallingOrSelfPermission(
ACCESS_NETWORK_STATE) == PERMISSION_GRANTED;
}
+
+ private int getBinderCallingUid() {
+ return mService.getBinderCallingUid();
+ }
+
+ private boolean checkPackageNameMatchesUid(final int uid, final String callerPkg) {
+ return mService.checkPackageNameMatchesUid(mService, uid, callerPkg);
+ }
}
/**
@@ -322,6 +345,32 @@
}
/**
+ * Check if the package name matches the uid.
+ */
+ @VisibleForTesting
+ boolean checkPackageNameMatchesUid(@NonNull Context context, int uid,
+ @NonNull String callingPackage) {
+ try {
+ final AppOpsManager mAppOps = context.getSystemService(AppOpsManager.class);
+ if (mAppOps == null) {
+ return false;
+ }
+ mAppOps.checkPackage(uid, callingPackage);
+ } catch (SecurityException e) {
+ return false;
+ }
+ return true;
+ }
+
+ /**
+ * Wrapper for the Binder calling UID, used for mocks.
+ */
+ @VisibleForTesting
+ int getBinderCallingUid() {
+ return Binder.getCallingUid();
+ }
+
+ /**
* An injection method for testing.
*/
@VisibleForTesting
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/EntitlementManagerTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/EntitlementManagerTest.java
index 8626b18..51c2d56 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/EntitlementManagerTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/EntitlementManagerTest.java
@@ -84,6 +84,7 @@
import com.android.internal.util.test.BroadcastInterceptingContext;
import com.android.modules.utils.build.SdkLevel;
+import com.android.net.module.util.ArrayTrackRecord;
import com.android.net.module.util.SharedLog;
import com.android.testutils.DevSdkIgnoreRule;
@@ -187,8 +188,9 @@
if (intent != null) {
assertUiTetherProvisioningIntent(type, config, receiver, intent);
uiProvisionCount++;
+ // If the intent is null, the result is sent by the underlying method.
+ receiver.send(fakeEntitlementResult, null);
}
- receiver.send(fakeEntitlementResult, null);
return intent;
}
@@ -348,99 +350,43 @@
public void testRequestLastEntitlementCacheValue() throws Exception {
// 1. Entitlement check is not required.
mDeps.fakeEntitlementResult = TETHER_ERROR_NO_ERROR;
- ResultReceiver receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_NO_ERROR, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, true);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_NO_ERROR, true);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
setupForRequiredProvisioning();
// 2. No cache value and don't need to run entitlement check.
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_ENTITLEMENT_UNKNOWN, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, false);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_ENTITLEMENT_UNKNOWN, false);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
// 3. No cache value and ui entitlement check is needed.
mDeps.fakeEntitlementResult = TETHER_ERROR_PROVISIONING_FAILED;
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_PROVISIONING_FAILED, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, true);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_PROVISIONING_FAILED, true);
assertEquals(1, mDeps.uiProvisionCount);
mDeps.reset();
// 4. Cache value is TETHER_ERROR_PROVISIONING_FAILED and don't need to run entitlement
// check.
mDeps.fakeEntitlementResult = TETHER_ERROR_NO_ERROR;
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_PROVISIONING_FAILED, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, false);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_PROVISIONING_FAILED, false);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
// 5. Cache value is TETHER_ERROR_PROVISIONING_FAILED and ui entitlement check is needed.
mDeps.fakeEntitlementResult = TETHER_ERROR_NO_ERROR;
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_NO_ERROR, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, true);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_NO_ERROR, true);
assertEquals(1, mDeps.uiProvisionCount);
mDeps.reset();
// 6. Cache value is TETHER_ERROR_NO_ERROR.
mDeps.fakeEntitlementResult = TETHER_ERROR_NO_ERROR;
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_NO_ERROR, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, true);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_NO_ERROR, true);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
// 7. Test get value for other downstream type.
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_ENTITLEMENT_UNKNOWN, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_USB, receiver, false);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_USB, TETHER_ERROR_ENTITLEMENT_UNKNOWN, false);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
// 8. Test get value for invalid downstream type.
mDeps.fakeEntitlementResult = TETHER_ERROR_NO_ERROR;
- receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_ENTITLEMENT_UNKNOWN, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI_P2P, receiver, true);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI_P2P, TETHER_ERROR_ENTITLEMENT_UNKNOWN, true);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
}
@@ -660,6 +606,34 @@
doTestUiProvisioningMultiUser(false, 1);
}
+ private static class TestableResultReceiver extends ResultReceiver {
+ private static final long DEFAULT_TIMEOUT_MS = 200L;
+ private final ArrayTrackRecord<Integer>.ReadHead mHistory =
+ new ArrayTrackRecord<Integer>().newReadHead();
+
+ TestableResultReceiver(Handler handler) {
+ super(handler);
+ }
+
+ @Override
+ protected void onReceiveResult(int resultCode, Bundle resultData) {
+ mHistory.add(resultCode);
+ }
+
+ void expectResult(int resultCode) {
+ final int event = mHistory.poll(DEFAULT_TIMEOUT_MS, it -> true);
+ assertEquals(resultCode, event);
+ }
+ }
+
+ void assertLatestEntitlementResult(int downstreamType, int expectedCode,
+ boolean showEntitlementUi) {
+ final TestableResultReceiver receiver = new TestableResultReceiver(null);
+ mEnMgr.requestLatestTetheringEntitlementResult(downstreamType, receiver, showEntitlementUi);
+ mLooper.dispatchAll();
+ receiver.expectResult(expectedCode);
+ }
+
private void doTestUiProvisioningMultiUser(boolean isAdminUser, int expectedUiProvisionCount) {
setupForRequiredProvisioning();
doReturn(isAdminUser).when(mUserManager).isAdminUser();
@@ -671,10 +645,19 @@
mEnMgr.startProvisioningIfNeeded(TETHERING_USB, true);
mLooper.dispatchAll();
assertEquals(expectedUiProvisionCount, mDeps.uiProvisionCount);
+ if (expectedUiProvisionCount == 0) { // Failed to launch entitlement UI.
+ assertLatestEntitlementResult(TETHERING_USB, TETHER_ERROR_PROVISIONING_FAILED, false);
+ verify(mTetherProvisioningFailedListener).onTetherProvisioningFailed(TETHERING_USB,
+ FAILED_TETHERING_REASON);
+ } else {
+ assertLatestEntitlementResult(TETHERING_USB, TETHER_ERROR_NO_ERROR, false);
+ verify(mTetherProvisioningFailedListener, never()).onTetherProvisioningFailed(anyInt(),
+ anyString());
+ }
}
@Test
- public void testsetExemptedDownstreamType() throws Exception {
+ public void testSetExemptedDownstreamType() {
setupForRequiredProvisioning();
// Cellular upstream is not permitted when no entitlement result.
assertFalse(mEnMgr.isCellularUpstreamPermitted());
@@ -737,14 +720,7 @@
setupCarrierConfig(false);
setupForRequiredProvisioning();
mDeps.fakeEntitlementResult = TETHER_ERROR_NO_ERROR;
- ResultReceiver receiver = new ResultReceiver(null) {
- @Override
- protected void onReceiveResult(int resultCode, Bundle resultData) {
- assertEquals(TETHER_ERROR_PROVISIONING_FAILED, resultCode);
- }
- };
- mEnMgr.requestLatestTetheringEntitlementResult(TETHERING_WIFI, receiver, false);
- mLooper.dispatchAll();
+ assertLatestEntitlementResult(TETHERING_WIFI, TETHER_ERROR_PROVISIONING_FAILED, false);
assertEquals(0, mDeps.uiProvisionCount);
mDeps.reset();
}
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/MockTetheringService.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/MockTetheringService.java
index 3c07580..7fcc5f1 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/MockTetheringService.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/MockTetheringService.java
@@ -32,6 +32,8 @@
public class MockTetheringService extends TetheringService {
private final Tethering mTethering = mock(Tethering.class);
private final ArrayMap<String, Integer> mMockedPermissions = new ArrayMap<>();
+ private final ArrayMap<String, Integer> mMockedPackageUids = new ArrayMap<>();
+ private int mMockCallingUid;
@Override
public IBinder onBind(Intent intent) {
@@ -61,6 +63,17 @@
return super.checkCallingOrSelfPermission(permission);
}
+ @Override
+ boolean checkPackageNameMatchesUid(@NonNull Context context, int uid,
+ @NonNull String callingPackage) {
+ return mMockedPackageUids.getOrDefault(callingPackage, 0) == uid;
+ }
+
+ @Override
+ int getBinderCallingUid() {
+ return mMockCallingUid;
+ }
+
public Tethering getTethering() {
return mTethering;
}
@@ -91,5 +104,19 @@
mMockedPermissions.put(permission, granted);
}
}
+
+ /**
+ * Mock a package name matching a uid.
+ */
+ public void setPackageNameUid(String packageName, int uid) {
+ mMockedPackageUids.put(packageName, uid);
+ }
+
+ /**
+ * Mock a package name matching a uid.
+ */
+ public void setCallingUid(int uid) {
+ mMockCallingUid = uid;
+ }
}
}
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java
index c0d7ad4..0dbf772 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringServiceTest.java
@@ -33,12 +33,16 @@
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyBoolean;
import static org.mockito.ArgumentMatchers.eq;
+import static org.mockito.Mockito.anyInt;
import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.never;
import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
+import android.app.AppOpsManager;
import android.app.UiAutomation;
import android.content.Intent;
import android.net.IIntResultListener;
@@ -79,7 +83,9 @@
public final class TetheringServiceTest {
private static final String TEST_IFACE_NAME = "test_wlan0";
private static final String TEST_CALLER_PKG = "com.android.shell";
+ private static final int TEST_CALLER_UID = 1234;
private static final String TEST_ATTRIBUTION_TAG = null;
+ private static final String TEST_WRONG_PACKAGE = "wrong.package";
@Mock private ITetheringEventCallback mITetheringEventCallback;
@Rule public ServiceTestRule mServiceTestRule;
private Tethering mTethering;
@@ -87,6 +93,7 @@
private MockTetheringConnector mMockConnector;
private ITetheringConnector mTetheringConnector;
private UiAutomation mUiAutomation;
+ @Mock private AppOpsManager mAppOps;
private class TestTetheringResult extends IIntResultListener.Stub {
private int mResult = -1; // Default value that does not match any result code.
@@ -128,6 +135,10 @@
mTetheringConnector = ITetheringConnector.Stub.asInterface(mMockConnector.getIBinder());
final MockTetheringService service = mMockConnector.getService();
mTethering = service.getTethering();
+ mMockConnector.setCallingUid(TEST_CALLER_UID);
+ mMockConnector.setPackageNameUid(TEST_CALLER_PKG, TEST_CALLER_UID);
+ doThrow(new SecurityException()).when(mAppOps).checkPackage(anyInt(),
+ eq(TEST_WRONG_PACKAGE));
}
@After
@@ -330,6 +341,15 @@
});
runAsTetherPrivileged((result) -> {
+ mTetheringConnector.startTethering(request, TEST_WRONG_PACKAGE,
+ TEST_ATTRIBUTION_TAG, result);
+ verify(mTethering, never()).startTethering(
+ eq(new TetheringRequest(request)), eq(TEST_WRONG_PACKAGE), eq(result));
+ result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
+ verifyNoMoreInteractionsForTethering();
+ });
+
+ runAsTetherPrivileged((result) -> {
runStartTethering(result, request);
verifyNoMoreInteractionsForTethering();
});
@@ -445,6 +465,13 @@
verifyNoMoreInteractionsForTethering();
});
+ runAsTetherPrivileged((none) -> {
+ mTetheringConnector.requestLatestTetheringEntitlementResult(TETHERING_WIFI, result,
+ true /* showEntitlementUi */, TEST_WRONG_PACKAGE, TEST_ATTRIBUTION_TAG);
+ result.assertResult(TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION);
+ verifyNoMoreInteractions(mTethering);
+ });
+
runAsWriteSettings((none) -> {
runRequestLatestTetheringEntitlementResult();
verify(mTethering).isTetherProvisioningRequired();
diff --git a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
index d0c036f..17f5081 100644
--- a/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
+++ b/Tethering/tests/unit/src/com/android/networkstack/tethering/TetheringTest.java
@@ -17,7 +17,10 @@
package com.android.networkstack.tethering;
import static android.Manifest.permission.NETWORK_SETTINGS;
+import static android.Manifest.permission.NETWORK_STACK;
import static android.content.pm.PackageManager.GET_ACTIVITIES;
+import static android.content.pm.PackageManager.PERMISSION_DENIED;
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
import static android.hardware.usb.UsbManager.USB_CONFIGURED;
import static android.hardware.usb.UsbManager.USB_CONNECTED;
import static android.hardware.usb.UsbManager.USB_FUNCTION_NCM;
@@ -33,6 +36,7 @@
import static android.net.NetworkCapabilities.TRANSPORT_BLUETOOTH;
import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
import static android.net.NetworkCapabilities.TRANSPORT_WIFI;
+import static android.net.NetworkStack.PERMISSION_MAINLINE_NETWORK_STACK;
import static android.net.RouteInfo.RTN_UNICAST;
import static android.net.TetheringManager.ACTION_TETHER_STATE_CHANGED;
import static android.net.TetheringManager.CONNECTIVITY_SCOPE_GLOBAL;
@@ -164,6 +168,7 @@
import android.net.wifi.WifiClient;
import android.net.wifi.WifiManager;
import android.net.wifi.WifiManager.SoftApCallback;
+import android.net.wifi.WifiSsid;
import android.net.wifi.p2p.WifiP2pGroup;
import android.net.wifi.p2p.WifiP2pInfo;
import android.net.wifi.p2p.WifiP2pManager;
@@ -190,6 +195,7 @@
import com.android.internal.util.test.BroadcastInterceptingContext;
import com.android.internal.util.test.FakeSettingsProvider;
+import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.CollectionUtils;
import com.android.net.module.util.InterfaceParams;
import com.android.net.module.util.PrivateAddressCoordinator;
@@ -223,6 +229,7 @@
import java.io.PrintWriter;
import java.net.Inet4Address;
import java.net.Inet6Address;
+import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -257,6 +264,7 @@
private static final String TEST_WIFI_REGEX = "test_wlan\\d";
private static final String TEST_P2P_REGEX = "test_p2p-p2p\\d-.*";
private static final String TEST_BT_REGEX = "test_pan\\d";
+ private static final int TEST_CALLER_UID = 1000;
private static final String TEST_CALLER_PKG = "com.test.tethering";
private static final int CELLULAR_NETID = 100;
@@ -328,6 +336,7 @@
private TestConnectivityManager mCm;
private boolean mForceEthernetServiceUnavailable = false;
+ private int mBinderCallingUid = TEST_CALLER_UID;
private class TestContext extends BroadcastInterceptingContext {
TestContext(Context base) {
@@ -555,6 +564,11 @@
}
return mBluetoothPanShim;
}
+
+ @Override
+ public int getBinderCallingUid() {
+ return mBinderCallingUid;
+ }
}
private static LinkProperties buildUpstreamLinkProperties(String interfaceName,
@@ -2335,7 +2349,7 @@
// 2. Enable wifi tethering.
UpstreamNetworkState upstreamState = buildMobileDualStackUpstreamState();
initTetheringUpstream(upstreamState);
- when(mWifiManager.startTetheredHotspot(any(SoftApConfiguration.class))).thenReturn(true);
+ when(mWifiManager.startTetheredHotspot(null)).thenReturn(true);
mTethering.interfaceStatusChanged(TEST_WLAN_IFNAME, true);
mLooper.dispatchAll();
tetherState = callback.pollTetherStatesChanged();
@@ -2380,6 +2394,105 @@
}
@Test
+ public void testSoftApConfigInTetheringEventCallback() throws Exception {
+ assumeTrue(SdkLevel.isAtLeastV());
+ when(mContext.checkCallingOrSelfPermission(NETWORK_SETTINGS))
+ .thenReturn(PERMISSION_DENIED);
+ when(mContext.checkCallingOrSelfPermission(NETWORK_STACK))
+ .thenReturn(PERMISSION_DENIED);
+ when(mContext.checkCallingOrSelfPermission(PERMISSION_MAINLINE_NETWORK_STACK))
+ .thenReturn(PERMISSION_DENIED);
+ initTetheringOnTestThread();
+ TestTetheringEventCallback callback = new TestTetheringEventCallback();
+ TestTetheringEventCallback differentCallback = new TestTetheringEventCallback();
+ TestTetheringEventCallback settingsCallback = new TestTetheringEventCallback();
+ SoftApConfiguration softApConfig = new SoftApConfiguration.Builder().setWifiSsid(
+ WifiSsid.fromBytes("SoftApConfig".getBytes(StandardCharsets.UTF_8))).build();
+ final TetheringRequest tetheringRequest = new TetheringRequest.Builder(TETHERING_WIFI)
+ .setSoftApConfiguration(softApConfig).build();
+ tetheringRequest.setUid(TEST_CALLER_UID);
+ final TetheringInterface wifiIfaceWithoutConfig = new TetheringInterface(
+ TETHERING_WIFI, TEST_WLAN_IFNAME, null);
+ final TetheringInterface wifiIfaceWithConfig = new TetheringInterface(
+ TETHERING_WIFI, TEST_WLAN_IFNAME, softApConfig);
+
+ // Register callback before running any tethering.
+ mTethering.registerTetheringEventCallback(callback);
+ mLooper.dispatchAll();
+ callback.expectTetheredClientChanged(Collections.emptyList());
+ callback.expectUpstreamChanged(NULL_NETWORK);
+ callback.expectConfigurationChanged(
+ mTethering.getTetheringConfiguration().toStableParcelable());
+ // Register callback with different UID
+ mBinderCallingUid = TEST_CALLER_UID + 1;
+ mTethering.registerTetheringEventCallback(differentCallback);
+ mLooper.dispatchAll();
+ differentCallback.expectTetheredClientChanged(Collections.emptyList());
+ differentCallback.expectUpstreamChanged(NULL_NETWORK);
+ differentCallback.expectConfigurationChanged(
+ mTethering.getTetheringConfiguration().toStableParcelable());
+ // Register Settings callback
+ when(mContext.checkCallingOrSelfPermission(NETWORK_SETTINGS))
+ .thenReturn(PERMISSION_GRANTED);
+ mTethering.registerTetheringEventCallback(settingsCallback);
+ mLooper.dispatchAll();
+ settingsCallback.expectTetheredClientChanged(Collections.emptyList());
+ settingsCallback.expectUpstreamChanged(NULL_NETWORK);
+ settingsCallback.expectConfigurationChanged(
+ mTethering.getTetheringConfiguration().toStableParcelable());
+
+ assertTetherStatesNotNullButEmpty(callback.pollTetherStatesChanged());
+ assertTetherStatesNotNullButEmpty(differentCallback.pollTetherStatesChanged());
+ assertTetherStatesNotNullButEmpty(settingsCallback.pollTetherStatesChanged());
+ callback.expectOffloadStatusChanged(TETHER_HARDWARE_OFFLOAD_STOPPED);
+ UpstreamNetworkState upstreamState = buildMobileDualStackUpstreamState();
+ initTetheringUpstream(upstreamState);
+ when(mWifiManager.startTetheredHotspot(null)).thenReturn(true);
+ mTethering.interfaceStatusChanged(TEST_WLAN_IFNAME, true);
+ mLooper.dispatchAll();
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithoutConfig},
+ callback.pollTetherStatesChanged().availableList);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithoutConfig},
+ differentCallback.pollTetherStatesChanged().availableList);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithoutConfig},
+ settingsCallback.pollTetherStatesChanged().availableList);
+
+ // Enable wifi tethering
+ mBinderCallingUid = TEST_CALLER_UID;
+ mTethering.startTethering(tetheringRequest, TEST_CALLER_PKG, null);
+ sendWifiApStateChanged(WIFI_AP_STATE_ENABLED, TEST_WLAN_IFNAME, IFACE_IP_MODE_TETHERED);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithConfig},
+ callback.pollTetherStatesChanged().tetheredList);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithoutConfig},
+ differentCallback.pollTetherStatesChanged().tetheredList);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithConfig},
+ settingsCallback.pollTetherStatesChanged().tetheredList);
+ callback.expectUpstreamChanged(upstreamState.network);
+ callback.expectOffloadStatusChanged(TETHER_HARDWARE_OFFLOAD_STARTED);
+
+ // Disable wifi tethering
+ mLooper.dispatchAll();
+ mTethering.stopTethering(TETHERING_WIFI);
+ sendWifiApStateChanged(WIFI_AP_STATE_DISABLED);
+ if (isAtLeastT()) {
+ // After T, tethering doesn't support WIFI_AP_STATE_DISABLED with null interface name.
+ callback.assertNoStateChangeCallback();
+ sendWifiApStateChanged(WIFI_AP_STATE_DISABLED, TEST_WLAN_IFNAME,
+ IFACE_IP_MODE_TETHERED);
+ }
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithConfig},
+ callback.pollTetherStatesChanged().availableList);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithoutConfig},
+ differentCallback.pollTetherStatesChanged().availableList);
+ assertArrayEquals(new TetheringInterface[] {wifiIfaceWithConfig},
+ settingsCallback.pollTetherStatesChanged().availableList);
+ mLooper.dispatchAll();
+ callback.expectUpstreamChanged(NULL_NETWORK);
+ callback.expectOffloadStatusChanged(TETHER_HARDWARE_OFFLOAD_STOPPED);
+ callback.assertNoCallback();
+ }
+
+ @Test
public void testReportFailCallbackIfOffloadNotSupported() throws Exception {
initTetheringOnTestThread();
final UpstreamNetworkState upstreamState = buildMobileDualStackUpstreamState();
diff --git a/bpf/headers/include/bpf/BpfClassic.h b/bpf/headers/include/bpf/BpfClassic.h
index 81be37d..e6cef89 100644
--- a/bpf/headers/include/bpf/BpfClassic.h
+++ b/bpf/headers/include/bpf/BpfClassic.h
@@ -63,6 +63,10 @@
#define BPF_LOAD_SKB_PROTOCOL \
BPF_STMT(BPF_LD | BPF_H | BPF_ABS, (__u32)SKF_AD_OFF + SKF_AD_PROTOCOL)
+// loads skb->pkt_type (0..7: see uapi/linux/if_packet.h PACKET_* constants)
+#define BPF_LOAD_SKB_PKTTYPE \
+ BPF_STMT(BPF_LD | BPF_B | BPF_ABS, (__u32)SKF_AD_OFF + SKF_AD_PKTTYPE)
+
// 8-bit load relative to start of link layer (mac/ethernet) header.
#define BPF_LOAD_MAC_RELATIVE_U8(ofs) \
BPF_STMT(BPF_LD | BPF_B | BPF_ABS, (__u32)SKF_LL_OFF + (ofs))
@@ -160,6 +164,9 @@
#define BPF_LOAD_NETX_RELATIVE_ICMP_TYPE BPF_LOAD_NETX_RELATIVE_L4_U8(0)
#define BPF_LOAD_NETX_RELATIVE_ICMP_CODE BPF_LOAD_NETX_RELATIVE_L4_U8(1)
+// IGMP start with u8 type
+#define BPF_LOAD_NETX_RELATIVE_IGMP_TYPE BPF_LOAD_NETX_RELATIVE_L4_U8(0)
+
// IPv6 extension headers (HOPOPTS, DSTOPS, FRAG) begin with a u8 nexthdr
#define BPF_LOAD_NETX_RELATIVE_V6EXTHDR_NEXTHDR BPF_LOAD_NETX_RELATIVE_L4_U8(0)
diff --git a/bpf/headers/include/bpf/BpfRingbuf.h b/bpf/headers/include/bpf/BpfRingbuf.h
index 4bcd259..5fe4ef7 100644
--- a/bpf/headers/include/bpf/BpfRingbuf.h
+++ b/bpf/headers/include/bpf/BpfRingbuf.h
@@ -99,6 +99,7 @@
// 32-bit kernel will just ignore the high-order bits.
std::atomic_uint64_t* mConsumerPos = nullptr;
std::atomic_uint32_t* mProducerPos = nullptr;
+ std::atomic_uint32_t* mLength = nullptr;
// In order to guarantee atomic access in a 32 bit userspace environment, atomic_uint64_t is used
// in addition to std::atomic<T>::is_always_lock_free that guarantees that read / write operations
@@ -247,7 +248,8 @@
// u32 len;
// u32 pg_off;
// };
- uint32_t length = *reinterpret_cast<volatile uint32_t*>(start_ptr);
+ mLength = reinterpret_cast<decltype(mLength)>(start_ptr);
+ uint32_t length = mLength->load(std::memory_order_acquire);
// If the sample isn't committed, we're caught up with the producer.
if (length & BPF_RINGBUF_BUSY_BIT) return count;
diff --git a/bpf/netd/Android.bp b/bpf/netd/Android.bp
index fe4d999..473c8c9 100644
--- a/bpf/netd/Android.bp
+++ b/bpf/netd/Android.bp
@@ -82,7 +82,6 @@
"libcutils",
"liblog",
"libnetdutils",
- "libprocessgroup",
],
compile_multilib: "both",
multilib: {
diff --git a/bpf/netd/BpfBaseTest.cpp b/bpf/netd/BpfBaseTest.cpp
index 34dfbb4..4b8a04e 100644
--- a/bpf/netd/BpfBaseTest.cpp
+++ b/bpf/netd/BpfBaseTest.cpp
@@ -29,7 +29,6 @@
#include <gtest/gtest.h>
#include <cutils/qtaguid.h>
-#include <processgroup/processgroup.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
@@ -54,13 +53,6 @@
BpfBasicTest() {}
};
-TEST_F(BpfBasicTest, TestCgroupMounted) {
- std::string cg2_path;
- ASSERT_EQ(true, CgroupGetControllerPath(CGROUPV2_HIERARCHY_NAME, &cg2_path));
- ASSERT_EQ(0, access(cg2_path.c_str(), R_OK));
- ASSERT_EQ(0, access((cg2_path + "/cgroup.controllers").c_str(), R_OK));
-}
-
TEST_F(BpfBasicTest, TestTagSocket) {
BpfMap<uint64_t, UidTagValue> cookieTagMap(COOKIE_TAG_MAP_PATH);
ASSERT_TRUE(cookieTagMap.isValid());
diff --git a/bpf/netd/BpfHandler.cpp b/bpf/netd/BpfHandler.cpp
index 50e0329..340acda 100644
--- a/bpf/netd/BpfHandler.cpp
+++ b/bpf/netd/BpfHandler.cpp
@@ -97,6 +97,7 @@
ALOGE("Failed to open the cgroup directory: %s", strerror(err));
return statusFromErrno(err, "Open the cgroup directory failed");
}
+
RETURN_IF_NOT_OK(checkProgramAccessible(XT_BPF_ALLOWLIST_PROG_PATH));
RETURN_IF_NOT_OK(checkProgramAccessible(XT_BPF_DENYLIST_PROG_PATH));
RETURN_IF_NOT_OK(checkProgramAccessible(XT_BPF_EGRESS_PROG_PATH));
diff --git a/bpf/syscall_wrappers/include/BpfSyscallWrappers.h b/bpf/syscall_wrappers/include/BpfSyscallWrappers.h
index 73cef89..a31445a 100644
--- a/bpf/syscall_wrappers/include/BpfSyscallWrappers.h
+++ b/bpf/syscall_wrappers/include/BpfSyscallWrappers.h
@@ -16,24 +16,20 @@
#pragma once
+#include <android-base/unique_fd.h>
#include <stdlib.h>
#include <unistd.h>
#include <linux/bpf.h>
#include <linux/unistd.h>
#include <sys/file.h>
-#ifdef BPF_FD_JUST_USE_INT
- #define BPF_FD_TYPE int
- #define BPF_FD_TO_U32(x) static_cast<__u32>(x)
-#else
- #include <android-base/unique_fd.h>
- #define BPF_FD_TYPE base::unique_fd&
- #define BPF_FD_TO_U32(x) static_cast<__u32>((x).get())
-#endif
namespace android {
namespace bpf {
+using ::android::base::borrowed_fd;
+using ::android::base::unique_fd;
+
inline uint64_t ptr_to_u64(const void * const x) {
return (uint64_t)(uintptr_t)x;
}
@@ -69,58 +65,59 @@
// 'inner_map_fd' is basically a template specifying {map_type, key_size, value_size, max_entries, map_flags}
// of the inner map type (and possibly only key_size/value_size actually matter?).
inline int createOuterMap(bpf_map_type map_type, uint32_t key_size, uint32_t value_size,
- uint32_t max_entries, uint32_t map_flags, const BPF_FD_TYPE inner_map_fd) {
+ uint32_t max_entries, uint32_t map_flags,
+ const borrowed_fd& inner_map_fd) {
return bpf(BPF_MAP_CREATE, {
.map_type = map_type,
.key_size = key_size,
.value_size = value_size,
.max_entries = max_entries,
.map_flags = map_flags,
- .inner_map_fd = BPF_FD_TO_U32(inner_map_fd),
+ .inner_map_fd = static_cast<__u32>(inner_map_fd.get()),
});
}
-inline int writeToMapEntry(const BPF_FD_TYPE map_fd, const void* key, const void* value,
+inline int writeToMapEntry(const borrowed_fd& map_fd, const void* key, const void* value,
uint64_t flags) {
return bpf(BPF_MAP_UPDATE_ELEM, {
- .map_fd = BPF_FD_TO_U32(map_fd),
+ .map_fd = static_cast<__u32>(map_fd.get()),
.key = ptr_to_u64(key),
.value = ptr_to_u64(value),
.flags = flags,
});
}
-inline int findMapEntry(const BPF_FD_TYPE map_fd, const void* key, void* value) {
+inline int findMapEntry(const borrowed_fd& map_fd, const void* key, void* value) {
return bpf(BPF_MAP_LOOKUP_ELEM, {
- .map_fd = BPF_FD_TO_U32(map_fd),
+ .map_fd = static_cast<__u32>(map_fd.get()),
.key = ptr_to_u64(key),
.value = ptr_to_u64(value),
});
}
-inline int deleteMapEntry(const BPF_FD_TYPE map_fd, const void* key) {
+inline int deleteMapEntry(const borrowed_fd& map_fd, const void* key) {
return bpf(BPF_MAP_DELETE_ELEM, {
- .map_fd = BPF_FD_TO_U32(map_fd),
+ .map_fd = static_cast<__u32>(map_fd.get()),
.key = ptr_to_u64(key),
});
}
-inline int getNextMapKey(const BPF_FD_TYPE map_fd, const void* key, void* next_key) {
+inline int getNextMapKey(const borrowed_fd& map_fd, const void* key, void* next_key) {
return bpf(BPF_MAP_GET_NEXT_KEY, {
- .map_fd = BPF_FD_TO_U32(map_fd),
+ .map_fd = static_cast<__u32>(map_fd.get()),
.key = ptr_to_u64(key),
.next_key = ptr_to_u64(next_key),
});
}
-inline int getFirstMapKey(const BPF_FD_TYPE map_fd, void* firstKey) {
+inline int getFirstMapKey(const borrowed_fd& map_fd, void* firstKey) {
return getNextMapKey(map_fd, NULL, firstKey);
}
-inline int bpfFdPin(const BPF_FD_TYPE map_fd, const char* pathname) {
+inline int bpfFdPin(const borrowed_fd& map_fd, const char* pathname) {
return bpf(BPF_OBJ_PIN, {
.pathname = ptr_to_u64(pathname),
- .bpf_fd = BPF_FD_TO_U32(map_fd),
+ .bpf_fd = static_cast<__u32>(map_fd.get()),
});
}
@@ -131,22 +128,15 @@
});
}
-int bpfGetFdMapId(const BPF_FD_TYPE map_fd);
+int bpfGetFdMapId(const borrowed_fd& map_fd);
inline int bpfLock(int fd, short type) {
if (fd < 0) return fd; // pass any errors straight through
#ifdef BPF_MAP_LOCKLESS_FOR_TEST
return fd;
#endif
-#ifdef BPF_FD_JUST_USE_INT
int mapId = bpfGetFdMapId(fd);
int saved_errno = errno;
-#else
- base::unique_fd ufd(fd);
- int mapId = bpfGetFdMapId(ufd);
- int saved_errno = errno;
- (void)ufd.release();
-#endif
// 4.14+ required to fetch map id, but we don't want to call isAtLeastKernelVersion
if (mapId == -1 && saved_errno == EINVAL) return fd;
if (mapId <= 0) abort(); // should not be possible
@@ -193,37 +183,35 @@
}
inline bool usableProgram(const char* pathname) {
- int fd = retrieveProgram(pathname);
- bool ok = (fd >= 0);
- if (ok) close(fd);
- return ok;
+ unique_fd fd(retrieveProgram(pathname));
+ return fd.ok();
}
-inline int attachProgram(bpf_attach_type type, const BPF_FD_TYPE prog_fd,
- const BPF_FD_TYPE cg_fd, uint32_t flags = 0) {
+inline int attachProgram(bpf_attach_type type, const borrowed_fd& prog_fd,
+ const borrowed_fd& cg_fd, uint32_t flags = 0) {
return bpf(BPF_PROG_ATTACH, {
- .target_fd = BPF_FD_TO_U32(cg_fd),
- .attach_bpf_fd = BPF_FD_TO_U32(prog_fd),
+ .target_fd = static_cast<__u32>(cg_fd.get()),
+ .attach_bpf_fd = static_cast<__u32>(prog_fd.get()),
.attach_type = type,
.attach_flags = flags,
});
}
-inline int detachProgram(bpf_attach_type type, const BPF_FD_TYPE cg_fd) {
+inline int detachProgram(bpf_attach_type type, const borrowed_fd& cg_fd) {
return bpf(BPF_PROG_DETACH, {
- .target_fd = BPF_FD_TO_U32(cg_fd),
+ .target_fd = static_cast<__u32>(cg_fd.get()),
.attach_type = type,
});
}
-inline int queryProgram(const BPF_FD_TYPE cg_fd,
+inline int queryProgram(const borrowed_fd& cg_fd,
enum bpf_attach_type attach_type,
__u32 query_flags = 0,
__u32 attach_flags = 0) {
int prog_id = -1; // equivalent to an array of one integer.
bpf_attr arg = {
.query = {
- .target_fd = BPF_FD_TO_U32(cg_fd),
+ .target_fd = static_cast<__u32>(cg_fd.get()),
.attach_type = attach_type,
.query_flags = query_flags,
.attach_flags = attach_flags,
@@ -237,21 +225,21 @@
return prog_id; // return actual id
}
-inline int detachSingleProgram(bpf_attach_type type, const BPF_FD_TYPE prog_fd,
- const BPF_FD_TYPE cg_fd) {
+inline int detachSingleProgram(bpf_attach_type type, const borrowed_fd& prog_fd,
+ const borrowed_fd& cg_fd) {
return bpf(BPF_PROG_DETACH, {
- .target_fd = BPF_FD_TO_U32(cg_fd),
- .attach_bpf_fd = BPF_FD_TO_U32(prog_fd),
+ .target_fd = static_cast<__u32>(cg_fd.get()),
+ .attach_bpf_fd = static_cast<__u32>(prog_fd.get()),
.attach_type = type,
});
}
// Available in 4.12 and later kernels.
-inline int runProgram(const BPF_FD_TYPE prog_fd, const void* data,
+inline int runProgram(const borrowed_fd& prog_fd, const void* data,
const uint32_t data_size) {
return bpf(BPF_PROG_RUN, {
.test = {
- .prog_fd = BPF_FD_TO_U32(prog_fd),
+ .prog_fd = static_cast<__u32>(prog_fd.get()),
.data_size_in = data_size,
.data_in = ptr_to_u64(data),
},
@@ -265,10 +253,10 @@
// supported/returned by the running kernel. We do this by checking it is fully
// within the bounds of the struct size as reported by the kernel.
#define DEFINE_BPF_GET_FD(TYPE, NAME, FIELD) \
-inline int bpfGetFd ## NAME(const BPF_FD_TYPE fd) { \
+inline int bpfGetFd ## NAME(const borrowed_fd& fd) { \
struct bpf_ ## TYPE ## _info info = {}; \
union bpf_attr attr = { .info = { \
- .bpf_fd = BPF_FD_TO_U32(fd), \
+ .bpf_fd = static_cast<__u32>(fd.get()), \
.info_len = sizeof(info), \
.info = ptr_to_u64(&info), \
}}; \
@@ -283,19 +271,16 @@
// All 7 of these fields are already present in Linux v4.14 (even ACK 4.14-P)
// while BPF_OBJ_GET_INFO_BY_FD is not implemented at all in v4.9 (even ACK 4.9-Q)
-DEFINE_BPF_GET_FD(map, MapType, type) // int bpfGetFdMapType(const BPF_FD_TYPE map_fd)
-DEFINE_BPF_GET_FD(map, MapId, id) // int bpfGetFdMapId(const BPF_FD_TYPE map_fd)
-DEFINE_BPF_GET_FD(map, KeySize, key_size) // int bpfGetFdKeySize(const BPF_FD_TYPE map_fd)
-DEFINE_BPF_GET_FD(map, ValueSize, value_size) // int bpfGetFdValueSize(const BPF_FD_TYPE map_fd)
-DEFINE_BPF_GET_FD(map, MaxEntries, max_entries) // int bpfGetFdMaxEntries(const BPF_FD_TYPE map_fd)
-DEFINE_BPF_GET_FD(map, MapFlags, map_flags) // int bpfGetFdMapFlags(const BPF_FD_TYPE map_fd)
-DEFINE_BPF_GET_FD(prog, ProgId, id) // int bpfGetFdProgId(const BPF_FD_TYPE prog_fd)
+DEFINE_BPF_GET_FD(map, MapType, type) // int bpfGetFdMapType(const borrowed_fd& map_fd)
+DEFINE_BPF_GET_FD(map, MapId, id) // int bpfGetFdMapId(const borrowed_fd& map_fd)
+DEFINE_BPF_GET_FD(map, KeySize, key_size) // int bpfGetFdKeySize(const borrowed_fd& map_fd)
+DEFINE_BPF_GET_FD(map, ValueSize, value_size) // int bpfGetFdValueSize(const borrowed_fd& map_fd)
+DEFINE_BPF_GET_FD(map, MaxEntries, max_entries) // int bpfGetFdMaxEntries(const borrowed_fd& map_fd)
+DEFINE_BPF_GET_FD(map, MapFlags, map_flags) // int bpfGetFdMapFlags(const borrowed_fd& map_fd)
+DEFINE_BPF_GET_FD(prog, ProgId, id) // int bpfGetFdProgId(const borrowed_fd& prog_fd)
#undef DEFINE_BPF_GET_FD
} // namespace bpf
} // namespace android
-#undef BPF_FD_TO_U32
-#undef BPF_FD_TYPE
-#undef BPF_FD_JUST_USE_INT
diff --git a/common/flags.aconfig b/common/flags.aconfig
index 4c6d8ba..17ef94b 100644
--- a/common/flags.aconfig
+++ b/common/flags.aconfig
@@ -41,7 +41,7 @@
}
flag {
- name: "tethering_request_with_soft_ap_config"
+ name: "tethering_with_soft_ap_config"
is_exported: true
namespace: "android_core_networking"
description: "The flag controls the access for the parcelable TetheringRequest with getSoftApConfiguration/setSoftApConfiguration API"
diff --git a/common/networksecurity_flags.aconfig b/common/networksecurity_flags.aconfig
index 6438ba4..4a83af4 100644
--- a/common/networksecurity_flags.aconfig
+++ b/common/networksecurity_flags.aconfig
@@ -8,3 +8,12 @@
bug: "319829948"
is_fixed_read_only: true
}
+
+flag {
+ name: "certificate_transparency_job"
+ is_exported: true
+ namespace: "network_security"
+ description: "Enable daily job service for certificate transparency instead of flags listener"
+ bug: "319829948"
+ is_fixed_read_only: true
+}
diff --git a/framework-t/Android.bp b/framework-t/Android.bp
index 7551b92..26fc145 100644
--- a/framework-t/Android.bp
+++ b/framework-t/Android.bp
@@ -172,6 +172,10 @@
// Tests using hidden APIs
"//cts/tests/netlegacy22.api",
"//cts/tests/tests/app.usage", // NetworkUsageStatsTest
+
+ // TODO: b/374174952 Remove it when VCN CTS is moved to Connectivity/
+ "//cts/tests/tests/vcn",
+
"//external/sl4a:__subpackages__",
"//frameworks/base/core/tests/bandwidthtests",
"//frameworks/base/core/tests/benchmarks",
diff --git a/framework/Android.bp b/framework/Android.bp
index 0334e11..a5a7d61 100644
--- a/framework/Android.bp
+++ b/framework/Android.bp
@@ -64,6 +64,7 @@
":net-utils-framework-common-srcs",
":framework-connectivity-api-shared-srcs",
":framework-networksecurity-sources",
+ ":statslog-framework-connectivity-java-gen",
],
aidl: {
generate_get_transaction_name: true,
@@ -104,6 +105,7 @@
"androidx.annotation_annotation",
"app-compat-annotations",
"framework-connectivity-t.stubs.module_lib",
+ "framework-statsd.stubs.module_lib",
"unsupportedappusage",
],
apex_available: [
@@ -187,6 +189,10 @@
// Tests using hidden APIs
"//cts/tests/netlegacy22.api",
"//cts/tests/tests/app.usage", // NetworkUsageStatsTest
+
+ // TODO: b/374174952 Remove it when VCN CTS is moved to Connectivity/
+ "//cts/tests/tests/vcn",
+
"//external/sl4a:__subpackages__",
"//frameworks/base/core/tests/bandwidthtests",
"//frameworks/base/core/tests/benchmarks",
diff --git a/framework/src/android/net/NetworkAgent.java b/framework/src/android/net/NetworkAgent.java
index 574ab2f..cefa1ea 100644
--- a/framework/src/android/net/NetworkAgent.java
+++ b/framework/src/android/net/NetworkAgent.java
@@ -31,12 +31,14 @@
import android.os.Handler;
import android.os.Looper;
import android.os.Message;
+import android.os.Process;
import android.os.RemoteException;
import android.telephony.data.EpsBearerQosSessionAttributes;
import android.telephony.data.NrQosSessionAttributes;
import android.util.Log;
import com.android.internal.annotations.VisibleForTesting;
+import com.android.net.module.util.FrameworkConnectivityStatsLog;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
@@ -943,6 +945,19 @@
private void queueOrSendMessage(@NonNull RegistryAction action) {
synchronized (mPreConnectedQueue) {
+ if (mNetwork == null && !Process.isApplicationUid(Process.myUid())) {
+ // Theoretically, it should not be valid to queue messages here before
+ // registering the NetworkAgent. However, practically, with the way
+ // queueing works right now, it ends up working out just fine.
+ // Log a statistic so that we know if this is happening in the
+ // wild. The check for isApplicationUid is to prevent logging the
+ // metric from test code.
+
+ FrameworkConnectivityStatsLog.write(
+ FrameworkConnectivityStatsLog.CORE_NETWORKING_TERRIBLE_ERROR_OCCURRED,
+ FrameworkConnectivityStatsLog.CORE_NETWORKING_TERRIBLE_ERROR_OCCURRED__ERROR_TYPE__TYPE_MESSAGE_QUEUED_BEFORE_CONNECT
+ );
+ }
if (mRegistry != null) {
try {
action.execute(mRegistry);
diff --git a/nearby/tests/cts/fastpair/src/android/nearby/cts/NearbyManagerTest.java b/nearby/tests/cts/fastpair/src/android/nearby/cts/NearbyManagerTest.java
index 1e36676..3291223 100644
--- a/nearby/tests/cts/fastpair/src/android/nearby/cts/NearbyManagerTest.java
+++ b/nearby/tests/cts/fastpair/src/android/nearby/cts/NearbyManagerTest.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.BLUETOOTH_PRIVILEGED;
import static android.Manifest.permission.READ_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
import static android.nearby.PresenceCredential.IDENTITY_TYPE_PRIVATE;
import static android.nearby.ScanCallback.ERROR_UNSUPPORTED;
@@ -121,7 +122,7 @@
@Before
public void setUp() {
mUiAutomation.adoptShellPermissionIdentity(READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG,
- BLUETOOTH_PRIVILEGED);
+ WRITE_ALLOWLISTED_DEVICE_CONFIG, BLUETOOTH_PRIVILEGED);
String nameSpace = SdkLevel.isAtLeastU() ? DeviceConfig.NAMESPACE_NEARBY
: DeviceConfig.NAMESPACE_TETHERING;
DeviceConfig.setProperty(nameSpace,
diff --git a/nearby/tests/unit/src/com/android/server/nearby/NearbyConfigurationTest.java b/nearby/tests/unit/src/com/android/server/nearby/NearbyConfigurationTest.java
index 644e178..e0dfd31 100644
--- a/nearby/tests/unit/src/com/android/server/nearby/NearbyConfigurationTest.java
+++ b/nearby/tests/unit/src/com/android/server/nearby/NearbyConfigurationTest.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.READ_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_ENABLE_PRESENCE_BROADCAST_LEGACY;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_MAINLINE_NANO_APP_MIN_VERSION;
@@ -42,7 +43,8 @@
@Before
public void setUp() {
InstrumentationRegistry.getInstrumentation().getUiAutomation()
- .adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, READ_DEVICE_CONFIG);
+ .adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ READ_DEVICE_CONFIG);
}
@Test
diff --git a/nearby/tests/unit/src/com/android/server/nearby/NearbyServiceTest.java b/nearby/tests/unit/src/com/android/server/nearby/NearbyServiceTest.java
index 5b640cc..891e941 100644
--- a/nearby/tests/unit/src/com/android/server/nearby/NearbyServiceTest.java
+++ b/nearby/tests/unit/src/com/android/server/nearby/NearbyServiceTest.java
@@ -19,6 +19,7 @@
import static android.Manifest.permission.BLUETOOTH_PRIVILEGED;
import static android.Manifest.permission.READ_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_SUPPORT_TEST_APP;
@@ -71,7 +72,8 @@
when(mScanListener.asBinder()).thenReturn(mIBinder);
mUiAutomation.adoptShellPermissionIdentity(
- READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG, BLUETOOTH_PRIVILEGED);
+ READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ BLUETOOTH_PRIVILEGED);
mContext = InstrumentationRegistry.getInstrumentation().getContext();
mService = new NearbyService(mContext);
mScanRequest = createScanRequest();
diff --git a/nearby/tests/unit/src/com/android/server/nearby/managers/BroadcastProviderManagerTest.java b/nearby/tests/unit/src/com/android/server/nearby/managers/BroadcastProviderManagerTest.java
index 7ff7b13..faa32c0 100644
--- a/nearby/tests/unit/src/com/android/server/nearby/managers/BroadcastProviderManagerTest.java
+++ b/nearby/tests/unit/src/com/android/server/nearby/managers/BroadcastProviderManagerTest.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.READ_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_ENABLE_PRESENCE_BROADCAST_LEGACY;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_SUPPORT_TEST_APP;
@@ -88,7 +89,8 @@
@Before
public void setUp() {
when(mBroadcastListener.asBinder()).thenReturn(mBinder);
- mUiAutomation.adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, READ_DEVICE_CONFIG);
+ mUiAutomation.adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG,
+ WRITE_ALLOWLISTED_DEVICE_CONFIG, READ_DEVICE_CONFIG);
DeviceConfig.setProperty(
NAMESPACE, NEARBY_ENABLE_PRESENCE_BROADCAST_LEGACY, "true", false);
DeviceConfig.setProperty(
diff --git a/nearby/tests/unit/src/com/android/server/nearby/provider/ChreCommunicationTest.java b/nearby/tests/unit/src/com/android/server/nearby/provider/ChreCommunicationTest.java
index ce479c8..01028bf 100644
--- a/nearby/tests/unit/src/com/android/server/nearby/provider/ChreCommunicationTest.java
+++ b/nearby/tests/unit/src/com/android/server/nearby/provider/ChreCommunicationTest.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.READ_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_MAINLINE_NANO_APP_MIN_VERSION;
import static com.android.server.nearby.provider.ChreCommunication.INVALID_NANO_APP_VERSION;
@@ -76,7 +77,8 @@
@Before
public void setUp() {
InstrumentationRegistry.getInstrumentation().getUiAutomation()
- .adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, READ_DEVICE_CONFIG);
+ .adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ READ_DEVICE_CONFIG);
DeviceConfig.setProperty(
NAMESPACE, NEARBY_MAINLINE_NANO_APP_MIN_VERSION, "1", false);
diff --git a/nearby/tests/unit/src/com/android/server/nearby/provider/ChreDiscoveryProviderTest.java b/nearby/tests/unit/src/com/android/server/nearby/provider/ChreDiscoveryProviderTest.java
index 590a46e..7f391f1 100644
--- a/nearby/tests/unit/src/com/android/server/nearby/provider/ChreDiscoveryProviderTest.java
+++ b/nearby/tests/unit/src/com/android/server/nearby/provider/ChreDiscoveryProviderTest.java
@@ -18,6 +18,7 @@
import static android.Manifest.permission.READ_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static com.android.server.nearby.NearbyConfiguration.NEARBY_SUPPORT_TEST_APP;
@@ -84,7 +85,8 @@
@Before
public void setUp() {
InstrumentationRegistry.getInstrumentation().getUiAutomation()
- .adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, READ_DEVICE_CONFIG);
+ .adoptShellPermissionIdentity(WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ READ_DEVICE_CONFIG);
MockitoAnnotations.initMocks(this);
Context context = InstrumentationRegistry.getInstrumentation().getContext();
diff --git a/networksecurity/service/Android.bp b/networksecurity/service/Android.bp
index 52667ae..a41e6a0 100644
--- a/networksecurity/service/Android.bp
+++ b/networksecurity/service/Android.bp
@@ -32,6 +32,15 @@
"service-connectivity-pre-jarjar",
],
+ static_libs: [
+ "auto_value_annotations",
+ ],
+
+ plugins: [
+ "auto_value_plugin",
+ "auto_annotation_plugin",
+ ],
+
// This is included in service-connectivity which is 30+
// TODO (b/293613362): allow APEXes to have service jars with higher min_sdk than the APEX
// (service-connectivity is only used on 31+) and use 31 here
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
index 16f32c4..bd8f7b9 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyDownloader.java
@@ -15,11 +15,11 @@
*/
package com.android.server.net.ct;
-import android.annotation.NonNull;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
import android.annotation.RequiresApi;
import android.app.DownloadManager;
import android.content.BroadcastReceiver;
-import android.content.ContentResolver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
@@ -29,16 +29,14 @@
import androidx.annotation.VisibleForTesting;
+import com.android.server.net.ct.DownloadHelper.DownloadStatus;
+
+import org.json.JSONException;
+import org.json.JSONObject;
+
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
-import java.security.PublicKey;
-import java.security.Signature;
-import java.security.spec.X509EncodedKeySpec;
-import java.util.Base64;
-import java.util.Optional;
/** Helper class to download certificate transparency log files. */
@RequiresApi(Build.VERSION_CODES.VANILLA_ICE_CREAM)
@@ -49,30 +47,22 @@
private final Context mContext;
private final DataStore mDataStore;
private final DownloadHelper mDownloadHelper;
+ private final SignatureVerifier mSignatureVerifier;
private final CertificateTransparencyInstaller mInstaller;
- @NonNull private Optional<PublicKey> mPublicKey = Optional.empty();
-
- @VisibleForTesting
CertificateTransparencyDownloader(
Context context,
DataStore dataStore,
DownloadHelper downloadHelper,
+ SignatureVerifier signatureVerifier,
CertificateTransparencyInstaller installer) {
mContext = context;
+ mSignatureVerifier = signatureVerifier;
mDataStore = dataStore;
mDownloadHelper = downloadHelper;
mInstaller = installer;
}
- CertificateTransparencyDownloader(Context context, DataStore dataStore) {
- this(
- context,
- dataStore,
- new DownloadHelper(context),
- new CertificateTransparencyInstaller());
- }
-
void initialize() {
mInstaller.addCompatibilityVersion(Config.COMPATIBILITY_VERSION);
@@ -85,18 +75,14 @@
}
}
- void setPublicKey(String publicKey) throws GeneralSecurityException {
- mPublicKey =
- Optional.of(
- KeyFactory.getInstance("RSA")
- .generatePublic(
- new X509EncodedKeySpec(
- Base64.getDecoder().decode(publicKey))));
- }
-
- @VisibleForTesting
- void resetPublicKey() {
- mPublicKey = Optional.empty();
+ void startPublicKeyDownload(String publicKeyUrl) {
+ long downloadId = download(publicKeyUrl);
+ if (downloadId == -1) {
+ Log.e(TAG, "Metadata download request failed for " + publicKeyUrl);
+ return;
+ }
+ mDataStore.setPropertyLong(Config.PUBLIC_KEY_URL_KEY, downloadId);
+ mDataStore.store();
}
void startMetadataDownload(String metadataUrl) {
@@ -133,6 +119,11 @@
return;
}
+ if (isPublicKeyDownloadId(completedId)) {
+ handlePublicKeyDownloadCompleted(completedId);
+ return;
+ }
+
if (isMetadataDownloadId(completedId)) {
handleMetadataDownloadCompleted(completedId);
return;
@@ -143,23 +134,45 @@
return;
}
- Log.e(TAG, "Download id " + completedId + " is neither metadata nor content.");
+ Log.i(TAG, "Download id " + completedId + " is not recognized.");
}
- private void handleMetadataDownloadCompleted(long downloadId) {
- if (!mDownloadHelper.isSuccessful(downloadId)) {
- Log.w(TAG, "Metadata download failed.");
- // TODO: re-attempt download
+ private void handlePublicKeyDownloadCompleted(long downloadId) {
+ DownloadStatus status = mDownloadHelper.getDownloadStatus(downloadId);
+ if (!status.isSuccessful()) {
+ handleDownloadFailed(status);
return;
}
+ Uri publicKeyUri = getPublicKeyDownloadUri();
+ if (publicKeyUri == null) {
+ Log.e(TAG, "Invalid public key URI");
+ return;
+ }
+
+ try {
+ mSignatureVerifier.setPublicKeyFrom(publicKeyUri);
+ } catch (GeneralSecurityException | IOException | IllegalArgumentException e) {
+ Log.e(TAG, "Error setting the public Key", e);
+ return;
+ }
+
+ startMetadataDownload(mDataStore.getProperty(Config.METADATA_URL_PENDING));
+ }
+
+ private void handleMetadataDownloadCompleted(long downloadId) {
+ DownloadStatus status = mDownloadHelper.getDownloadStatus(downloadId);
+ if (!status.isSuccessful()) {
+ handleDownloadFailed(status);
+ return;
+ }
startContentDownload(mDataStore.getProperty(Config.CONTENT_URL_PENDING));
}
private void handleContentDownloadCompleted(long downloadId) {
- if (!mDownloadHelper.isSuccessful(downloadId)) {
- Log.w(TAG, "Content download failed.");
- // TODO: re-attempt download
+ DownloadStatus status = mDownloadHelper.getDownloadStatus(downloadId);
+ if (!status.isSuccessful()) {
+ handleDownloadFailed(status);
return;
}
@@ -172,7 +185,7 @@
boolean success = false;
try {
- success = verify(contentUri, metadataUri);
+ success = mSignatureVerifier.verify(contentUri, metadataUri);
} catch (IOException | GeneralSecurityException e) {
Log.e(TAG, "Could not verify new log list", e);
}
@@ -181,9 +194,16 @@
return;
}
- // TODO: validate file content.
+ String version = null;
+ try (InputStream inputStream = mContext.getContentResolver().openInputStream(contentUri)) {
+ version =
+ new JSONObject(new String(inputStream.readAllBytes(), UTF_8))
+ .getString("version");
+ } catch (JSONException | IOException e) {
+ Log.e(TAG, "Could not extract version from log list", e);
+ return;
+ }
- String version = mDataStore.getProperty(Config.VERSION_PENDING);
String contentUrl = mDataStore.getProperty(Config.CONTENT_URL_PENDING);
String metadataUrl = mDataStore.getProperty(Config.METADATA_URL_PENDING);
try (InputStream inputStream = mContext.getContentResolver().openInputStream(contentUri)) {
@@ -202,19 +222,9 @@
}
}
- private boolean verify(Uri file, Uri signature) throws IOException, GeneralSecurityException {
- if (!mPublicKey.isPresent()) {
- throw new InvalidKeyException("Missing public key for signature verification");
- }
- Signature verifier = Signature.getInstance("SHA256withRSA");
- verifier.initVerify(mPublicKey.get());
- ContentResolver contentResolver = mContext.getContentResolver();
-
- try (InputStream fileStream = contentResolver.openInputStream(file);
- InputStream signatureStream = contentResolver.openInputStream(signature)) {
- verifier.update(fileStream.readAllBytes());
- return verifier.verify(signatureStream.readAllBytes());
- }
+ private void handleDownloadFailed(DownloadStatus status) {
+ Log.e(TAG, "Download failed with " + status);
+ // TODO(378626065): Report failure via statsd.
}
private long download(String url) {
@@ -227,6 +237,11 @@
}
@VisibleForTesting
+ boolean isPublicKeyDownloadId(long downloadId) {
+ return mDataStore.getPropertyLong(Config.PUBLIC_KEY_URL_KEY, -1) == downloadId;
+ }
+
+ @VisibleForTesting
boolean isMetadataDownloadId(long downloadId) {
return mDataStore.getPropertyLong(Config.METADATA_URL_KEY, -1) == downloadId;
}
@@ -236,6 +251,10 @@
return mDataStore.getPropertyLong(Config.CONTENT_URL_KEY, -1) == downloadId;
}
+ private Uri getPublicKeyDownloadUri() {
+ return mDownloadHelper.getUri(mDataStore.getPropertyLong(Config.PUBLIC_KEY_URL_KEY, -1));
+ }
+
private Uri getMetadataDownloadUri() {
return mDownloadHelper.getUri(mDataStore.getPropertyLong(Config.METADATA_URL_KEY, -1));
}
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java
index 0ae982d..f359a2a 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyFlagsListener.java
@@ -16,7 +16,6 @@
package com.android.server.net.ct;
import android.annotation.RequiresApi;
-import android.content.Context;
import android.os.Build;
import android.provider.DeviceConfig;
import android.provider.DeviceConfig.Properties;
@@ -33,12 +32,16 @@
private static final String TAG = "CertificateTransparencyFlagsListener";
private final DataStore mDataStore;
+ private final SignatureVerifier mSignatureVerifier;
private final CertificateTransparencyDownloader mCertificateTransparencyDownloader;
- CertificateTransparencyFlagsListener(Context context) {
- mDataStore = new DataStore(Config.PREFERENCES_FILE);
- mCertificateTransparencyDownloader =
- new CertificateTransparencyDownloader(context, mDataStore);
+ CertificateTransparencyFlagsListener(
+ DataStore dataStore,
+ SignatureVerifier signatureVerifier,
+ CertificateTransparencyDownloader certificateTransparencyDownloader) {
+ mDataStore = dataStore;
+ mSignatureVerifier = signatureVerifier;
+ mCertificateTransparencyDownloader = certificateTransparencyDownloader;
}
void initialize() {
@@ -104,8 +107,8 @@
}
try {
- mCertificateTransparencyDownloader.setPublicKey(newPublicKey);
- } catch (GeneralSecurityException e) {
+ mSignatureVerifier.setPublicKey(newPublicKey);
+ } catch (GeneralSecurityException | IllegalArgumentException e) {
Log.e(TAG, "Error setting the public Key", e);
return;
}
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java
new file mode 100644
index 0000000..c5d0413
--- /dev/null
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyJob.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.server.net.ct;
+
+import android.annotation.RequiresApi;
+import android.app.AlarmManager;
+import android.app.PendingIntent;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.os.Build;
+import android.os.SystemClock;
+import android.util.Log;
+
+/** Implementation of the Certificate Transparency job */
+@RequiresApi(Build.VERSION_CODES.VANILLA_ICE_CREAM)
+public class CertificateTransparencyJob extends BroadcastReceiver {
+
+ private static final String TAG = "CertificateTransparencyJob";
+
+ private static final String ACTION_JOB_START = "com.android.server.net.ct.action.JOB_START";
+
+ private final Context mContext;
+ private final DataStore mDataStore;
+ private final CertificateTransparencyDownloader mCertificateTransparencyDownloader;
+ private final AlarmManager mAlarmManager;
+
+ /** Creates a new {@link CertificateTransparencyJob} object. */
+ public CertificateTransparencyJob(
+ Context context,
+ DataStore dataStore,
+ CertificateTransparencyDownloader certificateTransparencyDownloader) {
+ mContext = context;
+ mDataStore = dataStore;
+ mCertificateTransparencyDownloader = certificateTransparencyDownloader;
+ mAlarmManager = context.getSystemService(AlarmManager.class);
+ }
+
+ void initialize() {
+ mDataStore.load();
+ mCertificateTransparencyDownloader.initialize();
+
+ mContext.registerReceiver(
+ this, new IntentFilter(ACTION_JOB_START), Context.RECEIVER_EXPORTED);
+ mAlarmManager.setInexactRepeating(
+ AlarmManager.ELAPSED_REALTIME,
+ SystemClock.elapsedRealtime(), // schedule first job at earliest convenient time.
+ AlarmManager.INTERVAL_DAY,
+ PendingIntent.getBroadcast(
+ mContext, 0, new Intent(ACTION_JOB_START), PendingIntent.FLAG_IMMUTABLE));
+
+ if (Config.DEBUG) {
+ Log.d(TAG, "CertificateTransparencyJob scheduled successfully.");
+ }
+ }
+
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ if (!ACTION_JOB_START.equals(intent.getAction())) {
+ Log.w(TAG, "Received unexpected broadcast with action " + intent);
+ return;
+ }
+ if (Config.DEBUG) {
+ Log.d(TAG, "Starting CT daily job.");
+ }
+
+ mDataStore.setProperty(Config.CONTENT_URL_PENDING, Config.URL_LOG_LIST);
+ mDataStore.setProperty(Config.METADATA_URL_PENDING, Config.URL_SIGNATURE);
+ mDataStore.setProperty(Config.PUBLIC_KEY_URL_PENDING, Config.URL_PUBLIC_KEY);
+ mDataStore.store();
+
+ mCertificateTransparencyDownloader.startPublicKeyDownload(Config.URL_PUBLIC_KEY);
+ }
+}
diff --git a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
index edf7c56..92b2b09 100644
--- a/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
+++ b/networksecurity/service/src/com/android/server/net/ct/CertificateTransparencyService.java
@@ -29,6 +29,7 @@
public class CertificateTransparencyService extends ICertificateTransparencyManager.Stub {
private final CertificateTransparencyFlagsListener mFlagsListener;
+ private final CertificateTransparencyJob mCertificateTransparencyJob;
/**
* @return true if the CertificateTransparency service is enabled.
@@ -41,7 +42,21 @@
/** Creates a new {@link CertificateTransparencyService} object. */
public CertificateTransparencyService(Context context) {
- mFlagsListener = new CertificateTransparencyFlagsListener(context);
+ DataStore dataStore = new DataStore(Config.PREFERENCES_FILE);
+ DownloadHelper downloadHelper = new DownloadHelper(context);
+ SignatureVerifier signatureVerifier = new SignatureVerifier(context);
+ CertificateTransparencyDownloader downloader =
+ new CertificateTransparencyDownloader(
+ context,
+ dataStore,
+ downloadHelper,
+ signatureVerifier,
+ new CertificateTransparencyInstaller());
+
+ mFlagsListener =
+ new CertificateTransparencyFlagsListener(dataStore, signatureVerifier, downloader);
+ mCertificateTransparencyJob =
+ new CertificateTransparencyJob(context, dataStore, downloader);
}
/**
@@ -53,7 +68,11 @@
switch (phase) {
case SystemService.PHASE_BOOT_COMPLETED:
- mFlagsListener.initialize();
+ if (Flags.certificateTransparencyJob()) {
+ mCertificateTransparencyJob.initialize();
+ } else {
+ mFlagsListener.initialize();
+ }
break;
default:
}
diff --git a/networksecurity/service/src/com/android/server/net/ct/Config.java b/networksecurity/service/src/com/android/server/net/ct/Config.java
index 242f13a..ae30f3a 100644
--- a/networksecurity/service/src/com/android/server/net/ct/Config.java
+++ b/networksecurity/service/src/com/android/server/net/ct/Config.java
@@ -55,4 +55,13 @@
static final String METADATA_URL_PENDING = "metadata_url_pending";
static final String METADATA_URL = "metadata_url";
static final String METADATA_URL_KEY = "metadata_url_key";
+ static final String PUBLIC_KEY_URL_PENDING = "public_key_url_pending";
+ static final String PUBLIC_KEY_URL = "public_key_url";
+ static final String PUBLIC_KEY_URL_KEY = "public_key_url_key";
+
+ // URLs
+ static final String URL_BASE = "https://www.gstatic.com/android/certificate_transparency/";
+ static final String URL_LOG_LIST = URL_BASE + "log_list.json";
+ static final String URL_SIGNATURE = URL_BASE + "log_list.sig";
+ static final String URL_PUBLIC_KEY = URL_BASE + "log_list.pub";
}
diff --git a/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java b/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java
index e3b4124..ba42a82 100644
--- a/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java
+++ b/networksecurity/service/src/com/android/server/net/ct/DirectoryUtils.java
@@ -13,6 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
package com.android.server.net.ct;
import android.annotation.SuppressLint;
@@ -29,16 +30,33 @@
throw new IOException("Unable to make directory " + dir.getCanonicalPath());
}
setWorldReadable(dir);
+ // Needed for the log list file to be accessible.
+ setWorldExecutable(dir);
}
// CT files and directories are readable by all apps.
@SuppressLint("SetWorldReadable")
static void setWorldReadable(File file) throws IOException {
- if (!file.setReadable(true, false)) {
+ if (!file.setReadable(/* readable= */ true, /* ownerOnly= */ false)) {
throw new IOException("Failed to set " + file.getCanonicalPath() + " readable");
}
}
+ // CT directories are executable by all apps, to allow access to the log list by anything on the
+ // device.
+ static void setWorldExecutable(File file) throws IOException {
+ if (!file.isDirectory()) {
+ // Only directories need to be marked as executable to allow for access
+ // to the files inside.
+ // See https://www.redhat.com/en/blog/linux-file-permissions-explained for more details.
+ return;
+ }
+
+ if (!file.setExecutable(/* executable= */ true, /* ownerOnly= */ false)) {
+ throw new IOException("Failed to set " + file.getCanonicalPath() + " executable");
+ }
+ }
+
static boolean removeDir(File dir) {
return deleteContentsAndDir(dir);
}
diff --git a/networksecurity/service/src/com/android/server/net/ct/DownloadHelper.java b/networksecurity/service/src/com/android/server/net/ct/DownloadHelper.java
index cc8c4c0..5748416 100644
--- a/networksecurity/service/src/com/android/server/net/ct/DownloadHelper.java
+++ b/networksecurity/service/src/com/android/server/net/ct/DownloadHelper.java
@@ -24,6 +24,8 @@
import androidx.annotation.VisibleForTesting;
+import com.google.auto.value.AutoValue;
+
/** Class to handle downloads for Certificate Transparency. */
public class DownloadHelper {
@@ -53,25 +55,22 @@
}
/**
- * Returns true if the specified download completed successfully.
+ * Returns the status of the provided download id.
*
* @param downloadId the download.
- * @return true if the download completed successfully.
+ * @return {@link DownloadStatus} of the download.
*/
- public boolean isSuccessful(long downloadId) {
+ public DownloadStatus getDownloadStatus(long downloadId) {
+ DownloadStatus.Builder builder = DownloadStatus.builder().setDownloadId(downloadId);
try (Cursor cursor = mDownloadManager.query(new Query().setFilterById(downloadId))) {
- if (cursor == null) {
- return false;
- }
- if (cursor.moveToFirst()) {
- int status =
- cursor.getInt(cursor.getColumnIndexOrThrow(DownloadManager.COLUMN_STATUS));
- if (DownloadManager.STATUS_SUCCESSFUL == status) {
- return true;
- }
+ if (cursor != null && cursor.moveToFirst()) {
+ builder.setStatus(
+ cursor.getInt(cursor.getColumnIndexOrThrow(DownloadManager.COLUMN_STATUS)));
+ builder.setReason(
+ cursor.getInt(cursor.getColumnIndex(DownloadManager.COLUMN_REASON)));
}
}
- return false;
+ return builder.build();
}
/**
@@ -87,4 +86,58 @@
}
return mDownloadManager.getUriForDownloadedFile(downloadId);
}
+
+ /** A wrapper around the status and reason Ids returned by the {@link DownloadManager}. */
+ @AutoValue
+ public abstract static class DownloadStatus {
+
+ abstract long downloadId();
+
+ abstract int status();
+
+ abstract int reason();
+
+ boolean isSuccessful() {
+ return status() == DownloadManager.STATUS_SUCCESSFUL;
+ }
+
+ boolean isStorageError() {
+ int status = status();
+ int reason = reason();
+ return status == DownloadManager.STATUS_FAILED
+ && (reason == DownloadManager.ERROR_DEVICE_NOT_FOUND
+ || reason == DownloadManager.ERROR_FILE_ERROR
+ || reason == DownloadManager.ERROR_FILE_ALREADY_EXISTS
+ || reason == DownloadManager.ERROR_INSUFFICIENT_SPACE);
+ }
+
+ boolean isHttpError() {
+ int status = status();
+ int reason = reason();
+ return status == DownloadManager.STATUS_FAILED
+ && (reason == DownloadManager.ERROR_HTTP_DATA_ERROR
+ || reason == DownloadManager.ERROR_TOO_MANY_REDIRECTS
+ || reason == DownloadManager.ERROR_UNHANDLED_HTTP_CODE
+ // If an HTTP error occurred, reason will hold the HTTP status code.
+ || (400 <= reason && reason < 600));
+ }
+
+ @AutoValue.Builder
+ abstract static class Builder {
+ abstract Builder setDownloadId(long downloadId);
+
+ abstract Builder setStatus(int status);
+
+ abstract Builder setReason(int reason);
+
+ abstract DownloadStatus build();
+ }
+
+ static Builder builder() {
+ return new AutoValue_DownloadHelper_DownloadStatus.Builder()
+ .setDownloadId(-1)
+ .setStatus(-1)
+ .setReason(-1);
+ }
+ }
}
diff --git a/networksecurity/service/src/com/android/server/net/ct/SignatureVerifier.java b/networksecurity/service/src/com/android/server/net/ct/SignatureVerifier.java
new file mode 100644
index 0000000..0b775ca
--- /dev/null
+++ b/networksecurity/service/src/com/android/server/net/ct/SignatureVerifier.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.server.net.ct;
+
+import android.annotation.NonNull;
+import android.annotation.RequiresApi;
+import android.content.ContentResolver;
+import android.content.Context;
+import android.net.Uri;
+import android.os.Build;
+
+import androidx.annotation.VisibleForTesting;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.Base64;
+import java.util.Optional;
+
+/** Verifier of the log list signature. */
+@RequiresApi(Build.VERSION_CODES.VANILLA_ICE_CREAM)
+public class SignatureVerifier {
+
+ private final Context mContext;
+
+ @NonNull private Optional<PublicKey> mPublicKey = Optional.empty();
+
+ public SignatureVerifier(Context context) {
+ mContext = context;
+ }
+
+ @VisibleForTesting
+ Optional<PublicKey> getPublicKey() {
+ return mPublicKey;
+ }
+
+ void resetPublicKey() {
+ mPublicKey = Optional.empty();
+ }
+
+ void setPublicKeyFrom(Uri file) throws GeneralSecurityException, IOException {
+ try (InputStream fileStream = mContext.getContentResolver().openInputStream(file)) {
+ setPublicKey(new String(fileStream.readAllBytes()));
+ }
+ }
+
+ void setPublicKey(String publicKey) throws GeneralSecurityException {
+ setPublicKey(
+ KeyFactory.getInstance("RSA")
+ .generatePublic(
+ new X509EncodedKeySpec(Base64.getDecoder().decode(publicKey))));
+ }
+
+ @VisibleForTesting
+ void setPublicKey(PublicKey publicKey) {
+ mPublicKey = Optional.of(publicKey);
+ }
+
+ boolean verify(Uri file, Uri signature) throws GeneralSecurityException, IOException {
+ if (!mPublicKey.isPresent()) {
+ throw new InvalidKeyException("Missing public key for signature verification");
+ }
+ Signature verifier = Signature.getInstance("SHA256withRSA");
+ verifier.initVerify(mPublicKey.get());
+ ContentResolver contentResolver = mContext.getContentResolver();
+
+ try (InputStream fileStream = contentResolver.openInputStream(file);
+ InputStream signatureStream = contentResolver.openInputStream(signature)) {
+ verifier.update(fileStream.readAllBytes());
+ return verifier.verify(signatureStream.readAllBytes());
+ }
+ }
+}
diff --git a/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java b/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
index df02446..87d75e6 100644
--- a/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
+++ b/networksecurity/tests/unit/src/com/android/server/net/ct/CertificateTransparencyDownloaderTest.java
@@ -18,12 +18,14 @@
import static com.google.common.truth.Truth.assertThat;
import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.times;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
+import static java.nio.charset.StandardCharsets.UTF_8;
+
import android.app.DownloadManager;
import android.content.Context;
import android.content.Intent;
@@ -31,6 +33,10 @@
import androidx.test.platform.app.InstrumentationRegistry;
+import com.android.server.net.ct.DownloadHelper.DownloadStatus;
+
+import org.json.JSONException;
+import org.json.JSONObject;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -65,8 +71,11 @@
private Context mContext;
private File mTempFile;
private DataStore mDataStore;
+ private SignatureVerifier mSignatureVerifier;
private CertificateTransparencyDownloader mCertificateTransparencyDownloader;
+ private long mNextDownloadId = 666;
+
@Before
public void setUp() throws IOException, GeneralSecurityException {
MockitoAnnotations.initMocks(this);
@@ -80,23 +89,37 @@
mTempFile = File.createTempFile("datastore-test", ".properties");
mDataStore = new DataStore(mTempFile);
mDataStore.load();
+ mSignatureVerifier = new SignatureVerifier(mContext);
mCertificateTransparencyDownloader =
new CertificateTransparencyDownloader(
- mContext, mDataStore, mDownloadHelper, mCertificateTransparencyInstaller);
+ mContext,
+ mDataStore,
+ mDownloadHelper,
+ mSignatureVerifier,
+ mCertificateTransparencyInstaller);
}
@After
public void tearDown() {
mTempFile.delete();
- mCertificateTransparencyDownloader.resetPublicKey();
+ mSignatureVerifier.resetPublicKey();
+ }
+
+ @Test
+ public void testDownloader_startPublicKeyDownload() {
+ String publicKeyUrl = "http://test-public-key.org";
+ long downloadId = preparePublicKeyDownload(publicKeyUrl);
+
+ assertThat(mCertificateTransparencyDownloader.isPublicKeyDownloadId(downloadId)).isFalse();
+ mCertificateTransparencyDownloader.startPublicKeyDownload(publicKeyUrl);
+ assertThat(mCertificateTransparencyDownloader.isPublicKeyDownloadId(downloadId)).isTrue();
}
@Test
public void testDownloader_startMetadataDownload() {
String metadataUrl = "http://test-metadata.org";
- long downloadId = 666;
- when(mDownloadHelper.startDownload(metadataUrl)).thenReturn(downloadId);
+ long downloadId = prepareMetadataDownload(metadataUrl);
assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(downloadId)).isFalse();
mCertificateTransparencyDownloader.startMetadataDownload(metadataUrl);
@@ -106,8 +129,7 @@
@Test
public void testDownloader_startContentDownload() {
String contentUrl = "http://test-content.org";
- long downloadId = 666;
- when(mDownloadHelper.startDownload(contentUrl)).thenReturn(downloadId);
+ long downloadId = prepareContentDownload(contentUrl);
assertThat(mCertificateTransparencyDownloader.isContentDownloadId(downloadId)).isFalse();
mCertificateTransparencyDownloader.startContentDownload(contentUrl);
@@ -115,16 +137,65 @@
}
@Test
- public void testDownloader_handleMetadataCompleteSuccessful() {
- long metadataId = 123;
- mDataStore.setPropertyLong(Config.METADATA_URL_KEY, metadataId);
- when(mDownloadHelper.isSuccessful(metadataId)).thenReturn(true);
+ public void testDownloader_publicKeyDownloadSuccess_updatePublicKey_startMetadataDownload()
+ throws Exception {
+ long publicKeyId = prepareSuccessfulPublicKeyDownload(writePublicKeyToFile(mPublicKey));
+ long metadataId = prepareMetadataDownload("http://test-metadata.org");
- long contentId = 666;
- String contentUrl = "http://test-content.org";
- mDataStore.setProperty(Config.CONTENT_URL_PENDING, contentUrl);
- when(mDownloadHelper.startDownload(contentUrl)).thenReturn(contentId);
+ assertThat(mSignatureVerifier.getPublicKey()).isEmpty();
+ assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(metadataId)).isFalse();
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(publicKeyId));
+ assertThat(mSignatureVerifier.getPublicKey()).hasValue(mPublicKey);
+ assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(metadataId)).isTrue();
+ }
+
+ @Test
+ public void
+ testDownloader_publicKeyDownloadSuccess_updatePublicKeyFail_doNotStartMetadataDownload()
+ throws Exception {
+ long publicKeyId =
+ prepareSuccessfulPublicKeyDownload(
+ writeToFile("i_am_not_a_base64_encoded_public_key".getBytes()));
+ long metadataId = prepareMetadataDownload("http://test-metadata.org");
+
+ assertThat(mSignatureVerifier.getPublicKey()).isEmpty();
+ assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(metadataId)).isFalse();
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(publicKeyId));
+
+ assertThat(mSignatureVerifier.getPublicKey()).isEmpty();
+ assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(metadataId)).isFalse();
+ verify(mDownloadHelper, never()).startDownload(anyString());
+ }
+
+ @Test
+ public void testDownloader_publicKeyDownloadFail_doNotUpdatePublicKey() throws Exception {
+ long publicKeyId =
+ prepareFailedPublicKeyDownload(
+ // Failure cases where we give up on the download.
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ DownloadManager.ERROR_HTTP_DATA_ERROR);
+ Intent downloadCompleteIntent = makeDownloadCompleteIntent(publicKeyId);
+ long metadataId = prepareMetadataDownload("http://test-metadata.org");
+
+ assertThat(mSignatureVerifier.getPublicKey()).isEmpty();
+ assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(metadataId)).isFalse();
+ mCertificateTransparencyDownloader.onReceive(mContext, downloadCompleteIntent);
+ mCertificateTransparencyDownloader.onReceive(mContext, downloadCompleteIntent);
+
+ assertThat(mSignatureVerifier.getPublicKey()).isEmpty();
+ assertThat(mCertificateTransparencyDownloader.isMetadataDownloadId(metadataId)).isFalse();
+ verify(mDownloadHelper, never()).startDownload(anyString());
+ }
+
+ @Test
+ public void testDownloader_metadataDownloadSuccess_startContentDownload() {
+ long metadataId = prepareSuccessfulMetadataDownload(new File("log_list.sig"));
+ long contentId = prepareContentDownload("http://test-content.org");
+
+ assertThat(mCertificateTransparencyDownloader.isContentDownloadId(contentId)).isFalse();
mCertificateTransparencyDownloader.onReceive(
mContext, makeDownloadCompleteIntent(metadataId));
@@ -132,115 +203,167 @@
}
@Test
- public void testDownloader_handleMetadataCompleteFailed() {
- long metadataId = 123;
- mDataStore.setPropertyLong(Config.METADATA_URL_KEY, metadataId);
- when(mDownloadHelper.isSuccessful(metadataId)).thenReturn(false);
+ public void testDownloader_metadataDownloadFail_doNotStartContentDownload() {
+ long metadataId =
+ prepareFailedMetadataDownload(
+ // Failure cases where we give up on the download.
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ DownloadManager.ERROR_HTTP_DATA_ERROR);
+ Intent downloadCompleteIntent = makeDownloadCompleteIntent(metadataId);
+ long contentId = prepareContentDownload("http://test-content.org");
- String contentUrl = "http://test-content.org";
- mDataStore.setProperty(Config.CONTENT_URL_PENDING, contentUrl);
+ assertThat(mCertificateTransparencyDownloader.isContentDownloadId(contentId)).isFalse();
+ mCertificateTransparencyDownloader.onReceive(mContext, downloadCompleteIntent);
+ mCertificateTransparencyDownloader.onReceive(mContext, downloadCompleteIntent);
+
+ assertThat(mCertificateTransparencyDownloader.isContentDownloadId(contentId)).isFalse();
+ verify(mDownloadHelper, never()).startDownload(anyString());
+ }
+
+ @Test
+ public void testDownloader_contentDownloadSuccess_installSuccess_updateDataStore()
+ throws Exception {
+ String newVersion = "456";
+ File logListFile = makeLogListFile(newVersion);
+ File metadataFile = sign(logListFile);
+ mSignatureVerifier.setPublicKey(mPublicKey);
+ prepareSuccessfulMetadataDownload(metadataFile);
+ long contentId = prepareSuccessfulContentDownload(logListFile);
+ when(mCertificateTransparencyInstaller.install(
+ eq(Config.COMPATIBILITY_VERSION), any(), anyString()))
+ .thenReturn(true);
+
+ assertNoVersionIsInstalled();
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(contentId));
+
+ assertInstallSuccessful(newVersion);
+ }
+
+ @Test
+ public void testDownloader_contentDownloadFail_doNotInstall() throws Exception {
+ long contentId =
+ prepareFailedContentDownload(
+ // Failure cases where we give up on the download.
+ DownloadManager.ERROR_INSUFFICIENT_SPACE,
+ DownloadManager.ERROR_HTTP_DATA_ERROR);
+ Intent downloadCompleteIntent = makeDownloadCompleteIntent(contentId);
+
+ mCertificateTransparencyDownloader.onReceive(mContext, downloadCompleteIntent);
+ mCertificateTransparencyDownloader.onReceive(mContext, downloadCompleteIntent);
+
+ verify(mCertificateTransparencyInstaller, never()).install(any(), any(), any());
+ assertNoVersionIsInstalled();
+ }
+
+ @Test
+ public void testDownloader_contentDownloadSuccess_installFail_doNotUpdateDataStore()
+ throws Exception {
+ File logListFile = makeLogListFile("456");
+ File metadataFile = sign(logListFile);
+ mSignatureVerifier.setPublicKey(mPublicKey);
+ prepareSuccessfulMetadataDownload(metadataFile);
+ long contentId = prepareSuccessfulContentDownload(logListFile);
+ when(mCertificateTransparencyInstaller.install(
+ eq(Config.COMPATIBILITY_VERSION), any(), anyString()))
+ .thenReturn(false);
+
+ assertNoVersionIsInstalled();
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(contentId));
+
+ assertNoVersionIsInstalled();
+ }
+
+ @Test
+ public void testDownloader_contentDownloadSuccess_verificationFail_doNotInstall()
+ throws Exception {
+ File logListFile = makeLogListFile("456");
+ File metadataFile = File.createTempFile("log_list-wrong_metadata", "sig");
+ mSignatureVerifier.setPublicKey(mPublicKey);
+ prepareSuccessfulMetadataDownload(metadataFile);
+ long contentId = prepareSuccessfulContentDownload(logListFile);
+
+ assertNoVersionIsInstalled();
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(contentId));
+
+ verify(mCertificateTransparencyInstaller, never())
+ .install(eq(Config.COMPATIBILITY_VERSION), any(), anyString());
+ assertNoVersionIsInstalled();
+ }
+
+ @Test
+ public void testDownloader_contentDownloadSuccess_missingVerificationPublicKey_doNotInstall()
+ throws Exception {
+ File logListFile = makeLogListFile("456");
+ File metadataFile = sign(logListFile);
+ mSignatureVerifier.resetPublicKey();
+ prepareSuccessfulMetadataDownload(metadataFile);
+ long contentId = prepareSuccessfulContentDownload(logListFile);
+
+ assertNoVersionIsInstalled();
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(contentId));
+
+ verify(mCertificateTransparencyInstaller, never())
+ .install(eq(Config.COMPATIBILITY_VERSION), any(), anyString());
+ assertNoVersionIsInstalled();
+ }
+
+ @Test
+ public void testDownloader_endToEndSuccess_installNewVersion() throws Exception {
+ String newVersion = "456";
+ File logListFile = makeLogListFile(newVersion);
+ File metadataFile = sign(logListFile);
+ File publicKeyFile = writePublicKeyToFile(mPublicKey);
+
+ assertNoVersionIsInstalled();
+
+ // 1. Start download of public key.
+ String publicKeyUrl = "http://test-public-key.org";
+ long publicKeyId = preparePublicKeyDownload(publicKeyUrl);
+
+ mCertificateTransparencyDownloader.startPublicKeyDownload(publicKeyUrl);
+
+ // 2. On successful public key download, set the key and start the metatadata download.
+ setSuccessfulDownload(publicKeyId, publicKeyFile);
+ long metadataId = prepareMetadataDownload("http://test-metadata.org");
+
+ mCertificateTransparencyDownloader.onReceive(
+ mContext, makeDownloadCompleteIntent(publicKeyId));
+
+ // 3. On successful metadata download, start the content download.
+ setSuccessfulDownload(metadataId, metadataFile);
+ long contentId = prepareContentDownload("http://test-content.org");
mCertificateTransparencyDownloader.onReceive(
mContext, makeDownloadCompleteIntent(metadataId));
- verify(mDownloadHelper, never()).startDownload(contentUrl);
- }
-
- @Test
- public void testDownloader_handleContentCompleteInstallSuccessful() throws Exception {
- String version = "666";
- long contentId = 666;
- File logListFile = File.createTempFile("log_list", "json");
- Uri contentUri = Uri.fromFile(logListFile);
- long metadataId = 123;
- File metadataFile = sign(logListFile);
- Uri metadataUri = Uri.fromFile(metadataFile);
- mCertificateTransparencyDownloader.setPublicKey(
- Base64.getEncoder().encodeToString(mPublicKey.getEncoded()));
-
- setUpDownloadComplete(version, metadataId, metadataUri, contentId, contentUri);
+ // 4. On successful content download, verify the signature and install the new version.
+ setSuccessfulDownload(contentId, logListFile);
when(mCertificateTransparencyInstaller.install(
- eq(Config.COMPATIBILITY_VERSION), any(), eq(version)))
+ eq(Config.COMPATIBILITY_VERSION), any(), anyString()))
.thenReturn(true);
- assertThat(mDataStore.getProperty(Config.VERSION)).isNull();
- assertThat(mDataStore.getProperty(Config.CONTENT_URL)).isNull();
- assertThat(mDataStore.getProperty(Config.METADATA_URL)).isNull();
-
mCertificateTransparencyDownloader.onReceive(
mContext, makeDownloadCompleteIntent(contentId));
- verify(mCertificateTransparencyInstaller, times(1))
- .install(eq(Config.COMPATIBILITY_VERSION), any(), eq(version));
+ assertInstallSuccessful(newVersion);
+ }
+
+ private void assertNoVersionIsInstalled() {
+ assertThat(mDataStore.getProperty(Config.VERSION)).isNull();
+ assertThat(mDataStore.getProperty(Config.CONTENT_URL)).isNull();
+ assertThat(mDataStore.getProperty(Config.METADATA_URL)).isNull();
+ }
+
+ private void assertInstallSuccessful(String version) {
assertThat(mDataStore.getProperty(Config.VERSION)).isEqualTo(version);
- assertThat(mDataStore.getProperty(Config.CONTENT_URL)).isEqualTo(contentUri.toString());
- assertThat(mDataStore.getProperty(Config.METADATA_URL)).isEqualTo(metadataUri.toString());
- }
-
- @Test
- public void testDownloader_handleContentCompleteInstallFails() throws Exception {
- String version = "666";
- long contentId = 666;
- File logListFile = File.createTempFile("log_list", "json");
- Uri contentUri = Uri.fromFile(logListFile);
- long metadataId = 123;
- File metadataFile = sign(logListFile);
- Uri metadataUri = Uri.fromFile(metadataFile);
-
- setUpDownloadComplete(version, metadataId, metadataUri, contentId, contentUri);
- when(mCertificateTransparencyInstaller.install(
- eq(Config.COMPATIBILITY_VERSION), any(), eq(version)))
- .thenReturn(false);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeDownloadCompleteIntent(contentId));
-
- assertThat(mDataStore.getProperty(Config.VERSION)).isNull();
- assertThat(mDataStore.getProperty(Config.CONTENT_URL)).isNull();
- assertThat(mDataStore.getProperty(Config.METADATA_URL)).isNull();
- }
-
- @Test
- public void testDownloader_handleContentCompleteVerificationFails() throws IOException {
- String version = "666";
- long contentId = 666;
- Uri contentUri = Uri.fromFile(File.createTempFile("log_list", "json"));
- long metadataId = 123;
- Uri metadataUri = Uri.fromFile(File.createTempFile("log_list-wrong_metadata", "sig"));
-
- setUpDownloadComplete(version, metadataId, metadataUri, contentId, contentUri);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeDownloadCompleteIntent(contentId));
-
- verify(mCertificateTransparencyInstaller, never())
- .install(eq(Config.COMPATIBILITY_VERSION), any(), eq(version));
- assertThat(mDataStore.getProperty(Config.VERSION)).isNull();
- assertThat(mDataStore.getProperty(Config.CONTENT_URL)).isNull();
- assertThat(mDataStore.getProperty(Config.METADATA_URL)).isNull();
- }
-
- @Test
- public void testDownloader_handleContentCompleteMissingVerificationPublicKey()
- throws Exception {
- String version = "666";
- long contentId = 666;
- File logListFile = File.createTempFile("log_list", "json");
- Uri contentUri = Uri.fromFile(logListFile);
- long metadataId = 123;
- File metadataFile = sign(logListFile);
- Uri metadataUri = Uri.fromFile(metadataFile);
-
- setUpDownloadComplete(version, metadataId, metadataUri, contentId, contentUri);
-
- mCertificateTransparencyDownloader.onReceive(
- mContext, makeDownloadCompleteIntent(contentId));
-
- verify(mCertificateTransparencyInstaller, never())
- .install(eq(Config.COMPATIBILITY_VERSION), any(), eq(version));
- assertThat(mDataStore.getProperty(Config.VERSION)).isNull();
- assertThat(mDataStore.getProperty(Config.CONTENT_URL)).isNull();
- assertThat(mDataStore.getProperty(Config.METADATA_URL)).isNull();
+ assertThat(mDataStore.getProperty(Config.CONTENT_URL))
+ .isEqualTo(mDataStore.getProperty(Config.CONTENT_URL_PENDING));
+ assertThat(mDataStore.getProperty(Config.METADATA_URL))
+ .isEqualTo(mDataStore.getProperty(Config.METADATA_URL_PENDING));
}
private Intent makeDownloadCompleteIntent(long downloadId) {
@@ -248,19 +371,135 @@
.putExtra(DownloadManager.EXTRA_DOWNLOAD_ID, downloadId);
}
- private void setUpDownloadComplete(
- String version, long metadataId, Uri metadataUri, long contentId, Uri contentUri)
- throws IOException {
- mDataStore.setProperty(Config.VERSION_PENDING, version);
+ private long prepareDownloadId(String url) {
+ long downloadId = mNextDownloadId++;
+ when(mDownloadHelper.startDownload(url)).thenReturn(downloadId);
+ return downloadId;
+ }
- mDataStore.setPropertyLong(Config.METADATA_URL_KEY, metadataId);
- mDataStore.setProperty(Config.METADATA_URL_PENDING, metadataUri.toString());
- when(mDownloadHelper.getUri(metadataId)).thenReturn(metadataUri);
+ private long preparePublicKeyDownload(String url) {
+ long downloadId = prepareDownloadId(url);
+ mDataStore.setProperty(Config.PUBLIC_KEY_URL_PENDING, url);
+ return downloadId;
+ }
- mDataStore.setPropertyLong(Config.CONTENT_URL_KEY, contentId);
- mDataStore.setProperty(Config.CONTENT_URL_PENDING, contentUri.toString());
- when(mDownloadHelper.isSuccessful(contentId)).thenReturn(true);
- when(mDownloadHelper.getUri(contentId)).thenReturn(contentUri);
+ private long prepareMetadataDownload(String url) {
+ long downloadId = prepareDownloadId(url);
+ mDataStore.setProperty(Config.METADATA_URL_PENDING, url);
+ return downloadId;
+ }
+
+ private long prepareContentDownload(String url) {
+ long downloadId = prepareDownloadId(url);
+ mDataStore.setProperty(Config.CONTENT_URL_PENDING, url);
+ return downloadId;
+ }
+
+ private long prepareSuccessfulDownload(String propertyKey) {
+ long downloadId = mNextDownloadId++;
+ mDataStore.setPropertyLong(propertyKey, downloadId);
+ when(mDownloadHelper.getDownloadStatus(downloadId))
+ .thenReturn(makeSuccessfulDownloadStatus(downloadId));
+ return downloadId;
+ }
+
+ private long prepareSuccessfulDownload(String propertyKey, File file) {
+ long downloadId = prepareSuccessfulDownload(propertyKey);
+ when(mDownloadHelper.getUri(downloadId)).thenReturn(Uri.fromFile(file));
+ return downloadId;
+ }
+
+ private long prepareSuccessfulPublicKeyDownload(File file) {
+ long downloadId = prepareSuccessfulDownload(Config.PUBLIC_KEY_URL_KEY, file);
+ mDataStore.setProperty(
+ Config.METADATA_URL_PENDING, "http://public-key-was-downloaded-here.org");
+ return downloadId;
+ }
+
+ private long prepareSuccessfulMetadataDownload(File file) {
+ long downloadId = prepareSuccessfulDownload(Config.METADATA_URL_KEY, file);
+ mDataStore.setProperty(
+ Config.METADATA_URL_PENDING, "http://metadata-was-downloaded-here.org");
+ return downloadId;
+ }
+
+ private long prepareSuccessfulContentDownload(File file) {
+ long downloadId = prepareSuccessfulDownload(Config.CONTENT_URL_KEY, file);
+ mDataStore.setProperty(
+ Config.CONTENT_URL_PENDING, "http://content-was-downloaded-here.org");
+ return downloadId;
+ }
+
+ private void setSuccessfulDownload(long downloadId, File file) {
+ when(mDownloadHelper.getDownloadStatus(downloadId))
+ .thenReturn(makeSuccessfulDownloadStatus(downloadId));
+ when(mDownloadHelper.getUri(downloadId)).thenReturn(Uri.fromFile(file));
+ }
+
+ private long prepareFailedDownload(String propertyKey, int... downloadManagerErrors) {
+ long downloadId = mNextDownloadId++;
+ mDataStore.setPropertyLong(propertyKey, downloadId);
+ DownloadStatus firstError =
+ DownloadStatus.builder()
+ .setDownloadId(downloadId)
+ .setStatus(DownloadManager.STATUS_FAILED)
+ .setReason(downloadManagerErrors[0])
+ .build();
+ DownloadStatus[] otherErrors = new DownloadStatus[downloadManagerErrors.length - 1];
+ for (int i = 1; i < downloadManagerErrors.length; i++) {
+ otherErrors[i - 1] =
+ DownloadStatus.builder()
+ .setDownloadId(downloadId)
+ .setStatus(DownloadManager.STATUS_FAILED)
+ .setReason(downloadManagerErrors[i])
+ .build();
+ }
+ when(mDownloadHelper.getDownloadStatus(downloadId)).thenReturn(firstError, otherErrors);
+ return downloadId;
+ }
+
+ private long prepareFailedPublicKeyDownload(int... downloadManagerErrors) {
+ return prepareFailedDownload(Config.PUBLIC_KEY_URL_KEY, downloadManagerErrors);
+ }
+
+ private long prepareFailedMetadataDownload(int... downloadManagerErrors) {
+ return prepareFailedDownload(Config.METADATA_URL_KEY, downloadManagerErrors);
+ }
+
+ private long prepareFailedContentDownload(int... downloadManagerErrors) {
+ return prepareFailedDownload(Config.CONTENT_URL_KEY, downloadManagerErrors);
+ }
+
+ private DownloadStatus makeSuccessfulDownloadStatus(long downloadId) {
+ return DownloadStatus.builder()
+ .setDownloadId(downloadId)
+ .setStatus(DownloadManager.STATUS_SUCCESSFUL)
+ .build();
+ }
+
+ private File writePublicKeyToFile(PublicKey publicKey)
+ throws IOException, GeneralSecurityException {
+ return writeToFile(Base64.getEncoder().encode(publicKey.getEncoded()));
+ }
+
+ private File writeToFile(byte[] bytes) throws IOException, GeneralSecurityException {
+ File file = File.createTempFile("temp_file", "tmp");
+
+ try (OutputStream outputStream = new FileOutputStream(file)) {
+ outputStream.write(bytes);
+ }
+
+ return file;
+ }
+
+ private File makeLogListFile(String version) throws IOException, JSONException {
+ File logListFile = File.createTempFile("log_list", "json");
+
+ try (OutputStream outputStream = new FileOutputStream(logListFile)) {
+ outputStream.write(new JSONObject().put("version", version).toString().getBytes(UTF_8));
+ }
+
+ return logListFile;
}
private File sign(File file) throws IOException, GeneralSecurityException {
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsInetAddressRecord.java b/service-t/src/com/android/server/connectivity/mdns/MdnsInetAddressRecord.java
index 4399f2d..3eae3c7 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsInetAddressRecord.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsInetAddressRecord.java
@@ -18,8 +18,6 @@
import android.annotation.Nullable;
-import androidx.annotation.VisibleForTesting;
-
import java.io.IOException;
import java.net.Inet4Address;
import java.net.Inet6Address;
@@ -29,7 +27,6 @@
import java.util.Objects;
/** An mDNS "AAAA" or "A" record, which holds an IPv6 or IPv4 address. */
-@VisibleForTesting(otherwise = VisibleForTesting.PACKAGE_PRIVATE)
public class MdnsInetAddressRecord extends MdnsRecord {
@Nullable private Inet6Address inet6Address;
@Nullable private Inet4Address inet4Address;
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsPointerRecord.java b/service-t/src/com/android/server/connectivity/mdns/MdnsPointerRecord.java
index 39bf653..e8f5e71 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsPointerRecord.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsPointerRecord.java
@@ -18,15 +18,12 @@
import android.annotation.Nullable;
-import androidx.annotation.VisibleForTesting;
-
import com.android.net.module.util.DnsUtils;
import java.io.IOException;
import java.util.Arrays;
/** An mDNS "PTR" record, which holds a name (the "pointer"). */
-@VisibleForTesting(otherwise = VisibleForTesting.PACKAGE_PRIVATE)
public class MdnsPointerRecord extends MdnsRecord {
private String[] pointer;
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsQueryScheduler.java b/service-t/src/com/android/server/connectivity/mdns/MdnsQueryScheduler.java
index e52dd2f..356b738 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsQueryScheduler.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsQueryScheduler.java
@@ -107,7 +107,7 @@
final QueryTaskConfig nextRunConfig = currentConfig.getConfigForNextRun(queryMode);
long timeToRun;
if (mLastScheduledQueryTaskArgs == null && !forceEnableBackoff) {
- timeToRun = now + nextRunConfig.delayBeforeTaskWithoutBackoffMs;
+ timeToRun = now + nextRunConfig.getDelayBeforeTaskWithoutBackoff();
} else {
timeToRun = calculateTimeToRun(mLastScheduledQueryTaskArgs,
nextRunConfig, now, minRemainingTtl, lastSentTime, numOfQueriesBeforeBackoff,
@@ -133,7 +133,7 @@
private static long calculateTimeToRun(@Nullable ScheduledQueryTaskArgs taskArgs,
QueryTaskConfig queryTaskConfig, long now, long minRemainingTtl, long lastSentTime,
int numOfQueriesBeforeBackoff, boolean forceEnableBackoff) {
- final long baseDelayInMs = queryTaskConfig.delayBeforeTaskWithoutBackoffMs;
+ final long baseDelayInMs = queryTaskConfig.getDelayBeforeTaskWithoutBackoff();
if (!(forceEnableBackoff
|| queryTaskConfig.shouldUseQueryBackoff(numOfQueriesBeforeBackoff))) {
return lastSentTime + baseDelayInMs;
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsServiceRecord.java b/service-t/src/com/android/server/connectivity/mdns/MdnsServiceRecord.java
index fd716d2..907e2ff 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsServiceRecord.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsServiceRecord.java
@@ -18,8 +18,6 @@
import android.annotation.Nullable;
-import androidx.annotation.VisibleForTesting;
-
import com.android.net.module.util.DnsUtils;
import java.io.IOException;
@@ -28,7 +26,6 @@
import java.util.Objects;
/** An mDNS "SRV" record, which contains service information. */
-@VisibleForTesting(otherwise = VisibleForTesting.PACKAGE_PRIVATE)
public class MdnsServiceRecord extends MdnsRecord {
public static final int PROTO_NONE = 0;
public static final int PROTO_TCP = 1;
diff --git a/service-t/src/com/android/server/connectivity/mdns/MdnsTextRecord.java b/service-t/src/com/android/server/connectivity/mdns/MdnsTextRecord.java
index 77d1d7a..2b3ebf9 100644
--- a/service-t/src/com/android/server/connectivity/mdns/MdnsTextRecord.java
+++ b/service-t/src/com/android/server/connectivity/mdns/MdnsTextRecord.java
@@ -18,8 +18,6 @@
import android.annotation.Nullable;
-import androidx.annotation.VisibleForTesting;
-
import com.android.server.connectivity.mdns.MdnsServiceInfo.TextEntry;
import java.io.IOException;
@@ -29,7 +27,6 @@
import java.util.Objects;
/** An mDNS "TXT" record, which contains a list of {@link TextEntry}. */
-@VisibleForTesting(otherwise = VisibleForTesting.PACKAGE_PRIVATE)
public class MdnsTextRecord extends MdnsRecord {
private List<TextEntry> entries;
diff --git a/service-t/src/com/android/server/connectivity/mdns/QueryTaskConfig.java b/service-t/src/com/android/server/connectivity/mdns/QueryTaskConfig.java
index 4e74159..dd4073f 100644
--- a/service-t/src/com/android/server/connectivity/mdns/QueryTaskConfig.java
+++ b/service-t/src/com/android/server/connectivity/mdns/QueryTaskConfig.java
@@ -52,118 +52,124 @@
final int transactionId;
@VisibleForTesting
final boolean expectUnicastResponse;
- private final int queriesPerBurst;
- private final int timeBetweenBurstsInMs;
- private final int burstCounter;
- final long delayBeforeTaskWithoutBackoffMs;
- private final boolean isFirstBurst;
- private final long queryIndex;
+ private final int queryIndex;
+ private final int queryMode;
- QueryTaskConfig(long queryIndex, int transactionId,
- boolean expectUnicastResponse, boolean isFirstBurst, int burstCounter,
- int queriesPerBurst, int timeBetweenBurstsInMs,
- long delayBeforeTaskWithoutBackoffMs) {
+ QueryTaskConfig(int queryMode, int queryIndex, int transactionId,
+ boolean expectUnicastResponse) {
+ this.queryMode = queryMode;
this.transactionId = transactionId;
- this.expectUnicastResponse = expectUnicastResponse;
- this.queriesPerBurst = queriesPerBurst;
- this.timeBetweenBurstsInMs = timeBetweenBurstsInMs;
- this.burstCounter = burstCounter;
- this.delayBeforeTaskWithoutBackoffMs = delayBeforeTaskWithoutBackoffMs;
- this.isFirstBurst = isFirstBurst;
this.queryIndex = queryIndex;
+ this.expectUnicastResponse = expectUnicastResponse;
}
QueryTaskConfig(int queryMode) {
- this.queriesPerBurst = QUERIES_PER_BURST;
- this.burstCounter = 0;
- this.transactionId = 1;
- this.expectUnicastResponse = true;
- this.isFirstBurst = true;
- // Config the scan frequency based on the scan mode.
- if (queryMode == AGGRESSIVE_QUERY_MODE) {
- this.timeBetweenBurstsInMs = INITIAL_AGGRESSIVE_TIME_BETWEEN_BURSTS_MS;
- this.delayBeforeTaskWithoutBackoffMs =
- TIME_BETWEEN_RETRANSMISSION_QUERIES_IN_BURST_MS;
- } else if (queryMode == PASSIVE_QUERY_MODE) {
- // In passive scan mode, sends a single burst of QUERIES_PER_BURST queries, and then
- // in each TIME_BETWEEN_BURSTS interval, sends QUERIES_PER_BURST_PASSIVE_MODE
- // queries.
- this.timeBetweenBurstsInMs = MAX_TIME_BETWEEN_ACTIVE_PASSIVE_BURSTS_MS;
- this.delayBeforeTaskWithoutBackoffMs = TIME_BETWEEN_QUERIES_IN_BURST_MS;
- } else {
- // In active scan mode, sends a burst of QUERIES_PER_BURST queries,
- // TIME_BETWEEN_QUERIES_IN_BURST_MS apart, then waits for the scan interval, and
- // then repeats. The scan interval starts as INITIAL_TIME_BETWEEN_BURSTS_MS and
- // doubles until it maxes out at TIME_BETWEEN_BURSTS_MS.
- this.timeBetweenBurstsInMs = INITIAL_TIME_BETWEEN_BURSTS_MS;
- this.delayBeforeTaskWithoutBackoffMs = TIME_BETWEEN_QUERIES_IN_BURST_MS;
- }
- this.queryIndex = 0;
+ this(queryMode, 0, 1, true);
}
- long getDelayBeforeNextTaskWithoutBackoff(boolean isFirstQueryInBurst,
- boolean isLastQueryInBurst, int queryMode) {
- if (isFirstQueryInBurst && queryMode == AGGRESSIVE_QUERY_MODE) {
- return 0;
+ private static int getBurstIndex(int queryIndex, int queryMode) {
+ if (queryMode == PASSIVE_QUERY_MODE && queryIndex >= QUERIES_PER_BURST) {
+ // In passive mode, after the first burst of QUERIES_PER_BURST queries, subsequent
+ // bursts have QUERIES_PER_BURST_PASSIVE_MODE queries.
+ final int queryIndexAfterFirstBurst = queryIndex - QUERIES_PER_BURST;
+ return 1 + (queryIndexAfterFirstBurst / QUERIES_PER_BURST_PASSIVE_MODE);
+ } else {
+ return queryIndex / QUERIES_PER_BURST;
}
- if (isLastQueryInBurst) {
- return timeBetweenBurstsInMs;
+ }
+
+ private static int getQueryIndexInBurst(int queryIndex, int queryMode) {
+ if (queryMode == PASSIVE_QUERY_MODE && queryIndex >= QUERIES_PER_BURST) {
+ final int queryIndexAfterFirstBurst = queryIndex - QUERIES_PER_BURST;
+ return queryIndexAfterFirstBurst % QUERIES_PER_BURST_PASSIVE_MODE;
+ } else {
+ return queryIndex % QUERIES_PER_BURST;
+ }
+ }
+
+ private static boolean isFirstBurst(int queryIndex, int queryMode) {
+ return getBurstIndex(queryIndex, queryMode) == 0;
+ }
+
+ private static boolean isFirstQueryInBurst(int queryIndex, int queryMode) {
+ return getQueryIndexInBurst(queryIndex, queryMode) == 0;
+ }
+
+ // TODO: move delay calculations to MdnsQueryScheduler
+ long getDelayBeforeTaskWithoutBackoff() {
+ return getDelayBeforeTaskWithoutBackoff(queryIndex, queryMode);
+ }
+
+ private static long getDelayBeforeTaskWithoutBackoff(int queryIndex, int queryMode) {
+ final int burstIndex = getBurstIndex(queryIndex, queryMode);
+ final int queryIndexInBurst = getQueryIndexInBurst(queryIndex, queryMode);
+ if (queryIndexInBurst == 0) {
+ return getTimeToBurstMs(burstIndex, queryMode);
+ } else if (queryIndexInBurst == 1 && queryMode == AGGRESSIVE_QUERY_MODE) {
+ // In aggressive mode, the first 2 queries are sent without delay.
+ return 0;
}
return queryMode == AGGRESSIVE_QUERY_MODE
? TIME_BETWEEN_RETRANSMISSION_QUERIES_IN_BURST_MS
: TIME_BETWEEN_QUERIES_IN_BURST_MS;
}
- boolean getNextExpectUnicastResponse(boolean isLastQueryInBurst, int queryMode) {
- if (!isLastQueryInBurst) {
- return false;
- }
+ private boolean getExpectUnicastResponse(int queryIndex, int queryMode) {
if (queryMode == AGGRESSIVE_QUERY_MODE) {
- return true;
+ if (isFirstQueryInBurst(queryIndex, queryMode)) {
+ return true;
+ }
}
return alwaysAskForUnicastResponse;
}
- int getNextTimeBetweenBurstsMs(boolean isLastQueryInBurst, int queryMode) {
- if (!isLastQueryInBurst) {
- return timeBetweenBurstsInMs;
+ /**
+ * Shifts a value left by the specified number of bits, coercing to at most maxValue.
+ *
+ * <p>This allows calculating min(value*2^shift, maxValue) without overflow.
+ */
+ private static int boundedLeftShift(int value, int shift, int maxValue) {
+ // There must be at least one leading zero for positive values, so the maximum left shift
+ // without overflow is the number of leading zeros minus one.
+ final int maxShift = Integer.numberOfLeadingZeros(value) - 1;
+ if (shift > maxShift) {
+ // The shift would overflow positive integers, so is greater than maxValue.
+ return maxValue;
}
- final int maxTimeBetweenBursts = queryMode == AGGRESSIVE_QUERY_MODE
- ? MAX_TIME_BETWEEN_AGGRESSIVE_BURSTS_MS : MAX_TIME_BETWEEN_ACTIVE_PASSIVE_BURSTS_MS;
- return Math.min(timeBetweenBurstsInMs * 2, maxTimeBetweenBursts);
+ return Math.min(value << shift, maxValue);
+ }
+
+ private static int getTimeToBurstMs(int burstIndex, int queryMode) {
+ if (burstIndex == 0) {
+ // No delay before the first burst
+ return 0;
+ }
+ switch (queryMode) {
+ case PASSIVE_QUERY_MODE:
+ return MAX_TIME_BETWEEN_ACTIVE_PASSIVE_BURSTS_MS;
+ case AGGRESSIVE_QUERY_MODE:
+ return boundedLeftShift(INITIAL_AGGRESSIVE_TIME_BETWEEN_BURSTS_MS,
+ burstIndex - 1,
+ MAX_TIME_BETWEEN_AGGRESSIVE_BURSTS_MS);
+ default: // ACTIVE_QUERY_MODE
+ return boundedLeftShift(INITIAL_TIME_BETWEEN_BURSTS_MS,
+ burstIndex - 1,
+ MAX_TIME_BETWEEN_ACTIVE_PASSIVE_BURSTS_MS);
+ }
}
/**
* Get new QueryTaskConfig for next run.
*/
public QueryTaskConfig getConfigForNextRun(int queryMode) {
- long newQueryCount = queryIndex + 1;
+ final int newQueryIndex = queryIndex + 1;
int newTransactionId = transactionId + 1;
if (newTransactionId > UNSIGNED_SHORT_MAX_VALUE) {
newTransactionId = 1;
}
- int newQueriesPerBurst = queriesPerBurst;
- int newBurstCounter = burstCounter + 1;
- final boolean isFirstQueryInBurst = newBurstCounter == 1;
- final boolean isLastQueryInBurst = newBurstCounter == queriesPerBurst;
- boolean newIsFirstBurst = isFirstBurst && !isLastQueryInBurst;
- if (isLastQueryInBurst) {
- newBurstCounter = 0;
- // In passive scan mode, sends a single burst of QUERIES_PER_BURST queries, and
- // then in each TIME_BETWEEN_BURSTS interval, sends QUERIES_PER_BURST_PASSIVE_MODE
- // queries.
- if (isFirstBurst && queryMode == PASSIVE_QUERY_MODE) {
- newQueriesPerBurst = QUERIES_PER_BURST_PASSIVE_MODE;
- }
- }
-
- return new QueryTaskConfig(newQueryCount, newTransactionId,
- getNextExpectUnicastResponse(isLastQueryInBurst, queryMode), newIsFirstBurst,
- newBurstCounter, newQueriesPerBurst,
- getNextTimeBetweenBurstsMs(isLastQueryInBurst, queryMode),
- getDelayBeforeNextTaskWithoutBackoff(
- isFirstQueryInBurst, isLastQueryInBurst, queryMode));
+ return new QueryTaskConfig(queryMode, newQueryIndex, newTransactionId,
+ getExpectUnicastResponse(newQueryIndex, queryMode));
}
/**
@@ -171,7 +177,7 @@
*/
public boolean shouldUseQueryBackoff(int numOfQueriesBeforeBackoff) {
// Don't enable backoff mode during the burst or in the first burst
- if (burstCounter != 0 || isFirstBurst) {
+ if (!isFirstQueryInBurst(queryIndex, queryMode) || isFirstBurst(queryIndex, queryMode)) {
return false;
}
return queryIndex > numOfQueriesBeforeBackoff;
diff --git a/service/Android.bp b/service/Android.bp
index 567c079..fd3d4a3 100644
--- a/service/Android.bp
+++ b/service/Android.bp
@@ -90,7 +90,6 @@
static_libs: [
"libnet_utils_device_common_bpfjni",
"libnet_utils_device_common_bpfutils",
- "libnet_utils_device_common_timerfdjni",
],
shared_libs: [
"liblog",
@@ -126,6 +125,7 @@
"libmodules-utils-build",
"libnetjniutils",
"libnet_utils_device_common_bpfjni",
+ "libnet_utils_device_common_timerfdjni",
"netd_aidl_interface-lateststable-ndk",
],
shared_libs: [
diff --git a/service/ServiceConnectivityResources/res/values-sw/strings.xml b/service/ServiceConnectivityResources/res/values-sw/strings.xml
index 29ec013..9ff9ada 100644
--- a/service/ServiceConnectivityResources/res/values-sw/strings.xml
+++ b/service/ServiceConnectivityResources/res/values-sw/strings.xml
@@ -25,7 +25,7 @@
<string name="mobile_network_available_no_internet" msgid="1000871587359324217">"Hakuna intaneti"</string>
<string name="mobile_network_available_no_internet_detailed" msgid="5438738723127062816">"Huenda data ya <xliff:g id="NETWORK_CARRIER">%1$s</xliff:g> imeisha. Gusa ili upate chaguo."</string>
<string name="mobile_network_available_no_internet_detailed_unknown_carrier" msgid="5375681117265354337">"Huenda data yako imeisha. Gusa ili upate chaguo."</string>
- <string name="wifi_no_internet" msgid="1326348603404555475">"<xliff:g id="NETWORK_SSID">%1$s</xliff:g> haina uwezo wa kufikia intaneti"</string>
+ <string name="wifi_no_internet" msgid="1326348603404555475">"<xliff:g id="NETWORK_SSID">%1$s</xliff:g> haina intaneti"</string>
<string name="wifi_no_internet_detailed" msgid="1746921096565304090">"Gusa ili upate chaguo"</string>
<string name="mobile_no_internet" msgid="4087718456753201450">"Mtandao wa simu hauna uwezo wa kufikia intaneti"</string>
<string name="other_networks_no_internet" msgid="5693932964749676542">"Mtandao hauna uwezo wa kufikia intaneti"</string>
diff --git a/service/jni/onload.cpp b/service/jni/onload.cpp
index bb70d4f..8e01260 100644
--- a/service/jni/onload.cpp
+++ b/service/jni/onload.cpp
@@ -26,6 +26,8 @@
int register_android_server_net_NetworkStatsFactory(JNIEnv* env);
int register_android_server_net_NetworkStatsService(JNIEnv* env);
int register_com_android_server_ServiceManagerWrapper(JNIEnv* env);
+int register_com_android_net_module_util_TimerFdUtils(JNIEnv *env,
+ char const *class_name);
extern "C" jint JNI_OnLoad(JavaVM* vm, void*) {
JNIEnv *env;
@@ -56,6 +58,12 @@
}
}
+ if (register_com_android_net_module_util_TimerFdUtils(
+ env, "android/net/connectivity/com/android/net/module/util/"
+ "TimerFdUtils") < 0) {
+ return JNI_ERR;
+ }
+
return JNI_VERSION_1_6;
}
diff --git a/service/libconnectivity/Android.bp b/service/libconnectivity/Android.bp
index 3a72134..9bfe3a9 100644
--- a/service/libconnectivity/Android.bp
+++ b/service/libconnectivity/Android.bp
@@ -42,6 +42,7 @@
],
llndk: {
symbol_file: "libconnectivity_native.map.txt",
+ moved_to_apex: true,
},
stubs: {
symbol_file: "libconnectivity_native.map.txt",
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
old mode 100755
new mode 100644
index 9015434..0d0f6fc
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -5551,7 +5551,7 @@
}
// Delayed teardown.
- if (nai.isCreated()) {
+ if (nai.isCreated() && !nai.isDestroyed()) {
try {
mNetd.networkSetPermissionForNetwork(nai.network.netId, INetd.PERMISSION_SYSTEM);
} catch (RemoteException e) {
diff --git a/staticlibs/Android.bp b/staticlibs/Android.bp
index f484027..b4a3b8a 100644
--- a/staticlibs/Android.bp
+++ b/staticlibs/Android.bp
@@ -32,6 +32,8 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
+// This library shouldn't be used anymore (no class should be added), and per-user libraries like
+// net-utils-service-connectivity or net-utils-framework-wifi should be used instead.
java_library {
name: "net-utils-device-common",
srcs: [
@@ -725,3 +727,34 @@
],
apex_available: ["com.android.wifi"],
}
+
+genrule {
+ name: "statslog-framework-connectivity-java-gen",
+ tools: ["stats-log-api-gen"],
+ cmd: "$(location stats-log-api-gen) --java $(out) --module connectivity --javaPackage com.android.net.module.util --javaClass FrameworkConnectivityStatsLog",
+ out: ["com/android/net/module/util/FrameworkConnectivityStatsLog.java"],
+}
+
+java_library {
+ name: "net-utils-service-vcn",
+ sdk_version: "module_current",
+ min_sdk_version: "30",
+ srcs: [
+ "device/com/android/net/module/util/HandlerUtils.java",
+ ],
+ libs: [
+ "framework-annotations-lib",
+ ],
+ visibility: [
+ // TODO: b/374174952 Remove it when VCN modularization is released
+ "//frameworks/base/packages/Vcn/service-b",
+
+ "//packages/modules/Connectivity/service-b",
+ ],
+ apex_available: [
+ // TODO: b/374174952 Remove it when VCN modularization is released
+ "//apex_available:platform",
+
+ "com.android.tethering",
+ ],
+}
diff --git a/staticlibs/device/com/android/net/module/util/TimerFdUtils.java b/staticlibs/device/com/android/net/module/util/TimerFdUtils.java
new file mode 100644
index 0000000..310dbc9
--- /dev/null
+++ b/staticlibs/device/com/android/net/module/util/TimerFdUtils.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.net.module.util;
+
+import android.os.Process;
+import android.util.Log;
+
+import java.io.IOException;
+
+/**
+ * Contains mostly timerfd functionality.
+ */
+public class TimerFdUtils {
+ static {
+ if (Process.myUid() == Process.SYSTEM_UID) {
+ // This library is part of service-connectivity.jar when in the system server,
+ // so libservice-connectivity.so is the library to load.
+ System.loadLibrary("service-connectivity");
+ } else {
+ System.loadLibrary(JniUtil.getJniLibraryName(TimerFdUtils.class.getPackage()));
+ }
+ }
+
+ private static final String TAG = TimerFdUtils.class.getSimpleName();
+
+ /**
+ * Create a timerfd.
+ *
+ * @throws IOException if the timerfd creation is failed.
+ */
+ private static native int createTimerFd() throws IOException;
+
+ /**
+ * Set given time to the timerfd.
+ *
+ * @param timeMs target time
+ * @throws IOException if setting expiration time is failed.
+ */
+ private static native void setTime(int fd, long timeMs) throws IOException;
+
+ /**
+ * Create a timerfd
+ */
+ static int createTimerFileDescriptor() {
+ try {
+ return createTimerFd();
+ } catch (IOException e) {
+ Log.e(TAG, "createTimerFd failed", e);
+ return -1;
+ }
+ }
+
+ /**
+ * Set expiration time to timerfd
+ */
+ static boolean setExpirationTime(int id, long expirationTimeMs) {
+ try {
+ setTime(id, expirationTimeMs);
+ } catch (IOException e) {
+ Log.e(TAG, "setExpirationTime failed", e);
+ return false;
+ }
+ return true;
+ }
+}
diff --git a/staticlibs/framework/com/android/net/module/util/DnsPacket.java b/staticlibs/framework/com/android/net/module/util/DnsPacket.java
index 63106a1..b0c5e2e 100644
--- a/staticlibs/framework/com/android/net/module/util/DnsPacket.java
+++ b/staticlibs/framework/com/android/net/module/util/DnsPacket.java
@@ -50,7 +50,7 @@
*
* @hide
*/
-public abstract class DnsPacket {
+public class DnsPacket {
/**
* Type of the canonical name for an alias. Refer to RFC 1035 section 3.2.2.
*/
@@ -515,7 +515,14 @@
protected final DnsHeader mHeader;
protected final List<DnsRecord>[] mRecords;
- protected DnsPacket(@NonNull byte[] data) throws ParseException {
+ /**
+ * Returns the list of DNS records for a given section.
+ */
+ public List<DnsRecord> getRecords(@RecordType int section) {
+ return mRecords[section];
+ }
+
+ public DnsPacket(@NonNull byte[] data) throws ParseException {
if (null == data) {
throw new ParseException("Parse header failed, null input data");
}
@@ -548,7 +555,7 @@
*
* Note that authority records section and additional records section is not supported.
*/
- protected DnsPacket(@NonNull DnsHeader header, @NonNull List<DnsRecord> qd,
+ public DnsPacket(@NonNull DnsHeader header, @NonNull List<DnsRecord> qd,
@NonNull List<DnsRecord> an) {
mHeader = Objects.requireNonNull(header);
mRecords = new List[NUM_SECTIONS];
diff --git a/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java b/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java
index f1ff2e4..5d588cc 100644
--- a/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java
+++ b/staticlibs/framework/com/android/net/module/util/NetworkStackConstants.java
@@ -100,6 +100,15 @@
public static final int IPV4_ADDR_LEN = 4;
public static final int IPV4_FLAG_MF = 0x2000;
public static final int IPV4_FLAG_DF = 0x4000;
+ public static final int IPV4_PROTOCOL_IGMP = 2;
+ public static final int IPV4_IGMP_MIN_SIZE = 8;
+ public static final int IPV4_IGMP_GROUP_RECORD_SIZE = 8;
+ public static final int IPV4_IGMP_TYPE_V1_REPORT = 0x12;
+ public static final int IPV4_IGMP_TYPE_V2_JOIN_REPORT = 0x16;
+ public static final int IPV4_IGMP_TYPE_V2_LEAVE_REPORT = 0x17;
+ public static final int IPV4_IGMP_TYPE_V3_REPORT = 0x22;
+ public static final int IPV4_OPTION_TYPE_ROUTER_ALERT = 0x94;
+ public static final int IPV4_OPTION_LEN_ROUTER_ALERT = 4;
// getSockOpt() for v4 MTU
public static final int IP_MTU = 14;
public static final Inet4Address IPV4_ADDR_ALL = makeInet4Address(
diff --git a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
index 0d7d96f..0fa91d5 100644
--- a/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
+++ b/staticlibs/framework/com/android/net/module/util/PermissionUtils.java
@@ -192,6 +192,8 @@
/**
* Enforces that the given package name belongs to the given uid.
+ * Note: b/377758490 - Figure out how to correct this to avoid mis-usage.
+ * Meanwhile, avoid calling this method from the networkstack.
*
* @param context {@link android.content.Context} for the process.
* @param uid User ID to check the package ownership for.
diff --git a/staticlibs/native/bpfmapjni/Android.bp b/staticlibs/native/bpfmapjni/Android.bp
index 969ebd4..9a58a93 100644
--- a/staticlibs/native/bpfmapjni/Android.bp
+++ b/staticlibs/native/bpfmapjni/Android.bp
@@ -26,6 +26,7 @@
header_libs: [
"bpf_headers",
"jni_headers",
+ "libbase_headers",
],
shared_libs: [
"liblog",
diff --git a/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp b/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
index 1923ceb..d862f6b 100644
--- a/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
+++ b/staticlibs/native/bpfmapjni/com_android_net_module_util_BpfMap.cpp
@@ -24,37 +24,38 @@
#include "nativehelper/scoped_primitive_array.h"
#include "nativehelper/scoped_utf_chars.h"
-#define BPF_FD_JUST_USE_INT
+#include <android-base/unique_fd.h>
#include "BpfSyscallWrappers.h"
-
#include "bpf/KernelUtils.h"
namespace android {
+using ::android::base::unique_fd;
+
static jint com_android_net_module_util_BpfMap_nativeBpfFdGet(JNIEnv *env, jclass clazz,
jstring path, jint mode, jint keySize, jint valueSize) {
ScopedUtfChars pathname(env, path);
- jint fd = -1;
+ unique_fd fd;
switch (mode) {
case 0:
- fd = bpf::mapRetrieveRW(pathname.c_str());
+ fd.reset(bpf::mapRetrieveRW(pathname.c_str()));
break;
case BPF_F_RDONLY:
- fd = bpf::mapRetrieveRO(pathname.c_str());
+ fd.reset(bpf::mapRetrieveRO(pathname.c_str()));
break;
case BPF_F_WRONLY:
- fd = bpf::mapRetrieveWO(pathname.c_str());
+ fd.reset(bpf::mapRetrieveWO(pathname.c_str()));
break;
case BPF_F_RDONLY|BPF_F_WRONLY:
- fd = bpf::mapRetrieveExclusiveRW(pathname.c_str());
+ fd.reset(bpf::mapRetrieveExclusiveRW(pathname.c_str()));
break;
default:
errno = EINVAL;
break;
}
- if (fd < 0) {
+ if (!fd.ok()) {
jniThrowErrnoException(env, "nativeBpfFdGet", errno);
return -1;
}
@@ -62,18 +63,16 @@
if (bpf::isAtLeastKernelVersion(4, 14, 0)) {
// These likely fail with -1 and set errno to EINVAL on <4.14
if (bpf::bpfGetFdKeySize(fd) != keySize) {
- close(fd);
jniThrowErrnoException(env, "nativeBpfFdGet KeySize", EBADFD);
return -1;
}
if (bpf::bpfGetFdValueSize(fd) != valueSize) {
- close(fd);
jniThrowErrnoException(env, "nativeBpfFdGet ValueSize", EBADFD);
return -1;
}
}
- return fd;
+ return fd.release();
}
static void com_android_net_module_util_BpfMap_nativeWriteToMapEntry(JNIEnv *env, jobject self,
diff --git a/staticlibs/testutils/Android.bp b/staticlibs/testutils/Android.bp
index f4ed9e4..2a26ef8 100644
--- a/staticlibs/testutils/Android.bp
+++ b/staticlibs/testutils/Android.bp
@@ -97,11 +97,7 @@
"general-tests",
"cts",
"mts-networking",
- "mcts-networking",
"mts-tethering",
- "mcts-tethering",
- "mcts-wifi",
- "mcts-dnsresolver",
],
device_common_data: [":ConnectivityTestPreparer"],
}
diff --git a/staticlibs/testutils/app/connectivitychecker/src/com/android/testutils/connectivitypreparer/CarrierConfigSetupTest.kt b/staticlibs/testutils/app/connectivitychecker/src/com/android/testutils/connectivitypreparer/CarrierConfigSetupTest.kt
index 46e511e..78b34a8 100644
--- a/staticlibs/testutils/app/connectivitychecker/src/com/android/testutils/connectivitypreparer/CarrierConfigSetupTest.kt
+++ b/staticlibs/testutils/app/connectivitychecker/src/com/android/testutils/connectivitypreparer/CarrierConfigSetupTest.kt
@@ -123,7 +123,13 @@
"""telephony/com\.android\.internal\.telephony\.flags\.force_iwlan_mms:""" +
""".*ENABLED \(system\)""")
ParcelFileDescriptor.AutoCloseInputStream(
- uiAutomation.executeShellCommand("printflags")).bufferedReader().use { reader ->
+ // If the command fails (for example if printflags is missing) this will return false
+ // and the IWLAN disable will be skipped, which should be fine at it only helps with
+ // flakiness.
+ // This uses "sh -c" to cover that case as if "printflags" is used directly and the
+ // binary is missing, the remote end will crash and the InputStream EOF is never
+ // reached, so the read would hang.
+ uiAutomation.executeShellCommand("sh -c printflags")).bufferedReader().use { reader ->
return reader.lines().anyMatch {
it.contains(flagEnabledRegex)
}
diff --git a/staticlibs/testutils/devicetests/com/android/testutils/ConnectivityDiagnosticsCollector.kt b/staticlibs/testutils/devicetests/com/android/testutils/ConnectivityDiagnosticsCollector.kt
index ea86281..9e63910 100644
--- a/staticlibs/testutils/devicetests/com/android/testutils/ConnectivityDiagnosticsCollector.kt
+++ b/staticlibs/testutils/devicetests/com/android/testutils/ConnectivityDiagnosticsCollector.kt
@@ -76,11 +76,13 @@
private const val MAX_DUMPS = 20
private val TAG = ConnectivityDiagnosticsCollector::class.simpleName
+ @JvmStatic
var instance: ConnectivityDiagnosticsCollector? = null
}
private var failureHeader: String? = null
private val buffer = ByteArrayOutputStream()
+ private val failureHeaderExtras = mutableMapOf<String, Any>()
private val collectorDir: File by lazy {
createAndEmptyDirectory(COLLECTOR_DIR)
}
@@ -218,6 +220,8 @@
val canUseShell = !isAtLeastS() ||
instr.uiAutomation.getAdoptedShellPermissions().isNullOrEmpty()
val headerObj = JSONObject()
+ failureHeaderExtras.forEach { (k, v) -> headerObj.put(k, v) }
+ failureHeaderExtras.clear()
if (canUseShell) {
runAsShell(READ_PRIVILEGED_PHONE_STATE, NETWORK_SETTINGS) {
headerObj.apply {
@@ -332,6 +336,15 @@
}
}
+ /**
+ * Add a key->value attribute to the failure data, to be written to the diagnostics file.
+ *
+ * <p>This is to be called by tests that know they will fail.
+ */
+ fun addFailureAttribute(key: String, value: Any) {
+ failureHeaderExtras[key] = value
+ }
+
private fun maybeWriteExceptionContext(writer: PrintWriter, exceptionContext: Throwable?) {
if (exceptionContext == null) return
writer.println("At: ")
diff --git a/staticlibs/testutils/devicetests/com/android/testutils/DeviceConfigRule.kt b/staticlibs/testutils/devicetests/com/android/testutils/DeviceConfigRule.kt
index 785e55a..044b410 100644
--- a/staticlibs/testutils/devicetests/com/android/testutils/DeviceConfigRule.kt
+++ b/staticlibs/testutils/devicetests/com/android/testutils/DeviceConfigRule.kt
@@ -18,6 +18,7 @@
import android.Manifest.permission.READ_DEVICE_CONFIG
import android.Manifest.permission.WRITE_DEVICE_CONFIG
+import android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG
import android.provider.DeviceConfig
import android.util.Log
import com.android.modules.utils.build.SdkLevel
@@ -87,7 +88,7 @@
}
throw e
} cleanupStep {
- runAsShell(WRITE_DEVICE_CONFIG) {
+ runAsShell(WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG) {
originalConfig.forEach { (key, value) ->
Log.i(TAG, "Resetting config \"${key.second}\" to \"$value\"")
DeviceConfig.setProperty(
@@ -116,7 +117,8 @@
*/
fun setConfig(namespace: String, key: String, value: String?): String? {
Log.i(TAG, "Setting config \"$key\" to \"$value\"")
- val readWritePermissions = arrayOf(READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG)
+ val readWritePermissions =
+ arrayOf(READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG)
val keyPair = Pair(namespace, key)
val existingValue = runAsShell(*readWritePermissions) {
diff --git a/tests/common/Android.bp b/tests/common/Android.bp
index bb1009b..60a02fb 100644
--- a/tests/common/Android.bp
+++ b/tests/common/Android.bp
@@ -147,6 +147,7 @@
// meaning @hide APIs in framework-connectivity are resolved before @SystemApi
// stubs in framework
"framework-connectivity.impl",
+ "framework-connectivity-b.impl",
"framework-connectivity-t.impl",
"framework-tethering.impl",
"framework",
diff --git a/tests/cts/hostside/aidl/Android.bp b/tests/cts/hostside/aidl/Android.bp
index 31924f0..ca3e77f 100644
--- a/tests/cts/hostside/aidl/Android.bp
+++ b/tests/cts/hostside/aidl/Android.bp
@@ -19,8 +19,7 @@
java_test_helper_library {
name: "CtsHostsideNetworkTestsAidl",
- sdk_version: "current",
- min_sdk_version: "30",
+ sdk_version: "system_current",
srcs: [
"com/android/cts/net/hostside/*.aidl",
"com/android/cts/net/hostside/*.java",
diff --git a/tests/cts/hostside/aidl/com/android/cts/net/hostside/ITetheringHelper.aidl b/tests/cts/hostside/aidl/com/android/cts/net/hostside/ITetheringHelper.aidl
new file mode 100644
index 0000000..a9f5ed4
--- /dev/null
+++ b/tests/cts/hostside/aidl/com/android/cts/net/hostside/ITetheringHelper.aidl
@@ -0,0 +1,23 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.net.hostside;
+
+import android.net.TetheringInterface;
+
+interface ITetheringHelper {
+ TetheringInterface getTetheredWifiInterface();
+}
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/TetheringHelperClient.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/TetheringHelperClient.java
new file mode 100644
index 0000000..5f5ebb0
--- /dev/null
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/TetheringHelperClient.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.net.hostside;
+
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.ServiceConnection;
+import android.net.TetheringInterface;
+import android.os.ConditionVariable;
+import android.os.IBinder;
+import android.os.RemoteException;
+
+public class TetheringHelperClient {
+ private static final int TIMEOUT_MS = 5000;
+ private static final String PACKAGE = TetheringHelperClient.class.getPackage().getName();
+ private static final String APP2_PACKAGE = PACKAGE + ".app2";
+ private static final String SERVICE_NAME = APP2_PACKAGE + ".TetheringHelperService";
+
+ private Context mContext;
+ private ServiceConnection mServiceConnection;
+ private ITetheringHelper mService;
+
+ public TetheringHelperClient(Context context) {
+ mContext = context;
+ }
+
+ /**
+ * Binds to TetheringHelperService.
+ */
+ public void bind() {
+ if (mService != null) {
+ throw new IllegalStateException("Already bound");
+ }
+
+ final ConditionVariable cv = new ConditionVariable();
+ mServiceConnection = new ServiceConnection() {
+ @Override
+ public void onServiceConnected(ComponentName name, IBinder service) {
+ mService = ITetheringHelper.Stub.asInterface(service);
+ cv.open();
+ }
+ @Override
+ public void onServiceDisconnected(ComponentName name) {
+ mService = null;
+ }
+ };
+
+ final Intent intent = new Intent();
+ intent.setComponent(new ComponentName(APP2_PACKAGE, SERVICE_NAME));
+ mContext.bindService(intent, mServiceConnection, Context.BIND_AUTO_CREATE);
+ cv.block(TIMEOUT_MS);
+ if (mService == null) {
+ throw new IllegalStateException(
+ "Could not bind to TetheringHelperService after " + TIMEOUT_MS + "ms");
+ }
+ }
+
+ /**
+ * Unbinds from TetheringHelperService.
+ */
+ public void unbind() {
+ if (mService != null) {
+ mContext.unbindService(mServiceConnection);
+ }
+ }
+
+ /**
+ * Returns the tethered Wifi interface as seen from TetheringHelperService.
+ */
+ public TetheringInterface getTetheredWifiInterface() throws RemoteException {
+ return mService.getTetheredWifiInterface();
+ }
+}
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/TetheringTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/TetheringTest.java
new file mode 100644
index 0000000..ad98a29
--- /dev/null
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/TetheringTest.java
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.net.hostside;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import android.content.Context;
+import android.net.TetheringInterface;
+import android.net.cts.util.CtsTetheringUtils;
+import android.net.wifi.SoftApConfiguration;
+import android.net.wifi.WifiSsid;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.nio.charset.StandardCharsets;
+
+public class TetheringTest {
+ private CtsTetheringUtils mCtsTetheringUtils;
+ private TetheringHelperClient mTetheringHelperClient;
+
+ @Before
+ public void setUp() throws Exception {
+ Context targetContext = getInstrumentation().getTargetContext();
+ mCtsTetheringUtils = new CtsTetheringUtils(targetContext);
+ mTetheringHelperClient = new TetheringHelperClient(targetContext);
+ mTetheringHelperClient.bind();
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ mTetheringHelperClient.unbind();
+ }
+
+ /**
+ * Starts Wifi tethering and tests that the SoftApConfiguration is redacted from
+ * TetheringEventCallback for other apps.
+ */
+ @Test
+ public void testSoftApConfigurationRedactedForOtherUids() throws Exception {
+ final CtsTetheringUtils.TestTetheringEventCallback tetherEventCallback =
+ mCtsTetheringUtils.registerTetheringEventCallback();
+ SoftApConfiguration softApConfig = new SoftApConfiguration.Builder()
+ .setWifiSsid(WifiSsid.fromBytes("This is an SSID!"
+ .getBytes(StandardCharsets.UTF_8))).build();
+ final TetheringInterface tetheringInterface =
+ mCtsTetheringUtils.startWifiTethering(tetherEventCallback, softApConfig);
+ assertNotNull(tetheringInterface);
+ assertEquals(softApConfig, tetheringInterface.getSoftApConfiguration());
+ try {
+ TetheringInterface tetheringInterfaceForApp2 =
+ mTetheringHelperClient.getTetheredWifiInterface();
+ assertNotNull(tetheringInterfaceForApp2);
+ assertNull(tetheringInterfaceForApp2.getSoftApConfiguration());
+ assertEquals(
+ tetheringInterface.getInterface(), tetheringInterfaceForApp2.getInterface());
+ } finally {
+ mCtsTetheringUtils.stopWifiTethering(tetherEventCallback);
+ }
+ }
+}
diff --git a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
index d05a8d0..3430196 100755
--- a/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
+++ b/tests/cts/hostside/app/src/com/android/cts/net/hostside/VpnTest.java
@@ -20,6 +20,7 @@
import static android.Manifest.permission.NETWORK_SETTINGS;
import static android.Manifest.permission.READ_DEVICE_CONFIG;
import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
import static android.content.Context.RECEIVER_EXPORTED;
import static android.content.pm.PackageManager.FEATURE_TELEPHONY;
import static android.content.pm.PackageManager.FEATURE_WIFI;
@@ -1209,7 +1210,7 @@
AUTOMATIC_ON_OFF_KEEPALIVE_VERSION,
AUTOMATIC_ON_OFF_KEEPALIVE_ENABLED, false /* makeDefault */);
return mode;
- }, READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG);
+ }, READ_DEVICE_CONFIG, WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG);
final IpSecManager ipSec = mTargetContext.getSystemService(IpSecManager.class);
SocketKeepalive kp = null;
@@ -1249,7 +1250,7 @@
AUTOMATIC_ON_OFF_KEEPALIVE_VERSION,
origMode, false);
mCM.setTestLowTcpPollingTimerForKeepalive(0);
- }, WRITE_DEVICE_CONFIG, NETWORK_SETTINGS);
+ }, WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG, NETWORK_SETTINGS);
}
}
diff --git a/tests/cts/hostside/app2/AndroidManifest.xml b/tests/cts/hostside/app2/AndroidManifest.xml
index 412b307..6ccaf4f 100644
--- a/tests/cts/hostside/app2/AndroidManifest.xml
+++ b/tests/cts/hostside/app2/AndroidManifest.xml
@@ -42,6 +42,8 @@
android:debuggable="true">
<service android:name=".RemoteSocketFactoryService"
android:exported="true"/>
+ <service android:name=".TetheringHelperService"
+ android:exported="true"/>
</application>
<!--
diff --git a/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/TetheringHelperService.java b/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/TetheringHelperService.java
new file mode 100644
index 0000000..56a8cbb
--- /dev/null
+++ b/tests/cts/hostside/app2/src/com/android/cts/net/hostside/app2/TetheringHelperService.java
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.net.hostside.app2;
+
+
+import static android.net.TetheringManager.TETHERING_WIFI;
+
+import android.app.Service;
+import android.content.Intent;
+import android.net.TetheringInterface;
+import android.net.TetheringManager;
+import android.os.IBinder;
+
+import androidx.annotation.NonNull;
+
+import com.android.cts.net.hostside.ITetheringHelper;
+
+import java.util.Set;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.TimeUnit;
+
+public class TetheringHelperService extends Service {
+ private static final String TAG = TetheringHelperService.class.getSimpleName();
+
+ private ITetheringHelper.Stub mBinder = new ITetheringHelper.Stub() {
+ public TetheringInterface getTetheredWifiInterface() {
+ ArrayBlockingQueue<TetheringInterface> queue = new ArrayBlockingQueue<>(1);
+ TetheringManager.TetheringEventCallback callback =
+ new TetheringManager.TetheringEventCallback() {
+ @Override
+ public void onTetheredInterfacesChanged(
+ @NonNull Set<TetheringInterface> interfaces) {
+ for (TetheringInterface iface : interfaces) {
+ if (iface.getType() == TETHERING_WIFI) {
+ queue.offer(iface);
+ break;
+ }
+ }
+ }
+ };
+ TetheringManager tm =
+ TetheringHelperService.this.getSystemService(TetheringManager.class);
+ tm.registerTetheringEventCallback(Runnable::run, callback);
+ TetheringInterface iface;
+ try {
+ iface = queue.poll(5, TimeUnit.SECONDS);
+ } catch (InterruptedException e) {
+ throw new IllegalStateException("Wait for wifi TetheredInterface interrupted");
+ } finally {
+ tm.unregisterTetheringEventCallback(callback);
+ }
+ if (iface == null) {
+ throw new IllegalStateException(
+ "No wifi TetheredInterface received after 5 seconds");
+ }
+ return iface;
+ }
+ };
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return mBinder;
+ }
+}
diff --git a/tests/cts/hostside/src/com/android/cts/net/HostsideTetheringTests.java b/tests/cts/hostside/src/com/android/cts/net/HostsideTetheringTests.java
new file mode 100644
index 0000000..d73e01a
--- /dev/null
+++ b/tests/cts/hostside/src/com/android/cts/net/HostsideTetheringTests.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.net;
+
+import com.android.tradefed.device.DeviceNotAvailableException;
+import com.android.tradefed.invoker.TestInformation;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.testtype.junit4.AfterClassWithInfo;
+import com.android.tradefed.testtype.junit4.BeforeClassWithInfo;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class HostsideTetheringTests extends HostsideNetworkTestCase {
+ /**
+ * Set up the test once before running all the tests.
+ */
+ @BeforeClassWithInfo
+ public static void setUpOnce(TestInformation testInfo) throws Exception {
+ uninstallPackage(testInfo, TEST_APP2_PKG, false);
+ installPackage(testInfo, TEST_APP2_APK);
+ }
+
+ /**
+ * Tear down the test once after running all the tests.
+ */
+ @AfterClassWithInfo
+ public static void tearDownOnce(TestInformation testInfo)
+ throws DeviceNotAvailableException {
+ uninstallPackage(testInfo, TEST_APP2_PKG, true);
+ }
+
+ @Test
+ public void testSoftApConfigurationRedactedForOtherApps() throws Exception {
+ runDeviceTests(TEST_PKG, TEST_PKG + ".TetheringTest",
+ "testSoftApConfigurationRedactedForOtherUids");
+ }
+}
diff --git a/tests/cts/net/Android.bp b/tests/cts/net/Android.bp
index 9e57f69..a9ac29c 100644
--- a/tests/cts/net/Android.bp
+++ b/tests/cts/net/Android.bp
@@ -96,14 +96,8 @@
],
test_suites: [
"cts",
- "mts-dnsresolver",
- "mts-networking",
"mts-tethering",
- "mts-wifi",
- "mcts-dnsresolver",
- "mcts-networking",
"mcts-tethering",
- "mcts-wifi",
"general-tests",
],
}
diff --git a/tests/cts/net/AndroidTestTemplate.xml b/tests/cts/net/AndroidTestTemplate.xml
index 965d1f6..55b6494 100644
--- a/tests/cts/net/AndroidTestTemplate.xml
+++ b/tests/cts/net/AndroidTestTemplate.xml
@@ -61,8 +61,7 @@
</test>
<metrics_collector class="com.android.tradefed.device.metric.FilePullerLogCollector">
<!-- Pattern matching the fileKey used by ConnectivityDiagnosticsCollector when calling addFileMetric -->
- <option name="pull-pattern-keys" value="com.android.testutils.ConnectivityDiagnosticsCollector.*" />
- <option name="log-data-type" value="CONNDIAG" />
+ <option name="pull-pattern-keys" value="com.android.testutils.ConnectivityDiagnosticsCollector.*"/>
<option name="collect-on-run-ended-only" value="true" />
</metrics_collector>
<!-- When this test is run in a Mainline context (e.g. with `mts-tradefed`), only enable it if
diff --git a/tests/cts/net/jni/NativeMultinetworkJni.cpp b/tests/cts/net/jni/NativeMultinetworkJni.cpp
index f2214a3..1d848ec 100644
--- a/tests/cts/net/jni/NativeMultinetworkJni.cpp
+++ b/tests/cts/net/jni/NativeMultinetworkJni.cpp
@@ -415,9 +415,17 @@
strlcpy(dst, buf, size);
}
+static jobject create_query_test_result(JNIEnv* env, uint16_t src_port, int attempts, int errnum) {
+ jclass clazz = env->FindClass(
+ "android/net/cts/MultinetworkApiTest$QueryTestResult");
+ jmethodID ctor = env->GetMethodID(clazz, "<init>", "(III)V");
+
+ return env->NewObject(clazz, ctor, src_port, attempts, errnum);
+}
+
extern "C"
-JNIEXPORT jint Java_android_net_cts_MultinetworkApiTest_runDatagramCheck(
- JNIEnv*, jclass, jlong nethandle) {
+JNIEXPORT jobject Java_android_net_cts_MultinetworkApiTest_runDatagramCheck(
+ JNIEnv* env, jclass, jlong nethandle, jint src_port) {
const struct addrinfo kHints = {
.ai_flags = AI_ADDRCONFIG,
.ai_family = AF_UNSPEC,
@@ -433,7 +441,7 @@
LOGD("android_getaddrinfofornetwork(%llu, %s) returned rval=%d errno=%d",
handle, kHostname, rval, errno);
freeaddrinfo(res);
- return -errno;
+ return create_query_test_result(env, 0, 0, errno);
}
// Rely upon getaddrinfo sorting the best destination to the front.
@@ -442,7 +450,7 @@
LOGD("socket(%d, %d, %d) failed, errno=%d",
res->ai_family, res->ai_socktype, res->ai_protocol, errno);
freeaddrinfo(res);
- return -errno;
+ return create_query_test_result(env, 0, 0, errno);
}
rval = android_setsocknetwork(handle, fd);
@@ -451,7 +459,31 @@
if (rval != 0) {
close(fd);
freeaddrinfo(res);
- return -errno;
+ return create_query_test_result(env, 0, 0, errno);
+ }
+
+ sockaddr_storage src_addr;
+ socklen_t src_addrlen = sizeof(src_addr);
+ if (src_port) {
+ if (res->ai_family == AF_INET6) {
+ *reinterpret_cast<sockaddr_in6*>(&src_addr) = (sockaddr_in6) {
+ .sin6_family = AF_INET6,
+ .sin6_port = htons(src_port),
+ .sin6_addr = in6addr_any,
+ };
+ } else {
+ *reinterpret_cast<sockaddr_in*>(&src_addr) = (sockaddr_in) {
+ .sin_family = AF_INET,
+ .sin_port = htons(src_port),
+ .sin_addr = { .s_addr = INADDR_ANY },
+ };
+ }
+ if (bind(fd, (sockaddr *)&src_addr, src_addrlen) != 0) {
+ LOGD("Error binding to port %d", src_port);
+ close(fd);
+ freeaddrinfo(res);
+ return create_query_test_result(env, 0, 0, errno);
+ }
}
char addrstr[kSockaddrStrLen+1];
@@ -462,19 +494,28 @@
if (rval != 0) {
close(fd);
freeaddrinfo(res);
- return -errno;
+ return create_query_test_result(env, 0, 0, errno);
}
freeaddrinfo(res);
- struct sockaddr_storage src_addr;
- socklen_t src_addrlen = sizeof(src_addr);
if (getsockname(fd, (struct sockaddr *)&src_addr, &src_addrlen) != 0) {
close(fd);
- return -errno;
+ return create_query_test_result(env, 0, 0, errno);
}
sockaddr_ntop((const struct sockaddr *)&src_addr, sizeof(src_addr), addrstr, sizeof(addrstr));
LOGD("... from %s", addrstr);
+ uint16_t socket_src_port;
+ if (res->ai_family == AF_INET6) {
+ socket_src_port = ntohs(reinterpret_cast<sockaddr_in6*>(&src_addr)->sin6_port);
+ } else if (src_addr.ss_family == AF_INET) {
+ socket_src_port = ntohs(reinterpret_cast<sockaddr_in*>(&src_addr)->sin_port);
+ } else {
+ LOGD("Invalid source address family %d", src_addr.ss_family);
+ close(fd);
+ return create_query_test_result(env, 0, 0, EAFNOSUPPORT);
+ }
+
// Don't let reads or writes block indefinitely.
const struct timeval timeo = { 2, 0 }; // 2 seconds
setsockopt(fd, SOL_SOCKET, SO_RCVTIMEO, &timeo, sizeof(timeo));
@@ -503,7 +544,7 @@
errnum = errno;
LOGD("send(QUIC packet) returned sent=%zd, errno=%d", sent, errnum);
close(fd);
- return -errnum;
+ return create_query_test_result(env, socket_src_port, i + 1, errnum);
}
rcvd = recv(fd, response, sizeof(response), 0);
@@ -521,18 +562,19 @@
LOGD("Does this network block UDP port %s?", kPort);
}
close(fd);
- return -EPROTO;
+ return create_query_test_result(env, socket_src_port, i + 1,
+ rcvd <= 0 ? errnum : EPROTO);
}
int conn_id_cmp = memcmp(quic_packet + 6, response + 7, 8);
if (conn_id_cmp != 0) {
LOGD("sent and received connection IDs do not match");
close(fd);
- return -EPROTO;
+ return create_query_test_result(env, socket_src_port, i + 1, EPROTO);
}
// TODO: Replace this quick 'n' dirty test with proper QUIC-capable code.
close(fd);
- return 0;
+ return create_query_test_result(env, socket_src_port, i + 1, 0);
}
diff --git a/tests/cts/net/native/dns/Android.bp b/tests/cts/net/native/dns/Android.bp
index de4a3bf..8138598 100644
--- a/tests/cts/net/native/dns/Android.bp
+++ b/tests/cts/net/native/dns/Android.bp
@@ -62,8 +62,6 @@
"cts",
"general-tests",
"mts-dnsresolver",
- "mts-networking",
"mcts-dnsresolver",
- "mcts-networking",
],
}
diff --git a/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt b/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt
index 9ac2c67..8e77b5d 100644
--- a/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt
+++ b/tests/cts/net/src/android/net/cts/ApfIntegrationTest.kt
@@ -19,6 +19,7 @@
package android.net.cts
+import android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG
import android.Manifest.permission.WRITE_DEVICE_CONFIG
import android.content.pm.PackageManager.FEATURE_WIFI
import android.net.ConnectivityManager
@@ -165,7 +166,7 @@
// created.
// APF adb cmds are only implemented in ApfFilter.java. Enable experiment to prevent
// LegacyApfFilter.java from being used.
- runAsShell(WRITE_DEVICE_CONFIG) {
+ runAsShell(WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG) {
DeviceConfig.setProperty(
NAMESPACE_CONNECTIVITY,
APF_NEW_RA_FILTER_VERSION,
diff --git a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
index 3a8252a..88309ed 100644
--- a/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityManagerTest.java
@@ -145,6 +145,7 @@
import android.net.ConnectivityManager;
import android.net.ConnectivityManager.NetworkCallback;
import android.net.ConnectivitySettingsManager;
+import android.net.DnsResolver;
import android.net.InetAddresses;
import android.net.IpSecManager;
import android.net.IpSecManager.UdpEncapsulationSocket;
@@ -201,6 +202,7 @@
import com.android.internal.util.ArrayUtils;
import com.android.modules.utils.build.SdkLevel;
import com.android.net.module.util.CollectionUtils;
+import com.android.net.module.util.DnsPacket;
import com.android.networkstack.apishim.ConnectivityManagerShimImpl;
import com.android.networkstack.apishim.ConstantsShim;
import com.android.networkstack.apishim.NetworkInformationShimImpl;
@@ -249,7 +251,6 @@
import java.net.Socket;
import java.net.SocketException;
import java.net.URL;
-import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
@@ -306,6 +307,7 @@
private static final int LISTEN_ACTIVITY_TIMEOUT_MS = 30_000;
private static final int NO_CALLBACK_TIMEOUT_MS = 100;
private static final int NETWORK_REQUEST_TIMEOUT_MS = 3000;
+ private static final int DNS_REQUEST_TIMEOUT_MS = 1000;
private static final int SOCKET_TIMEOUT_MS = 100;
private static final int NUM_TRIES_MULTIPATH_PREF_CHECK = 20;
private static final long INTERVAL_MULTIPATH_PREF_CHECK_MS = 500;
@@ -861,6 +863,55 @@
});
}
+ @NonNull
+ private static String getDeviceIpv6AddressThroughDnsQuery(Network network) throws Exception {
+ final InetAddress dnsAddr = getAddrByName("ns1.google.com", AF_INET6);
+ assertNotNull("IPv6 address for ns1.google.com should not be null", dnsAddr);
+
+ try (DatagramSocket udpSocket = new DatagramSocket()) {
+ network.bindSocket(udpSocket);
+
+ final DnsPacket queryDnsPkt = new DnsPacket(
+ new DnsPacket.DnsHeader(new Random().nextInt(), DnsResolver.FLAG_EMPTY,
+ 1 /* qdcount */,
+ 0 /* ancount */),
+ List.of(DnsPacket.DnsRecord.makeQuestion("o-o.myaddr.l.google.com",
+ DnsResolver.TYPE_TXT, DnsResolver.CLASS_IN)),
+ List.of() /* an */
+ );
+ final byte[] queryDnsRawBytes = queryDnsPkt.getBytes();
+ final byte[] receiveBuffer = new byte[1500];
+ final int maxRetry = 3;
+ for (int attempt = 1; attempt <= maxRetry; ++attempt) {
+ try {
+ final DatagramPacket queryUdpPkt = new DatagramPacket(queryDnsRawBytes,
+ queryDnsRawBytes.length, dnsAddr, 53 /* port */);
+ udpSocket.send(queryUdpPkt);
+
+ final DatagramPacket replyUdpPkt = new DatagramPacket(receiveBuffer,
+ receiveBuffer.length);
+ udpSocket.setSoTimeout(DNS_REQUEST_TIMEOUT_MS);
+ udpSocket.receive(replyUdpPkt);
+ break;
+ } catch (IOException e) {
+ if (attempt == maxRetry) {
+ throw e; // If the last attempt fails, rethrow the exception.
+ } else {
+ Log.e(TAG, "DNS request failed (attempt " + attempt + ")" + e);
+ }
+ }
+ }
+
+ final DnsPacket replyDnsPkt = new DnsPacket(receiveBuffer);
+ final DnsPacket.DnsRecord answerRecord = replyDnsPkt.getRecords(
+ DnsPacket.ANSECTION).get(0);
+ final byte[] txtReplyRecord = answerRecord.getRR();
+ final byte dataLength = txtReplyRecord[0];
+ assertEquals(dataLength, txtReplyRecord.length - 1);
+ return new String(Arrays.copyOfRange(txtReplyRecord, 1, txtReplyRecord.length));
+ }
+ }
+
/**
* Tests that connections can be opened on WiFi and cellphone networks,
* and that they are made from different IP addresses.
@@ -886,8 +937,31 @@
// Verify that the IP addresses that the requests appeared to come from are actually on the
// respective networks.
- assertOnNetwork(wifiAddressString, wifiNetwork);
- assertOnNetwork(cellAddressString, cellNetwork);
+ final InetAddress wifiAddress = InetAddresses.parseNumericAddress(wifiAddressString);
+ final LinkProperties wifiLinkProperties = mCm.getLinkProperties(wifiNetwork);
+ // To make sure that the request went out on the right network, check that
+ // the IP address seen by the server is assigned to the expected network.
+ // We can only do this for IPv6 addresses, because in IPv4 we will likely
+ // have a private IPv4 address, and that won't match what the server sees.
+ if (wifiAddress instanceof Inet6Address) {
+ assertContains(wifiLinkProperties.getAddresses(), wifiAddress);
+ }
+
+ final LinkProperties cellLinkProperties = mCm.getLinkProperties(cellNetwork);
+ final InetAddress cellAddress = InetAddresses.parseNumericAddress(cellAddressString);
+ final List<InetAddress> cellNetworkAddresses = cellLinkProperties.getAddresses();
+ // In userdebug build, on cellular network, if the onNetwork check failed, we also try to
+ // re-verify it by obtaining the IP address through DNS query.
+ boolean isUserDebug = Build.isDebuggable();
+ if (cellAddress instanceof Inet6Address) {
+ if (isUserDebug && !cellNetworkAddresses.contains(cellAddress)) {
+ final InetAddress ipv6AddressThroughDns = InetAddresses.parseNumericAddress(
+ getDeviceIpv6AddressThroughDnsQuery(cellNetwork));
+ assertContains(cellNetworkAddresses, ipv6AddressThroughDns);
+ } else {
+ assertContains(cellNetworkAddresses, cellAddress);
+ }
+ }
assertFalse("Unexpectedly equal: " + wifiNetwork, wifiNetwork.equals(cellNetwork));
}
@@ -919,17 +993,6 @@
}
}
- private void assertOnNetwork(String adressString, Network network) throws UnknownHostException {
- InetAddress address = InetAddress.getByName(adressString);
- LinkProperties linkProperties = mCm.getLinkProperties(network);
- // To make sure that the request went out on the right network, check that
- // the IP address seen by the server is assigned to the expected network.
- // We can only do this for IPv6 addresses, because in IPv4 we will likely
- // have a private IPv4 address, and that won't match what the server sees.
- if (address instanceof Inet6Address) {
- assertContains(linkProperties.getAddresses(), address);
- }
- }
private static<T> void assertContains(Collection<T> collection, T element) {
assertTrue(element + " not found in " + collection, collection.contains(element));
@@ -1713,7 +1776,8 @@
}
}
- private InetAddress getAddrByName(final String hostname, final int family) throws Exception {
+ private static InetAddress getAddrByName(final String hostname, final int family)
+ throws Exception {
final InetAddress[] allAddrs = InetAddress.getAllByName(hostname);
for (InetAddress addr : allAddrs) {
if (family == AF_INET && addr instanceof Inet4Address) return addr;
diff --git a/tests/cts/net/src/android/net/cts/MultinetworkApiTest.java b/tests/cts/net/src/android/net/cts/MultinetworkApiTest.java
index 2c7d5c6..c67443e 100644
--- a/tests/cts/net/src/android/net/cts/MultinetworkApiTest.java
+++ b/tests/cts/net/src/android/net/cts/MultinetworkApiTest.java
@@ -39,10 +39,13 @@
import android.system.ErrnoException;
import android.system.OsConstants;
import android.util.ArraySet;
+import android.util.Log;
import androidx.test.platform.app.InstrumentationRegistry;
+import com.android.net.module.util.CollectionUtils;
import com.android.testutils.AutoReleaseNetworkCallbackRule;
+import com.android.testutils.ConnectivityDiagnosticsCollector;
import com.android.testutils.DevSdkIgnoreRunner;
import com.android.testutils.DeviceConfigRule;
@@ -51,6 +54,8 @@
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Set;
@DevSdkIgnoreRunner.RestoreDefaultNetwork
@@ -70,13 +75,34 @@
private static final String TAG = "MultinetworkNativeApiTest";
static final String GOOGLE_PRIVATE_DNS_SERVER = "dns.google";
+ public static class QueryTestResult {
+ public final int sourcePort;
+ public final int attempts;
+ public final int errNo;
+
+ public QueryTestResult(int sourcePort, int attempts, int errNo) {
+ this.sourcePort = sourcePort;
+ this.attempts = attempts;
+ this.errNo = errNo;
+ }
+
+ @Override
+ public String toString() {
+ return "QueryTestResult{"
+ + "sourcePort=" + sourcePort
+ + ", attempts=" + attempts
+ + ", errNo=" + errNo
+ + '}';
+ }
+ }
+
/**
* @return 0 on success
*/
private static native int runGetaddrinfoCheck(long networkHandle);
private static native int runSetprocnetwork(long networkHandle);
private static native int runSetsocknetwork(long networkHandle);
- private static native int runDatagramCheck(long networkHandle);
+ private static native QueryTestResult runDatagramCheck(long networkHandle, int sourcePort);
private static native void runResNapiMalformedCheck(long networkHandle);
private static native void runResNcancelCheck(long networkHandle);
private static native void runResNqueryCheck(long networkHandle);
@@ -165,14 +191,69 @@
}
}
+ private void runNativeDatagramTransmissionDiagnostics(Network network,
+ QueryTestResult failedResult) {
+ final ConnectivityDiagnosticsCollector collector = ConnectivityDiagnosticsCollector
+ .getInstance();
+ if (collector == null) {
+ Log.e(TAG, "Missing ConnectivityDiagnosticsCollector, not adding diagnostics");
+ return;
+ }
+
+ final int numReruns = 10;
+ final ArrayList<QueryTestResult> reruns = new ArrayList<>(numReruns);
+ for (int i = 0; i < numReruns; i++) {
+ final QueryTestResult rerunResult =
+ runDatagramCheck(network.getNetworkHandle(), 0 /* sourcePort */);
+ Log.d(TAG, "Rerun result " + i + ": " + rerunResult);
+ reruns.add(rerunResult);
+ }
+ // Rerun on the original port after trying the other ports, to check that the results are
+ // consistent, as opposed to the network recovering halfway through.
+ int originalPortFailedReruns = 0;
+ for (int i = 0; i < numReruns; i++) {
+ final QueryTestResult originalPortRerun = runDatagramCheck(network.getNetworkHandle(),
+ failedResult.sourcePort);
+ Log.d(TAG, "Rerun result " + i + " with original port: " + originalPortRerun);
+ if (originalPortRerun.errNo != 0) {
+ originalPortFailedReruns++;
+ }
+ }
+
+ final int noRetrySuccessResults = reruns.stream()
+ .filter(result -> result.errNo == 0 && result.attempts == 1)
+ .mapToInt(result -> 1)
+ .sum();
+ final int failedResults = reruns.stream()
+ .filter(result -> result.errNo != 0)
+ .mapToInt(result -> 1)
+ .sum();
+ collector.addFailureAttribute("numReruns", numReruns);
+ collector.addFailureAttribute("noRetrySuccessReruns", noRetrySuccessResults);
+ collector.addFailureAttribute("failedReruns", failedResults);
+ collector.addFailureAttribute("originalPortFailedReruns", originalPortFailedReruns);
+ }
+
@Test
public void testNativeDatagramTransmission() throws Exception {
for (Network network : getTestableNetworks()) {
- int errno = runDatagramCheck(network.getNetworkHandle());
- if (errno != 0) {
- throw new ErrnoException(
- "DatagramCheck on " + mCM.getNetworkInfo(network), -errno);
+ final QueryTestResult result = runDatagramCheck(network.getNetworkHandle(),
+ 0 /* sourcePort */);
+ if (result.errNo == 0) {
+ continue;
}
+ final NetworkCapabilities nc = mCM.getNetworkCapabilities(network);
+ final int[] transports = nc != null ? nc.getTransportTypes() : null;
+ if (CollectionUtils.contains(transports, TRANSPORT_WIFI)) {
+ runNativeDatagramTransmissionDiagnostics(network, result);
+ }
+
+ // Log the whole result (with source port and attempts) to logcat, but use only the
+ // errno and transport in the fail message so similar failures have consistent messages
+ final String error = "DatagramCheck on transport " + Arrays.toString(transports)
+ + " failed: " + result.errNo;
+ Log.e(TAG, error + ", result: " + result);
+ fail(error);
}
}
diff --git a/tests/cts/net/src/android/net/cts/NetworkStatsManagerTest.java b/tests/cts/net/src/android/net/cts/NetworkStatsManagerTest.java
index fef085d..e3d7240 100644
--- a/tests/cts/net/src/android/net/cts/NetworkStatsManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/NetworkStatsManagerTest.java
@@ -63,6 +63,7 @@
import android.os.Process;
import android.os.RemoteException;
import android.os.SystemClock;
+import android.os.UserHandle;
import android.platform.test.annotations.AppModeFull;
import android.telephony.TelephonyManager;
import android.text.TextUtils;
@@ -113,8 +114,8 @@
private static final String LOG_TAG = "NetworkStatsManagerTest";
- private static final String APPOPS_SET_SHELL_COMMAND = "appops set {0} {1} {2}";
- private static final String APPOPS_GET_SHELL_COMMAND = "appops get {0} {1}";
+ private static final String APPOPS_SET_SHELL_COMMAND = "appops set --user {0} {1} {2} {3}";
+ private static final String APPOPS_GET_SHELL_COMMAND = "appops get --user {0} {1} {2}";
private static final long MINUTE = 1000 * 60;
private static final int TIMEOUT_MILLIS = 15000;
@@ -329,12 +330,14 @@
}
private void setAppOpsMode(String appop, String mode) throws Exception {
- final String command = MessageFormat.format(APPOPS_SET_SHELL_COMMAND, mPkg, appop, mode);
+ final String command = MessageFormat.format(APPOPS_SET_SHELL_COMMAND,
+ UserHandle.myUserId(), mPkg, appop, mode);
SystemUtil.runShellCommand(mInstrumentation, command);
}
private String getAppOpsMode(String appop) throws Exception {
- final String command = MessageFormat.format(APPOPS_GET_SHELL_COMMAND, mPkg, appop);
+ final String command = MessageFormat.format(APPOPS_GET_SHELL_COMMAND,
+ UserHandle.myUserId(), mPkg, appop);
String result = SystemUtil.runShellCommand(mInstrumentation, command);
if (result == null) {
Log.w(LOG_TAG, "App op " + appop + " could not be read.");
diff --git a/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt b/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
index a0b40aa..d3d4f4d 100644
--- a/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
+++ b/tests/cts/net/src/android/net/cts/NetworkValidationTestUtil.kt
@@ -17,6 +17,7 @@
package android.net.cts
import android.Manifest.permission.WRITE_DEVICE_CONFIG
+import android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG
import android.provider.DeviceConfig
import android.provider.DeviceConfig.NAMESPACE_CONNECTIVITY
import com.android.net.module.util.NetworkStackConstants
@@ -33,7 +34,7 @@
* Clear the test network validation URLs.
*/
@JvmStatic fun clearValidationTestUrlsDeviceConfig() {
- runAsShell(WRITE_DEVICE_CONFIG) {
+ runAsShell(WRITE_DEVICE_CONFIG, WRITE_ALLOWLISTED_DEVICE_CONFIG) {
DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
NetworkStackConstants.TEST_CAPTIVE_PORTAL_HTTPS_URL, null, false)
DeviceConfig.setProperty(NAMESPACE_CONNECTIVITY,
diff --git a/tests/cts/net/util/java/android/net/cts/util/CtsNetUtils.java b/tests/cts/net/util/java/android/net/cts/util/CtsNetUtils.java
index 0dd2a23..173d13f 100644
--- a/tests/cts/net/util/java/android/net/cts/util/CtsNetUtils.java
+++ b/tests/cts/net/util/java/android/net/cts/util/CtsNetUtils.java
@@ -53,6 +53,7 @@
import android.os.Build;
import android.os.ConditionVariable;
import android.os.IBinder;
+import android.os.UserHandle;
import android.system.Os;
import android.system.OsConstants;
import android.telephony.SubscriptionManager;
@@ -145,7 +146,8 @@
for (final String pkg : new String[] {"com.android.shell", mContext.getPackageName()}) {
final String cmd =
String.format(
- "appops set %s %s %s",
+ "appops set --user %d %s %s %s",
+ UserHandle.myUserId(), // user id
pkg, // Package name
opName, // Appop
(allow ? "allow" : "deny")); // Action
diff --git a/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java b/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
index dffd9d5..243cd27 100644
--- a/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
+++ b/tests/cts/net/util/java/android/net/cts/util/CtsTetheringUtils.java
@@ -46,6 +46,7 @@
import android.net.TetheringManager.TetheringEventCallback;
import android.net.TetheringManager.TetheringInterfaceRegexps;
import android.net.TetheringManager.TetheringRequest;
+import android.net.wifi.SoftApConfiguration;
import android.net.wifi.WifiClient;
import android.net.wifi.WifiManager;
import android.net.wifi.WifiManager.SoftApCallback;
@@ -491,13 +492,29 @@
}
}
+ /**
+ * Starts Wi-Fi tethering.
+ */
public TetheringInterface startWifiTethering(final TestTetheringEventCallback callback)
throws InterruptedException {
+ return startWifiTethering(callback, null);
+ }
+
+ /**
+ * Starts Wi-Fi tethering with the specified SoftApConfiguration.
+ */
+ public TetheringInterface startWifiTethering(final TestTetheringEventCallback callback,
+ final SoftApConfiguration softApConfiguration)
+ throws InterruptedException {
final List<String> wifiRegexs = getWifiTetherableInterfaceRegexps(callback);
final StartTetheringCallback startTetheringCallback = new StartTetheringCallback();
- final TetheringRequest request = new TetheringRequest.Builder(TETHERING_WIFI)
- .setShouldShowEntitlementUi(false).build();
+ TetheringRequest.Builder builder = new TetheringRequest.Builder(TETHERING_WIFI)
+ .setShouldShowEntitlementUi(false);
+ if (softApConfiguration != null) {
+ builder.setSoftApConfiguration(softApConfiguration);
+ }
+ final TetheringRequest request = builder.build();
return runAsShell(TETHER_PRIVILEGED, () -> {
mTm.startTethering(request, c -> c.run() /* executor */, startTetheringCallback);
diff --git a/tests/cts/tethering/Android.bp b/tests/cts/tethering/Android.bp
index 83818be..d9bc7f7 100644
--- a/tests/cts/tethering/Android.bp
+++ b/tests/cts/tethering/Android.bp
@@ -19,7 +19,10 @@
java_defaults {
name: "CtsTetheringTestDefaults",
- defaults: ["cts_defaults"],
+ defaults: [
+ "cts_defaults",
+ "framework-connectivity-test-defaults",
+ ],
libs: [
"android.test.base.stubs.system",
diff --git a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
index 1454d9a..b294d63 100644
--- a/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
+++ b/tests/cts/tethering/src/android/tethering/cts/TetheringManagerTest.java
@@ -22,6 +22,8 @@
import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
import static android.net.NetworkCapabilities.TRANSPORT_CELLULAR;
import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
+import static android.net.TetheringManager.CONNECTIVITY_SCOPE_GLOBAL;
+import static android.net.TetheringManager.CONNECTIVITY_SCOPE_LOCAL;
import static android.net.TetheringManager.TETHERING_BLUETOOTH;
import static android.net.TetheringManager.TETHERING_ETHERNET;
import static android.net.TetheringManager.TETHERING_NCM;
@@ -32,6 +34,7 @@
import static android.net.TetheringManager.TETHER_ERROR_NO_CHANGE_TETHERING_PERMISSION;
import static android.net.TetheringManager.TETHER_ERROR_NO_ERROR;
import static android.net.cts.util.CtsTetheringUtils.isAnyIfaceMatch;
+import static android.os.Process.INVALID_UID;
import static com.android.testutils.TestPermissionUtil.runAsShell;
@@ -74,6 +77,7 @@
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
+import androidx.annotation.NonNull;
import androidx.test.InstrumentationRegistry;
import androidx.test.runner.AndroidJUnit4;
@@ -222,19 +226,23 @@
}
- @Test
- public void testTetheringRequest() {
- SoftApConfiguration softApConfiguration;
+ private SoftApConfiguration createSoftApConfiguration(@NonNull String ssid) {
+ SoftApConfiguration config;
if (SdkLevel.isAtLeastT()) {
- softApConfiguration = new SoftApConfiguration.Builder()
- .setWifiSsid(WifiSsid.fromBytes(
- "This is an SSID!".getBytes(StandardCharsets.UTF_8)))
+ config = new SoftApConfiguration.Builder()
+ .setWifiSsid(WifiSsid.fromBytes(ssid.getBytes(StandardCharsets.UTF_8)))
.build();
} else {
- softApConfiguration = new SoftApConfiguration.Builder()
- .setSsid("This is an SSID!")
+ config = new SoftApConfiguration.Builder()
+ .setSsid(ssid)
.build();
}
+ return config;
+ }
+
+ @Test
+ public void testTetheringRequest() {
+ SoftApConfiguration softApConfiguration = createSoftApConfiguration("SSID");
final TetheringRequest tr = new TetheringRequest.Builder(TETHERING_WIFI)
.setSoftApConfiguration(softApConfiguration)
.build();
@@ -243,41 +251,63 @@
assertNull(tr.getClientStaticIpv4Address());
assertFalse(tr.isExemptFromEntitlementCheck());
assertTrue(tr.getShouldShowEntitlementUi());
+ assertEquals(CONNECTIVITY_SCOPE_GLOBAL, tr.getConnectivityScope());
assertEquals(softApConfiguration, tr.getSoftApConfiguration());
+ assertEquals(INVALID_UID, tr.getUid());
+ assertNull(tr.getPackageName());
+ assertEquals(tr.toString(), "TetheringRequest[ "
+ + "TETHERING_WIFI, "
+ + "showProvisioningUi, "
+ + "CONNECTIVITY_SCOPE_GLOBAL, "
+ + "softApConfig=" + softApConfiguration.toString()
+ + " ]");
final LinkAddress localAddr = new LinkAddress("192.168.24.5/24");
final LinkAddress clientAddr = new LinkAddress("192.168.24.100/24");
final TetheringRequest tr2 = new TetheringRequest.Builder(TETHERING_USB)
.setStaticIpv4Addresses(localAddr, clientAddr)
.setExemptFromEntitlementCheck(true)
- .setShouldShowEntitlementUi(false).build();
+ .setShouldShowEntitlementUi(false)
+ .setConnectivityScope(CONNECTIVITY_SCOPE_LOCAL)
+ .build();
+ int uid = 1000;
+ String packageName = "package";
+ tr2.setUid(uid);
+ tr2.setPackageName(packageName);
assertEquals(localAddr, tr2.getLocalIpv4Address());
assertEquals(clientAddr, tr2.getClientStaticIpv4Address());
assertEquals(TETHERING_USB, tr2.getTetheringType());
assertTrue(tr2.isExemptFromEntitlementCheck());
assertFalse(tr2.getShouldShowEntitlementUi());
+ assertEquals(CONNECTIVITY_SCOPE_LOCAL, tr2.getConnectivityScope());
+ assertNull(tr2.getSoftApConfiguration());
+ assertEquals(uid, tr2.getUid());
+ assertEquals(packageName, tr2.getPackageName());
+ assertEquals(tr2.toString(), "TetheringRequest[ "
+ + "TETHERING_USB, "
+ + "localIpv4Address=" + localAddr + ", "
+ + "staticClientAddress=" + clientAddr + ", "
+ + "exemptFromEntitlementCheck, "
+ + "CONNECTIVITY_SCOPE_LOCAL, "
+ + "uid=1000, "
+ + "packageName=package"
+ + " ]");
final TetheringRequest tr3 = new TetheringRequest.Builder(TETHERING_USB)
.setStaticIpv4Addresses(localAddr, clientAddr)
.setExemptFromEntitlementCheck(true)
- .setShouldShowEntitlementUi(false).build();
+ .setShouldShowEntitlementUi(false)
+ .setConnectivityScope(CONNECTIVITY_SCOPE_LOCAL)
+ .build();
+ tr3.setUid(uid);
+ tr3.setPackageName(packageName);
assertEquals(tr2, tr3);
}
@Test
public void testTetheringRequestSetSoftApConfigurationFailsWhenNotWifi() {
- final SoftApConfiguration softApConfiguration;
- if (SdkLevel.isAtLeastT()) {
- softApConfiguration = new SoftApConfiguration.Builder()
- .setWifiSsid(WifiSsid.fromBytes(
- "This is an SSID!".getBytes(StandardCharsets.UTF_8)))
- .build();
- } else {
- softApConfiguration = new SoftApConfiguration.Builder()
- .setSsid("This is an SSID!")
- .build();
- }
+ final SoftApConfiguration softApConfiguration = createSoftApConfiguration("SSID");
for (int type : List.of(TETHERING_USB, TETHERING_BLUETOOTH, TETHERING_WIFI_P2P,
TETHERING_NCM, TETHERING_ETHERNET)) {
try {
@@ -291,17 +321,7 @@
@Test
public void testTetheringRequestParcelable() {
- final SoftApConfiguration softApConfiguration;
- if (SdkLevel.isAtLeastT()) {
- softApConfiguration = new SoftApConfiguration.Builder()
- .setWifiSsid(WifiSsid.fromBytes(
- "This is an SSID!".getBytes(StandardCharsets.UTF_8)))
- .build();
- } else {
- softApConfiguration = new SoftApConfiguration.Builder()
- .setSsid("This is an SSID!")
- .build();
- }
+ final SoftApConfiguration softApConfiguration = createSoftApConfiguration("SSID");
final LinkAddress localAddr = new LinkAddress("192.168.24.5/24");
final LinkAddress clientAddr = new LinkAddress("192.168.24.100/24");
final TetheringRequest withConfig = new TetheringRequest.Builder(TETHERING_WIFI)
@@ -328,10 +348,12 @@
tetherEventCallback.assumeWifiTetheringSupported(mContext);
tetherEventCallback.expectNoTetheringActive();
+ SoftApConfiguration softApConfig = createSoftApConfiguration("SSID");
final TetheringInterface tetheredIface =
- mCtsTetheringUtils.startWifiTethering(tetherEventCallback);
+ mCtsTetheringUtils.startWifiTethering(tetherEventCallback, softApConfig);
assertNotNull(tetheredIface);
+ assertEquals(softApConfig, tetheredIface.getSoftApConfiguration());
final String wifiTetheringIface = tetheredIface.getInterface();
mCtsTetheringUtils.stopWifiTethering(tetherEventCallback);
diff --git a/tests/unit/java/com/android/server/connectivityservice/CSDestroyedNetworkTests.kt b/tests/unit/java/com/android/server/connectivityservice/CSDestroyedNetworkTests.kt
index 5c29e3a..b824531 100644
--- a/tests/unit/java/com/android/server/connectivityservice/CSDestroyedNetworkTests.kt
+++ b/tests/unit/java/com/android/server/connectivityservice/CSDestroyedNetworkTests.kt
@@ -27,9 +27,26 @@
import com.android.testutils.TestableNetworkCallback
import org.junit.Test
import org.junit.runner.RunWith
+import org.mockito.ArgumentMatchers.anyInt
+import org.mockito.ArgumentMatchers.argThat
+import org.mockito.ArgumentMatchers.eq
+import org.mockito.Mockito.clearInvocations
+import org.mockito.Mockito.inOrder
+import org.mockito.Mockito.never
+import org.mockito.Mockito.verify
private const val LONG_TIMEOUT_MS = 5_000
+private val CAPABILITIES = NetworkCapabilities.Builder()
+ .addTransportType(TRANSPORT_WIFI)
+ .build()
+
+private val REQUEST = NetworkRequest.Builder()
+ .clearCapabilities()
+ .addTransportType(TRANSPORT_WIFI)
+ .build()
+
+
@DevSdkIgnoreRunner.MonitorThreadLeak
@RunWith(DevSdkIgnoreRunner::class)
@SmallTest
@@ -37,29 +54,53 @@
class CSDestroyedNetworkTests : CSTest() {
@Test
fun testDestroyNetworkNotKeptWhenUnvalidated() {
- val nc = NetworkCapabilities.Builder()
- .addTransportType(TRANSPORT_WIFI)
- .build()
-
- val nr = NetworkRequest.Builder()
- .clearCapabilities()
- .addTransportType(TRANSPORT_WIFI)
- .build()
val cbRequest = TestableNetworkCallback()
val cbCallback = TestableNetworkCallback()
- cm.requestNetwork(nr, cbRequest)
- cm.registerNetworkCallback(nr, cbCallback)
+ cm.requestNetwork(REQUEST, cbRequest)
+ cm.registerNetworkCallback(REQUEST, cbCallback)
- val firstAgent = Agent(nc = nc)
+ val firstAgent = Agent(nc = CAPABILITIES)
firstAgent.connect()
cbCallback.expectAvailableCallbacks(firstAgent.network, validated = false)
firstAgent.unregisterAfterReplacement(LONG_TIMEOUT_MS)
- val secondAgent = Agent(nc = nc)
+ val secondAgent = Agent(nc = CAPABILITIES)
secondAgent.connect()
cbCallback.expectAvailableCallbacks(secondAgent.network, validated = false)
cbCallback.expect<Lost>(timeoutMs = 500) { it.network == firstAgent.network }
}
+
+ @Test
+ fun testDestroyNetworkWithDelayedTeardown() {
+ val cbRequest = TestableNetworkCallback()
+ val cbCallback = TestableNetworkCallback()
+ cm.requestNetwork(REQUEST, cbRequest)
+ cm.registerNetworkCallback(REQUEST, cbCallback)
+
+ val firstAgent = Agent(nc = CAPABILITIES)
+ firstAgent.connect()
+ firstAgent.setTeardownDelayMillis(1)
+ cbCallback.expectAvailableCallbacks(firstAgent.network, validated = false)
+
+ clearInvocations(netd)
+ val inOrder = inOrder(netd)
+ firstAgent.unregisterAfterReplacement(LONG_TIMEOUT_MS)
+
+ val secondAgent = Agent(nc = CAPABILITIES)
+ secondAgent.connect()
+ cbCallback.expectAvailableCallbacks(secondAgent.network, validated = false)
+ secondAgent.disconnect()
+
+ cbCallback.expect<Lost>(timeoutMs = 500) { it.network == firstAgent.network }
+ cbCallback.expect<Lost>(timeoutMs = 500) { it.network == secondAgent.network }
+ // onLost is fired before the network is destroyed.
+ waitForIdle()
+
+ inOrder.verify(netd).networkDestroy(eq(firstAgent.network.netId))
+ inOrder.verify(netd).networkCreate(argThat{ it.netId == secondAgent.network.netId })
+ inOrder.verify(netd).networkDestroy(eq(secondAgent.network.netId))
+ verify(netd, never()).networkSetPermissionForNetwork(anyInt(), anyInt())
+ }
}
diff --git a/tests/unit/java/com/android/server/connectivityservice/base/CSAgentWrapper.kt b/tests/unit/java/com/android/server/connectivityservice/base/CSAgentWrapper.kt
index 1f5ee32..9be7d11 100644
--- a/tests/unit/java/com/android/server/connectivityservice/base/CSAgentWrapper.kt
+++ b/tests/unit/java/com/android/server/connectivityservice/base/CSAgentWrapper.kt
@@ -181,6 +181,7 @@
cb.eventuallyExpect<Lost> { it.network == agent.network }
}
+ fun setTeardownDelayMillis(delayMillis: Int) = agent.setTeardownDelayMillis(delayMillis)
fun unregisterAfterReplacement(timeoutMs: Int) = agent.unregisterAfterReplacement(timeoutMs)
fun sendLocalNetworkConfig(lnc: LocalNetworkConfig) = agent.sendLocalNetworkConfig(lnc)
diff --git a/tests/unit/jni/android_net_frameworktests_util/onload.cpp b/tests/unit/jni/android_net_frameworktests_util/onload.cpp
index 06a3986..a0ce4f8 100644
--- a/tests/unit/jni/android_net_frameworktests_util/onload.cpp
+++ b/tests/unit/jni/android_net_frameworktests_util/onload.cpp
@@ -24,6 +24,8 @@
int register_com_android_net_module_util_BpfMap(JNIEnv* env, char const* class_name);
int register_com_android_net_module_util_TcUtils(JNIEnv* env, char const* class_name);
+int register_com_android_net_module_util_TimerFdUtils(JNIEnv *env,
+ char const *class_name);
extern "C" jint JNI_OnLoad(JavaVM* vm, void*) {
JNIEnv *env;
@@ -38,6 +40,10 @@
if (register_com_android_net_module_util_TcUtils(env,
"android/net/frameworktests/util/TcUtils") < 0) return JNI_ERR;
+ if (register_com_android_net_module_util_TimerFdUtils(
+ env, "android/net/frameworktests/util/TimerFdUtils") < 0)
+ return JNI_ERR;
+
return JNI_VERSION_1_6;
}
diff --git a/thread/TEST_MAPPING b/thread/TEST_MAPPING
index 34d67bb..40842f1 100644
--- a/thread/TEST_MAPPING
+++ b/thread/TEST_MAPPING
@@ -13,6 +13,9 @@
"postsubmit": [
{
"name": "ThreadNetworkMultiDeviceTests"
+ },
+ {
+ "name": "ThreadNetworkTrelDisabledTests"
}
]
}
diff --git a/thread/framework/java/android/net/thread/ThreadNetworkController.java b/thread/framework/java/android/net/thread/ThreadNetworkController.java
index 14d22d1..73a6bda 100644
--- a/thread/framework/java/android/net/thread/ThreadNetworkController.java
+++ b/thread/framework/java/android/net/thread/ThreadNetworkController.java
@@ -908,7 +908,6 @@
for (int i = 0; i < channelMaxPowers.size(); i++) {
int channel = channelMaxPowers.keyAt(i);
- int maxPower = channelMaxPowers.get(channel);
if ((channel < ActiveOperationalDataset.CHANNEL_MIN_24_GHZ)
|| (channel > ActiveOperationalDataset.CHANNEL_MAX_24_GHZ)) {
diff --git a/thread/service/java/com/android/server/thread/FeatureFlags.java b/thread/service/java/com/android/server/thread/FeatureFlags.java
new file mode 100644
index 0000000..29bcedd
--- /dev/null
+++ b/thread/service/java/com/android/server/thread/FeatureFlags.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package com.android.server.thread;
+
+import com.android.net.module.util.DeviceConfigUtils;
+
+public class FeatureFlags {
+ // The namespace for Thread Network feature flags
+ private static final String NAMESPACE_THREAD_NETWORK = "thread_network";
+
+ // The prefix for TREL feature flags
+ private static final String TREL_FEATURE_PREFIX = "TrelFeature__";
+
+ // The feature flag for TREL enabled state
+ private static final String TREL_ENABLED_FLAG = TREL_FEATURE_PREFIX + "enabled";
+
+ private static boolean isFeatureEnabled(String flag, boolean defaultValue) {
+ return DeviceConfigUtils.getDeviceConfigPropertyBoolean(
+ NAMESPACE_THREAD_NETWORK, flag, defaultValue);
+ }
+
+ public static boolean isTrelEnabled() {
+ return isFeatureEnabled(TREL_ENABLED_FLAG, false);
+ }
+}
diff --git a/thread/service/java/com/android/server/thread/ThreadNetworkControllerService.java b/thread/service/java/com/android/server/thread/ThreadNetworkControllerService.java
index 8747b44..30d5a02 100644
--- a/thread/service/java/com/android/server/thread/ThreadNetworkControllerService.java
+++ b/thread/service/java/com/android/server/thread/ThreadNetworkControllerService.java
@@ -357,7 +357,8 @@
mNsdPublisher,
getMeshcopTxtAttributes(mResources.get()),
mOtDaemonCallbackProxy,
- mCountryCodeSupplier.get());
+ mCountryCodeSupplier.get(),
+ FeatureFlags.isTrelEnabled());
otDaemon.asBinder().linkToDeath(() -> mHandler.post(this::onOtDaemonDied), 0);
mOtDaemon = otDaemon;
mHandler.post(mNat64CidrController::maybeUpdateNat64Cidr);
@@ -1406,7 +1407,7 @@
private void setInfraLinkState(InfraLinkState newInfraLinkState) {
if (Objects.equals(mInfraLinkState, newInfraLinkState)) {
- return ;
+ return;
}
LOG.i("Infra link state changed: " + mInfraLinkState + " -> " + newInfraLinkState);
setInfraLinkInterfaceName(newInfraLinkState.interfaceName);
@@ -1417,7 +1418,7 @@
private void setInfraLinkInterfaceName(String newInfraLinkInterfaceName) {
if (Objects.equals(mInfraLinkState.interfaceName, newInfraLinkInterfaceName)) {
- return ;
+ return;
}
ParcelFileDescriptor infraIcmp6Socket = null;
if (newInfraLinkInterfaceName != null) {
@@ -1440,7 +1441,7 @@
private void setInfraLinkNat64Prefix(@Nullable String newNat64Prefix) {
if (Objects.equals(newNat64Prefix, mInfraLinkState.nat64Prefix)) {
- return ;
+ return;
}
try {
getOtDaemon()
@@ -1453,7 +1454,7 @@
private void setInfraLinkDnsServers(List<String> newDnsServers) {
if (Objects.equals(newDnsServers, mInfraLinkState.dnsServers)) {
- return ;
+ return;
}
try {
getOtDaemon()
diff --git a/thread/tests/integration/Android.bp b/thread/tests/integration/Android.bp
index 8f082a4..798a51e 100644
--- a/thread/tests/integration/Android.bp
+++ b/thread/tests/integration/Android.bp
@@ -62,3 +62,23 @@
],
compile_multilib: "both",
}
+
+android_test {
+ name: "ThreadNetworkTrelDisabledTests",
+ platform_apis: true,
+ manifest: "AndroidManifest.xml",
+ test_config: "AndroidTestTrelDisabled.xml",
+ defaults: [
+ "framework-connectivity-test-defaults",
+ "ThreadNetworkIntegrationTestsDefaults",
+ ],
+ test_suites: [
+ "mts-tethering",
+ "general-tests",
+ ],
+ srcs: [
+ "src/**/*.java",
+ "src/**/*.kt",
+ ],
+ compile_multilib: "both",
+}
diff --git a/thread/tests/integration/AndroidTest.xml b/thread/tests/integration/AndroidTest.xml
index 8f98941..08409b4 100644
--- a/thread/tests/integration/AndroidTest.xml
+++ b/thread/tests/integration/AndroidTest.xml
@@ -48,4 +48,10 @@
<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
<option name="package" value="com.android.thread.tests.integration" />
</test>
+
+ <!-- Enable TREL for integration tests -->
+ <target_preparer class="com.android.tradefed.targetprep.FeatureFlagTargetPreparer">
+ <option name="flag-value"
+ value="thread_network/TrelFeature__enabled=true"/>
+ </target_preparer>
</configuration>
diff --git a/thread/tests/integration/AndroidTestTrelDisabled.xml b/thread/tests/integration/AndroidTestTrelDisabled.xml
new file mode 100644
index 0000000..600652a
--- /dev/null
+++ b/thread/tests/integration/AndroidTestTrelDisabled.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright (C) 2024 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<configuration description="Config for Thread integration tests with TREL disabled">
+ <option name="test-tag" value="ThreadNetworkTrelDisabledTests" />
+ <option name="test-suite-tag" value="apct" />
+
+ <!--
+ Only run tests if the device under test is SDK version 34 (Android 14) or above.
+ -->
+ <object type="module_controller"
+ class="com.android.tradefed.testtype.suite.module.Sdk34ModuleController" />
+
+ <!-- Run tests in MTS only if the Tethering Mainline module is installed. -->
+ <object type="module_controller"
+ class="com.android.tradefed.testtype.suite.module.MainlineTestModuleController">
+ <option name="mainline-module-package-name" value="com.google.android.tethering" />
+ </object>
+
+ <object type="module_controller"
+ class="com.android.tradefed.testtype.suite.module.DeviceFeatureModuleController">
+ <option name="required-feature" value="android.hardware.thread_network" />
+ </object>
+
+ <target_preparer class="com.android.tradefed.targetprep.RootTargetPreparer" />
+
+ <!-- Install test -->
+ <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+ <option name="test-file-name" value="ThreadNetworkTrelDisabledTests.apk" />
+ <option name="check-min-sdk" value="true" />
+ <option name="cleanup-apks" value="true" />
+ </target_preparer>
+
+ <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
+ <option name="package" value="com.android.thread.tests.integration" />
+ </test>
+
+ <!-- Disable TREL for integration tests -->
+ <target_preparer class="com.android.tradefed.targetprep.FeatureFlagTargetPreparer">
+ <option name="flag-value"
+ value="thread_network/TrelFeature__enabled=false"/>
+ </target_preparer>
+</configuration>
diff --git a/thread/tests/integration/src/android/net/thread/BorderRoutingTest.java b/thread/tests/integration/src/android/net/thread/BorderRoutingTest.java
index ddbef47..aeeed65 100644
--- a/thread/tests/integration/src/android/net/thread/BorderRoutingTest.java
+++ b/thread/tests/integration/src/android/net/thread/BorderRoutingTest.java
@@ -58,6 +58,7 @@
import android.net.thread.utils.InfraNetworkDevice;
import android.net.thread.utils.IntegrationTestUtils;
import android.net.thread.utils.OtDaemonController;
+import android.net.thread.utils.TestTunNetworkUtils;
import android.net.thread.utils.ThreadFeatureCheckerRule;
import android.net.thread.utils.ThreadFeatureCheckerRule.RequiresIpv6MulticastRouting;
import android.net.thread.utils.ThreadFeatureCheckerRule.RequiresSimulationThreadDevice;
@@ -160,6 +161,7 @@
@After
public void tearDown() throws Exception {
mController.setTestNetworkAsUpstreamAndWait(null);
+ TestTunNetworkUtils.tearDownAllInfraNetworks();
mHandlerThread.quitSafely();
mHandlerThread.join();
@@ -226,19 +228,13 @@
FullThreadDevice ftd = mFtds.get(0);
joinNetworkAndWaitForOmr(ftd, DEFAULT_DATASET);
Inet6Address ftdOmr = ftd.getOmrAddress();
- // Create a new infra network and let Thread prefer it
- TestNetworkTracker oldInfraNetworkTracker = mInfraNetworkTracker;
- try {
- setUpInfraNetwork();
- mInfraNetworkReader = newPacketReader(mInfraNetworkTracker.getTestIface(), mHandler);
- startInfraDeviceAndWaitForOnLinkAddr();
+ setUpInfraNetwork();
+ mInfraNetworkReader = newPacketReader(mInfraNetworkTracker.getTestIface(), mHandler);
+ startInfraDeviceAndWaitForOnLinkAddr();
- mInfraDevice.sendEchoRequest(ftd.getOmrAddress());
+ mInfraDevice.sendEchoRequest(ftd.getOmrAddress());
- assertNotNull(pollForIcmpPacketOnInfraNetwork(ICMPV6_ECHO_REPLY_TYPE, ftdOmr));
- } finally {
- runAsShell(MANAGE_TEST_NETWORKS, () -> oldInfraNetworkTracker.teardown());
- }
+ assertNotNull(pollForIcmpPacketOnInfraNetwork(ICMPV6_ECHO_REPLY_TYPE, ftdOmr));
}
@Test
@@ -615,8 +611,6 @@
subscribeMulticastAddressAndWait(ftd, GROUP_ADDR_SCOPE_5);
Inet6Address ftdOmr = ftd.getOmrAddress();
- // Destroy infra link and re-create
- tearDownInfraNetwork();
setUpInfraNetwork();
mInfraNetworkReader = newPacketReader(mInfraNetworkTracker.getTestIface(), mHandler);
startInfraDeviceAndWaitForOnLinkAddr();
@@ -642,8 +636,6 @@
joinNetworkAndWaitForOmr(ftd, DEFAULT_DATASET);
Inet6Address ftdOmr = ftd.getOmrAddress();
- // Destroy infra link and re-create
- tearDownInfraNetwork();
setUpInfraNetwork();
mInfraNetworkReader = newPacketReader(mInfraNetworkTracker.getTestIface(), mHandler);
startInfraDeviceAndWaitForOnLinkAddr();
@@ -683,7 +675,7 @@
@Test
public void nat64_withAilNat64Prefix_threadDevicePingIpv4InfraDevice_outboundPacketIsForwarded()
throws Exception {
- tearDownInfraNetwork();
+ TestTunNetworkUtils.tearDownInfraNetwork(mInfraNetworkTracker);
LinkProperties lp = new LinkProperties();
// NAT64 feature requires the infra network to have an IPv4 default route.
lp.addRoute(
@@ -701,7 +693,7 @@
RouteInfo.RTN_UNICAST,
1500 /* mtu */));
lp.setNat64Prefix(AIL_NAT64_PREFIX);
- mInfraNetworkTracker = IntegrationTestUtils.setUpInfraNetwork(mContext, mController, lp);
+ mInfraNetworkTracker = TestTunNetworkUtils.setUpInfraNetwork(mContext, mController, lp);
mInfraNetworkReader = newPacketReader(mInfraNetworkTracker.getTestIface(), mHandler);
FullThreadDevice ftd = mFtds.get(0);
joinNetworkAndWaitForOmr(ftd, DEFAULT_DATASET);
@@ -717,16 +709,12 @@
}
private void setUpInfraNetwork() throws Exception {
- mInfraNetworkTracker = IntegrationTestUtils.setUpInfraNetwork(mContext, mController);
- }
-
- private void tearDownInfraNetwork() {
- IntegrationTestUtils.tearDownInfraNetwork(mInfraNetworkTracker);
+ mInfraNetworkTracker = TestTunNetworkUtils.setUpInfraNetwork(mContext, mController);
}
private void startInfraDeviceAndWaitForOnLinkAddr() {
mInfraDevice =
- IntegrationTestUtils.startInfraDeviceAndWaitForOnLinkAddr(mInfraNetworkReader);
+ TestTunNetworkUtils.startInfraDeviceAndWaitForOnLinkAddr(mInfraNetworkReader);
}
private void assertInfraLinkMemberOfGroup(Inet6Address address) throws Exception {
diff --git a/thread/tests/integration/src/android/net/thread/InternetAccessTest.kt b/thread/tests/integration/src/android/net/thread/InternetAccessTest.kt
index 162f58e..3c9aa07 100644
--- a/thread/tests/integration/src/android/net/thread/InternetAccessTest.kt
+++ b/thread/tests/integration/src/android/net/thread/InternetAccessTest.kt
@@ -28,12 +28,10 @@
import android.net.thread.utils.IntegrationTestUtils.joinNetworkAndWaitForOmr
import android.net.thread.utils.IntegrationTestUtils.leaveNetworkAndDisableThread
import android.net.thread.utils.IntegrationTestUtils.newPacketReader
-import android.net.thread.utils.IntegrationTestUtils.setUpInfraNetwork
-import android.net.thread.utils.IntegrationTestUtils.startInfraDeviceAndWaitForOnLinkAddr
-import android.net.thread.utils.IntegrationTestUtils.tearDownInfraNetwork
import android.net.thread.utils.IntegrationTestUtils.waitFor
import android.net.thread.utils.OtDaemonController
import android.net.thread.utils.TestDnsServer
+import android.net.thread.utils.TestTunNetworkUtils
import android.net.thread.utils.TestUdpEchoServer
import android.net.thread.utils.ThreadFeatureCheckerRule
import android.net.thread.utils.ThreadFeatureCheckerRule.RequiresSimulationThreadDevice
@@ -128,11 +126,11 @@
handler = Handler(handlerThread.looper)
ftds = ArrayList()
- infraNetworkTracker = setUpInfraNetwork(context, controller)
+ infraNetworkTracker = TestTunNetworkUtils.setUpInfraNetwork(context, controller)
// Create an infra network device.
infraNetworkReader = newPacketReader(infraNetworkTracker.testIface, handler)
- infraDevice = startInfraDeviceAndWaitForOnLinkAddr(infraNetworkReader)
+ infraDevice = TestTunNetworkUtils.startInfraDeviceAndWaitForOnLinkAddr(infraNetworkReader)
// Create a DNS server
dnsServer = TestDnsServer(infraNetworkReader, DNS_SERVER_ADDR, ANSWER_RECORDS)
@@ -150,7 +148,7 @@
@Throws(Exception::class)
fun tearDown() {
controller.setTestNetworkAsUpstreamAndWait(null)
- tearDownInfraNetwork(infraNetworkTracker)
+ TestTunNetworkUtils.tearDownAllInfraNetworks()
dnsServer.stop()
udpEchoServer.stop()
@@ -202,6 +200,24 @@
assertThat(reply).isEqualTo("Hello,Thread")
}
+ @Test
+ fun nat64Enabled_afterInfraNetworkSwitch_threadDeviceSendsUdpToEchoServer_replyIsReceived() {
+ controller.setNat64EnabledAndWait(true)
+ waitFor({ otCtl.hasNat64PrefixInNetdata() }, Duration.ofSeconds(10))
+ infraNetworkTracker = TestTunNetworkUtils.setUpInfraNetwork(context, controller)
+ infraNetworkReader = newPacketReader(infraNetworkTracker.testIface, handler)
+ udpEchoServer = TestUdpEchoServer(infraNetworkReader, UDP_ECHO_SERVER_ADDRESS)
+ val ftd = ftds[0]
+ joinNetworkAndWaitForOmr(ftd, DEFAULT_DATASET)
+ waitFor({ otCtl.hasNat64PrefixInNetdata() }, Duration.ofSeconds(10))
+ udpEchoServer.start()
+
+ ftd.udpOpen()
+ ftd.udpSend("Hello,Thread", UDP_ECHO_SERVER_ADDRESS.address, UDP_ECHO_SERVER_ADDRESS.port)
+ val reply = ftd.udpReceive()
+ assertThat(reply).isEqualTo("Hello,Thread")
+ }
+
private fun extractIpv4AddressFromMappedAddress(address: InetAddress): Inet4Address {
return InetAddress.getByAddress(address.address.slice(12 until 16).toByteArray())
as Inet4Address
diff --git a/thread/tests/integration/src/android/net/thread/ServiceDiscoveryTest.java b/thread/tests/integration/src/android/net/thread/ServiceDiscoveryTest.java
index 2afca5f..6c2a9bb 100644
--- a/thread/tests/integration/src/android/net/thread/ServiceDiscoveryTest.java
+++ b/thread/tests/integration/src/android/net/thread/ServiceDiscoveryTest.java
@@ -30,6 +30,8 @@
import static com.google.common.truth.Truth.assertThat;
import static org.junit.Assert.assertThrows;
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeTrue;
import static java.nio.charset.StandardCharsets.UTF_8;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
@@ -50,6 +52,9 @@
import androidx.test.filters.LargeTest;
import androidx.test.runner.AndroidJUnit4;
+import com.android.net.module.util.DeviceConfigUtils;
+import com.android.net.module.util.HexDump;
+
import com.google.common.truth.Correspondence;
import org.junit.After;
@@ -64,6 +69,7 @@
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
+import java.util.Locale;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.CompletableFuture;
@@ -441,6 +447,40 @@
.containsExactly("key1", bytes(0x01, 0x02), "key2", bytes(3));
}
+ @Test
+ // TODO: move this case out of ServiceDiscoveryTest when the service discovery utilities
+ // are decoupled from this test.
+ public void trelFeatureFlagEnabled_trelServicePublished() throws Exception {
+ assumeTrue(
+ DeviceConfigUtils.getDeviceConfigPropertyBoolean(
+ "thread_network", "TrelFeature__enabled", false));
+
+ NsdServiceInfo discoveredService = discoverService(mNsdManager, "_trel._udp");
+ assertThat(discoveredService).isNotNull();
+ // Resolve service with the current TREL port, otherwise it may return stale service from
+ // a previous infra link setup.
+ NsdServiceInfo trelService =
+ resolveServiceUntil(
+ mNsdManager, discoveredService, s -> s.getPort() == mOtCtl.getTrelPort());
+
+ Map<String, byte[]> txtMap = trelService.getAttributes();
+ assertThat(HexDump.toHexString(txtMap.get("xa")).toLowerCase(Locale.ROOT))
+ .isEqualTo(mOtCtl.getExtendedAddr().toLowerCase(Locale.ROOT));
+ assertThat(HexDump.toHexString(txtMap.get("xp")).toLowerCase(Locale.ROOT))
+ .isEqualTo(mOtCtl.getExtendedPanId().toLowerCase(Locale.ROOT));
+ }
+
+ @Test
+ // TODO: move this case out of ServiceDiscoveryTest when the service discovery utilities
+ // are decoupled from this test.
+ public void trelFeatureFlagDisabled_trelServiceNotPublished() throws Exception {
+ assumeFalse(
+ DeviceConfigUtils.getDeviceConfigPropertyBoolean(
+ "thread_network", "TrelFeature__enabled", false));
+
+ assertThrows(TimeoutException.class, () -> discoverService(mNsdManager, "_trel._udp"));
+ }
+
private void registerService(NsdServiceInfo serviceInfo, RegistrationListener listener)
throws InterruptedException, ExecutionException, TimeoutException {
mNsdManager.registerService(serviceInfo, PROTOCOL_DNS_SD, listener);
diff --git a/thread/tests/integration/src/android/net/thread/utils/IntegrationTestUtils.kt b/thread/tests/integration/src/android/net/thread/utils/IntegrationTestUtils.kt
index c3859c1..07d0390 100644
--- a/thread/tests/integration/src/android/net/thread/utils/IntegrationTestUtils.kt
+++ b/thread/tests/integration/src/android/net/thread/utils/IntegrationTestUtils.kt
@@ -649,57 +649,6 @@
)
}
- private fun defaultLinkProperties(): LinkProperties {
- val lp = LinkProperties()
- // TODO: use a fake DNS server
- lp.setDnsServers(listOf(parseNumericAddress("8.8.8.8")))
- // NAT64 feature requires the infra network to have an IPv4 default route.
- lp.addRoute(
- RouteInfo(
- IpPrefix("0.0.0.0/0") /* destination */,
- null /* gateway */,
- null /* iface */,
- RouteInfo.RTN_UNICAST, 1500 /* mtu */
- )
- )
- return lp
- }
-
- @JvmStatic
- @JvmOverloads
- fun startInfraDeviceAndWaitForOnLinkAddr(
- pollPacketReader: PollPacketReader,
- macAddress: MacAddress = MacAddress.fromString("1:2:3:4:5:6")
- ): InfraNetworkDevice {
- val infraDevice = InfraNetworkDevice(macAddress, pollPacketReader)
- infraDevice.runSlaac(Duration.ofSeconds(60))
- requireNotNull(infraDevice.ipv6Addr)
- return infraDevice
- }
-
- @JvmStatic
- @JvmOverloads
- @Throws(java.lang.Exception::class)
- fun setUpInfraNetwork(
- context: Context,
- controller: ThreadNetworkControllerWrapper,
- lp: LinkProperties = defaultLinkProperties()
- ): TestNetworkTracker {
- val infraNetworkTracker: TestNetworkTracker =
- runAsShell(
- MANAGE_TEST_NETWORKS,
- supplier = { initTestNetwork(context, lp, setupTimeoutMs = 5000) })
- val infraNetworkName: String = infraNetworkTracker.testIface.getInterfaceName()
- controller.setTestNetworkAsUpstreamAndWait(infraNetworkName)
-
- return infraNetworkTracker
- }
-
- @JvmStatic
- fun tearDownInfraNetwork(testNetworkTracker: TestNetworkTracker) {
- runAsShell(MANAGE_TEST_NETWORKS) { testNetworkTracker.teardown() }
- }
-
/**
* Stop the ot-daemon by shell command.
*/
diff --git a/thread/tests/integration/src/android/net/thread/utils/OtDaemonController.java b/thread/tests/integration/src/android/net/thread/utils/OtDaemonController.java
index afb0fc7..9fbfa45 100644
--- a/thread/tests/integration/src/android/net/thread/utils/OtDaemonController.java
+++ b/thread/tests/integration/src/android/net/thread/utils/OtDaemonController.java
@@ -144,6 +144,18 @@
executeCommand("netdata register");
}
+ public int getTrelPort() {
+ return Integer.parseInt(executeCommandAndParse("trel port").get(0));
+ }
+
+ public String getExtendedAddr() {
+ return executeCommandAndParse("extaddr").get(0);
+ }
+
+ public String getExtendedPanId() {
+ return executeCommandAndParse("extpanid").get(0);
+ }
+
public String executeCommand(String cmd) {
return SystemUtil.runShellCommand(OT_CTL + " " + cmd);
}
diff --git a/thread/tests/integration/src/android/net/thread/utils/TestTunNetworkUtils.kt b/thread/tests/integration/src/android/net/thread/utils/TestTunNetworkUtils.kt
new file mode 100644
index 0000000..1667980
--- /dev/null
+++ b/thread/tests/integration/src/android/net/thread/utils/TestTunNetworkUtils.kt
@@ -0,0 +1,93 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.net.thread.utils
+
+import android.Manifest.permission.MANAGE_TEST_NETWORKS
+import android.content.Context
+import android.net.InetAddresses.parseNumericAddress
+import android.net.IpPrefix
+import android.net.LinkProperties
+import android.net.MacAddress
+import android.net.RouteInfo
+import com.android.testutils.PollPacketReader
+import com.android.testutils.TestNetworkTracker
+import com.android.testutils.initTestNetwork
+import com.android.testutils.runAsShell
+import java.time.Duration
+
+object TestTunNetworkUtils {
+ private val networkTrackers = mutableListOf<TestNetworkTracker>()
+
+ @JvmStatic
+ @JvmOverloads
+ fun setUpInfraNetwork(
+ context: Context,
+ controller: ThreadNetworkControllerWrapper,
+ lp: LinkProperties = defaultLinkProperties(),
+ ): TestNetworkTracker {
+ val infraNetworkTracker: TestNetworkTracker =
+ runAsShell(
+ MANAGE_TEST_NETWORKS,
+ supplier = { initTestNetwork(context, lp, setupTimeoutMs = 5000) },
+ )
+ val infraNetworkName: String = infraNetworkTracker.testIface.getInterfaceName()
+ controller.setTestNetworkAsUpstreamAndWait(infraNetworkName)
+ networkTrackers.add(infraNetworkTracker)
+
+ return infraNetworkTracker
+ }
+
+ @JvmStatic
+ fun tearDownInfraNetwork(testNetworkTracker: TestNetworkTracker) {
+ runAsShell(MANAGE_TEST_NETWORKS) { testNetworkTracker.teardown() }
+ }
+
+ @JvmStatic
+ fun tearDownAllInfraNetworks() {
+ networkTrackers.forEach { tearDownInfraNetwork(it) }
+ networkTrackers.clear()
+ }
+
+ @JvmStatic
+ @JvmOverloads
+ fun startInfraDeviceAndWaitForOnLinkAddr(
+ pollPacketReader: PollPacketReader,
+ macAddress: MacAddress = MacAddress.fromString("1:2:3:4:5:6"),
+ ): InfraNetworkDevice {
+ val infraDevice = InfraNetworkDevice(macAddress, pollPacketReader)
+ infraDevice.runSlaac(Duration.ofSeconds(60))
+ requireNotNull(infraDevice.ipv6Addr)
+ return infraDevice
+ }
+
+ private fun defaultLinkProperties(): LinkProperties {
+ val lp = LinkProperties()
+ // TODO: use a fake DNS server
+ lp.setDnsServers(listOf(parseNumericAddress("8.8.8.8")))
+ // NAT64 feature requires the infra network to have an IPv4 default route.
+ lp.addRoute(
+ RouteInfo(
+ IpPrefix("0.0.0.0/0") /* destination */,
+ null /* gateway */,
+ null /* iface */,
+ RouteInfo.RTN_UNICAST,
+ 1500, /* mtu */
+ )
+ )
+ return lp
+ }
+}
diff --git a/thread/tests/unit/Android.bp b/thread/tests/unit/Android.bp
index c6a24ea..53b1eca 100644
--- a/thread/tests/unit/Android.bp
+++ b/thread/tests/unit/Android.bp
@@ -35,6 +35,7 @@
static_libs: [
"androidx.test.rules",
"frameworks-base-testutils",
+ "framework-configinfrastructure.stubs.module_lib",
"framework-connectivity-pre-jarjar",
"framework-connectivity-t-pre-jarjar",
"framework-location.stubs.module_lib",
diff --git a/thread/tests/unit/src/com/android/server/thread/ThreadNetworkControllerServiceTest.java b/thread/tests/unit/src/com/android/server/thread/ThreadNetworkControllerServiceTest.java
index e188491..dcbb3f5 100644
--- a/thread/tests/unit/src/com/android/server/thread/ThreadNetworkControllerServiceTest.java
+++ b/thread/tests/unit/src/com/android/server/thread/ThreadNetworkControllerServiceTest.java
@@ -17,6 +17,8 @@
package com.android.server.thread;
import static android.Manifest.permission.NETWORK_SETTINGS;
+import static android.Manifest.permission.WRITE_ALLOWLISTED_DEVICE_CONFIG;
+import static android.Manifest.permission.WRITE_DEVICE_CONFIG;
import static android.net.NetworkCapabilities.NET_CAPABILITY_INTERNET;
import static android.net.NetworkCapabilities.NET_CAPABILITY_NOT_VPN;
import static android.net.NetworkCapabilities.TRANSPORT_ETHERNET;
@@ -34,6 +36,7 @@
import static com.android.server.thread.ThreadNetworkCountryCode.DEFAULT_COUNTRY_CODE;
import static com.android.server.thread.openthread.IOtDaemon.ErrorCode.OT_ERROR_INVALID_STATE;
+import static com.android.testutils.TestPermissionUtil.runAsShell;
import static com.google.common.io.BaseEncoding.base16;
import static com.google.common.truth.Truth.assertThat;
@@ -85,6 +88,7 @@
import android.os.SystemClock;
import android.os.UserManager;
import android.os.test.TestLooper;
+import android.provider.DeviceConfig;
import android.util.AtomicFile;
import androidx.test.annotation.UiThreadTest;
@@ -102,6 +106,7 @@
import com.android.server.thread.openthread.OtDaemonConfiguration;
import com.android.server.thread.openthread.testing.FakeOtDaemon;
+import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
@@ -258,6 +263,14 @@
mService.setTestNetworkAgent(mMockNetworkAgent);
}
+ @After
+ public void tearDown() throws Exception {
+ runAsShell(
+ WRITE_DEVICE_CONFIG,
+ WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ () -> DeviceConfig.deleteProperty("thread_network", "TrelFeature__enabled"));
+ }
+
@Test
public void initialize_tunInterfaceAndNsdPublisherSetToOtDaemon() throws Exception {
when(mMockTunIfController.getTunFd()).thenReturn(mMockTunFd);
@@ -324,6 +337,35 @@
}
@Test
+ public void initialize_trelFeatureDisabled_trelDisabledAtOtDaemon() throws Exception {
+ runAsShell(
+ WRITE_DEVICE_CONFIG,
+ WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ () ->
+ DeviceConfig.setProperty(
+ "thread_network", "TrelFeature__enabled", "false", false));
+
+ mService.initialize();
+ mTestLooper.dispatchAll();
+
+ assertThat(mFakeOtDaemon.isTrelEnabled()).isFalse();
+ }
+
+ @Test
+ public void initialize_trelFeatureEnabled_setTrelEnabledAtOtDamon() throws Exception {
+ runAsShell(
+ WRITE_DEVICE_CONFIG,
+ WRITE_ALLOWLISTED_DEVICE_CONFIG,
+ () ->
+ DeviceConfig.setProperty(
+ "thread_network", "TrelFeature__enabled", "true", false));
+ mService.initialize();
+ mTestLooper.dispatchAll();
+
+ assertThat(mFakeOtDaemon.isTrelEnabled()).isTrue();
+ }
+
+ @Test
public void getMeshcopTxtAttributes_emptyVendorName_accepted() {
when(mResources.getString(eq(R.string.config_thread_vendor_name))).thenReturn("");