Merge changes from topic "cherrypicker-L21100000961067008:N34400001375316978" into udc-dev
* changes:
Use netd socketDestroy for VPN in T-
Revert ConnectivityServiceDependencies access modifier
diff --git a/service/src/com/android/server/ConnectivityService.java b/service/src/com/android/server/ConnectivityService.java
index bc76bf0..b50ffc5 100755
--- a/service/src/com/android/server/ConnectivityService.java
+++ b/service/src/com/android/server/ConnectivityService.java
@@ -8604,10 +8604,18 @@
}
private void maybeCloseSockets(NetworkAgentInfo nai, Set<UidRange> ranges,
- Set<Integer> exemptUids) {
+ UidRangeParcel[] uidRangeParcels, int[] exemptUids) {
if (nai.isVPN() && !nai.networkAgentConfig.allowBypass) {
try {
- mDeps.destroyLiveTcpSockets(UidRange.toIntRanges(ranges), exemptUids);
+ if (mDeps.isAtLeastU()) {
+ final Set<Integer> exemptUidSet = new ArraySet<>();
+ for (final int uid: exemptUids) {
+ exemptUidSet.add(uid);
+ }
+ mDeps.destroyLiveTcpSockets(UidRange.toIntRanges(ranges), exemptUidSet);
+ } else {
+ mNetd.socketDestroy(uidRangeParcels, exemptUids);
+ }
} catch (Exception e) {
loge("Exception in socket destroy: ", e);
}
@@ -8615,16 +8623,16 @@
}
private void updateVpnUidRanges(boolean add, NetworkAgentInfo nai, Set<UidRange> uidRanges) {
- final Set<Integer> exemptUids = new ArraySet<>();
+ int[] exemptUids = new int[2];
// TODO: Excluding VPN_UID is necessary in order to not to kill the TCP connection used
// by PPTP. Fix this by making Vpn set the owner UID to VPN_UID instead of system when
// starting a legacy VPN, and remove VPN_UID here. (b/176542831)
- exemptUids.add(VPN_UID);
- exemptUids.add(nai.networkCapabilities.getOwnerUid());
+ exemptUids[0] = VPN_UID;
+ exemptUids[1] = nai.networkCapabilities.getOwnerUid();
UidRangeParcel[] ranges = toUidRangeStableParcels(uidRanges);
// Close sockets before modifying uid ranges so that RST packets can reach to the server.
- maybeCloseSockets(nai, uidRanges, exemptUids);
+ maybeCloseSockets(nai, uidRanges, ranges, exemptUids);
try {
if (add) {
mNetd.networkAddUidRangesParcel(new NativeUidRangeConfig(
@@ -8638,7 +8646,7 @@
" on netId " + nai.network.netId + ". " + e);
}
// Close sockets that established connection while requesting netd.
- maybeCloseSockets(nai, uidRanges, exemptUids);
+ maybeCloseSockets(nai, uidRanges, ranges, exemptUids);
}
private boolean isProxySetOnAnyDefaultNetwork() {
diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
index fb46328..82426c7 100755
--- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
@@ -387,6 +387,7 @@
import com.android.networkstack.apishim.common.UnsupportedApiLevelException;
import com.android.server.ConnectivityService.ConnectivityDiagnosticsCallbackInfo;
import com.android.server.ConnectivityService.NetworkRequestInfo;
+import com.android.server.ConnectivityServiceTest.ConnectivityServiceDependencies.DestroySocketsWrapper;
import com.android.server.ConnectivityServiceTest.ConnectivityServiceDependencies.ReportedInterfaces;
import com.android.server.connectivity.ApplicationSelfCertifiedNetworkCapabilities;
import com.android.server.connectivity.AutomaticOnOffKeepaliveTracker;
@@ -614,6 +615,7 @@
@Mock TetheringManager mTetheringManager;
@Mock BroadcastOptionsShim mBroadcastOptionsShim;
@Mock ActivityManager mActivityManager;
+ @Mock DestroySocketsWrapper mDestroySocketsWrapper;
// BatteryStatsManager is final and cannot be mocked with regular mockito, so just mock the
// underlying binder calls.
@@ -1864,7 +1866,7 @@
final Context mockResContext = mock(Context.class);
doReturn(mResources).when(mockResContext).getResources();
ConnectivityResources.setResourcesContextForTest(mockResContext);
- mDeps = spy(new ConnectivityServiceDependencies(mockResContext));
+ mDeps = new ConnectivityServiceDependencies(mockResContext);
mAutoOnOffKeepaliveDependencies =
new AutomaticOnOffKeepaliveTrackerDependencies(mServiceContext);
mService = new ConnectivityService(mServiceContext,
@@ -1927,8 +1929,7 @@
R.integer.config_networkWakeupPacketMark);
}
- // ConnectivityServiceDependencies is public to use Mockito.spy
- public class ConnectivityServiceDependencies extends ConnectivityService.Dependencies {
+ class ConnectivityServiceDependencies extends ConnectivityService.Dependencies {
final ConnectivityResources mConnRes;
ConnectivityServiceDependencies(final Context mockResContext) {
@@ -2167,15 +2168,24 @@
}
}
- @Override
- public void destroyLiveTcpSockets(final Set<Range<Integer>> ranges,
- final Set<Integer> exemptUids) {
- // This function is empty since the invocation of this method is verified by mocks
+ // Class to be mocked and used to verify destroy sockets methods call
+ public class DestroySocketsWrapper {
+ public void destroyLiveTcpSockets(final Set<Range<Integer>> ranges,
+ final Set<Integer> exemptUids){}
+ public void destroyLiveTcpSocketsByOwnerUids(final Set<Integer> ownerUids){}
}
- @Override
+ @Override @SuppressWarnings("DirectInvocationOnMock")
+ public void destroyLiveTcpSockets(final Set<Range<Integer>> ranges,
+ final Set<Integer> exemptUids) {
+ // Call mocked destroyLiveTcpSockets so that test can verify this method call
+ mDestroySocketsWrapper.destroyLiveTcpSockets(ranges, exemptUids);
+ }
+
+ @Override @SuppressWarnings("DirectInvocationOnMock")
public void destroyLiveTcpSocketsByOwnerUids(final Set<Integer> ownerUids) {
- // This function is empty since the invocation of this method is verified by mocks
+ // Call mocked destroyLiveTcpSocketsByOwnerUids so that test can verify this method call
+ mDestroySocketsWrapper.destroyLiveTcpSocketsByOwnerUids(ownerUids);
}
}
@@ -10275,7 +10285,7 @@
private void doTestSetFirewallChainEnabledCloseSocket(final int chain,
final boolean isAllowList) throws Exception {
- reset(mDeps);
+ reset(mDestroySocketsWrapper);
mCm.setFirewallChainEnabled(chain, true /* enabled */);
final Set<Integer> uids =
@@ -10283,13 +10293,13 @@
if (isAllowList) {
final Set<Range<Integer>> range = new ArraySet<>(
List.of(new Range<>(Process.FIRST_APPLICATION_UID, Integer.MAX_VALUE)));
- verify(mDeps).destroyLiveTcpSockets(range, uids);
+ verify(mDestroySocketsWrapper).destroyLiveTcpSockets(range, uids);
} else {
- verify(mDeps).destroyLiveTcpSocketsByOwnerUids(uids);
+ verify(mDestroySocketsWrapper).destroyLiveTcpSocketsByOwnerUids(uids);
}
mCm.setFirewallChainEnabled(chain, false /* enabled */);
- verifyNoMoreInteractions(mDeps);
+ verifyNoMoreInteractions(mDestroySocketsWrapper);
}
@Test @IgnoreUpTo(Build.VERSION_CODES.TIRAMISU)
@@ -12626,11 +12636,18 @@
private void assertVpnUidRangesUpdated(boolean add, Set<UidRange> vpnRanges, int exemptUid)
throws Exception {
- InOrder inOrder = inOrder(mMockNetd, mDeps);
+ InOrder inOrder = inOrder(mMockNetd, mDestroySocketsWrapper);
final Set<Integer> exemptUidSet = new ArraySet<>(List.of(exemptUid, Process.VPN_UID));
+ ArgumentCaptor<int[]> exemptUidCaptor = ArgumentCaptor.forClass(int[].class);
- inOrder.verify(mDeps).destroyLiveTcpSockets(UidRange.toIntRanges(vpnRanges),
- exemptUidSet);
+ if (mDeps.isAtLeastU()) {
+ inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets(
+ UidRange.toIntRanges(vpnRanges), exemptUidSet);
+ } else {
+ inOrder.verify(mMockNetd).socketDestroy(eq(toUidRangeStableParcels(vpnRanges)),
+ exemptUidCaptor.capture());
+ assertContainsExactly(exemptUidCaptor.getValue(), Process.VPN_UID, exemptUid);
+ }
if (add) {
inOrder.verify(mMockNetd, times(1)).networkAddUidRangesParcel(
@@ -12642,8 +12659,14 @@
toUidRangeStableParcels(vpnRanges), PREFERENCE_ORDER_VPN));
}
- inOrder.verify(mDeps).destroyLiveTcpSockets(UidRange.toIntRanges(vpnRanges),
- exemptUidSet);
+ if (mDeps.isAtLeastU()) {
+ inOrder.verify(mDestroySocketsWrapper).destroyLiveTcpSockets(
+ UidRange.toIntRanges(vpnRanges), exemptUidSet);
+ } else {
+ inOrder.verify(mMockNetd).socketDestroy(eq(toUidRangeStableParcels(vpnRanges)),
+ exemptUidCaptor.capture());
+ assertContainsExactly(exemptUidCaptor.getValue(), Process.VPN_UID, exemptUid);
+ }
}
@Test
@@ -17983,7 +18006,7 @@
final UidRange frozenUidRange = new UidRange(TEST_FROZEN_UID, TEST_FROZEN_UID);
final Set<UidRange> ranges = Collections.singleton(frozenUidRange);
- verify(mDeps).destroyLiveTcpSockets(eq(UidRange.toIntRanges(ranges)),
+ verify(mDestroySocketsWrapper).destroyLiveTcpSockets(eq(UidRange.toIntRanges(ranges)),
eq(exemptUids));
}