Merge "Block incoming non-VPN packets to apps under fully-routed VPN"
diff --git a/core/java/android/net/StaticIpConfiguration.java b/core/java/android/net/StaticIpConfiguration.java
index fb5acfa..f01e213 100644
--- a/core/java/android/net/StaticIpConfiguration.java
+++ b/core/java/android/net/StaticIpConfiguration.java
@@ -114,8 +114,8 @@
}
/**
- * Get a {@link String} listing in priority order of the comma separated domains to search when
- * resolving host names on the link.
+ * Get a {@link String} containing the comma separated domains to search when resolving host
+ * names on this link, in priority order.
*/
public @Nullable String getDomains() {
return domains;
diff --git a/core/java/android/net/TestNetworkInterface.java b/core/java/android/net/TestNetworkInterface.java
index 30e68f5..8455083 100644
--- a/core/java/android/net/TestNetworkInterface.java
+++ b/core/java/android/net/TestNetworkInterface.java
@@ -27,8 +27,6 @@
*/
@TestApi
public final class TestNetworkInterface implements Parcelable {
- private static final String TAG = "TestNetworkInterface";
-
private final ParcelFileDescriptor mFileDescriptor;
private final String mInterfaceName;
diff --git a/core/java/android/net/TestNetworkManager.java b/core/java/android/net/TestNetworkManager.java
index cd58e66..e274005 100644
--- a/core/java/android/net/TestNetworkManager.java
+++ b/core/java/android/net/TestNetworkManager.java
@@ -17,7 +17,6 @@
import android.annotation.NonNull;
import android.annotation.TestApi;
-import android.content.Context;
import android.os.IBinder;
import android.os.RemoteException;
@@ -33,11 +32,9 @@
@NonNull private static final String TAG = TestNetworkManager.class.getSimpleName();
@NonNull private final ITestNetworkManager mService;
- @NonNull private final Context mContext;
/** @hide */
- public TestNetworkManager(@NonNull Context context, @NonNull ITestNetworkManager service) {
- mContext = Preconditions.checkNotNull(context, "missing Context");
+ public TestNetworkManager(@NonNull ITestNetworkManager service) {
mService = Preconditions.checkNotNull(service, "missing ITestNetworkManager");
}
@@ -88,4 +85,21 @@
throw e.rethrowFromSystemServer();
}
}
+
+ /**
+ * Create a tap interface for testing purposes
+ *
+ * @return A ParcelFileDescriptor of the underlying TAP interface. Close this to tear down the
+ * TAP interface.
+ * @hide
+ */
+ @TestApi
+ public TestNetworkInterface createTapInterface() {
+ try {
+ return mService.createTapInterface();
+ } catch (RemoteException e) {
+ throw e.rethrowFromSystemServer();
+ }
+ }
+
}
diff --git a/services/core/java/com/android/server/TestNetworkService.java b/services/core/java/com/android/server/TestNetworkService.java
index e64ab78..40bf7bc 100644
--- a/services/core/java/com/android/server/TestNetworkService.java
+++ b/services/core/java/com/android/server/TestNetworkService.java
@@ -60,6 +60,7 @@
@NonNull private static final String TAG = TestNetworkService.class.getSimpleName();
@NonNull private static final String TEST_NETWORK_TYPE = "TEST_NETWORK";
@NonNull private static final String TEST_TUN_PREFIX = "testtun";
+ @NonNull private static final String TEST_TAP_PREFIX = "testtap";
@NonNull private static final AtomicInteger sTestTunIndex = new AtomicInteger();
@NonNull private final Context mContext;
@@ -70,7 +71,7 @@
@NonNull private final Handler mHandler;
// Native method stubs
- private static native int jniCreateTun(@NonNull String iface);
+ private static native int jniCreateTunTap(boolean isTun, @NonNull String iface);
@VisibleForTesting
protected TestNetworkService(
@@ -85,23 +86,23 @@
}
/**
- * Create a TUN interface with the given interface name and link addresses
+ * Create a TUN or TAP interface with the given interface name and link addresses
*
- * <p>This method will return the FileDescriptor to the TUN interface. Close it to tear down the
- * TUN interface.
+ * <p>This method will return the FileDescriptor to the interface. Close it to tear down the
+ * interface.
*/
- @Override
- public TestNetworkInterface createTunInterface(@NonNull LinkAddress[] linkAddrs) {
+ private TestNetworkInterface createInterface(boolean isTun, LinkAddress[] linkAddrs) {
enforceTestNetworkPermissions(mContext);
checkNotNull(linkAddrs, "missing linkAddrs");
- String iface = TEST_TUN_PREFIX + sTestTunIndex.getAndIncrement();
+ String ifacePrefix = isTun ? TEST_TUN_PREFIX : TEST_TAP_PREFIX;
+ String iface = ifacePrefix + sTestTunIndex.getAndIncrement();
return Binder.withCleanCallingIdentity(
() -> {
try {
ParcelFileDescriptor tunIntf =
- ParcelFileDescriptor.adoptFd(jniCreateTun(iface));
+ ParcelFileDescriptor.adoptFd(jniCreateTunTap(isTun, iface));
for (LinkAddress addr : linkAddrs) {
mNetd.interfaceAddAddress(
iface,
@@ -116,6 +117,28 @@
});
}
+ /**
+ * Create a TUN interface with the given interface name and link addresses
+ *
+ * <p>This method will return the FileDescriptor to the TUN interface. Close it to tear down the
+ * TUN interface.
+ */
+ @Override
+ public TestNetworkInterface createTunInterface(@NonNull LinkAddress[] linkAddrs) {
+ return createInterface(true, linkAddrs);
+ }
+
+ /**
+ * Create a TAP interface with the given interface name
+ *
+ * <p>This method will return the FileDescriptor to the TAP interface. Close it to tear down the
+ * TAP interface.
+ */
+ @Override
+ public TestNetworkInterface createTapInterface() {
+ return createInterface(false, new LinkAddress[0]);
+ }
+
// Tracker for TestNetworkAgents
@GuardedBy("mTestNetworkTracker")
@NonNull
@@ -310,7 +333,7 @@
public void teardownTestNetwork(int netId) {
enforceTestNetworkPermissions(mContext);
- TestNetworkAgent agent;
+ final TestNetworkAgent agent;
synchronized (mTestNetworkTracker) {
agent = mTestNetworkTracker.get(netId);
}
@@ -325,14 +348,10 @@
agent.teardown();
}
- // STOPSHIP: Change this back to android.Manifest.permission.MANAGE_TEST_NETWORKS
- private static final String PERMISSION_NAME = "dummy";
+ private static final String PERMISSION_NAME =
+ android.Manifest.permission.MANAGE_TEST_NETWORKS;
public static void enforceTestNetworkPermissions(@NonNull Context context) {
- // STOPSHIP: Re-enable these checks. Disabled until adoptShellPermissionIdentity() can be
- // called from CTS test code.
- if (false) {
- context.enforceCallingOrSelfPermission(PERMISSION_NAME, "TestNetworkService");
- }
+ context.enforceCallingOrSelfPermission(PERMISSION_NAME, "TestNetworkService");
}
}
diff --git a/services/core/jni/com_android_server_TestNetworkService.cpp b/services/core/jni/com_android_server_TestNetworkService.cpp
index b90ff23..36a6fde 100644
--- a/services/core/jni/com_android_server_TestNetworkService.cpp
+++ b/services/core/jni/com_android_server_TestNetworkService.cpp
@@ -54,12 +54,12 @@
jniThrowException(env, "java/lang/IllegalStateException", msg.c_str());
}
-static int createTunInterface(JNIEnv* env, const char* iface) {
+static int createTunTapInterface(JNIEnv* env, bool isTun, const char* iface) {
base::unique_fd tun(open("/dev/tun", O_RDWR | O_NONBLOCK));
ifreq ifr{};
// Allocate interface.
- ifr.ifr_flags = IFF_TUN | IFF_NO_PI;
+ ifr.ifr_flags = (isTun ? IFF_TUN : IFF_TAP) | IFF_NO_PI;
strlcpy(ifr.ifr_name, iface, IFNAMSIZ);
if (ioctl(tun.get(), TUNSETIFF, &ifr)) {
throwException(env, errno, "allocating", ifr.ifr_name);
@@ -80,23 +80,23 @@
//------------------------------------------------------------------------------
-static jint create(JNIEnv* env, jobject /* thiz */, jstring jIface) {
+static jint create(JNIEnv* env, jobject /* thiz */, jboolean isTun, jstring jIface) {
ScopedUtfChars iface(env, jIface);
if (!iface.c_str()) {
jniThrowNullPointerException(env, "iface");
return -1;
}
- int tun = createTunInterface(env, iface.c_str());
+ int tun = createTunTapInterface(env, isTun, iface.c_str());
- // Any exceptions will be thrown from the createTunInterface call
+ // Any exceptions will be thrown from the createTunTapInterface call
return tun;
}
//------------------------------------------------------------------------------
static const JNINativeMethod gMethods[] = {
- {"jniCreateTun", "(Ljava/lang/String;)I", (void*)create},
+ {"jniCreateTunTap", "(ZLjava/lang/String;)I", (void*)create},
};
int register_android_server_TestNetworkService(JNIEnv* env) {
diff --git a/tests/net/Android.bp b/tests/net/Android.bp
index c8ef82e..9098f90 100644
--- a/tests/net/Android.bp
+++ b/tests/net/Android.bp
@@ -49,7 +49,6 @@
"libselinux",
"libui",
"libutils",
- "libvintf",
"libvndksupport",
"libtinyxml2",
"libunwindstack",
diff --git a/tests/net/smoketest/Android.bp b/tests/net/smoketest/Android.bp
new file mode 100644
index 0000000..ef1ad2c
--- /dev/null
+++ b/tests/net/smoketest/Android.bp
@@ -0,0 +1,17 @@
+// This test exists only because the jni_libs list for these tests is difficult to
+// maintain: the test itself only depends on libnetworkstatsfactorytestjni, but the test
+// fails to load that library unless *all* the dependencies of that library are explicitly
+// listed in jni_libs. This means that whenever any of the dependencies changes the test
+// starts failing and breaking presubmits in frameworks/base. We cannot easily put
+// FrameworksNetTests into global presubmit because they are at times flaky, but this
+// test is effectively empty beyond validating that the libraries load correctly, and
+// thus should be stable enough to put in global presubmit.
+//
+// TODO: remove this hack when there is a better solution for jni_libs that includes
+// dependent libraries.
+android_test {
+ name: "FrameworksNetSmokeTests",
+ defaults: ["FrameworksNetTests-jni-defaults"],
+ srcs: ["java/SmokeTest.java"],
+ test_suites: ["device-tests"],
+}