Merge "Merge sc-dev-plus-aosp-without-vendor@7634622" into stage-aosp-master
diff --git a/framework/src/android/net/NetworkCapabilities.java b/framework/src/android/net/NetworkCapabilities.java
index 5bd0af8..447f626 100644
--- a/framework/src/android/net/NetworkCapabilities.java
+++ b/framework/src/android/net/NetworkCapabilities.java
@@ -814,6 +814,19 @@
}
/**
+ * @see #restrictCapabilitiesForTestNetwork(int)
+ * @deprecated Use {@link #restrictCapabilitiesForTestNetwork(int)} (without the typo) instead.
+ * @hide
+ */
+ @Deprecated
+ public void restrictCapabilitesForTestNetwork(int creatorUid) {
+ // Do not remove without careful consideration: this method has a typo in its name but is
+ // called by the first S CTS releases, therefore it cannot be removed from the connectivity
+ // module as long as such CTS releases are valid for testing S devices.
+ restrictCapabilitiesForTestNetwork(creatorUid);
+ }
+
+ /**
* Test networks have strong restrictions on what capabilities they can have. Enforce these
* restrictions.
* @hide
diff --git a/tests/common/java/android/net/NetworkCapabilitiesTest.java b/tests/common/java/android/net/NetworkCapabilitiesTest.java
index 3d0cb92..382fa1f 100644
--- a/tests/common/java/android/net/NetworkCapabilitiesTest.java
+++ b/tests/common/java/android/net/NetworkCapabilitiesTest.java
@@ -75,6 +75,7 @@
import androidx.test.runner.AndroidJUnit4;
import com.android.testutils.CompatUtil;
+import com.android.testutils.ConnectivityModuleTest;
import com.android.testutils.DevSdkIgnoreRule;
import com.android.testutils.DevSdkIgnoreRule.IgnoreUpTo;
@@ -1168,7 +1169,7 @@
assertEquals(0, nc.getCapabilities().length);
}
- @Test @IgnoreUpTo(Build.VERSION_CODES.R)
+ @Test @IgnoreUpTo(Build.VERSION_CODES.R) @ConnectivityModuleTest
public void testRestrictCapabilitiesForTestNetwork() {
final int ownerUid = 1234;
final int[] administratorUids = {1001, ownerUid};
diff --git a/tests/cts/net/src/android/net/cts/ConnectivityDiagnosticsManagerTest.java b/tests/cts/net/src/android/net/cts/ConnectivityDiagnosticsManagerTest.java
index a40c92d..721ad82 100644
--- a/tests/cts/net/src/android/net/cts/ConnectivityDiagnosticsManagerTest.java
+++ b/tests/cts/net/src/android/net/cts/ConnectivityDiagnosticsManagerTest.java
@@ -73,6 +73,7 @@
import android.telephony.CarrierConfigManager;
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
+import android.util.ArraySet;
import android.util.Pair;
import androidx.test.InstrumentationRegistry;
@@ -92,7 +93,9 @@
import java.security.MessageDigest;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
+import java.util.Set;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.Executor;
import java.util.concurrent.TimeUnit;
@@ -293,7 +296,7 @@
final String interfaceName =
mConnectivityManager.getLinkProperties(network).getInterfaceName();
- connDiagsCallback.expectOnConnectivityReportAvailable(
+ connDiagsCallback.maybeVerifyConnectivityReportAvailable(
network, interfaceName, TRANSPORT_CELLULAR, NETWORK_VALIDATION_RESULT_VALID);
connDiagsCallback.assertNoCallback();
}
@@ -426,10 +429,15 @@
cb.expectOnNetworkConnectivityReported(mTestNetwork, hasConnectivity);
// All calls to #onNetworkConnectivityReported are expected to be accompanied by a call to
- // #onConnectivityReportAvailable for S+ (for R, ConnectivityReports were only sent when the
- // Network was re-validated - when reported connectivity != known connectivity).
- if (SdkLevel.isAtLeastS() || !hasConnectivity) {
+ // #onConnectivityReportAvailable for T+ (for R, ConnectivityReports were only sent when the
+ // Network was re-validated - when reported connectivity != known connectivity). On S,
+ // recent module versions will have the callback, but not the earliest ones.
+ if (!hasConnectivity) {
cb.expectOnConnectivityReportAvailable(mTestNetwork, interfaceName);
+ } else if (SdkLevel.isAtLeastS()) {
+ cb.maybeVerifyConnectivityReportAvailable(mTestNetwork, interfaceName, TRANSPORT_TEST,
+ getPossibleDiagnosticsValidationResults(),
+ SdkLevel.isAtLeastT() /* requireCallbackFired */);
}
cb.assertNoCallback();
@@ -485,18 +493,25 @@
// Test Networks both do not require validation and are not tested for validation. This
// results in the validation result being reported as SKIPPED for S+ (for R, the
// platform marked these Networks as VALID).
- final int expectedNetworkValidationResult =
- SdkLevel.isAtLeastS()
- ? NETWORK_VALIDATION_RESULT_SKIPPED
- : NETWORK_VALIDATION_RESULT_VALID;
- expectOnConnectivityReportAvailable(
- network, interfaceName, TRANSPORT_TEST, expectedNetworkValidationResult);
+
+ maybeVerifyConnectivityReportAvailable(network, interfaceName, TRANSPORT_TEST,
+ getPossibleDiagnosticsValidationResults(), true);
}
- public void expectOnConnectivityReportAvailable(@NonNull Network network,
+ public void maybeVerifyConnectivityReportAvailable(@NonNull Network network,
@NonNull String interfaceName, int transportType, int expectedValidationResult) {
+ maybeVerifyConnectivityReportAvailable(network, interfaceName, transportType,
+ new ArraySet<>(Collections.singletonList(expectedValidationResult)), true);
+ }
+
+ public void maybeVerifyConnectivityReportAvailable(@NonNull Network network,
+ @NonNull String interfaceName, int transportType,
+ Set<Integer> possibleValidationResults, boolean requireCallbackFired) {
final ConnectivityReport result =
(ConnectivityReport) mHistory.poll(CALLBACK_TIMEOUT_MILLIS, x -> true);
+ if (!requireCallbackFired && result == null) {
+ return;
+ }
assertEquals(network, result.getNetwork());
final NetworkCapabilities nc = result.getNetworkCapabilities();
@@ -508,8 +523,8 @@
final PersistableBundle extras = result.getAdditionalInfo();
assertTrue(extras.containsKey(KEY_NETWORK_VALIDATION_RESULT));
final int actualValidationResult = extras.getInt(KEY_NETWORK_VALIDATION_RESULT);
- assertEquals("Network validation result is incorrect",
- expectedValidationResult, actualValidationResult);
+ assertTrue("Network validation result is incorrect: " + actualValidationResult,
+ possibleValidationResults.contains(actualValidationResult));
assertTrue(extras.containsKey(KEY_NETWORK_PROBES_SUCCEEDED_BITMASK));
final int probesSucceeded = extras.getInt(KEY_NETWORK_VALIDATION_RESULT);
@@ -556,6 +571,19 @@
}
}
+ private static Set<Integer> getPossibleDiagnosticsValidationResults() {
+ final Set<Integer> possibleValidationResults = new ArraySet<>();
+ possibleValidationResults.add(NETWORK_VALIDATION_RESULT_SKIPPED);
+
+ // In S, some early module versions will return NETWORK_VALIDATION_RESULT_VALID.
+ // Starting from T, all module versions should only return SKIPPED. For platform < T,
+ // accept both values.
+ if (!SdkLevel.isAtLeastT()) {
+ possibleValidationResults.add(NETWORK_VALIDATION_RESULT_VALID);
+ }
+ return possibleValidationResults;
+ }
+
private class CarrierConfigReceiver extends BroadcastReceiver {
// CountDownLatch used to wait for this BroadcastReceiver to be notified of a CarrierConfig
// change. This latch will be counted down if a broadcast indicates this package has carrier
diff --git a/tests/unit/java/com/android/server/ConnectivityServiceTest.java b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
index 1608241..d0cdf20 100644
--- a/tests/unit/java/com/android/server/ConnectivityServiceTest.java
+++ b/tests/unit/java/com/android/server/ConnectivityServiceTest.java
@@ -7857,8 +7857,8 @@
mMockVpn.disconnect();
}
- @Test
- public void testIsActiveNetworkMeteredOverVpnSpecifyingUnderlyingNetworks() throws Exception {
+ @Test
+ public void testIsActiveNetworkMeteredOverVpnSpecifyingUnderlyingNetworks() throws Exception {
// Returns true by default when no network is available.
assertTrue(mCm.isActiveNetworkMetered());
mCellNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_CELLULAR);
@@ -8423,6 +8423,52 @@
mCm.unregisterNetworkCallback(vpnDefaultCallbackAsUid);
}
+ @Test
+ public void testVpnExcludesOwnUid() throws Exception {
+ // required for registerDefaultNetworkCallbackForUid.
+ mServiceContext.setPermission(NETWORK_SETTINGS, PERMISSION_GRANTED);
+
+ // Connect Wi-Fi.
+ mWiFiNetworkAgent = new TestNetworkAgentWrapper(TRANSPORT_WIFI);
+ mWiFiNetworkAgent.connect(true /* validated */);
+
+ // Connect a VPN that excludes its UID from its UID ranges.
+ final LinkProperties lp = new LinkProperties();
+ lp.setInterfaceName(VPN_IFNAME);
+ final int myUid = Process.myUid();
+ final Set<UidRange> ranges = new ArraySet<>();
+ ranges.add(new UidRange(0, myUid - 1));
+ ranges.add(new UidRange(myUid + 1, UserHandle.PER_USER_RANGE - 1));
+ mMockVpn.setUnderlyingNetworks(new Network[]{mWiFiNetworkAgent.getNetwork()});
+ mMockVpn.establish(lp, myUid, ranges);
+
+ // Wait for validation before registering callbacks.
+ waitForIdle();
+
+ final int otherUid = myUid + 1;
+ final Handler h = new Handler(ConnectivityThread.getInstanceLooper());
+ final TestNetworkCallback otherUidCb = new TestNetworkCallback();
+ final TestNetworkCallback defaultCb = new TestNetworkCallback();
+ final TestNetworkCallback perUidCb = new TestNetworkCallback();
+ registerDefaultNetworkCallbackAsUid(otherUidCb, otherUid);
+ mCm.registerDefaultNetworkCallback(defaultCb, h);
+ doAsUid(Process.SYSTEM_UID,
+ () -> mCm.registerDefaultNetworkCallbackForUid(myUid, perUidCb, h));
+
+ otherUidCb.expectAvailableCallbacksValidated(mMockVpn);
+ // BUG (b/195265065): the default network for the VPN app is actually Wi-Fi, not the VPN.
+ defaultCb.expectAvailableCallbacksValidated(mMockVpn);
+ perUidCb.expectAvailableCallbacksValidated(mMockVpn);
+ // getActiveNetwork is not affected by this bug.
+ assertEquals(mMockVpn.getNetwork(), mCm.getActiveNetworkForUid(myUid + 1));
+ assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetwork());
+ assertEquals(mWiFiNetworkAgent.getNetwork(), mCm.getActiveNetworkForUid(myUid));
+
+ doAsUid(otherUid, () -> mCm.unregisterNetworkCallback(otherUidCb));
+ mCm.unregisterNetworkCallback(defaultCb);
+ doAsUid(Process.SYSTEM_UID, () -> mCm.unregisterNetworkCallback(perUidCb));
+ }
+
private void setupLegacyLockdownVpn() {
final String profileName = "testVpnProfile";
final byte[] profileTag = profileName.getBytes(StandardCharsets.UTF_8);
@@ -10490,6 +10536,12 @@
mCellNetworkAgent.connect(true);
callback.expectAvailableThenValidatedCallbacks(mCellNetworkAgent);
callback.assertNoCallback();
+
+ // Make sure a report is sent and that the caps are suitably redacted.
+ verify(mConnectivityDiagnosticsCallback, timeout(TIMEOUT_MS))
+ .onConnectivityReportAvailable(argThat(report ->
+ areConnDiagCapsRedacted(report.getNetworkCapabilities())));
+ reset(mConnectivityDiagnosticsCallback);
}
private boolean areConnDiagCapsRedacted(NetworkCapabilities nc) {
@@ -10503,17 +10555,6 @@
}
@Test
- public void testConnectivityDiagnosticsCallbackOnConnectivityReportAvailable()
- throws Exception {
- setUpConnectivityDiagnosticsCallback();
-
- // Verify onConnectivityReport fired
- verify(mConnectivityDiagnosticsCallback, timeout(TIMEOUT_MS))
- .onConnectivityReportAvailable(argThat(report ->
- areConnDiagCapsRedacted(report.getNetworkCapabilities())));
- }
-
- @Test
public void testConnectivityDiagnosticsCallbackOnDataStallSuspected() throws Exception {
setUpConnectivityDiagnosticsCallback();
@@ -10530,9 +10571,6 @@
public void testConnectivityDiagnosticsCallbackOnConnectivityReported() throws Exception {
setUpConnectivityDiagnosticsCallback();
- // reset to ignore callbacks from setup
- reset(mConnectivityDiagnosticsCallback);
-
final Network n = mCellNetworkAgent.getNetwork();
final boolean hasConnectivity = true;
mService.reportNetworkConnectivity(n, hasConnectivity);
@@ -10564,9 +10602,6 @@
throws Exception {
setUpConnectivityDiagnosticsCallback();
- // reset to ignore callbacks from setup
- reset(mConnectivityDiagnosticsCallback);
-
// report known Connectivity from a different uid. Verify that network is not re-validated
// and this callback is not notified.
final Network n = mCellNetworkAgent.getNetwork();