summaryrefslogtreecommitdiff
path: root/tests/unit/java/com/android/server/ConnectivityServiceTest.java
Commit message (Collapse)AuthorAgeFilesLines
* Add 3rd deny firewall chain for OEMMotomu Utsumi2022-06-071-1/+5
| | | | | | | | | | | Bug: 208371987 Test: atest CtsNetTestCases:android.net.cts.ConnectivityManagerTest#testFirewallBlocking ConnectivityServiceTest Change-Id: Ib521fa02f6a19270cb88a3d85321bda822516c78 (cherry picked from commit 1d9054ba5fbbf86c821e0a74a5a2f9d3c9865e67) Merged-In: Ib521fa02f6a19270cb88a3d85321bda822516c78
* Add deny firewall chain for OEMMotomu Utsumi2022-06-031-0/+97
| | | | | | | | | | | | Bug: 207773349 Bug: 208371987 Test: atest CtsNetTestCases:android.net.cts.ConnectivityManagerTest#testFirewallBlocking --iterations 50 && atest ConnectivityServiceTest --iterations 10 Change-Id: I60d5540821abcced03356f366775f16ee369d7f9 (cherry picked from commit d980149817948d11de0631caee8aee3172e4e159) Merged-In: I60d5540821abcced03356f366775f16ee369d7f9
* Test VpnManager event for CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGEDlucaslin2022-05-231-1/+3
| | | | | | | | Bug: 225010642 Test: atest FrameworksNetTests:VpnTest Change-Id: I078be4e00470efd9d7a2a87b40919116b99c83b8 (cherry picked from commit 0772c169b59e0536a68486a921f9144c5732faff) Merged-In: I078be4e00470efd9d7a2a87b40919116b99c83b8
* Changing automotive ethernet allowed UIDs checkJames Mattis2022-05-191-4/+4
| | | | | | | | | | | | Updating the automotive allowed UIDs check to only work if the capabilities have a single transport equal to ethernet. CP of https://r.android.com/2101472 Bug: 229419469 Test: atest FrameworksNetTests Change-Id: I91e987d6b943a3c5986ab88553a6eef0d479b079 Merged-In: I91e987d6b943a3c5986ab88553a6eef0d479b079
* Allow ethernet on automotive to set allowed UIDsJames Mattis2022-05-191-23/+56
| | | | | | | | | | | | Allow ethernet factories on automotive devices to set the allowed UIDs on NetworkCapabilities. CP of https://r.android.com/2072767 Bug: 229419469 Test: atest FrameworksNetTests Change-Id: I03e7cda75f1c530e0d0e4a756330bc9847a96668 Merged-In: I03e7cda75f1c530e0d0e4a756330bc9847a96668
* Block incoming packets in VPN Lockdown mode.Motomu Utsumi2022-05-171-8/+85
| | | | | | | | | | | | | | | Currently, even when VPN Lockdown mode is enabled, incoming packets are not dropped if VPN is not connected. This commit fixed this issue. After this commit, If VPN Lockdown mode is enabled, incoming packets are dropped regardless of the VPN connectivity. Bug: 206482423 Test: atest TrafficControllerTest ConnectivityServiceTest PermissionMonitorTest Change-Id: If52ece613c8aac1073355e43b6fb9cb3fcc87d1d (cherry picked from commit b08654ca0450d021da709a762ab509a8d4f87d40) Merged-In: If52ece613c8aac1073355e43b6fb9cb3fcc87d1d
* Modify VPN unit tests to include SDK sandbox UIDs.Martijn Coenen2022-05-121-13/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | VPN configurations in T should automatically include the corresponding SDK sandbox UID of an application. The existing tests used a UID range outside the regular application range, which means the new sandbox UIDs wouldn't be tested. Modified the UIDs to run in the regular UID range of [10000, 19999]. Changed the tests to include the SDK sandbox UID where necessary. Also, changed the entire class to only run on T+, since that is the only place where the SDK sandbox UIDs will be added. Since VPN code is not mainline updatable, having coverage on earlier releases doesn't really help anyway. Finally, fixed up testNetworkBlockedStatusAlwaysOnVpn() in ConnectivityServiceTest, and only have that run on T+ for the same reasons. Bug: 225317905 Test: atest VpnTest Test: atest ConnectivityServiceTest Change-Id: I83009344c270e520ac8ad1558c067cf7e46b1d2e Merged-In: I83009344c270e520ac8ad1558c067cf7e46b1d2e
* Merge changes from topic ↵Paul Hu2022-05-121-5/+3
|\ | | | | | | | | | | | | | | "cherrypicker-L53700000954454916:N44100001263878999" into tm-dev * changes: Check carrier privilege for CBS network requests synchronously Allow 3p apps to request restricted networks
| * Check carrier privilege for CBS network requests synchronouslyjunyulai2022-05-111-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Normally if an app calls requestNetwork with capabilities that it does not have permission to request, it gets a SecurityException, except if it requests NET_CAPABILITY_CBS, in which case the request will not throw but the app will get an onUnavailable callback. Make this codepath throw as well. This simplifies the code and makes the app-visible behaviour more consistent (and consistent with what happens in S and below). The reason the code was written this way is because the carrier privilege app should receive a callback if it loses permission. But onUnavailable is also not the best callback to send, since it is used very rarely and also releases the app's request. It seems better to leave the request registered and send onLost. Test: atest FrameworksNetTests Bug: 194332512 Change-Id: I5eaeb415a6654851246e38599a996fbd9366fde0 (cherry picked from commit 96bd9fe4dec806ba615691d091b2f696ecd798fe) Merged-In: I5eaeb415a6654851246e38599a996fbd9366fde0
* | Fallback should be evaluated for each preferenceSooraj Sasindran2022-05-111-0/+252
|/ | | | | | | | | | | | | | | | 1) alowFallback flag was incorrectly not reset while setting profile preference. Corrected it. 2) Threw exception if default preference and enterprise preference are set together 3) renamed clearUser to withoutUser Bug: 231670730 Test: ConnectivityServiceTest Change-Id: If92ebe0cc23f18c8808893926d5e1d12ff2e3650 Merged-In: Iaf49237bdc791c7e1dd884d069eff64e74757477
* Do not remove profile network preference for different uidsSooraj Sasindran2022-05-091-9/+7
| | | | | | | | | | | | Multiple enterprise slice can be setup within single user profile based on different uids. So do not remove profile network preference with same user profile but with different uids Bug: 229644102 Test: manual system test and ConnectivityServciceTest Change-Id: I897b643e01240958fff575de9e15182069efc698 (cherry picked from commit 9cc129f37d2ceeaafdcc5ad05402810ae035288c) Merged-In: I897b643e01240958fff575de9e15182069efc698
* Add more tests for setProfileNetworkPreferencesSooraj Sasindran2022-05-091-0/+144
| | | | | | | | | | | | 1. Test that adding a new preference replaces the existing preference. 2. Test that if we pass in two simultaneous preferences for the same user. (e.g., two different groups of apps), the second overrides the first. Bug: 229644102 Test: ConnectivityServciceTest Change-Id: I819247711f8457b12792585216ff47be31457ae8 (cherry picked from commit 95e02c5d5a216037720d16888678f5f0fe0b54c8) Merged-In: I819247711f8457b12792585216ff47be31457ae8
* Follow-up 2076940: Allow device owner to configure profile network preferenceVadim Caen2022-05-051-0/+1
| | | | | | | | | | | | | | https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/2076940 Fixes build failure Bug: 231104107 Bug: 226966328 Bug: 231071836 Test: tests/unit/java/com/android/server/ConnectivityServiceTest.java Change-Id: I7b6a3880ce0b0b9ad6fc6aa7a5fd4e249bb1606d (cherry picked from commit baade1ca1e9b07d57ef620051ab7efbb85fcdbaf) Merged-In: I7b6a3880ce0b0b9ad6fc6aa7a5fd4e249bb1606d
* Allow device owner to configure profile network preferenceSooraj Sasindran2022-05-041-1/+41
| | | | | | | | | | | | | | | isMangedProfile returns true for managed profiles. But enterprise device can be fully managed like device owner. Hence check specifically if request is coming on fully managed device. Bug: 226966328 Bug: 231071836 Test: ran DevicePolicyManager CTS and ConnectivityServiceTest Change-Id: I7827466bd61e24ba9c36c3a2e25043257e2ed602 (cherry picked from commit bb65aa8fc24fe3325e0a4b5197dda3904ea2589d) Merged-In: I7827466bd61e24ba9c36c3a2e25043257e2ed602
* Merge "[CLATJ#27] Use ClatdCoordinator since T+ devices" am: b4bf6cea38 am: ↵Maciej Żenczykowski2022-04-211-30/+102
|\ | | | | | | | | | | | | | | | | 8d75a93995 Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/1951099 Change-Id: I3878e5359349d8195e8741ea69ae437edab68909 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
| * [CLATJ#27] Use ClatdCoordinator since T+ devicesHungming Chen2022-04-211-30/+102
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - For clatd start and stop, use ClatdCoordinator on T+ and Netd on S- - Fix the unit test for T+ and S- devices Note that mokito.verify(.., times(1)) is replaced by verify(..) because times(1) is the default and can be omitted. See verify in mockito/src/main/java/org/mockito/Mockito.java Note that this commit needs to be merged with aosp/1956072. Bug: 212345928 Test: atest FrameworksNetTests manual test 1. Connect to ipv6-only wifi. 2. Try IPv4 traffic. $ ping 8.8.8.8 3. Check bpf entries are added 4. Disconnect from ipv6-only wifi. 5. Check bpf entries are removed 6. testipv4.com shows 10/10 Change-Id: I7dfda6eec19de94e4258971effcd8a1210542473
* | Fix permission bypass problem for Tethering deprecated APIsmarkchien2022-04-191-0/+36
|/ | | | | | | | | | | | | | Since the tethering functions in ConnectivityService is delegated to TetheringManager instance and get caches informataion in TetheringManager without checking ACCESS_NETWORK_STATE permission. If application use reflection call getTetherXXX functions in ConnectivityService, it can get tethering status with no additional execution privileges needed. Bug: 162952629 Test: manual Ignore-AOSP-First: security fix Change-Id: I5b897f216db19fead6ba6ac07915aa0f6ff5bf42
* Merge "Add tests for VPN validation in NetworkMonitor"Chiachang Wang2022-03-281-0/+8
|\
| * Add tests for VPN validation in NetworkMonitorChalard Jean2022-03-231-0/+8
| | | | | | | | | | | | | | Test: New tests in this patch also FrameworksNetTests Test: atest CtsNetTestCases CtsNetTestCasesLatestSdk Change-Id: I68aa5201ad94531e5a40999816844faef5531525
* | Allow sending of Administrator UIDs for *NETWORK_STACKBenedict Wong2022-03-181-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | This change allows callers with the NETWORK_STACK or PERMISSION_NETWORK_STACK to receive administrator UIDs. This will be used by the VCN to ensure that administrator UIDs are accurately populated, ensuring that the ConnectivityDiagnostics are triggered for the VCN. Bug: 193204385 Test: atest ConnectivityServiceTest Change-Id: I3ecfbef6847dcc78adac05d0229719c97e3a220c
* | Merge "Support ignoring validation failures after roam."Lorenzo Colitti2022-03-181-0/+89
|\ \
| * | Support ignoring validation failures after roam.he_won.hwang2022-03-181-0/+89
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In some scenarios, Wi-Fi connectivity is disrupted after roam. If an application reacts to network errors by calling reportNetworkConnectivity(false), validation will immediately fail and the device will switch to cell data. Add a way to ignore these validation failures for up to 10 seconds after Wi-Fi roams. Bug: 216567577 Test: new unit tests Change-Id: I58de486533bcc7c6e32b23536ae15bccb779e394
* | | Rename setAccessUids to setAllowedUidsChalard Jean2022-03-161-23/+23
|/ / | | | | | | | | | | | | Bug: 217725769 Test: ConnectivityServiceTest CtsNetTestCases Change-Id: Ic8a3f91553d1462b7f54259c467fb90a950bdd59 Merged-In: I8860fbb353eedf5d01e9dc248e4d765046bd562c
* | Merge "Use int array for included and excluded uids"Sooraj Sasindran2022-03-161-17/+18
|\ \
| * | Use int array for included and excluded uidsSooraj Sasindran2022-03-161-17/+18
| |/ | | | | | | | | | | | | | | | | Use int array for included and excluded uids so that uses same data type as in PreferentialNetworkServiceConfig Bug: 217365439 Test: ran connectivity service unit tests Change-Id: I9ac7e6498df2fd20b8397b2c110296e019c7389e
* / Build ethernet framework source into framework-connectivity-tiramisuXiao Ma2022-03-141-0/+2
|/ | | | | | | | | | | | | | - move ethernet APIs, build it into framework-connectivity-tiramisu - start ethernet service from ConnectivityServiceInitializer - fix EthernetManager dependnecy in Tethering module - fix EthernetNetworkSpecifier dependency in framework-connectivity - fix the ethernet related config resource Bug: 210586283 Test: m Test: atest FrameworksNetTests EthernetServiceTests Change-Id: I54857b8517649048a343c72797668394d5225766 Merged-In: I54857b8517649048a343c72797668394d5225766
* Don't attempt to enable rate-limiting before T.Lorenzo Colitti2022-03-071-5/+29
| | | | | | | | | | | | Rate-limiting cannot work because the BPF program is in the mainline version of netd.c, which is placed into net_shared and thus cannot run pre-T. Disable it entirely to ensure no impact on S. Test: atest ConnectivityCoverageTests:com.android.server.ConnectivityServiceTest on AOSP Test: atest ConnectivityCoverageTests:com.android.server.ConnectivityServiceTest on S Change-Id: I47521a100f8287ecdece25e810db8f3cade46778
* Do not enable ingress rate limit until clsact qdisc existsPatrick Rohr2022-03-021-0/+7
| | | | | | | | | | The tc police filter attaches to the clsact qdisc, so the rate limit cannot be enabled before the qdisc is added to the interface. The clsact qdisc is added as part of INetd#networkAddInterface, which is called from inside updateLinkProperties. Test: atest FrameworksNetTests:ConnectivityServiceTest Change-Id: I0713605ff3684f8271eb3f0e29ab7116561963f1
* Merge "Make sure the right NetworkMonitor start method is called on S-/T+"Treehugger Robot2022-02-251-0/+5
|\
| * Make sure the right NetworkMonitor start method is called on S-/T+Chalard Jean2022-02-231-0/+5
| | | | | | | | | | Test: ConnectivityServiceTest Change-Id: I6a7f0143082236e30d2e3878147df2c921ff5539
* | Merge "Fix : recent Connectivity module with old NetworkStack module"Jean Chalard2022-02-221-0/+1
|\|
| * Fix : recent Connectivity module with old NetworkStack moduleChalard Jean2022-02-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This patch adjusts the behavior of the NetworkMonitor mock to behave the same way as the real one – accept either notifyNetworkConnected or notifyNetworkConnectedParcel as a signal a network is connected. This is necessary because the Connectivity module will call either of these depending on versions of other software it finds on the device. Test: ConnectivityServiceTest NetworkMonitorTest Change-Id: I5900a019b3b033f4365d8a82b1e522336012064e
* | Mock more resources for VPNs.Lorenzo Colitti2022-02-221-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | These also cause ConnectivityCoverageTests to fail when built from master and run on S. They are used in Vpn.java, not LockdownVpnTracker. They were not addressed in the previous CL because running this test locally is difficult. Test: forrest Change-Id: I7d687338fd6bc7468b1abcae58898322554e647b
* | Mock resources used directly by LockdownVpnTracker.Lorenzo Colitti2022-02-221-0/+16
|/ | | | | | | | | | | | | | LockdownVpnTracker directly uses resources from com.android.internal.R. This is acceptable because it's platform code. But ConnectivityServiceTest uses the LockdownVpnTracker built from the module source tree, and when that code fetches resources on a previous Android release, it crashes because the resource IDs don't exist; non-public resource IDs aren't stable. Fix this by mocking the resources used by LockdownVpnTracker. Test: atest ConnectivityCoverageTests Change-Id: I239a18a38d4f1082f76f5ff1b831c15ee753bdfd
* Merge changes from topic "bandwidth-limiting"Patrick Rohr2022-02-091-1/+176
|\ | | | | | | | | | | * changes: Add bandwidth limiting to CS Add setting that controls network rate limit
| * Add bandwidth limiting to CSPatrick Rohr2022-02-091-1/+176
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds ingress rate limiting functionality to ConnectivityService. The tc rate limit is installed before we tell netd about the interface, and removed after the network is removed from netd. When the setting changes, the old rate limit needs to be removed before a new one can be added (unfortunately, we cannot use NLM_F_REPLACE when configuring the tc-police filter). Currently, this functionality is always enabled, but may or may not work based on kernel support. Bug: 157552970 Test: atest FrameworksNetTests:ConnectivityServiceTest Change-Id: I4e64b2c40490f061e42b40a1b1b3a6618c3d1a87
* | Pass the NetworkAgentConfig to NetworkMonitor.Chalard Jean2022-02-091-1/+1
|/ | | | | | | | | When the network is a VPN, NetworkMonitor needs to know whether the VPN requests validation, and that information is stored in NetworkAgentConfig. Pass it. Test: FrameworksNetTests Change-Id: I3616f0796b69ce054d92213aafdef43ba7041596
* Accept accessUids from telephony when it's the carrier config appChalard Jean2022-02-021-12/+133
| | | | | Test: FrameworksNetTests, new test in this patch Change-Id: I50fab91e107c51d33a5e529c73b83db198a88d2c
* Clean up BpfNetMapsKen Chen2022-02-011-17/+23
| | | | | | | | Cleans up BpfNetMaps.java before enabling mainline code path. Bug: 202086915 Test: atest FrameworksNetTests Change-Id: I28e5d63ed4624df540b1ca47b71899cff7321ded
* Send access UIDs to netdChalard Jean2022-01-311-0/+75
| | | | | Test: FrameworkNetTests CtsNetTestCases Change-Id: I8301abaddf5850071fa23d41e8e736ab7071e299
* Add accessUids to NetworkCapabilities.Chalard Jean2022-01-311-3/+33
| | | | | | | | For now, all entry points reject this. Followup changes will allow the supported use cases. Test: new unit tests and CTS for this in this patch Change-Id: I7262811a2e46336d3bb63c80886fc0578a36da94
* Allow Carrier app to request for CBS capabilitySooraj Sasindran2022-01-301-0/+16
| | | | | | Test: unit test and CTS Bug: 194332512 Change-Id: I29680b56d790106ad082f1a398c2bddb030f834a
* Add support for Multiple enterprise sliceSooraj Sasindran2022-01-221-10/+118
| | | | | | | Bug: 194332512 Test: unit test CTS-Coverage-Bug: 211133973 Change-Id: Ie8be08a7cfa9155168d1da146d02fd1643248bdc
* Ability to specify which all applications fall under enterprise slice.Sooraj Sasindran2022-01-211-28/+263
| | | | | | Bug: 194332512 Test: unit test Change-Id: I94549a41aaa717add22b0a3e5035beacf6f1b8f2
* Ability for DPM to specify fallback mechanismSooraj Sasindran2022-01-131-31/+105
| | | | | | Bug: 194332512 Test: unit test Change-Id: Id4d85da8f64e7559326c4657b8833dac3ce5ce3d
* Add excludeLocalRoutes in NativeNetworkConfigChiachang Wang2022-01-111-2/+2
| | | | | | | | | | Add extra field in NativeNetworkConfig to allow CS to notify netd whether the local traffic should be excluded from the VPN network. Bug: 184750836 Test: atest FrameworksNetworkTests Change-Id: If230fe7057722c80a09433673ac3cec857f7a7a5
* Added a new network capability MMTELJack Yu2021-12-211-1/+3
| | | | | | | | | | | | | | | Added NET_CAPABILITY_MMTEL to indicate a network support MMTEL (Multimedia telephony). This is for IMS service to request an IMS network that supports voice or PS (VoPS for 4G, VoNR for 5G). This was previously submitted as aosp/1927841, but which got reverted due to breaking the mainline build, which uses the pre-built module. Bug: 210774375 Test: atest ConnectivityServiceTest Change-Id: If8b691ff4999a4dbf54e7567d9ca74d743dc5ded
* Revert "Added a new network capability MMTEL"Martijn Coenen2021-12-211-3/+1
| | | | | | | | | | | | | | | | | Revert "Added setup/tear down data support" Revert "Added a new network capability MMTEL" Revert submission 1927643-mmtel_capability Reason for revert: b/211586152 Reverted Changes: Ifea8b1e40:Added a new network capability MMTEL I38655bef2:Added a new network capability MMTEL I837606d9e:Added setup/tear down data support I2c7b291fe:Added a new network capability MMTEL Change-Id: Ie9b0b0d9017ef8aea7fbb56dda522e7c433144b9
* Added a new network capability MMTELJack Yu2021-12-161-1/+3
| | | | | | | | | | | Added NET_CAPABILITY_MMTEL to indicate a network support MMTEL (Multimedia telephony). This is for IMS service to request an IMS network that supports voice or PS (VoPS for 4G, VoNR for 5G). Bug: 210774375 Test: atest ConnectivityServiceTest Change-Id: Ifea8b1e40f65c610e925a27be873930fee2df693
* Merge "Save uid netd network permissions" am: 6fafdc1548Paul Hu2021-11-291-3/+2
|\ | | | | | | | | | | Original change: https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/1773890 Change-Id: Ibff437f91017017cc6fcc7e456e621e2ad81995a
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 22:57:30 +0000