(in preparation for moving it into netbpfload)

The programs themselves (in bpf_progs/block.c) required a 5.4+ kernel.

We relax this restriction to 4.19+ as we don't have any 5.4 device coverage
(while the pixel 4a 5G / 5 / 5a are all 4.19 devices).

I believe we could relax it further to 4.14+ but Pixel 4/4xl/4a that
would exercise those code paths are EOL and probably have poor to
non existent test coverage, and we cannot do anything for 4.9 T devices
anyway.

Note: on <4.19 kernels (ie. T devices running 4.9/4.14, U running 4.14)
this results in ConnectivityNativeService going from null to initialized
(as the bpf map will exist).

This doesn't hurt as the set/clear port interfaces are only ever
called by vendor code on devices where the kernel doesn't support
the older mechanism.  And even if you call them it will just set/clear
the bits in the bpf bitmap, they just won't actually affect anything.

We could flag the map itself as being 4.19+ as well, but I think
I prefer the no-op map to exist...

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I1085addd22f4f3b709e1875049633832c5dac836

Bug: 303299687
Test: atest
Change-Id: Iad740804a59599dd33add1ea85aa4771e0e4bd35

This is written based on observation that
  testStartVpnProfileNoPreviousConsent()
appears to result in the right things happening when running
  adb logcat | egrep --color -i 'Switched from |protect'
ie. it results in:
  I netd    : networkSetProtectDeny(<ctsappuid>) <0.01ms>
  I Vpn     : Switched from android.net.cts to [Legacy VPN]
  I netd    : networkSetProtectAllow(1000) <0.00ms>

Which disallows the CTS uid, and allows AID_SYSTEM.

That in turn appears to be the 'default' state of things.

So this basically copies that logic into tearDown()

Test: atest android.net.cts.{Ikev2VpnTest,VpnServiceTest} --iterations 2
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic9cca56097d78ae48157e808081de2ebb76635e8

For general internet access, a specialized slice is generally
not preferable to a non-specialized network.

Test: new test in this patch
Change-Id: I052ce923300566807999b2f20f5911181fb761dd

This is masking an exception in setUp() and makes debugging difficult

Test: treehugger
Change-Id: I8b5b80c4171d45076dd02bab5ff4b6dc81d98086

- Watches don't support VPN apps.
- The HostsideVpnTests CTS tests are already skipped on watches.
- The tests for VpnManager VPNs do run on watches, but there isn't
  actually a way to start a VpnManager VPN on a watch because there is
  no way to display the consent dialog to the user.
- The VpnService CTS tests verify the VpnService API on watches
  bypassing the consent dialogs.
- Because there is no way to start a VPN app on a watch, there's no
  point requiring the VPN CTS tests to pass.

This CL disables the remaining VPN CTS tests on watches. This allows
watches to disable the VPN service, reducing startup time and memory
usage.

Bug: 286240194
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: Idb7110232ae7e45cafc265cd4f955c2a6b22361c

Android's clat is for reaching the internet, which in general
never has an ipv4 L3 mtu higher than 1500.

(We could probably hit this on a jumboframe enabled IPv6-only
wifi network [ http://b/292057969#comment18

 ] where RA claims
MTU of 9K [9170])

Bug: 292057969
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I7a32455571458b8a3f1121ad980d54323b2ef06b

Network tracing was only available on userdebug and eng builds. This
change makes it available on all build types behind a flag.

Bug: 298197881
Test: flash & trace, toggle flag on/off
Change-Id: I75d854aee74adf7e23f7a970b20233790f9b0354

Test: FrameworksNetTests
      Note that carrierPrivilegeAuthenticatorTest is already
      an @Parameterized test with flag = on and off, so it
      already tests both.
Change-Id: I52fcfd3f21a13d7a39952ba828464ce6ef4085c2

This will be easier to read when this behavior is diverted
based on a flag

Test: FrameworksNetTests
Change-Id: Ifd7abd8ad82cb8307b1cd8535ac5fa82004404e6

Test: CarrierPrivilegeAuthenticatorTest
Change-Id: Ia28c6abca67866c1de953cb61953a0d2882cd7e2

This reverts commit cbe17558.

Reason for revert: we found the culprit for the flakiness and b/272147742 is fixed.

Change-Id: I672c42bb57184393588666b6196f3a316f8c99c7

The transaction id is a number that is used to identify a
specific query packet. But it's not necessary for probing
or announcing services, so the transaction id is not
currently used on advertising when creating a MdnsPacket or
decoding the response to a MdnsPacket. This means that it is not
possible to track which query packets have received
responses. Therefore, store the transaction id so that
it can be used for subsequent query packet changes.

Bug: 302269599
Test: atest FrameworksNetTests
Change-Id: I6734752b32b91678afb7df06e1fa51237cf70894

Do not avoid captive portal on wear proxy network; keep network agent
after detecting portal.

Bug: 291112432
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.ConnectivityServiceTest
Change-Id: I8f6669da62ebd76b6a46d2aec9b3ea563a08cb5e

Ikev2VpnProfile related shims are no longer needed since
downstream branch was moved to udc branch. This commit
also update the methods that are used to do the SDK check
because of the removal of shims.

Test: atest CtsNetTestCases
Change-Id: I4efe65f87ace02b1f1649bf15ccf0ba06fd90486

NetworkStatsManagerTest issues NetworkRequests but does not release
them. In addition, it performs blocking operations inside the
onAvailable() callback that runs on the shared ConnectivityThread
impacting tests that run later.

Test: TH
Bug: 272147742
Change-Id: Ide2f5ba0b12752099d7665deaa9050463cd7ebee

aosp/2724918 moved processing netd events for 464xlat to the
handler thread.

This CL makes 464xlat run the code that processes those events
inline. This simplifies the code and makes the ordering of events
more similar to what it was before.

Bug: 293965195
Fix: 302071735
Test: existing unit tests
Change-Id: I18b0d491aff94646b878a3d3488b5519fd42783c

Because the WifiManager can not be obtained in instant mode, the test
should only runs in AppModeFull.

Bug: 300219769
Test: TH
Change-Id: If5049a68dce23aafa3c9b8a59bf9a759c9532541

testFirewallCloseSocketAllowlistChainOtherUid sets the firewall rule on
myUid + 1 and confirms this does not affect the network access from
myUid.
This test failed when there is an existing firewall rule on myUid.
This CL cleans up the existing rule on myUid before running the test and
restores the existing state after the test.

Bug: 299898772
Test: atest CtsNetTestCases
Change-Id: I9083ac41a64a8b81a8b4616c0d57a25355f5d53c

The issue seems to be that some other network may become
available or change capabilities before Lost happens, as
can be the case with real networks like in CTS.

Test: TH
Bug: 289879931
Change-Id: I849f3b7d99f5d5195a3bbd3c39720923597a51d9

- Ability to mock enabled changes, which is necessary for
  requestNetwork
- Ability to disconnect an agent

Test: in aosp/2761506
Change-Id: If2701f1fff29453e74a4b388758c6ee3a16a5734

Although the launcher should be visible due to the <queries> declaration
in the manifest, there are sometimes flakes indicating that the access
to the package was blocked due to visibility rules.

Try adding QUERY_ALL_PACKAGES to see whether it resolves the flakes.

Bug: 286550950
Test: atest
Change-Id: I24dcf19c040b63fea55f82db412ffcd40670e6fc

Test that when a responder only responds with the exact records that
were queried, so only reply for PTR in discovery, only send SRV, TXT,
A, AAAA when asked explicitly, service resolve succeeds.

This ensures that the querier sends followup queries for each record.
See RFC6763 12., especially the last paragraph.

Bug: 267570781
Bug: 267371243
Test: atest NsdManagerTest
Change-Id: Ia392e80c1e27b479c6177d19f6b4be6032dcb1cd

The mDNS library need to be backported to some internal library which
support minSdk 21. Therefore, updated the build rules to add the linter
check.

Bug: 296175311
Test: TH
Change-Id: Iae0bffa315dc6de2339a05f595b13480fa7385ae

Add end-to-end testing for testing NsdManager advertising and
discovering works fine with downstream tethering interfaces.

Bug: 281639507
Test: atest NsdManagerTest
Change-Id: I5a66423f216cfe0c82db5128502c885980ab264b

The test flake is likely caused by a carrier configuration
update. After the update is complete, the shell permission is
dropped, which causes the test network setup to fail due to a
lack of permission. The test network setup should also be
protected by a synchronized lock to avoid permission lost.

Bug: 296980394
Test: atest android.net.cts.ConnectivityDiagnosticsManagerTest \
      --iteration 50
Change-Id: I3c7a0a92cddeb7c0f41a11b929f72714f8b22c05

The isLegacy field of Nsd metrics should indicate whether the
data was collected from the old backend or not. However, it is
currently only dependent on the ENABLE_PLATFORM_MDNS_BACKEND
compat change value, which is incorrect. This is because the
NsdService always uses the new backend since Android U,
regardless of the compat change value. Therefore, the isLegacy
data should be obtained from each transaction.

Bug: 287546772
Bug: 299880473
Test: atest FrameworksNetTestCases NsdManagerTest
Change-Id: I156abd656b90578d710696a69ccf7dfca97a2c9c

As connectivity pre-check was added to CtsNativeNetDnsTestCases
recently, this CL is needed as well.

Bug: 298886804
Test: TreeHugger
Change-Id: I3c26920e8609256470cd2b8c37fc1f33f56c39fd

Test: ConnectivitySampleMetricsTest
Change-Id: I0afdda023208c3f8620cb5b89add66448af596d7

This sets up what is necessary for an instrumented
ConnectivityService to run. Users of this class are
meant to inherit CSTest.

This is still relatively basic and does not have all the
instrumentation in ConnectivityServiceTest. Developers
looking to extend CSTest may find some instrumentation
missing ; when they add the missing instrumentation,
they should consider whether it should be generic for all
CSTests (and put it in base/), or whether it's local to
their own test suite. This should enable faster testing
as each CSTest children will only need to set up the
instrumentation it actually needs.

This patch also migrates a basic test to have a first user.

Bug: 272685721
Test: ConnectivityServiceTest
      CSBasicMethodsTest
Change-Id: I1c47f616af90629c9cb2a6ae89d992b19863e704

Bug: 297482971
Test: TH
Change-Id: I6f2cdd066d9047b113ff80211cf6d4c6fa605104

Bug: 298729534
Test: atest com.android.cts.net.HostsideConnOnActivityStartTest
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:eaf030ea96f3af817e8b301c8edf48f79d7f229d)
Merged-In: I58a23e927cd14b973048e34566350eeef215f7db
Change-Id: I58a23e927cd14b973048e34566350eeef215f7db

Verify that the extra info for validation logs in the
NetworkInfo is set.

Bug: 297790570
Test: atest FrameworksNetTests
Change-Id: I5b77b3bab30154b7979cda003274cde0d834a5fb

Test: TreeHugger
Bug: 291025434
Bug: 289802481
Bug: 294510745
Change-Id: I3c9646468834305e48c531040640e05f80b1c5e7

This allows using assumptions to skip tests.

Test: atest CtsHostsideNetworkTests
Change-Id: Ic1fc41c1ca0c30b6b7350c413d710d959b9a5013

Test: test-only change
Change-Id: If3702cf9c3a36e3b7cb1853784f1a8ff98d7be07

Report more advertising metrics data below when the service is
unregistered.
- Replied request count (sum across interfaces)
- Sent packet count (including announcements and probes)
- Number of conflicts during probing
- Nubmer of conflicts after probing

Bug: 287546772
Test: atest FrameworksNetTestCases NsdManagerTest
Merged-In: I50c54a35dc523422e3a7302c059bbbc38eac5631
Change-Id: I50c54a35dc523422e3a7302c059bbbc38eac5631

There was no such method in R release, use SdkLevel to check
framework version and use different API accordingly.

Test: TH
Fix: 297768044
Change-Id: I357c0d56646ffd5eb018b6bb4efe47d4c48e71d3

Per RFC6762#10.1, the cache flush bit should be false for
existing announcement. Otherwise, the record will be deleted
immediately when receiving this response.

Bug: 299054783
Test: atest FrameworksNetTestCases NsdManagerTest
Change-Id: I8bf1a5b1914b49720862836abb543b232185f5f5

Add the missing logic to send the rawOffloadPacket to OffloadEngine.

Bug: 297314970
Test: atest CtsNetTestCases FrameworksNetTestCases
Change-Id: I06d7a9bb84df72808eff4f0c9df60f7e60aa2a2c