Classes that are used in framework.jar cannot be linked in NetworkStack,
as the framework takes precedence in the classpath. This prevents the
networkstack from using these classes due to the hidden API usage
detection.
Do the following:
- jarjar any shared source file between framework and NetworkStack, so
the version in the NetworkStack uses a different package.
- Move any shared class not used in the NetworkStack to services.net
The CL uses jarjar on the app copy and not the framework classes, as
the framework cannot be updated without an OTA, and non-network stack
specific classes should not be renamed because of the network stack.
Test: atest FrameworksNetTests NetworkStackTests
Test: flashed svelte build, WiFi works
Bug: 124033493
Change-Id: I85d888b756adc28c36638913632bfdfdbf0e0486
NetworkStack is only used in services.net or clients of services.net. It
cannot stay in framework.jar because it needs to depend on AIDL
interfaces, which would conflict with app implementations if they were
in framework.jar.
Test: atest FrameworksNetTests NetworkStackTests
Bug: 124033493
Change-Id: Ib1d08a3669983640119d008db7e2990fa798724f
Merged-In: I501b125a388c1100c2182bde4670944c2f0d7a02
ICaptivePortal is used in the framework and cannot be used as a
dependency in NetworkMonitor, as the framework class takes precedence
when linking.
Also fix NetworkMonitorTest that was not verifying the right
startCaptivePortalApp call.
Test: atest FrameworksNetTests NetworkStackTests
Bug: 124033493
Change-Id: I8e7bb79e50650ae182a2e4277fb49abf5fb6d910
Merged-In: Ib6a89e54312628662b130fbeec18d11e139f09fa
If included in framework.jar, the interfaces conflict with any app that
needs to depend on them, including the NetworkStack.
Bug: 124033493
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: I2db9f87b7154130726d4700b241d55b041635d98
Merged-In: I0ecae20d514bf888f3a80331f19369ceb1c52aa3
This change adds new network types for testing purposes, signifying a
network with an extremely limited feature set.
Bug: 72950854
Test: Compiles, CTS tests relying on this work correctly.
Change-Id: I06cade6044afd12e0b69ed3c2f160f27f85d43d0
Have the network stack pass its package name in
showProvisioningNotification instead.
Bug: 124033493
Test: flashed, WiFi and captive portal works
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: I1f3312768ba1fb34e99a827e1fcdaf7510e318a8
This ensures that the NetworkStack that is used on the device has a
signature that matches the NetworkStackPermissionsStub.
Test: flashed, WiFi working
Bug: 124033493
Change-Id: Ia1413a4e127e01ab707d3f4887cd39df72c751e3
The new set of API allows applications to request keepalives
offload for established TCP sockets over wifi.
However, the application must not write to or read from the
socket after calling this method, until specific callbacks are
called.
Bug: 114151147
Test: atest FrameworksNetTests FrameworksWifiTests NetworkStackTests
Change-Id: I3880505dbc35fefa34ef6c79555458ecf5d296a4
Endpoints protected with INTERACT_ACROSS_USERS_FULL, such as
startActivityAsUser, should only be used by modules signed with the
platform cert. The NetworkStack needs to have the system server start
the application so this restriction can be applied.
Bug: 123846255
Test: flashed, captive portal works from primary and secondary user
Change-Id: Ib3e427b3fd03ced80c02985e795f79b096a2ec9a
There are other, more idiomatic ways to do this. Deprecating this
with usage limited to P will curb usage and reduce the maintenance
load.
This also deprecates the extra EXTRA_NETWORK_TYPE, which has
survived from an old world but has only been used in deprecated
broadcasts for some time.
Bug: 109783091
Test: eyeball current.txt
Change-Id: I87b74833bb4ec362ee3fd07511a66d318c29067d
When offload is starting, socket will be switched to repair
mode. Read and write on the socket will not be allowed until
repair mode is turned off. If remote packet arrives, repair
mode will be turned off automatically and a callback will
be raised to indicate that socket is ready to read from.
Bug: 114151147
Test: -atest FrameworksNetTests
-manual
Change-Id: I0c335865912e183e7ad32a8ea12188f02ccde5fd
In previous change, the new SocketKeepalive API was exported.
But internally, old PacketKeepalive names and structures are
still used.
This change rename them properly for code consistency and also
refactor KeepalivePacketData to support different types of
KeepalivePacketData.
Bug: 114151147
Test: 1. atest FrameworksNetTests
2. atest FrameworksWifiTests
3. atest FrameworksTelephonyTests
Change-Id: Ia9917d12987e91e87e34ffb3f126e7bc7c9c187e
Merged-In: Ia9917d12987e91e87e34ffb3f126e7bc7c9c187e
The NetworkStackPermissionStub package is used to enforce that
permissions used by the NetworkStack are only used in packages
sharing signature with NetworkStackPermissionStub.
Permissions defined in this package are intended to be used only by the
NetworkStack: both NetworkStack and the stub APK will be signed with
a dedicated certificate to ensure that, with permissions being signature
permissions.
This APK *must* be installed, even if the NetworkStack app is not
installed, because otherwise, any application will be able to define
this permission and the system will give that application full access
to the network stack.
Test: flashed, booted
Bug: 112869080
Change-Id: Ia13a9e6a703cb7b4403697a7f7bfff0f6f3b813e
Bluetooth runs as UID 1001002 when on a secondary user. With this change
the NetworkStack verifies that the calling UID matches the Bluetooth app
regardless of the user.
Test: flashed, BT reverse tethering still working as primary user
(no option to turn on as secondary user on phones)
Bug: 123655057
Change-Id: I23f9c5fa40f3bb676ac65dd8c15106c9d78309a4
The callback would be used to notify entitlement value. If the
cache value indicates entitlement succeeded, it just fire
callback with cache value instead of run entitlement check.
Bug: 120887283
Test: atest FrameworksNetTests
Change-Id: I8afe928423bd75c54c61533a50a5c0814922ceb1
Currently it is not possible to change private DNS bypass by
doing:
setProcessDefaultNetwork(network.getPrivateDnsBypassingCopy());
setProcessDefaultNetwork(network);
because the code will ignore the change. Fix this by ensuring
that we always call bindProcessToNetwork (which does not have
side effects) and then only performing the expensive operations
(flushing DNS cache, upating socket pools) if the netId changed.
Bug: 112869080
Test: None
Change-Id: I5e8999cb11d8b8c1e9eb583fa8b3932f212accff
For VPN apps targeting Q and above, they will by default be treated as
metered unless they override this setting before establishing VPN.
Bug: 120145746
Test: atest FrameworksNetTests
Test: On device tests verifying meteredness setup correctly for apps
targeting Q and apps targeting P.
Change-Id: Ia6d1f7ef244bc04ae2e28faa59625302b5994875
Currently, bypassing private DNS requires calling the deprecated
setProcessDefaultNetworkForHostResolution. Allow apps to do this
via the non-deprecated binProcessForNetwork as well.
This has fewer backwards compatibility concerns than the
alternative approach of having setProcessDefaultNetwork call
setProcessDefaultNetworkForHostResolution. That approach would
have been problematic, for example, if an app did:
cm.bindProcessToNetwork(network);
...
cm.bindProcessToNetwork(null);
In this case, it would be difficult to know whether to clear the
resolver mapping as well: what if an app had also called
setProcessDefaultNetworkForHostResolution?
Similarly, it would be difficult to know what to do if an app did:
cm.setProcessDefaultNetworkForHostResolution(network);
cm.bindProcessToNetwork(null);
This approach does not have these concerns, and has no effect
on apps that don't call Network.getPrivateDnsBypassingCopy, which
regular apps don't have permission to use. It also provides a
path to deprecate setProcessDefaultNetworkForHostResolution.
Bug: 112869080
Test: atest android.net.cts.ConnectivityManagerTest android.net.cts.MultinetworkApiTest
Change-Id: I4158a37b6ed87a9a9b2677c526dcfee8af48e483
The metrics go through NetworkMonitor in the NetworkStack so that they
can be upgraded to new metrics in the future.
Test: flashed, captive portal login works, metrics shown in events log
Bug: 112869080
Merged-In: I4bccfbd87bae5b2d65e45c7a5918aa45ab5d76e8
Change-Id: Ib5e2126788f8d56a00a56d7efcd33c5f9a37a6de
Includes various small changes to stop using hidden APIs
Test: make NetworkStack
Test: flashed, booted, WiFi and tethering working
Bug: 112869080
Change-Id: Id2830795a444f484b377ed6437435a1cd833697a
The utilities are not supported as public API but required as SystemApi
for the NetworkStack.
Test: flashed, boots, WiFi works
Bug: 112869080
Change-Id: Ia64b3bf9c6c33cf61bed76469ea9963b550bed2b
attach*Filter and addArpEntry are necessary for the NetworkStack but are
only usable for apps that have system permissions.
Also includes system API for IpPrefix, LinkAddress, LinkProperties,
Network, and static modifier in ApfCapabilities that were missed in
previous CLs.
Test: Builds, flashed, WiFi works
Bug: 112869080
Change-Id: If141ae6a2f9145f5af64ba002ca44938f39b90a9
