1. pass default network explicitly to fix potential
mis-sync network problem in DnsResolver#query
2. Add rfc6724 sort and related test
3. DnsResolver do rfc6724 sort before response InetAddress answers
4. move haveIpv* function from DnsResolver to DnsUtils
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Change-Id: I4efa599c0605f6a9e4ef2dd1a36572c69b3c433f
When unregistering callback due to ON_UNAVAILABLE did not check for
a non-null callback.
Bug: 132950880
Test: atest ConnectivityServiceTest
Change-Id: I8f3322963f322e6690f1403681bf66e8b38b35f8
The constants CMD_{ADD,REMOVE}_KEEPALIVE_PACKET_FILTER are too
high in the file and not in order. These constants should be
moved back to their rightful place.
Bug: 123987395
Test: 1. m -j 2. m -j doc-comment-check-docs
Change-Id: I44c827d3a2011cf7c66c0444566e14192fec1b1b
This reverts commit 2445227fa8.
Reason for revert: Adds dependency between IpSecService and
ConnectivityService may lead to future deadlock
problems. Uses a simpler approach instead,
hence the solution is not needed.
See aosp/954040.
Change-Id: Ibff278a6eee666cd85dba81c2bed94d568679b02
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Change-Id: I0218f3674628c13ead63fc9a873895ba7f113033
The onUnavailable semantics promise that it is equivalent to calling
the unregister callback method. But - it doesn't unregister the callback
allowing it to be reused. Fixed.
Additionally, modified the unregisterNetworkCallback method to not fail
on duplicate unregistration (since a callback could now self
unregister). Instead simply print a log.
Bug: 130651445
Test: atest ConnectivityServiceTest
Change-Id: I4c54b003a733eb0b1e4fd8674ed13081b1bef8e3
This patch adds checks to ensure that the IPSEC_TUNNEL feature flag is
enabled.
Bug: 117183273
Test: Compiles & tests passing
Change-Id: I2699dda29e1eed139bc6fd1b70071e5ab33cad88
This change maps EPROTONOSUPPORT to the list of error codes that map to
UnsupportedOperationException in IpSecManager.
Bug: 80103456
Test: Compiles, CTS tests ran
Change-Id: Iec3d5fc4a9bcad7c104414afefae775232d46558
Merged-In: Iec3d5fc4a9bcad7c104414afefae775232d46558
(cherry picked from commit dcbc670688)
For implementing parcelable interface for NattKeepalivePacketData.
Move this class out of framework.jar and move to services.jar
This class is used in telephony-common.jar and it also loads
service.jar.
Bug: 33530442
Test: - build pass
- atest NetworkStackTests
- atest ConnectivityServiceTest
Change-Id: Ie1d02bb7bccb76415cf71824147466cabf6b88b6
Merged-In: Ie1d02bb7bccb76415cf71824147466cabf6b88b6
Merged-In: Idf7c25b6b553d8c0cc4ef2ea8193438480420fb4
(cherry picked from commit 58a1f931eb)
Some hotspot devices will fill in the server host name field of the DHCP
package, such as iphone. Parsing the server host name of the DHCP
package can help identify ios hotspots.
Bug: 120584519
Test: 127423755
Test: builds, boots, wifi works
Change-Id: I8c5a7dc8ab117f062f9401f58832edada321436b
Merged-In: I60071bc029d25485bf204cfd3a8cebd538ca12b6
(cherry picked from commit 43f1bc9d53)
Some hotspot devices will fill in the server host name field of the DHCP
package, such as iphone. Parsing the server host name of the DHCP
package can help identify ios hotspots.
Bug: 120584519
Test: 127423755
Test: builds, boots, wifi works
Change-Id: Idbe10c36332ce421f1bba93eb87e9e1e12463088
This change maps EPROTONOSUPPORT to the list of error codes that map to
UnsupportedOperationException in IpSecManager.
Bug: 80103456
Test: Compiles, CTS tests ran
Change-Id: Iec3d5fc4a9bcad7c104414afefae775232d46558
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16b)
This change adds a new NATTKeepalive resource type, along with the
associated allocation/deallocation. Additionally, this change allows
ReferenceCountedResource(s) to not be binder-linked, to allow the
ConnectivityService to verify ownership and allocate a NattKeepalive
without double-registering for binder-death notifications.
Bug: 125517194
Test: IpSecService frameworks tests ran
Change-Id: I8293f79940ad57dabb6f2b9de5e334d06b869443
This commit adds the ability to pass in LinkProperties and meteredness
for additional testing use cases.
Bug: ?
Test: Compiles. Test utility only.
Change-Id: Idf6c3bcae2dea5e61c0418b72b889496919be8ba
