ConnectivityService currently calls
LocationPermissionChecker#checkLocationPermission. This method call
throws a SecurityException if the given package name and UID do not
match. This permission check is made from the ConnectivityService
Thread, so any Exception being thrown will crash the SystemServer. This
is not acceptable, so surround the permission check in a try-catch in
case any SecurityExceptions are thrown.
Bug: 149119324
Test: atest ConnectivityServiceTest
Change-Id: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2
This class is useless at this point and introduces overhead.
Bug: 113554781
Test: FrameworksNetTests
Change-Id: Ib6da6c1c7f2a0b97c847d2e64e5ce16dd821e1e7
ConnectivityDiagnostics shares NetworkCapabilities in
ConnectivityReports and DataStallReports. These NetworkCapabilities need
to have their UIDs scrubbed before they are shared with callbacks.
Bug: 148942124
Test: atest FrameworksNetTests
Change-Id: I5bde5a8116f7e36b8f4de49adf4cab8ec45a5aa4
Check all routes that are added and removed instead of just some
of them. This is in preparation of an upcoming change that
switches to adding and creating routes by issuing direct calls to
netd.
Also rename the misleading ipv4Default route variable to
ipv4Subnet, which is what it actually is.
Bug: 142892223
Test: test-only change
Change-Id: I7d111382be215a926a7d7d4701bd3c3e94372b99
Validate route addition and deletion after linkProperties are
changed.
Test: atest ConnectivityServiceTest#testStackedLinkProperties
Change-Id: I18296b933e856a0f8a4c1dbd75bd35024853bfbb
Calling IPC in a constructor is unusual and confusing, and can be
considered bad form. There are multiple reasons for this :
• Users can't obtain an instance of the class without calling the
constructor, but they can't always afford an IPC where they need
this, forcing them to know about the implementation detail and
sometimes design around it.
• On a related but generalized note, constructors should usually
be fast for the same range of reasons.
• Having a separate method to register the agent simply gives more
flexibility to the app.
• It's also a lot easier to test.
But also we can't fix it without an update to the API, so here it is.
Another reason for doing this is consistency with the NetworkProvider
API.
Bug: 138306002
Bug: 139268426
Test: atest FrameworksNetTests FrameworksWifiTests FrameworksTelephonyTests
Change-Id: I1ee5c7b1353d581e487c8a8a159009bebd781643
Merged-In: I1ee5c7b1353d581e487c8a8a159009bebd781643
(clean cherry-pick from internal branch)
This change adds permission checking to ensure that the following
conditions are enforced in order for apps to receive the owner UID:
1. The app must be the owner of the network
2. The app must hold the FINE_LOCATION permission/appop
3. The user must have their location toggle enabled.
Bug: 142072839
Test: atest FrameworksNetTests
Change-Id: I7a981a82f1219828ee89c8c96eb9d2efd153377f
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
Merged-In: I5eda88e5b406a0e425eb7424665cf702e0979324
When new CaptivePortalData is received from NetworkMonitor, send a
LinkProperties updated callback.
The updated LinkProperties only contain CaptivePortalData if the
receiver has NETWORK_SETTINGS or MAINLINE_NETWORK_STACK permissions, as
defined in the current callback code.
Test: atest FrameworksNetTests
Bug: 139269711
Change-Id: I68595a519171b31792259849efff5f58c43cacd4
State override is only handled when state is changed from
CONNECTED to SUSPENDED but not reverse path. Handle both ways
for SUSPENDED state.
Bug: 148678431
Test: FrameworkNetTests
Change-Id: I9333f865d61bbf008fdb8ca162ad17dfdffd1d67
This CL adds checks to ensure restricted users cannot change or
start/stop platform VPNs. In addition, this also adds checks to the
ConnectivityManager#getConnectionOwnerUid() to ensure that only
VpnService based VPNs can identify connections
Bug: 148040659
Test: FrameworksNetTests run
Change-Id: Id47ada5766036bfc84f3ba47f66f2d2683af916d
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Change-Id: I58775e82aa7725aac5aa27ca9d2b5ee8f0be4242
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Change-Id: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Unit testing for ConnectivityDiagnostics API in ConnectivityServiceTest
is updated to use HandlerUtilsKt#waitForIdle. In the general case, this
takes the same time to run as verify-with-timeout (used previously).
However, test failures due to messages not being enqueued on the handler
(backed by the ConnectivityService Thread) won't incur the timeout
delay, as the thread will be idle sooner. This shortens the delay in the
event of a programming error.
Bug: 143187964
Test: atest FrameworksNetTests
Change-Id: Iae66309501bb83449ca735dfa5e972a9852cbcd0
When ConnectivityService#reportNetworkTested is called, the platform
needs to fire ConnectivityDiagnostics callbacks for registered callbacks
that are permissioned for the network being reported on. This adds a new
event to ConnectivityDiagnosticsHandler for invoking these callbacks.
Bug: 143187964
Test: compiles
Test: atest CtsNetTestCases ConnectivityServiceTest
Change-Id: Icc6bcf7a2411133d8ecd7477bc351dad9333f24f
Merged-In: Icc6bcf7a2411133d8ecd7477bc351dad9333f24f
INetworkMonitorCallbacks defines notifyDataStallSuspected() for
notifying ConnectivityService of networks encountering a potential data
stall. A new event is introduced for ConnectivityDiagnosticsHandler to
process the notification and invoke the relevant
ConnectivityDiagnosticsCallbacks.
Bug: 143187964
Test: compiles
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: I70320bdda9855dced31e08e6a0b25329fb5cb535
Merged-In: I70320bdda9855dced31e08e6a0b25329fb5cb535
INetworkMonitorCallbacks defines notifyNetworkTestedWithExtras() for
notifying ConnectivityService of networks being tested along with a
PersistableBundle of extras. A new event is introduced for
NetworkStateTrackerHandler to notify the ConnectivityDiagnosticsHandler
before continuing with the normal processing for "network tested"
notifications. The event is also used in the
ConnectivityDiagnosticsHandler.
Bug: 143187964
Bug: 147391402
Test: compiles.
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: Iab29da790c0f5faae68227770bc3a84bbc94f124
Merged-In: Iab29da790c0f5faae68227770bc3a84bbc94f124
This is an optimization that skips doing intermediate assignments
of networks to requests that will undergo multiple changes during
the recomputation.
It happens to fix a bug where some of these intermediate states
used to have a visible, transient side effect.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: I7af3728152a1cf7571de67f394088a5970ee3c1e
This bug will be drive-by fixed by the next refactoring, so
set up a test to see the difference.
Bug: 113554781
Test: this
Change-Id: Icb062ffbae904d1836a4a16fc5395687c3eda7b6
ConnectivityDiagnosticsManager will send callbacks to
ConnectivityService for registering and unregistering them with the
system. ConnectivityService needs to do the processing for persisting
(and deleting) these callbacks on the ConnectivityService Thread, so
messages are sent to the Connectivity Diagnostics Handler, which runs
on the ConnectivityService Thread.
Bug: 146444622
Bug: 143187964
Bug: 147848028
Test: compiles
Test: atest FrameworksNetTests
Change-Id: Ia5c8f90a60c050504e8676de9564a7607a9b03bc
This CL extends NetworkCapabilities#mEstablishingVpnAppUid
to the network owner app UID and introduces a new public API
to get this owner app's UID.
Bug: 142072839
Test: atest FrameworksNetTests
Change-Id: Id83cdea62b89b586aff74e51e3fee60e53d37d4c
CaptivePortalData will be used to hold data advertised by the network
following RFC7710bis.
To fetch the CaptivePortalData, the API URL is added to LinkProperties,
to be provided by the NetworkAgent.
Because CaptivePortalData can be used to guess user location (especially
from the URLs provided by the portal), it is only exposed to
applications that have privileged permissions.
Test: atest FrameworksNetTests
Bug: 139269711
Change-Id: I341175b5fece8ee00e19898af5e8eabe66cefbf3
This is more useful.
Bug: 135998869
Test: FrameworkNetTests FrameworksWifiTests
Change-Id: I74710b396fa3cec6fbae08d3dcab5bc90dc2e669
Merged-In: I74710b396fa3cec6fbae08d3dcab5bc90dc2e669
Move tethering out of ConnectivityService. All client would
use TetheringManager to talk with TetheringService directly.
Bug: 144320246
Test: -build, flash, boot
-atest TetheringTests
Change-Id: Ib051bea724a256f9c4572b566e46ae7b9c4abe6e
Merged-In: Ib051bea724a256f9c4572b566e46ae7b9c4abe6e
This is a long standing bug that happens to now be trivial
to fix, and also be beneficial for refactoring
Test: FrameworksNetTests NetworkStackTests
Change-Id: I38110f3a4a75936ea755788e7f9fee67863e14be
* changes:
[NS A14] Move code notifying battery stats in its right place
[NS A13] Move legacy broadcast handling after rematch.
[NS A12] Move some legacy type tracker handling to a function
Add tests for ConnectivityService → BatteryStats messages
This should be done once every time an interface comes online.
Doing this in updateLinkProperties guarantees this happens every
time a new interface comes online, but it doesn't do it more
often than needed.
Test: FrameworksNetTests NetworkStackTests
Change-Id: I0613c23f44192944266d76107308da8d1c541d1c
* changes:
[Tether10]Remove UserManagerInternal usage in Tethering
[Tether07] Migrate Tethering into module
[Tether07] Clean up build rule for libtetheroffloadjni
Now tethering would be run in dedicated service.
TetheringManager is the interface used to communicate with
TetheringService. The new call flow would be: ConnectivityManager
-> ConnectivityService -> TetheringManager -> TetheringService.
Note: the return value of #tether(), #untether() and #setUsbTethering()
APIs would always be no error. Client can use #getLastTetherError()
or #getTetheredIfaces or listen tether state change to check
status of corresponding interface.
Bug: 136040414
Bug: 144742179
Test: -build, flash, boot
-atest TetheringTests
-atest FrameworksNetTests
Change-Id: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
Merged-In: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.
Bug: 135897744
Test: atest FrameworksNetTests
Change-Id: I3500a03ce06b5b822311ad0c67b606ce4039216a
Provide a specifc notification to let users know that device
has no internet is because it really doesn't have internet access
or it's caused by private DNS resolution failed.
Bug: 113242081
Test: atest FrameworksNetTests
Change-Id: I710c88a4742f5fd56c39fc797d7fa3ad36dba553
Add a new method in LinkProperties, isWakeOnLanEnabled() which returns
true if network interface is defined in config_wakeonlan_enabled_interfaces
string-array (config.xml)
Bug: 132705025
Test: atest LinkPropertiesTest & atest ConnectivityServiceTest
Change-Id: I3f7803aafd2f8eaf8aa18419b21339e15d4b7a0b
