Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug: 68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
This patch changes describeImmutableDifferences in NetworkCapabilities
to ignore differences in NET_CAPABILITY_DUN, so that updateCapabilities
in ConnectivityService to not report wtf errors when a NetworkAgent
degrades its NetworkCapabilities object by removing NET_CAPABILITY_DUN.
Bug: 65257223
Test: runtest frameworks-net
Change-Id: I115ed1b366da01a3f8c3c6e97e0db8ce995fd377
...just return false instead. This will change in P.
Test: Made an app to test this. Made sure it doesn't have
Test: the required permission. Checked it crashes with
Test: SecurityException without this change. Checked it
Test: doesn't with it.
Bug: 65404184
Change-Id: Id20d3c240ec5d70d085e0366b92ab3a514f3e7c8
This patch addresses a few post-submit comment for
commits f562ac34a51dc and 60c9f63b66921.
Bug: 34901696
Bug: 62179647
Test: runtest frameworks-net
Merged-In: I4abec57e0c6bc869dc57b5eb54582dd977b64c30
(cherry picked from commit 175b574e27)
Change-Id: Ied9d0cec98685e5a91ed2ca2c81ad88d7ae8d751
This patch defines a new WakeupStats event in ipconnectivity.proto and
populates these events from the NFLOG wakeup events stored in
NetdEventListenerService.
There is one WakeupStats object per known interface on which ingress
packets arrive and may wake the system up.
Example from $ adb shell dumpsys connmetrics list:
...
WakeupStats(wlan0, total: 58, root: 0, system: 3, apps: 38, non-apps: 0, unrouted: 17, 6111s)
WakeupEvent(13:36:31.686, iface wlan0, uid -1)
WakeupEvent(13:38:50.846, iface wlan0, uid -1)
WakeupEvent(13:39:16.676, iface wlan0, uid 10065)
WakeupEvent(13:40:32.144, iface wlan0, uid 1000)
WakeupEvent(13:40:35.827, iface wlan0, uid 1000)
WakeupEvent(13:40:47.913, iface wlan0, uid 10004)
WakeupEvent(13:40:52.622, iface wlan0, uid 10014)
WakeupEvent(13:41:06.036, iface wlan0, uid 10004)
...
Bug: 34901696
Bug: 62179647
Test: runtest frameworks-net
Merged-In: Ie2676b20bfb411a1902f4942643df0c20e268d99
(cherry pick from commit 60c9f63b66)
Change-Id: I3087f446fc998fc1ca895d975b80c4a1dd029bf3
This patch stores NFLOG packet wakeup events sent by Netd to the system
server into a ring buffer inside NetdEventListenerService. The content
of this buffer is accessible by $ dumpsys connmetrics or $ dumpsys
connmetrics list, and is added to bug reports.
The wakeup event buffer stores currently uid and timestamps.
Bug: 34901696
Bug: 62179647
Test: runtest frameworks-net, new unit tests
Merged-In: Ie8db6f8572b1a929a20398d8dc03e189bc488382
(cherry picked from commit f562ac34a5)
Change-Id: Ibe706872a80dfd06abd9779a2116ca7e4bc0fb77
For some networks such as mobile data connections, its LinkProperties
does not contain routes for the local subnet so no such route is added
to the interface's routing table. This can be problematic especially
if the device is in VPN lockdown mode where there exists high-priority
PROHIBIT routing rule which in turn blocks the network's default gateway
route from being added (next hop address hitting the prohibit rule).
We fix this by patching LinkProperties to always include direct connected routes
when they are received by ConnectivityService. This has the added advantage that
when apps get LinkProperties, they see the directly connected routes as well.
Bug: 63662962
Test: runtest frameworks-core -c android.net.LinkPropertiesTest
Test: runtest frameworks-services -c com.android.server.ConnectivityServiceTest
Test: Start with device with mobile data, set up ics-OpenVPN in always-on
lockdown mode. Turn off mobile data then turn it back on, observe
mobile data connectivity is restored and VPN successfully reconnects.
(cherry picked from commit 1bb5c0818f)
Change-Id: Ia14f88bcf49d37286519c26dff6b7180303e2cbe
When a carrier provides an "anchor" of data usage at a specific
moment in time, augment the network statistics used by warning/limit
thresholds and Settings UI. For example, if the OS measured 500MB
of usage, but the carrier says only 400MB has been used, we "squish"
down the OS measured usage to match that anchor.
Callers using the hidden API will have their data augmented by
default, and the public API offers a way to opt-into augmentation.
Thorough testing to verify behavior.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.
Test: cts-tradefed run commandAndExit cts-dev -m CtsUsageStatsTestCases -t android.app.usage.cts.NetworkUsageStatsTest
Bug: 64534190
Change-Id: Id3d4d7625bbf04f57643e51dbf376e3fa0ea8eca
Change the evalRequests() API to protected to allow network factory
implementations to call the API.
A use-case of the API change is for factories temporarily reject a
request since they cannot fullfill it immediately but retry it at a
later time if/when conditions change.
Bug: 63866251
Test: integration tests
Change-Id: Idc50ce0799c67634b7b2fdbad78a26e443caf2e4
Currently, we only count add tethering traffic to per-UID
stats, but not to total data usage (i.e., dev and XT stats). This
is correct for software tethering, because all software forwarded
packets are already included in interface counters, but it is
incorrect for hardware offload, because such packets do not
increment interface counters.
To fix this:
1. Add an argument to ITetheringStatsProvider#getTetherStats to
indicate whether per-UID stats are requested. For clarity,
define integer constants STATS_PER_IFACE and STATS_PER_UID
to represent these operations.
2. Make NetdTetheringStatsProvider return stats only if per-UID
stats are requested. (Otherwise tethering traffic would be
double-counted).
3. Make OffloadController's stats provider return the same
stats regardless of whether per-UID stats were requested or
not.
4. Make NetworkStatsService add non-per-UID tethering stats to
the dev and XT snapshots. The per-UID snapshots were already
correctly adding in per-UID stats.
Bug: 29337859
Bug: 32163131
Test: runtest frameworks-net
Test: runtest frameworks-telephony
Change-Id: I7a4d04ab47694d754874136179f8edad71099638
Also moving relevant test files into tests/net as part of runtest
framworks-net.
Also removes testHashCode in LinkAddress() because this test relies on
the assumption that hashCode() is stable across releases or jdk
versions, which is absolutely not true.
This creates maintenance work for little benefit since hashCode is
already tested as part of the equality test.
For instance this test is now broken because hashing for InetAddress
changed.
Bug: 62988545
Bug: 62918393
Test: runtest frameworks-net, added coverage in tests
Merged-In: I695bc3f0e801bf13bc4fc0706565758f12b775b4
Merged-In: I6d3f3c50eaec44e3a0787e849ab28e89f6f4a72d
Merged-In: Iddfec82a08f845e728adadfa6ec58a60a078d6af
Merged-In: I8d6dd5efd226a8b1c4b05d1e1102362b58e094a1
Merged-In: Ied0cc53ac34c7c5f5539507b1979cbf9c215262e
Merged-In: I3b2b7dcb1a9a194fc08643b27bbb5a0e84e01412
(cherry picked from commit 1dfb6b6755)
Change-Id: I9a17094bfdc54b9dec671306618e132a4beb59fc
This patch loosens the validation checks when a NetworkAgent updates it
NetworkCapabilities: instead of checking that capabilities labeled as
"immutable" stay identical across updates, it is now accepted to change
immutable capabilities in a way that the new NetworkCapabilities
satisfies the old NetworkCapabilities.
This allows a NetworkAgent to update itself in order to match more
requests, but will still catch NetworkAgents that sends degradation
updates causing potentially requests to not match anymore.
Bug: 64125969
Test: runtest frameworks-net
Merged-In: I2a1b3f9c0be6415e40edc989d0c1b03b5631f7b1
Merged-In: I0ab76de59e87c46a6961229399ff7200bce49838
Merged-In: Ied592bf6112574399a1e808da337004e1c35f244
Merged-In: I01e287b4df82a53a522566d33b3166f7801badca
Merged-In: I7ee60daa9c4266e9b9179032815dd7267e06377f
Merged-In: I31ef741eb83d64c476e5930d5762514b5d4cb16f
(cherry picked from commit bae105a5cc)
Change-Id: I9d630d63336f4db69f3eb52faa8483f1b1e35d16
Rename the opt-out flag in AndroidManifest to
SERVICE_META_DATA_SUPPORTS_ALWAYS_ON
as directed by the API Council.
Bug: 64331776
Bug: 36650087
Test: runtest --path java/com/android/server/connectivity/VpnTest.java
Change-Id: I24326fad7a89083a2409134640bda81ee0359d08
Since they're both measuring app code (APKs), name this API
consistently with StorageStats.getAppBytes().
Bug: 64331226
Test: builds, boots
Change-Id: I1b00427b619a78c043b1b5fac2d0e6406b51d454
This patch ensures that subtract() between two NetworkStats object will
return a delta with no negative entries in all cases.
When the stats delta contains some negative values, there are clamped to
0. Some logging is added when this happens.
This is what's expected by NetworkStatsHistory#recordData().
Bug: 64365917
Test: runtest frameworks-net
Change-Id: I16e97e73f600225f80e0ce517e80c07c6f399196
This patch fixes the mask used in describeImmutableDifferences which did
not correctly turn NET_CAPABILITY_NOT_METERED into bit flag.
Bug: 63326103
Test: added unit tests, runtest frameworks-net
Merged-In: Ib6b390b1daef5912859302692af7dcd6cfd3e39a
Merged-In: If38efacdeec8476880835657938e435f9b598525
Merged-In: Ieccad46fcffcaf748f5644b04617e9a82527000e
Merged-In: I533ef8fe369cec19d283ff2950314fce6e28cffd
Merged-In: I12636c6699ff60487a28570208e819ea0b66fa2e
Merged-In: Ie5df14e0ea1c12e0cfabe87978ac6c9b744353b2
(cherry picked from commit 2ecb9408f4)
Change-Id: I74ecf34a2c079c74152d00caea2c220e9c6d1fa5
Any NetworkRecommendationProvider bound to by the system must have
access to location (i.e. it holds the location permission and
location is enabled on the device).
If the location permission is revoked then the binding will be
disconnected and the system will revert to the default network
recommendation provider (if set and valid). If location access
is disabled on the device then the binding will be disconnected
but the system won't fall back to the default provider (because
it won't have location either), instead the current provider will
be re-enabled when location access is enabled again.
BUG:62263953
Test: runtest frameworks-services -c com.android.server.NetworkScoreServiceTest
Test: runtest frameworks-services -c com.android.server.NetworkScorerAppManagerTest
Change-Id: I93c37eeda47840d92f3ca52767e878dc19b46740
(cherry picked from commit d816abe97b)
This patch simplifies argument validation in NsdManager public api and
regroup duplicated validation into common methods.
This makes stack traces more actionable as now specific errors will
cause the api to throw exception from specific methods, whereas before
IllegalArgumentException would be thrown from inside the same api method
for different reasons.
This patch also includes a couple of other small cleanups.
Test: $ runtest -x frameworks/base/tests/net/../NsdManagerTest.java
Bug: 35362108
Bug: 37013369
Bug: 62044295
Bug: 63826516
Merged-In: Iaad13e13976e9bf8f508d7188f823f8184ac414b
(cherry pick from commit ff3e6ccca1)
Change-Id: I5e6a1ecc6b98069ef0089bbceecf73f7692df227
