This permission model is only allowed for BUGREPORT_MODE_TELEPHONY to
let carrier apps (even from the Play Store / not pre-loaded) access
BugreportManager to trigger connectivity bugreports.
This also requires SELinux policy changes to allow non-system apps to
get an instance through Context#getSystemService, and then dumpstate
also needs permissions to write public apps' files.
Minor documentation and formatting fixes as well.
BYPASS_INCLUSIVE_LANGUAGE_REASON=leaving variable name derived from
"bugreport-whitelisted" sysconfig alone for now
Bug: 161393541
Test: atest CtsCarrierApiTestCases:BugreportManagerTest
Change-Id: I5a38e7a040fa23146fa6c1e785db102b066ad167
Merged-In: I5a38e7a040fa23146fa6c1e785db102b066ad167
(cherry picked from commit 57fd3440be)
In preparation for a broader set of apps using BugreportManager, we
enforce that only the app which started a bugreport is allowed to cancel
it.
Bug: 161393541
Test: atest BugreportManagerTestCases
Test: manual with two apps triggering/cancelling BRs
Change-Id: I430d856014a226ef345bd2349f0601062dcaa8c7
Merged-In: I430d856014a226ef345bd2349f0601062dcaa8c7
(cherry picked from commit 4a1b9e949d)
This CL defines VcnTransportInfo - a TransportInfo to be used for
top-level VCN Networks registered with ConnectivityService.
Bug: 177261675
Test: atest FrameworksVcnTests
Change-Id: I66e9a0bf73c6e42eb5aa7fd39463fdfed483ecfa
1. Create a OWNRES file in the textclassifier test folder
2. Add me and licha@ to the OWNERS files.
Test: N/A
Change-Id: I5bedfc28d2ea18cdaa2dac7e0e799cf225ba99d1
Makes two new SystemApis:
getRestrictedProfileParent()
canHaveRestrictedProfile()
Temporarily disables VPN Tests that rely on the old APIs until those
tests are updated (b/175883995).
Bug: 171529940
Test: atest FrameworksNetTests:com.android.server.connectivity.VpnTest
Test: Tests for UserManager SystemApis are TODO awaiting completion of new user test infrastructure (b/163890431)
(cherry picked from commit 20ba13f5bc)
Change-Id: I28e39400039631e7d391dc7b0d003e8a38d1f06a
Connectivity mainline module cannot use hidden API so
replace Slog with Log which is a public API.
Test: FrameworksNetTests
Change-Id: I8758079cf635ff4ab218df53c0f7bf6fc23ce476
Generally, a manager class in Android is used to access
system services and it should be obtained from Context.
This class is a bit different from the definition of a
manager class.
API linter will detect an error if trying to expose a
class name end with Manager. ProxyTracker will create a
new instance of this class so this class needs to be
renamed to avoid API lint error.
Bug: 177035719
Test: FrameworksNetTests
Change-Id: I9185d4fb4342bd285a575f0bdd3518b758f37eb6
The first parameter of adding idle timer is an unique identity
to communicate between ConnectivityService and netd. Netd will
notify the activity change using the identity, so it's fine to
replace the legacy type with transport type since we should
deprecate the usage of legacy type.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: Ia00606539b86872cca9a92285bd940c8a720a033
ConnectivityService is going to become a mainline module which
is not able to access hidden APIs. NetworkPolicyManager will be
part of connectivity framework sources which should also not
access hidden APIs. Thus, replace usage of UserHandle.isApp()
by public Process.isApplicationUid() instead.
Bug: 170598012
Test: m
Change-Id: I6eecc618d574352b924cb5f33f364e2dca9d730f
Add new capability to indicate whether a network is
managed by Virtual Carrier Network (VCN). This is needed
to identify networks between VCN managed network and
others. And this capability will be:
1. mutable
2. requestable
3. set by default for network agents and requests
4. allowed for test networks
Test: 1. atest FrameworksNetTests CtsNetTestCases
2. adb shell dumpsys connectivity
3. atest ConnectivityServiceTest#testLoseMutableAndRequestableCaps
Bug: 175662146
Change-Id: Ia5eeb3912a687164fa95d7ba5516fd73abca79ba
Changes:
i) Add a new constructor for NetworkCapabilities which accepts whether
location sensitive fields need to be parceled or not. Defalts to false
on the other constructor. This boolean should only be set on the copy of
NetworkCapabilities when sent to apps that hold location permission.
(Similar to how sensitive fields are handled in LinkProperties)
ii) Add a new makeCopy() method in the TransportInfo interface which
accepts whether location sensitive fields need to be parceled or not.
iii) Migrate the existing NetworkCapabilities owner UID masking to use
this new mechanism (instead of existing masking in ConnectivityService).
iv) Always set parcelLocationSensitiveFields to true in the NetworkAgent
surface (since that is a privileged surface from the transports to the
connectivity service)
v) Add a hasSensitiveFields() in TransportInfo interface to avoid
perfoming location permission checks for location insensitive
TrasnsportInfo.
Also, migrate to the new SdkLevel util for isAtLeastR() & isAtLeastS()
checks.
Bug: 162602799
Test: atest android.net
Test: atest com.android.server
Change-Id: Ie522d8c75a82ae521ccfd5165823d0c72642e651
Merged-In: Ie522d8c75a82ae521ccfd5165823d0c72642e651
Currently, ConnectivityService calls the IpConnectivityMetrics
service class directly to log default network events. This is
incompatible with ConnectivityService being in a mainline module.
Replace direct access to IIpConnectivityMetrics with public
methods in IpConnectivityLog, which is @SystemApi class.
The new methods are not yet @SystemApi, but they can be made so
if desired. Alternatively, these metrics could be deleted.
Also remove the IpConectivityMetrics service from the
service-connectivity JAR, and go back to starting it from
SystemServer.java, which is what was happening a few hours ago
before aosp/1542626 was merged.
Test: builds, boots
Test: atest FrameworksNetTests
Test: "dumpsys connmetrics" shows events, including default network events
Change-Id: I9d6147d93590363a2f8f83f39f05c03d001b4851
Adds Restricted Mode functionality to NetworkPolicyManager. When this
mode is turned on (via setting), only apps with
android.permission.CONNECTIVITY_USE_RESTRICTED_NETWORKS will be able to
use the network. For all other apps, the network will be blocked by the
firewall. This is controlled by a new allowlist firewall chain
fw_restricted_mode.
As a first step, this implementation still requires a reboot after the
enabling / disabling the mode to take effect. I will provide the dynamic
configuration in the next CL.
Test: atest CtsHostsideNetworkTests && atest
NetworkPolicyManagerServiceTest
Bug: 170322816
Bug: 157505406
Bug: 170322455
Bug: 175281879
Exempt-From-Owner-Approval: Change already merged on internal gerrit.
Change-Id: I0731fa842c69683953baaf9ec3a9a03454f4c607
Merged-In: I0731fa842c69683953baaf9ec3a9a03454f4c607
Currently, ConnectivityService decides the request type by
whether NetworkCapabilities is null when handling request
network. However, to fulfill the need of firing background
request via ConnectivityManager in the follow-up patches,
the request type is needed to pass into ConnectivityService.
This change also make ConnectivityService utilizes the passed
request type.
Test: atest ConnectivityManagerTest#testRequestType
Bug: 175662146
Change-Id: I3bc172bca1217c8020db45057a621d0745d43b3c
Connectivity service is going to become a mainline module which
will not able to access hidden APIs. NetworkPolicyManagerInternal
is a internal serivce that CS can't be access after be a mainline
module. Thus, replace NPMI#isUidNetworkingBlocked() to similar
method NPMS#isUidNetworkingBlocked() and create new API
NPM#isUidNetworkingBlocked() to support CS usage.
Bug: 170598012
Test: atest FrameworksNetTests
Test: atest FrameworksCoreTests:NetworkPolicyManagerTest
Test: atest FrameworksServicesTests:NetworkPolicyManagerServiceTest
Test: atest CtsNetTestCases
Test: atest CtsHostsideNetworkTests
Change-Id: Ic3427c71c395de787320f303c9513874b4d64f98
Extend CaptivePortalData with a member to hold the venue friendly
name. If CaptivePortalData is initialized by both the network
agent and Capport, merge the two objects to include the venue
friendly name and prioritize the venue URL from the network
agent.
Bug: 162783305
Test: atest ConnectivityServiceTest
Test: atest CtsNetTestCasesLatestSdk:CaptivePortalDataTest
Test: End-to-end test
Change-Id: I4fdf356be42237c5b6c0ae5bacfd3cec4726861b
