This change adds permission checking to ensure that the following
conditions are enforced in order for apps to receive the owner UID:
1. The app must be the owner of the network
2. The app must hold the FINE_LOCATION permission/appop
3. The user must have their location toggle enabled.
Bug: 142072839
Test: atest FrameworksNetTests
Change-Id: I7a981a82f1219828ee89c8c96eb9d2efd153377f
The non-updatable part of the platform now is built with
framework-tethering-stub, which is a stub library of
framework-tethering.
Bug: 147200698
Test: m
Change-Id: I97ef83f7f9b4c1376f373713036f5256318f1050
Merged-In: I97ef83f7f9b4c1376f373713036f5256318f1050
This commit allows the startLegacyVpn() call to start Platform VPN
profiles, allowing Settings to use the IKEv2/IPsec VPN options
When using an aliased private key, the
Ikev2VpnProfile.KEYSTORE_ALIAS_PREFIX must be prepended to the front of
the alias. This will in turn result in the fromVpnProfile() function to
pull the key from the KeyStore, as opposed to the inline-key that the
VpnManager API uses.
Bug: 148991741
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested
Change-Id: Icbca695c353b2e12e99305676404dbf1a4495949
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
Merged-In: I5eda88e5b406a0e425eb7424665cf702e0979324
The URL will be used by DhcpClient to return it in its results.
It will not be parceled in DhcpResultsParcelable, but instead sent
through LinkProperties to network agents.
Bug: 139269711
Test: atest NetworkStackTests with associated NetworkStack change
Change-Id: I4ec9e7f5efece3ede9b0da5eb1b75d8d43b94ba9
This CL adds checks to ensure restricted users cannot change or
start/stop platform VPNs. In addition, this also adds checks to the
ConnectivityManager#getConnectionOwnerUid() to ensure that only
VpnService based VPNs can identify connections
Bug: 148040659
Test: FrameworksNetTests run
Change-Id: Id47ada5766036bfc84f3ba47f66f2d2683af916d
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Change-Id: I58775e82aa7725aac5aa27ca9d2b5ee8f0be4242
CaptivePortal#reevaluateNetwork is added as a system API which
requires a proper permission check.
Bug: 148379628
Test: Manually check with captive portal
Test: atest FrameworksNetTests
Test: make test-api-stubs-docs-update-current-api \
system-api-stubs-docs-update-current-api
Change-Id: I3f974339d5bd53a6f6ecb0842c02a8264dc3a5f9
Merged-In: I559d42089aeb09801d14c251c5165fca793c3cb3
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Change-Id: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
DataStallReport is updated to include the NetworkCapabilities and Link
Properties for the Network being reported on. This provides a more
complete picture of the Network conditions when the suspected data stall
was detected.
Bug: 148966398
Test: atest FrameworksNetTests
Change-Id: I913cf18c348b9f688f9d2a3d25a71bc94eb8f000
This is necessary to avoid subsequent conflicts.
Test: none needed
Change-Id: I6e2cd9188e0e4bd7c71c6c56635f192dce73f325
Merged-In: I621cfbe165996c67b201ca2dd2f95a5ab9af10ee
INetworkMonitorCallbacks defines notifyNetworkTestedWithExtras() for
notifying ConnectivityService of networks being tested along with a
PersistableBundle of extras. A new event is introduced for
NetworkStateTrackerHandler to notify the ConnectivityDiagnosticsHandler
before continuing with the normal processing for "network tested"
notifications. The event is also used in the
ConnectivityDiagnosticsHandler.
Bug: 143187964
Bug: 147391402
Test: compiles.
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: Iab29da790c0f5faae68227770bc3a84bbc94f124
Merged-In: Iab29da790c0f5faae68227770bc3a84bbc94f124
This change fixes a typo in the value assigned to the constant
KEY_NETWORK_PROBES_ATTEMPTED_BITMASK, which is defined in
ConnectivityDiagnosticsManager.ConnectivityReport.
Bug: 148939502
Test: compiles
Change-Id: I63863efa8c69593012bf4e95d896db192c6bfb5c
This change adds a new VPN user consent flow (using the same text) for
granting the lesser OP_ACTIVATE_PLATFORM_VPN. A new
PlatformVpnConfirmDialog is created as a subclass to preserve all logic,
but ensure the right appop is granted for the relevant dialog.
Intent extras were considered, but are inherently unsafe, since the
caller may add any extras that they would want.
Bug: 144246835
Test: FrameworksNetTests passing
Change-Id: Ia6f36207d43c3748f938430c2780dcf29e5623f3
Merged-In: Ia6f36207d43c3748f938430c2780dcf29e5623f3
1) Add NetworkPolicyManager.registerSubscriptionCallback and
NetworkPolicyManager.unregisterSubscriptionCallback for
registering and unregister.
2) Create SubscriptionCallback to support new @SystemApi
so that caller could use this object to register and
unregister.
Bug: 138306002
Test: FrameworksNetTests
FrameworksTelephonyTests
Change-Id: I56833254a93383e8054c96d296bcb54b777a6e33
Merged-In: I56833254a93383e8054c96d296bcb54b777a6e33
Add two interfaces to communicate with NetworkPolicyManagerService
and make them @SystemApi for mainline support.
Bug: 138306002
Test: atest FrameworksNetTests
atest FrameworksTelephonyTests
Change-Id: I9f1168bbc70dce9b2b107e1f946737b1d85599c7
Merged-In: I9f1168bbc70dce9b2b107e1f946737b1d85599c7
Add new API setSubscriptionOverride() in NetworkPolicyManager
and rename constants OVERRIDE_* to SUBSCRIPTION_OVERRIDE_*.
Make them @SystemApi for mainline support.
Bug: 138306002
Test: atest FrameworksNetTests
atest FrameworksTelephonyTests
Change-Id: I56c777aa66d6f455695f133f9889979c13cd1bc8
Merged-In: I56c777aa66d6f455695f133f9889979c13cd1bc8
ConnectivityDiagnosticsManager comments for
registerConnectivityDiagnosticsCallback and
unregisterConnectivityDiagnosticsCallback are updated to reflect several
changes.
For register calls, any app will be able to register callbacks, but only
permissioned applications will have their callbacks invoked (and only
for networks managed by the application). Additionally, only the
registering app (uid) will be able to unregister a callback once
registered.
Bug: 143187964
Test: docs change only. compiles.
Change-Id: Ie7ae86a1afccb22d6c84027dbac49d7b8e431e8c
ConnectivityDiagnosticsManager will send callbacks to
ConnectivityService for registering and unregistering them with the
system. ConnectivityService needs to do the processing for persisting
(and deleting) these callbacks on the ConnectivityService Thread, so
messages are sent to the Connectivity Diagnostics Handler, which runs
on the ConnectivityService Thread.
Bug: 146444622
Bug: 143187964
Bug: 147848028
Test: compiles
Test: atest FrameworksNetTests
Change-Id: Ia5c8f90a60c050504e8676de9564a7607a9b03bc
This commit adds the relevant calls to ConnectivityService for the
VpnManager API to be functional
Bug: 144246837
Test: VpnManagerTest updated, FrameworksNetTests passing
Change-Id: I446a8595e3583a842a7f89c4f8d74526a85e311c
This change adds stubs for the Platform built-in VPNs, along with
implementing some basic permissions checks.
Bug: 144246837
Test: FrameworksNetTests passing, new tests added
Change-Id: I68d2293fc1468544f0d9f64d02ea7e1c80c8d18c
