ConnectivityService is going to become a mainline module which
is not able to access hidden APIs. NetworkPolicyManager will be
part of connectivity framework sources which should also not
access hidden APIs. Thus, replace usage of UserHandle.isApp()
by public Process.isApplicationUid() instead.
Bug: 170598012
Test: m
Change-Id: I6eecc618d574352b924cb5f33f364e2dca9d730f
* changes:
Pull VcnNetworkProvider out into a separate class
Verify carrier privileges for VCN-providing packages
Add TelephonySubscriptionTracker to VcnMgmtSvc
Add basic VcnMgmtSvc --> Vcn signals (startup, teardown, NetworkReq)
This reverts commit 7521c2277a.
Reason for revert: After discussion, we prefer to add a field in NetworkCapabilities instead. Sorry for inconvenience.
Change-Id: I2e8840a797df9d1594f2b8b576bcd45beb184fca
This change adds and verifies packages in the VcnManagmentService,
ensuring that carrier privilege gain/loss correctly starts/tears down
VCN instances.
Bug: 163431877
Test: atest FrameworksNetTests
Change-Id: I63203188c57fdde1cfc58aaf1108aa3e70eb4a50
Currently, when an always-on VPN is set in lockdown mode, Vpn
configures prohibit UID rules in netd directly and does not
inform ConnectivityService of the fact.
This means that ConnectivityService cannot send NetworkCallbacks
that tells apps that they are blocked or unblocked. It also means
that ConnectivityService has to take the mVpns lock and call into
Vpn to allow synchronous APIs such as getActiveNetwork to return
BLOCKED if the app is blocked.
Move all this to ConnectivityService:
- Add a setRequireVpnForUids API to ConnectivityManager, and have
that pass the routing rules to netd.
- Update VpnTest to expect calls to ConnectivityManager instead
of to netd.
- Whenever setRequireVpnForUids is called, ensure that
ConnectivityService sends onBlockedStatusChanged to the
affected callbacks.
- Update existing unit tests to check for callbacks.
- Add a way to find the VPN that applies to a given UID without
taking the VPN lock, by instead scanning all connected VPNs.
Use this as a replacement for direct access to mVpns.
For simplicity, and in order to ensure proper ordering between
the NetworkCallbacks sent for VPNs connecting and disconnecting,
process blocked UID ranges on the handler thread. This means that
when setRequireVpnForUids returns, the rule changes might not
have been applied. This shouldn't impact apps using network
connectivity, but it might mean that apps setting an always-on
package, and then immediately checking whether networking is
blocked, will see a behaviour change.
Bug: 173331190
Fix: 175670887
Test: new test coverage in ConnectivityServiceTest
Test: atest MixedDeviceOwnerTest#testAlwaysOnVpn \
MixedDeviceOwnerTest#testAlwaysOnVpnLockDown \
MixedDeviceOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedDeviceOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedDeviceOwnerTest#testAlwaysOnVpnPackageLogged \
MixedProfileOwnerTest#testAlwaysOnVpn \
MixedProfileOwnerTest#testAlwaysOnVpnLockDown \
MixedProfileOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedProfileOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedProfileOwnerTest#testAlwaysOnVpnPackageLogged \
MixedManagedProfileOwnerTest#testAlwaysOnVpn \
MixedManagedProfileOwnerTest#testAlwaysOnVpnLockDown \
MixedManagedProfileOwnerTest#testAlwaysOnVpnAcrossReboot \
MixedManagedProfileOwnerTest#testAlwaysOnVpnPackageUninstalled \
MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage \
MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced \
MixedManagedProfileOwnerTest#testAlwaysOnVpnPackageLogged
Test: atest FrameworksNetTests HostsideVpnTests \
CtsNetTestCases:VpnServiceTest \
CtsNetTestCases:Ikev2VpnTest
Change-Id: Iaca8a7cc343aef52706cff62a7735f338cb1b772
In order to support ConnectivityService mainline, module should
not use hidden APIs. The logic to get mobile provision is moved
to telephony surface since it's only used by telephony.
Hence, remove the design out from Connectivity.
Bug: 175177794
Test: atest FrameworksNetTests
Change-Id: Ic3082fc1c4d7ac998f4e4cff1351e6829d500924
Using these generalized interfaces is more flexible, since it enables
us to pivot the implementation being used internally. In particular,
an upcoming CL will pivot them to use a more efficient alternative.
This is a no-op refactoring.
Bug: 176777285
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: Ibd4717174cf1f136e9d5d80172ecb6e493265306
The wifi (mainline module) need to set the subscriberId for specific
wifi network.
Bug: 176396812
Test: TreeHugger
Change-Id: Ie97d3dad81c87d41a360558e91c83278595ff475
Use two oneway binder interfaces instead.
The interfaces post messages to handlers as was implemented before, but
provide a more strictly defined interface, with less hops between
NetworkAgent, AsyncChannel, and ConnectivityService.
The actual public interface is the NetworkAgent @SystemApi: the binder
interface is an internal implementation detail.
Test: atest FrameworksNetTests CtsNetTestCasesLatestSdk
Bug: 173574274
Merged-In: Ie364ab50f416e7821e70f4539a881eea828e1256
Change-Id: Ie364ab50f416e7821e70f4539a881eea828e1256
To make connectivity service mainline, this patch makes
MultipathPolicyTracker as a submodule of NetworkPolicyManagerService
to remove the dependencies of ConnectivityService.
Bug: 175015282
Test: FrameworksNetTests
Change-Id: I82a7c62069ffd0683deb2f5ce2f99de120a2a16f
The argument type of interfaceClassDataActivityChanged takes a
string for the network type. It requires both the receivers and
NMS to do type transformation. The transformation is a redundant
work. Update it to take integer directly and rename to
understandable naming.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: Ibe9fa7a1b71af2dab916b5d615742e77e4174c39
Add uid into interfaceClassDataActivityChanged in
INetworkManagementEventObserver. This helps the listeners to use
BaseNetworkObserver to listen for target evnets instead of using
whole INetdUnsolicitedEventListener with no-op in other event
that listeners do not care about.
Bug: 170598012
Test: m ; atest FrameworksNetTests
Change-Id: I2a42a522c2ff9b1e0be88261a8574bb7f5292fa6
Reference for NMS in ConnectivityManager should be removed for
incoming CS mainline. The API for listening network activity
should not go into NMS. As an alternative, the registry requests
should be sent to CS and handled by CS. Add necessary alternative
in IConnectivityManger first. The detail implementation will be
added in the follow up commits.
Bug: 170598012
Test: m
Change-Id: If4d24b937feb88a61f22073af2f671cf20298364
This change adds additional detail for the VCN, describing feature set,
use cases and fail-safe modes.
Bug: 163431877
Test: Compiles, Boots (Comment-only change)
Change-Id: I1f82267c20dbbf5875ae27117debdb58f7b96e57
This commit adds the ability for the VcnManagementService to track/store
VCN profiles by subscription groups, and saving/loading to/from disk.
Bug: 163611304
Test: New tests added, passing
Change-Id: Ifabf5e2be090d529cd29e2c68d55ece4858b2aad
This change adds some of the basic fields in VcnConfig and
VcnGatewayConnectionConfig, plus adds a persistability layer to ensure
all VcnConfig(s) are disk-stable.
Bug: 163602123
Bug: 163594033
Test: New tests added, passing
Change-Id: I2e632532809e7768b284be376f2b0a77f634fef5
Previously, the phone ID was appended to the broadcast in DCT and sent
to ConnectivityManager. Instead of sending both as an action, send the
phone ID as an extra instead to make the action a protected broadcast.
Test: manually verify a SecurityException when action provision is sent
Test: atest DcTrackerTest
Bug: 172459128
Change-Id: Ic4129def86949d7191d15056852718dadbd72fba
Merged-In: Ic4129def86949d7191d15056852718dadbd72fba
Have users of EthernetManager#addListener specify an Executor instead of
running callbacks on ConnectivityThread.
For existing clients, run callbacks on the common BackgroundThread.
This change in behavior is fine because addListener is not an API, the
threading model in Q was to run callbacks on the looper of the thread
that first created EthernetManager (so there is already no guarantee on
which thread is used), and the only users are in Settings.
ConnectivityThread is moving to a connectivity-specific JAR, so it
should not be used by external classes.
Bug: 174436414
Test: Ethernet client / tethering working
atest TetheringIntegrationTests
Change-Id: Ic9a959f89915329f79eeeaa0a210ad50811d1291
getActiveNetworkQuotaInfo has never been in API surface since it
was introduced. It became essentially functionless since android O,
so there should be no usage dependency upon the hidden method,
In order to support ConnectivityService mainline, remove the
useless function to prevent necessary dependency.
Bug: 172183305
Test: atest FrameworksNetTests
Change-Id: Ia685b3260256d465ef614b2f577d13344074c787
This is consistent with NattKeepalivePacketData, which is also a
subclass of KeepalivePacketData.
TcpKeepalivePacketData is already used by the wifi module, but
statically linked.
Bug: 172789687
Test: m
Change-Id: I6aee1ae205987521bea4a3838bbece279ffa0e37
* changes:
Remove support for legacy network agents
Remove deprecated constructors for NetworkAgent
Migrate NetworkAgentWrapper to the new NA API
Cleanup TestNetworkService
* changes:
Add a convenience method to update a network's capabilities.
Disallow NetworkAgents from changing the owner UID.
Observe mOwnerUID in NetworkCapabilities#equals.
Currently, NetworkCapabilities's equals and hashCode methods
ignore mOwnerUID. This is confusing because it is inconsistent
with pretty much every other member of this class.
Bug: 175188445
Test: atest CtsNetTestCases:NetworkAgentTest \
CtsNetTestCases:Ikev2VpnTest \
CtsNetTestCases:VpnServiceTest HostsideVpnTests \
CtsNetTestCases:android.net.cts.ConnectivityDiagnosticsManagerTest \
ConnectivityServiceTest com.android.server.connectivity.VpnTest
Change-Id: I2348b7a35f32a931687f2d3c2fa57620a12fe06f
Connectivity service is going to become a mainline module which
will not be able to access hidden APIs. TcpKeepaliveController
is a part of CS mainline module, it uses TcpRepairWindow to
store tcp repair window info. Thus, expose TcpRepairWindow as
module-lib API to support the usage.
Bug: 172183305
Test: atest FrameworksNetTests
Change-Id: I1b6f5ae698f4b6e030a0f776aeafc774fa9f1437
Finally.
Now that mLegacy is always false, removing the support
for legacy agents, a follow-up change will remove
the member and all the associated code.
Test: FrameworksNetTests NetworkStackTests
Bug: 167544279
Change-Id: I6e2c27facdd3ecc232a0aa32bf57c33cb06f118e
NetworkUtils is planned to move to a dedicated JAR for connectivity
classes, while NetworkUtilsInternal would stay in the
frameworks-minus-apex JAR, in the com.android.internal.net package.
Bug: 171540887
Test: m, boots, wifi working
atest FrameworksNetTests
Change-Id: I3d38d72ad23a4bf84af823c7baeb6fed25c0665f
