Connectivity Diagnostics included an unnecessary try-catch for verifying
that the permissions check for invoking ConnectivityDiagnosticsCallbacks
doesn't throw when the uid and package name do not match.
Bug: 149119324
Test: atest FrameworksNetTests
Change-Id: Ie302b1f4f437e819fdd15ec28adb0b56750c2c53
Merged-In: Ie302b1f4f437e819fdd15ec28adb0b56750c2c53
(cherry picked from commit 66b5e081b7)
ConnectivityDiagnosticsCallbacks should only be invoked for the
underlying networks declared by active VPNs. This encourages VPN apps to
declare their underlying networks.
The previous permission model for VPNs allowed active VPNs to receive
callbacks on any network.
Bug: 148903617
Test: atest FrameworksNetTests
Change-Id: Ic08cdd2e2532580fda0fd3034e2bdff27e0ff84b
Merged-In: Ic08cdd2e2532580fda0fd3034e2bdff27e0ff84b
(cherry picked from commit e1f0c56f74)
CONNECTIVITY_ACTION_SUPL is marked as a "temporary hack" and has
never been public. Remove this intent definition since no one is
receiving this intent and should use network callback to know the
connection change.
Bug: 109636544
Test: atest FrameworksNetTests
Change-Id: Ie9e5127742beba04f1c191e894e8a29fe1e704bb
Merged-In: Ie9e5127742beba04f1c191e894e8a29fe1e704bb
(cherry picked from aosp/1224697)
NetworkCapabilities#mAdministratorUids is used to track the UIDs that
are administrators of the given Network. This value was previously
stored as List<Integer>. However, general Android API Council guidelines
recommend using Arrays for primitive values. In order to be consistent
with the guidelines, updating the field to use an Array.
Bug: 147903575
Test: atest FrameworksNetTests
Change-Id: I2652a5b0f276b8944454af5cb4b1383a3e054cfa
- Change route to update existing route
- MTU parameter added to AddRoute
Bug: 142892223
Test: unit test
Change-Id: I2164808ef628eb7c12e875f0bde7f5151bf6a5b5
Merged-In: Ie339d0cee5be12c2232a4631fed61219a0facc64
(cherry picked from commit e521f07e8b)
The NetworkStack.getService() API should be used instead.
Bug: 151243982
Test: atest FrameworksNetTests TetheringTests
Manual tethering test
Change-Id: I7855090bffbe895c8349ad4903b8f2eb55515f0b
ConnectivityService currently calls
LocationPermissionChecker#checkLocationPermission. This method call
throws a SecurityException if the given package name and UID do not
match. This permission check is made from the ConnectivityService
Thread, so any Exception being thrown will crash the SystemServer. This
is not acceptable, so surround the permission check in a try-catch in
case any SecurityExceptions are thrown.
Bug: 149119324
Test: atest ConnectivityServiceTest
Change-Id: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2
Merged-In: Ibe2874f2a5249432270aa1b9eb7d004bbba35ac2
(cherry picked from commit 9eacc855b6)
API Council feedback suggests renaming ConnectivityDiagnosticsCallback
'onConnectivityReport' function to be 'onConnectivityReportAvailable'.
Bug: 150598997
Test: atest FrameworksNetTests
Change-Id: Ieea727ecee6cf358a53a215fd4b06233dfe967ea
(cherry picked from commit 324b224cc48fcb12125bd1727be70ad2effbfce3)
CTS tests don't have access to TestNetworkAgent and therefore
require overloading this method, which means 'null' is ambiguous.
Bug: 139268426
Test: FrameworksNetTests
Change-Id: I5d7deea82d7114fa38f37b90f94fe7e6073bd848
(cherry picked from commit ff83f1d7ee)
NetworkFactory is turning into a one-time object that cannot be
re-used. Check for this in ConnectivityService.
Bug: 148635501
Test: test continues to pass
Change-Id: I793436ee0f4b5d778788ad34b8a2575d2ad0ed80
ConnectivityDiagnostics shares NetworkCapabilities in
ConnectivityReports and DataStallReports. These NetworkCapabilities need
to have their UIDs scrubbed before they are shared with callbacks.
Bug: 148942124
Test: atest FrameworksNetTests
Change-Id: I5bde5a8116f7e36b8f4de49adf4cab8ec45a5aa4
Merged-In: I5bde5a8116f7e36b8f4de49adf4cab8ec45a5aa4
(cherry picked from commit 3de2432655)
Check all routes that are added and removed instead of just some
of them. This is in preparation of an upcoming change that
switches to adding and creating routes by issuing direct calls to
netd.
Also rename the misleading ipv4Default route variable to
ipv4Subnet, which is what it actually is.
Bug: 142892223
Test: test-only change
Change-Id: I7d111382be215a926a7d7d4701bd3c3e94372b99
Merged-In: I7d111382be215a926a7d7d4701bd3c3e94372b99
(cherry picked from commit dcb35cb9a5)
This class is useless at this point and introduces overhead.
Bug: 113554781
Test: FrameworksNetTests
Change-Id: Ib5f540070222865260c16c7182cc13c710a243c2
Merged-In: Ib5f540070222865260c16c7182cc13c710a243c2
(cherry picked from commit c3489ad3a6)
Remove the old connected notification since there is a new file
- NetworkStackNotifier.java which will send the connected
notification when captive portal validated.
Bug: 149883761
Test: 1. atest FrameworksNetTests
2. Sign-in a captive portal and see if there is a redundant
connected notification.
Change-Id: Id11a9b99dd04772a92af8d527104906c47bf64cd
Merged-In: Id11a9b99dd04772a92af8d527104906c47bf64cd
* changes:
Revert "[NS D05] Rework how to tear down networks"
Revert "[NS D06] Implement more policies"
Revert "[NS D07] Use the unmodified legacy score"
Revert submission 10343065
Reason for revert: This is part of a feature that was punted out of R.
Reverted Changes:
Ic9a3d3363:[NS D05] Rework how to tear down networks
I7d815f873:[NS D06] Implement more policies
I561098476:[NS D07] Use the unmodified legacy score
Change-Id: I8d2696d15999265d79abfc9163e7e5ccad873cfe
Revert submission 10343065
Reason for revert: This is part of a feature that was punted out of R.
Reverted Changes:
Ic9a3d3363:[NS D05] Rework how to tear down networks
I7d815f873:[NS D06] Implement more policies
I561098476:[NS D07] Use the unmodified legacy score
Change-Id: I184817e3aa290afdbe6721a7c36332b940434d3a
This change adds permission checking to ensure that the following
conditions are enforced in order for apps to receive the owner UID:
1. The app must be the owner of the network
2. The app must hold the FINE_LOCATION permission/appop
3. The user must have their location toggle enabled.
Bug: 142072839
Test: atest FrameworksNetTests
Change-Id: I7a981a82f1219828ee89c8c96eb9d2efd153377f
Ranking used to make use of the various adjustments in
ConnectivityService. These are now implemented in policy.
Test: ConnectivityServiceTest
Change-Id: I56109847678ea5cda1752511123ba652c0f4fe36
Networks are torn down if they don't satisfy requests but only if
they are found unable to ever do so. This is important because
general-purpose networks typically turn up unvalidated, which
means they would get torn down immediately in the presence of
some worse network that is already validated.
Note that functionally it's the same as before for the existing
scores, except that
• An exiting network that doesn't satisfy any request is always
torn down immediately – this is WAI
• An unmetered network is never torn down when compared to a
metered network – this is a bugfix (previously the platform
would tear down an unmetered cellular on grounds that it
could not beat the performance of a metered Ethernet, but
that's wrong ; the bug was never realized because Android
always thinks Ethernet is unmetered)
• An unvalidated network will not be torn down if the current
satisfier is also unvalidated, even if the satisfier is much
faster. This is the reason for the change in the test. It's
wrong to tear down in this case because even if much slower
the slower network should win if it validates and the other
doesn't.
Test: ConnectivityServiceTest
Change-Id: Ic9a3d336306a25d1272976ce467aa7c908af7bef
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
Merged-In: I5eda88e5b406a0e425eb7424665cf702e0979324
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
When new CaptivePortalData is received from NetworkMonitor, send a
LinkProperties updated callback.
The updated LinkProperties only contain CaptivePortalData if the
receiver has NETWORK_SETTINGS or MAINLINE_NETWORK_STACK permissions, as
defined in the current callback code.
Test: atest FrameworksNetTests
Bug: 139269711
Change-Id: I68595a519171b31792259849efff5f58c43cacd4
State override is only handled when state is changed from
CONNECTED to SUSPENDED but not reverse path. Handle both ways
for SUSPENDED state.
Bug: 148678431
Test: FrameworkNetTests
Change-Id: I9333f865d61bbf008fdb8ca162ad17dfdffd1d67
This CL adds checks to ensure restricted users cannot change or
start/stop platform VPNs. In addition, this also adds checks to the
ConnectivityManager#getConnectionOwnerUid() to ensure that only
VpnService based VPNs can identify connections
Bug: 148040659
Test: FrameworksNetTests run
Change-Id: Id47ada5766036bfc84f3ba47f66f2d2683af916d
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Change-Id: I58775e82aa7725aac5aa27ca9d2b5ee8f0be4242
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Change-Id: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
