This makes it so that the socket cannot receive datagrams from
anybody except the DHCP server. This does not improve security,
because we never read from the UDP socket anyway, but it does
make ListeningPortsTest pass.
Bug: 23906864
Bug: 23933386
Change-Id: Ib090273a417f7eb2ac1ee3309260249b72fb8345
getActiveNetworkInfo() and friends already know how to augment their
results to help apps detect when network access is blocked. This
change wires up the new app-idle and device-idle firewall rules to
be reported through these APIs.
This also causes other platform tools like DownloadManager and
SyncManager to respect these new policies.
Bug: 24050462
Change-Id: Id9517b0b70be7e3ca2ab27bed8049db916e4d829
* commit '017223acda5bfe16cb87d0a33d72dd28d2fccd3b':
Require the new PACKET_KEEPALIVE_OFFLOAD permission.
Add an error code for generic hardware error.
Fix bugs and crashes in PacketKeepalive API.
Add tests for the PacketKeepalive API.
Add a PACKET_KEEPALIVE_OFFLOAD permission.
Use a CountDownLatch instead of sleep() in NetworkFactory tests.
Get rid of shortSleep() in ConnectivityServiceTest.
Make ConnectivityServiceTest a bit more readable.
This is necessary because currently the wifi code just returns
whatever hardware-specific integer it gets back from the HAL,
which is bad because that will be interpreted by the caller as
one of the error codes defined in this class.
In parallel we'll also modify the wifi code to return this new
error code if the hardware returns an error.
Bug: 21405946
Change-Id: Ic9fa1193ced69a4e7ff543e397221c89b10a5a13
Move SUPL CONNECTIVITY_ACTION bcasts to a different, hidden intent
to reduce the churn of apps when SUPL comes/goes.
Short term hack until SUPL moves to use the new APIs and there's
no bcast.
bug:23350688
Change-Id: I3dc14b42afa72465260aa41ccedfe1df27baabd9
If an app uses the new api (requestNetwork) to bring up MMS, don't
mark it as a legacy request. This was done because the messaging
service had to use a combination of new API and old
(requestRouteToHost) due to api problems. This has been resolved
so don't mark these as legacy requests anymore.
The general stuff is still in for other types due to lack of testing
time but this should be removed altogether in the future.
bug:23350688
Change-Id: I41c27efb253c39d8af1357ae7916ed5315c716db
Requests without NET_CAPABILITIES_INTERNET and just the default network
capabilities should not be marked restricted. Without this fix apps
can hit permissions exceptions if they inadvertently make requests
without NET_CAPABILITIES_INTERNET.
Bug:23164917
Change-Id: I4c7136821315bcb05dfc42ffbc505a5d4f6109e6
Broadcasts information about network policy notifications
to a custom component, if specified, so it can handle them.
Also exposes an API to snooze warning notifications.
Change-Id: Ic89478fa437861e2d4b6a9443858bcaf12122fba
Merge the CHANGE_NETWORK_STATE permission with WRITE_SETTINGS.
AndroidManifest.xml:
Raised the protection level of CHANGE_NETWORK_STATE permission from
normal to signature|appops and pre23|preinstall for compatibility
provider/Settings:
Wrote new helper methods to check if app is allowed to change network
state.
ConnectivityManager.java & ConnectivityService.java:
Replace enforcement checks for CHANGE_NETWORK_STATE with
checkAndNoteChangeNetworkStateOperations instead.
Change-Id: If8c2dd3c76a5324ca43f1d90fa17973216c2bcc5
Compare caller and scorer uids to decide if caller is the
active scorer instead of calling AppOps.checkPackage().
Bug: 23000690
Change-Id: I64285f965716f3aceb24f193d86ab9d6be7202c5
With this change:
1. NOT_RESTRICTED should be removed from NetworkRequests that bring up
special restricted carrier networks (e.g. IMS, FOTA).
2. NetworkRequests without NOT_RESTRICTED require CONNECTIVITY_INTERNAL
permission to register
3. Binding sockets to networks without NOT_RESTRICTED requires
CONNECTIVITY_INTERNAL permission
Bug:21637535
Change-Id: I5991d39facaa6b690e969fe15dcbeec52e918321
The methods startUsingNetworkFeature, stopUsingNetworkFeature and
requestRouteToHost were @removed in all the M preview builds, but
internal and external developers have noted that this imposes
additional burden for applications that need to work across
multiple platform versions because it causes compile-time errors.
We switched from @removed back to @deprecated to avoid these
problems. In order to effectively deprecate these methods, which
are error-prone and insecure, make them throw
UnsupportedOperationException if the app's target SDK is M or
above.
Because there are still one or two places in system code that use
these APIs, exempt Process.SYSTEM_UID and the OMA-DM client from
the check for now.
Bug: 22728205
Change-Id: I790bd32f3aa8067cbb625962a209bb9232f4b58c
These were @removed too soon. We need to keep them @deprecated until
the bulk of devices support the new API and then we can remove them.
bug:22728205
Change-Id: If1b46ff1878f1778517624112b195c461645ddd1
If a network no longer satisfies a NetworkRequest, send the onLost
NetworkCallback. If it was a real request (not listen) then update
the NetworkFactories.
To test this change I created a little infrastructure to fake
different Internet connectivity probe results during tests. This
allowed me to rewrite some of ConnectivityServiceTest's logic for
validating networks. This brought to light a couple issues that
I had to address to keep tests passing:
1. testUnlingeringDoesNotValidate was relying on a bad side-effect
of my old method of ConnectivityServiceTest's logic for
validating networks, so I rewrote the test.
2. ConnectivityService was not sending out NetworkCallbacks for
WiFi when Cellular was validated. I'm including a fix for this
in this CL also.
Bug:22220234
Change-Id: I29314f38189817f8b2561a213c4f9e8522696663
* commit 'e288b3af14421731d8f477b97e8d77588f20498b':
Add a test for public bugs 2111 and 2136.
Always check off-link connectivity in NetworkDiagnostics.
Currently, NetworkDiagnostics only checks off-link connectivity if
one of the DNS servers is off-link. Make it check off-link
connectivity in all cases by sending probes to Google Public DNS
if off-link DNS servers are not specified.
Bug: 22569331
Bug: 22641669
Bug: 22748900
Change-Id: I6cb0dd8491bc0c1a488631deca56722b9c1d2b3f
If the user selects "No" in the "Stay connected?" dialog box:
1. Disable autojoining that network in the future, and
2. Disassociate from that network.
Bug:22187193
Change-Id: I14dc9236c57e3ab7d3ec95edc906787cbfbf3c9f
