The NetworkStackPermissionStub package is used to enforce that
permissions used by the NetworkStack are only used in packages
sharing signature with NetworkStackPermissionStub.
Permissions defined in this package are intended to be used only by the
NetworkStack: both NetworkStack and the stub APK will be signed with
a dedicated certificate to ensure that, with permissions being signature
permissions.
This APK *must* be installed, even if the NetworkStack app is not
installed, because otherwise, any application will be able to define
this permission and the system will give that application full access
to the network stack.
Test: flashed, booted
Bug: 112869080
Change-Id: Ia13a9e6a703cb7b4403697a7f7bfff0f6f3b813e
Bluetooth runs as UID 1001002 when on a secondary user. With this change
the NetworkStack verifies that the calling UID matches the Bluetooth app
regardless of the user.
Test: flashed, BT reverse tethering still working as primary user
(no option to turn on as secondary user on phones)
Bug: 123655057
Change-Id: I23f9c5fa40f3bb676ac65dd8c15106c9d78309a4
The callback would be used to notify entitlement value. If the
cache value indicates entitlement succeeded, it just fire
callback with cache value instead of run entitlement check.
Bug: 120887283
Test: atest FrameworksNetTests
Change-Id: I8afe928423bd75c54c61533a50a5c0814922ceb1
Currently it is not possible to change private DNS bypass by
doing:
setProcessDefaultNetwork(network.getPrivateDnsBypassingCopy());
setProcessDefaultNetwork(network);
because the code will ignore the change. Fix this by ensuring
that we always call bindProcessToNetwork (which does not have
side effects) and then only performing the expensive operations
(flushing DNS cache, upating socket pools) if the netId changed.
Bug: 112869080
Test: None
Change-Id: I5e8999cb11d8b8c1e9eb583fa8b3932f212accff
For VPN apps targeting Q and above, they will by default be treated as
metered unless they override this setting before establishing VPN.
Bug: 120145746
Test: atest FrameworksNetTests
Test: On device tests verifying meteredness setup correctly for apps
targeting Q and apps targeting P.
Change-Id: Ia6d1f7ef244bc04ae2e28faa59625302b5994875
Currently, bypassing private DNS requires calling the deprecated
setProcessDefaultNetworkForHostResolution. Allow apps to do this
via the non-deprecated binProcessForNetwork as well.
This has fewer backwards compatibility concerns than the
alternative approach of having setProcessDefaultNetwork call
setProcessDefaultNetworkForHostResolution. That approach would
have been problematic, for example, if an app did:
cm.bindProcessToNetwork(network);
...
cm.bindProcessToNetwork(null);
In this case, it would be difficult to know whether to clear the
resolver mapping as well: what if an app had also called
setProcessDefaultNetworkForHostResolution?
Similarly, it would be difficult to know what to do if an app did:
cm.setProcessDefaultNetworkForHostResolution(network);
cm.bindProcessToNetwork(null);
This approach does not have these concerns, and has no effect
on apps that don't call Network.getPrivateDnsBypassingCopy, which
regular apps don't have permission to use. It also provides a
path to deprecate setProcessDefaultNetworkForHostResolution.
Bug: 112869080
Test: atest android.net.cts.ConnectivityManagerTest android.net.cts.MultinetworkApiTest
Change-Id: I4158a37b6ed87a9a9b2677c526dcfee8af48e483
The metrics go through NetworkMonitor in the NetworkStack so that they
can be upgraded to new metrics in the future.
Test: flashed, captive portal login works, metrics shown in events log
Bug: 112869080
Merged-In: I4bccfbd87bae5b2d65e45c7a5918aa45ab5d76e8
Change-Id: Ib5e2126788f8d56a00a56d7efcd33c5f9a37a6de
The metrics go through NetworkMonitor in the NetworkStack so that they
can be upgraded to new metrics in the future.
Test: flashed, captive portal login works, metrics shown in events log
Bug: 112869080
(Cherry-pick of aosp/890004)
Change-Id: I4bccfbd87bae5b2d65e45c7a5918aa45ab5d76e8
This is a cherry-pick of ag/607226 that has been rebased on
top of four years of changes and with comments addressed.
Gives each factory a serial number and propogates it to every
NetworkAgent so when a score comes back indicating a request is
being handled the factory can account for it properly.
Without this, a new request that's already handled by a network
offered by a factory will not cause an increment of the factorys
ref count. Concretely this results in issues like the RAT icon
not being displayed in spite of the network actually being up
and usable.
This will be ported to AOSP as soon as possible, but immediately
some master-only WiFi tests need to be adjusted with this change
which would not let me submit to AOSP.
Bug: 18637384
Bug: 29030667
Test: manual
Test: atest frameworks/opt/telephony/tests/telephonytests
Test: atest frameworks-net
Test: atest CtsNetTestCases CtsHostsideNetworkTests
Change-Id: I597ac588f76dd507512ff02868fd1310b7e63f7e
Includes various small changes to stop using hidden APIs
Test: make NetworkStack
Test: flashed, booted, WiFi and tethering working
Bug: 112869080
Change-Id: Id2830795a444f484b377ed6437435a1cd833697a
Split the existing WifiNetworkConfigBuilder into 2 separate builders,
one for building WifiNetworkSuggestion and one for WifiNetworkSpecifier.
Other changes in the CL:
a) Marked the constructor of the abstract NetworkSpecifier class public
to allow WifiNetworkSpecifier.Builder() (& hence WifiNetworkSpecifier) to
be public. The alternative is to put the builder for WifiNetworkSpecifier
in some other file (like WifiManager)
b) Mark WifiNetworkSpecifier class public to make it's builder visible.
c) Modify the documentation (& usage example) for WifiNetworkSpecifier
builder to explicitly call out that this can only be used for a local
wifi connection (i.e no internet capability).
Bug: 123313291
Test: ./frameworks/base/wifi/tests/runtests.sh
Test: make docs
Change-Id: I1a5fcff886124010222e112dbca92797a514b6d9
The utilities are not supported as public API but required as SystemApi
for the NetworkStack.
Test: flashed, boots, WiFi works
Bug: 112869080
Change-Id: Ia64b3bf9c6c33cf61bed76469ea9963b550bed2b
attach*Filter and addArpEntry are necessary for the NetworkStack but are
only usable for apps that have system permissions.
Also includes system API for IpPrefix, LinkAddress, LinkProperties,
Network, and static modifier in ApfCapabilities that were missed in
previous CLs.
Test: Builds, flashed, WiFi works
Bug: 112869080
Change-Id: If141ae6a2f9145f5af64ba002ca44938f39b90a9
