At least until further permissions are agreed upon,
the NETWORK_STACK permission is sufficient to ensure
that access to the tunnel mode APIs is secure, and
this permission will always be a sufficient condition.
Thus, adding NETWORK_STACK.
Bug: 66955045
Test: compilation
Change-Id: I2dc36896a52d2e71fad55041507d68ca91191ffc
Use SecureRandom instead of Random since Random is time based and can
increase the chance of generating same MAC address across multiple
devices.
createRandomUnicastAddress should randomize all bits of the address,
except for locally assigned bit and unicast bit. The previous method
that only randomizes NIC and use Google Base OUI is renamed to
createRandomUnicastAddressWithGoogleBase.
Bug: 72450936
Test: runtest frameworks-net
Change-Id: Icda650638c2c1c9fd90d509a87e86347c0e05f2d
Switch to reading limit information from NetworkPolicy, which is
typically populated from SubscriptionPlan. This lets users have
direct control over the limits we're using to trigger rapid usage
alerts, and makes the feature work without requiring that the carrier
wire up SubscriptionPlan information.
Let the user "snooze" the rapid usage alerting for a day at a time,
so we're less annoying to them. Send the snooze broadcasts as
foreground, so that we don't re-post notifications while working
through a long background broadcast queue.
Fix notifications to use the "ALERTS" channel, since these alerts
really are higher priority than simple "STATUS" updates; this also
gives us HUN behavior when in full-screen apps.
Update both service and unit tests to work directly with
NotificationManager, instead of the raw AIDL.
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Bug: 72444638, 72436702
Change-Id: I8d9138522a7779cc68eb9fa4777b50facb6567b7
The majority of Manager-style classes already use Context.getUserId()
when making calls into the OS, so clean up the remaining callers to
unify behind this strategy.
This gives @SystemApi developers a nice clean interface to interact
across user boundaries, instead of manually adding "AsUser" or
"ForUser" method variants, which would quickly become unsustainable.
Test: builds, boots
Bug: 72863821
Exempt-From-Owner-Approval: trivial changes
Change-Id: Ib772ec4438e57a2ad4950821b9432f9842998451
The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug: 71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
This change makes sure tunnel mode transforms are properly activated
upon construction, and corrects bugs with how policy selectors were being
generated for tunnel mode policies. Specifically, the source/destination could
not be empty strings, even for cases where an empty selector was desired.
Bug: 72457770
Test: GTS tests run
Change-Id: I9a9f64c34b07883a02a5c996614f958486d214fc
The current implementation of getMobileRxBytes and all the similiar
method adds up the return values for multiple calls to getRxBytes so if
all of them return UNSUPPORTED for any reason, getMobileRxBytes() would
return a value such as -3. This behavior is not compliance with the cts
TrafficStatsTest which always assume getMobileRxBytes to return a
non-negetive value. The method now will check tha stats get from
getRxBytes method and add them up only if the stats is valid.
Bug: 72473294
Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Change-Id: I656970ebc8f6506cf17c4353ad46c0178bb65cfd
KeepalivePacketData currently mixes multiple concepts: the
list of parameters that are used to generate a keepalive
packet, the keepalive packet itself, and the parameters that
are needed to send a keepalive packet over an ethernet link.
The KeepalivePacketData is now a parcelable that can be used
generically by any NetworkAgent, regardless of how that Agent
fulfills its duty to initiate and maintain a keepalive session.
Bug: 69063212
Test: verified with SL4A, additional tests pending
Merged-In: I23dc4827ae729583356a8ff0f02e39a2ad2b81f5
Change-Id: I23dc4827ae729583356a8ff0f02e39a2ad2b81f5
(cherry picked from commit 26deacfbe7)
Due to an issue resolving the boot classpath, the
KeepalivePacketData structure cannot be referenced
by frameworks/opt/telephony while it is in services.
-Move KeepalivePacketData to android.net
-Also, relocate IpUtils without changing the package
name.
Bug: 38350389
Test: compilation
Merged-In: If5fc63e9ad8b9b2d4c2fee47ff4bab2ab190a05a
Change-Id: If5fc63e9ad8b9b2d4c2fee47ff4bab2ab190a05a
(cherry picked from commit 41002e3080)
- add Ethernet interface configurations to config.xml; no vendors can
specify network capabilities (in particular they can mark network as
restricted which make sense for embedded applications + static IP
configuration)
- extend EthernetManager to support multiple interfaces, use interface
name as an identificator
- extend IpConfigStore to store IP configuration based on string
identifier (e.g. ethernet name)
Test: runtest -x frameworks/base/services/tests/servicestests/ -c com.android.server.net.IpConfigStoreTest
Change-Id: Ic1e70003f2380ca8edb4469d6b34e27c5e8cf059
mUids is not marshalled correctly when null so if the
NetworkAgent runs in another process and is not a VPN then
the system will see its allowed Uids as being the empty
list (= nobody can use this network) instead of a null
list (= everybody can use this network). This breaks
emulator networking.
Bug: 72436966
Test: runtests frameworks-net
Test: also manual testing, this does fix emulator networking
and seems not to break phone networking
Cherry-pick of : Id2bbf3808e80b19cd055c832c11cf72372710942
Change-Id: I4b88d5eccbdea745a947d12635cd751e38632589
mUids is not marshalled correctly when null so if the
NetworkAgent runs in another process and is not a VPN then
the system will see its allowed Uids as being the empty
list (= nobody can use this network) instead of a null
list (= everybody can use this network). This breaks
emulator networking.
Bug: 72436966
Test: runtests frameworks-net
Test: also manual testing, this does fix emulator networking
and seems not to break phone networking
Change-Id: Id2bbf3808e80b19cd055c832c11cf72372710942
