* Use public stable API to load certificates from keystore.
* Also use grants to allow racoon to use keystore keys without
special exceptions in keystore.
* Use LegacyProfileStore instead of Keystore for storing VPN profiles.
Bug: 175068876
Bug: 171305607
Test: atest android.net.cts.Ikev2VpnTest
atest android.net.cts.IpSecManagerTest
atest com.android.server.connectivity.VpnTest
atest com.android.server.ConnectivityServiceTest
Merged-In: I27975113896ea137260a9f94a34fb1c3ca173fe3
Change-Id: I27975113896ea137260a9f94a34fb1c3ca173fe3
The test is currently flaky as broadcasts can take a long time
to be delivered, often more than 500ms.
Extend the timeout for broadcasts to 30s.
Historically the test would wait for broadcasts for at most 500ms,
but not verify that they were received before proceeding. This was
fixed recently by adding an assertion, but the assertion needs to
give enough time for the broadcast to be received.
Bug: 173331190
Change-Id: I0760f3418c635aa4d68de5aefdb7120a9d3e930b
Test: atest FrameworksNetTests
Create TrafficDescriptor class
Create new APN ENTERPRISE
Update setupDataCall and DataCallResponse to take TrafficDescriptor and
matchAllRuleAllowed
Move ApnTypes from Annotation to ApnSetting
Bug: 179312227
Test: atest FrameworksTelephonyTests
Change-Id: I7433976bfe25bcb2af85ffb9338959cbcc9f42f3
Merged-In: I7433976bfe25bcb2af85ffb9338959cbcc9f42f3
This change migrates NetworkStatsService and related code to use
NetworkStateSnapshot which is used for replacing the NetworkState.
This patch also changes some formating which is suggested by
the linter.
Test: FrameworksNetTests NetworkPolicyManagerServiceTest
Bug: 174123988
Change-Id: I547da8f411cb45bdadc376ac3cadf3f3c55bb282
* changes:
Fix comments left on aosp/1547454 and aosp/1556106
Remove INetworkManagementService from ConnectivityService
Remove unused INetworkManagementService
Remove BaseNetworkObserver from Nat464Xlat
Only part of events will report from DnsResolver through
INetdEventListener. So use IDnsResolverUnsolicitedEventListener
to get exactly supporting events from DnsResolver and it uses
Parcelable object to deliver data which can be more updateable
and extendable in the future.
Bug: 173485754
Test: atest FrameworksNetTests
atest CtsNetTestCases
Change-Id: I8d2e700ae8861ed8ceccd287f3ca5bc2f1ed6dee
Remove INetworkManagementService from ConnectivityService and
related files.
Bug: 174837473
Test: atest FrameworksNetTests FrameworksNetIntegrationTests
Change-Id: Ie6cfd77bbd64a8fd7539b0ea7fd15bf970e40c3d
Unit test automation validating how multiple default networks are
tracked within ConnectivityService when set by network preferences
used with setOemNetworkPreference() API functionality.
Bug: 178632672
Bug: 172347841
Bug: 170068946
Test: atest FrameworksNetTests
Change-Id: Iae1935944214efaa8a21636c55e6d8be816275f7
UidRange will be a part of connectivity mainline module.
Mainline modules should use strongly-typed UserHandle arguments.
The method also refer to the hidden UserHandle.PER_USER_RANGE
which is not available after UidRange is moved into module.
Thus, replace the usage and remove the createForUser method that
takes userId parameter.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: I3f33ea92c4a24342af9ec4b0367c50bb64ce6450
Deduce the NET_CAPABILITY_NOT_VCN_MANAGED capability from other
capabilities and user intention, which includes:
1. For the requests that don't have anything besides
VCN_SUPPORTED_CAPABILITIES, add the NOT_VCN_MANAGED to
allow the callers automatically utilize VCN networks
if available.
2. For the requests that explicitly add or remove
NOT_VCN_MANAGED, do not alter them to allow user fire
request that suits their need.
Test: atest NetworkRequestTest#testBypassingVcnForNonInternetRequest
Bug: 175662146
Change-Id: I2876264cee14b624c89ba3b380027a8b521ad8ea
(cherry-picked from aosp/1549817)
Repalace the API with SysetmConfigManager#getSystemPermissionUids
and update the design/test accordingly.
Bug: 177188455
Test: atest FrameworksNetTests
Test: atest FrameworksNetIntegrationTests
Test: atest CtsNetTestCases
Change-Id: I8b553b934252b93c60b815715680427a41620054
* changes:
[IT06]Move INetworkActivityListener into connectivity module
[IT05] Remove the unused network activity logic out from NMS
[IT4.7] Add network activity info into dumpsys for debugging
[IT4.6] Unbundle NMS out from ConnectivityManager
[IT4.5] Update radio power from CS directly
Unit test automation for multilayer network hierarchy evaluation
when using the setOemNetworkPreference() API ConnectivityService.
Bug: 178632672
Bug: 176494815
Bug: 170068946
Test: atest FrameworksNetTests
Change-Id: Ia9b76f49a07eff6a3977faaa41fc67a10f307841
These cause the tests to crash on eng builds, so disrupt
development.
Test: atest FrameworksNetTests passes on eng build
Change-Id: Ifa5131fdb8f57af812cf688970be6588d2879c29
ConnectivityService is no longer to update idle timer to NMS but
send to INetd directly after this change. Replace the API
implementation in ConnectivityManager to refer into
ConnectivityService instead of NetworkManagementService to remove
the dependency between CM and NMS for ConnectivityService mainline.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: If0ac9a6427dba5a732a15b5d7ca1351b71b07b7b
Unit test automation for setOemNetworkPreference() API functionality on
ConnectivityService.
Bug: 178632672
Bug: 176494815
Bug: 170068946
Test: atest FrameworksNetTests
Change-Id: Ib76917f0fa78b736207f82d99137a6cf49481b20
Currently, BroadcastInterceptingContext always runs broadcast
receivers on the thread that called sendBroadcast. This means:
1. Receivers might run on the wrong thread, making the test less
realistic.
2. If any receiver checks what thread it's running on, then
either the check needs to be modified or deleted, or the test
must call sendBroadcast on the thread that the receiver
expects to run on. The latter is impossible when there is more
than one receiver that needs to run on more than one thread.
This CL adds a setUseRegisteredHandlers method that allows tests
to say that they want each receiver to run on the Handler
specified at registration time.
This CL also enables the new mode for ConnectivityServiceTest,
and resolves a TODO to re-enable a disabled thread check.
The new mode cannot be enabled by default because it would break
most of the tests.
All the below tests pass except for the car bluetooth test
testAutoConnectAdapterOff_returnsImmediately which was already failing.
Bug: 173331190
Test: atest CarInputServiceTest BluetoothProfileDeviceManagerTest
Test: atest NetworkPolicyManagerServiceTest
Test: atest ConnectivityServiceTest
Test: atest TetheringTest TetheringNotificationUpdaterTest
Test: atest VersionedBroadcastListenerTest EntitlementManagerTest
Test: atest TetheringConfigurationTest
Test: atest CachedDeviceStateServiceTest
Test: atest EmergencyAffordanceServiceTest
Change-Id: I3303bb14516f07a55d82a16b59c111ab3f8b0389
* changes:
Check registering system default callback needs NETWORK_SETTINGS.
Move VPN code from ConnectivityService to VpnManagerService.
Add a skeleton VpnManagerService, and start it on boot.
Convert LockdownVpnTracker to NetworkCallbacks.
Minor fixes to VpnTransportInfo.
Revert submission 1579872-vcn07
Reason for revert: Possible culprit for b/179768816, broken ConnectivityControllerTest
Reverted Changes:
Id09b19c13:Address comments on aosp/1550755
I245bd69e0:[VCN07.1] Add test for bypassing VCN for non-inter...
I9936894b9:[VCN07] Bypass VCN for non-internet app accessible...
Change-Id: Ie5f8c3051fed40623e5d4705ac2243ef51a898bd
ConnectivityService itself does not depend on mVpns or the Vpn
class any more. Most of this CL is simply moving code from one
class to another:
- Move the AIDL calls from IConnectivityManager to IVpnManager.
- Move the implementation from ConnectivityService to
the new VpnManagerService.
- Move the APIs from ConnectivityManager to VpnManager, but
temporarily maintain some shims in ConnectivityManager for the
moved calls so that existing callers do not have to be modified
in this CL.
- Update VpnService to call IVpnManager instead of
IConnectivityManager.
- Move the code that registers the VpnManager service from
ConnectivityFrameworkInitializer to SystemServiceRegistry.
Bug: 173331190
Test: atest HostsideVpnTests FrameworksNetTests CtsNetTestCases
Change-Id: I4911e2144df721a94fa00da9edf0dc372a7091c2
This will allow moving LockdownVpnTracker from the connectivity
to the VPN code. This requires moderate refactoring since it's
pretty tightly coupled to both.
In this CL:
1. Add an @hide API to tell ConnectivityService that legacy
lockdown VPN is enabled. I chose not to use the existing
setVpnRequiredForUids API because that method has specific
semantics and because it will be required long term since
it's used by non-legacy VPN types.
2. Instead of updating LockdownVpnTracker inline from the
ConnectivityService handler thread, have it listen to
NetworkCallbacks. This introduces an extra thread hop, but
most of the interactions between the lockdown VPN and CS were
via NetworkAgent, which is asynchronous anyway.
3. Add code to LegacyTypeTracker to send the extra
CONNECTIVITY_ACTION broadcast for the underlying network type
that is sent after the VPN connects. In order to do this, make
Make LockdownVpnTracker specify its underlying network
(via setUnderlyingNetworks) when it connects.
4. Reimplement LockdownVpnTracker#augmentNetworkInfo based on
information that is available in ConnectivityService.
5. Remove the code in LockdownVpnTracker that counted errors.
I think this code has not worked since lollipop, because
ConnectivityService never sees NetworkInfo objects in state
FAILED. This is because ConnectivityService only hears about
NetworkInfo objects via NetworkAgents, and LegacyVpnRunner
only registers its NetworkAgent when the connection succeeds.
Bug: 173331190
Test: passes existing tests in ConnectivityServiceTest
Change-Id: I66d18512882efd468ee0ecec61f28786a195b357
Use data that is already available in ConnectivityService
instead.
The behaviour of the new implementation is slightly different
from Q and R code when the permission check fails.
- The old code would throw a SecurityException if an app that
was not an active VPN called the method, and would return
INVALID_UID if the connection belonged to a UID that was not
subject to the VPN.
- The new code returns INVALID_UID in both cases.
This does not seem like a compatibility problem. The only case in
which the code throws SecurityException is if the app is not a
current VPN app, but the app already knows whether it is or not.
The docs don't mention that the method SecurityException, either.
Bug: 173331190
Test: atest FrameworksNetTests
Test: atest HostsideVpnTests
Change-Id: If3d031e74df33b5c97e12ebf02272faac6769d50
This currently stores the VPN type and a session name, but can be
extended in the future.
Bug: 173331190
Test: added coverage in VpnTest
Test: added coverage in ConnectivityServiceTest
Test: added coverage in NetworkAgentTest
Change-Id: I450858a9fa332c8d896dbdb4c14337d5ec23677f
This method allows internal components to track the system
default network. This differs from registerDefaultNetworkCallback
because that method sends callbacks for the default network for
the UID that called it. This may not be the system default
network, for example, when a VPN is up and applies to the UID.
Bug: 173331190
Test: new unit tests in ConnectivityServiceTest
Test: new unit tests in ConnectivityManagerTest
Test: new CTS tests in ConnectivityServiceTest
Test: new CTS tests in HostsideVpnTests in other CL in this topic
Change-Id: Id02748a2183f71b71ff2a53a580466b9dcecaa93
- Added API to add T&C URL in the CaptivePortalData class, and to
indicate if the source is from Passpoint.
- Added source indication for the Venue URL API.
- Allow the connectivity service to send a new T&C acceptance
notification.
- Updated the merge method to prefer the Capport data over the
network agent data, if the source is not authenticated (not from
Passpoint).
- Propagate the Venue Friendly name to the captive portal activity
to be used instead of SSID, when available.
Bug: 162785447
Test: End-to-end test
Test: atest ConnectivityServiceTest
Test: atest CtsNetTestCasesLatestSdk:CaptivePortalDataTest
Test: atest NetworkNotificationManagerTest
Change-Id: I4e77c3b6c01941b03c46ad32da70c77e0fecac64
Not currently setting the atttribution tag for location
permission checks. Plumb the attribution tag for all location permision
checks (so that location access is correctly attributed to individual
components within an app)
Bug: 162602799
Test: atest android.net
Test: atest com.android.server
Change-Id: Iee95f05204f51a4f8cb1f36acfb60e8cdeb156f4
* changes:
Change ConnectivityServiceTest to prepare for VPN code move.
Add to VpnManager the VPN APIs used by Settings and SystemUI.
Remove temporary hack in VpnTest.
No-op changes to make it easier to review the VPN code move.
1. Set underlying networks via MockVpn, not ConnectivityService.
2. Add a processBroadcastForVpn utility method that we can modify
without too much churn when the code is moved.
Bug: 173331190
Test: test-only change
Change-Id: I4256ca5f33034ef9d1de79857795a6ed1d644e61
This is mainly used by VCN, where VCN-eligible networks might
be registered before VCN management service can fire request
to prevent the newly created network from being torndown
immediately by ConnectivityService.
Test: atest ConnectivityServiceTest#testNewNetworkLingering
atest ConnectivityServiceTest#testNewNetworkLingering_bgNetwork
atest FrameworksNetTests --rerun-until-failure 20
Bug: 175180558
Change-Id: I7768daf4cf2d8f6d8057b5107412e06104ba82e0
