The NetworkStackPermissionStub package is used to enforce that
permissions used by the NetworkStack are only used in packages
sharing signature with NetworkStackPermissionStub.
Permissions defined in this package are intended to be used only by the
NetworkStack: both NetworkStack and the stub APK will be signed with
a dedicated certificate to ensure that, with permissions being signature
permissions.
This APK *must* be installed, even if the NetworkStack app is not
installed, because otherwise, any application will be able to define
this permission and the system will give that application full access
to the network stack.
Test: flashed, booted
Bug: 112869080
Change-Id: Ia13a9e6a703cb7b4403697a7f7bfff0f6f3b813e
Define the DynamicAndroid with AIDL.
Add a java implementation.
Start a service instance in the system server.
Add a permission test.
Bug: 122015653
Test: Build & Test on a pixel phone with following command \
./frameworks/base/services/tests/runtests.py -e class com.android.server.DynamicAndroidTest
Merged-In: I2e54b6b71fac4a4c5a9c9c25ce6bdac74cddcfb7
Change-Id: I2e54b6b71fac4a4c5a9c9c25ce6bdac74cddcfb7
Bluetooth runs as UID 1001002 when on a secondary user. With this change
the NetworkStack verifies that the calling UID matches the Bluetooth app
regardless of the user.
Test: flashed, BT reverse tethering still working as primary user
(no option to turn on as secondary user on phones)
Bug: 123655057
Change-Id: I23f9c5fa40f3bb676ac65dd8c15106c9d78309a4
The callback would be used to notify entitlement value. If the
cache value indicates entitlement succeeded, it just fire
callback with cache value instead of run entitlement check.
Bug: 120887283
Test: atest FrameworksNetTests
Change-Id: I8afe928423bd75c54c61533a50a5c0814922ceb1
Currently it is not possible to change private DNS bypass by
doing:
setProcessDefaultNetwork(network.getPrivateDnsBypassingCopy());
setProcessDefaultNetwork(network);
because the code will ignore the change. Fix this by ensuring
that we always call bindProcessToNetwork (which does not have
side effects) and then only performing the expensive operations
(flushing DNS cache, upating socket pools) if the netId changed.
Bug: 112869080
Test: None
Change-Id: I5e8999cb11d8b8c1e9eb583fa8b3932f212accff
This is consistent with other methods in this class, and unbundled
system apps such as the network stack need this API to verify their
callers regardless of the userid. The method is already marked as
TestApi.
Test: m
Bug: 123655057
Change-Id: I0ecef4abcd850dc641cd70681a56cb038778c04c
For VPN apps targeting Q and above, they will by default be treated as
metered unless they override this setting before establishing VPN.
Bug: 120145746
Test: atest FrameworksNetTests
Test: On device tests verifying meteredness setup correctly for apps
targeting Q and apps targeting P.
Change-Id: Ia6d1f7ef244bc04ae2e28faa59625302b5994875
We want to be able to control at a fine grained level whether precompiled
layouts are enabled so we can compare inflation results with and without. This
changes adds a @TestApi method that supports this.
Bug: 111895153
Merged-In: Ib6b62d79a9ca7aefefff8639752aa5838e491038
Change-Id: I2f28f6912499825e52c17cc163be9c0fe93855cb
Currently, bypassing private DNS requires calling the deprecated
setProcessDefaultNetworkForHostResolution. Allow apps to do this
via the non-deprecated binProcessForNetwork as well.
This has fewer backwards compatibility concerns than the
alternative approach of having setProcessDefaultNetwork call
setProcessDefaultNetworkForHostResolution. That approach would
have been problematic, for example, if an app did:
cm.bindProcessToNetwork(network);
...
cm.bindProcessToNetwork(null);
In this case, it would be difficult to know whether to clear the
resolver mapping as well: what if an app had also called
setProcessDefaultNetworkForHostResolution?
Similarly, it would be difficult to know what to do if an app did:
cm.setProcessDefaultNetworkForHostResolution(network);
cm.bindProcessToNetwork(null);
This approach does not have these concerns, and has no effect
on apps that don't call Network.getPrivateDnsBypassingCopy, which
regular apps don't have permission to use. It also provides a
path to deprecate setProcessDefaultNetworkForHostResolution.
Bug: 112869080
Test: atest android.net.cts.ConnectivityManagerTest android.net.cts.MultinetworkApiTest
Change-Id: I4158a37b6ed87a9a9b2677c526dcfee8af48e483
The metrics go through NetworkMonitor in the NetworkStack so that they
can be upgraded to new metrics in the future.
Test: flashed, captive portal login works, metrics shown in events log
Bug: 112869080
Merged-In: I4bccfbd87bae5b2d65e45c7a5918aa45ab5d76e8
Change-Id: Ib5e2126788f8d56a00a56d7efcd33c5f9a37a6de
Includes various small changes to stop using hidden APIs
Test: make NetworkStack
Test: flashed, booted, WiFi and tethering working
Bug: 112869080
Change-Id: Id2830795a444f484b377ed6437435a1cd833697a
