The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug: 71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug: 68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
- move BroadcastReceiver info to developer guide. see cl/140402421
- add usage note to CONNECTIVITY_ACTION broadcast
bug:32533262
bug:33106411
Change-Id: Ic2aa517831d29418e0c42aa6fc1e7f9aeb50f802
Properly account for VPN apps that make heavy use of the tun
interface. Prior to this change a VPN app could be incorrectly charged
for more data than it actually used if it sent more traffic through
the tun interface than the underlying interface.
This change excludes VPN app traffic on the tun interface from the
adjustment pool and doesn't redistribute traffic to the VPN app.
Instead all of the redistributed traffic is deducted from the VPN app
which effectively represents any overhead incurred by the VPN app.
BUG: 30557871
Change-Id: I62a75a0c0c0111e052b7903baa9f5d6d94ef57fd
This patch adds an explicit check in the DHCP packet parser for
rejecting packets without a magic cookie, instead of relying on the
top-level try-catch-all in the parser.
This allows to add to DHCP error metrics this specific error.
It also allows to add two poor man's fuzzing tests that tries to find
additional gaps in the DHCP packet parser by
- trying to parse all subslices of a valid offer packet.
- trying to parse random byte arrays.
Test: covered by previously introduced malformed DHCP packet unit tests
+ additional fuzzing tests.
Bug: 31850211
Change-Id: If53c9ba9df78d7604ec018c9d67c237ae59c4833
This patch adds a try catch all to DHCP packet parsing so that
DhcpClient does not choke on malformed packets, brinding down with it
the whole framework.
Test: added new unit tests catching the issue fixed in this patch.
Bug: 31850211
Change-Id: I3c50a149fed6b2cbc4f40bb4f0e5bb2b56859b44
This patch adds the possitibility to send a 3rd fallback validation
probe in sendParallelHttpProbes when neither the 1st http probe nor the
https probe came back with a conclusive answer.
This 3rd probe is only used for trying again captive portal detection
and does not return success, so that network validation always fails if
the https probe fails.
In addition, the url reveals a captive portal is now sent to the
CaptivePortalLoginActivity so that all three probes can use different
urls.
Bug: 29367974
Change-Id: I7385fde1aa1316d94aac350af0e956cb193aa4ee
When a network goes into the background, tell netd to set the
network's permission to NETWORK. Also, close all TCP sockets on
that network, to prevent long-lived TCP connections from staying
on it and possibly continuing to use metered data.
Bug: 23113288
Change-Id: Ie89c1940b6739160e25c6e9022b8b977afb3e16e
This patch connects existing IpConnectivityLog to the new
IpConnectivityMetrics service:
- IpConnectivityLog is now an independent class that pushes events
directly to the new IpConnectivityMetrics service.
- DnsEventListenerService is moved from MetricsLoggerService to
IpConnectivityMetrics.
- this patch also features end to end tests from IpConnectivityLog to
IpConnectivityMetrics dumpsys output.
Bug: 31254800
Change-Id: I4fe4a209eedde2814d5f13c574a1a0d854bd05c9
This patch defines a new metrics service for IpConnectivity events
defined in android.net.metrics, separate from currently existing
MetricsLoggerService.
Similarly to MetricsLoggerService, the new service has an event buffer.
It also implements a dumpsys interface that can be used to flush events
and output a serialized proto.
Bug: 31254800
Change-Id: I0c3faeb4008b283f85d9ba9460371fa68956ea3b
This contains the following changes:
1. Make NETWORK_AVOID_BAD_WIFI a tristate: 0 means never avoid
bad wifi, unset means prompt the user, 1 means always avoid.
2. Look at NETWORK_AVOID_BAD_WIFI only if the carrier restricts
avoiding bad wifi (previously, we relied on the setting being
null and defaulting to the value of the config variable).
3. Add an avoidUnvalidated bit to NetworkAgentInfo to track
whether the user has requested switching away from this
unvalidated network even though avoiding bad wifi is generally
disabled. This is set to true when the user selects "switch"
in the dialog without setting the "Don't ask again" checkbox.
4. Add a hidden setAvoidUnvalidated API to ConnectivityManager to
set the avoidUnvalidated bit.
5. Additional unit test coverage.
Bug: 31075769
Change-Id: I1be60c3016c8095df3c4752330149ce638bd0ce1
Like a normal (foreground) request, a background request is only
satisfied by one network and will keep that network up. Unlike a
foreground request, when a network only has background requests,
it will linger, and after lingering is complete, it will become
a background network.
Future CLs will cause the system to treat background networks
differently, e.g., by requiring different permissions.
Bug: 23113288
Change-Id: I40f735269dad1042eb04fea15e64584fc903ccb3
The receive timeout stopped being set incorrect due to commit
c80af6d8. There is an associated CTS regression test in cts/.
Test: Ran CTS test android.net.cts.LocalSocketTest
Bug: 31205169
(cherry picked from commit a8280a5d34)
Change-Id: I28924df45abb687bcca6f4b731ed8b6f741e96da
When the mobile network is not active, querying the network
information might trigger the misleading debug messages. Added
some condition checks to prevent this.
bug: 30850733
Change-Id: Ice6d548a56f98bac7fe2ca6a06148350b505533d
The IpConnectivityLog class looks up MetricsLoggerService once only
at creation. If a IpConnectivityLog user instantiates this class too
early during the boot process, the MetricsLoggerService is not found
and no event can be recorded.
This patch makes IpConnectivityLog attempt to look up
MetricsLoggerService as long as it hasn't found it yet.
This allows IpManager and ConnectivityService to upload
android.net.metrics events.
Bug: 30490301
Change-Id: I97102b95a775ea9e90351b9887ae4661fddc2af9
Add an IPv6TetheringCoordinator to TetheringMaster StateMachine, which
receives and processes NetworkState updates and passes the necessary IPv6
information to the revelant TetherInterfaceStateMachine.
Add an IPv6TetheringInterfaceServices to TetherInterfaceStateMachine, which
is responsible for adding local network routes and managing an IPv6
RouterAdvertisementDaemon.
Bug: 9580643
Change-Id: I3eaae460b80752e2115359d7bde873a1e9ea515a
