Do this both on input from apps (giving error) and between wifi and
ConnectivityService (ignoring bad data). This means removing all
addresses beyond the first and all routes but the first default and
the implied direct-connect routes.
We do this because the user can't monitor the others (no UI), their
support wasn't intended, they allow redirection of all traffic
without user knowledge and they allow circumvention of legacy VPNs.
This should not move forward from JB as it breaks IPv6 and K has
a more resilient VPN.
Bug:12663469
Change-Id: I0d92db7efc30a1bb3e5b8c6e5595bdb9793a16f2
Conflicts:
core/java/android/net/LinkProperties.java
services/java/com/android/server/WifiService.java
wifi/java/android/net/wifi/WifiStateMachine.java
Previously I was calling setIsConnectedToProvisioningNetwork(false) always,
but all MDST's receive every broadcast. Thus we could over write an MDST's
mNetworkInfo.mIsConnectedToProvisioningNetwork to false, unless the MDST
that was set to true was last, i.e the code was order dependent.
If the provisioning networks value was false instead of true
when handleMobileProvisioningAction was called we wouldn't invoke
mdst.enableMobileProvisioning because network info would be null.
Thus the provisioning network would never transition to CONNECTED and
a default route wouldn't get setup and the browser couldn't access the
website.
Now setIsConnectedToProvisioningNetwork is only set to false when the
apnType matches and we won't indiscriminately change it and are not
order dependent.
Bug: 10853805
Change-Id: I68a4f9bdf5dc18d90f4cdef7a60811f57be67261
I'd changed DetailedState to force ConnectivityService to treat
provisioning apn's specially. In particular so that they wouldn't
be identified they were fully connected until the provisioning
actually started. The problem is that DetailedState is a public enum
that has a CTS test and just changing the CTS to allow for the new
state (CONNECTED_TO_PROVISIONING_NETWORK) was inappropriate.
Instead I've added a new mIsConnectedToProvisioningNetwork variable
and used the DetailedState.SUSPENDED as the intermediate state.
Bug: 10620248
Change-Id: Id4a842398cad67455541ce629959351c27d83639
When a sim is new or it has expired it needs to be provisioned
with the carrier. Basically provisioning is associating a sim with
a user account. When a sim isn't provisioned then operators will
restrict access to the network and only allow certain addresses
or services to be used.
This set of changes allows two types of provisioning networks to be
recognized. The first is a network that causes all DNS lookups to be
redirected to a different address than was intended. This is exemplified
by how T-Mobile works.
The second technique uses a special apn for provisioning. An example is
AT&T where lwaactivate is the provisioning apn and broadband is the
normal apn. We first try broadband and if we are unable to connect we
try lwaactivate. When we see the activate we identify it as special and
the ApnContext.isProvisioningApn will return true.
In the future our plan is to create a new network type that can be added
to the apn list, but for now it identified by name.
Here is a list of significant changes:
- CaptivePortalTracker now only test WiFi networks instead of all networks
- checkMobileProvisioning checks for provisioning networks and doesn't
try to ping.
- IConnectivityManager.aidl changes:
* getProvisioningOrActiveNetworkInfo was added to and used by Manage
mobile plan in WirelessSettings so even when there is no active
network it will still allow provisioning. Otherwise it would report
no internet connection.
* setSignInErrorNotificationVisible is used by both
CaptiviePortalTracker and checkMobileProvisioning so they use the
same code for the notifications.
* checkMobileProvisioning was simplified to have only a timeout as
returning the result is now harder as we abort simultaneous call
otherwise we'd could get into loops because we now check every time
we connect to mobile.
- Enhanced MDST to handle the provisioning network.
- Added CONNECTED_TO_PROVISIONING_NETWORK to NetworkInfo to make a new
state so we don't announce to the world we're connected.
- TelephonyIntents.ACTION_DATA_CONNECTION_CONNECTED_TO_PROVISIONING_APN
is sent by the low level data connection code to notify Connectivity
Service that a provisioning apn has connected. This allows CS to
handle the connection differently than a normal connection.
Bug: 10328264
Change-Id: I3925004011bb1243793c4c1b963d923dc2b00cb5
When the system becomes loaded the PhoneApp can be delayed
significantly and a call to setEnableFailFastMobileData may not
occur because the channel between the MobileDataStateTracker (MDST)
and DcTracker (DCT) is not connected.
Solution: Add a isReady to MDST and isMobileDataStateTrackerReady to
ConnectivityService and call it from isMobileOk.
Bug: 10351868
Change-Id: I92f9d58121b88186b636cd71c2fd2ef9a28f7cf6
Instead of local instance of the default HostnameVerifier, use it
directly from HttpsURLConnection. This avoids class preloading creating
an instance of it before it's necessary.
(cherry picked from commit 928ee1e48f)
Bug: 9984058
Change-Id: I79d8a934bfc390e4cd503fd592e21bc4e5446a7d
When captive portal checking completes pass back the result.
This is used to enable/disable failing fast for mobile. When
failing fast is enabled we don't check for data stalls and thus
won't be continually trying to do recovery operations, such as
restarting the radio.
Bug: 9462512
Change-Id: I0dea0eee519f8ee7f94e79d40e82c18f30d7fe2e
On a AT&T warm SIM a socket is not possible so a timeout occurs.
In CheckMp a timing out on a socket is declared as a "warm" sim,
make CaptivePortalTracker the same.
Bug: 10038362
Change-Id: Icb9fb0a1b67704dc9adf6a6348a3781fb9582a89
After detecting there is a captive portal the url used in the
notification for mobile networks should be updateable via gservices.
These urls will be the same as used by CheckMp and is needed for
carriers that have specific provisioning urls such as AT&T and Verizon.
Bug: 9622647
Change-Id: Idcf4dabc72ece1dbbe1d5e5a21e550dd06fe16c7
When encountering corrupt stats, throw as IOException to allow
recovery at a higher level.
Bug: 9794832
Change-Id: I38d000b3bd8a4c99389c40a87ee0699efb6e9049
The NsdManager init was thinking it was done before the AsyncChannel
was fully setup and if the setup were slow and the app fast, the app
could make calls to the NsdManager that it wasn't ready for.
bug:8545006
Change-Id: I2cb2a7c0a1c7f3d2b81ac0f66d37346e6d2d720d
VPN used to just watch the interface, but that is insufficient. There
is no promise that the interface will go down when we're done with it.
Now that wifi stays on in scan-only mode despite user turning it off
it seems that the interface is left up, even in AP mode.
Now listening for ConnectivityService broadcast that the network we were on
has disconnected and tearing down the VPN then or when the interface
goes away.
bug:8550083
Change-Id: Icf414497bc55bead69de04e91f39f90ac2e6578a
Fixes issues brought in by change to isHostRoute. isHostRoute
was technically correct, but the callers really wanted hasNextHop
behavior.
bug:8597268
Change-Id: I360761ccfa98b2ba34642f717a78fa71ec1bae4f
The Global http proxy shouldn't be used by apps, but can be useful in certain
conditions.
bug:8264794
bug:8557674
Change-Id: Ia3cbe542e448d9e74d0492626a13e9fd34ad797a
Check for file:// Uris inside Intents, ClipData, Notifications and
RemoteViews when StrictMode option is enabled.
Also introduces Intent.prepareToLeaveProcess() to uniformly handle
Intents about to leave an app process.
Bug: 8529070
Change-Id: I8efb43877cbc5f21eb029fc6492b3ee1415059ef
LinkProperties's equals() method was broken by the addition of
stacked interfaces. The reason was that equals() was checking
the equality of mStackedInterfaces.keys(), which is just an
enumeration, instead of mStackedInterfaces.keySet(), which
actually contains the keys. The test was failing, but I didn't
notice.
Fix the bug and make the test check the objects more in depth
so it can give more detailed error messages when equals() fails.
Bug: 8276725
Change-Id: Ie990bd75f641c28e63e54d953dcd0f4de13f7c9f
Allows the external BT stack the means to communicate with
ConnectivityService during reverse tethering.
bug:8445208
Change-Id: Ice7dfb0b50c9481d359aed14a51372878185171c
Currently, isHostRoute returns true iff the gateway address is
the unspecified address (0.0.0.0 or ::). Thus, it will return
true for any route that has no gateway (e.g., a route pointing at
a point-to-point interface), even if the route is not a host
route.
Fix this by checking the prefix length instead. This should be
safe because:
1. mDestination cannot be null, since it's created using new.
2. Host routes created using makeHostRoute (which is what
ConnectivityService calls) always have the correct prefix
lengths (/32 or /128) set.
Bug: 8276725
Change-Id: I14285398823fa6c312349128c7cc216cad4a84c9
This is to accept both the "transparent" and "opaque" ECC private
keys. "Transparent" keys provide structured access to their key
material -- these are instances of ECPrivateKey. "Opaque" private
keys are not required to provide structured (or even any) access to
their key material -- these are instances of PrivateKey.
Change-Id: Ib22e18b45b638b429f994ed965416c753226c4ee
- Add the interface name.
- Fix a bug where a default route would match an address of
another protocol (e.g., 0.0.0.0/0 would match 2001::).
- Tweak the hashCode method.
- Write a unit test.
Change-Id: Ida8266de440a9b1d9eaa132f182b9f1ce8978c44
