* changes:
Revert "[NS D05] Rework how to tear down networks"
Revert "[NS D06] Implement more policies"
Revert "[NS D07] Use the unmodified legacy score"
Revert submission 10338939
Reason for revert: The feature was punted out of R.
Reverted Changes:
I32c12702c:[NS D04] Implement a simple speed comparison betwe...
I688593cc0:[NS D03] Migrate the bad wifi avoidance policy
Change-Id: I640635a1ed94bed3b53466abe2a988caf0eca2b0
Revert submission 10343065
Reason for revert: This is part of a feature that was punted out of R.
Reverted Changes:
Ic9a3d3363:[NS D05] Rework how to tear down networks
I7d815f873:[NS D06] Implement more policies
I561098476:[NS D07] Use the unmodified legacy score
Change-Id: I378449443f99eb0a7f01f31f53398b8f55ce87f1
Revert submission 10343065
Reason for revert: This is part of a feature that was punted out of R.
Reverted Changes:
Ic9a3d3363:[NS D05] Rework how to tear down networks
I7d815f873:[NS D06] Implement more policies
I561098476:[NS D07] Use the unmodified legacy score
Change-Id: I184817e3aa290afdbe6721a7c36332b940434d3a
Ranking used to make use of the various adjustments in
ConnectivityService. These are now implemented in policy.
Test: ConnectivityServiceTest
Change-Id: I56109847678ea5cda1752511123ba652c0f4fe36
Namely :
• Explicitly selected policy
• VPN policy
• Validated policy
These go together to avoid breaking any test, because multiple
tests rely on all of these working.
Test: ConnectivityServiceTest
Change-Id: I7d815f87320c2becbfc93a60a3c54346ff4f47c9
This commit allows the startLegacyVpn() call to start Platform VPN
profiles, allowing Settings to use the IKEv2/IPsec VPN options
When using an aliased private key, the
Ikev2VpnProfile.KEYSTORE_ALIAS_PREFIX must be prepended to the front of
the alias. This will in turn result in the fromVpnProfile() function to
pull the key from the KeyStore, as opposed to the inline-key that the
VpnManager API uses.
Bug: 148991741
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested
Change-Id: Icbca695c353b2e12e99305676404dbf1a4495949
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
Merged-In: I5eda88e5b406a0e425eb7424665cf702e0979324
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
This CL adds checks to ensure restricted users cannot change or
start/stop platform VPNs. In addition, this also adds checks to the
ConnectivityManager#getConnectionOwnerUid() to ensure that only
VpnService based VPNs can identify connections
Bug: 148040659
Test: FrameworksNetTests run
Change-Id: Id47ada5766036bfc84f3ba47f66f2d2683af916d
This change adds a new VPN user consent flow (using the same text) for
granting the lesser OP_ACTIVATE_PLATFORM_VPN. A new
PlatformVpnConfirmDialog is created as a subclass to preserve all logic,
but ensure the right appop is granted for the relevant dialog.
Intent extras were considered, but are inherently unsafe, since the
caller may add any extras that they would want.
Bug: 144246835
Test: FrameworksNetTests passing
Change-Id: Ia6f36207d43c3748f938430c2780dcf29e5623f3
Merged-In: Ia6f36207d43c3748f938430c2780dcf29e5623f3
This change adds a new VPN user consent flow (using the same text) for
granting the lesser OP_ACTIVATE_PLATFORM_VPN. A new
PlatformVpnConfirmDialog is created as a subclass to preserve all logic,
but ensure the right appop is granted for the relevant dialog.
Intent extras were considered, but are inherently unsafe, since the
caller may add any extras that they would want.
Bug: 144246835
Test: FrameworksNetTests passing
Change-Id: Ia6f36207d43c3748f938430c2780dcf29e5623f3
This change adds stubs for the Platform built-in VPNs, along with
implementing some basic permissions checks.
Bug: 144246837
Test: FrameworksNetTests passing, new tests added
Change-Id: I68d2293fc1468544f0d9f64d02ea7e1c80c8d18c
Currently, only support the three elements in the config that are
known to be used.
Bug: 138306002
Test: builds, boots
Test: atest FrameworksTelephonyTests
Change-Id: I1d231ec2ddcff97c039bcbc815a39c1d3e26c410
Merged-In: I1d231ec2ddcff97c039bcbc815a39c1d3e26c410
NetworkMisc is not really an appropriate name for a system API.
Bug: 138306002
Test: builds, boots, wifi works, telephony works
Test: atest FrameworksNetTests FrameworksWifiTests FrameworksTelephonyTests
Change-Id: I621cfbe165996c67b201ca2dd2f95a5ab9af10ee
Merged-In: I621cfbe165996c67b201ca2dd2f95a5ab9af10ee
StringNetworkSpecifier is widely used to specify subscription id for
the NetworkRequest. The raw string field introduce ambiguity and leave
large space for bugs. With TelephonyNetworkSpecifer, we are able to
settle down the type and value of the fields (although currently only
one) and introduce validation to detect the bug in the beginning.
Bug: 145993724
Test: atest FrameworksNetTests FrameworksTelephonyTests &
make offline-sdk-docs
Change-Id: Iefbad9b1deb3de2c0b262d9ce5ae0704a50d08a6
Currently, only support the three elements in the config that are
known to be used.
Bug: 138306002
Test: builds, boots
Test: atest FrameworksTelephonyTests
Change-Id: I1d231ec2ddcff97c039bcbc815a39c1d3e26c410
NetworkMisc is not really an appropriate name for a system API.
Bug: 138306002
Test: builds, boots, wifi works, telephony works
Test: atest FrameworksNetTests FrameworksWifiTests FrameworksTelephonyTests
Change-Id: I621cfbe165996c67b201ca2dd2f95a5ab9af10ee
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
Merged-In: I8f2dd1cd0609056494eaf612d39820e273ae093f
* changes:
[Tether10]Remove UserManagerInternal usage in Tethering
[Tether07] Migrate Tethering into module
[Tether07] Clean up build rule for libtetheroffloadjni
Now tethering would be run in dedicated service.
TetheringManager is the interface used to communicate with
TetheringService. The new call flow would be: ConnectivityManager
-> ConnectivityService -> TetheringManager -> TetheringService.
Note: the return value of #tether(), #untether() and #setUsbTethering()
APIs would always be no error. Client can use #getLastTetherError()
or #getTetheredIfaces or listen tether state change to check
status of corresponding interface.
Bug: 136040414
Bug: 144742179
Test: -build, flash, boot
-atest TetheringTests
-atest FrameworksNetTests
Change-Id: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
Merged-In: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
Now tethering would be run in dedicated service.
TetheringManager is the interface used to communicate with
TetheringService. The new call flow would be: ConnectivityManager
-> ConnectivityService -> TetheringManager -> TetheringService.
Note: the return value of #tether(), #untether() and #setUsbTethering()
APIs would always be no error. Client can use #getLastTetherError()
or #getTetheredIfaces or listen tether state change to check
status of corresponding interface.
Bug: 136040414
Bug: 144742179
Test: -build, flash, boot
-atest TetheringTests
-atest FrameworksNetTests
Change-Id: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.
Bug: 135897744
Test: atest FrameworksNetTests
Change-Id: I3500a03ce06b5b822311ad0c67b606ce4039216a
NetworkNotificationManager will only get the first transport
type from the NetworkCapabilities of network, and if the device
connects to a VPN and its underlying network is wifi, then the
first finding transport type will be TRANSPORT_WIFI. So, if the
private DNS is broken when device connected to VPN,
NetworkNotificationManager will try to get the SSID for the
title of notification but failed. For this kind of case, the
title of PRIVATE_DNS_BROKEN notification will show
"null has no internet access".
Bug: 143340533
Test: 1. Build pass.
2. Connect to VPN and let private DNS to be broken, check
title of PRIVATE_DNS_BROKEN notification.
3. atest FrameworksNetTests
Change-Id: I1ed018cc8774d4fce4b94854f8e8703a28818463
It's the first patch for refounding network selection. The new
network selection will try to compare the networks by more
factors, and will try to choose the best network after doing
the evaluation of trade-off.
Create the object that will serve to represent network quality
for more comprehensive ranking.
Bug: 143676287
Test: 1. Build pass.
2. atest FrameworksNetTests
Change-Id: I4b6071d14365aa84d06be9802516fedf527e70f7
