And also remove some small code duplication (checkNotNull).
Test: built, flashed, runtest frameworks-net
Change-Id: Id6c13bca9d12f70b88806032e0a4fa198efbedc6
Symptom:
AppOps verified the incorrect package of calling tether state
changing API.
It threw SecurityException by mistake.
Solution:
Pass the correct package name to enforceTetherChangePermission.
Bug: 32931147
Change-Id: Ia1167f26f556678b189a24a4a716f1a7e5cb12eb
These methods do not currently work for IPv4 sockets,
so they need to be hidden until the underlying kernel
code can be made to work properly in a dual-stack
environment.
Bug: 36073210
Test: compilation
Change-Id: Idce367f638a42da374a7f1dc5ebb8931c9555e06
This patch changes how callback unregistration works in order to be
consistent with undocumented use cases currently de-facto supported
by the API (although in a buggy way):
- callback recycling: releasing then reregistering a callback again.
- multiple request registrations with the same callback.
The second use case is not desirable but needs to be taken into account
for now for the purpose of correctly releasing NetworkRequests
registered in ConnectivityService.
In order to support request release in both use cases with minimal
amount of complexity for the time being the following changes are done:
- request to callback unmapping is done synchronously at callback
release time.
- all requests associated to a callback are unmapped at callback
release time.
This fixes the following issues:
- a callback stops being triggered as soon as it is released.
Otherwise when recycling the callback immediately, it is possible
the previous request associated with it triggers it, confusing the
app.
- when a callback is registered multiple times, the requests are not
leaked.
- when a callback is registered multiple times and then released, the
N-1 first registrations do not trigger the callback anymore.
In the future it would be desirable to enforce the intended 1:1 mapping
between callbacks and requests at registration time.
Bug: 35921499, 35955593, 20701525
Test: - added new tests in ConnectivityManagerTest to test releasing,
recycling, and a disabled test for no multiple regristration.
- new tests catch regression causing b/35921499, b/35955593.
Change-Id: Ia0917ac322fc049f76adb4743bc745989fed6d26
Because there is no way using the Java sockets API to actually
get a socket of AF_INET on mode machines, it is necessary to
provide a way to apply transforms to sockets made using the
native wrapper API, which uses POSIX APIs and will create a
socket that is AF_INET.
Bug: 36073210
Test: b/34811227
Change-Id: I28ac7cc4f36045ce523a54111e5be975b0331356
-Add a reserveSecurityParamterIndex() function that allows the
system to select an SPI.
-Disallow INVALID_SECURITY_PARAMETER_INDEX from being passed as
an explicit SPI request.
-Remove the ALGO_ prefix from constants in IpSecAlgorithm
Bug: 36073210
Test: Updated CTS tests still pass on bullhead
Change-Id: Ic94809996076b0718f153f550b82192fe7048a2e
This allows an application that knows how to provide seamless
network connectivity (e.g., using QUIC multipath) to find out if
doing so is desired.
(cherry picked from commit 2de4925f5c)
Test: builds, boots, runtest frameworks-net passes.
Bug: 34630278
Change-Id: Ic7fd0b9e1cd879fdfaf84009d7125391895e9087
API visibility change: unhide allowing NetworkSpecifier
to be an arbitrary object.
Bug: 27533960
Bug: 36053921
Bug: 36275276
Test: builds and runs
Change-Id: I1d1705cca7ece077ef8d7c674c62d5369fedbb03
This patch adds basic logging to NsdManager and NsdService, and improves
the facilities for pretty printing the event ids defined in NsdManager.
It also includes a few minor cleanups:
- adding 'final' on effectively final instance variables of NsdManager
and NsdService.
- similarly, adding 'static' on effectively static class fields.
- regrouping instance variables together.
Test: no functional changes
Bug: 33074219
Change-Id: I360d539e73cc8e4b45d4e0d20b2e345455fdb10c
-Plumb IpSecManager APIs to NetD
-Add Resource Management to IpSecService
Bug: 33695893
Test: CTS verifies nearly all of these paths
Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920
-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 34811227
Test: Service boots (and dumpsys works), more via b/34811227
Merged-In: I4cdcb643421141202f77a0e2f87a37012de0cd92
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
Test: as follows
- built (bullhead)
- flashed
- booted
- runtest frameworks-net passes
- manual USB tethering toggling between WiFi and mobile
Bug: 32163131
Change-Id: I57edf5114b6361f320577c7870e40f8b3cdf74ce
The state that needs to be transferred includes:
- NetworkCapabilities
- LinkProperties
- whether the network is currently suspended
Additionally:
- Rename notifyNetworkCallback() to notifyNetworkAvailable()
in order to clarify its real function.
- fix previous copy/paste error in unittest
Test: as follows
- built (bullhead)
- flashed
- booted
- runtest frameworks-net passes
- USB tethering with mobile and Wi-Fi upstream toggling
Bug: 32163131
Change-Id: Ib4460bcd5d08863a9feac9e8ab41a238897bb3ea
Add (unhide) a public API which provides network requests with a
timeout. When timed-out the (newly unhidden) onUnavailable() callback
is triggered.
Note: this CL does not add a handler to the API to be consistent
with the existing APIs. There is a separate effort (b/32130437)
to update these APIs with Handlers.
Bug: 31399536
Test: unit tests and CTS (new)
Change-Id: I45ce9ada63372cb56937bb620bfbb7729e5e25d2
This CL adds an API to set up an IPSec Security Association
and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation
of IP Packets.
Bug: 30984788
Bug: 34811752
Test: 34812052, 34811227
Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a
This patch adds overloaded version of registerDefaultNetworkCallback
registerNetworkCallback, and requestNetwork with an additional Handler
argument that is used for running the caller provided NetworkCallback.
It also clarifies the documentation of the existing methods that
implicitly uses the internal singleton ConnectivityThread about which
internal Handler is used for running NetworkCallbacks.
Test: build, flashed, booted device
Bug: 32130437
Change-Id: Iae15f81e47e2dc0355baf2f2c1679b77e56af299
