This commit adds support for validating and filtering IPsec algorithms.
Without a public API exposing IKEv2 algorithms (and their respective
public APIs), the allowedAlgorithms can only filter the proposals for
IPsec (Child) SA algorithms.
Additionally, this removes the HMAC_SHA1 from the IKE SA's integrity
algorithm proposals due to insecurity
Bug: 153701879
Test: FrameworksNetTests passing, new tests added
Change-Id: I7e61a1612692db275b751330af5bacbf86836a8c
- Let any process with NETWORK_SETTINGS register for signal strength
wakeup.
- Allow agents registering test networks to assign them a signal
strength.
Test: NetworkAgentTest
Bug: 139268426
Change-Id: I2b4b89be3e69f4853fd6978d2c8f5c8eb4271f21
Okay so this is really not a behavior change as it converts an
NPE into an illegal argument exception, but still, that's what
should happen (and that's what the upcoming test actually tests
for).
Test: upcoming NetworkAgentTest
Bug: 139268426
Change-Id: I3e17211c03bc74426bf5e2e414ec322d73b0060b
In current design, entries with zeros are preserved after
addition/subtraction. These entries are not very useful
and lead to difficulty of verifying the result of
addition/subtraction.
However, change the behavior in the original NetworkStats
is considered risky in current stage.
Thus, this change provide a function that could remove these
empty entries in tests.
Test: atest FrameworksNetTests
Bug: 152827872
Bug: 150644692
Change-Id: I40a76935d55712b8083ee1e17e137a8a4ef5e029
VPN is considered fully routed if both IPv4 and IPv6 have
either a default route or a prohibit route.
Bug: 145332510
Test: atest FrameworksNetTests
Change-Id: I59cf48552bca98092d1212e3d718fd420add5458
* changes:
Update the NetworkProvider API for council comments
Update NetworkAgentConfig API for council comments
Update the NetworkAgent API for council comments
Clarify when
ConnectivityDiagnosticsCallback#onConnectivityReportAvailable will be
invoked. Clarify when NetworkAgentInfo#mConnectivityReport will be null
vs non-null.
Bug: 147849853
Test: atest FrameworksNetTests
Change-Id: I748bd9ded72a34d89f13bd4362d6d4da62b910b8
Administrator UIDs stored in NetworkCapabilities should be sorted. This
allows for easier equals checks and hashCode computation. Additionally,
duplicate UIDs should be prevented.
Bug: 147903575
Test: atest FrameworksNetTests
Change-Id: Ia5387ca2ce7c3fcbd04dc7fbff5266f7bcc71694
NetworkCapabilities#mAdministratorUids should be checked for equality
when combining NetworkCapabilities. Administrator UIDs should also be
included in NetworkCapabilities equals() and hashCode().
Bug: 147903575
Test: FrameworksNetTests
Change-Id: I803bdec80e27ee80d3a39844c5fb7aed584ab07d
This change updates the behavior for registering
ConnectivityDiagnosticsCallbacks. Now, after a successful register()
call, callbacks will receive cached ConnectivityReports for all
matching, permissioned networks. This allows registrants to be updated
with the network state for their networks without having to wait for the
next network validation.
Bug: 147849853
Test: atest FrameworksNetTests
Change-Id: I924ba8fdcc847f453557021591bde38602fe089c
Update ConnectivityService's check for administrator UIDs to use
ArrayUtils to check for UID inclusion. Update the NetworkCapabilities
annotation on the administrator UIDs field to clarify that it is
NonNull.
Bug: 147903575
Test: atest FrameworksNetTests
Change-Id: Id630fe9d76aacdaf038fdaa5360f0327520ee0c3
This change corrects the VpnProfile's maxMtu defaults to match that of
the Ikev2VpnProfile. 1400 is too high as a default, and Settings will
run into an issue here quite often.
Bug: 152573931
Test: FrameworksNetTests passing
Change-Id: I97ba5903b3cc1ed6a21c706ed3d78bd8ecbeee0c
This CL topic was created via:
find . -name OWNERS | xargs grep -l tobiast | xargs sed \
-i 's/tobiast/ngeoffray/g'
Plus appropriate repo start, git commit, repo upload commands:
while read proj; do croot $proj ; repo start OWNERS-tobiast-ngeoffray ; \
git commit -F ~/commit-message.txt; croot ; done \
< ~/owners-projects.txt
repo upload -t --br=OWNERS-tobiast-ngeoffray
No attempt was made to sort the files after the replacement.
Exempt-From-Owner-Approval: Both old and new owner are on this CL.
Test: Manually inspected the result.
Bug: 152399425
Change-Id: I2f100a71d399a7d4d46ea036fff564ff5c5dbda7
This puts in force some restrictions against test networks,
and in exchange relaxes the restrictions around registering
a network agent that provides a test network.
Test networks can only ever have transport TEST, and have
only a few capabilities available to them.
This is useful in particular to test CTS. See aosp/1253423
for first, basic usage of this capability.
Test: IpSecManagerTunnelTest
Test: new CTS aosp/1253423
Bug: 139268426
Change-Id: I47600e6097e8519e50ae771daa13bb6bb7640451
- InvalidPacketException, public field should be a method so
add getter to get error code.
- KeepalivePacketData, public fields should be methods so
add getter for fields.
Bug: 151322799
Test: atest FrameworksNetTests
atest FrameworksWifiTests
atest FrameworksTelephonyTests: some failure in CarrierAppUtilsTest
Copy from ag/10731108
Change-Id: Id01e6135193716cc21bba11da529bf1507a954f7
Merged-In: Id01e6135193716cc21bba11da529bf1507a954f7
In aosp/1203789, if two routes are with the same destination,
it will be replaced instead of added when calling addRoute.
This breaks scenarios which rely on the ability to add multiple
default routes, such as multiple IPv6 default routes learned
via address autoconfiguration.
This change treats the route is an update if the destination
and nexthop are the same, but different in other properties.
Test: atest OffloadControllerTest#testSetUpstreamLinkPropertiesWorking
Test: atest LinkPropertiesUtilsTest#testLinkPropertiesIdenticalEqual
Test: atest ConnectivityServiceTest#testStackedLinkProperties
Test: atest ConnectivityServiceTest#testRouteAddDeleteUpdate
(only directly related tests are listed)
Fix: 152170074
Fix: 151911339
Bug: 142892223
Change-Id: I7153ec9866f14a109ba8155c905e5d9e4f85eb64
1.) Replace maybeInitUrlConnectionFactory() with a static method
createUrlConnectionFactory(Dns) and move the logic to acquire
the lock and initialize mUrlConnectionFactory out into
openConnection. This makes it a bit clearer that the lock
is acquired during openConnection().
2.) Use @GuardedBy("mLock") rather than a human readable comment
on mUrlConnectionFactory.
3.) Make mUrlConnectionFactory non-volatile (since it's guarded by
mLock), as recommended by Narayan on the review thread for
http://r.android.com/370652
Alternatively, the field could have remained volatile
and we could have used double-checked locking to avoid
acquiring the lock in the common case.
The lock is only acquired during getSocketFactory() and
openConnection(), so it shouldn't usually be contended.
This CL is a pure refactoring that shouldn't have any observable
behavior change.
Bug: 38311512
Test: Treehugger
Exempt-From-Owner-Approval: refactoring only, owner didn't respond in time
Change-Id: I1cf6075dc7cd994657b11d6a82de3ec63235fb1e
