The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug: 71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
This change makes sure tunnel mode transforms are properly activated
upon construction, and corrects bugs with how policy selectors were being
generated for tunnel mode policies. Specifically, the source/destination could
not be empty strings, even for cases where an empty selector was desired.
Bug: 72457770
Test: GTS tests run
Change-Id: I9a9f64c34b07883a02a5c996614f958486d214fc
The current implementation of getMobileRxBytes and all the similiar
method adds up the return values for multiple calls to getRxBytes so if
all of them return UNSUPPORTED for any reason, getMobileRxBytes() would
return a value such as -3. This behavior is not compliance with the cts
TrafficStatsTest which always assume getMobileRxBytes to return a
non-negetive value. The method now will check tha stats get from
getRxBytes method and add them up only if the stats is valid.
Bug: 72473294
Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Change-Id: I656970ebc8f6506cf17c4353ad46c0178bb65cfd
KeepalivePacketData currently mixes multiple concepts: the
list of parameters that are used to generate a keepalive
packet, the keepalive packet itself, and the parameters that
are needed to send a keepalive packet over an ethernet link.
The KeepalivePacketData is now a parcelable that can be used
generically by any NetworkAgent, regardless of how that Agent
fulfills its duty to initiate and maintain a keepalive session.
Bug: 69063212
Test: verified with SL4A, additional tests pending
Merged-In: I23dc4827ae729583356a8ff0f02e39a2ad2b81f5
Change-Id: I23dc4827ae729583356a8ff0f02e39a2ad2b81f5
(cherry picked from commit 26deacfbe7)
Due to an issue resolving the boot classpath, the
KeepalivePacketData structure cannot be referenced
by frameworks/opt/telephony while it is in services.
-Move KeepalivePacketData to android.net
-Also, relocate IpUtils without changing the package
name.
Bug: 38350389
Test: compilation
Merged-In: If5fc63e9ad8b9b2d4c2fee47ff4bab2ab190a05a
Change-Id: If5fc63e9ad8b9b2d4c2fee47ff4bab2ab190a05a
(cherry picked from commit 41002e3080)
mUids is not marshalled correctly when null so if the
NetworkAgent runs in another process and is not a VPN then
the system will see its allowed Uids as being the empty
list (= nobody can use this network) instead of a null
list (= everybody can use this network). This breaks
emulator networking.
Bug: 72436966
Test: runtests frameworks-net
Test: also manual testing, this does fix emulator networking
and seems not to break phone networking
Cherry-pick of : Id2bbf3808e80b19cd055c832c11cf72372710942
Change-Id: I4b88d5eccbdea745a947d12635cd751e38632589
mUids is not marshalled correctly when null so if the
NetworkAgent runs in another process and is not a VPN then
the system will see its allowed Uids as being the empty
list (= nobody can use this network) instead of a null
list (= everybody can use this network). This breaks
emulator networking.
Bug: 72436966
Test: runtests frameworks-net
Test: also manual testing, this does fix emulator networking
and seems not to break phone networking
Change-Id: Id2bbf3808e80b19cd055c832c11cf72372710942
This patch implements the new INetdEventListener.onTcpSocketStatsEvent
callback added in INetdEventListener.
For the time being, tcp socket stats are tracked inside TcpMetrics only
for dumpsys printing and bug report integration as a first step.
Bug: 64147860
Test: manually tested, watching output of
$ adb shell dumpsys connmetrics
Change-Id: I10ab24c6da4bb654d9198a4d8d00ccdc972cc0d5
The lifecycle of Keepalive offloading is, unfortunately
different from that of an IpSecTransform. Because starting
a keepalive is fundamentally asynchronous, and isn't valid
until after a transform exists, it will now be a separate
optional procedure that may succeed or fail. It remains
linked with a Transform by the need for a Transform to exist
in order to initiate a Keepalive.
Bug: 38350389
Test: compilation
Change-Id: Ia76fccee41f86d694dff436043293d0c0762c041
KeepalivePacketData currently mixes multiple concepts: the
list of parameters that are used to generate a keepalive
packet, the keepalive packet itself, and the parameters that
are needed to send a keepalive packet over an ethernet link.
The KeepalivePacketData is now a parcelable that can be used
generically by any NetworkAgent, regardless of how that Agent
fulfills its duty to initiate and maintain a keepalive session.
Bug: 69063212
Test: verified with SL4A, additional tests pending
Change-Id: I23dc4827ae729583356a8ff0f02e39a2ad2b81f5
Due to an issue resolving the boot classpath, the
KeepalivePacketData structure cannot be referenced
by frameworks/opt/telephony while it is in services.
-Move KeepalivePacketData to android.net
-Also, relocate IpUtils without changing the package
name.
Bug: 38350389
Test: compilation
Change-Id: If5fc63e9ad8b9b2d4c2fee47ff4bab2ab190a05a
(cherry picked from commit bd4093be7cab51d6ad031854324134a9c8637c2c)
This change adds one KernelResourceRecord type (TunnelInterfaceRecord),
and adds methods for the creation of TunnelInterfaces, as well as the
application of Transforms to the given TunnelInterfaces
As part of the generation of ikeys/okeys, a ReserveKeyTracker manages a
java bitset to avoid collisions and reserve/release keys.
Bug: 63588681
Test: Compiles, CTS, unit tests all pass on AOSP_marlin
Change-Id: I9e9b6455e27073acd4491eae666aa966b3b10e0f
Test: this is the exact code these changes were meant to give
without conflict had the auto-merger not squashed them
together before it tried to merge them. It was tested on
master in this state.
Change-Id: I5cbde17fb6016e5e6b5d0b04c8f41858d708ef4a
* changes:
Let network requests see VPNs.
Move constants into a new file.
Make sure listen requests from VPN apps see their own networks
Add a test for new UID checking code.
Remove UID_RANGES_ADDED and REMOVED.
Move VPN allowed UIDs into NetworkCapabilities.
Pre-import to remove a conflict.
Simple change to expose systemAPI for applyTunnelModeTransform
Bug: 36033193
Test: All CTS, unit tests passing
Change-Id: I2d857c048bc0dc80c3949387f946b1f5adf0527e
