* changes:
WifiManager: Network request match callback registration
wifi(API): NetworkSpecifier for Wifi NetworkAgent
wifi(API): Mark old API's deprecated
wifi(API): New API surface for network suggestion
wifi(API): New API surface for connection via NetworkRequest
Some native daemons legacy design work with SYSTEM_UID. If none of
SYSTEM_UID apps declare the restricted network permission, it will
result in permission denial in daemons. Allow SYSTEM_UID in the
devices shipped before Q to support backward compatibility.
Bug:114245686
Test: 1. runtest frameworks-net
2. atest FrameworksNetTests
3. Native daemons with SYSTEM_UID can work normally
Change-Id: I6f3f0d83bcae74ef5389535b528af3baf649fa48
Create an @hide NetworkSpecifier to use by the Wifi NetworkAgent. This
will be used by connectivity service to match the incoming
NetworkRequest (with WifiNetworkSpecifier) with the NetworkAgent we
created to serve that request.
The WifiNetworkAgentSpecifier will hold the current connected wifi
network configuration which will be used to pattern match the
WifiNetworkSpecifier from NetworkRequest's.
Also, added a @hide helper method in MacAddress to help with matching
bssid pattern.
Bug: 113878056
Test: Unit tests
Change-Id: I9a643f0b914d48ff64104c798ec2869db40cb24b
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Currently, if VPN lockdown is disabled, the blocking judgement
inside VPN will return false immediately. It will make
ConnectivityService hard to check blocked status by a given
VPN lockdown status.
Thus, move this check into ConnectivityService and check it
externally.
Bug: 117814902
Test: 1. manual test with 3rd-party vpn app
2. runtest frameworks-net
Change-Id: Ia8319b1a1a12f1058c24badf2431f2ec69bc78e7
Use stable aidl generated structure instead of UidRange
Test: runtest frameworks-net passes
Test: manual testing of UidRange related function works
Change-Id: Iaf1c10777dc1e71df2be2a57533a10257b12626b
onBlockedStatusChanged is intruduced for network blocked status.
The changes in this patch are:
- Test onBlockedStatusChanged which tells apps whether the
network is blocked.
- Fixed the tests which is affected by the order changed in
onAvailable.
Test: as follows
- runtest frameworks-net
- runtest -x NetworkPolicyManagerServiceTest.java
Bug: 74575553
Change-Id: I383c037ed895ef69c478dc3cff69fb1e27c42845
This commit checks if UDP-encapsulation is used
for unsupported address family and throws
IllegalArgumentException when it happens.
Bug: 74213459
Test: Tests added in testCreateTransportModeTransformWithEncap
and testCreateTunnelModeTransformWithEncap.
Command: runtest frameworks-net
Verified on taimen.
Change-Id: I10c01f2bad6aca23430849ea9ef6c1eb157ae131
This will improve the user experience on Android TV devices,
see bug for details.
In addition when connecting adb to the device by ethernet
for cts, wifi will not connect, causing lots of tests to fail.
For example:
[CTS7.1]android.net.wifi.cts.WifiInfoTest#testWifiInfoProperties
[CTS7.1]android.net.cts.ConnectivityManagerTest#testConnectivityChanged_
manifestRequestOnlyPreN_shouldReceiveIntent
Use command:settings to put global wifi_data_always_on 1 to enable it.
Bug: 26102779
Test: Manual, CTS.
Change-Id: I711d93061a6bc7164d98a858912f781e1b967406
The hostname option is only sent when requested in the requested
parameters option. This matches current behavior.
Test: with aosp/763982, regression tests now all pass
atest FrameworksNetTest
Bug: b/109584964
Change-Id: I793173fa893750ddbe72be09f4c2d70e5b285837
Idle timer rule is not cleared as expected if there is a
default network replacement.
Bug:37080406
Test: 1.run frameworks-net
2.check iptables rule with default network replacement
Change-Id: I6bd29d79e4ca3e8de4b867c4fcb5f81d02ba6de4
FakeSettingsProvider requires this method to be called before and after
use. Without this, the settings value or content provider may be cached
statically, so the test will be affected by code accessing settings
before it is run.
Bug: b/116668105
Test: atest FrameworksNetTests
Change-Id: I1480f3f3bbb17791752582a70327bb5c7c348d7c
Run most tests with TETHER_ENABLE_LEGACY_DHCP_SERVER set to 0 (will be
the default value). Add one test to verify that the new server is not
started when TETHER_ENABLE_LEGACY_DHCP_SERVER is 1.
Bug: b/109584964
Test: atest FrameworksNetTests
Change-Id: I288ba1f434918e62ff29f7ace00856108c9730f7
Some DhcpServer error code paths could cause a NPE, when the logError
callback was called without an exception. Allowing SharedLog#e to be
called with a null Throwable is less error-prone.
Bug: b/109584964
Test: atest FrameworksNetTests
Change-Id: Idbcdd330a9d1951b27aaf525aaf12e52e102872c
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
Rename TetherInterfaceStateMachine to IpServer. IControlsTethering
is folded into IpServer.Callback and some of the dependencies in
TetheringDependencies are moved into IpServer.Dependencies.
Several things still need fixing, including:
- convert message passing into method calls
- the calls that enable forwarding should be moved up out of
IpServer into the Tethering layer above it
Test: as follows
- built, flashed, booted
- runtest frameworks-net passes
Change-Id: I015f800ed23c8aa5c8c81a74d7b508abfcaab659
This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
This matches previous behavior, and there could be situations where
another server on the network would be configured to reply to such
requests, so not replying is better than sending NAKs as done now.
Also refactoring requests in DhcpLeaseRepositoryTest and replacing some
INETADDR_UNSPEC usages for giaddr with INET4_ANY (giaddr is a BOOTP
field and can't be unspecified, only empty).
Test: Following DhcpServerTest.py regression tests pass:
test_request_selecting_giaddr_outside_subnet
test_discover_requestaddress_giaddr_outside_subnet
test_discover_knownaddress_giaddr_outside_subnet
test_discover_giaddr_outside_subnet
Also: atest FrameworksNetTests passes
Change-Id: I4decffccfc64d5e0e29c9ce1cf1446644fcf8190
Add Android metered option, rebinding time option (T2), and match
current order of options. Current DHCP server uses subnet_mask,
broadcast_address, router, name_server in this order.
Test: DhcpServerTest.py:test_discover_paramrequestlist passes
atest FrameworksNetTests passes
Bug: b/109584964
Change-Id: I58f904d5fac306f704c16234fd69c2440fe0803d
Not all preinstalled apps should have access to background
networks or restricted networks. But we give them all network
access permissions currently, it's not a good design. So we
shall limit preinstalled apps permissions, they should just
request the appropriate permission for their use case from
the network permissions.
Bug:19610688
Test: runtest frameworks-net
Change-Id: I184ae3197208c979847ca134c8f01b32528badf1
The newer implementation is disabled by default with this CL. Ultimately
the intention is to enable it by default.
Bug: b/109584964
Test: set tether_enable_legacy_dhcp_server to 0, ran DhcpServerTest.py,
observed new behavior. Added tests in CL also pass.
Change-Id: I0f830b9804b8956c127057e66ab75a21ca29dc57
This differs from previous behavior where dnsmasq would reply to port 68
if the client had no configured address (ciaddr empty in request), or
send replies to the client port if the request ciaddr matched the
assigned lease.
Not all DHCP servers preserve this behavior, and there is no good known
use-case for it. Not replying to such packets is less error-prone and
closer to the standard.
Bug: b/109584964
Test: Added test in DhcpServerTest.py passes
Change-Id: I88d467336cc4f4e4c9498c3787ec22fdef5e1cdd
Use the Private DNS bypass logic that was moved into Network.
Once all callers of ResolvUtil are updated to use this interface
ResolvUtil can be deleted.
Test: as follows
- built, flashed, booted
- runtest frameworks-net passes
- connection to captive portal network detects portal correctly
and the login activity functions as expected
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 78548486
Change-Id: If11ef2b5ffdc729f8449cf18dccd5f1eccbc51e6
This first version can serve discover/request/release, although there
are some small behavior changes with current implementation which will
be addressed later.
Also removes final modifiers on start() and stop() in FdEventsReader, to
allow mocking the methods in tests with the current mockito lib.
Test: Added tests pass, manual: flashed a device using the server
Change-Id: I025366ff7d51c4ba31152af50f3dd2b5e280a54d
In common use-cases, only one gateway or DNS server may be set, so the
added methods make it easier for clients to build the parameters.
Bug: b/109584964
Test: runtest --no-hidden-api-checks frameworks-net
Change-Id: Ib54bc60a54ad4ef0605baea62d87b9f14caf8aa7
Those parameters will be used to start DhcpServer or update its
configuration.
Test: runtest DhcpServingParamsTest.java
Bug: b/109584964
Change-Id: Id8d3dcf62d66dcb02accffa8d8500e30f07af452
