Add a check that callers with UID 1000 always have the same PID. This is
a proxy for checking that no system is designed to bind to the network
stack unless it is the system_server, as otherwise either the
system_server would start crashing, or that system would not have access
to binder calls.
Also remove access from PHONE_UID as it is not being used.
Test: Flashed, WiFi working, Bluetooth reverse tethering shows no
permission issue.
Bug: 133209255
Change-Id: Ib848aaaedfd599c1d4437378846c7dda74352019
Bug: 128499160
Test: new test in this patch
Change-Id: I6ccdc801e3888a61b22272c8ce9480f45fa26df2
(cherry picked from commit 3074f10b41)
Merged-In: I10b5c5cd85fcb76924ba96c8c379be677774705d
WTF will happen in RegularMaintenanceJobService due to
scheduling job and starting maintenance job are in different
processes. In AGO project, scheduling job use inprocess process.
But starting maintenance job use networkstack process. So
IpmemoryService objcet will be null when trying to do the
maintenance job.
Bug: 132763800
Test: Verify on both AGO and non-AGO projects that WFT will not
happen.
Test: atest NetworkStackTests
Change-Id: I545fc8384ef7b3d97edf2270fa033d8afac2669c
Merged-In: If7f61a8b5ddc8cdd25928cd35afa7fece2c8dde5
Merged-In: I8043c405b3c78d8dd1e71ec584d7a2fdaa2fd989
Merged-In: I545fc8384ef7b3d97edf2270fa033d8afac2669c
(cherry picked from commit 20abd7d4e6)
This is a follow-up commit for aosp/955431 to update commets
and minor updates in unit test.
Test: atest com.android.server.ConnectivityServiceTest#testCaptivePortalOnPartialConnectivity
Bug: 130683832
Change-Id: I581eae8daeddd2c4c186e7b40e27fef2aaa7ab43
Merged-In: I9087ef791b3fee5399ba8e83ef9d8a544845a4dd
Merged-In: I4424663292c5ad29eb7a888fa6975835721a5d2e
(cherry picked from commit 3d3a9fff7b)
Once a network is determined to have partial connectivity, it
cannot go back to full connectivity without a disconnect. This
is because NetworkMonitor can only communicate either
PARTIAL_CONNECTIVITY or VALID, but not both. Thus, multiple
validation results allow ConnectivityService to know the real
network status.
Bug: 129662877
Bug: 130683832
Test: atest FrameworksNetTests
Test: atest NetworkStackTests
Test: atest --generate-new-metrics 50
NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Test: Simulate partial connectvitiy
Change-Id: I406c9368617c03a2dd3ab15fb1f6dbf539d7c714
Merged-In: I243db4c406cca826e803c8035268bc0c6e6e01e2
(cherry picked from commit 4532abd4d2)
Our stable AIDL interfaces need to use versioned build targets,
otherwise getVersion will always return 0, which makes it
impossible to support different components at different versions.
List generated with:
find . -name Android.bp -exec egrep \
-H "(netd|dnsresolver|ipmemorystore|networkstack).aidl.interface(s?)-(java|cpp)" {} \; \
| grep -v oemnetd | grep -v tests/
Test: m
Bug: 133124190
(cherry-pick from aosp/968011)
Merged-In: Idf49e840263ef32b9ee4fafa6718d4f893ea7c87
(cherry picked from commit 433f7c4178)
Change-Id: I77e2291b52fda24ee01e1b22ddafe4fe7368959e
Track a set of versions instead of just the latest seen version, and
print versions in the standard dumpsys network_stack as well.
Also add version tracking for the netd aidl interface.
Test: Flashed, dumpsys network_stack and dumpsys network_stack version
Bug: 133124190
Change-Id: I9bf21b10b02f605ef7b85aceb808a5437d936f85
PlatformCaptivePortalLogin must be used with InProcessNetworkStack
instead of CaptivePortalLogin, since the signature of the APKs must
match.
Bug: 132666298
Test: Flashed walleye_svelte-eng, networking and captive portal working,
including "use as-is".
Change-Id: I243b29f2397b22f0d55af0d8927e75916d644198
Currently unimplemented. Implementation will be in a future CL.
Test: m
Bug: 128499160
Change-Id: Ia11ecd33f528d01667b1baeb8671b7213a31eef5
Merged-In: Ia11ecd33f528d01667b1baeb8671b7213a31eef5
(cherry picked from commit 10ddc681cf)
This is necessary to allow testing for the network stack version and the
version it is getting from the system server.
Test: flashed, WiFi working
Test: dumpsys network_stack version shows data (although version numbers
being fixed)
Bug: 133124190
Change-Id: I9ea85c29667d4510225637071990732360841db6
The in-process NetworkStack runs in the system process, so it does not
need to be marked persistent.
Doing so causes a spurious com.android.networkstack.inprocess process to
be running, wasting memory.
Bug: 131046856
Test: Flashed sailfish, networking works, no extra process started
Test: Flashed walleye, networking still works
Test: aapt dump xmltree NetworkStack.apk AndroidManifest.xml unchanged
Change-Id: I0eb896c825ffe2581950c0bdd2b31ebd7eae0982
Remove IPv6 related codes since we don't support IPv6 NAT-T keepalive
as the kernel doesn't support IPv6 UDP encapsulation.
Renaming keepaliveAck to keepaliveResponce since NAT-T keeaplive
response is not an ack. Also, add generateV4NattKeepaliveFilters()
if multicast filter is disabled.
Verify incoming packet contains 1 byte payload but it is not 0xff will
pass NAT-T keepalive filter.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
Change-Id: I6d3eb9e6271a0f51dec4a55d68a69b4280175d86
Merged-In: I6d3eb9e6271a0f51dec4a55d68a69b4280175d86
Merged-In: If01bc6a71cf26e13edc049d969d23088fa8242e4
(cherry picked from commit 4ee521b022)
Add PlatformCaptivePortalLogin and PlatformNetworkPermissionConfig build
targets to override CaptivePortalLogin and NetworkPermissionConfig with
platform-key-signed packages easily. The added packages are unused by
default but can simplify setup for OEMs that use InProcessNetworkStack.
Bug: 132635211
Test: Added the new packages to sailfish build, built image: device has
the proper packages signed with the right keys, networking and
captive portal working fine.
Change-Id: I09656deb6ba928f56b478adebb60268fa6f484b0
This avoids shipping both APKs on Go devices, as would be previously
done with the default Go configuration that still included NetworkStack.
Test: Flashed, booted walleye with svelte config. Verified that
NetworkStack is not on the device and InProcessNetworkStack is
used. WiFi working.
Bug: 132666298
Change-Id: If4a7a003128a555e512c88469653c3fb2ad864d5
So that the /system version of NetworkStack.apk can be re-installed on
/data without causing problems. This is useful for testing and necessary
for supporting rollback to the system version of NetworkStack.apk.
Bug: 131703417
Bug: 132195177
Test: Confirm NetworkStack.apk now includes .so files.
Test: adb install --staged NetworkStack.apk
adb reboot
Device reboots without problems.
Change-Id: I7c9a1702a2c18e0333b5e409f04b7658fe685f97
Remove definition of TYPE_NATT and TYPE_TCP since the type
can be identified by checking message.obj is an instance of
NattKeepalivePacketData or TcpKeepalivePacketData.
It's more simple and won't have dependency on KeepaliveInfo.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
(Clean cherry-pick of aosp/955419)
Change-Id: Ic97ffe9ff5781778efd264460809f5059f0f4230
Merged-In: Ic97ffe9ff5781778efd264460809f5059f0f4230
Currently, it looks like private DNS server resolution uses
OneAddressPerFamilyNetwork and only returns one server address.
It should return all addresses. Use async dns api for this.
Bug: 123435238
Test: atest NetworkStacktests
Change-Id: I2b7e184d9b9800a83b55dceb73af69085668748c
(cherry picked from commit 40c5295cee)
Merged-In: I2b7e184d9b9800a83b55dceb73af69085668748c
Merged-In: I9f50da3c8c2e3b12b29bc8844291e4bf1559cd1f
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
(cherry picked from commit 414b8c8b1c)
"mNonPrivateDnsBypassNetwork" is not very easy to understand.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: If5801c81c6ef222b46f631bd6570dcd0fea465bd
Merged-In: If5801c81c6ef222b46f631bd6570dcd0fea465bd
(cherry picked from commit 669dc6cea7)
Test successful and failed validation, and updating the config.
In order to do this, add a FakeDns class so we can change DNS
responses dynamically while the test is running.
Also a couple of minor fixes:
1. Make sure the DNS timeout is set. Before this CL, it was
always 0. Not sure why. It does seem to be set to the default
value (12500) when actually running on device. We didn't
catch this because the only tests that use the timeout set it
explicitly.
2. Make runNetworkTest a bit more realistic: always send
NetworkCapabilities *before* calling notifyNetworkConnected.
This is what ConnectivityService does.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: atest --generate-new-metrics 50 NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Change-Id: Ifd6694262501874f3261c864a049cb35c6afb9c8
Merged-In: Ifd6694262501874f3261c864a049cb35c6afb9c8
(cherry picked from commit 89909befd2)
The Java code was already using sdk_version: "current", but the
JNI library did not have an sdk_version attribute, and had
forbidden dependencies on internal libraries such as libcutils,
liblog and libnativehelper.
This CL fixes things as follows:
- Use the NDK log functions, and switch to the NDK liblog.
- Switch to the NDK libnativehelper.
- Drop the dependencies on libcutils and libpcap, which were
unused.
- Use the libc++ STL, and set the sdk_version of the library to
current.
Bug: 131703417
Test: m
Test: installed NetworkStack APK via "adb install --staged" results in working networking
Test: builds, boots, wifi works
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: I1a7bd7fe2809b90a66073d8c5d5dcdff646c4286
Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I403cd14ac9aa6b001c4e580abbb33a615931a192
Merged-In: Idaa7238a5c9acdae9f6cff13095ee9436c7c92c8
(cherry picked from commit 038c11d564)
This reverts commit 796afddd6c.
Reason for revert: breaks updatability because persistent processes are not updatable.
Bug: 131046856
Change-Id: I35ded113b31e742f13ad8523a10af3a83a111374
Merged-In: I35ded113b31e742f13ad8523a10af3a83a111374
(cherry picked from commit b2a5d85522)
Use the Generated code suppression comment filter instead of the
IndentationCheck suppression comment filter because the latter
complains that '+' should be on a new line.
Bug: 120584519
Bug: 127423755
Test: atest NetworkStackTests
Test: atest FrameworksNetTests
Change-Id: I35b8c943b95a4301c25b7f6cfb02f03a8c1bc34e
Merged-In: I60071bc029d25485bf204cfd3a8cebd538ca12b6
(cherry picked from commit 65f6ae271b)
- Add the hostname to DhcpResultsParcelable.
- Don't store the server hostname if option overload is in use,
as this is not valid.
- Add unit tests.
Bug: 120584519
Bug: 127423755
Test: atest NetworkStackTests
Test: atest FrameworksNetTests
Change-Id: I5e9fee5471740f5d7c001e9e98017f32be452344
Merged-In: I60071bc029d25485bf204cfd3a8cebd538ca12b6
(cherry picked from commit 681f33cc6a)
Some hotspot devices will fill in the server host name field of the DHCP
package, such as iphone. Parsing the server host name of the DHCP
package can help identify ios hotspots.
Bug: 120584519
Test: 127423755
Test: builds, boots, wifi works
Change-Id: I8c5a7dc8ab117f062f9401f58832edada321436b
Merged-In: I60071bc029d25485bf204cfd3a8cebd538ca12b6
(cherry picked from commit 43f1bc9d53)
The Beta 3 builds (which are in dogfood an public beta) will receive modules via the Play Store with version numbers 210000000. Hence, we must bump the version in qt-dev and hence beta 4.
BUG: 131240537
Change-Id: I4f09986002f660896dbc1f8a0482c16b4a554d1e
The network stack should never be killed, because if it does,
recovering networking requires a reboot. Make the process
persistent to reduce the chances of it being killed by the OOM
killer.
Bug: 131046856
Test: builds, boots
Test: process oom_score_adj is -800
Test: process goes from "Persistent Service" to "Persistent" in dumpsys meminfo
Change-Id: Ic8ebf6356e23489f6cd984d680ff9f1b4cbbe52d
Merged-In: Ic8ebf6356e23489f6cd984d680ff9f1b4cbbe52d
(cherry picked from commit c1eedfcd12)
