The body of {@code} must not be HTML escaped. This is one of
several changes that fix the source in conjunction with a
doclava fix.
Bug: 25757239
Change-Id: Ib38a0fa2dd2a3d68e467f78a812071e763d7e881
Currently, we look at network requests that are created by the
current requestNetwork API to see if they look like requests
that could have been created using the legacy
startUsingNetworkFeature API.
This causes those networks to be added to LegacyTypeTracker,
and so cause CONNECTIVITY_ACTION broadcasts, be accessible
using getNetworkInfo(int type), etc. This was done in the L
timeframe so that apps could request networks using the
then-new requestNetwork APIs and still use them using legacy
APIs such as requestRouteToHost.
However, the resulting CONNECTIVITY_ACTION broadcasts are
expensive. requestRouteToHost has been deprecated since L, and
mixing the old and new APIs was never recommended, so it's time
to delete this hack.
Bug: 22513439
Bug: 23350688
Bug: 25295964
Change-Id: Id867058446e5ee44396743d126d26fa57da0c990
An upcoming change will remove "synchronized" from the API docs. This change
documents those cases where the guarantees can be determined from code
inspection.
Bug: 25767152
Change-Id: I75083ce01513ed315222304fe3f34190d40748cb
The documentation for this method says that the request can be
released using releaseNetworkRequest, but that's not true.
releaseNetworkRequest only takes a PendingIntent, and can only be
used to release a request filed with a PendingIntent.
Fix the docs to say that the request needs to be released using
unregisterNetworkCallback.
Change-Id: If044fd2d463ab8d09874172d5d56946251057a3c
This method is public @hide to support progressive refactoring of
tethering away from startUsingNetworkFeature to requestNetwork,
without getting in the way of the CONNECTIVITY_ACTION cleanup in
b/22513439 .
Bug: 9580643
Bug: 22513439
Change-Id: I9053ec746cc8f415a2d5849f044667eeb14e1b19
java.lang.IntegralToString is being removed, replaced
all its usage by com.android.internal.util.HexDump.
Bug: 24932279
(cherry-picked from 15fc0548a536750110e159e06a39ba943eccdd81)
Change-Id: Id6ab88337af12d93cd73c41775b9d5baa1e61d96
X509TrustManagerExtensions assumes that the default X509TrustManager is
an instance of conscrypt's TrustManagerImpl. That's no longer going to
always be the case. Instead use duck typing to support any
X509TrustManagers that have the extra methods required for
X509TrustManagerExtensions.
Change-Id: If23471bda590d5e131bb1e802a60599957bc7f37
This API will be used in WebView to help determine whether secure
connections to hostname A can be used for secure communication to
hostname B (e.g., HTTP/2 connection pooling).
This is needed because with the new network security configuration a
completely different trust configuration may be used for
foo.com and bar.foo.com, so even if the foo.com certificate contains a
SAN for bar.foo.com it may not be valid for bar.foo.com given the
applications trust configuration.
Change-Id: I87184d392b9a7eca53a9c837996ca7ab5cd5bf12
This is a partial revert of http://ag/738523 , but not a full
revert because M apps that have gone through the WRITE_SETTINGS
route to obtain permission to change network state should
continue to have permission to do so.
Specifically:
1. Change the protection level of CHANGE_NETWORK_STATE back from
"signature|preinstalled|appop|pre23" to "normal". This allows
apps that declare CHANGE_NETWORK_STATE in their manifest to
acquire it, even if they target the M SDK or above.
2. Change the ConnectivityManager permission checks so that they
first check CHANGE_NETWORK_STATE, and then ask Settings
if the app has the WRITE_SETTINGS runtime permission.
3. Slightly simplify the code in the Settings provider code that
deals specifically with the ability to change network state.
4. Make the ConnectivityService permissions checks use the
ConnectivityManager code to avoid code duplication.
5. Update the ConnectivityManager public Javadoc to list both
CHANGE_NETWORK_STATE and WRITE_SETTINGS.
Bug: 21588539
Bug: 23597341
Change-Id: Ic06a26517c95f9ad94183f6d126fd0de45de346e
In rare cases, we might have created a network policy before an IMSI
was available. Because this policy is persisted, and we incorrectly
think that it always applies, we end up annoying the user when data
usage goes over the 2GB default warning threshold.
This patch fixes the network matching logic to ignore these empty
network policies when present.
Bug: 24972775
Change-Id: Id26499b6716121dddf0f2c05b848b0bed5995e72
Per RFC 4330, a NTP server response should be discarded when:
- the stratum is 0 (unspecified), or
- the leap indicator is 3 (unsync'ed), or
- the mode is not 4 (server) / 5 (broadcast), or
- the transmitted time is 0.
Update SntpClient so that such responses would be discarded.
Additionally:
- make some variables suitably "final"
- enable logging
- add alternate requestTime() for testing
- add some miniscule test coverage
Cherry-picked from Jerry Wong's
https://partner-android-review.googlesource.com/#/c/460074
Bug: 24719581
Change-Id: Id11a79a6e53ce95500ed4b4d691a29c260666f6c
This makes it so that the socket cannot receive datagrams from
anybody except the DHCP server. This does not improve security,
because we never read from the UDP socket anyway, but it does
make ListeningPortsTest pass.
Bug: 23906864
Bug: 23933386
Change-Id: Ib090273a417f7eb2ac1ee3309260249b72fb8345
This makes it so that the socket cannot receive datagrams from
anybody except the DHCP server. This does not improve security,
because we never read from the UDP socket anyway, but it does
make ListeningPortsTest pass.
Bug: 23906864
Bug: 23933386
Change-Id: I82fe9d6c6c520536ffd6422bcc60fab664999e6f
getActiveNetworkInfo() and friends already know how to augment their
results to help apps detect when network access is blocked. This
change wires up the new app-idle and device-idle firewall rules to
be reported through these APIs.
This also causes other platform tools like DownloadManager and
SyncManager to respect these new policies.
Bug: 24050462
Change-Id: Id9517b0b70be7e3ca2ab27bed8049db916e4d829
* commit 'fd18370675f8794807747a18276dd7385e25f06e':
Require the new PACKET_KEEPALIVE_OFFLOAD permission.
Add an error code for generic hardware error.
Fix bugs and crashes in PacketKeepalive API.
Add tests for the PacketKeepalive API.
Add a PACKET_KEEPALIVE_OFFLOAD permission.
Use a CountDownLatch instead of sleep() in NetworkFactory tests.
Get rid of shortSleep() in ConnectivityServiceTest.
Make ConnectivityServiceTest a bit more readable.
* commit '22262f31b964d595b56eb1277e4d88550a03e54c':
Require the new PACKET_KEEPALIVE_OFFLOAD permission.
Add an error code for generic hardware error.
Fix bugs and crashes in PacketKeepalive API.
Add tests for the PacketKeepalive API.
Add a PACKET_KEEPALIVE_OFFLOAD permission.
Use a CountDownLatch instead of sleep() in NetworkFactory tests.
Get rid of shortSleep() in ConnectivityServiceTest.
Make ConnectivityServiceTest a bit more readable.
* commit '017223acda5bfe16cb87d0a33d72dd28d2fccd3b':
Require the new PACKET_KEEPALIVE_OFFLOAD permission.
Add an error code for generic hardware error.
Fix bugs and crashes in PacketKeepalive API.
Add tests for the PacketKeepalive API.
Add a PACKET_KEEPALIVE_OFFLOAD permission.
Use a CountDownLatch instead of sleep() in NetworkFactory tests.
Get rid of shortSleep() in ConnectivityServiceTest.
Make ConnectivityServiceTest a bit more readable.
This is necessary because currently the wifi code just returns
whatever hardware-specific integer it gets back from the HAL,
which is bad because that will be interpreted by the caller as
one of the error codes defined in this class.
In parallel we'll also modify the wifi code to return this new
error code if the hardware returns an error.
Bug: 21405946
Change-Id: Ic9fa1193ced69a4e7ff543e397221c89b10a5a13
