am skip reason: Change-Id I2da730feda4d7ebed1f158b073167bb3964b3e7d with SHA-1 d73f6baa90 is in history
Change-Id: I641d8967ec8af4b58696bf2c044f5a87a6836937
am skip reason: Change-Id I2da730feda4d7ebed1f158b073167bb3964b3e7d with SHA-1 d73f6baa90 is in history
Change-Id: Id83288231d705e604e5094d40d211c0c940c4dd4
IPv6 addresses parceled for DNS servers, private DNS servers, PCSCF
servers were parceled without the scope. This causes issues with
link-local DNS servers.
Test: atest FrameworksNetTests
Bug: 145181158
(cherry picked from commit 091f1d790cffc7c0d3ea8c85f540755584df4077)
Merged-In: Ie5b7782d788717dd1cc440e502d6cdf2d1c18eaa
Change-Id: I51313f50de8220988c2c1d26981c27d07dfb55f9
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.
Bug: 144679405
Test: Build, flash, manual test
atest FrameworksNetTests
Change-Id: I2da730feda4d7ebed1f158b073167bb3964b3e7d
Merged-In: I8b03c9e23ffc9ff46264d6307fb841a7eda76a76
Merged-In: Ib08a940a6e5d3365c392ab7174d8484c197e0947
(cherry picked from commit 2e1da35b3b903f4aa01435c46b7014b88a41328d)
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug: 144679405
Test: Build, flash, manual test
Change-Id: Iae9c273af822b18c2e6fce04848a86f8dea6410a
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: I2da730feda4d7ebed1f158b073167bb3964b3e7d
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I72c045aeeb3c516a286ad5ef6413fb227019a299
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I33d00fde7d89d4cd84876bc982c6b28fa95287f5
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I92c1131ef02f7ca5e399b47c62993cf28719b66a
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Backport of c455822846.
Bug: 122652057
Test: atest FrameworksNetTests
Test: manually ran a VPN with private DNS in strict mode
Test: atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Support faking out the DNS lookups used by NetworkMonitor to
resolve strict mode DNS, and add more test coverage.
These tests were partly adapted from tests we have in Q but
also contain new coverage. This is because in Q the interface
between ConnectivityService and NetworkMonitor changed
substantially, and it is impractical to backport
NetworkMonitorTest.
Bug: 122652057
Test: atest FrameworksNetTests
Change-Id: I6497b7efa539267576d38d3036eef0af0df4e9cb
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
1. If a previous version of an app doesn't declare internet permission;
2. The User upgraded it to a new version and the new one does declare the
internet permission;
3. The new app are not allowed to access the internet until next boot
Bug: 137864893
Test: Manual, just make sure the onPackageChanged would be executed on package changes
Change-Id: I69cdbb16a027a9c4e974b32371b1f64a23a51a23
Signed-off-by: wangmingming1 <wangmingming1@xiaomi.com>
The resource loading is done based on the last SIM to come up
which is not a deterministic design. Thus, update the way to get
the resource based on the subId.
Test: atest FrameworksNetTests
Test: manually test with avoid bad wifi feature supported sim
Bug: 138956509
Change-Id: Ib5b085d97103889600773d269e03b939c29ca47d
Merged-In: Ib5b085d97103889600773d269e03b939c29ca47d
(cherry picked from commit 5e994ea02c7a820543f3726186240548676f4b4e)
The "Connected" notification would be shown every time a network
validates after being identified as a captive portal. This causes issues
on networks that have auto-login mechanisms, as a high priority
notification would be shown even though the user was not interacting
with the phone.
The "Connected" notification is intended to confirm to the user that
they successfuly logged in (manually), so only show it after the user
opens the portal on the network.
Bug: 134124044
Test: Flashed, connected to portal: notification shown
Opened portal from command line + revalidate: no notification
Tests passing with change, failing without
Merged-In: I99be7d312d020d242081971c7e522023bbbab072
Merged-In: I7dc1b3a313b255fe89313efb9117bb160efdb533
(cherry picked from commit 0b5a4d862190320d285413b1feb921144fee8420)
Change-Id: I67c124cc34f09c2f186706b5cec839f60d00a90a
* changes:
Inline readNetworkStatsDetailInternal, make mUseBpfStats final
Remove VPN info arrays from NetworkStats(Observer|Recorder)
NetworkStatsFactory: Take VPNs into account for network/battery stats
Remove duplicate line in clat_simple test file
Remove unused lastStats parameter
Revert "Revert "Take all VPN underlying networks into account when migrating traffic for""
This change removes the now-unused VPN arrays in the network stats
observer and recorder classes. These are always null values in every
call site.
Bug: 113122541
Bug: 120145746
Bug: 129264869
Bug: 134244752
Test: FrameworksNetTest passing
Test: Manual tests show data usage fixes maintained.
Merged-In: Ieb8645acc400fdaeb0df7092c5369b96f9f35af9
Change-Id: I66f263d7e12bce7668901306c0c2ecdda634abaf
(cherry picked from commit 833603caabb1a850a63a970fc285b4c8ed7401f8)
This change fixes detailed UID stats to ensure network and battery stats
both take VPNs into account. NetworkStatsFactory is being made aware of
VPNs enabled, and the full set of underlying networks present.
Since traffic can only be migrated over a NetworkStats delta, NSF
maintains a NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSF records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or NetworkStatsService's
getDetailedUidStats() method being called.
This change widens the scope of the existing mPersistentSnapshot lock,
renaming it to mPersistentDataLock, and ensures that TUN migrations are
not done in parallel. Additionally, mVpnInfos is updated via
pointer-swapping, to reduce the scope of the mPersistentDataLock.
The safety of this change is predicated on:
1. NetworkStatsFactory lock not held, so services cannot deadlock through
the cyclical lock.
2. The broadening of the scope of the lock in NetworkStatsFactory has no
threading implications, as it is always the last (leaf node) lock held,
and therefore is impossible to have lock inversion.
Additionally, to ensure VPNs work with 464xlat, the VPN info passed to
the NetworkStatsFactory includes all underlying interfaces, instead of
only passing the first one.
This (partially) re-applies changes from:
aosp/972848: Add one more test for VPN usage stats.
aosp/972847: Addressing comments for http://ag/7700679.
aosp/885338: NetworkStatsService: Fix getDetailedUidStats to take VPNs
into account.
Co-developed with: Varun Anand <vaanand@google.com>
Bug: 113122541
Bug: 120145746
Bug: 129264869
Bug: 134244752
Test: FrameworksNetTest passing
Test: Manual tests show data usage fixes maintained.
Merged-In: I6466ec1411fc5ed6954125d27d353b6cd1be719e
Change-Id: Id45ae956ad7165be346ecc010e17d260563ac1c0
(cherry picked from commit 9fbbdebc61513982a6775460e1d400956f803bde)
This change removes a redundant line in the xt_qtaguid_with_clat test
file.
Bug: 113122541
Bug: 134244752
Test: FrameworksNetTest passing
Merged-In: I87deb82ba960102b617ab27362e8c5899fa478f8
Change-Id: Iba752fed5600c8a470d14ccdf1dd437668d8dc15
(cherry picked from commit b59cff52510de15ea1dca7f6981d45090b9c8659)
This reverts commit d8220c20507f0c346f517d715c7b9826b04d64e2.
Reason for revert: Fix available for deadlocks.
Bug: 113122541
Bug: 134244752
Merged-In: Ib65214598837289bd39dbf040b56ab7835f893ba
Change-Id: Ia90bf2c72ef686e80800d113d03548e0efcadb66
(cherry picked from commit a84d9fa57247cf78a9297b0c6dbd3d81b69e235f)
This is still sent in an intent.
Bug: 131764329
Fixes: 131764329
Merged-In: I56c86b0c1912064d5a642991df32d2cefb6a8d5b
Change-Id: I64b9d632be97dc51e6085162371bb8c19f410258
(cherry picked from commit e546cb0bd16b7359feeb3c46ba52e64cf91ae4d3)
This mostly serves to unindent code to make it locally more
readable. It is a functional no-op.
Bug: 135043192
Test: atest FrameworksNetTests
Merged-In: Iad0e9a28670e96a3c953518a0d0ccd77e2f2fa80
Change-Id: I80bebcd04c277f6e4b0665fe1253b2309e3bc535
(cherry picked from commit e1f5759319a4559b3cf89029449878dc56f92bb7)
PARTIAL and NO_INTERNET may happen in the real world for
those transport types that provide internet. These two
notification types should be reasonable notificaitons, not a
terrible failure as the log. For Q, it may be too risky to
display more notifications with other information instead of
SSID. Thus, suppress the wtf log for these two notifications.
Bug: 135043192
Test: atest FrameworksNetTests
Change-Id: I35f3718fa93b403858587d918f0bc596f6c92f3e
Merged-In: I91b92249dc7905aadbc59df50c3bc6da30a8590e
Merged-In: Ia1c2a765b0fb0cc8d440c02533bdc15774a5a3ef
(cherry picked from commit ed0a54bd07ea1c9072459bafeaf796eaa4dad4c5)
Wrap a part of factoryReset with Binder.withCleanCallingIdentity() so
that it doesn't crash thinking that a different uid connected to the
network stack.
Bug: 135029349
Test: build, manual
Change-Id: Iea246a4c1939a4e7e35434137051835ece81d92f
There might be a gap between fd close and fd event listener unregister.
If fd is reused for another query during that gap, it might cause the
query failed with no response since addOnFileDescriptorEventListener
method failed. To fix this problem, we must ensure that fd event
listener is unregistered before fd closing.
Bug: 134310704
Test: atest DnsResolverTest
Merged-In: I443bb11b15845b079ee4370a7797e692e62fa3c8
(cherry picked from commit 07de4cf82ac09f8b9f37afa9eb1b7a44b43b6fe6)
Change-Id: I7041e67d8c906cbf88050e7d94245f8e15dcdbb4
This reverts commit 97482de1fd.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: Ibdaad3a4cbf0d8ef1ed53cfab1e454b9b878bae9
This reverts commit e7094673d5.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I0c00e8f0e30cee987b71b561079a97bf09d4dae4
This reverts commit 78d5ac4f8f.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I5fbb3443a39a21fc9d96442726cd10d20e8d61cd
This reverts commit 20204cdf6a.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I64b48d575f2e6ec4cb7d2d100a859a30af0501dc
If the device connects to a network automatically and not through
user action, a high-priority notification is intrusive and is
inconsistent with other networking notifications, which are
usually only high priority if the network is manually selected.
Bug: 130766237
Test: see next CL in patch series
Change-Id: I8824f2d1a0efeb6cb75e430ef5159ebce0018779
This will allow wifi to tell ConnectivityService that partial
connectivity is acceptable even if the network is not explicitly
selected.
This is needed when the user selects a partial connectivity
network and tells the system to connect to the network, and never
to ask again. In such cases, the system must switch to the
network even if it is not explicitly selected.
Bug: 130766237
Test: atest FrameworksNetTests
Test: unit tests in an upcoming CL
Change-Id: I13465090b7b1c0bf5dc83362387a5428d77b7e1d
Currently phone process fail to unparcel NattKeepalivePacketData
since it is not in framework. Moves NattKeepalivePacketData to
framework to make it can be utilized by telephony.
This change also removes the error feedback triggered by calling
add keepalive packet filter to an unsupported network agent. This
is misinterpreted by KeepaliveTracker that start keepalive is
failing.
Bug: 134048171
Test: 1. atest android.net.cts.ConnectivityManagerTest#testSocketKeepaliveLimitTelephony
2. atest android.net.cts.ConnectivityManagerTest
3. atest FrameworksNetTests
4. atest FrameworksTelephonyTests
Merged-In: If630d5b339aa722717258c721daa8ead8c431e2d
Change-Id: Ic0f168be6f5a6263a5e0565b6381dcb5c645660f
(cherry picked from commit 9ede677bb2c081ccdc41c8c3c19c949114bcc138)
If NetworkMonitor detects partial connectivity before
EVENT_PROMPT_UNVALIDATED arrives, show the partial
connectivity notification immediately. Re-notify
partial connectivity silently if no internet
notification already there.
Bug: 130683832
Bug: 130766237
Test: atest com.android.server.ConnectivityServiceTest
Change-Id: I7d4eddc643ec795c3961097dc1bdd314d168f6c7
Merged-In: I1b79d3faf96ffe792738935088e4ebbdfcc0d878
(cherry picked from commit 58d4e7304cfce68e338ab34022a0b29d45f42c38)
When the network stack crashes, the system will rebind to it.
Existing references are no longer useful (they just throw
RemoteException) but if the system is still up, then the user
can at least recover the situation by taking actions such as
going into airplane mode, toggling wifi, etc.
This CL stops ConnectivityService from crashing the system when
it cannot talk to NetworkMonitor. This is arguably better than
crashing the system, because crashing the system is disruptive
and carries the serious risk of a bootloop from which it is not
possible to recover.
NetworkStackClient already contains code to crash the system
when the network stack crashes. This change help ensure that
if a crash occurs, it is the result of an explicit decision by
that code instead of an unchecked exception in one of the callers
of the network stack.
Bug: 133725814
Test: builds, boots
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: Ib9a15fececd8579fc5b139fe0341275a45512e0f
Merged-In: Ib9a15fececd8579fc5b139fe0341275a45512e0f
(cherry picked from commit ac29a97d10fe8ea0720763f4ca4657cac85732a1)
System server | NetworkStack
|
NetworkMonitorCallbacks ←----|--- NetworkMonitorCallbacks$Stub$Proxy
↓ | ↑
NetworkAgentInfo | NetworkMonitor
↓ | ↑
NetworkMonitor$Stub$Proxy ----|---→ NetworkMonitorImpl
Bug: b/133174607
Test: Manual. The simplest artifact is observed by watching the output of
adb shell dumpsys meminfo -d com.android.networkstack | grep 'Proxy Binders'
while connecting and disconnecting multiple times to any network.
This will display the number of binder proxies. Before this, the binder
proxy count increases by 1 with each connection and never goes down (there
is some noise, as proxy objects are sometimes created for other reasons,
and get GC'd eventually). After this, the binder proxy count is always
eventually stable at 27 + connected network count.
See the bug for the complete analysis.
Merged-In: Ide2428dab3fcd6d7cd00aa2a9fd99d6c99b815a4
Change-Id: I6b74cf12bdbc72c0593d2a4d6f39c895d1ef3534
(cherry picked from commit eb43884fee35102a7fc886750d6a7e891a82ce33)
1. Previously, getDnsNetId doesn't handle all the cases.
Fix it with cosidering bypass private DNS flag.
2. Make getDnsNetId return Network instead of netId,
and change name from getDnsNetId to getDnsNetwork
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Merged-In: Ibb5080acd3c296650d56532fc7da525e9fa95e8f
(cherry picked from commit 3854966dc9499e39187835606397b16367e5e27b)
Change-Id: I37353642088bcc17da0cf17f78a5ed9efc9aefc3
No internet notification may be prompted before partial
connectivity being detected. Partial connectivity status will
be set into NAI and prompted in the Setting. Behavior is not
aligned between Setting and notification. Thus, update
notification again if partial connectivity is detected.
Also, sliently show the updated notification if no internet
notification has already been shown to user to prevent alerting
user in short time.
Bug: 130683832
Test: Verified with simulated partial connectivity
Test: atest FrameworksNetTests
Change-Id: Ie16a8ce6e0fa437048e8c1eea240314ca30e9520
Merged-In: I004e78a33689e2208918d4316bcf9a8f50a0bac3
Merged-In: I14385a39d99a45c4a6a50a665f456f589c2f4da3
(cherry picked from commit a5c68348d89f256cb5f42283d983d05834c7e36c)
