This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
Merged-In: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
Merged-In: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
(cherry picked from commit f3d0fc49db)
When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
(cherry picked from commit 10ba4b773b)
The old callback only report interface list, new callback could provide
the mapping of interface and type. Replace old callback usage in cts
with new callback and check whether old callback could get the correct
interface list by comparing the result between old and new callback.
Bug: 162920185
Bug: 152203943
Test: atest CtsTetheringTest on S
atest CtsTetheringTestLatestSdk on R
atest MtsTetheringTestLatestSdk on S and R
Ignore-AOSP-First: Its dependences CL is not in aosp currently.
Change-Id: I2a0b8c43fb340c3eaed7f0f90464199222a24280
The change aosp/1708088 break tethering unit test in R.
Bug: 187946226
Test: atest TetheringTests in R and S
Change-Id: I4eb4b757f6d7cd3458964c81310dcf0687a4f091
Merged-In: I4eb4b757f6d7cd3458964c81310dcf0687a4f091
Stop reading legacy resources as fallback, and only use resources in
ServiceConnectivityResources.
Bug: 185850634
Test: atest CtsNetTestCases FrameworksNetTests
Change-Id: I224f1ef9a1a8d6e636c7e9550845ab3e1394d7f3
This CL modifies NetworkTemplate#buildTemplateCarrier to force on
metered carrier network and rename to buildTemplateCarrierMetered.
This method was introduced recently and has no callers.
This method will be used in Settings and NetworkPolicyManagerService
to display and manage data usage on carrier metered networks.
Settings/NetworkPolicyManagerService will use it instead of the existing
method buildTemplateMobileAll method, which only matches metered networks.
That code will change from matching metered mobile networks to matching
metered carrier networks.
Note: The carrier metered network includes metered mobile network and
metered "merged carrier wifi network" that is a specific cerrier wifi network
which provides the same user experience as mobile.
Bug: 176396812
Test: atest -c NetworkTemplateTest
Change-Id: I7196d62bb60844458a6c4b1d94e2baccb71e15cd
Merged-In: I7196d62bb60844458a6c4b1d94e2baccb71e15cd
Previous the API ignores subscriberId when network type is WIFI.
Allow caller to call querySummaryXXXX with TYPE: WIFI
+ subscriberId: IMSI to get carrier merged wifi usage which matches the wifi
network with the given IMSI.
Bug: 176396812
Test: atest -c NetworkStatsServiceTest
Change-Id: Ia033521a24e2bb56182d74a41bb2b39710571782
Merged-In: Ia033521a24e2bb56182d74a41bb2b39710571782
The resources are only read by NetworkStack through their respective
ApfCapabilities SystemApi methods.
As the resources are being migrated out of frameworks/base resources
anyway, move them directly to NetworkStack instead of moving them to
ServiceConnectivityResources.
Also test that the framework resources are not overlaid or modified.
This should avoid OEM integration errors where the overlays are kept as
in R, without overlaying the resource in the NetworkStack package.
Bug: 185850634
Test: atest CtsNetTestCases
BYPASS_INCLUSIVE_LANGUAGE_REASON=Need to mention legacy APIs
Merged-In: I7a15ddcad5af11fa307d9dbe3a77b31a1179e5b3
(clean cherry-pick)
Change-Id: I7a15ddcad5af11fa307d9dbe3a77b31a1179e5b3
Before this change, tethering always report a list of tethered
interfaces and the caller need to use each tethering type's interface
regex to matching tethered list to manual implement the mapping of
tethering type and interface. This change allow caller to get rid of
tethering interface regex.
Bug: 162920185
Bug: 152203943
Test: atest CtsTetheringTest on S
Ignore-AOSP-First: Currently aosp would automerge to mainlne-prod, merge
to sc-dev first to avoid adding new API to mainline-prod
CTS-Coverage-Bug: I already add cts test(ag/14622456), but Lint
still complaint because my cts is under packages/modules/Connectivity/
but it only check whether CL touching platform/cts
Change-Id: I91bcccd676d109c1b974497ac29bd366a41b8899
Let PermissionMonitor read APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting and grant netd system permission to uids whose package
name is listed in setting.
Bug: 185149952
Test: atest FrameworksNetTests
Merged-In: I856b545c0339a262abbe9d432cfda125bc82dc12
(clean cherry-pick)
Change-Id: I856b545c0339a262abbe9d432cfda125bc82dc12
