When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
This follow-up change performs some cleanup changes without affecting
functionality
Bug: 72950854
Test: Compiles, CTS tests using this pass
Change-Id: Ic7394f24f11d713c9374b438182e29d2a02ea236
The SocketUtils.attach*Filter and SocketUtils.addArpEntry methods
were added there because they could not be added as JNI inside
the NetworkStack. This was not possible because on Go devices,
the NetworkStack was a jar library. But now, Go also uses an APK.
Hence, move these methods to the NetworkStack.
Change-Id: I1d88a0f0be23f2b15d5103fa092b9bf982329d7c
Fix: 129433183
Test: atest NetworkStackTests FrameworksNetTests
- Add documentation to CaptivePortal#logEvent
- Add paragraph breaks to StaticIpConfiguration class javadoc
- Format javadoc for API documentation
- Move setters to a builder and hide fields for apps targeting P or
older
- Document StaticIpConfiguration getters and builder setters
- Add documentation for StaticIpConfiguration#getRoutes
Bug: 129362244
Bug: 129433304
Test: built, flashed, booted, WiFi working
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: Ia66c1097f01ca87d02eba3456547aedb1e480186
- Restrict unprivileged apps to use
NetworkRequest.Builder#setSignalStrength.
- Remove the "throws NullPointerException" in
CaptivePortalProbeSpec constructor.
- Remove the null check in LinkProperties.
- Add annotataion into all ConnectivityManager.NetworkCallback
methods.
Change-Id: Id275cac1d6a30d7515cd7b113394f5e8a0179314
Fix: 129097486
Test: atest FrameworksNetTests
This method was removed as part of addressing API council feedback in b/129261432
Add back previous DnsResolver#query which is already being used by developers.
Bug: 129395490
Test: atest DnsResolverTest
Change-Id: Ic956db204f3940d39d42e1b11dda39e57d356fad
This problem might cause double-close fd and result in app crash
or unexpected behaviour
Bug: 129317069
Test: atest DnsResolverTest
manual test with delaying response callback/cancel
Change-Id: I223234f527edafc51d34fa6be390419c05def8d8
Currently, socketKeepalive implementation is accepting null fd
due to backward compatibility with legacy packet keepalive API.
However, due to lack of the fd, the service cannot guarantee the
port is not reused by another app if the caller release the port
for any reason.
Thus, grant the null fd access only for priviledged apps.
This commit also address some comments from aosp/918533.
Bug: 126699232
Test: atest FrameworksNetTests
Change-Id: I0baf582ff4ca8af6082c3754e8dfbcd867f39792
Per API review, change the use of FileDescriptor to
ParcelFileDescriptor.
This change also fix nullability according to API review
feedbacks.
Fix: 126698610
Fix: 126699425
Fix: 126699232
Fix: 126700278
Test: 1. m -j
2. atest FrameworksNetTests --generate-new-metrics 50
3. m -j doc-comment-check-docs
Change-Id: I19476c50dd1ca290bf3f41973829da2bd229796a
Add nullability annotations on the following methods:
- StaticIpConfiguration#getRoutes
- ValidationProbeEvent#getProbeName
Test: m
Bug: 128935825
Change-Id: I1c17d200f3125e684c4e4d67b2f7f079eda310b6
- Remove CaptivePortal constructor from SystemApi. This constructor was
added in Q timeframe and ends up being unnecessary since
CaptivePortal creation was refactored to ConnectivityService because
of visibility issues on ICaptivePortal.
- Rename getAvoidBadWifi to shouldAvoidBadWifi
- Add permission annotation for shouldAvoidBadWifi
(already merged in internal as:
I09545c00af3519dbf141dd5951b28f49e37b3e80)
Test: flashed, WiFi and captive portal works
Bug: 128935314
Bug: 128935673
Merged-In: I09545c00af3519dbf141dd5951b28f49e37b3e80
Change-Id: I7395d4a4db6a64398a827692aee1956c011873e5
The framework cannot return URLs used by the updatable NetworkStack,
which may use configurable URLs, changing URLs, or mechanisms not
involving URLs to detect captive portals. NetworkMonitor has already
been using random fallback URLs for a while that do not match the value
returned by ConnectivityManager#getCaptivePortalServerUrl.
With this change, the default value returned by the framework is
configured in framework resources as
config_networkDefaultCaptivePortalServerUrl. NetworkMonitor behavior may
change as it is an updatable component, but the current URL is
configured in NetworkMonitor resources as
config_captive_portal_http_url.
Test: flashed, booted, WiFi and captive portal working
Test: ConnectivityManager#getCaptivePortalServerUrl returns correct
value.
Bug: 127908503
Change-Id: I371dedc5b22efa909d7fd58e1ebe9b8aaced9780
1. Some API's argument/return value must be marked either
@NonNull or @Nullable.
2. Change some system APIs to public APIs.
3. Modify the method name
Bug: 126700123
Bug: 126702339
Bug: 126699682
Bug: 118296575
Bug: 126699216
Bug: 126699675
Bug: 126699429
Bug: 126699193
Bug: 123586045
Test: atest FrameworksNetTests
Change-Id: Iaa2832cdcf83758ed0fec81b954a0c63bc5a7bf6
* changes:
Remove the framework dependency on netd_aidl_parcelables-java.
Move TcpKeepalivePacketData out of the framework.
Stop using netd parcelables in the framework.
This class is not used in framework.jar, only in services.jar.
Move it out of the framework so framework.jar can stop depending
on the NetworkStack stable AIDL interfaces.
This should really under com.android.server as well, but that's
a cross-project change to be done in another CL.
Test: m
Bug: 128804404
Change-Id: Ib2805f7fcc516a5f6989c252365d1c95b8042703
Merged-In: Ib2805f7fcc516a5f6989c252365d1c95b8042703
The only actual users of these classes are in services.jar, not
in frameworks.jar. The only reason the framework depends on them
is that the code that converts to and from stable parcelables is
currently in the framework. Move that code to services and cut
the dependency.
These classes aren't used in the networkstack app so they don't
need to be in shared. They also can't be in shared because the
classes are not in the SDK. So put the conversion functions
directly inside their only user (NetworkManagementService).
Also remove the jarjar rules that rename the classes for use by
the NetworkStack app.
This does not actually remove the dependency from the build file,
that will be done in a future CL.
Bug: 128804404
Test: builds, boots
Test: atest FrameworksNetTests android.net.cts.ConnectivityManagerTest HostsideVpnTests
Change-Id: I027d50ba56091f5558f45e6e08f32e5912b2a82a
Merged-In: I027d50ba56091f5558f45e6e08f32e5912b2a82a
1. refactor AnswerCallback with a generic type
2. support onError in AnswerCallback
3. Fix minor problem reported from API Review
Bug: 124882626
Test: built, flashed, booted
atest DnsResolverTest DnsPacketTest
Change-Id: I685c9989f8401acb63d2e83f552b2d5b20c41af0
This is necessary to allow usage of ApfCapabilities as-is in AIDL,
instead of relying on ApfCapabilitiesParcelable, assuming that stable
AIDL starts allowing usage of @SystemApi classes. The Parcelable
implementation would be convenient for clients in any case.
Bug: 126477266
Test: atest FrameworksNetTests
Change-Id: Id2ef3cad261832a2918ccb6bb6bc154d99d75746
Currently, client side of keepalive event handling rely on a
newly created thread, looper, messenger and handler per object.
However, by creating oneway AIDL interface with the executor,
the callbacks can be invoked on the binder thread with user
specified context, which not only greatly simplify the design
but also reduce the cost of current thread modeling.
Bug: 114151147
Bug: 123969871
Test: 1. atest FrameworksNetTests --generate-new-metric 10
2. atest-deflake.sh
Change-Id: I27504074cd28d5b5eb94a7ec0e97ebaaaaa1ae3d
