am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I92c1131ef02f7ca5e399b47c62993cf28719b66a
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Backport of c455822846.
Bug: 122652057
Test: atest FrameworksNetTests
Test: manually ran a VPN with private DNS in strict mode
Test: atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Support faking out the DNS lookups used by NetworkMonitor to
resolve strict mode DNS, and add more test coverage.
These tests were partly adapted from tests we have in Q but
also contain new coverage. This is because in Q the interface
between ConnectivityService and NetworkMonitor changed
substantially, and it is impractical to backport
NetworkMonitorTest.
Bug: 122652057
Test: atest FrameworksNetTests
Change-Id: I6497b7efa539267576d38d3036eef0af0df4e9cb
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
As the calls to this apparently need to be synchronized, let's
do it all in the same place instead of in all callers
Test: FrameworksNetTests
Change-Id: I0c097e7756fc155ba0243834b84626e86c68340e
The point of this is to be able to move parts of processListenRequests
independently.
Test: FrameworksNetTests
Change-Id: I6c889b15696123c1120221977b0f36fa3d91de56
A lot of this code can't be triggered at all.
• newNetwork.created in l.6488 is implied by newNetwork.everConnected
in l.6357
• !newNetwork.isVPN() in l.6488 is implied by the fact that VPNs are
always foreground, so oldPermission can't != newPermission in l.6488
• updateUids in l.6502 is useless because uids can't change during a
rematch (because there is no code doing that). Metered state and
roaming state similarly can't change during a rematch, so
meteredChanged and roamingChanged are always false
• updateAllVpnCapabilities in l.6537 is useless because VPN do not
inherit the foreground state of their underlying networks, which
would be the only reason to call that in l.6537
• Object.equals() in l.6480 is necessary false because at this line
it is known that the foreground state has changed, which must have
caused the NET_CAPABILITY_FOREGROUND to be different, so the objects
can't be equal
Test: FrameworksNetTests NetworkStackTest
Change-Id: I2a52f7f4a085f3eea22a1dd170af8f04671250ff
This annotation is mis-adding by aosp/929879, and now it also
makes compilation failure for Telephony Mainline.
Bug: 145755373
Test: atest FrameworksNetTests
Change-Id: Ic22ce6bf17c4300b8cd52217976bfb215a123f68
We want to eventually migrate some of these APIs to be @SystemApi for mainline modules.
The #dumpDebug name is more appropriate than #writeToProto.
Bug: 142279786
Test: Manual
Change-Id: I60793e91cedf6b720d4ecef6a8484f4fed4ff30f
am skip reason: Change-Id I8f2dd1cd0609056494eaf612d39820e273ae093f with SHA-1 e031948c1a is in history
Change-Id: Ib7fe99ba9f914d33da3145b926568bcbe418e6b2
Tethering will be build as unblundled APP. It can't use @hide
API anymore. Expose netId for tethering because it need to set
proxy dns server with netId.
Bug: 144758139
Test: build
Change-Id: Ifefa791940874617bb479f5c23488d14be87f45e
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
Merged-In: I8f2dd1cd0609056494eaf612d39820e273ae093f
The exposed methods are used by telephony, wifi
and tethering. For mainline support, making the
methods @SystemApi.
Bug: 139268426
Bug: 135998869
Bug: 138306002
Test: atest FrameworksNetTests
atest NetworkStackTests
atest FrameworksTelephonyTests
./frameworks/opt/net/wifi/tests/wifitests/runtests.sh
atest android.net.cts
atest android.net.wifi.cts
atest android.telephony.cts
Change-Id: Ib16a838cf9f748e1c5b045d6c2f17678f16af28c
This is ugly, but it's a necessary step to improve the code.
Followups will clean this up. Importantly this kind of inlining
will let us break the very confusing apparent loop between
updateCapabilities and rematch.
Test: FrameworksNetTests
Change-Id: Ie756b9aa8066984264717f0b1e1f31606432f1a4
This is a long standing bug that happens to now be trivial
to fix, and also be beneficial for refactoring
Test: FrameworksNetTests NetworkStackTests
Change-Id: I38110f3a4a75936ea755788e7f9fee67863e14be
