ConnectivityService puts up some notifications with pending
intents, but these pending intents are mutable that content can
be changed by someone. So make these pending intents to be
immutable.
Some OEMs have their own Settings package. Thus, need to get the
current using Settings package name instead of just use default
name "com.android.settings".
Bug: 154928507
Test: atest FrameworksNetTests
Change-Id: I02e3277358623400aa03dc8996af3d7c46a8ce76
Probe DNS servers to see they support DNS-over-TLS. Use system
CAs to verify whether the certificates sent by DNS servers are
trusted or not. An error is thrown to cause the probe failed if
DNS servers send untrusted certificates.
Unlike the DnsResolver which doesn't verify the certificates
in opportunistic mode, all of the DoT probes from NetworkDiagnostics
check certificates.
DoT probes apply to the DNS servers gotten from LinkProperties
and the DoT servers gotten from PrivateDnsConfig whatever private
DNS mode is.
A common example in DNS strict mode:
. DNS TLS dst{8.8.8.8} hostname{dns.google} src{192.168.43.2:48436} qtype{1} qname{815149-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (432ms)
F DNS TLS dst{192.168.43.144} hostname{}: FAILED: java.net.ConnectException: failed to connect to /192.168.43.144 (port 853) from /192.168.43.2 (port 41770) after 2500ms: isConnected failed: ECONNREFUSED (Connection refused) (172ms)
. DNS TLS dst{8.8.4.4} hostname{dns.google} src{192.168.43.2:37598} qtype{1} qname{759312-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (427ms)
An example when the CA is not trusted:
F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (16ms)
An example when TCP/TLS handshake timeout:
F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: java.net.SocketTimeoutException: failed to connect to /8.8.8.8 (port 853) from /192.168.2.108 (port 45680) after 2500ms (2514ms)
Bug: 132925257
Bug: 118369977
Test: atest FrameworksNetTests
Change-Id: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
This commit changes agentConnect to set the owner UID as the mOwnerUid
field instead of the Binder.getCallingUid().
Binder.getCallingUid() can return incorrect results for platform VPNs,
as agentConnect() is called under a clean calling UID.
Additionally, this relaxes the ownerUid sanitization check to allow a
VPN network's owner to see it's own ownership information.
Vpn.mOwnerUid is guaranteed to be correct, as all VPNs MUST have called
prepareInternal() at some previous point, which sets mOwnerUid as the
package's UID (or SYSTEM_UID if this is legacy VPN).
Bug: 150135470
Test: CTS tests showing ownership information
Merged-In: Ic979dad73983d722365849fbfb0becfd432b894c
Change-Id: Ic979dad73983d722365849fbfb0becfd432b894c
(cherry picked from commit 5da3e20cfb)
Some developers have been surprised by this limitation and had trouble
figuring out what the issue was. Add documentation to address this.
This also includes a drive-by removal of a duplicate check.
Bug: 149867479
Test: doc-only change
Original-Change: https://android-review.googlesource.com/1313813
Merged-In: I5911d01984695550b6c9afe7a8eb535bf5e320a1
Change-Id: I5911d01984695550b6c9afe7a8eb535bf5e320a1
Some developers have been surprised by this limitation and had trouble
figuring out what the issue was. Add documentation to address this.
This also includes a drive-by removal of a duplicate check.
Bug: 149867479
Test: doc-only change
Change-Id: I5911d01984695550b6c9afe7a8eb535bf5e320a1
This commit changes agentConnect to set the owner UID as the mOwnerUid
field instead of the Binder.getCallingUid().
Binder.getCallingUid() can return incorrect results for platform VPNs,
as agentConnect() is called under a clean calling UID.
Additionally, this relaxes the ownerUid sanitization check to allow a
VPN network's owner to see it's own ownership information.
Vpn.mOwnerUid is guaranteed to be correct, as all VPNs MUST have called
prepareInternal() at some previous point, which sets mOwnerUid as the
package's UID (or SYSTEM_UID if this is legacy VPN).
Bug: 150135470
Test: CTS tests showing ownership information
Change-Id: Ic979dad73983d722365849fbfb0becfd432b894c
This consumes ~3.5% system logs, however it is not very useful
when debugging since similar information could be obtained from
dumpsys {connectivity|netpolicy}. Thus, remove the log.
Test: manual
Bug: 135504481
Change-Id: I04d2b7402f892546722fe6868c521afd9534f183
Merged-In: I04d2b7402f892546722fe6868c521afd9534f183
(cherry picked from commit 21a352f761ce558bea6fa9ab2a4e49a164228b56)
This consumes ~3.5% system logs, however it is not very useful
when debugging since similar information could be obtained from
dumpsys {connectivity|netpolicy}. Thus, remove the log.
Test: manual
Bug: 135504481
Change-Id: I04d2b7402f892546722fe6868c521afd9534f183
This change adds a comment to CS#simulateDataStall to explain why the
Data Stall is wrapped in a DataStallReportParcelable before being passed
to the ConnectivityDiagnostics handler. This approach is taken to ensure
that simulated data stalls are handled the exact same as Data Stalls
received directly from NetworkMonitor (including Data Stalls detected by
methods that the platform does not understand).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I751054418bf328c72b977a1cc99c27cb9b8ab7ba
Merged-In: I751054418bf328c72b977a1cc99c27cb9b8ab7ba
(cherry picked from commit c86db7497a27cfbac5c662911a295598b1335bc0)
This is only necessary when learning the NAT64 prefix from the
RA, because if the NAT64 prefix is learned from DNS, the DNS
resolver already knows the prefix and automatically enables
DNS64 synthesis.
The DNS resolver needs to be informed of the prefix any time
clat is running on a prefix learned from an RA. This is simple to
implement: just set the prefix when starting clat if prefix
discovery is not running, and clear the prefix when stopping clat
if prefix discovery was not running. This ensures that the prefix
is cleared iff it was set.
Bug: 156914456
Test: new unit test coverage
Original-Change: https://android-review.googlesource.com/1315578
Merged-In: If8ad2d30712a6df3e207c8d3e8a129705242191e
Change-Id: If8ad2d30712a6df3e207c8d3e8a129705242191e
This CL forwards suspected Data Stall events detected with unknown
detection methods to ConnectivityDiagnostics.
Currently, ConnectivityService drops any data stall events with unknown
detection methods, which leads to false negatives for Connectivity
Diagnostics registrants. This change ensures that registrants will still
be notified as NetworkStack is updated to use new detection methods.
The documentation for ConnectivityDiagnosticsManager#DataStallReport is
also updated to reflect that the detection methods included in the
report are a bit mask of detection methods used. Implicitly, this means
that data stalls detected via unknown methods will have an empty bit
mask (0x00).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I62d0bf91fcc17c7921afd519c72551399906bd6b
Merged-In: I62d0bf91fcc17c7921afd519c72551399906bd6b
(cherry picked from commit a1d9d811a05bf3447ebb90a39343b53eee79f0db)
This change adds a comment to CS#simulateDataStall to explain why the
Data Stall is wrapped in a DataStallReportParcelable before being passed
to the ConnectivityDiagnostics handler. This approach is taken to ensure
that simulated data stalls are handled the exact same as Data Stalls
received directly from NetworkMonitor (including Data Stalls detected by
methods that the platform does not understand).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I751054418bf328c72b977a1cc99c27cb9b8ab7ba
This is only necessary when learning the NAT64 prefix from the
RA, because if the NAT64 prefix is learned from DNS, the DNS
resolver already knows the prefix and automatically enables
DNS64 synthesis.
The DNS resolver needs to be informed of the prefix any time
clat is running on a prefix learned from an RA. This is simple to
implement: just set the prefix when starting clat if prefix
discovery is not running, and clear the prefix when stopping clat
if prefix discovery was not running. This ensures that the prefix
is cleared iff it was set.
Bug: 156914456
Test: new unit test coverage
Change-Id: If8ad2d30712a6df3e207c8d3e8a129705242191e
When a VPN connects and it has any underlying network (which
means almost always, because it will take the default network
if it doesn't declare any), it has default capabilities and
will only take the capabilities of its underlying network
as part of an update happening after making the network
available but before the rematch can take place. This in turn
causes the capabilities callback sent as part of the rematch
to be spuriously sent.
Test: FrameworksNetTests. Also tested together with a
followup that adds tests with drive-by coverage for this.
Bug: 150570873
Original-Change: https://android-review.googlesource.com/1305393
Merged-In: Id7d8bba486bada1a7ba5b0f152d2aa02e407f249
Change-Id: Id7d8bba486bada1a7ba5b0f152d2aa02e407f249
This CL forwards suspected Data Stall events detected with unknown
detection methods to ConnectivityDiagnostics.
Currently, ConnectivityService drops any data stall events with unknown
detection methods, which leads to false negatives for Connectivity
Diagnostics registrants. This change ensures that registrants will still
be notified as NetworkStack is updated to use new detection methods.
The documentation for ConnectivityDiagnosticsManager#DataStallReport is
also updated to reflect that the detection methods included in the
report are a bit mask of detection methods used. Implicitly, this means
that data stalls detected via unknown methods will have an empty bit
mask (0x00).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I62d0bf91fcc17c7921afd519c72551399906bd6b
This change moves the logic for handling Data Stall notifications from
NetworkMonitorCallbacks to ConnectivityService. This avoids duplicate
logic for managing data stall simulation requests from
ConnectivityManager. This also puts all of the logic for proxying Data
Stall notifications to the ConnectivityDiagnosticsHandler into one
place.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Ie2f6a1a2376c5c452750ab417cb5e8c24fc44fc3
Merged-In: Ie2f6a1a2376c5c452750ab417cb5e8c24fc44fc3
(cherry picked from commit 745eaa39a3c9bcaaa61671f66d8c1180195c84c4)
This change moves the logic for handling Data Stall notifications from
NetworkMonitorCallbacks to ConnectivityService. This avoids duplicate
logic for managing data stall simulation requests from
ConnectivityManager. This also puts all of the logic for proxying Data
Stall notifications to the ConnectivityDiagnosticsHandler into one
place.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Ie2f6a1a2376c5c452750ab417cb5e8c24fc44fc3
This change adds a TestApi for simulating a Data Stall to
ConnectivityService. This allows for Data Stalls to be triggered without
having to manipulate the signals used by NetworkMonitor . This also
allows NetworkMonitor to update the ways it detects Data Stalls without
affecting CTS tests for ConnectivityDiagnosticsManager.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
Merged-In: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
(cherry picked from commit b06463a002eb6215e9dda64e599eabd74cb56382)
This change sets the owner and administrator UIDs for test networks when
their initial values match the UID for the app creating the test
network. This ensures that apps registering test networks can only make
themselves owners / administrators of the network.
Bug: 153449964
Test: atest NetworkAgentTest
Change-Id: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
Merged-In: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
(cherry picked from commit 35782280a2adceec96b8e03c217788afa05894a0)
Set the parcelSensitiveFields bit when sending LinkProperties to
NetworkMonitor, so that the captive portal API URL is not lost.
Test: atest ConnectivityServiceIntegrationTest (see followup change)
Bug: 156062304
Original-Change: https://android-review.googlesource.com/1307833
Merged-In: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
Change-Id: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
Set the parcelSensitiveFields bit when sending LinkProperties to
NetworkMonitor, so that the captive portal API URL is not lost.
Test: atest ConnectivityServiceIntegrationTest (see followup change)
Bug: 156062304
Change-Id: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
When a VPN connects and it has any underlying network (which
means almost always, because it will take the default network
if it doesn't declare any), it has default capabilities and
will only take the capabilities of its underlying network
as part of an update happening after making the network
available but before the rematch can take place. This in turn
causes the capabilities callback sent as part of the rematch
to be spuriously sent.
Test: FrameworksNetTests. Also tested together with a
followup that adds tests with drive-by coverage for this.
Bug: 150570873
Change-Id: Id7d8bba486bada1a7ba5b0f152d2aa02e407f249
Add a comment explaining the ordering of messages sent to the tracker
and connectivity diagnostics handlers.
Add a Slog.wtf call in case the deprecated notifyNetworkTested callback
is called.
Bug: 153500847
Test: atest ConnectivityServiceTest
Merged-In: I2dbfc9bf7b2f785ea4594851bd354e9fd0fc0bd1
Change-Id: I2dbfc9bf7b2f785ea4594851bd354e9fd0fc0bd1
Address issues found during AIDL review:
- Rename clientAddr to singleClientAddr
- Do not use a ParcelableBundle for notifyNetworkTested or
notifyDataStallSuspected; instead use AIDL parcelables for stronger
backwards compatibility guarantees.
Test: atest NetworkMonitorTest ConnectivityServiceTest
ConnectivityServiceIntegrationTest, manual
Bug: 153500847
Merged-In: Id9b71784e5f6294d203230e57737979e063ff0f8
Change-Id: Id9b71784e5f6294d203230e57737979e063ff0f8
This change adds a TestApi for simulating a Data Stall to
ConnectivityService. This allows for Data Stalls to be triggered without
having to manipulate the signals used by NetworkMonitor . This also
allows NetworkMonitor to update the ways it detects Data Stalls without
affecting CTS tests for ConnectivityDiagnosticsManager.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
