* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
updateLinkProperties copied the linkProperties in networkAgent,
but the clat fix-up function did not copy stacked link into new one.
This caused an incorrect clat iface removal, and the IPv4 network
to be unreachable.
Clean cherry-pick of ag/4260470
Bug: 80261579
Test: 1. ping after ipv6 only data call with 2g voice call on/off
2. runtest frameworks-net
3. run cts -m CtsNetTestCases
Change-Id: Ide47a3b0680dddfcf3e2e759a59b19aee3605050
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit 8d2b143a65)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 34633df7e9)
This gives them a way to collect all included values without
resorting to manual probing of each newly added value.
Cherry-pick of ag/4052941 with minor conflicts in the imports.
Bug: 16207332
Test: atest com.android.cts.net.HostsideVpnTests
Change-Id: Ia764b3412bf834890612378e0c3846913f4e0a06
Merged-In: Ie5cd22cfa2b6a60510fd1e31d7ebcd8f6cc890a0
Merged-In: If07e77c92046807235229a4f67ee087bdd7bccf1
...as opposed to after the async channel finished disconnecting.
Clean cherry-pick of ag/4043255
Bug: 78308259
Test: runtest frameworks-net
also used a device with this patch over the weekend and
tried all I could think of
Merged-In: Ic4c7520e907de353a01c2a3a8a50d661dee4a994
Merged-In: I0617f0ff6e46a1d3764335a1e7ad01b34c8cc5a8
Change-Id: I4e4b41bbdf25d7d7bea4124cb58da004d47f1090
This is a pinpoint fix against the bug listed below. While a client
is synchronously reading the LinkProperties of a network, the
ConnectivityServiceThread is updating its properties. Make sure
that update is done atomically.
This is a stopgap countermeasure against a problem that is
pervasive with usage of LinkProperties, but fixing the problem
itself will happen later.
Clean cherry-pick of ag/4174798
Bug: 80077223
Test: runtest frameworks-net
Change-Id: I61b262d824c98b4ced36395a597b73de9193a199
Merged-In: I25007ac26349e451bb47f966af70d590d699c347
Merged-In: I03526187645b6955eb89ca4d2e4a930ebac236b8
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Clean cherry-pick of ag/4113809
Bug: 79748782
Test: runtest frameworks-net
Change-Id: Ie6ace6bd95139605ffcfa8cd6c15cf28f8fa28c8
Merged-In: If19b85325e7d684e645470293b3c8a674084c641
Merged-in: I22f80a6a39d4a19ff74aa61fcbd66f1a041b1003
Fixes come later. This is complex enough as it is.
Clean cherry-pick of ag/4083953
Bug: 79748782
Test: new test passes, old tests still pass
Change-Id: If7276fe1f751be7b9c18f689e97699e566e5bde0
Merged-In: I12c948ebeb2b74290908f8320ff77220dc4a9fb9
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Clean cherry-pick of ag/4083952
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Iafe074126132a82af37f4bf056c4a7b8d56bdc83
Merged-In: Ia5bebf8a233775367bbf1b788870528934ecbcfb
Merged-In: I13d7782a6c0c7b1f94137995bbb0d257a58d89c1
Also add it in the logs of the notification manager.
Clean cherry-pick of ag/4022397
Bug: 78547904
Test: manual
Change-Id: I0afc18c94adf97154c61af2a5bdf933fb5f0e622
Merged-In: Iad5388a31a1502bc1944346276bb9600ac1386bd
Merged-In: I8bdd4a020e9d04f46847ef3c7e80ccf5c5cd19ea
Almost clean cherry-pick of ag/3889538.
Bug: 77737389
Test: runtest framework-net
new test don't pass without the main code change, but they
do with it
Change-Id: I0cd83a935ab0b349aa47e065b830e5a43ab9a091
Merged-In: Iaa0285825735d3f16bba6e4946723a437fd9b0b9
Merged-In: Ia8f985b448251f911484e6bd63fa562bffc1b0e4
Clean cherry-pick of ag/3918295
One-line adjustment for ag/3638326 which has not been put in AOSP.
Bug: 77737389
Test: runtest frameworks-net
Change-Id: I03ae2bbb08559f2cd44979e291c1f5d50eb215da
Merged-In: Iaa0285825735d3f16bba6e4946723a437fd9b0b9
Merged-In: Ia8f985b448251f911484e6bd63fa562bffc1b0e4
Cherry-picked from ag/3887738 ; almost clean CP, only had
to add an import.
Bug: 77114259
Test: frameworks-net pass
manual test shows the SSID is now displayed again
Change-Id: I5cb2b4777ad78d972031e8f2ff22e2155f4ab894
Merged-In: I588fedba49ea5d08e40bd2b3ea8ba2c2383958ec
Merged-In: I663a59ff2847a9f44ea1395326f6cb00e97237b6
Per API council feedback remove unwanted capaibility from public API
java docs
Clean cherry-pick from ag/3868438
Bug: 77601789
Test: make docs
Test: build and flash
Change-Id: I4f3b8b558e8dab2bcc9ef4cc6cfc3135c264c291
Merged-In: I7fef43cce3cfe17dae6a5e4f564ad8857371502a
Merged-In: Ib02988daf44dabfaef7a0b788385b7f7c655b8b2
If you put values into the Builder, you should be able to observe
those values on the built object.
Clean cherry-pick of ag/3813257
Test: atest android.net.cts.NetworkRequestTest
Bug: 74945408
Change-Id: Ib28de279efb8b33ab46aa64f580e10fe5f8720e3
Merged-In: I0d090ebb7d57689a061badcf593ae9a37d88f7ce
Merged-In: I539184f7385c1f288cfb77be8307e4463e07e9e6
Some system apps should be able to request OEM_PAID networks. This
makes a lot of sense when Android is used as in-vehicle infotainment
systems.
Clean cherry-pick of ag/3782591
Bug: 68762530
Test: runtest -x frameworks/base/tests/net/ -c android.net.NetworkCapabilitiesTest
Change-Id: I306f060c5a386ff4b82cd99a03dc037ce60ded6a
Merged-In: Ic164c4a29cd449a31b2f1c12c8c345bcc5dc77fa
Merged-In: I6e9c4130db23a4f1c89ce7e9071ae519a2b0b7ec
Clean cherry-pick of ag/3580901
Bug: 72871435
Test: flashed and verified, also ran runtest framework-net
Merged-In: I177eff1237dd59514ccf91397a3d307148bc37b1
Change-Id: Ic5919a32f91f7baee5f1370703ad166e6ea52b58
NTP may be necessary in order to validate Private DNS certificates,
so it should be allowed to bypass Private DNS.
Test: as follows
- built, flashed, booted
- tcpdump for port 53; adb shell am restart
queries for the NTP hostname appear in the clear
- runtest frameworks-net passes
Bug: 64133961
Bug: 80118648
Merged-In: I4655e3ce5691098c73bf070b8a9e4759485bb17a
Merged-In: I327b816a9f472e94328232157a3b8887d17b0baf
Change-Id: Id9ceb3fcaaffb48cbbd4cd381d48cae991572c9e
(cherry picked from commit e0f762ec65)
The probes allow testing for a configurable status code and location
header (regexes). They are disabled by default, so this CL is a
no-op unless the probe configurations are pushed.
Bug: b/79499239
Test: tests in CL pass, manual: captive portal login works
Merged-In: Iec7a74bbf2569a91e958c497200d77e8451cbf7b
Merged-In: Ia958815325d1466345e9626efc8f62fc9d08d774
(clean cherry-pick of pi-dev I785723aaed06054b9aa8ebff77803f23d7836db9)
Change-Id: I18b3f263fed08fa4fee20d5e88f3ec8647d7f835
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Merged-In: Ia48b32307a51a66f2672d7112f71166dd6db41b1
Merged-In: I5df7ee9f16bc6be4f02353d40a843a383dd4cbd9
(Clean cherry-pick of pi-dev I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299)
Change-Id: I3c416c1a91ebfdf914fd528ff8ab73e3eb490562
ApfFilter maintains separate counters for each reason why a packet was
passed or dropped by the filter logic.
There's also a total which should match the individual counters,
*unless* the APF interpreter aborted execution early due to an illegal
instruction or an out-of-bounds access.
Test: both on APFv2 and APFv4-capable device:
runtest -x tests/net/java/android/net/ip/IpClientTest.java
runtest -x tests/net/java/android/net/apf/ApfTest.java
manual tests connected to an AP
Bug: 73804303
Change-Id: I54b17fcbb95dfaea5db975d282314ce73d79d6ec
Merged-In: I54b17fcbb95dfaea5db975d282314ce73d79d6ec
(cherry picked from commit e53225a4ff)
Support keeping IpClient logs around and dumping them
during dumpsys. Previously we got this benefit for
wifi by virtue of WifiStateMachine's long-lived nature.
Now that this is changing we need to be sure we have
logs, and this method gets us Ethernet logs as well.
Bug: 62476366
Bug: 77999594
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
- dumpsys connmetrics [ipclient] works
Merged-In: Ib4daf0902cae91acadbe9965de1fb73c96a47bec
Merged-In: Ie947394fabcaca7fc1d067f095c2442ee2704593
Change-Id: I1136a83de8097fdb4130debe1eaf689be7132fe5
(cherry picked from commit 0613af7a7f)
noteOp (introduced in go/ag/3897834) checks that the calling uid matches
the calling package, which is not correct when using a fake calling
package. Use the real package of the test so permissions are checked
properly.
The test currently only fails this way in pi-dev as noteOp is only used
in pi-dev.
Change-Id: I9ac3717af9335ba9efa0b8842a2df0d7b69ec9ab
Test: Fixed test now passes in pi-dev
Bug: b/78487385
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
Relies on events sent from netd in aosp/578162.
Test: Added tests to ConnectivityServiceTest. Added a new test
class DnsManagerTest. Built a simple app that appears to
receive onLinkProperties events correctly upon manual changes
to the private DNS settings on a Pixel.
Bug: 71828272
Change-Id: I68665aaf74b7d59182cc6f9586b80b55b0dfe427
Moves this out of ConnectivityService and into each NetworkMonitor
(where it's more self-contained).
Test: as follows
- builds, flashes, boots
- runtest frameworks-net passes
- manual testing with working and non-working hostnames behaves
somewhat (but not entirely) as expected, and not always quickly
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 77140445
Change-Id: Ic4322af3cb49149f2d975cb31f54b2ac7927f907
This change forces Socket and DatagramSocket to populate the
SocketImpl, ensuring that the socket file descriptor can be
retrieved when applying Transport mode Transforms
This is done by calling getSoLinger(), triggering a getImpl(), which
triggers setImpl() if needed.
Bug: 77491294
Test: Added tests in IpSecManagerTest, ran on walleye
Change-Id: I40da08b031357710eb794e0f866aec5660c79594
