PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.
Bug: 144679405
Test: Build, flash, manual test
atest FrameworksNetTests
Change-Id: I2da730feda4d7ebed1f158b073167bb3964b3e7d
Merged-In: I8b03c9e23ffc9ff46264d6307fb841a7eda76a76
Merged-In: Ib08a940a6e5d3365c392ab7174d8484c197e0947
(cherry picked from commit 2e1da35b3b903f4aa01435c46b7014b88a41328d)
Initializing the value is no longer necessary because ResolverParamsParcel has
a default value now
Bug:146100043
Test: FrameworksNetTests pass
Change-Id: Ieb151c0cbb330d25f887cbd2eba9db392699d36e
IPv6 addresses parceled for DNS servers, private DNS servers, PCSCF
servers were parceled without the scope. This causes issues with
link-local DNS servers.
Test: atest FrameworksNetTests
Bug: 145181158
Change-Id: I0ed24e51d4d0656f4a1f932b5e9f646b35b4b971
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug: 144679405
Test: Build, flash, manual test
Change-Id: Iae9c273af822b18c2e6fce04848a86f8dea6410a
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: I2da730feda4d7ebed1f158b073167bb3964b3e7d
PermissionMonitor#hasPermission only checks permssions that app
requested but it doesn't check whether the permission can be
granted to this app. If requested permission doens't be granted
to app, this method still returns that app has this permission.
Then PermissionMonitor will pass this info to netd that means
this app still can use network even restricted network without
granted privileged permission like CONNECTIVITY_INTERNAL or
CONNECTIVITY_USE_RESTRICTED_NETWORKS.
Bug: 144679405
Test: Build, flash, manual test
Change-Id: I5eba4909e4c2e1d9f275f66be90ac36466b93e90
Merged-In: I8a1575dedd6e3b7a8b60ee2ffd475d790aec55c4
Merged-In: Iae9c273af822b18c2e6fce04848a86f8dea6410a
Add KeepalivePacketData to system API for mainline support.
Also, remove InvalidPacketException class from SocketKeepalive
and create a new InvalidPacketException class in android.net
Bug: 139268426
Bug: 135998869
Bug: 138306002
Test: atest FrameworksNetTests
atest NetworkStackTests
atest FrameworksTelephonyTests
./frameworks/opt/net/wifi/tests/wifitests/runtests.sh
atest android.net.cts
atest android.net.wifi.cts
atest android.telephony.cts
Change-Id: I2d982e8abb5cb6b4c74a20483550b18cf814320d
Merged-In: I2d982e8abb5cb6b4c74a20483550b18cf814320d
* changes:
Revert "[NS A24] Add an object to represent changes in assignment"
Revert "[NS A25] Send all listen callbacks after all rematches"
Revert "[NS A26] Move available callbacks out of the rematch computation"
Revert "[NS A27] Remove useless logs and a useless var"
This reverts commit c375dccad3.
Reason for revert: Toggling wifi on/off causes networking to
stop working with these four patches applied.
Bug: 146230156
Change-Id: Ie0217796c89abf0dc86e6a4f8324811155dc57cd
This reverts commit b56e56916f.
Reason for revert: Toggling wifi on/off causes networking to
stop working with these four patches applied.
Bug: 146230156
Change-Id: Icd368df5ef76991dd2b4c1fa530cbc5fae2f61fa
This reverts commit be083a195f.
Reason for revert: Toggling wifi on/off causes networking to
stop working with these four patches applied.
Bug: 146230156
Change-Id: I9af7f8b9af1a6279f2b9f1249824da705164c6b5
This reverts commit dbb4dff52e.
Reason for revert: Toggling wifi on/off causes networking to
stop working with these four patches applied.
Bug: 146230156
Change-Id: I6c75ac179bcc08cc5979194eea69525b333e2ba7
* changes:
[NS A27] Remove useless logs and a useless var
[NS A26] Move available callbacks out of the rematch computation
[NS A25] Send all listen callbacks after all rematches
[NS A24] Add an object to represent changes in assignment
These logs haven't found a bug in a long time and we now have
some structural guarantees that the conditions they check for
can't happen (like the checks that everything is happening on
the same thread).
Maybe we'll reinstate similar checks later, but for now they
are in the way and removing them is a small sacrifice for the
intended benefit.
The local was simply not used any more.
Test: FrameworksNetTests
Change-Id: I4b793e86039c204a038c1b0fecbf8a4927eef48d
The builder lets clients set it, and this may be useful for
unit tests of apps. It should be public.
The need arises from uses of this in WiFi and Telephony
network factories.
Test: build
Bug: 135998869
Change-Id: I57279cac139c28e8654d2066ba0c60edd1e6cd98
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I761abdcdb86884e89f40ce6e616d77235a76cc7a
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I72c045aeeb3c516a286ad5ef6413fb227019a299
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I33d00fde7d89d4cd84876bc982c6b28fa95287f5
am skip reason: Change-Id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA-1 9ff61e4948 is in history
Change-Id: I92c1131ef02f7ca5e399b47c62993cf28719b66a
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Backport of c455822846.
Bug: 122652057
Test: atest FrameworksNetTests
Test: manually ran a VPN with private DNS in strict mode
Test: atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Support faking out the DNS lookups used by NetworkMonitor to
resolve strict mode DNS, and add more test coverage.
These tests were partly adapted from tests we have in Q but
also contain new coverage. This is because in Q the interface
between ConnectivityService and NetworkMonitor changed
substantially, and it is impractical to backport
NetworkMonitorTest.
Bug: 122652057
Test: atest FrameworksNetTests
Change-Id: I6497b7efa539267576d38d3036eef0af0df4e9cb
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
As the calls to this apparently need to be synchronized, let's
do it all in the same place instead of in all callers
Test: FrameworksNetTests
Change-Id: I0c097e7756fc155ba0243834b84626e86c68340e
The point of this is to be able to move parts of processListenRequests
independently.
Test: FrameworksNetTests
Change-Id: I6c889b15696123c1120221977b0f36fa3d91de56
A lot of this code can't be triggered at all.
• newNetwork.created in l.6488 is implied by newNetwork.everConnected
in l.6357
• !newNetwork.isVPN() in l.6488 is implied by the fact that VPNs are
always foreground, so oldPermission can't != newPermission in l.6488
• updateUids in l.6502 is useless because uids can't change during a
rematch (because there is no code doing that). Metered state and
roaming state similarly can't change during a rematch, so
meteredChanged and roamingChanged are always false
• updateAllVpnCapabilities in l.6537 is useless because VPN do not
inherit the foreground state of their underlying networks, which
would be the only reason to call that in l.6537
• Object.equals() in l.6480 is necessary false because at this line
it is known that the foreground state has changed, which must have
caused the NET_CAPABILITY_FOREGROUND to be different, so the objects
can't be equal
Test: FrameworksNetTests NetworkStackTest
Change-Id: I2a52f7f4a085f3eea22a1dd170af8f04671250ff
This annotation is mis-adding by aosp/929879, and now it also
makes compilation failure for Telephony Mainline.
Bug: 145755373
Test: atest FrameworksNetTests
Change-Id: Ic22ce6bf17c4300b8cd52217976bfb215a123f68
