This patch adds to the MacAddress class:
- getAddressType() method which replaces addressType(), for naming
consistency
- @NonNull annotations on all input and output reference values for
all public methods (@hide and public).
TYPE_UNKNOWN, which currently cannot be observed with a non @hide
method, is also removed from the public api.
Bug: 71866627
Test: $ runtest frameworks-net
Change-Id: I2af70408d46f431b7b32183e6b48ddae9a261a2c
Being able to update this handle is necessary to ensure that
system-only OTAs do not break vendor code that relies on
nethandles.
Bug: 63052780
Test: walleye builds, boots, networking works
Test: MultinetworkApiTest CTS tests passes
Change-Id: I049a4ad2610ca68b8f56377b63be7e5e8ce76039
This change more strictly accounts for onCapabilitiesChanged
callbaks and their values. It exposes several cases where we the
callbacks we send are spurious.
Test: ConnectivityServiceTest continues to pass
Change-Id: Ifb9b00b6f0cae48f8ed41a525100d1744b5f429b
In future, managing DNS-over-TLS hostname lookup and netd programming
can be encapsulated here.
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
Bug: 64133961
Change-Id: I47ccfa99c30c780524c45c4af605e720ccba34a0
Added a new hidden API isMobileDataEnabled in TelephonyManager.
Rename related APIs to isUserMobileDataEnabled,
isUserMobileDataEnabled and setUserMobileDataEnabled to better
clarify their functionality.
Bug: 69814555
Test: build
Change-Id: I2f186f1e7550cafbe4ee3a5af293c39274cbfeaa
Merged-In: I2f186f1e7550cafbe4ee3a5af293c39274cbfeaa
Adds checks to ensure that users can only set the correct types of
algorithms for the Authentication, Encryption and Authenticated
Encryption algorithms.
Bug: 65223935
Test: Added tests in IpSecConfigTest, and passed on aosp_marlin-eng
Change-Id: I462c77d9eb5710b8d03a48866453649d3b6fc6bf
Encap sockets are currently created as the system server, and should be
fchown'd to the user for whom it was created on behalf of.
Bug: 62994731
Test: New tests added and run to IpSecService
Change-Id: Icc49e709ae588981e69765fdb77537d7ffbac5fe
Added calls to tag encap sockets to that of the UID for which the encap
socket is being created on behalf of. This ensures that all data
accounting generated for the UDP-encap-ESP socket is correctly billed to
the right UID.
Bug: 62994731
Test: New tests added to IpSecServiceTest.java, passing
Change-Id: I15365ea9c982fd7b4e3cdeff314ddfba2289c86e
1) toSafeString() is renamed to toOuiString()
2) toOuiString() returns a String that only contains the first 3 bytes
of the mac address.
Bug: 70336442
Test: runtest frameworks-net
Change-Id: I798d8fec32dbff5687a682028e5d90eb941f81c1
A race condition during an Api rename has caused
the name change from reserveSecurityParameterIndex
to allocateSecurityParameterIndex to be wrong in
a test. Fixing.
Bug: 69128142
Test: runtest frameworks-net
Change-Id: I12fb9832cb938dc19f463b1f1124127435d7b173
This is part 2 of 2 of the refcounting refactor for IpSecService
resources.
Switched ManagedResources to use RefcountedResource structure for
managing reference counts and eventual cleanup. Further, resource arrays
and quota management have been aggregated into a UserRecord for better
isolation. UID access checking has been similarly moved into the
UserRecordTracker, and resourceId checking has been rolled into
RefcountedResourceArray's accessor methods.
Bug: 63409385
Test: CTS, all unit tests run on aosp_marlin-eng, new tests added
Change-Id: Iee52dd1c9d2583bb6bfaf65be87569e9d50a5b63
This patch adds (but does not enable the usage of) RefcountedResource
objects to IpSecService, with tests to ensure correct function. This is
patch 1 of a series of patches to refactor the resource management
systems in IpSecService.
RefcountedResource objects allow for management of acyclical dependency
trees, ensuring eventual cleanup when resources are no longer used. This
cleanup may be triggered by binder death or by explicit user action.
Bug: 63409385
Test: New tests written in IpSecServiceRefcountedResourceTest,
explicitly testing the RefcountedResource class
Change-Id: Ib5be7482b2ef5f1c8dec9be68f15e90d8b3aba6d
The mLockdownEnabled boolean and the mLockdownTracker objects are read
and mutated in many places involving vpn logic inside of
ConnectivityService. This includes codepaths run on the
ConnectivityService handler and codepaths run on Binder calls from
IConnectivityManager.aidl, however the access to these variables are not
synchronized.
This patch adds proper synchronization to mLockdownEnabled and
mLockdownTracker by moving access to them into the mVpns lock used for
all of vpn logic.
Bug: 18331877
Test: runtest frameworks-net
Change-Id: I4abde43b1036861f4486dd2b5567782d10204bd6
Throughout the IPsec code (API, system server, netd) we use "reserve"
SPI and "allocate" SPI interchangeably. This renames to use "allocate"
everywhere for self-consistency and consistency with the kernel
(ALLOCSPI).
In javadoc, I am leaving the word "reserve" in several places because it
is still an accurate description of how the method behaves.
Bug: 69128142
Test: TreeHugger should be enough
Change-Id: I8ea603b4612303b0393beef04032671fa53d2106
Improve the Validation of IpSecAlgorithm by
explicitly checking the length in addition to
the truncation length (previously an oversight).
In addition, we now check the lengths during
un-parceling, which will catch someone maliciously
manually building a parcel and passing it, bypassing
the checks in the constructor.
Bug: 68780091
Test: runtest -x IpSecAlgorithmTest.java
Change-Id: I8172762617264d34f47d5144336464510f07a701
This patch does some light refactoring in MacAddress to prepare for
exposing MacAddress in the public api:
- documention is improved
- some method names are renamed
- a toSafeString method is added
- a padding bug in the conversion methods outputting strings for
mac addresses is fixed
Bug: 69390696
Test: runtest frameworks-net
Change-Id: I399a97dabc2dfa8df9c5518c8b12484e43ca05c9
Update public docs to hide the fact that NetworkCapabilities is only
used inside NetworkRequest as an implementation detail.
Take up less room on the wire when passing NetworkCapabilities around
via NetworkRequest.
Sanity check that the roaming state between NetworkInfo and
NetworkCapabilities is in agreement.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.,com.android.server.connectivity.,com.android.server.ConnectivityServiceTest
Bug: 67040695
Change-Id: I982b4c3c41a140934bbad3b8ca8f12dc3814e86c
