LineageOS/android_packages_modules_Connectivity
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
10,886 Commits 2 Branches 0 Tags
3b0f85c921c199c3b9b8d1393ec986b51fa8413a
Commit Graph

10886 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mike Yu
b6b7e0c2be Support DNS-over-TLS probes in NetworkDiagnostics 
Probe DNS servers to see they support DNS-over-TLS. Use system
CAs to verify whether the certificates sent by DNS servers are
trusted or not. An error is thrown to cause the probe failed if
DNS servers send untrusted certificates.

Unlike the DnsResolver which doesn't verify the certificates
in opportunistic mode, all of the DoT probes from NetworkDiagnostics
check certificates.

DoT probes apply to the DNS servers gotten from LinkProperties
and the DoT servers gotten from PrivateDnsConfig whatever private
DNS mode is.

A common example in DNS strict mode:
.  DNS TLS dst{8.8.8.8} hostname{dns.google} src{192.168.43.2:48436} qtype{1} qname{815149-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (432ms)
F  DNS TLS dst{192.168.43.144} hostname{}: FAILED: java.net.ConnectException: failed to connect to /192.168.43.144 (port 853) from /192.168.43.2 (port 41770) after 2500ms: isConnected failed: ECONNREFUSED (Connection refused) (172ms)
.  DNS TLS dst{8.8.4.4} hostname{dns.google} src{192.168.43.2:37598} qtype{1} qname{759312-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (427ms)

An example when the CA is not trusted:
F  DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (16ms)

An example when TCP/TLS handshake timeout:
F  DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: java.net.SocketTimeoutException: failed to connect to /8.8.8.8 (port 853) from /192.168.2.108 (port 45680) after 2500ms (2514ms)

Bug: 132925257
Bug: 118369977
Test: atest FrameworksNetTests
Original-Change: https://android-review.googlesource.com/1011670
Merged-In: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
Change-Id: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
 2020-06-22 08:57:49 +00:00
paulhu
f2db66615d Make PendingIntent immutable and correct Settings package name 
ConnectivityService puts up some notifications with pending
intents, but these pending intents are mutable that content can
be changed by someone. So make these pending intents to be
immutable.

Some OEMs have their own Settings package. Thus, need to get the
current using Settings package name instead of just use default
name "com.android.settings".

Bug: 154928507
Test: atest FrameworksNetTests
Change-Id: I02e3277358623400aa03dc8996af3d7c46a8ce76
 2020-06-22 15:32:01 +08:00
Mike Yu
015474f4a8 Merge "Support DNS-over-TLS probes in NetworkDiagnostics" am: 64ffa1762f am: 4e04c11379 am: 3efb6bd1ec 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1011670

Change-Id: Ib9a029adad8e0a64cc57b95a902d5dad04cb489a
 2020-06-22 07:12:01 +00:00
Mike Yu
3efb6bd1ec Merge "Support DNS-over-TLS probes in NetworkDiagnostics" am: 64ffa1762f am: 4e04c11379 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1011670

Change-Id: I25a06623d87e6971a9dac73bdea82a78fd6124d6
 2020-06-22 06:56:39 +00:00
Mike Yu
4e04c11379 Merge "Support DNS-over-TLS probes in NetworkDiagnostics" am: 64ffa1762f 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1011670

Change-Id: I9e436446179750315be45ddc034cece5afd3c004
 2020-06-22 06:45:25 +00:00
Mike Yu
6cad4b10db Support DNS-over-TLS probes in NetworkDiagnostics 
Probe DNS servers to see they support DNS-over-TLS. Use system
CAs to verify whether the certificates sent by DNS servers are
trusted or not. An error is thrown to cause the probe failed if
DNS servers send untrusted certificates.

Unlike the DnsResolver which doesn't verify the certificates
in opportunistic mode, all of the DoT probes from NetworkDiagnostics
check certificates.

DoT probes apply to the DNS servers gotten from LinkProperties
and the DoT servers gotten from PrivateDnsConfig whatever private
DNS mode is.

A common example in DNS strict mode:
.  DNS TLS dst{8.8.8.8} hostname{dns.google} src{192.168.43.2:48436} qtype{1} qname{815149-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (432ms)
F  DNS TLS dst{192.168.43.144} hostname{}: FAILED: java.net.ConnectException: failed to connect to /192.168.43.144 (port 853) from /192.168.43.2 (port 41770) after 2500ms: isConnected failed: ECONNREFUSED (Connection refused) (172ms)
.  DNS TLS dst{8.8.4.4} hostname{dns.google} src{192.168.43.2:37598} qtype{1} qname{759312-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (427ms)

An example when the CA is not trusted:
F  DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (16ms)

An example when TCP/TLS handshake timeout:
F  DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: java.net.SocketTimeoutException: failed to connect to /8.8.8.8 (port 853) from /192.168.2.108 (port 45680) after 2500ms (2514ms)

Bug: 132925257
Bug: 118369977
Test: atest FrameworksNetTests
Change-Id: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
 2020-06-20 16:22:35 +08:00
android-build-team Robot
866878fbbe Snap for 6610691 from 803d1971a72feb841ef4849eb4ee66bba6e4c06c to rvc-release 
Change-Id: Ib2b3431658bea4b91fddcc98da01dbd3567b2f4b
 2020-06-20 01:09:54 +00:00
android-build-team Robot
6f44e2a50b Make change and version bump to r_aml_300802100 for mainline module file: packages/Tethering/apex/manifest.json 
Change-Id: I7af1c3a55b61516884940432f9146eb26c169668
 2020-06-19 07:17:59 +00:00
Remi NGUYEN VAN
778ae844e9 Merge "Move Inet[4]AddressUtils to libs/net" into rvc-dev am: 6e5b6b612d am: 2b7046ac9b 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11846903

Change-Id: I2ec211557839533327cc747857a09bd323654ad6
 2020-06-19 01:22:47 +00:00
Remi NGUYEN VAN
2800777272 Merge "Move Inet[4]AddressUtils to libs/net" into rvc-dev am: 6e5b6b612d am: 7007e35032 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11846903

Change-Id: I17459fc7a4239b10b6b55412d126557719e1bd98
 2020-06-19 01:22:28 +00:00
android-build-team Robot
ef901ed5bf Snap for 6606167 from 853ee379371ffa2e9aadd8dc3a96c4ef245e3924 to rvc-release 
Change-Id: I540700770fa9eeb9714e50a805d7cafc01793a8c
 2020-06-19 01:09:53 +00:00
Remi NGUYEN VAN
7007e35032 Merge "Move Inet[4]AddressUtils to libs/net" into rvc-dev am: 6e5b6b612d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11846903

Change-Id: Icd141a992c46290c74929785e261a1cd57bc001b
 2020-06-19 01:08:48 +00:00
Remi NGUYEN VAN
2b7046ac9b Merge "Move Inet[4]AddressUtils to libs/net" into rvc-dev am: 6e5b6b612d 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11846903

Change-Id: Ia5028f7dfeadbcf928efb9862b481c82e2849e18
 2020-06-19 01:08:47 +00:00
Remi NGUYEN VAN
6e5b6b612d Merge "Move Inet[4]AddressUtils to libs/net" into rvc-dev 2020-06-19 00:49:29 +00:00
Lorenzo Colitti
d7e96fe5ae Merge "Move DnsPacket to libs net" into rvc-dev am: 81f0fe48d2 am: 5409cf46b5 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11862407

Change-Id: I3f1edfe442f3408a19c9a901fb35bde8ef22950b
 2020-06-18 15:02:30 +00:00
Lorenzo Colitti
5409cf46b5 Merge "Move DnsPacket to libs net" into rvc-dev am: 81f0fe48d2 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11862407

Change-Id: I74cac5c415d8b3447b57cda7cba1caa215e84ea2
 2020-06-18 14:58:19 +00:00
Luke Huang
505650a64f Merge "Disable sockets and DNS if process lacks INTERNET permission." into rvc-dev am: bbcd3b326b am: 854adb51eb 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11881939

Change-Id: I6631692e31afe751c89b5647ca51cca288b5b329
 2020-06-18 14:46:29 +00:00
Luke Huang
854adb51eb Merge "Disable sockets and DNS if process lacks INTERNET permission." into rvc-dev am: bbcd3b326b 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11881939

Change-Id: I10202dc784bafa044a04546d0a765370331223dc
 2020-06-18 14:46:02 +00:00
TreeHugger Robot
a352edc747 [automerger skipped] Merge "Set correct owner UID for VPN agentConnect()" into rvc-dev am: 65efcc84a0 am: 9a0218f958 -s ours 
am skip reason: Change-Id Ic979dad73983d722365849fbfb0becfd432b894c with SHA-1 b001522433 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11869883

Change-Id: I5351565ef7b11ebc95ddb99b60bba34b9793bfaa
 2020-06-18 14:38:58 +00:00
TreeHugger Robot
fb2d643937 [automerger skipped] Merge "Treat RouteInfo with different interfaces as different routes" into rvc-dev am: 70e3f56147 am: b3a9f82988 -s ours 
am skip reason: Change-Id I57987233d42a0253eaee2e1ca5f28728c2354620 with SHA-1 58897cc491 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11882397

Change-Id: Ic398329038eb9e91f6ad9676865448f7317edeef
 2020-06-18 14:35:54 +00:00
TreeHugger Robot
9a0218f958 Merge "Set correct owner UID for VPN agentConnect()" into rvc-dev am: 65efcc84a0 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11869883

Change-Id: I84b0010488024aa9867ad4af7a4013854cdeeaa1
 2020-06-18 14:34:45 +00:00
TreeHugger Robot
b3a9f82988 Merge "Treat RouteInfo with different interfaces as different routes" into rvc-dev am: 70e3f56147 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11882397

Change-Id: I4c96f81ba9118b545b69eb507333f09ea634bdf8
 2020-06-18 14:29:52 +00:00
Aaron Huang
0f24079a53 Merge "Address comments from aosp/1298476" am: 48fbda02b0 am: 76d4f3513f am: 69b06f9369 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1340040

Change-Id: I8557b955af2d28122054df5236a38543523909f4
 2020-06-18 10:49:25 +00:00
Lorenzo Colitti
ca72aa0a4f Merge "Move DnsPacket to libs net" into rvc-dev am: 81f0fe48d2 am: 1ff1653dbb 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11862407

Change-Id: I130496147364f798817d7d12e814749e86f0ab0c
 2020-06-18 10:47:59 +00:00
Aaron Huang
69b06f9369 Merge "Address comments from aosp/1298476" am: 48fbda02b0 am: 76d4f3513f 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1340040

Change-Id: I7b119758ac7cd65defdec77692957287af17566d
 2020-06-18 10:47:47 +00:00
Lorenzo Colitti
1ff1653dbb Merge "Move DnsPacket to libs net" into rvc-dev am: 81f0fe48d2 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11862407

Change-Id: Ia19cb44ad56e4358c63564261d481459d1386542
 2020-06-18 10:34:11 +00:00
Aaron Huang
76d4f3513f Merge "Address comments from aosp/1298476" am: 48fbda02b0 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1340040

Change-Id: I3c7c0ef738b6c6b964dc91c593cbf2b6166e3843
 2020-06-18 10:34:10 +00:00
Aaron Huang
48fbda02b0 Merge "Address comments from aosp/1298476" 2020-06-18 10:18:57 +00:00
Lorenzo Colitti
81f0fe48d2 Merge "Move DnsPacket to libs net" into rvc-dev 2020-06-18 10:14:47 +00:00
Luke Huang
51221efa45 Move DnsPacket to libs net 
This class might be used by some mainline modules.

Bug: 151052811
Test: atest DnsPacketTest
Test: atest DnsResolverTest
Change-Id: I8841d91456952ded5efbf8ea221289aecc7746ad
 2020-06-18 16:17:04 +08:00
android-build-team Robot
3c1e9a9d9e Make change and version bump to r_aml_300802000 for mainline module file: packages/Tethering/apex/manifest.json 
Change-Id: I6601ad32346eec33bef7dde00ae7d744c86aa8e4
 2020-06-18 07:17:34 +00:00
Aaron Huang
69bfb5afea Address comments from aosp/1298476 
This patch addresses the followings,
- Pass Looper to NetworkStatsSubscriptionsMonitor constructor
- Replace Looper with TestLooper in unit test
- Assert fail if result of condition check is not expected.

Bug: 154080205
Test: atest FrameworksNetTests:com.android.server.net.NetworkStatsServiceTest
      atest FrameworksNetTests:com.android.server.net.NetworkStatsSubscriptionsMonitorTest
Change-Id: Ibcaba2b38af80cc0ec9a4e428a3b3a1538bc4325
 2020-06-18 15:05:19 +08:00
Aaron Huang
a9a2ee5bfc Merge "Dynamically enable/disable watch for RAT type changes" am: 3fdad73a32 am: cc1d6b13d6 am: c98228cf54 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1315574

Change-Id: I5e607bb44b2e97c01da9f9dcc0e89687bd08130f
 2020-06-18 04:23:10 +00:00
Aaron Huang
c98228cf54 Merge "Dynamically enable/disable watch for RAT type changes" am: 3fdad73a32 am: cc1d6b13d6 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1315574

Change-Id: I5a96774ad2104a6b03c9abab2b105b97195edea8
 2020-06-18 04:22:21 +00:00
Aaron Huang
cc1d6b13d6 Merge "Dynamically enable/disable watch for RAT type changes" am: 3fdad73a32 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1315574

Change-Id: Id5c4ad325779322bbf4881816235904a6d454583
 2020-06-18 04:09:37 +00:00
Aaron Huang
3fdad73a32 Merge "Dynamically enable/disable watch for RAT type changes" 2020-06-18 03:51:51 +00:00
Luke Huang
7d09ef6560 Merge "Disable sockets and DNS if process lacks INTERNET permission." into rvc-dev am: bbcd3b326b am: f12eff79db 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11881939

Change-Id: Ieeaab8035f6055b93a03abe7451f3ba496bd2285
 2020-06-18 03:49:34 +00:00
Luke Huang
f12eff79db Merge "Disable sockets and DNS if process lacks INTERNET permission." into rvc-dev am: bbcd3b326b 
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11881939

Change-Id: I7c285a848ac947e0acf1acc8bc32f3ece3456412
 2020-06-18 03:23:46 +00:00
Luke Huang
bbcd3b326b Merge "Disable sockets and DNS if process lacks INTERNET permission." into rvc-dev 2020-06-18 03:03:06 +00:00
Luke Huang
5a42a4132f Disable sockets and DNS if process lacks INTERNET permission. 
This is a Client-only solution.
  - Add to NetdClient a per-process std::atomic_boolean
    similar to netIdForProcess and netIdForResolv.
  - The boolean says whether the process should be
    allowed Internet connectivity.
  - Add an @hide method to NetUtils.java to set the boolean;
    call it from the initialization code of the new
    process just after forking from zygote.
  - Make netdClientSocket and dnsOpenProxy check the
    boolean. If the boolean is false, return EPERM from
    socket calls.

Bug: 150028556
Test: atest NetworkUtilsTest
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
Change-Id: If002280fbad493dfc2db3d9d505c0257d49a9056
Exempt-From-Owner-Approval: OWNERS already approved identical patchset 5
 2020-06-18 03:02:06 +00:00
android-build-team Robot
f0a8cfdac7 Snap for 6601700 from 410ddb910030a8b3583ab372e3cea1fee7058914 to rvc-release 
Change-Id: Ibf0cc1a43f7eb1f9a9d2378ddb81851b56bf8b6e
 2020-06-18 01:05:43 +00:00
android-build-team Robot
08175522ab Make change and version bump to r_aml_300801900 for mainline module file: packages/Tethering/apex/manifest.json 
Change-Id: I357be5bdb76f6276711e39743d88974b7d1cf248
 2020-06-17 19:58:05 +00:00
TreeHugger Robot
eeaa1490e4 [automerger skipped] Merge "Set correct owner UID for VPN agentConnect()" into rvc-dev am: 65efcc84a0 -s ours am: 3f7a4b9254 -s ours 
am skip reason: Change-Id Ic979dad73983d722365849fbfb0becfd432b894c with SHA-1 bf004e9830 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11869883

Change-Id: Idd7465eef4ae2cd482f6fe70ca3bee0c3260e74b
 2020-06-17 15:48:44 +00:00
TreeHugger Robot
f5e7b367d5 [automerger skipped] Merge "Treat RouteInfo with different interfaces as different routes" into rvc-dev am: 70e3f56147 -s ours am: 49d46b6c1f -s ours 
am skip reason: Change-Id I57987233d42a0253eaee2e1ca5f28728c2354620 with SHA-1 bc4c5caa4f is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11882397

Change-Id: I35e9898e25ff2b74c3876f0a19ce8dd6b6514011
 2020-06-17 15:47:56 +00:00
TreeHugger Robot
3f7a4b9254 [automerger skipped] Merge "Set correct owner UID for VPN agentConnect()" into rvc-dev am: 65efcc84a0 -s ours 
am skip reason: Change-Id Ic979dad73983d722365849fbfb0becfd432b894c with SHA-1 bf004e9830 is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11869883

Change-Id: I7df1004e885ff680a48d57e41987eb12f990875c
 2020-06-17 15:35:35 +00:00
TreeHugger Robot
49d46b6c1f [automerger skipped] Merge "Treat RouteInfo with different interfaces as different routes" into rvc-dev am: 70e3f56147 -s ours 
am skip reason: Change-Id I57987233d42a0253eaee2e1ca5f28728c2354620 with SHA-1 bc4c5caa4f is in history

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/11882397

Change-Id: I0b5d3d42ac9310e71262a7e8cf21af51b75837c4
 2020-06-17 15:34:30 +00:00
TreeHugger Robot
65efcc84a0 Merge "Set correct owner UID for VPN agentConnect()" into rvc-dev 2020-06-17 15:26:22 +00:00
Treehugger Robot
58897cc491 Treat RouteInfo with different interfaces as different routes 
On Android different interfaces usually use different routing tables.
As a result, a change in interface should not be treated as route
update, but rather a remove and an add.

This change fixes a bug in VPN seamless handover where routes
failed to be updated when a new tunnel interface replaces the existing
one within the same network.

Bug: 158696878
Test: atest com.android.cts.net.HostsideVpnTests
Test: atest NetworkStackTests
Test: atest CtsNetTestCases
Test: atest FrameworksNetTests
Original-Change: https://android-review.googlesource.com/1331916
Merged-In: I57987233d42a0253eaee2e1ca5f28728c2354620
Change-Id: I57987233d42a0253eaee2e1ca5f28728c2354620
 2020-06-17 13:34:11 +00:00
Treehugger Robot
0e21a83d94 Merge "Treat RouteInfo with different interfaces as different routes" am: d77e15c125 am: 157191f50f am: 7a49a3b538 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1331916

Change-Id: Ia1d52507ad6d04586b9d1df3fc182982639d1218
 2020-06-17 13:32:51 +00:00
Treehugger Robot
7a49a3b538 Merge "Treat RouteInfo with different interfaces as different routes" am: d77e15c125 am: 157191f50f 
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1331916

Change-Id: I2f4d88aa74588e8ed27c5d0abcb9a6919f26f27d
 2020-06-17 13:21:06 +00:00