* changes:
Check registering system default callback needs NETWORK_SETTINGS.
Move VPN code from ConnectivityService to VpnManagerService.
Add a skeleton VpnManagerService, and start it on boot.
Convert LockdownVpnTracker to NetworkCallbacks.
Minor fixes to VpnTransportInfo.
Main implementation of ConnectivityService.setOemNetworkPreference. This
covers the main requirements of this method including listener
functionality.
Bug: 176495594
Bug: 177101287
Bug: 176494815
Test: atest FrameworksNetTests
atest NetworkStackTests
atest FrameworksNetIntegrationTests
atest NetworkStackIntegrationTests
atest CtsNetTestCasesLatestSdk
Change-Id: I8d318ab07785e52dd84d6261fdea8f318dce9bc5
ConnectivityService itself does not depend on mVpns or the Vpn
class any more. Most of this CL is simply moving code from one
class to another:
- Move the AIDL calls from IConnectivityManager to IVpnManager.
- Move the implementation from ConnectivityService to
the new VpnManagerService.
- Move the APIs from ConnectivityManager to VpnManager, but
temporarily maintain some shims in ConnectivityManager for the
moved calls so that existing callers do not have to be modified
in this CL.
- Update VpnService to call IVpnManager instead of
IConnectivityManager.
- Move the code that registers the VpnManager service from
ConnectivityFrameworkInitializer to SystemServiceRegistry.
Bug: 173331190
Test: atest HostsideVpnTests FrameworksNetTests CtsNetTestCases
Change-Id: I4911e2144df721a94fa00da9edf0dc372a7091c2
This adds a lot of unused code but this should make it easier to
review subsequent CLs.
Bug: 173331190
Test: builds, boots, "dumpsys vpnmanager" succeeds
Change-Id: Ied379654a0c3ab6242d3125661fe30f322395059
This will allow moving LockdownVpnTracker from the connectivity
to the VPN code. This requires moderate refactoring since it's
pretty tightly coupled to both.
In this CL:
1. Add an @hide API to tell ConnectivityService that legacy
lockdown VPN is enabled. I chose not to use the existing
setVpnRequiredForUids API because that method has specific
semantics and because it will be required long term since
it's used by non-legacy VPN types.
2. Instead of updating LockdownVpnTracker inline from the
ConnectivityService handler thread, have it listen to
NetworkCallbacks. This introduces an extra thread hop, but
most of the interactions between the lockdown VPN and CS were
via NetworkAgent, which is asynchronous anyway.
3. Add code to LegacyTypeTracker to send the extra
CONNECTIVITY_ACTION broadcast for the underlying network type
that is sent after the VPN connects. In order to do this, make
Make LockdownVpnTracker specify its underlying network
(via setUnderlyingNetworks) when it connects.
4. Reimplement LockdownVpnTracker#augmentNetworkInfo based on
information that is available in ConnectivityService.
5. Remove the code in LockdownVpnTracker that counted errors.
I think this code has not worked since lollipop, because
ConnectivityService never sees NetworkInfo objects in state
FAILED. This is because ConnectivityService only hears about
NetworkInfo objects via NetworkAgents, and LegacyVpnRunner
only registers its NetworkAgent when the connection succeeds.
Bug: 173331190
Test: passes existing tests in ConnectivityServiceTest
Change-Id: I66d18512882efd468ee0ecec61f28786a195b357
This currently stores the VPN type and a session name, but can be
extended in the future.
Bug: 173331190
Test: added coverage in VpnTest
Test: added coverage in ConnectivityServiceTest
Test: added coverage in NetworkAgentTest
Change-Id: I450858a9fa332c8d896dbdb4c14337d5ec23677f
This method allows internal components to track the system
default network. This differs from registerDefaultNetworkCallback
because that method sends callbacks for the default network for
the UID that called it. This may not be the system default
network, for example, when a VPN is up and applies to the UID.
Bug: 173331190
Test: new unit tests in ConnectivityServiceTest
Test: new unit tests in ConnectivityManagerTest
Test: new CTS tests in ConnectivityServiceTest
Test: new CTS tests in HostsideVpnTests in other CL in this topic
Change-Id: Id02748a2183f71b71ff2a53a580466b9dcecaa93
- Added API to add T&C URL in the CaptivePortalData class, and to
indicate if the source is from Passpoint.
- Added source indication for the Venue URL API.
- Allow the connectivity service to send a new T&C acceptance
notification.
- Updated the merge method to prefer the Capport data over the
network agent data, if the source is not authenticated (not from
Passpoint).
- Propagate the Venue Friendly name to the captive portal activity
to be used instead of SSID, when available.
Bug: 162785447
Test: End-to-end test
Test: atest ConnectivityServiceTest
Test: atest CtsNetTestCasesLatestSdk:CaptivePortalDataTest
Test: atest NetworkNotificationManagerTest
Change-Id: I4e77c3b6c01941b03c46ad32da70c77e0fecac64
Not currently setting the atttribution tag for location
permission checks. Plumb the attribution tag for all location permision
checks (so that location access is correctly attributed to individual
components within an app)
Bug: 162602799
Test: atest android.net
Test: atest com.android.server
Change-Id: Iee95f05204f51a4f8cb1f36acfb60e8cdeb156f4
* changes:
Change ConnectivityServiceTest to prepare for VPN code move.
Add to VpnManager the VPN APIs used by Settings and SystemUI.
Remove temporary hack in VpnTest.
The static validate() method an PROXY_* constants in Proxy are
used by both module and Settings. After Proxy is moving into
connectivity module, Setting will not able to access them.
Thus, move them to ProxyUtils in net shared lib.
Bug: 172183305
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases:ProxyInfoTest
Change-Id: I02c88aeaeb53d62b87a42a2d8ead9b140b054650
Settings and SystemUI use these through raw AIDL calls.
Make them proper manager calls so we can move the implementation
without touching the callers again.
For now these still call into ConnectivityService via
IConnectivityManager. In an upcoming CL the implementation will
move to VpnManagerService.
Test: m
Bug: 173331190
Change-Id: I91528e1ad9948fbaa1fc5e37c61c5eb95f54964e
Currently, NetworkRequest has several types of requests (LISTEN,
TRACK_DEFAULT, REQUEST, BACKGROUND_REQUEST), and we expect more
to be added.
There are really three categories of request:
1. Requests satisfied by only one network and will keep that
network up, and thus need to be sent to NetworkProviders:
REQUEST, BACKGROUND_REQUEST.
2. Requests satisfied by only one network but will not keep that
network up: TRACK_DEFAULT
3. Requests satisfied by multiple networks and will not keep any
networks up: LISTEN.
Unfortunately the separation is not very clear. Currently, for
any valid request, either isListen() will return true or
isRequest() will return true. This makes it impossible to tell
whether a particular request should be sent to NetworkProviders,
so the current code sends TRACK_DEFAULT requests to
NetworkProviders as well. This is incorrect - a TRACK_DEFAULT
should never keep a network up, for example.
This CL attempts to clarify things by making isRequest() return
false for TRACK_DEFAULT requests and thus never sending them to
NetworkProviders. After this CL:
- isRequest will return true only for requests that attempt to
bring up or keep up a network.
- isListen will return true only for requests that match multiple
networks but do not keep any of them up.
- Neither will return true for TRACK_DEFAULT.
Test: atest ConnectivityServiceTest
Change-Id: I7aad30ade8f7ab2a179e53483d9afd8675f64a12
This is a partial cherry-pick of change:
I5eedb571c9d78862115dfdc5dae1cf2a35343580
for connectivity classes.
Bug: 170883422
Test: m
Merged-In: I5eedb571c9d78862115dfdc5dae1cf2a35343580
Change-Id: I7dc661863b73f4198ddb4f3a1566583d0f07db3c
Deduce the NET_CAPABILITY_NOT_VCN_MANAGED capability from other
capabilities and user intention, which includes:
1. For the requests that don't have anything besides
VCN_SUPPORTED_CAPABILITIES, add the NOT_VCN_MANAGED to
allow the callers automatically utilize VCN networks
if available.
2. For the requests that explicitly add or remove
NOT_VCN_MANAGED, do not alter them to allow user fire
request that suits their need.
Test: atest NetworkRequestTest#testBypassingVcnForNonInternetRequest
Bug: 175662146
Change-Id: I9936894b9530a22fb186cfd25cbee0fced65b72b
Nothing on the system is using registerNetworkFactory,
unregisterNetworkFactory at the moment.
registerNetworkFactory, unregisterNetworkFactory are protected by
signature permissions, so could not be used by anything outside of the
system.
Remove the two methods and the underlying support for this legacy,
deprecated mechanism.
Bug: 179229316
Test: atest FrameworksNetTests
Change-Id: I7cdc9eed67f846c8774474af038133040aeccab3
Add getProxyForNetwork to the public API, and use ConnectivityManager
APIs from ActivityThread (instead of hidden APIs) to get/set the proxy
for an app process.
getProxyForNetwork allows clients to find which proxy applies, which can
be a global proxy setting or a per-network proxy.
The default proxy is now initialized with getDefaultProxy instead of
getProxyForNetwork(null); this should not make a difference, as nothing
should have called bindProcessToNetwork at that point yet.
Bug: 174436414
Test: m; device boots
Change-Id: Ifb516194ecde1567cea4b6806946091cdcf2f015
Both of readArraySet and writeArraySet are hidden APIs inside
Parcel, so reimplement those two methods inside NetworkCapabilities
to prevent calling hidden APIs.
Bug: 170598012
Test: atest FrameworksNetTests
Change-Id: I70f75c1a0db92c6a5575c6a9917843d783dfaeea
