A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
This is ugly, but it's a necessary step to improve the code.
Followups will clean this up. Importantly this kind of inlining
will let us break the very confusing apparent loop between
updateCapabilities and rematch.
Test: FrameworksNetTests
Change-Id: Ie756b9aa8066984264717f0b1e1f31606432f1a4
This is a long standing bug that happens to now be trivial
to fix, and also be beneficial for refactoring
Test: FrameworksNetTests NetworkStackTests
Change-Id: I38110f3a4a75936ea755788e7f9fee67863e14be
* changes:
[NS A14] Move code notifying battery stats in its right place
[NS A13] Move legacy broadcast handling after rematch.
[NS A12] Move some legacy type tracker handling to a function
Add tests for ConnectivityService → BatteryStats messages
Move LegacyTypeTracker work into a function for readability.
Test: FrameworksNetTests NetworkStackTests
Change-Id: I9539b8cc4422b3a0cc1d3d9b3a44d59dc1905b44
This should be done once every time an interface comes online.
Doing this in updateLinkProperties guarantees this happens every
time a new interface comes online, but it doesn't do it more
often than needed.
Test: FrameworksNetTests NetworkStackTests
Change-Id: I0613c23f44192944266d76107308da8d1c541d1c
* changes:
[Tether10]Remove UserManagerInternal usage in Tethering
[Tether07] Migrate Tethering into module
[Tether07] Clean up build rule for libtetheroffloadjni
Now tethering would be run in dedicated service.
TetheringManager is the interface used to communicate with
TetheringService. The new call flow would be: ConnectivityManager
-> ConnectivityService -> TetheringManager -> TetheringService.
Note: the return value of #tether(), #untether() and #setUsbTethering()
APIs would always be no error. Client can use #getLastTetherError()
or #getTetheredIfaces or listen tether state change to check
status of corresponding interface.
Bug: 136040414
Bug: 144742179
Test: -build, flash, boot
-atest TetheringTests
-atest FrameworksNetTests
Change-Id: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
Merged-In: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
As opposed to other patches in this series, there is a logic change
here. This will send all necessary legacy broadcasts after all
matches have been done.
This should be fine because the callbacks and the broadcasts are
unordered anyway, and the broadcasts are still sent in the same
order as before ; there should not be an observable change from
apps besides some jitter.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: Ibeab8d0a9106c5198228888ac33084238c0a4a1a
It's fine to do this out of the if() clause because :
• If the network newly satisfies a request it is sure to have
it in the list of requests it satisfies
• If it does not newly satisfy a request and there is still
a request with a legacy type that it satisfies, then it
is already remembered by LegacyTypeTracker
As for the VPN, the code always enters the condition anyway.
Test: ConnectivityServiceTest
Change-Id: I8bd668ad27043d6a5036b1b3c52fa5a3146abcfa
PermissionMonitor#hasUseBackgroundNetworksPermission only uses
the first package name of the uid for checking permission.
This is incorrect since each package declared different
permissions. So using the mApps which already checked both
network and using restricted network permissions. If uid is in
the mApps list that means uid has one of permission at least.
Bug: 135897744
Test: atest FrameworksNetTests
Change-Id: I3500a03ce06b5b822311ad0c67b606ce4039216a
NetworkNotificationManager will only get the first transport
type from the NetworkCapabilities of network, and if the device
connects to a VPN and its underlying network is wifi, then the
first finding transport type will be TRANSPORT_WIFI. So, if the
private DNS is broken when device connected to VPN,
NetworkNotificationManager will try to get the SSID for the
title of notification but failed. For this kind of case, the
title of PRIVATE_DNS_BROKEN notification will show
"null has no internet access".
Bug: 143340533
Test: 1. Build pass.
2. Connect to VPN and let private DNS to be broken, check
title of PRIVATE_DNS_BROKEN notification.
3. atest FrameworksNetTests
Change-Id: I1ed018cc8774d4fce4b94854f8e8703a28818463
Reap networks after all networks have been rematched.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: I195d894e702f1c738ea25596704ea73a3ae55031
This is a regression in performance but it is necessary for
the sake of refactoring ; when the refactoring is over, the
performance will be improved back.
Test: ConnectivityServiceTest
Change-Id: I7069c11193dccb7dce6af65cfb731c0f4ad93629
This is a no-op. Reviewers : please scrutinize this for behavior
changes.
Test: ConnectivityServiceTest
Change-Id: Icc621f0a64a72dae0192843e6b6587ec4e31ea4d
This moves the side effects done by the decision loop when a
network stops satisfying a request to outside the decision loop.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: I7b7594250d5c04362c699e065d30a1181effed09
This is a preliminary change to move the code that chooses what
network gets assigned to what request out of ConnectivityService.
By storing the list of changes first, it becomes possible to move
the changes with side-effects to a later part of the code, after
the decisions have been made. This move is implemented in a later
change.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: I60fe318a8eabf13d1c07b144367ca92cf07e734e
The goal of doing this is to remove the locks. Locking imposes
an ordering that is parallel to the program sequence ; often
it is what is needed, but the refactoring in progress needs to
change the traversal order of the requests without having
observable side-effects (or at least, very controlled ones).
The order is difficult enough to maintain when there is
only one. In this case, it is easy to remove the locks, and it
will simplify vastly the complexity of the refactoring by
removing the parallel ordering that would have to be maintained.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: Ie4ae6a97053559e6cbac8230f2db3d35000b35a9
This is a preliminary step to removing mNetworkForRequestId, whose
role could be better managed by storing the network inside the NRI.
This serves two purposes :
1. It is a sanity check. Those functions should never be called out
of the handler thread, and if they are it's a bug.
2. It will serve to prove the followup changes are correct.
Bug: 113554781
Test: ConnectivityServiceTest
Change-Id: If29066839ad640121d33f231abdd4f37d0ad3fd5
Let PermissionMonitor#startMonitoring() running in the beginning
of the ConnectivityService#systemReady() before
MultipathPolicyTracker.start(). Since mApps in PermissionMonitor
needs to be populated first to ensure that listening network
request which is sent by MultipathPolicyTracker won't be added
NET_CAPABILITY_FOREGROUND capability.
Bug: 135897744
Test: atest FrameworksNetTests
Change-Id: Ibef8e7b0017a77384630d34c9edc6c40875f773e
It's the first patch for refounding network selection. The new
network selection will try to compare the networks by more
factors, and will try to choose the best network after doing
the evaluation of trade-off.
Create the object that will serve to represent network quality
for more comprehensive ranking.
Bug: 143676287
Test: 1. Build pass.
2. atest FrameworksNetTests
Change-Id: I4b6071d14365aa84d06be9802516fedf527e70f7
Provide a specifc notification to let users know that device
has no internet is because it really doesn't have internet access
or it's caused by private DNS resolution failed.
Bug: 113242081
Test: atest FrameworksNetTests
Change-Id: I710c88a4742f5fd56c39fc797d7fa3ad36dba553
Remove the network capabilities which are added twice in
createDefaultNetworkCapabilitiesForUid() and
createDefaultInternetRequestForTransport(). In the constructor
of NetworkCapabilities, it will add the DEFAULT_CAPABILITIES
which includes the NOT_RESTRICTED.
Bug: 142370233
Test: 1. Build pass.
2. atest FrameworksNetTests
Change-Id: I7159909aec8faa7f25cef94195bdaea0fea55840
Add a new method in LinkProperties, isWakeOnLanEnabled() which returns
true if network interface is defined in config_wakeonlan_enabled_interfaces
string-array (config.xml)
Bug: 132705025
Test: atest LinkPropertiesTest & atest ConnectivityServiceTest
Change-Id: I3f7803aafd2f8eaf8aa18419b21339e15d4b7a0b
The wifi network factories/agents are going to run in the network stack
process for devices which accept wifi mainline module. Allow these
factories/agents to perform privileged operations.
Bug: 142115344
Test: ACTS test
Change-Id: I2dd412ac5c6b67f52c87113fcda345e1f531f9c4
WifiNetworkRequestTest:test_connect_failure_user_rejected passes now.
(cherry-picked from c7580b1d59ee126cd6867cb6fe4485a69e2b4622)
Add a simple test to verify that IDs loop correctly, that they skip used
IDs correctly, and throw when there is no remaining ID.
Test: atest com.android.server.NetIdManagerTest
Change-Id: I4c9518c725156d743286e062fd2eec1423a0459e
This test exercises the Connectivity <-> NetworkMonitor integration.
This CL only contains a simple test (network validates), but more
generally it sets up a test package that contains both services.jar
classes and NetworkStack classes, and runs NetworkStack components in
another process (using TestNetworkStackService).
ConnectivityServiceIntegrationTest runs in the test process and binds to
TestNetworkStackService to obtain TestNetworkStackConnector and to
NetworkStackInstrumentationService to obtain
NetworkStackInstrumentationConnector. That last connector allows the
test to mock NetworkMonitor HTTP Requests.
Test: atest FrameworksNetIntegrationTests
Change-Id: Ieca18e273609044cf6b1870d2f0dba33ca7b38d3
When resetting legacy Always-On VPN, the intent is handled by
main thread. And it will also initialize VPN shutdown process,
which will cause networkInfo changed event on
ConnectivityService internal thread. These two events need to
hold their corresponding lock and ask for the other one, which
causes the deadlock.
This patch move the event handling to the same thread to prevent
such deadlock, and cleanup some unused variables.
Change-Id: I5b656c0d0381acb4e33409a11f502db9b180296c
Fix: 139122208
Test: atest FrameworksNetTests, manual test
Run MultinetworkPolicyTracker and DataConnectionStats callbacks on the
ConnectivityService handler thread.
Previously the callbacks would be using the SystemServer foreground
thread (Looper.myLooper()), or the broadcast thread for the
MultinetworkPolicyTracker BroadcastReceiver. This is error-prone, can
cause threading issues and makes it difficult to test the components.
Test: atest FrameworksNetTests
Change-Id: I189213dd363004abed294659165bf5430d153bba
