Some native daemons legacy design work with SYSTEM_UID. If none of
SYSTEM_UID apps declare the restricted network permission, it will
result in permission denial in daemons. Allow SYSTEM_UID in the
devices shipped before Q to support backward compatibility.
Bug:114245686
Test: 1. runtest frameworks-net
2. atest FrameworksNetTests
3. Native daemons with SYSTEM_UID can work normally
Change-Id: I6f3f0d83bcae74ef5389535b528af3baf649fa48
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Currently, if VPN lockdown is disabled, the blocking judgement
inside VPN will return false immediately. It will make
ConnectivityService hard to check blocked status by a given
VPN lockdown status.
Thus, move this check into ConnectivityService and check it
externally.
Bug: 117814902
Test: 1. manual test with 3rd-party vpn app
2. runtest frameworks-net
Change-Id: Ia8319b1a1a12f1058c24badf2431f2ec69bc78e7
Use stable aidl generated structure instead of UidRange
Test: runtest frameworks-net passes
Test: manual testing of UidRange related function works
Change-Id: Iaf1c10777dc1e71df2be2a57533a10257b12626b
Based on some analysis, these fields/methods are likely false positives.
Set maxTargetSdk=P so that any apps using them are required to migrate off
them in future. See the bug for more details.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Merged-In: I719b5c94e5b1f4fa562dd5d655953422958ad37e
Change-Id: I719b5c94e5b1f4fa562dd5d655953422958ad37e
(cherry picked from commit 15cfeb58a4)
Make log of ConnectivityService configurable by system property.
Two levels:
VERBOSE: whole VDBG log.
DEBUG: selected necessary log for debug purpose.
Relevant log can be enbled in either way:
1. use adb command at run time.
2. config init.xx.rc file at compile time by adding.
on boot && property:ro.build.type=userdebug
setprop log.tag.ConnectivityService DEBUG
Bug: 117632924
Change-Id: I43cc84878c64c5b448853c7393393a02262afd15
onBlockedStatusChanged is intruduced for network blocked status.
The changes in this patch are:
- Test onBlockedStatusChanged which tells apps whether the
network is blocked.
- Fixed the tests which is affected by the order changed in
onAvailable.
Test: as follows
- runtest frameworks-net
- runtest -x NetworkPolicyManagerServiceTest.java
Bug: 74575553
Change-Id: I383c037ed895ef69c478dc3cff69fb1e27c42845
sendProxyBroadcast is always called with the same argument, and
it would make no sense with another argument anyway. Remove it.
This concludes the ProxyTracker refactoring with 227 lines removed
from ConnectivityService, a lot clarified, and some bugs removed.
Things can still be improved, but presumably at a much higher cost.
Next steps are : write tests, now that ProxyTracker is both testable
and mockable. And try to pour some gasoline on the PROXY_CHANGE_ACTION
broadcast, see if it burns well.
Test: runtest
Change-Id: I66e40b4bf5cfd0b2dc4fa37ea97b3429fe1b7e6c
This bug has existed for a long time. If mDefaultProxyEnabled is
false, then the mDefaultProxy member should obviously not be used
in the broadcast.
Test: runtest
Change-Id: I599a2ff9f96d4667e824cf000c2125f86010bb02
If mGlobalProxy is non-null, then getDefaultProxy returns mGlobalProxy
so the first change is a no-op.
If mGlobalProxy is null and mDefaultProxyEnabled is true, then
getDefaultProxy returns mDefaultProxy, which has just been set to
proxyInfo, so the second change is a no-op.
If mGlobalProxy is null and mDefaultProxyEnabled is true, then
getDefaultProxy returns mDefaultProxy ; if mGlobalProxy is null and
mDefaultProxyEnabled is false, then getDefaultProxy returns null,
therefore the third change is a no-op.
Test: runtest
Change-Id: I7c21062302bf54f4fc917c82e0175975051a55ec
Require NETWORK_SETTINGS (or NETWORK_SETUP_WIZARD) instead of the
legacy CONNECTIVITY_INTERNAL permission. The users are as follows:
- The system callers (Phone, Settings, SystemUI, VrSettings) all
have NETWORK_SETTINGS.
- SetupWizard has NETWORK_SETUP_WIZARD
- sl4a has NETWORK_STACK
Bug: 115302596
Test: builds, boots, airplane mode via SystemUI works
Change-Id: I8ca40182bd8b5e3fd9a82296c0cc28de30ed4baf
To add skip464exlat in NetworkMisc.
NetworkAgent can skip to start 464xlat if need.
(e.g. IMS PDN for Cellular can be disabled)
Device will treat the network as IPv6-only if it is set
Bug: 69949375
Test: Nat464XlatTest, ConnectivityServiceTest
Change-Id: I676a02cb92530d64f29f34e89482a934f3ec4553
Currently, apps rely on querying NetworkInfo object to know
whether their network is blocked or not. There is no proactive
way to tell app when it is being blocked/unblocked. The only
event that app would receive is SocketException with
ECONNABORTED when their ongoing socket connection has been
blocked, which is not an elegant way to notify app.
Thus, this commit is trying to address this problem. Therefore,
with the uses of other callbacks, the need of
getState/getDetailedState in NetworkInfo could be completely
eliminated.
Test: runtest frameworks-net
runtest -x NetworkPolicyManagerServiceTest.java
cts-tradefed run cts -m CtsHostsideNetworkTests
cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.ConnectivityManagerTest
Bug: 74575553
Change-Id: Iec96a3103d0aa9a505020eb89d69b89c0b694486
Expose ConnectivityManager#setAirplaneMode and the
NETWORK_SETUP_WIZARD permission so that SetupWizard can call
setAirplaneMode.
Delete setAirplaneMode from the greylist because the permissions
checks on it, since at least 2013, have been for a privileged
permission (CONNECTIVITY_INTERNAL) that normal apps don't have.
Test: m
Bug: 115302596
Change-Id: I28f24d32c4b4b386407e9e0e3514ea9f8854f4a8
Add log to ConnectivityManager for better investigations of issue.
This patch adds StackTrace to the following APIs.
reportInetCondition()
reportBadNetwork()
reportNetworkConnectivity()
sendRequestForNetwork()
requestNetwork()
releaseNetworkRequest()
registerNetworkCallback()
unregisterNetworkCallback()
Bug: 116751720
Change-Id: I992292cd9d6f3d69c91ddbde5577591f9ec0f39b
