This change downgrades API visibility for the list-of-subIds in the
NetworkCapabilities to SystemApi
Bug: 175662146
Test: atest NetworkCapabilitiesTest#testSubIds
Test: atest FrameworksNetTests
Change-Id: I372fa9eaa7585aefd1710948ca007456feedd578
When WiFi disconnects, the VPN disconnects immediately. The
broadcast can therefore be sent before the broadcast receiver is
registered, which causes the receiver to not see the broadcast.
The puzzling part is that CONNECTIVITY_ACTION is a sticky
broadcast, so one would expect the broadcast to still be
received, even if the registration is done after the broadcast
is sent. The reason this doesn't happen is that the context used
by the test is a BroadcastInterceptingContext, which does not
treat sticky broadcasts as sticky.
Bug: 184115648
Test: atest --iterations 1000 'ConnectivityServiceTest#testLegacyLockdownVpn'
Change-Id: Ib44c92839d25951cc7d2db0f923e1b104690e1e0
Give anyone with PERMISSION_MAINLINE_NETWORK_STACK (i.e.,
either the system or the networkstack process) a separate limit
of 250 callbacks per UID.
Bug: 183921387
Test: new unit tests
Change-Id: I24580ea48e3ad502ef584efc5fde0b5d22e392b4
* changes:
Add test coverage for NetworkAgent callbacks.
Add a setTeardownDelayMs API to NetworkAgent.
Address comments on onBlockedStatusChanged(Network, int) CL.
It isn't used by ConnectivityService any more and even if
it needs such utility method in the future, we could create
one which is part of connectivity module and doesn't need
to be exposed as part of NetworkPolicyManager API surface.
Bug: 183696103
Test: atest ./tests/net/java/com/android/server/ConnectivityServiceTest.java
Change-Id: Ie3c681f88e4b2b9bb92d2224c5ea96b074f155d5
The connection service will become the mainline module.
Remove the hidden API usage of NetworkAgent.
Bug: 170598012
CTS-Coverage-Bug: 170598012
Test: atest FrameworksNetTests FrameworksTelephonyTests
atest FrameworksWifiTests
Change-Id: I4e4040ae7f94bdf479c7df9ec2ffabafbe06331c
Merged-In: I4e4040ae7f94bdf479c7df9ec2ffabafbe06331c
Currently, queryUserAccess talks to netd via FwmarkServer.
Doing this from the module would require exposing queryUserAccess
as an NDK API or reimplementing FwmarkClient.
Because queryUserAccess really only uses information that comes
from ConnectivityService/PermissionMonitor anyway, just use that
information without calling to net.
Test: atest HostsideVpnTests
Bug: 171540887
Merged-In: If855de1ea3e1fd2ed30f2795d9b4acfcf969a2dc
Change-Id: If855de1ea3e1fd2ed30f2795d9b4acfcf969a2dc
NetworkCapabilities is included in framework-connectivity, so external
module cannot have dependencies on its hidden API. Move the method to
libs/net so that external modules can use it by including the library.
Bug: 178777253
Test: FrameworksNetTests
(cherry-picked from ag/13921626)
Merged-In: I77970b3a5e5e0e9d263639694b1f06519169bf64
Change-Id: I77970b3a5e5e0e9d263639694b1f06519169bf64
This is similar to onBlockedStatusChanged(Network, boolean) but
it allows the callback holder to know the exact reason why
networking was blocked. It is useful to privileged system
components such as JobScheduler that are able to ignore some
blocked reasons but not others.
Also add a new BLOCKED_REASON_LOCKDOWN_VPN that is used when
networking is blocked because an always-on VPN is in
lockdown mode.
Also move BLOCKED_METERED_REASON_MASK to ConnectivityManager.
This is necessary because ConnectivityService must ensure that
the blocked status callbacks are correctly sent when meteredness
changes (e.g., a UID that is blocked on metered networks will
become unblocked on a network that becomes unmetered). In order
to do this it needs to know which reasons apply only on metered
networks.
Bug: 165835257
Test: unit tests in subsequent CLs in the stack
Change-Id: I647db4f5a01280be220288e73ffa85c15bec9370
- Add @VisibleForTesting & @Nullable for Vpn#getNetwork().
- Remove null check in caller side(test) of Vpn#getNetwork()
because if the code is working properly, it can never be null.
Bug: 182963397
Test: atest FrameworksNetTests
Change-Id: Ic52864003fbebd9f4e95d43fefc2e168437b0122
Merged-In: Ic52864003fbebd9f4e95d43fefc2e168437b0122
(cherry-picked from ag/13946573)
Modify Vpn#getNetId() to Vpn#getNetwork() and uses NETID_UNSET
when getNetwork() returns null in ConnectivityServiceTest.
Bug: 182963397
Test: atest FrameworksNetTests
Change-Id: I69d449705b1dc541287c72af8dc7705dc4733109
Merged-In: I69d449705b1dc541287c72af8dc7705dc4733109
(cherry-picked from ag/13927650)
Register network callback for all networks and record
NetworkCapabilities for every networks. Once onDnsEvent is
triggered, use the netId it passes in to find the corresponding
NetworkCapabilities instead of using netId to create a Network
object(hidden API) then get the NetworkCapabilities by
ConnectivityManager#getNetworkCapabilities.
Bug: 182963397
Test: m
Test: atest IpConnectivityMetricsTest
Test: atest NetdEventListenerServiceTest
Change-Id: I91d68ca33253831b78def1ddeb074ba944a5d6ad
Merged-In: I91d68ca33253831b78def1ddeb074ba944a5d6ad
(cherry-picked from ag/13959432)
These constants will now be including all the reasons for why an
uid's network access can be blocked, instead of only the
restrictions that could be imposed by NPMS.
Bug: 183473548
Test: atest ./tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Merged-In: I4c544415e12adf442fd2415c371b1b70a39c3aa4
Change-Id: I6dcea43fbefa9eac8b5a971b822a5be5422a54b4
One second to start the test NetworkStack service and obtain
a NetworkMonitor is too tight.
Change-Id: I3ac600276b6248c70c6239b0c9531913dc44096e
Test: atest ConnectivityServiceIntegrationTest
setOwnerUid() and setAdministratorUids() should run in R+.
Previous logic will skip them in S+. Correct the logic to
what it should be.
Bug: 172183305
Test: atest android.net.NetworkCapabilitiesTest
Change-Id: Ic983aa00f930fb26350469ef093bcba2990433a4
This is to be used by privileged components (e.g., JobScheduler)
to request callbacks about the state of other UIDs on the system.
Bug: 165835257
Test: new unit test coverage
Change-Id: I29f155710394e58c14fcef488db6271d8d83033a
When registerDefaultNetworkCallback is called by an app that has
NETWORK_SETTINGS, the UID of the app is forgotten and the request
that is filed has an empty UID set. This results in that request
matching networks that have UID ranges that do not include it,
e.g., VPNs.
Fix this by ensuring that the UID ranges are properly set.
Bug: 165835257
Test: updated specific tests for this bug
Change-Id: I90bf79573342c144d1cfbc2f61a3155fdd5b1fa7
Currently, if a process with NETWORK_SETTINGS registers a default
network callback, its uid will be ignored and replaced with an
empty list of UIDs. This means it will incorrectly match VPNs
with any UID range.
Add a test for this bug to make it easier to review the upcoming
change that fixes it.
Bug: 165835257
Test: test-only change
Change-Id: If58524b01fdd60045fb7236d17dedf31fb563f99
* changes:
TransportInfo: Add a generic redaction mechanism
Revert "Revert "Expose uids related APIs in NetworkRequest and N..."
Revert^2 "Replace the usage of UidRange"
Also make getTransportName non-static so it can access the module
resources.
Also fix a duplicate comment in a resource file.
Bug: 183097033
Test: atest FrameworksNetTests
Test: connected to Wi-Fi with no Internet, observed notification
Change-Id: Ic0d24d36af0b87153d527083f8964ddc6cd78482
Merged-In: Ic0d24d36af0b87153d527083f8964ddc6cd78482
ag/13210542 switched from using reset() on mResources to using
clearInvocations(). This ensures that only the previous calls are
reset, and that the mock continues to behave according to what
was specified in setUp.
Test: 183097033
Test: test-only change
Merged-In: I35d28c8df341dbbac2774026c6ca749e296c0482
Change-Id: Ieef982d2df50db3014f35f58a77674939ebe0d43
Use ServiceConnectivityResources instead.
Start by creating resources in the ServiceConnectivityResources package
to match the internal configuration, and common overlays.
Bug: 182125649
Test: device boots, has connectivity
Change-Id: I77a3efca2cd644f9828db1ed5d3cae8070fb8363
Merged-In: I77a3efca2cd644f9828db1ed5d3cae8070fb8363
This replaces the existing mechanism for redacting location sensitive
fields with a more extensible mechanism. Currently supported redactions
are for the following permissions:
i. ACCESS_FINE_LOCATION
ii. LOCAL_MAC_ADDRESS
iii. NETWORK_SETTINGS
Also, removed WifiInfo from ConnectivityServiceTest to reduce cross
dependencies on wifi code.
Bug: 156867433
Bug: 162602799
Test: atest android.net
Test: atest com.android.server
Change-Id: I2bb980c624667a55c1383f13ab71b9b97ed6eeab
