SO_BINDTODEVICE is not needed with policy routing.
SO_BINDTODEVICE was also used on the default iface which causes problems
when the default iface is IPv6 only and the socket tries to connect to a
IPv4 address.
Bug: 12940882
Change-Id: I5b2bde0ac5459433fc5749f509072a548532f730
requestRouteToHost will only allow system applications to make routes
exempt from the VPN's routing rules.
If a VPN is currently running and a non-system app requests a route it
will only succeed if that host is currently covered by a VPN exempt
routing rule. Otherwise it will fail.
For example, if a VPN is running and the MMS network is brought online
those routes will be added as VPN exempt. If an application then tries
to request a route to a MMS endpoint it will succeed because the routes
already exist. If an application tries to request a route to a host
covered by the VPN the call will fail.
Bug: 12937545
Change-Id: If7bcec91bbb96c62c8fb69748c975847e6c00b6f
The calling package name will be used to check if an application is a
system application when deciding if a route should be exempt from VPN
routing rules.
Bug: 12937545
Change-Id: I2c09c875fe9bb9685871a0a801ddcbb32fc17405
This may mean that secondary networks have bad network settings,
but currently default settings are overriden by secondary nets
which seems worse.
bug:13211589
Change-Id: I08d56e618208781bf6b21a88663c2b8503a4f226
Do this both on input from apps (giving error) and between wifi and
ConnectivityService (ignoring bad data). This means removing all
addresses beyond the first and all routes but the first default and
the implied direct-connect routes.
We do this because the user can't monitor the others (no UI), their
support wasn't intended, they allow redirection of all traffic
without user knowledge and they allow circumvention of legacy VPNs.
This should not move forward from JB as it breaks IPv6 and K has
a more resilient VPN.
Bug:12663469
Change-Id: I0d92db7efc30a1bb3e5b8c6e5595bdb9793a16f2
Conflicts:
core/java/android/net/LinkProperties.java
services/java/com/android/server/WifiService.java
wifi/java/android/net/wifi/WifiStateMachine.java
Adding validation for Global Proxy setting before it is
being set.
Proxy is validated at the boot time also to make sure
the value set is valid.
Signed-off-by: Raj Mamadgi <rmamadgi@sta.samsung.com>
bug:11598568
Change-Id: Idff5ae81119d8143da096b5291ecbfbc5875cbd4
In isMobileOk attempting to connect to clients3.google.com/generate_204 we
sometimes see a proxy server will not let the connection go to our
server and instead returns 200 instead of 204. By using Https we by pass
proxy servers and we will always connected to our server.
The number of loops is increased from 3 to 4 and half the the retires
will use Http and half will use Https.
I also, added mTestingFailures which can be set to true by setting
persist.checkmp.testfailures to 1. This will cause checkMobileProvisiong
to always fail so we can test https & http.
Bug: 9972012
Change-Id: I870606037dcffe5250843980517ac52218266e02
Needed to do an http post instead of a get for one carrier.
Do this by putting an auto-submitting form in the data to be
interpreted as a html doc by the browser. The ACTION_VIEW
intent only works on http uri, but by specifying ACTION_MAIN/
CATEGORY_APP_BROWSER we could use data:text/html.
bug:11168810
Change-Id: Ifd33e1c3c7f9f40b6add39e446e6a7d7cde22549
We're getting some false positive results on this check and
while it was coded to try 3 times given sufficient independent addrs
the default url resolves to a single address so we'd just try once.
Rework to try again even with fewer urls to try to reduce the false
positives.
Also adds a random query param to fool proxies into not caching.
bug:9972012
Change-Id: Ib719f40ec612065ca6bcd919549fc1164506d35a
Changes the PacManager to report message back to ConnectivityService
to send a broadcast once the download has completed. This allows the
ConnectivityService to store the correct proxy info for getProxy().
This made the problem arise that ProxyProperties was not handling port
while it had PAC. Added small fix for equals() and parcelization.
The combination of these fixes seems to resolve Bug: 11028616.
Bug: 11168706
Change-Id: I92d1343a8e804391ab77596b8167a2ef8d76b378
Currently the captive portal check URL is generated by
concatenating scheme, "://", IP address, and port. This breaks
for IPv6 because IPv6 addresses in URLs must be enclosed in
square brackets (e.g., http://2001:db8::1/generate_204 is
invalid; should he http://[2001:db8::1]/generate_204 instead).
The resulting MalformedURLException causes isMobileOk to report
that there is no captive portal, even if there is one.
Fortunately the three-arg URL constructor already knows how to
construct URLs with IPv6 addresses. Use that instead of
generating the URL ourselves.
Bug: 10801896
Change-Id: I02605ef62f493a34f25bb405ef02b111543a76fd
There are two bugs one is I was clearing the notification in
CaptivePortalTracker when entering the ActivateState. (double check
according to bug 5021626 we should be calling enter)
Second is we could have the need to display both icons but can't
because we only allow one.
The solution I'm proposing here is to allow two notifications and
have then controlled separately.
Bug: 10886908
Change-Id: I30e7130bc542535492d175640a4990c592f32806
Add the condition that the connected network needs to be TYPE_MOBILE.
This eliminates checking on connecting to secondary networks like
FOTA, MMS, SUPL ...
This reduces unnecessary attempts to bring up multiple connections at
the same time. Especially in the light of the trouble we're having with HFA
on Sprint, where we don't want to connect to any other network until HFA
has completed.
Bug: 10758001
Change-Id: Id294536b70304a51de4752bc1a4ffac734f10f1a
Add the condition that the connected network needs to be TYPE_MOBILE.
This eliminates checking on connecting to secondary networks like
FOTA, MMS, SUPL ...
This reduces unnecessary attempts to bring up multiple connections at
the same time. Especially in the light of the trouble we're having with HFA
on Sprint, where we don't want to connect to any other network until HFA
has completed.
Bug: 10758001
Change-Id: Id294536b70304a51de4752bc1a4ffac734f10f1a
In checkMobileProvisioning the call to mdst.isProvisioningNetwork() is
a blocking call and during monkey testing without SIM this is causing
ANR's. Move the initial test for provisioning into isMobileOk so
checkMobileProvisioning doesn't block.
If mobile is not supported return CMP_RESULT_NO_CONNECTION.
Cleaned up some debug.
Bug: 10674404
Change-Id: I10a0e922cd6ea9790f66e2083f37e68cb0a8861f
In checkMobileProvisioning the call to mdst.isProvisioningNetwork() is
a blocking call and during monkey testing without SIM this is causing
ANR's. Move the initial test for provisioning into isMobileOk so
checkMobileProvisioning doesn't block.
If mobile is not supported return CMP_RESULT_NO_CONNECTION.
Cleaned up some debug.
Bug: 10674404
Change-Id: I10a0e922cd6ea9790f66e2083f37e68cb0a8861f
This changes the PAC support to not broadcast the Proxy information until
the Local Proxy has started up and successfully bound to a port so that
the local proxy information can be guaranteed to be owned by the proxy.
Bug: 10459877
Change-Id: I175cd3388c758c55e341115e4a8241884b90d633
netd now tracks statistics for tethered interfaces across tethering
sessions, so switch to asking for all tethering stats. (Currently
we're double-counting all tethering data, ever since it started
tracking across sessions.)
Also catch OOME to handle corrupt stats files, which we then dump to
DropBox and then start over.
Bug: 5868832, 9796109
Change-Id: I2eb2a1bf01b993dd198597d770fe0e022466c6b9
