The utility classes are useful for mainline modules and their tests, for
example IpClientIntegrationTest.
Bug: 168868607
Test: m && atest NetworkStaticLibTests
Change-Id: If2b1613aa18a7990391e2d31cc2951ca93f1cf3c
In current design, crash has been generated when stop function
has been re-entered to catch unexpected behavior. However,
it is possible to re-enter stop function if the network
disconnection occurs after stopping.
Thus, skip stop if keepalive is already in stopping state.
Test: atest ConnectivityServiceTest#testNattSocketKeepalives \
--rerun-until-failure 60000
Bug: 167332570
Change-Id: Ic7068ad3dc990e957c37b8d87d48ebb6469b101f
* changes:
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Update language to comply with Android's inclusive language guidance
Currently, LockdownVpnTracker handles lockdown VPN reset intent.
Which will grab VPN object as a lock, then calls into
ConnectivityService to grab mVpn lock when querying NetworkInfo.
However, the order of grabing locks differs from ConnectivityService
and will causes deadlock if ConnectivityService grabs locks in
the other order.
Thus, make ConnectivityService handles reset intent so the
order of grabing locks can be consistent.
Test: atest FrameworksNetTests
Bug: 147403549
Change-Id: Ia10a3ef6f1e20d092a17313935083a84860961aa
Currently, the callbacks of stopping were fired when stop procedure
is started, because the upper layer apps only care about the reason
of stopping instead of stopping result. Thus, there is no need to
wait for the result comes back. However, this behavior generates
races if apps want to re-start keepalive immediately since the
resources are not released yet.
Fix: 134891441
Fix: 140305589
Test: atest com.android.server.ConnectivityServiceTest#testPacketKeepalives \
--rerun-until-failure 1000
Change-Id: I987776a9211a50e964c4675b747bc10e203750f1
Add UidNetdPermissionInfo class to store netd permission info of
each uid. Use the bit mask for combining all netd permission into
one value which can update and get the uid permission easily.
Moreover, aosp/1340042 add carryover package info into this class
which centralizes all netd permissions relevant data.
Bug: 132784544
Test: atest FrameworksNetTests
Change-Id: I3b81ea2a5017e8f4d0d603144a33c9b08640d7ba
The semantics of FileDescriptor in AIDL are that the callee must close
the file descriptor it receives manually.
Bug: http://b/157789860
Test: treehugger
Change-Id: Ice9fc9abe2959a84ad138a95c900dff676653665
There are two parts in hasRestrictedNetworkPermission method.
One is carryover package check and one is uid permission
check. Seperate carryover package check part to another method
to be clearer the usage of hasRestrictedNetworkPermission method.
Bug: 132784544
Test: atest FrameworksNetTests
Change-Id: Iab0609fcaa52acb0dfcb31ca957f22bfe8d62392
PermissionMonitor check permission by each package name but only
update the uid permission to netd. It's better to check
permission by uid directly. Thus, use
ActivityManager#checkUidPermission to check permissions for each
uid.
Bug: 132784544
Test: atest FrameworksNetTests
Change-Id: I057d34383b4dc408b2773e4c6b146774ba0c5eb2
Add Dependencies class in PermissionMonitor for injection
in tests easily.
Bug: 132784544
Test: atests FrameworksNetTests
Change-Id: Ibb84d548908f7a955fa0ff206794486733259978
Update all callers to use ProxyInfo(Uri) and remove ProxyInfo(String).
Bug: 160557668
Test: build pass
atest FrameworksNetTests
Change-Id: I4c980764c8839c48acf03208bb68cd53eb910121
This change updates ConnectivityService to notify the
ConnectivityDiagnosticsHandler of app-reported connectivity before
attempting to revalidate the network. This change forces an ordering on
Connectivity Diagnostics events in the case that the reported
connectivity does not match the known connectivity for the network -
this leads to the network being revalidated and the
ConnectivityDiagnostics event onConnectivityReportAvailable. Passing the
onNetworkConnectivityReported event to the
ConnectivityDiagnosticsHandler first ensures that it is passed to
callbacks before any potential ConnectivityReports are.
Bug: 159718782
Test: android.net.cts.ConnectivityDiagnosticsManagerTest
Change-Id: Ic7bc7138c54c47bbfdf56af5811709fde66f8606
There are two methods to handle package added/removed from
two differnt listeners. It can use one of listener to handle the
changes. Thus, keep PackageManagerInternal#PackageListObserver
but remove the listening from ConnectivityService.
Bug: 132784544
Test: atests FrameworksNetTests
Change-Id: Ib2db85e4108f9fda731bf6667d0af0610fc79fea
ConnectivityService puts up some notifications with pending
intents, but these pending intents are mutable that content can
be changed by someone. So make these pending intents to be
immutable.
Some OEMs have their own Settings package. Thus, need to get the
current using Settings package name instead of just use default
name "com.android.settings".
Bug: 154928507
Test: atest FrameworksNetTests
Change-Id: I02e3277358623400aa03dc8996af3d7c46a8ce76
Merged-In: I02e3277358623400aa03dc8996af3d7c46a8ce76
ConnectivityService puts up some notifications with pending
intents, but these pending intents are mutable that content can
be changed by someone. So make these pending intents to be
immutable.
Some OEMs have their own Settings package. Thus, need to get the
current using Settings package name instead of just use default
name "com.android.settings".
Bug: 154928507
Test: atest FrameworksNetTests
Change-Id: I02e3277358623400aa03dc8996af3d7c46a8ce76
Probe DNS servers to see they support DNS-over-TLS. Use system
CAs to verify whether the certificates sent by DNS servers are
trusted or not. An error is thrown to cause the probe failed if
DNS servers send untrusted certificates.
Unlike the DnsResolver which doesn't verify the certificates
in opportunistic mode, all of the DoT probes from NetworkDiagnostics
check certificates.
DoT probes apply to the DNS servers gotten from LinkProperties
and the DoT servers gotten from PrivateDnsConfig whatever private
DNS mode is.
A common example in DNS strict mode:
. DNS TLS dst{8.8.8.8} hostname{dns.google} src{192.168.43.2:48436} qtype{1} qname{815149-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (432ms)
F DNS TLS dst{192.168.43.144} hostname{}: FAILED: java.net.ConnectException: failed to connect to /192.168.43.144 (port 853) from /192.168.43.2 (port 41770) after 2500ms: isConnected failed: ECONNREFUSED (Connection refused) (172ms)
. DNS TLS dst{8.8.4.4} hostname{dns.google} src{192.168.43.2:37598} qtype{1} qname{759312-android-ds.metric.gstatic.com}: SUCCEEDED: 1/1 NOERROR (427ms)
An example when the CA is not trusted:
F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. (16ms)
An example when TCP/TLS handshake timeout:
F DNS TLS dst{8.8.8.8} hostname{dns.google}: FAILED: java.net.SocketTimeoutException: failed to connect to /8.8.8.8 (port 853) from /192.168.2.108 (port 45680) after 2500ms (2514ms)
Bug: 132925257
Bug: 118369977
Test: atest FrameworksNetTests
Change-Id: I1b54abed0e931ca4b8a97149459cde54da1c3d6f
Previously, we read the global proxy settings from Settings.Global
database after reboot. This works for manual proxies, but not for
proxies based on PAC rules, as PacManager is never invoked when
ConnectivityService starts up. As a consequence, services required for
PAC-based proxies (PacService and ProxyService) are never started.
In this CL, we make sure PacManager is called during boot, so that PAC
rules will take effect.
Bug: 35943997
Test: set a PAC proxy and observe it still works after reboot
Change-Id: I69edb5fcd3e84663d338ff4b93c40fd5ee2c8c51
This commit changes agentConnect to set the owner UID as the mOwnerUid
field instead of the Binder.getCallingUid().
Binder.getCallingUid() can return incorrect results for platform VPNs,
as agentConnect() is called under a clean calling UID.
Additionally, this relaxes the ownerUid sanitization check to allow a
VPN network's owner to see it's own ownership information.
Vpn.mOwnerUid is guaranteed to be correct, as all VPNs MUST have called
prepareInternal() at some previous point, which sets mOwnerUid as the
package's UID (or SYSTEM_UID if this is legacy VPN).
Bug: 150135470
Test: CTS tests showing ownership information
Merged-In: Ic979dad73983d722365849fbfb0becfd432b894c
Change-Id: Ic979dad73983d722365849fbfb0becfd432b894c
(cherry picked from commit e29bf99a7fc1067c546d7fa6cbcb9001fb110d16)
