SO_BINDTODEVICE is not needed with policy routing.
SO_BINDTODEVICE was also used on the default iface which causes problems
when the default iface is IPv6 only and the socket tries to connect to a
IPv4 address.
Bug: 12940882
Change-Id: I5b2bde0ac5459433fc5749f509072a548532f730
requestRouteToHost will only allow system applications to make routes
exempt from the VPN's routing rules.
If a VPN is currently running and a non-system app requests a route it
will only succeed if that host is currently covered by a VPN exempt
routing rule. Otherwise it will fail.
For example, if a VPN is running and the MMS network is brought online
those routes will be added as VPN exempt. If an application then tries
to request a route to a MMS endpoint it will succeed because the routes
already exist. If an application tries to request a route to a host
covered by the VPN the call will fail.
Bug: 12937545
Change-Id: If7bcec91bbb96c62c8fb69748c975847e6c00b6f
The calling package name will be used to check if an application is a
system application when deciding if a route should be exempt from VPN
routing rules.
Bug: 12937545
Change-Id: I2c09c875fe9bb9685871a0a801ddcbb32fc17405
This may mean that secondary networks have bad network settings,
but currently default settings are overriden by secondary nets
which seems worse.
bug:13211589
Change-Id: I08d56e618208781bf6b21a88663c2b8503a4f226
Do this both on input from apps (giving error) and between wifi and
ConnectivityService (ignoring bad data). This means removing all
addresses beyond the first and all routes but the first default and
the implied direct-connect routes.
We do this because the user can't monitor the others (no UI), their
support wasn't intended, they allow redirection of all traffic
without user knowledge and they allow circumvention of legacy VPNs.
This should not move forward from JB as it breaks IPv6 and K has
a more resilient VPN.
Bug:12663469
Change-Id: I0d92db7efc30a1bb3e5b8c6e5595bdb9793a16f2
Conflicts:
core/java/android/net/LinkProperties.java
services/java/com/android/server/WifiService.java
wifi/java/android/net/wifi/WifiStateMachine.java
Refactored the directory structure so that services can be optionally
excluded. This is step 1. Will be followed by another change that makes
it possible to remove services from the build.
Change-Id: Ideacedfd34b5e213217ad3ff4ebb21c4a8e73f85
This is necessary so that the framework can know whether an IPv6
address is likely to be usable (i.e., if it's global scope and
preferred). Also, it will simplify the address notification
methods in INetworkManagementEventObserver, which currently take
the address, the flags, and the scope as separate arguments.
1. Add flags and scope to the class and update the unit test.
Use the IFA_F_* and RT_SCOPE_* constants defined by libcore.
Since most callers don't know about flags and scope, provide
constructors that default the flags to zero and determine the
scope from the address. Addresses notified by the kernel will
have these properly set. Make multicast addresses invalid.
Update the class documentation.
2. Provide an isSameAddressAs() method that compares only the
address and prefix information between two LinkAddress
objects. This is necessary because an interface can't have
two addresses with the same address/prefix but different
flags.
3. Update LinkProperties's addLinkAddress and removeLinkAddress
to identify existing addresses to add/remove using
isSameAddressAs instead of implicit equals(). Specifically:
- If addLinkAddress is called with an address that is already
present, the existing address's flags and scope are updated.
This allows, for example, an address on an interface to go
from preferred to deprecated when it expires, without it
having to be removed and re-added.
- If removeLinkAddress is called with an address that is
present but with different flags, it deletes that address
instead of failing to find a match.
4. Update the INetworkManagementEventObserver address
notification methods to take just a LinkAddress instead of
LinkAddress, flags, and scope. While I'm at it, change the
order of the arguments for consistency with the other
functions in the interface.
Change-Id: Id8fe0f09a7e8f6bee1ea3b52102178b689a9336e
1. Simplify the parceling code. Since the InetAddress inside a
LinkAddress can never be null, we don't need to special-case
the case where it is.
2. Add / update method documentation.
3. Write a unit test.
Change-Id: Iba0a8cecc683d55d736419965e72ee33dd66dc22
Currently address{Updated,Removed} pass in the address as a
string such as "fe80::1/64". Use LinkAddresses instead, since
that's what it is.
This makes the code more robust in the unlikely case that netd
passes in an invalid string. In the future we can move flags and
scope into the LinkAddress itself and simplify the code further.
Bug: 9180552
Change-Id: I66599f9529cf421caa7676fdd0141bb110b8589e
These are sent if the device receives IPv6 Router Advertisements
with DNS server configuration options. Currently, nothing listens
to them; in a future change we will use them as IPv6 DNS servers.
[Cherry-pick of d3b7821c8f]
Bug: 9180552
Change-Id: I05000c0cd3867a68ab390102e8470b6912a9d3aa
Adding validation for Global Proxy setting before it is
being set.
Proxy is validated at the boot time also to make sure
the value set is valid.
Signed-off-by: Raj Mamadgi <rmamadgi@sta.samsung.com>
bug:11598568
Change-Id: Idff5ae81119d8143da096b5291ecbfbc5875cbd4
Could occur when requestRouteToHostAddress is called on a network
with no associated tracker. Code later in the method handles
this case gracefully but code introduced in JB throws an exception.
Change-Id: I6c8a0e313ecbcca120aeb5dd0802a72114749aa1
b/11598568
Adding validation for Global Proxy setting before it is
being set.
Proxy is validated at the boot time also to make sure
the value set is valid.
Change-Id: Ib93d24a80af1a329694f07c47bd81dfcc1e1b874
Signed-off-by: Raj Mamadgi <rmamadgi@sta.samsung.com>
In isMobileOk attempting to connect to clients3.google.com/generate_204 we
sometimes see a proxy server will not let the connection go to our
server and instead returns 200 instead of 204. By using Https we by pass
proxy servers and we will always connected to our server.
The number of loops is increased from 3 to 4 and half the the retires
will use Http and half will use Https.
I also, added mTestingFailures which can be set to true by setting
persist.checkmp.testfailures to 1. This will cause checkMobileProvisiong
to always fail so we can test https & http.
Bug: 9972012
Change-Id: I870606037dcffe5250843980517ac52218266e02
Needed to do an http post instead of a get for one carrier.
Do this by putting an auto-submitting form in the data to be
interpreted as a html doc by the browser. The ACTION_VIEW
intent only works on http uri, but by specifying ACTION_MAIN/
CATEGORY_APP_BROWSER we could use data:text/html.
bug:11168810
Change-Id: Ifd33e1c3c7f9f40b6add39e446e6a7d7cde22549
* commit 'e704c3c9ee6a9ed2b7fbf34a0fcf70b0062d0dfb': (27 commits)
Fix dock rect calculation when nav is translucent.
Fix registerListener and flush bugs.
Guard against NPE when using existing process.
Add missing locking when updating the accessibility node info cache.
Fix issue #11113111: `dumpsys activity service` is broken
Revert "Use a build-specific wifi country code"
Fix CookieSyncManager for WebViewClassic
Retain IME assignment if no windows accept input.
KLP/KitKat is now API 19.
Decouple construction of WebView, CookieSyncManager, WebViewDatabase
Fix issue #10921903: CTS: android.os.cts.ParcelTest#testReadBundle...
De-blue the add lock screen widget pressed state
De-blue notification backgrounds
Revert behavior to perform onResume.
PackageManager#queryIntentServices breaks its contract.
Choosing default paper size for the "Save to PDF" fake printer
Adding hidden APIs for observing the print jobs state.
Disallow range selection if the document has unknown page count.
Missed signal in FusedPrintersLoader.
Page range validation edge case handling.
...
