Test: new test for this
Fixes: 62650382
Change-Id: I918b8271d3c3c058553ca888cb54cd36a6efba66
Merged-In: I0fc408d546ae9d72b7dd9415e502252b484d4329
Merged-In: I9282930106d1eee3274d9e5c4e89de60e929a0e6
As per API council feedback, these constants should live in
a place that is private to the network stack, only with a
range defined in system API.
Bug: 129433383
Test: m
Change-Id: I84a90f84a9af6fef4667ee4d512ebd0413222086
(cherry picked from commit 79a6330650ca04bd7a08afbd63f8016a3b30bc72)
This commit re-enables enforcement of the MANAGE_TEST_NETWORK
permission, which is only granted to the shell. CTS tests using this
permission should use UiAutomation.adoptShellPermissionIdentity() to
gain access.
Bug: 72950854
Test: IPsec CTS tests using this passing
Change-Id: I98573a5c68e45abbbaddef01f6ac74a6a18e26f9
Merged-In: I98573a5c68e45abbbaddef01f6ac74a6a18e26f9
(cherry picked from commit 0fed3d2c01)
This follow-up change performs some cleanup changes without affecting
functionality
Bug: 72950854
Test: Compiles, CTS tests using this pass
Change-Id: Ic7394f24f11d713c9374b438182e29d2a02ea236
Merged-In: Ic7394f24f11d713c9374b438182e29d2a02ea236
(cherry picked from commit 5f6bc9d438)
There is a logic error in maybeNotifyNetworkBlockedForNewUidRules
that caused function to return if there is no status change in
the first network. This would cause CTS failed in devices which
has volte-enabled SIM inserted.
Bug: 129409153
Fix: 117969394
Test: 1. atest com.android.cts.net.HostsideNetworkCallbackTests \
--generate-new-metrics 20
2. atest FrameworksNetTests
Change-Id: I11168fd07a7c29e0605f2e874e9d9f41b5ad88b6
Merged-In: Ifd18d1c6ad708c1dbc793f03d8241f572af50317
(cherry picked from commit 6d3a92f7c2)
Carriers in Mainland China need to customize certain captive portal
urls. The main issue is that google servers are not accessible in
Mainland China.
Added the following captive portal resources to be targeted for overlay.
- config_captive_portal_http_url
- config_captive_portal_https_url
- config_captive_portal_fallback_urls (string-array)
- config_captive_portal_fallback_probe_specs (string-array)
These values can be customized for e g diffent countries
Bug: 111819230
Test: atest FrameworksNetTests NetworkStackTests
Test: Add a product RRO that targets a specific country code,
insert a SIM card that matches that country code and check the log
what URL is used.
Merged-In: I54050b28bbfb93e0b7e509dbe0e987a0b902b7d9
Merged-In: I1f734c5f864bb2f2bc8ba1a66fe33d3480554f69
(cherry picked from commit e3896f71e1)
Change-Id: I278f2888851d38edb59157f8623541fbe94549b6
Cherry-pick from commit 061f7a7eef,
with small conflict resolution.
Bug: 129510344
Test: m, boots, wifi connects, resolves DNS
Change-Id: Idf24f42a86bbfcc89e3ea8cf50d1b705d72ac613
Merged-In: Idf24f42a86bbfcc89e3ea8cf50d1b705d72ac613
Merged-In: Ia08104f839ef37139a8761e2e625bb10c94c275f
NetdService#getInstance() will get null object in
WrappedConnectivityService constructor. Then pass this null
INetd object to PermissionMonitor will case NPE in
PermissionMonitor#sendPackagePermissionsToNetd()
Bug: 128024100
Test: atest FrameworksNetTests
Change-Id: Ia1c80f9600a19c4aaf3f3c1b497b355d96c49c8e
Merged-In: I7f185e731db91c30a9b0f14aefbdbb067942190e
Merged-In: Ic77ef73841266da487401ffd657ef63562b6fc1e
(cherry picked from commit 716a9412cd)
The gnss@2.0 HAL and the framework GNSS Location Provider code is
updated in Q to not call the deprecated requestRouteToHost() method.
However, devices upgrading to Q which are still using gnss@1.1 or
earlier HAL must continued to be supported.
Fixes: 121222025
Test: Tested with gnss@1.1 HAL and first API level P. The
ConnectivityService log message "This method exists only for
app backwards compatibility and must not be called by system
services" is not present for devices with first API level P.
Change-Id: I10199776ea413dc256dbf0771e6cb3eedb334495
Merged-In: Ifa60d8f2d60aba4c4e2894dc612c224d45e3992d
Merged-In: Ifa4ec98d5c942522dfd569664f169fa841d495ed
(cherry picked from commit 4360e7f31c)
NetworkMonitor cannot do the private dns resolution due to lack
"mNetworkCapabilities". ConnectivityService will call
NetworkStackService#notifyPrivateDnsChanged() before doing
network validation. After NetworkMonitor received
CMD_PRIVATE_DNS_SETTINGS_CHANGED, it will call
isValidationRequired to check if the validation is required.
But mNetworkCapabilities didn't be set, so the
mPrivateDnsProviderHostname will be set to empty and make
EvaluatingPrivateDnsState doesn't do private dns resolution.
Bug: 129375892
Test: 1. Build pass
2. atest FrameworksNetTests
3. atest NetworkStackTests
Change-Id: I637212fb4746bb2e9a2f4a4457fd36c4c2701149
The kernel eBPF maps have a blacklist to store all the uids that doesn't
have internet permission. When an app is unintalled from the device and
it is the last package on device that uses that uid, make sure we
cleaned the uid from the map and do not add no longer used uids into the
eBPF map. This action helps reduce the number of entries stored in the
map and reduce the chance of overflow the eBPF map.
Bug: 128944261
Test: PermissionMonitorTest
Change-Id: I10dd0113d00d6cf9ca39902d9721f2591d387d4a
Add more tests to PermissionMonitor to verify the functionality related
to INTERNET permission and UPDATE_DEVIE_STATS permission. Modified some
of the class design of PermissionMonitor so that it is easier to test
the new functionalities.
Bug: 111560570
Test: PermissionMonitorTest
Change-Id: Ic5585f337db5de48e2f87bf4f01ed7d85c349827
- Restrict unprivileged apps to use
NetworkRequest.Builder#setSignalStrength.
- Remove the "throws NullPointerException" in
CaptivePortalProbeSpec constructor.
- Remove the null check in LinkProperties.
- Add annotataion into all ConnectivityManager.NetworkCallback
methods.
Change-Id: Id275cac1d6a30d7515cd7b113394f5e8a0179314
Fix: 129097486
Test: atest FrameworksNetTests
Currently, onStopped callback are synchronizely triggered when
stop() was called, since the framework don't really care
about the result of stopping keepalive.
However, if keepalive failed to stop for some reason, the
handleStopKeepalive was called mistakenly and trigger additional
callback that fail the test case.
This commit is the behavior change prior to state machine
refactoring, and introduce a stopping state for ignoring the
result in the stopping state.
Bug: 129512753
Bug: 123988249
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests
Change-Id: I4fa94e0740ba488fb5fe7ac7c3812c195dd0ec4c
The system server (in SystemServer.java) defines the boot
sequence, during which an event called SystemReady happens.
This corresponds to a time when critical system services
that are depended upon by other components in the system
server are ready to handle requests from their dependencies.
Some system services are listening to this event to defer
initializations that depend on the critical services.
Because the network stack is only started after SystemReady,
there is no way any NetworkMonitor may be started before
SystemReady. Remove the associated mechanism.
Fix: 129376083
Test: FrameworksNetTests
Change-Id: I071eeb10d0b7c4f71af6653d322c7b442b2cc7ee
NetworkMonitor obtained LinkProperties and NetworkCapabilities via
synchronous calls to ConnectivityManager after receiving an asynchronous
notification, which is prone to races: the network could be gone before
the LinkProperties/NetworkCapabilities can be fetched.
Fix the race by passing LinkProperties/NetworkCapabilities directly to
NetworkMonitor in the asynchronous notifications.
Test: atest FrameworksNetTests NetworkStackTests
Test: booted, WiFi works
Bug: 129375892
Change-Id: I200ac7ca6ff79590b11c9be705f650c92fd3cb63
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
VPN uid.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I9d8d0cc58d18002c1c96f8ddff780ef8dc452d21
Currently, socketKeepalive implementation is accepting null fd
due to backward compatibility with legacy packet keepalive API.
However, due to lack of the fd, the service cannot guarantee the
port is not reused by another app if the caller release the port
for any reason.
Thus, grant the null fd access only for priviledged apps.
This commit also address some comments from aosp/918533.
Bug: 126699232
Test: atest FrameworksNetTests
Change-Id: I0baf582ff4ca8af6082c3754e8dfbcd867f39792
Currently, if the lower layer, e.g. wifi, didn't successfully
start keepalive by any reason. Due to the startedState changed
to NOT_STARTED first, the logic inside stop() will skip the
removing process and cause leak.
Thus, moving the changing of startedState to proper place first
to unblock subsequent changes first.
Bug: 123988249
Bug: 129371366
Test: atest FrameworksNetTests
Change-Id: I4bba01bacc80e1dac2023ef831b5ade5501894e4
For native services such as mediaserver and audioserver, the permission
information cannot be retrieved from getInstalledPackages. Instead, the
high level permission information is avalaible in systemConfigs. With
those permission information, netd can store the complete list of uids
that have UPDATE_DEVICE_STATS permission.
Bug: 128944261
Test: dumpsys netd trafficcontroller
Change-Id: I0331d5a3a5b927a351fcfe6689ef1ba2b993db0c
Change the INTERNET permission implementation so it only block socket
creation when non of the packages under the same uid have internet
permission. Fix the UPDATE_DEVICE_STATS permission so only the uid that
own the permission can change it.
Bug: 111560570
Test: CtsNetTestCasesUpdateStatsPermission
CtsNetTestCasesInternetPermission
Change-Id: I42385526c191d4429f486cde01293b27fcc1374b
