This change adds the ability for IKEv2/IPsec VPN profiles to run on Test
Networks. If enabled, the IKEv2/IPsec VPN profiles will request ONLY
test networks.
Bug: 148582947
Test: FrameworksNetTests passing
Test: Added for testing
Change-Id: I2511b39b27a1e29ae97907cdb12728d13fb1628f
Merged-In: I2511b39b27a1e29ae97907cdb12728d13fb1628f
(cherry picked from commit 9e18eeb4a676ef3afc4bc510f18f81213b8edc55)
am skip reason: Change-Id Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d with SHA-1 f53a075913 is in history
Change-Id: Idb6ea8087b39242e1bab79d7227107303a81f59d
am skip reason: Change-Id I3a974700aa1d83cb285295ed1de0aa263e2e5b58 with SHA-1 fc7cad313d is in history
Change-Id: I378c8d86396f0a8ddb803b86ef8426b4dca1c153
am skip reason: Change-Id I46f247268310e12d420531745a22e93cf3550e89 with SHA-1 a065d07edf is in history
Change-Id: I6e4c65d2d8fb53a2f39d2c94e020f171f50de2b2
The constructor was changed to allow for unit tests.
Bug: 137328719
Test: atest FrameworksNetIntegrationTests
Original-Change: https://android-review.googlesource.com/1295360
Merged-In: I46f247268310e12d420531745a22e93cf3550e89
Change-Id: I46f247268310e12d420531745a22e93cf3550e89
This change adds the ability for IKEv2/IPsec VPN profiles to run on Test
Networks. If enabled, the IKEv2/IPsec VPN profiles will request ONLY
test networks.
Bug: 148582947
Test: FrameworksNetTests passing
Test: Added for testing
Change-Id: I2511b39b27a1e29ae97907cdb12728d13fb1628f
am skip reason: Change-Id Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550 with SHA-1 c9f24746f2 is in history
Change-Id: Ic5d0d8461cbaf0a75da92b47d2d0aaa7a7743fb6
This change moves the logic for handling Data Stall notifications from
NetworkMonitorCallbacks to ConnectivityService. This avoids duplicate
logic for managing data stall simulation requests from
ConnectivityManager. This also puts all of the logic for proxying Data
Stall notifications to the ConnectivityDiagnosticsHandler into one
place.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Ie2f6a1a2376c5c452750ab417cb5e8c24fc44fc3
am skip reason: Change-Id I37dd459d08b57b14f72f3b28ea80fa231b152f10 with SHA-1 b645699cdb is in history
Change-Id: I0b5556bcaa27ca0a379f910bfba80aec506348c9
This change adds a TestApi for simulating a Data Stall to
ConnectivityService. This allows for Data Stalls to be triggered without
having to manipulate the signals used by NetworkMonitor . This also
allows NetworkMonitor to update the ways it detects Data Stalls without
affecting CTS tests for ConnectivityDiagnosticsManager.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
Merged-In: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
(cherry picked from commit b06463a002eb6215e9dda64e599eabd74cb56382)
This change sets the owner and administrator UIDs for test networks when
their initial values match the UID for the app creating the test
network. This ensures that apps registering test networks can only make
themselves owners / administrators of the network.
Bug: 153449964
Test: atest NetworkAgentTest
Change-Id: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
Merged-In: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
(cherry picked from commit 35782280a2adceec96b8e03c217788afa05894a0)
Set the parcelSensitiveFields bit when sending LinkProperties to
NetworkMonitor, so that the captive portal API URL is not lost.
Test: atest ConnectivityServiceIntegrationTest (see followup change)
Bug: 156062304
Original-Change: https://android-review.googlesource.com/1307833
Merged-In: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
Change-Id: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
As NetworkAgent is in a transition where all agents need
to include the NOT_SUSPENDED capability as part of their
migration to the system API, ConnectivityService adds it
forcefully to all agents that don't have the CELLULAR
transport. This doesn't include VPNs when VPNs have some
cellular network as their underlying network.
The best way to solve this is to make sure the VPN
capabilities reflect those of the underlying networks as
far as the NOT_SUSPENDED capability is concerned. This
is how they work for other similar capabilities.
This also happens to contain a drive-by fix for an issue
with a spurious capabilities callback is triggered when
a VPN connects and it has any underlying network (which
means almost always, because it will take the default
network if it doesn't declare any). Fixing this was
necessary to have a cogent test of this issue, but it
could be moved to another patch or it could stay unfixed
with some minor ajustment to the tests if judged too
dangerous to include in R at this point.
Test: New tests in this patch. Also manually tested with
tcpdump as described in b/150570873.
Bug: 150570873
Change-Id: I3e4ff990c0d4825b21c7679be29a482a2d1324ec
Set the parcelSensitiveFields bit when sending LinkProperties to
NetworkMonitor, so that the captive portal API URL is not lost.
Test: atest ConnectivityServiceIntegrationTest (see followup change)
Bug: 156062304
Change-Id: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
This change adds tests to validate that both transport and tunnel mode
transforms continue to work even after the SPI resource has been
released. Specifically, since SPI resources are effectively subsumed by
the creation of a Transform, the SPI resource is still "alive", but
removed from the user-tracking sparse arrays.
Bug: 142072071
Test: Added these new tests. Failing prior to aosp/1133555, passes with.
Change-Id: I37dd459d08b57b14f72f3b28ea80fa231b152f10
Merged-In: I37dd459d08b57b14f72f3b28ea80fa231b152f10
(cherry picked from commit 4d3f871a944d24cd7cbe3aa51a789a71020eafb5)
IpSecService.applyTunnelModeTransform() currently does not take an
SpiRecord instance, yet implicitly requires that the SpiRecord instance
is still alive based on the stored SpiRecord resourceId in
the TransformRecord's IpSecConfig.
This check is unnecessary, as the SpiRecord has been subsumed into the
TransformRecord, and the kernel resources are kept alive whether or
not the SpiRecord is still held by the user.
This allows users of the IpSecManager API to allocate short-lived SPIs
during the creation of an IpSecTransform, without having to keep track
of both of them (even though the SPI is no longer usable).
The TransformRecord.getSpiRecord() call is already used in
multiple other places in the same method.
Bug: 142072071
Test: New tests added, passing.
Change-Id: I1959f3080946267243564459ff4207647922566e
Merged-In: I1959f3080946267243564459ff4207647922566e
(cherry picked from commit 5258b1b82f39bf17e0751bcb94479464250aaec5)
am skip reason: Change-Id I10e26cb0852e67f614e7b9c4e49f95e078602e21 with SHA-1 71863e9604 is in history
Change-Id: Ie43cc7dbddd5497dfa069fac5570a7a64eddb2a1
When a VPN connects and it has any underlying network (which
means almost always, because it will take the default network
if it doesn't declare any), it has default capabilities and
will only take the capabilities of its underlying network
as part of an update happening after making the network
available but before the rematch can take place. This in turn
causes the capabilities callback sent as part of the rematch
to be spuriously sent.
Test: FrameworksNetTests. Also tested together with a
followup that adds tests with drive-by coverage for this.
Bug: 150570873
Change-Id: Id7d8bba486bada1a7ba5b0f152d2aa02e407f249
Added a new network capability TEMOPORARILY_NOT_METERED to support
the case that a network can temporarily become unmetered. This
allows carriers to deploy unmetered 5G network. When devices
camp on 5G network, this capability will be dynamically added
to the network and will be removed once leaving 5G coverage.
Bug: 153081494
Test: Manual
Change-Id: I10e26cb0852e67f614e7b9c4e49f95e078602e21
Merged-In: I10e26cb0852e67f614e7b9c4e49f95e078602e21
am skip reason: Change-Id I45c3aa9046b316c8cd0943543d620a22e4afefd1 with SHA-1 c6081f9c50 is in history
Change-Id: I44a2ee47f6a88286b28d5165c67cfd4fdbdd0152
