Always-on VPN is a feature introduced in N. Since then, all VPN apps
targeting N+ are assumed to support the feature, and the user or the DPC
can turn on / off always-on for any such VPN app. However, a few VPN
apps are not designed to support the always-on feature. Enabling
always-on for these apps will result in undefined behavior and confusing
"Always-on VPN disconnected" notification.
This feature provides a new manifest meta-data field through which a VPN
app can opt out of the always-on feature explicitly. This will stop the
always-on feature from being enabled for the app, both by the user and
by the DPC, and will clear its existing always-on state.
A @hide API is provided to check whether an app supports always-on VPN.
Documentation is updated to reflect the behavior change.
Bug: 36650087
Test: runtest --path java/com/android/server/connectivity/VpnTest.java
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Change-Id: I477897a29175e3994d4ecf8ec546e26043c90f13
Merged-In: I477897a29175e3994d4ecf8ec546e26043c90f13
(cherry picked from commit 9369e61e2d)
For some networks such as mobile data connections, its LinkProperties
does not contain routes for the local subnet so no such route is added
to the interface's routing table. This can be problematic especially
if the device is in VPN lockdown mode where there exists high-priority
PROHIBIT routing rule which in turn blocks the network's default gateway
route from being added (next hop address hitting the prohibit rule).
We fix this by patching LinkProperties to always include direct connected routes
when they are received by ConnectivityService. This has the added advantage that
when apps get LinkProperties, they see the directly connected routes as well.
Bug: 63662962
Test: runtest frameworks-core -c android.net.LinkPropertiesTest
Test: runtest frameworks-services -c com.android.server.ConnectivityServiceTest
Test: Start with device with mobile data, set up ics-OpenVPN in always-on
lockdown mode. Turn off mobile data then turn it back on, observe
mobile data connectivity is restored and VPN successfully reconnects.
Change-Id: I35b614eebccfd22c4a5270f40256f9be1e25abfb
Also moving relevant test files into tests/net as part of runtest
framworks-net.
Also removes testHashCode in LinkAddress() because this test relies on
the assumption that hashCode() is stable across releases or jdk
versions, which is absolutely not true.
This creates maintenance work for little benefit since hashCode is
already tested as part of the equality test.
For instance this test is now broken because hashing for InetAddress
changed.
Bug: 62988545
Bug: 62918393
Test: runtest frameworks-net, added coverage in tests
Change-Id: I695bc3f0e801bf13bc4fc0706565758f12b775b4
This patch loosens the validation checks when a NetworkAgent updates it
NetworkCapabilities: instead of checking that capabilities labeled as
"immutable" stay identical across updates, it is now accepted to change
immutable capabilities in a way that the new NetworkCapabilities
satisfies the old NetworkCapabilities.
This allows a NetworkAgent to update itself in order to match more
requests, but will still catch NetworkAgents that sends degradation
updates causing potentially requests to not match anymore.
Bug: 64125969
Test: runtest frameworks-net
Change-Id: I2a1b3f9c0be6415e40edc989d0c1b03b5631f7b1
This is a refactoring with no behavior change.
The new class provides an abstraction layer to hide knowledge
about OkHttp-specific APIs. Logic from android.net.Network that
knew about OkHttp is moving into that abstraction layer.
This CL refactors android.net.Network to make use of this
abstraction layer instead of the tight coupling onto OkHttp
APIs. The class no longer imports any classes from okhttp
packages.
The values of mDns and mConnectionPool, which never change after
the initial call to maybeInitHttpClient(), are now set directly on
the AndroidHttpClient instance when it is constructed in that method.
Applications can overwrite getSocketFactory() and might depend on
that method being called (and the result used) every time a
connection is opened; therefore, for maximum app compatibility this
call was kept inside openConnection().
This CL is a prerequisite for introducing an additional frameworks
dependency on a richer API than HttpURLConnection.
Test: Build and install apk for FrameworksCoreTests, then run:
adb shell am instrument -e class android.net.NetworkTest -w com.android.frameworks.coretests
Bug: 64021405
Change-Id: I2c73d260508ee20c6a40fd6e95e2d058d3ea2330
This patch fixes the mask used in describeImmutableDifferences which did
not correctly turn NET_CAPABILITY_NOT_METERED into bit flag.
Bug: 63326103
Test: added unit tests, runtest frameworks-net
Change-Id: Ib6b390b1daef5912859302692af7dcd6cfd3e39a
This patch improves the wtf() logging in updateCapabilities to
better distinguish between the cases of a changed specifiers, changed
transports, or changed capabilities. The case of NOT_METERED being added
or removed is ignored.
Bug: 63326103
Test: runtest frameworks-net, runtest frameworks-wifi
Merged-In: I05c6e78891e1eac658f1cf883223af520a9a4f8f
Merged-In: I4f6cbc0adb461cef6610460daeba72ca38b8f10c
Merged-In: I165a8bbe8362100f1e2bb909459fb45b1c68d5ae
Merged-In: Iec6d92e9a3a12bab87c5adfaf17f776465077060
Merged-In: I633d6347a7f852c27c03fc96b36ca2a60f70c73c
Merged-In: I38739184fc0db105bfd3b4c02cce01e803739e5d
Merged-In: Ia58b877056e2442136cc8b145ac8f4e6560cfc2c
(cherry pick from commit d9806e8014)
Change-Id: Id32ca66068c8ff549627e8e8c0e50897ef928c58
libnativehelper exports headers under nativehelper. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using frameworks/base find headers
Bug: 63762847
Change-Id: I0f9f231acdebe460f279135462f43d3e32eff64d
This patch adds a InitialConfiguration class to IpManager for specifying
IP information in IpManager ProvisioningConfiguration at IpManager
startup.
At the moment this InitialConfiguration is not used, but is validated in
startProvsiioning if ProvisioningConfiguration includes one. It will be
integrated into IpManager IP provisioning logic in follow-up patches.
This patch also includes an example of data driven unit tests using a
table of test case. The highlights of this methodology are:
1) easy extensibility for new test case,
2) rich and informative error messages,
Unfortunately Java support for inlined data structure literals is poor
and some companion static methods for data generation are required for
enabling this methodology.
Bug: 62988545
Test: added new test in FrameworksNetTests,
$ runtest frameworks-net
$ runtest frameworks-wifi
Merged-In: I060b02603af7d73a6407df89344bf0c000574af2
(cherry pick of commit c8a0b1b80c)
Change-Id: I48dbf89232d7758f1b07ed4d76ce93281e5c6b53
This commit simply unhides the constant `TRANSPORT_LOWPAN` in the class
`android.net.NetworkCapabilities`, adding it to the public API.
Bug: b/63600204
Change-Id: I794635814c0bd3891cd22fcc1e31614e4d6ac654
This change simply adds a new constant, `TRANSPORT_LOWPAN`, for
identifying low-power wireless networks like Thread.
Bug: b/33073713
Test: builds
Change-Id: I50d9b8df1a0270e06c28f001adf6c52a142a85af
Merged-In: Ie4aa77496f8ff466fa1a5fbc556e9c029457a689
(cherry pick from commit 103292d0b7)
This patch allows to use TYPE_NONE for the legacy network type variable
of NetworkInfo. This usage is "safe" with respect to legacy APIs using
network types as most of them already returns null or do nothing for
TYPE_NONE.
Of the existing APIs in ConnectivityManager that accept a network type
argument, those which were already returning null or doing nothing for
TYPE_NONE are:
getNetworkInfo(int)
getNetworkForType(int)
stopUsingNetworkFeature(int, String)
networkCapabilitiesForType(int)
requestRouteToHostAddress(int, InetAddress)
reportInetCondition(int, int)
isNetworkSupported(int)
getLinkProperties(int)
Only setProvisioningNotificationVisible needs an additional guard
against TYPE_NONE.
Bug: 30088447
Bug: 62844794
Test: runtest frameworks-net
Change-Id: I112596fcd03d3c2cd42a2a84d265adb38e3944bb
This patch allows to use TYPE_NONE for the legacy network type variable
of NetworkInfo. This usage is "safe" with respect to legacy APIs using
network types as most of them already returns null or do nothing for
TYPE_NONE.
Of the existing APIs in ConnectivityManager that accept a network type
argument, those which were already returning null or doing nothing for
TYPE_NONE are:
getNetworkInfo(int)
getNetworkForType(int)
stopUsingNetworkFeature(int, String)
networkCapabilitiesForType(int)
requestRouteToHostAddress(int, InetAddress)
reportInetCondition(int, int)
isNetworkSupported(int)
getLinkProperties(int)
Only setProvisioningNotificationVisible needs an additional guard
against TYPE_NONE.
Bug: 30088447
Bug: 62844794
Test: runtest frameworks-net
Change-Id: I4455f2726d06406047086368628c1f253d854d8d
This change simply adds a new constant, `TRANSPORT_LOWPAN`, for
identifying low-power wireless networks like Thread.
Bug: b/33073713
Merged-In: Ie4aa77496f8ff466fa1a5fbc556e9c029457a689
(cherry pick from commit 103292d0b7)
Change-Id: I21f9b41b8b31c63ceeb1bc9c965f6da2614c356a
Test: runtest frameworks-net (not in original commit message)
This patch adds translation from ConnectivityMetricsEvent to
IpConnectivityEvent of recently added fields:
- top-level network id
- top-level ifname
- transports
Also adds inference of link layer from transports or ifname.
At the moment these new fields are not populated in
ConnectivityMetricsEvent. Follow-up patches will fill this gap for
the events of the android.net.metrics package.
Test: new unit tests, $ runtest frameworks-net passes
Bug: 34901696
Merged-In: I563a6a3183470bdfaabb7c781a1beaf6b1058bf0
(partial cherry pick from commit 45f6ef836d)
Change-Id: I6a00270e73a1bd07f23c367f2394d90a43ced47a
Test: runtest frameworks-net (not in original commit message)
This patch changes the validation of unregisterNetworkCallback in
ConnectivityManager so that the caller can better distinguish the case
of a callback that was never registered from the case of a callback that
has already been unregistered.
Bug: 62497809
Test: runtest frameworks-net passes
Change-Id: I58eda22725dd4e67dc4b64207e38cf482032df10
Most @SystemApi methods should be protected with system (or higher)
permissions, so annotate common methods with @RequiresPermission to
make automatic verification easier.
Verification is really only relevant when calling into system
services (where permissions checking can happen on the other side of
a Binder call), so annotate managers with the new @SystemService
annotation, which is now automatically documented.
This is purely a docs change; no logic changes are being made.
Test: make -j32 update-api && make -j32 offline-sdk-docs
Bug: 62263906
Change-Id: I2554227202d84465676aa4ab0dd336b5c45fc651
Using Preconditions and dedicated static methods for checking arguments
to improve error stack traces without error messages.
Test: covered by previously added unit test
Bug: 36701874
Change-Id: Id872b2c887a4bca43a8c3644622add1c2ee57c6d
This patch is a cherry pick of the two following commits:
- 139a48c83c which addresses several
issues in the public api of ConnectivityManager.
- 4c11db0fdd which fixes the documentation
of several methods in ConnectivityManager public api.
Because the first commit change the public api that is referenced in
the documentation fixed by the second commit, it is not possible to one
without the other. In both cases trying to cherry pick only one of them
results in a build error.
The first commit was submitted successfully on an internal branch before
the checks done in the built got stricter.
Bug: 36370941
Test: marlin builds and boots
Change-Id: I86dcf056e6b165e527c3ee88dbabc2764ac09a08
Merged-In: I693ee5270bf186c88c7c5056293519f7237504ff
(cherry picked from commit 139a48c83c)
