Bug: 177931370
Test: atest tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Ignore-AOSP-First: Platform changes related to this are not in AOSP yet.
Change-Id: I6d525c4d88ba01838d51a873251593281b628898
This library can be removed because the annotations are no longer
used out of module.
@RestrictBackgroundStatus and @MultipathPreference are defined
in connectivity mainline module. Annotate these in non-updatable
platform is not going to be manageable long term. For example,
if the module gets updated and the annotation gets more values
then it's a problem in non-updatable platform. So, it should
not have IntDef cross module boundaries.
Ignore-AOSP-First: AOSP doesn't include this change yet
Bug: 183972925
Test: build
Change-Id: I63f1fde73c4ffdaff9fda914e33cbb5a110ba64e
In an effort to make reviewing easier, this implements most of
the infra but only a mostly trivial test.
Ignore-AOSP-First: NetworkScore incomplete in AOSP
Bug: 184037351
Test: this
Change-Id: Ibb9139798ce44d748e87bae79a1e23311ec8d9b6
As API review feedback, setting allowed on restricted networks
should be by uid instead of package name for security reason.
Thus, update the getter/setter to return/accept set of uids.
Bug: 188085693
Test: atest FrameworksNetTests
Ignore-AOSP-First: Needs cherry-picks
Change-Id: I979bf98075e6c9c0ed7e891582843fddb62643cb
Allows SdkExtensions to inspect its version to decide what the extension
sdk version is on-device.
Bug: 188787081
Test: m com.android.tethering and inspect
Ignore-AOSP-first: internal topic, will cherry-pick after submission
Change-Id: If2d28b02be871594fed1fbb40b7aad284b553afb
Fix memory access violation in com_android_networkstack_tethering_BpfUtils.cpp
caused by invalid format string in com_android_networkstack_tethering_BpfUtils_isEthernet.
If rv is not valid, jniThrowException will format a string using
"Unknown hardware address type %s on interface %s". However, rv is an int but here
"%s" is used in fmt string, thus causing access violation of memory.
Use "%d" instead of "%s" for int.
Bug: 188757793
Original-Change: https://android-review.googlesource.com/1715797
Merged-In: I9d8ec0708efd747e24b3b3ffed5336434d4f64a7
Change-Id: I9d8ec0708efd747e24b3b3ffed5336434d4f64a7
It's a follow up of aosp/1652210.
The tests may verify partial NetworkAgent callback behavior.
The existing expectCallback will always expect to see the first
callback in the callback queue, so if tests did not verify all
the happened callback. It cannot verify the callback after
unregister. Add eventuallyExpect to wait for a target callback
and skip the disinterest ones, and verify the unregister
behavior for NetworkAgent callback in one method.
Bug: 178725261
Test: atest android.net.cts.NetworkAgentTest
Change-Id: I66d8e5a0fa1e2245711e8ac90d9daca24802e399
Merged-In: I66d8e5a0fa1e2245711e8ac90d9daca24802e399
(cherry picked from commit 12a6422f47)
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
Merged-In: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
Merged-In: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
Merged-In: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
(cherry picked from commit 23e37e6c76)
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
Merged-In: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
(cherry picked from commit f3d0fc49db)
When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
(cherry picked from commit 235dd87ecf)
When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
(cherry picked from commit 10ba4b773b)
The old callback only report interface list, new callback could provide
the mapping of interface and type. Replace old callback usage in cts
with new callback and check whether old callback could get the correct
interface list by comparing the result between old and new callback.
Bug: 162920185
Bug: 152203943
Test: atest CtsTetheringTest on S
atest CtsTetheringTestLatestSdk on R
atest MtsTetheringTestLatestSdk on S and R
Ignore-AOSP-First: Its dependences CL is not in aosp currently.
Change-Id: I2a0b8c43fb340c3eaed7f0f90464199222a24280
The change aosp/1708088 break tethering unit test in R.
Bug: 187946226
Test: atest TetheringTests in R and S
Change-Id: I4eb4b757f6d7cd3458964c81310dcf0687a4f091
Merged-In: I4eb4b757f6d7cd3458964c81310dcf0687a4f091
