When private DNS setting was set to opportunistic (mode) and null
(hostname), CtsNetUtils would not restore it.
Make sure that private DNS settings are restored after every test. Also
fail if restore is called without having saved any setting beforehand.
Bug: 190465704
Test: atest CtsNetTestCases
Original-Change: https://android-review.googlesource.com/1729162
Merged-In: Ic5d8d8b729469e0eef89a0b53f166e604264c1ee
Change-Id: Ic5d8d8b729469e0eef89a0b53f166e604264c1ee
startTrackDefaultNetwork was allowed to called multiple times
before even though there is no one actually do it. However,
in the TetheringTest#verifyDefaultNetworkRequestFiled, a
manual invocation is used to ensure that function supports
multiple entrance.
But with aosp/1697371, startTrackDefaultNetwork is no longer
allowed to be called multiple times, it would lead to log.wtf
and crash system in eng build.
Since the manual invocation of startTrackDefaultNetwork is not
realistic and no longer valid anymore, remove the invocation
that caused the trouble.
Test: atest TetheringCoverageTests
Bug: 188613493
Merged-In: I61f6088783d521fd17ae1e87370842b4239fbe75
Change-Id: I61f6088783d521fd17ae1e87370842b4239fbe75
(cherry-picked from aosp/1711433)
This CL updates ConnectivityDiagnostics permission checks in
ConnectivityService to only require location permission for Networks
that have TRANSPORT_WIFI. This change is consistent with the location
restrictions required for the transports themselves. Previously,
location permissions were required for all Network types.
Bug: 187310575
Test: atest ConnectivityServiceTest ConnectivityDiagnosticsManagerTest
Change-Id: I48806533e4e705d2d9be45f3b3d3931d9294b167
Merged-In: I48806533e4e705d2d9be45f3b3d3931d9294b167
(cherry picked from commit 0990af5148)
Bug: 186061922
Test: atest CtsNetTestCases:android.net.cts.ConnectivityManagerTest
Test: atest CtsNetTestCasesLatestSdk on R and S device
Merged-In: I5d3e448ed00b9baeb64a08036ecac1f9c8206cc7
Change-Id: I5d3e448ed00b9baeb64a08036ecac1f9c8206cc7
The existing isWifiTetheringSupported only check if tethering side
supports wifi tethering or not but not wifi side. A expected
behavior should include both of them, so add the wifi side check
into the helper function. Also update in the existing caller side
due to a new parameter added.
Bug: 186061922
Test: atest MtsTetheringTestLatestSdk
Megred-In: Id69ac1d30ab2bbf23e870193335b139f54672636
Change-Id: Id69ac1d30ab2bbf23e870193335b139f54672636
Ignore-AOSP-First: cherry-pick
Now, PermissionMonitor reigster observer to listen the change
from all users, but "uids allowed on restricted networks" should
affect to all users instead of per each user. Thus, move the
setting from Settings.Secure to Settings.Global.
Bug: 189705071
Test: atest FrameworksNetTests
Ignore-AOSP-First: Need cherry-pick
Change-Id: Ibea354d8dda1f02652a193820f3f9eb573b9a956
This library can be removed because the annotations are no longer
used out of module.
@RestrictBackgroundStatus and @MultipathPreference are defined
in connectivity mainline module. Annotate these in non-updatable
platform is not going to be manageable long term. For example,
if the module gets updated and the annotation gets more values
then it's a problem in non-updatable platform. So, it should
not have IntDef cross module boundaries.
Ignore-AOSP-First: AOSP doesn't include this change yet
Bug: 183972925
Test: build
Change-Id: I63f1fde73c4ffdaff9fda914e33cbb5a110ba64e
In an effort to make reviewing easier, this implements most of
the infra but only a mostly trivial test.
Ignore-AOSP-First: NetworkScore incomplete in AOSP
Bug: 184037351
Test: this
Change-Id: Ibb9139798ce44d748e87bae79a1e23311ec8d9b6
As API review feedback, setting allowed on restricted networks
should be by uid instead of package name for security reason.
Thus, update the getter/setter to return/accept set of uids.
Bug: 188085693
Test: atest FrameworksNetTests
Ignore-AOSP-First: Needs cherry-picks
Change-Id: I979bf98075e6c9c0ed7e891582843fddb62643cb
Allows SdkExtensions to inspect its version to decide what the extension
sdk version is on-device.
Bug: 188787081
Test: m com.android.tethering and inspect
Ignore-AOSP-first: internal topic, will cherry-pick after submission
Change-Id: If2d28b02be871594fed1fbb40b7aad284b553afb
Fix memory access violation in com_android_networkstack_tethering_BpfUtils.cpp
caused by invalid format string in com_android_networkstack_tethering_BpfUtils_isEthernet.
If rv is not valid, jniThrowException will format a string using
"Unknown hardware address type %s on interface %s". However, rv is an int but here
"%s" is used in fmt string, thus causing access violation of memory.
Use "%d" instead of "%s" for int.
Bug: 188757793
Original-Change: https://android-review.googlesource.com/1715797
Merged-In: I9d8ec0708efd747e24b3b3ffed5336434d4f64a7
Change-Id: I9d8ec0708efd747e24b3b3ffed5336434d4f64a7
It's a follow up of aosp/1652210.
The tests may verify partial NetworkAgent callback behavior.
The existing expectCallback will always expect to see the first
callback in the callback queue, so if tests did not verify all
the happened callback. It cannot verify the callback after
unregister. Add eventuallyExpect to wait for a target callback
and skip the disinterest ones, and verify the unregister
behavior for NetworkAgent callback in one method.
Bug: 178725261
Test: atest android.net.cts.NetworkAgentTest
Change-Id: I66d8e5a0fa1e2245711e8ac90d9daca24802e399
Merged-In: I66d8e5a0fa1e2245711e8ac90d9daca24802e399
(cherry picked from commit 12a6422f47)
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
Merged-In: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
Merged-In: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
Merged-In: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
(cherry picked from commit 23e37e6c76)
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
Merged-In: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
(cherry picked from commit f3d0fc49db)
When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
(cherry picked from commit 235dd87ecf)
When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Merged-In: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
(cherry picked from commit 10ba4b773b)
