By construction, this WTF should never happen, since it's in an
if (nri.request.isRequest()) and by definition requests can only
be satisfied by one network at a time.
I don't think we've ever seen this particular WTF in an APR
report, which suggests that it's not happening in practice.
Test: atest FrameworksNetTests CtsNetTestCasesLegacyApi22 CtsNetTestCasesLegacyPermission22 android.net.cts.ConnectivityManagerTest
Change-Id: Icf4c7d2bb1da3c7db695cf0bcebc5806190a1677
This is the first step for ConnectivityService
call into INetd directly.
Import INetd and get it by using NetdService.
Test: runtest frameworks-net passes
Test: manual testing of wakeupAdd/DelInterface works
Change-Id: I643dba5206c66958134152d062f3f3a19a34cf2c
Everything in the system should now be using proper multinetwork
APIs instead of this insecure and error-prone API.
Make this method do nothing when called by the system. For now,
keep the code around for backwards compatibility for apps
targeting Android releases before M.
Bug: 25824776
Bug: 25876485
Test: FrameworksNetTests pass
Test: CtsNetTestCasesLegacyApi22 pass
Test: CtsNetTestCasesLegacyPermission22 pass
Test: android.net.cts.ConnectivityManagerTest passes
Change-Id: I9b3557faccccc95c7b954db6a13b853b4c7edea0
Idle timer rule is not cleared as expected if there is a
default network replacement.
Bug:37080406
Test: 1.run frameworks-net
2.check iptables rule with default network replacement
Change-Id: I6bd29d79e4ca3e8de4b867c4fcb5f81d02ba6de4
FakeSettingsProvider requires this method to be called before and after
use. Without this, the settings value or content provider may be cached
statically, so the test will be affected by code accessing settings
before it is run.
Bug: b/116668105
Test: atest FrameworksNetTests
Change-Id: I1480f3f3bbb17791752582a70327bb5c7c348d7c
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
This patch adds two arguments to ConnectivityService dumpsys handler so
that only current networks or only current requests are dumped:
- "adb shell dumpsys connectivity networks" will dump current networks.
- "adb shell dumpsys connectivity requests" will dump current requests.
Bug: none
Test: Compiled, flashed, booted, checked that both new dumpsys args work
as expected.
Change-Id: Ie28e6c800795eb49f386b609e8222a25e73dfc84
This patch adds two utility functions for sorting requests and networks
tracked by ConnectivityService by request id and network id
respectively.
These utility functions are then used to improve the output of
adb shell dumpsys connectivity so that networks and requests are
printed in a more stable fashion.
Bug: none
Test: Compiled, flashed, booted, checked output of adb shell
dumpsys connectivity.
Change-Id: I3cb9b2ceab64145611a416dcb8c5d512838a2626
This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
Not all preinstalled apps should have access to background
networks or restricted networks. But we give them all network
access permissions currently, it's not a good design. So we
shall limit preinstalled apps permissions, they should just
request the appropriate permission for their use case from
the network permissions.
Bug:19610688
Test: runtest frameworks-net
Change-Id: I184ae3197208c979847ca134c8f01b32528badf1
Use the Private DNS bypass logic that was moved into Network.
Once all callers of ResolvUtil are updated to use this interface
ResolvUtil can be deleted.
Test: as follows
- built, flashed, booted
- runtest frameworks-net passes
- connection to captive portal network detects portal correctly
and the login activity functions as expected
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 78548486
Change-Id: If11ef2b5ffdc729f8449cf18dccd5f1eccbc51e6
