This commit changes agentConnect to set the owner UID as the mOwnerUid
field instead of the Binder.getCallingUid().
Binder.getCallingUid() can return incorrect results for platform VPNs,
as agentConnect() is called under a clean calling UID.
Additionally, this relaxes the ownerUid sanitization check to allow a
VPN network's owner to see it's own ownership information.
Vpn.mOwnerUid is guaranteed to be correct, as all VPNs MUST have called
prepareInternal() at some previous point, which sets mOwnerUid as the
package's UID (or SYSTEM_UID if this is legacy VPN).
Bug: 150135470
Test: CTS tests showing ownership information
Merged-In: Ic979dad73983d722365849fbfb0becfd432b894c
Change-Id: Ic979dad73983d722365849fbfb0becfd432b894c
(cherry picked from commit e29bf99a7fc1067c546d7fa6cbcb9001fb110d16)
Some developers have been surprised by this limitation and had trouble
figuring out what the issue was. Add documentation to address this.
This also includes a drive-by removal of a duplicate check.
Bug: 149867479
Test: doc-only change
Original-Change: https://android-review.googlesource.com/1313813
Merged-In: I5911d01984695550b6c9afe7a8eb535bf5e320a1
Change-Id: I5911d01984695550b6c9afe7a8eb535bf5e320a1
This consumes ~3.5% system logs, however it is not very useful
when debugging since similar information could be obtained from
dumpsys {connectivity|netpolicy}. Thus, remove the log.
Test: manual
Bug: 135504481
Change-Id: I04d2b7402f892546722fe6868c521afd9534f183
Merged-In: I04d2b7402f892546722fe6868c521afd9534f183
(cherry picked from commit 21a352f761ce558bea6fa9ab2a4e49a164228b56)
This change adds a comment to CS#simulateDataStall to explain why the
Data Stall is wrapped in a DataStallReportParcelable before being passed
to the ConnectivityDiagnostics handler. This approach is taken to ensure
that simulated data stalls are handled the exact same as Data Stalls
received directly from NetworkMonitor (including Data Stalls detected by
methods that the platform does not understand).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I751054418bf328c72b977a1cc99c27cb9b8ab7ba
Merged-In: I751054418bf328c72b977a1cc99c27cb9b8ab7ba
(cherry picked from commit c86db7497a27cfbac5c662911a295598b1335bc0)
This is only necessary when learning the NAT64 prefix from the
RA, because if the NAT64 prefix is learned from DNS, the DNS
resolver already knows the prefix and automatically enables
DNS64 synthesis.
The DNS resolver needs to be informed of the prefix any time
clat is running on a prefix learned from an RA. This is simple to
implement: just set the prefix when starting clat if prefix
discovery is not running, and clear the prefix when stopping clat
if prefix discovery was not running. This ensures that the prefix
is cleared iff it was set.
Bug: 156914456
Test: new unit test coverage
Original-Change: https://android-review.googlesource.com/1315578
Merged-In: If8ad2d30712a6df3e207c8d3e8a129705242191e
Change-Id: If8ad2d30712a6df3e207c8d3e8a129705242191e
This CL forwards suspected Data Stall events detected with unknown
detection methods to ConnectivityDiagnostics.
Currently, ConnectivityService drops any data stall events with unknown
detection methods, which leads to false negatives for Connectivity
Diagnostics registrants. This change ensures that registrants will still
be notified as NetworkStack is updated to use new detection methods.
The documentation for ConnectivityDiagnosticsManager#DataStallReport is
also updated to reflect that the detection methods included in the
report are a bit mask of detection methods used. Implicitly, this means
that data stalls detected via unknown methods will have an empty bit
mask (0x00).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I62d0bf91fcc17c7921afd519c72551399906bd6b
Merged-In: I62d0bf91fcc17c7921afd519c72551399906bd6b
(cherry picked from commit a1d9d811a05bf3447ebb90a39343b53eee79f0db)
When a VPN connects and it has any underlying network (which
means almost always, because it will take the default network
if it doesn't declare any), it has default capabilities and
will only take the capabilities of its underlying network
as part of an update happening after making the network
available but before the rematch can take place. This in turn
causes the capabilities callback sent as part of the rematch
to be spuriously sent.
Test: FrameworksNetTests. Also tested together with a
followup that adds tests with drive-by coverage for this.
Bug: 150570873
Original-Change: https://android-review.googlesource.com/1305393
Merged-In: Id7d8bba486bada1a7ba5b0f152d2aa02e407f249
Change-Id: Id7d8bba486bada1a7ba5b0f152d2aa02e407f249
This change moves the logic for handling Data Stall notifications from
NetworkMonitorCallbacks to ConnectivityService. This avoids duplicate
logic for managing data stall simulation requests from
ConnectivityManager. This also puts all of the logic for proxying Data
Stall notifications to the ConnectivityDiagnosticsHandler into one
place.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Ie2f6a1a2376c5c452750ab417cb5e8c24fc44fc3
Merged-In: Ie2f6a1a2376c5c452750ab417cb5e8c24fc44fc3
(cherry picked from commit 745eaa39a3c9bcaaa61671f66d8c1180195c84c4)
This change adds a TestApi for simulating a Data Stall to
ConnectivityService. This allows for Data Stalls to be triggered without
having to manipulate the signals used by NetworkMonitor . This also
allows NetworkMonitor to update the ways it detects Data Stalls without
affecting CTS tests for ConnectivityDiagnosticsManager.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
Merged-In: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
(cherry picked from commit b06463a002eb6215e9dda64e599eabd74cb56382)
This change sets the owner and administrator UIDs for test networks when
their initial values match the UID for the app creating the test
network. This ensures that apps registering test networks can only make
themselves owners / administrators of the network.
Bug: 153449964
Test: atest NetworkAgentTest
Change-Id: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
Merged-In: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
(cherry picked from commit 35782280a2adceec96b8e03c217788afa05894a0)
Set the parcelSensitiveFields bit when sending LinkProperties to
NetworkMonitor, so that the captive portal API URL is not lost.
Test: atest ConnectivityServiceIntegrationTest (see followup change)
Bug: 156062304
Original-Change: https://android-review.googlesource.com/1307833
Merged-In: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
Change-Id: Ifd4e9c02a6b9a2b2b8b254fc4da7bfb9e0a84550
Add a comment explaining the ordering of messages sent to the tracker
and connectivity diagnostics handlers.
Add a Slog.wtf call in case the deprecated notifyNetworkTested callback
is called.
Bug: 153500847
Test: atest ConnectivityServiceTest
Merged-In: I2dbfc9bf7b2f785ea4594851bd354e9fd0fc0bd1
Change-Id: I2dbfc9bf7b2f785ea4594851bd354e9fd0fc0bd1
Address issues found during AIDL review:
- Rename clientAddr to singleClientAddr
- Do not use a ParcelableBundle for notifyNetworkTested or
notifyDataStallSuspected; instead use AIDL parcelables for stronger
backwards compatibility guarantees.
Test: atest NetworkMonitorTest ConnectivityServiceTest
ConnectivityServiceIntegrationTest, manual
Bug: 153500847
Merged-In: Id9b71784e5f6294d203230e57737979e063ff0f8
Change-Id: Id9b71784e5f6294d203230e57737979e063ff0f8
Currently, if a prefix is learned from an RA while prefix
discovery is running, clatd will be correctly started, but
prefix discovery will be stopped.
In order to fix this, make it possible to call
stopPrefixDiscovery without transitioning to IDLE state (which
is obviously necessary in this case), by moving the assignment of
the next state from that method to its callers. For consistency,
do the same for startPrefixDiscovery.
Bug: 150648313
Test: new test coverage
Change-Id: I3803fa3d9806848b331c35ee8bac256934bd1f21
Merged-In: I3803fa3d9806848b331c35ee8bac256934bd1f21
(cherry picked from commit c7c6f76402a989f91b02c37574b6a9de592cf1af)
The NAT64 prefix from the RA always takes precedence over the
NAT64 prefix from DNS discovery, because it is detected faster,
and detecting it does not require sending any packets.
Bug: 150648313
Test: new unit test
Merged-In: Ic7452431d2d9aea1ae59b67a9d8383c6cc5b3902
Change-Id: Ic7452431d2d9aea1ae59b67a9d8383c6cc5b3902
>>>>>>>>>>>>>>>>>>>>>>
aosp/1284588
Adjust permission of NetworkProvider related API
- Allow an app holds NETWORK_SETTINGS to acess registerNetworkProvier()
and unregisterNetworkProvider().
- To access declareNetworkRequestUnfulfillable(), allow an app holds
MANAGE_TEST_NETWORKS to declare a unfulfillable request that contains
TRANSPORT_TEST transport.
This makes easier to write cts to test.
>>>>>>>>>>>>>>>>>>>>>>
aosp/1285957
Add cts test for NetworkProvider
It will skip whole tests on Q device since NetworkProvider class
is introduced in R.
Result on Q device would be:
[1/1] android.net.NetworkProviderTest#skippedClassForDevSdkMismatch: IGNORED (3ms)
>>>>>>>>>>>>>>>>>>>>>>
Bug: 153614605
Bug: 153613690
Bug: 153612373
Test: atest FrameworksNetTests
atest CtsNetTestCases:android.net.NetworkProviderTest
Test: atest CtsNetTestCasesLatestSdk:android.net.NetworkProviderTest
Change-Id: Ib6f42b8f0e94e8c2715a030587e065864edff25b
Merged-In: Ic9809e731aa811a51c2f82d189372169d99a5ed9
Merged-In: If7bfc7fae503e3497c37754697d0b148ff4cab3b
(cherry picked from commit 10138d42a8f3892fcdb129a39409efe42873f6fe)
There are tasks that need to be performed when receiving
LinkProperties directly from a NetworkAgent (either at
registration time or in subsequent updates).
Currently, the only example of such a task is calling
ensureDirectlyConnectedRoutes. This is currently done in
handleUpdateLinkProperties, which is often unnecessary,
because that method iscalled in many other cases than when
receiving properties directly from an agent. Ensuring directly
connected routes only needs to be done when receiving
LinkProperties from the agent, because ConnectivityService does
not directly manipulate routes.
This CL does not do much except remove these superfluous calls
and add the method. A future CL will add more code to the method.
Bug: 150648313
Test: atest ConnectivityServiceTest
Merged-In: Ibeeb5f79e8afd3350c935934713d7882f2e0281f
Change-Id: Ibeeb5f79e8afd3350c935934713d7882f2e0281f
This cannot (currently) happen with DNS64 detection, but it can
happen with the PREF64 option.
Bug: 150648313
Test: atest ConnectivityServiceTest Nat464XlatTest --rerun-until-failure 100
Merged-In: I789fe9d46d3ac5d074ae697d23013f24a9e0246d
Change-Id: I789fe9d46d3ac5d074ae697d23013f24a9e0246d
- Let any process with NETWORK_SETTINGS register for signal strength
wakeup.
- Allow agents registering test networks to assign them a signal
strength.
Test: NetworkAgentTest
Bug: 139268426
Change-Id: Iebfeb9316bcbd8472459c517abb16f1f9d879871
Merged-In: I2b4b89be3e69f4853fd6978d2c8f5c8eb4271f21
(cherry picked from commit 5cc7b18fe7fa94ce2e30572c476df445ed337741, aosp/1284585)
For a given network, resolver doesn't know what transport types are.
Therefore, when a new network is created or transport types are changed
in a give network, transport types will be updated and sent by calling
setResolverConfiguration(). In the same time, if link properties or
transport types are null, setResolverConfiguration() won't be called.
The original behaviors of setResolverConfiguration() aren't changed.
Only increasing one new behavior that when a given network has transport
type change, calling setResolverConfiguration() directly and resolver
updates the transport types for that given network.
Bug: 143732914
Test: atest FrameworksNetTests
atest FrameworksNetIntegrationTests
Change-Id: I6527cde0e177ba08c886576131b35fc769c2bb53
This makes the code easier to understand by making state
transitions more explicit. It also makes it easier to address a
TODO to turn the class into a StateMachine.
This should be an exact no-op refactoring. The current cases
covered by the code (all mutually exclusive) are:
1. requiresClat && !isPrefixDiscoveryStarted
Action: startPrefixDiscovery()
Equivalent to IDLE && requiresClat, because
isPrefixDiscoveryStarted returns true for every state except
IDLE.
2. requiresClat && isPrefixDiscoveryStarted && shouldStartClat
Action: start()
Equivalent to DISCOVERING && shouldStartClat,
because isPrefixDiscoveryStarted is true in DISCOVERING,
STARTING, and RUNNING, but start() does nothing if mState is
STARTING or RUNNING.
3. requiresClat && isPrefixDiscoveryStarted && !shouldStartClat
Action: stop()
Equivalent to (STARTING or RUNNING) && !shouldStartClat,
because isPrefixDiscoveryStarted is true in DISCOVERING,
STARTING, and RUNNING, but stop() does nothing if mState is
not STARTING or RUNNING.
4. !requiresClat && isStarted
Action: stop()
Equivalent to (STARTING or RUNNING) && !requiresClat,
because isStarted() is only true in STARTING and RUNNING.
5. !requiresClat && !isStarted && isPrefixDiscoveryStarted
Action: leaveStartedState()
Equivalent to DISCOVERING && !requiresClat, because
the only state with isPrefixDiscoveryStarted and !isStarted
is DISCOVERING.
Also, simplify case #5. In this case, calling leaveStartedState
is superfluous, because in the DISCOVERING state:
- There is no need to call unregisterObserver, since the observer
is only registered when entering STARTING and is unregistered
when going back to DISCOVERING or IDLE.
- mIface and mBaseIface don't need to be set to null because they
are only set to non-null when entering STARTING and nulled out
when going back to DISCOVERING or IDLE.
Bug: 126113090
Bug: 150648313
Test: covered by existing ConnectivityServiceTest and Nat464XlatTest
Merged-In: Ice536bcb269cc8b040c6e7a72c15d0bc8b5bd235
Change-Id: Ice536bcb269cc8b040c6e7a72c15d0bc8b5bd235
This just a rename with no functional changes at all. It is
preparation for supporting getting the NAT64 prefix from the
RA.
Bug: 150648313
Test: covered by existing ConnectivityServiceTest and Nat464XlatTest
Merged-In: Ia9a09a708870827b1e4cf068f930fa9542dd116c
Change-Id: Ia9a09a708870827b1e4cf068f930fa9542dd116c
VPN is considered fully routed if both IPv4 and IPv6 have
either a default route or a prohibit route.
Bug: 145332510
Test: atest FrameworksNetTests
Merged-In: I59cf48552bca98092d1212e3d718fd420add5458
Change-Id: I59cf48552bca98092d1212e3d718fd420add5458
NetworkCapabilities needs to have its UIDs cleared (UID ranges, owner
UID, and administrator UIDs) before it can be shared with apps via
ConnectivityDiagnosticsCallback invocations. The previous helper used
for clearing these values mutated the provided NetworkCapabilities. This
is updated to instead return a sanitized copy of the provided
NetworkCapabilities
Bug: 148942124
Test: atest FrameworksNetTests
Change-Id: I2431a6d273d0d73432919baf41b4f66397f4b7dc
Merged-In: I2431a6d273d0d73432919baf41b4f66397f4b7dc
(cherry picked from commit 45bbc4f6ac910a2ea87eb6b2197e34db50d3ada8)
ConnectivityService is updated to simplify the logic for unregistering
ConnectivityDiagnosticsCallback instances. This change removes the given
callback from ConnectivityService's data structure. If the callback was
not registered with ConnectivityService, it is logged and the function
exits; else, the unregister() operation continues.
Bug: 150867635
Test: atest FrameworksNetTests
Change-Id: I9096969a1bf33da72b117f5bbc88257df805e688
Merged-In: I9096969a1bf33da72b117f5bbc88257df805e688
(cherry picked from commit f047313940b5af49a3b0e72a5f2d94fc1dda9c9d)
Clarify when
ConnectivityDiagnosticsCallback#onConnectivityReportAvailable will be
invoked. Clarify when NetworkAgentInfo#mConnectivityReport will be null
vs non-null.
Bug: 147849853
Test: atest FrameworksNetTests
Change-Id: I748bd9ded72a34d89f13bd4362d6d4da62b910b8
Merged-In: I748bd9ded72a34d89f13bd4362d6d4da62b910b8
(cherry picked from commit 604dd40cf077f42c2d4b6ff80ff41d89cfbcacee)
This change updates ConnectivityService to use IBinder instances as keys
when storing ConnectivityDiagnosticsCallbacks.
When storing ConnectivityDiagnosticsCallbacks in ConnectivityService,
the IConnectivityDiagnsoticsCallback is used as the key for
ConnectivityService.mConnectivityDiagnosticsCallbacks. However,
IConnectivityDiagnosticsCallback instances are received as different
objects. This causes them to produce different hashCode() values, so
attempts to remove an IConnectivityDiagnosticsCallback fail.
Bug: 150867635
Test: atest FrameworksNetTests
Change-Id: Ib99e68d5ae47fa27e12428f9a60a2c1204ac59a2
Merged-In: Ib99e68d5ae47fa27e12428f9a60a2c1204ac59a2
(cherry picked from commit c7c6a4ac12beb7c216076958612869426da06da0)
ConnectivityDiagnosticsCallbacks are tied to NetworkRequestInfo objects
when registered with the platform. Each NetworkRequestInfo is tied to a
specific uid, and ConnectivityService enforces a limit on the number of
network requests that can be associated with each uid.
When ConnectivityDiagnosticsCallbacks are unregistered from the
platform, their NetworkRequestInfo is freed and the number of network
requests per the user's uid should be decremented.
Bug: 150802582
Test: atest android.net.cts.ConnectivityDiagnosticsManagerTest
Change-Id: Ia5ed39c1d8e6221cd402be4f8baf69fa643a6113
Merged-In: Ia5ed39c1d8e6221cd402be4f8baf69fa643a6113
(cherry picked from commit 662076b1a7c0f064fa746fc7b8d3204c966c8e48)
This change updates the behavior for registering
ConnectivityDiagnosticsCallbacks. Now, after a successful register()
call, callbacks will receive cached ConnectivityReports for all
matching, permissioned networks. This allows registrants to be updated
with the network state for their networks without having to wait for the
next network validation.
Bug: 147849853
Test: atest FrameworksNetTests
Change-Id: I924ba8fdcc847f453557021591bde38602fe089c
Merged-In: I924ba8fdcc847f453557021591bde38602fe089c
(cherry picked from commit 95ec0b206b759e1d26bc1dbb2255a515bb24358a)
Update ConnectivityService's check for administrator UIDs to use
ArrayUtils to check for UID inclusion. Update the NetworkCapabilities
annotation on the administrator UIDs field to clarify that it is
NonNull.
Bug: 147903575
Test: atest FrameworksNetTests
Change-Id: Id630fe9d76aacdaf038fdaa5360f0327520ee0c3
Merged-In: Id630fe9d76aacdaf038fdaa5360f0327520ee0c3
(cherry picked from commit 898496365aa1f3601cdbb305004ad0de11ff6bfc)
aosp/1261619 break legacy API that only supported for SDK which is
smaller than android M, caller need to have network stack permission
to request network with legacy type. Fix failure by whitelist permission
check for the caller who built with order SDK(< M).
Bug: 152229492
Test: atest CtsTetheringTest
atest ConnectivityManagerLegacyTest# \
testStartUsingNetworkFeature_enableHipri
Change-Id: I02504c0eed10ee4e08c8fbf032951022255ba5fa
Merged-In: I367dff0429f26f266282300edc38637b55eece38
(cherry picked from commit b1c8acf0d6ba1fe35d8e81673d2c5c24fa2fea79)
This puts in force some restrictions against test networks,
and in exchange relaxes the restrictions around registering
a network agent that provides a test network.
Test networks can only ever have transport TEST, and have
only a few capabilities available to them.
This is useful in particular to test CTS. See aosp/1253423
for first, basic usage of this capability.
Test: IpSecManagerTunnelTest
Test: new CTS aosp/1253423
Bug: 139268426
Change-Id: Ibd162792a7ab02fcbb06130f21a825a386678c05
(cherry picked from commit 2c129e97cca2234ee6dd079a9c07df0c530d8b36)
In aosp/1203789, if two routes are with the same destination,
it will be replaced instead of added when calling addRoute.
This breaks scenarios which rely on the ability to add multiple
default routes, such as multiple IPv6 default routes learned
via address autoconfiguration.
This change treats the route is an update if the destination
and nexthop are the same, but different in other properties.
Test: atest OffloadControllerTest#testSetUpstreamLinkPropertiesWorking
Test: atest LinkPropertiesUtilsTest#testLinkPropertiesIdenticalEqual
Test: atest ConnectivityServiceTest#testStackedLinkProperties
Test: atest ConnectivityServiceTest#testRouteAddDeleteUpdate
(only directly related tests are listed)
Fix: 152170074
Fix: 151911339
Bug: 142892223
Change-Id: I7153ec9866f14a109ba8155c905e5d9e4f85eb64
Merged-In: I7153ec9866f14a109ba8155c905e5d9e4f85eb64
(cherry picked from commit 11aa9cb44aee289329b306cfc51a73cfe1456b61)
ConnectivityDiagnosticsCallbacks should only be invoked for the
underlying networks declared by active VPNs. This encourages VPN apps to
declare their underlying networks.
The previous permission model for VPNs allowed active VPNs to receive
callbacks on any network.
Bug: 148903617
Test: atest FrameworksNetTests
Change-Id: Ic08cdd2e2532580fda0fd3034e2bdff27e0ff84b
Merged-In: Ic08cdd2e2532580fda0fd3034e2bdff27e0ff84b
(cherry picked from commit e1f0c56f74593d3781bfa4ee4871a5efbabe303c)
This CL adds a setIncludeTestInterfaces method to EthernetManager
that, when called, causes the Ethernet service to recognize and
manage test interfaces created by TestNetworkManager.
Bug: 150644681
Test: Tested by EthernetTetheringTest in same topic
Change-Id: I86eef7a93267f800dbfc8eafd307effa76a344ca
Merged-In: I86eef7a93267f800dbfc8eafd307effa76a344ca
(cherry picked from commit 3410fb0aa92bbd4f9d7dc031e89f6f528ff34245)
CONNECTIVITY_ACTION_SUPL is marked as a "temporary hack" and has
never been public. Remove this intent definition since no one is
receiving this intent and should use network callback to know the
connection change.
Bug: 109636544
Test: atest FrameworksNetTests
Change-Id: Ie9e5127742beba04f1c191e894e8a29fe1e704bb
Merged-In: Ie9e5127742beba04f1c191e894e8a29fe1e704bb
(cherry picked from aosp/1224697)
- InvalidPacketException, public field should be a method so
add getter to get error code.
- KeepalivePacketData, public fields should be methods so
add getter for fields.
Bug: 151322799
Test: atest FrameworksNetTests
atest FrameworksWifiTests
atest FrameworksTelephonyTests: some failure in CarrierAppUtilsTest
Change-Id: Id01e6135193716cc21bba11da529bf1507a954f7
