As API review feedback, setting allowed on restricted networks
should be by uid instead of package name for security reason.
Thus, update the getter/setter to return/accept set of uids.
Bug: 188085693
Test: atest FrameworksNetTests
Merged-In: I979bf98075e6c9c0ed7e891582843fddb62643cb
Change-Id: I979bf98075e6c9c0ed7e891582843fddb62643cb
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
As the feedback from API review, the clearAll method in Builder
does not match the actual usage. Thus, remove it and replace
with withoutDefaultCapabilities to provide clearer usage.
Bug: 184735772
Test: make update-api ; m
Change-Id: Ida8d25d57504864f046e3403f593cc606fbfe982
Merged-In: Ida8d25d57504864f046e3403f593cc606fbfe982
- Rename [set|get]RestrictedAllowedApps to
[set|get]AppsAllowedOnRestrictedNetworks
- Remove the regex of validate package name check
Bug: 188085693
Test: m update-api && m
Change-Id: I07966fb66093523a67e1e6a1ecfa05cc399e22f2
This CL adds APIs for telephony to perform filter matching based on
remote address if the socket is connected. Additional checks will be
performed on the state of socket to avoid the future callbacks in a
separate CL.
Bug: 181916576
Test: Manually verified in live T-Mobile network
atest ConnectivityServiceTest
atest com.android.internal.telephony.dataconnection.QosCallbackTrackerTest
Change-Id: I6fbd4e84c76bc4acbf4e59f06f8e86e0237bae29
The resources are only read by NetworkStack through their respective
ApfCapabilities SystemApi methods.
As the resources are being migrated out of frameworks/base resources
anyway, move them directly to NetworkStack instead of moving them to
ServiceConnectivityResources.
Also test that the framework resources are not overlaid or modified.
This should avoid OEM integration errors where the overlays are kept as
in R, without overlaying the resource in the NetworkStack package.
Bug: 185850634
Test: atest CtsNetTestCases
BYPASS_INCLUSIVE_LANGUAGE_REASON=Need to mention legacy APIs
Change-Id: I7a15ddcad5af11fa307d9dbe3a77b31a1179e5b3
This patch introduces the concept of a network offer that
providers send to Connectivity to register for relevant
requests. This lets them see only requests that they can
hope to satisfy considering their capabilities and score
filters.
This is meant to replace the filtering mechanism currently
implemented by NetworkFactory. The reason for replacing
this mechanism is that the old mechanism does caps and
score filtering on the factory side, which requires these
two filters to be contextless and available system-wide,
including in separate processes from the system server.
These constraints severely limit and complexify in
particular what the score comparisons may look like. In
the past the score comparison was only integer-based,
making the code duplication not much of a problem, but as
this scheme is becoming unsustainable by spreading the
complexity of the selection across the entire stack, a
centralized mechanism is now necessary.
This patch only introduces the new objects and has CS
keep track of them, but does not actually use them yet.
Followup patches will implement the logic of calling
the offer callbacks.
Test: FrameworksNetTests NetworkStackTests FrameworksWifiTests
Bug: 167544279
Merged-In: Idec1fe8eb4ac6f562bf098e3dd470f11024d04f2
(clean cherry-pick)
Change-Id: Idec1fe8eb4ac6f562bf098e3dd470f11024d04f2
Currently, NetworkCapabilities always redacts the TransportInfo
objects it contains whenever a defensive copy is made. This makes
it impossible to make a defensive copy on a TransportInfo
parcelled from another process without redacting it.
Stop redacting by default; instead rely on ConnectivityService
explicitly calling NetworkCapabilities' redacting constructor
when it returns a NetworkCapabilities object to an app via a
callback or synchronous call. This is currently done by
- createWithLocationInfoSanitizedIfNecessaryWhenParceled, which
is called from callCallbackForRequest, getNetworkCapabilities,
and getDefaultNetworkCapabilitiesForUser.
- getNetworkCapabilitiesWithoutUids, which is used when sending
ConnectivityDiagnosticsManager callbacks. In this method,
unconditionally redact all information, which is what the code
did previously due to the default redaction setting for empty
NetworkCapabilities objects being REDACT_ALL.
Bug: 183938194
Test: atest NetworkCapabilitiesTest
Test: atest FrameworksNetTests CtsNetTestCases HostsideVpnTests
Change-Id: I3108ee94cb0930958e071ba678c3554525b0db82
To satisfy OEM's requests, setting mobile data preference
should be by uid. Thus, update the getter/setter to
return/accept set of uids that need to apply mobile data
preference.
Bug: 171872461
Test: atest FrameworksNetTests
Change-Id: Id44efd2a6d820867f4405426c91e65b9ef155898
This setting is OEM upstream requirement for third party apps
using restricted networks.
Bug: 185149952
Test: atests FrameworksNetTests
Change-Id: I5e16b46cf2935f38ee1e516bb8b85fa487cf9f61
Addresses API council feedback.
Bug: 184890428
Test: atest FrameworksNetTests CtsNetTestCases
Test: atest CtsNetTestCasesLatestSdk:NetworkCapabilitiesTest on R device
Change-Id: Id7c68fbf56ee08fcad8e8e3aacf037fa1885936b
This will allow CTS to add the WIFI transport and others,
letting them test a number of essential features of the
ranking algorithm.
It's relatively safe because restricted networks can never
become the default, and NOT_RESTRICTED is a default
capability so very few apps would be affected by the shell
creating such a network.
Bug: 184037351
Test: NetworkScoreTest (which is under review)
Change-Id: I21055dc613fead6130adc2122f2cdd0af9b49adf
Update PrivateDnsMode from StringDef to IntDef because IntDef is
the normal way of representing multiple choices in public API.
Also update other related files.
Bug: 185311744
Test: 1. make update-api
2. atest FrameworksNetTests CtsNetTestCases CtsNetTestCasesLatestSdk
3. atest FrameworksServicesTests:DevicePolicyManagerTest
Change-Id: I23e7ec140066979726d769cabc5f7057bb2167e6
Merged-In: I23e7ec140066979726d769cabc5f7057bb2167e6
(Cherry-picked from ag/14227609)
Address API review feedback to:
- Rename NetworkAgent#setTeardownDelayMs to
NetworkAgent#setTeardownDelayMillis
- Use getters instead of fields in VpnTransportInfo
- Rename registerDefaultNetworkCallbackAsUid to
registerDefaultNetworkCallbackForUid in ConnectiivityManager
Bug: 183972850
Bug: 185246410
Fix: 184735863
Test: make update-api
Test: atest FrameworksNetTests
Test: atest CtsNetTestCasesLatestSdk
Change-Id: I5e8c4bed8bda40d507afa894c359b5e24ee5d868
Merged-In: I5e8c4bed8bda40d507afa894c359b5e24ee5d868
Address API review feedback, ConnectivityManager#getAllNetworkStateSnapshot
should be pluralized so rename the method to getAllNetworkStateSnapshots
(cherry picked from ag/14221105)
Bug: 183972554
Test: make, FrameworksNetTests
FrameworksServicesTests
Merged-In: Ic18d17d05984fa2466c962c7843c0ef7183ce77c
Change-Id: Ic18d17d05984fa2466c962c7843c0ef7183ce77c
If the caller constructed the builder from a request, it means
the user might explicitly want the capabilities from the request.
Thus, the NOT_VCN_MANAGED capabilities should not be touched
later.
Test: TH
Fix: 185876442
Change-Id: I92037cc8547fb72de12d6b6402f060f6c98e1853
The build will complain after moving connectivity framework code
outside framework because the hidden methods/members accesses are
not allowed anymore. Link to a hidden class will not work since
it's not visible in public.
Bug: 182859030
Test: make docs
Change-Id: I5726f80be7cf92b648ce851d9601d5f58bc2b647
As API review feedback, rename disableProvisioningNotification()
to setEnabledProvisioningNotification and disableNat64Detection()
to setEnabledNat64Detection. Also, update code in caller side
accordingly.
Bug: 184735772
Test: make update-api ; atest FrameworksNetTests
Change-Id: If7305634863d1503c967e5593ebd0c8af2174bea
Both TcpRepairWindow and TcpKeepaliveController(user) are in the
connectivity module, so TcpRepairWindow doesn't need to be
the module-lib API. Thus, remove TcpRepairWindow from
module-lib API.
Bug: 172183305
Test: m update-api
Change-Id: I8fde726f8ad73637e6deab69ea83b3699bb2cf45
This commit addresses the API review feedback that getUid()
will be better to make it be a method on UserHandle itself
rather than a static method.
Update as it is and update the corresponding usages.
Fix: 184735865
Test: make update-api
Test: atest FrameworksNetTests
Test: atest CtsNetTestCasesLatestSdk
Change-Id: I33844309224d84764704255d251fadc8940202ca
