Currently, socketKeepalive implementation is accepting null fd
due to backward compatibility with legacy packet keepalive API.
However, due to lack of the fd, the service cannot guarantee the
port is not reused by another app if the caller release the port
for any reason.
Thus, grant the null fd access only for priviledged apps.
This commit also address some comments from aosp/918533.
Bug: 126699232
Test: atest FrameworksNetTests
Change-Id: I0baf582ff4ca8af6082c3754e8dfbcd867f39792
Currently, if the lower layer, e.g. wifi, didn't successfully
start keepalive by any reason. Due to the startedState changed
to NOT_STARTED first, the logic inside stop() will skip the
removing process and cause leak.
Thus, moving the changing of startedState to proper place first
to unblock subsequent changes first.
Bug: 123988249
Bug: 129371366
Test: atest FrameworksNetTests
Change-Id: I4bba01bacc80e1dac2023ef831b5ade5501894e4
For native services such as mediaserver and audioserver, the permission
information cannot be retrieved from getInstalledPackages. Instead, the
high level permission information is avalaible in systemConfigs. With
those permission information, netd can store the complete list of uids
that have UPDATE_DEVICE_STATS permission.
Bug: 128944261
Test: dumpsys netd trafficcontroller
Change-Id: I0331d5a3a5b927a351fcfe6689ef1ba2b993db0c
Change the INTERNET permission implementation so it only block socket
creation when non of the packages under the same uid have internet
permission. Fix the UPDATE_DEVICE_STATS permission so only the uid that
own the permission can change it.
Bug: 111560570
Test: CtsNetTestCasesUpdateStatsPermission
CtsNetTestCasesInternetPermission
Change-Id: I42385526c191d4429f486cde01293b27fcc1374b
There are 2 problems will make testPartialConnectivity flaky:
1. If we call setNetworkValid() before expectCapabilitiesWith(),
there may be a timing issue that network will become VALID before
NetworkMonitor send PARTIAL_CONNECTIVITY to ConnectivityService.
Solution:
We should set network to valid after ConnectivityService received
NETWORK_TEST_RESULT_PARTIAL_CONNECTIVITY to ensure NetworkMonitor
will send PARTIAL_CONNECTIVITY to ConnectivityService first then
send VALID.
2. When test case call explicitlySelected(true) first then call
connect(true), NetworkMonitor will report the network validation
test result twice because ConnectivityServiceTest() will trigger
notifyNetworkTested() when setAcceptPartialConnectivity() is
called, it may cause a timing that before the second test result
send to ConnectivityService, connect() already called
setNetworkInvalid. So, NET_CAPABILITY_VALIDATED will be removed
and ConnectivityService will trigger onCapabilitiesChanged()
unexpectedly.
Solution:
Don't trigger notifyNetworkTested() when
setAcceptPartialConnectivity() is called. If there is needed,
use mCm.reportNetworkConnectivity() to report the test result
instead.
Bug: 128426024
Test: 1. atest FrameworksNetTests: \
ConnectivityServiceTest#testPartialConnectivity \
--generate-new-metrics 1000
Change-Id: I7200528378201a3c7c09a78ff827b41f2741dfa1
Currently, the fails in testTcpSocketKeepalives are triggered by
fail() inside the executor, which is hiding the actual call trace
but only message remains. And it made the fail case hard to
debug.
So this commit is to bubble up the Exception by using a custom
functional interface.
Bug: 123987272
Test: 1. atest FrameworksNetTests
2. manually fail the test case and see the call trace
Change-Id: I125e673938a5e9d1de86f83c1a732227a4bd3207
Per API review, change the use of FileDescriptor to
ParcelFileDescriptor.
This change also fix nullability according to API review
feedbacks.
Fix: 126698610
Fix: 126699425
Fix: 126699232
Fix: 126700278
Test: 1. m -j
2. atest FrameworksNetTests --generate-new-metrics 50
3. m -j doc-comment-check-docs
Change-Id: I19476c50dd1ca290bf3f41973829da2bd229796a
Add nullability annotations on the following methods:
- StaticIpConfiguration#getRoutes
- ValidationProbeEvent#getProbeName
Test: m
Bug: 128935825
Change-Id: I1c17d200f3125e684c4e4d67b2f7f079eda310b6
Fill correct TOS/TTL value by fetching them from kernel with
getsockopt.
bug: 123967966
Test: -build, flash, boot
-atest FrameworksNetTests
Change-Id: I75b1be51040b4a381163958b4cddd27dbb22bac1
- Remove CaptivePortal constructor from SystemApi. This constructor was
added in Q timeframe and ends up being unnecessary since
CaptivePortal creation was refactored to ConnectivityService because
of visibility issues on ICaptivePortal.
- Rename getAvoidBadWifi to shouldAvoidBadWifi
- Add permission annotation for shouldAvoidBadWifi
(already merged in internal as:
I09545c00af3519dbf141dd5951b28f49e37b3e80)
Test: flashed, WiFi and captive portal works
Bug: 128935314
Bug: 128935673
Merged-In: I09545c00af3519dbf141dd5951b28f49e37b3e80
Change-Id: I7395d4a4db6a64398a827692aee1956c011873e5
am: dea6865011 -s ours
am skip reason: change_id Id0abc4d304bb096e92479a118168690ccce634ed with SHA1 273f900b3b is in history
Change-Id: I0634f41f9b3be7cc640b31ab3067708f99759831
am: 1a385c1b33 -s ours
am skip reason: change_id Id0abc4d304bb096e92479a118168690ccce634ed with SHA1 273f900b3b is in history
Change-Id: I98242257e569eeac747c0328dfa6381e49e7c0b0
The framework cannot return URLs used by the updatable NetworkStack,
which may use configurable URLs, changing URLs, or mechanisms not
involving URLs to detect captive portals. NetworkMonitor has already
been using random fallback URLs for a while that do not match the value
returned by ConnectivityManager#getCaptivePortalServerUrl.
With this change, the default value returned by the framework is
configured in framework resources as
config_networkDefaultCaptivePortalServerUrl. NetworkMonitor behavior may
change as it is an updatable component, but the current URL is
configured in NetworkMonitor resources as
config_captive_portal_http_url.
Test: flashed, booted, WiFi and captive portal working
Test: ConnectivityManager#getCaptivePortalServerUrl returns correct
value.
Bug: 127908503
Change-Id: I371dedc5b22efa909d7fd58e1ebe9b8aaced9780
