Changing the per-app default request flows to fallback to a request of
type TRACK_DEFAULT as opposed to type REQUEST. The main benefit of this
change is that these requests will no longer be sent to the factories
which is desired.
Bug: 180452284
Bug: 176494815
Test: atest FrameworksNetTests
atest FrameworksNetIntegrationTests
atest CtsNetTestCasesLatestSdk
Change-Id: I312e55a54f70aa82953a32ab9369d5afc02b75e5
Merged-In: I312e55a54f70aa82953a32ab9369d5afc02b75e5
Migrate resource usage to the connectivity resource package.
For framework resources that have known overlays, keep a fallback until
the overlays can be migrated.
Bug: 182125649
Test: atest FrameworksNetTests
Merged-In: I778d94a5aac0c4e20e78b1ba3a002495c17a38a0
(clean cherry-pick)
Change-Id: I778d94a5aac0c4e20e78b1ba3a002495c17a38a0
Correctly count nri uid request counts in the per-app functionality in
connectivity currently used by set profile and set oem network
preference APIs. Previously, upon creation, nris would be created prior
to removing them. This would cause the uid request counts to
artificially increase and incorrectly throw an error if the request
count limit was hit even though in actuality an apps request count was
valid.
E.g., if there was an existing request for per-app functionality and
its owning app made a change to the per-app requests, it would double
count the existing requests. If the current count was say, one under the
limit, an error would be thrown even though it was being replaced which
should have resulted in no net change to the request count limit if
working correctly.
This patch will allow for the requests to be removed prior to creation
so that request counts are tabulated correctly.
Bug: 185849563
Bug: 183785319
Test: atest FrameworksNetTests
Change-Id: I13da0c81256cc02bea6aff2fe1ef99d6f6b0e764
Adding historical logging for the setOemNetworkPreference() calls. This
will last across reboots.
Bug: 177257940
Bug: 176494815
Test: atest FrameworksNetTests
Change-Id: I4fc35fd58ff741830aa292adc1c559b4279ad8f9
This commit addresses the API review feedback that getUid()
will be better to make it be a method on UserHandle itself
rather than a static method.
Update as it is and update the corresponding usages.
Fix: 184735865
Test: make update-api
Test: atest FrameworksNetTests
Test: atest CtsNetTestCasesLatestSdk
Change-Id: I33844309224d84764704255d251fadc8940202ca
The value should be assigned as a long to do the bit calculation
as the mNetworkCapabilities is intended to be a long. Otherwise,
the value will be temporary assigned into an integer then
assigned to the target long. When the bit shift calculation
is out of the integer scope, the calculation will overflow and
result in unexpected bebavior.
Without assigning to a long, ConnectivityServiceTest will get
Out-Of-Memory in StringBuilder while generating toString() in
NetworkCapabilities after updating tests to verify
NET_CAPABILITY_VSIM and NET_CAPABILITY_BIP.
Bug: 130869457
Test: atest FrameworksNetTests
Change-Id: I4d34c1215c7efb6dc352c314107792e3fa512ad7
UserManager#isManagedProfile() is not aware of the user
handle of the context the UM instance is created on.
Instead, call isManagedProfile(int).
Bug: 183625645
Test: ConnectivityServiceTest
Change-Id: I1fef22d67d75df25a8c2d0694f857c3e1c1a1306
This change downgrades API visibility for the list-of-subIds in the
NetworkCapabilities to SystemApi
Bug: 175662146
Test: atest NetworkCapabilitiesTest#testSubIds
Test: atest FrameworksNetTests
Change-Id: I372fa9eaa7585aefd1710948ca007456feedd578
- This will be visible only to apps with the NETWORK_SETTINGS
permissions (signature), and will be redacted for all other callers.
- This string is expected to be the same as set by
VpnService#setSession, and in general, VpnConfig.session. But it
will be a general API that Vpn.java can call when setting the
VpnTransportInfo.
- This string cannot be updated once the VPN NetworkAgent is connected.
Bug: 171872481
Test: atest ConnectivityServiceTest
atest VpnTransportInfoTest
atest android.net.cts.NetworkAgentTest
Change-Id: I8d09e25b83f7ee8be21ec9c9bd3c72a251f1370d
Merged-In: I8d09e25b83f7ee8be21ec9c9bd3c72a251f1370d
(cherry-picked from ag/14011912)
When WiFi disconnects, the VPN disconnects immediately. The
broadcast can therefore be sent before the broadcast receiver is
registered, which causes the receiver to not see the broadcast.
The puzzling part is that CONNECTIVITY_ACTION is a sticky
broadcast, so one would expect the broadcast to still be
received, even if the registration is done after the broadcast
is sent. The reason this doesn't happen is that the context used
by the test is a BroadcastInterceptingContext, which does not
treat sticky broadcasts as sticky.
Bug: 184115648
Test: atest --iterations 1000 'ConnectivityServiceTest#testLegacyLockdownVpn'
Change-Id: Ib44c92839d25951cc7d2db0f923e1b104690e1e0
Give anyone with PERMISSION_MAINLINE_NETWORK_STACK (i.e.,
either the system or the networkstack process) a separate limit
of 250 callbacks per UID.
Bug: 183921387
Test: new unit tests
Change-Id: I24580ea48e3ad502ef584efc5fde0b5d22e392b4
* changes:
Add test coverage for NetworkAgent callbacks.
Add a setTeardownDelayMs API to NetworkAgent.
Address comments on onBlockedStatusChanged(Network, int) CL.
It isn't used by ConnectivityService any more and even if
it needs such utility method in the future, we could create
one which is part of connectivity module and doesn't need
to be exposed as part of NetworkPolicyManager API surface.
Bug: 183696103
Test: atest ./tests/net/java/com/android/server/ConnectivityServiceTest.java
Change-Id: Ie3c681f88e4b2b9bb92d2224c5ea96b074f155d5
Currently, queryUserAccess talks to netd via FwmarkServer.
Doing this from the module would require exposing queryUserAccess
as an NDK API or reimplementing FwmarkClient.
Because queryUserAccess really only uses information that comes
from ConnectivityService/PermissionMonitor anyway, just use that
information without calling to net.
Test: atest HostsideVpnTests
Bug: 171540887
Merged-In: If855de1ea3e1fd2ed30f2795d9b4acfcf969a2dc
Change-Id: If855de1ea3e1fd2ed30f2795d9b4acfcf969a2dc
This is similar to onBlockedStatusChanged(Network, boolean) but
it allows the callback holder to know the exact reason why
networking was blocked. It is useful to privileged system
components such as JobScheduler that are able to ignore some
blocked reasons but not others.
Also add a new BLOCKED_REASON_LOCKDOWN_VPN that is used when
networking is blocked because an always-on VPN is in
lockdown mode.
Also move BLOCKED_METERED_REASON_MASK to ConnectivityManager.
This is necessary because ConnectivityService must ensure that
the blocked status callbacks are correctly sent when meteredness
changes (e.g., a UID that is blocked on metered networks will
become unblocked on a network that becomes unmetered). In order
to do this it needs to know which reasons apply only on metered
networks.
Bug: 165835257
Test: unit tests in subsequent CLs in the stack
Change-Id: I647db4f5a01280be220288e73ffa85c15bec9370
- Add @VisibleForTesting & @Nullable for Vpn#getNetwork().
- Remove null check in caller side(test) of Vpn#getNetwork()
because if the code is working properly, it can never be null.
Bug: 182963397
Test: atest FrameworksNetTests
Change-Id: Ic52864003fbebd9f4e95d43fefc2e168437b0122
Merged-In: Ic52864003fbebd9f4e95d43fefc2e168437b0122
(cherry-picked from ag/13946573)
Modify Vpn#getNetId() to Vpn#getNetwork() and uses NETID_UNSET
when getNetwork() returns null in ConnectivityServiceTest.
Bug: 182963397
Test: atest FrameworksNetTests
Change-Id: I69d449705b1dc541287c72af8dc7705dc4733109
Merged-In: I69d449705b1dc541287c72af8dc7705dc4733109
(cherry-picked from ag/13927650)
Register network callback for all networks and record
NetworkCapabilities for every networks. Once onDnsEvent is
triggered, use the netId it passes in to find the corresponding
NetworkCapabilities instead of using netId to create a Network
object(hidden API) then get the NetworkCapabilities by
ConnectivityManager#getNetworkCapabilities.
Bug: 182963397
Test: m
Test: atest IpConnectivityMetricsTest
Test: atest NetdEventListenerServiceTest
Change-Id: I91d68ca33253831b78def1ddeb074ba944a5d6ad
Merged-In: I91d68ca33253831b78def1ddeb074ba944a5d6ad
(cherry-picked from ag/13959432)
These constants will now be including all the reasons for why an
uid's network access can be blocked, instead of only the
restrictions that could be imposed by NPMS.
Bug: 183473548
Test: atest ./tests/cts/hostside/src/com/android/cts/net/HostsideRestrictBackgroundNetworkTests.java
Merged-In: I4c544415e12adf442fd2415c371b1b70a39c3aa4
Change-Id: I6dcea43fbefa9eac8b5a971b822a5be5422a54b4
This is to be used by privileged components (e.g., JobScheduler)
to request callbacks about the state of other UIDs on the system.
Bug: 165835257
Test: new unit test coverage
Change-Id: I29f155710394e58c14fcef488db6271d8d83033a
When registerDefaultNetworkCallback is called by an app that has
NETWORK_SETTINGS, the UID of the app is forgotten and the request
that is filed has an empty UID set. This results in that request
matching networks that have UID ranges that do not include it,
e.g., VPNs.
Fix this by ensuring that the UID ranges are properly set.
Bug: 165835257
Test: updated specific tests for this bug
Change-Id: I90bf79573342c144d1cfbc2f61a3155fdd5b1fa7
Currently, if a process with NETWORK_SETTINGS registers a default
network callback, its uid will be ignored and replaced with an
empty list of UIDs. This means it will incorrectly match VPNs
with any UID range.
Add a test for this bug to make it easier to review the upcoming
change that fixes it.
Bug: 165835257
Test: test-only change
Change-Id: If58524b01fdd60045fb7236d17dedf31fb563f99
* changes:
TransportInfo: Add a generic redaction mechanism
Revert "Revert "Expose uids related APIs in NetworkRequest and N..."
Revert^2 "Replace the usage of UidRange"
Also make getTransportName non-static so it can access the module
resources.
Also fix a duplicate comment in a resource file.
Bug: 183097033
Test: atest FrameworksNetTests
Test: connected to Wi-Fi with no Internet, observed notification
Change-Id: Ic0d24d36af0b87153d527083f8964ddc6cd78482
Merged-In: Ic0d24d36af0b87153d527083f8964ddc6cd78482
ag/13210542 switched from using reset() on mResources to using
clearInvocations(). This ensures that only the previous calls are
reset, and that the mock continues to behave according to what
was specified in setUp.
Test: 183097033
Test: test-only change
Merged-In: I35d28c8df341dbbac2774026c6ca749e296c0482
Change-Id: Ieef982d2df50db3014f35f58a77674939ebe0d43
