Some native daemons legacy design work with SYSTEM_UID. If none of
SYSTEM_UID apps declare the restricted network permission, it will
result in permission denial in daemons. Allow SYSTEM_UID in the
devices shipped before Q to support backward compatibility.
Bug:114245686
Test: 1. runtest frameworks-net
2. atest FrameworksNetTests
3. Native daemons with SYSTEM_UID can work normally
Change-Id: I6f3f0d83bcae74ef5389535b528af3baf649fa48
Currently, if VPN lockdown is disabled, the blocking judgement
inside VPN will return false immediately. It will make
ConnectivityService hard to check blocked status by a given
VPN lockdown status.
Thus, move this check into ConnectivityService and check it
externally.
Bug: 117814902
Test: 1. manual test with 3rd-party vpn app
2. runtest frameworks-net
Change-Id: Ia8319b1a1a12f1058c24badf2431f2ec69bc78e7
Make log of ConnectivityService configurable by system property.
Two levels:
VERBOSE: whole VDBG log.
DEBUG: selected necessary log for debug purpose.
Relevant log can be enbled in either way:
1. use adb command at run time.
2. config init.xx.rc file at compile time by adding.
on boot && property:ro.build.type=userdebug
setprop log.tag.ConnectivityService DEBUG
Bug: 117632924
Change-Id: I43cc84878c64c5b448853c7393393a02262afd15
onBlockedStatusChanged is intruduced for network blocked status.
The changes in this patch are:
- Test onBlockedStatusChanged which tells apps whether the
network is blocked.
- Fixed the tests which is affected by the order changed in
onAvailable.
Test: as follows
- runtest frameworks-net
- runtest -x NetworkPolicyManagerServiceTest.java
Bug: 74575553
Change-Id: I383c037ed895ef69c478dc3cff69fb1e27c42845
sendProxyBroadcast is always called with the same argument, and
it would make no sense with another argument anyway. Remove it.
This concludes the ProxyTracker refactoring with 227 lines removed
from ConnectivityService, a lot clarified, and some bugs removed.
Things can still be improved, but presumably at a much higher cost.
Next steps are : write tests, now that ProxyTracker is both testable
and mockable. And try to pour some gasoline on the PROXY_CHANGE_ACTION
broadcast, see if it burns well.
Test: runtest
Change-Id: I66e40b4bf5cfd0b2dc4fa37ea97b3429fe1b7e6c
This bug has existed for a long time. If mDefaultProxyEnabled is
false, then the mDefaultProxy member should obviously not be used
in the broadcast.
Test: runtest
Change-Id: I599a2ff9f96d4667e824cf000c2125f86010bb02
If mGlobalProxy is non-null, then getDefaultProxy returns mGlobalProxy
so the first change is a no-op.
If mGlobalProxy is null and mDefaultProxyEnabled is true, then
getDefaultProxy returns mDefaultProxy, which has just been set to
proxyInfo, so the second change is a no-op.
If mGlobalProxy is null and mDefaultProxyEnabled is true, then
getDefaultProxy returns mDefaultProxy ; if mGlobalProxy is null and
mDefaultProxyEnabled is false, then getDefaultProxy returns null,
therefore the third change is a no-op.
Test: runtest
Change-Id: I7c21062302bf54f4fc917c82e0175975051a55ec
Require NETWORK_SETTINGS (or NETWORK_SETUP_WIZARD) instead of the
legacy CONNECTIVITY_INTERNAL permission. The users are as follows:
- The system callers (Phone, Settings, SystemUI, VrSettings) all
have NETWORK_SETTINGS.
- SetupWizard has NETWORK_SETUP_WIZARD
- sl4a has NETWORK_STACK
Bug: 115302596
Test: builds, boots, airplane mode via SystemUI works
Change-Id: I8ca40182bd8b5e3fd9a82296c0cc28de30ed4baf
To add skip464exlat in NetworkMisc.
NetworkAgent can skip to start 464xlat if need.
(e.g. IMS PDN for Cellular can be disabled)
Device will treat the network as IPv6-only if it is set
Bug: 69949375
Test: Nat464XlatTest, ConnectivityServiceTest
Change-Id: I676a02cb92530d64f29f34e89482a934f3ec4553
Currently, apps rely on querying NetworkInfo object to know
whether their network is blocked or not. There is no proactive
way to tell app when it is being blocked/unblocked. The only
event that app would receive is SocketException with
ECONNABORTED when their ongoing socket connection has been
blocked, which is not an elegant way to notify app.
Thus, this commit is trying to address this problem. Therefore,
with the uses of other callbacks, the need of
getState/getDetailedState in NetworkInfo could be completely
eliminated.
Test: runtest frameworks-net
runtest -x NetworkPolicyManagerServiceTest.java
cts-tradefed run cts -m CtsHostsideNetworkTests
cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.ConnectivityManagerTest
Bug: 74575553
Change-Id: Iec96a3103d0aa9a505020eb89d69b89c0b694486
This contains a significant logic change : it will load the
deprecated proxy settings synchronously instead of on the next
run loop. I think this is okay because it would happen almost
immediately anyway, and there is nothing in ConnectivityService
that might be changing this setting in the mean time. As for
the possibility that this was executed in the handler because
of possible disk access, I want to point out that the
loadGlobalProxy method that now calls this was already doing
those same similar accesses.
Test: runtest
Change-Id: Idc6f260e2a337689dc274eb758eb00f6a31089bb
This will improve the user experience on Android TV devices,
see bug for details.
In addition when connecting adb to the device by ethernet
for cts, wifi will not connect, causing lots of tests to fail.
For example:
[CTS7.1]android.net.wifi.cts.WifiInfoTest#testWifiInfoProperties
[CTS7.1]android.net.cts.ConnectivityManagerTest#testConnectivityChanged_
manifestRequestOnlyPreN_shouldReceiveIntent
Use command:settings to put global wifi_data_always_on 1 to enable it.
Bug: 26102779
Test: Manual, CTS.
Change-Id: I711d93061a6bc7164d98a858912f781e1b967406
By construction, this WTF should never happen, since it's in an
if (nri.request.isRequest()) and by definition requests can only
be satisfied by one network at a time.
I don't think we've ever seen this particular WTF in an APR
report, which suggests that it's not happening in practice.
Test: atest FrameworksNetTests CtsNetTestCasesLegacyApi22 CtsNetTestCasesLegacyPermission22 android.net.cts.ConnectivityManagerTest
Change-Id: Icf4c7d2bb1da3c7db695cf0bcebc5806190a1677
This is the first step for ConnectivityService
call into INetd directly.
Import INetd and get it by using NetdService.
Test: runtest frameworks-net passes
Test: manual testing of wakeupAdd/DelInterface works
Change-Id: I643dba5206c66958134152d062f3f3a19a34cf2c
Everything in the system should now be using proper multinetwork
APIs instead of this insecure and error-prone API.
Make this method do nothing when called by the system. For now,
keep the code around for backwards compatibility for apps
targeting Android releases before M.
Bug: 25824776
Bug: 25876485
Test: FrameworksNetTests pass
Test: CtsNetTestCasesLegacyApi22 pass
Test: CtsNetTestCasesLegacyPermission22 pass
Test: android.net.cts.ConnectivityManagerTest passes
Change-Id: I9b3557faccccc95c7b954db6a13b853b4c7edea0
Idle timer rule is not cleared as expected if there is a
default network replacement.
Bug:37080406
Test: 1.run frameworks-net
2.check iptables rule with default network replacement
Change-Id: I6bd29d79e4ca3e8de4b867c4fcb5f81d02ba6de4
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
This patch adds two arguments to ConnectivityService dumpsys handler so
that only current networks or only current requests are dumped:
- "adb shell dumpsys connectivity networks" will dump current networks.
- "adb shell dumpsys connectivity requests" will dump current requests.
Bug: none
Test: Compiled, flashed, booted, checked that both new dumpsys args work
as expected.
Change-Id: Ie28e6c800795eb49f386b609e8222a25e73dfc84
This patch adds two utility functions for sorting requests and networks
tracked by ConnectivityService by request id and network id
respectively.
These utility functions are then used to improve the output of
adb shell dumpsys connectivity so that networks and requests are
printed in a more stable fashion.
Bug: none
Test: Compiled, flashed, booted, checked output of adb shell
dumpsys connectivity.
Change-Id: I3cb9b2ceab64145611a416dcb8c5d512838a2626
Not all preinstalled apps should have access to background
networks or restricted networks. But we give them all network
access permissions currently, it's not a good design. So we
shall limit preinstalled apps permissions, they should just
request the appropriate permission for their use case from
the network permissions.
Bug:19610688
Test: runtest frameworks-net
Change-Id: I184ae3197208c979847ca134c8f01b32528badf1
Use the Private DNS bypass logic that was moved into Network.
Once all callers of ResolvUtil are updated to use this interface
ResolvUtil can be deleted.
Test: as follows
- built, flashed, booted
- runtest frameworks-net passes
- connection to captive portal network detects portal correctly
and the login activity functions as expected
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 78548486
Change-Id: If11ef2b5ffdc729f8449cf18dccd5f1eccbc51e6
|Boolean| object is not parcelable and hences crashes when the binder call
crosses a process boundary. Using a primitive integer instead to
represent the boolean value.
Bug: 112358948
Test: Device boots up and able to make wifi connection.
Change-Id: Iac69fd302e1f1338ed0da1446105ffc5855451cc
|Integer| is not parcelable and hences crashes when the binder call
crosses a process boundary. Using a primitive integer should suffice
for sending the value to the server. There are no other usage of
|EVENT_NETWORK_SCORE_CHANGED| in the codebase.
Bug: 112358948
Test: Device boots up and able to make wifi connection.
Change-Id: I4c8fc17f4b803f69a4d882c71a8ce014a194d1ba
To debug power drain due to modem wakeups,
one of the signals we'd like to track is
requests for bandwidth estimate to see which
apps are making requests and how often. This
patch keeps a simple count per-UID when an
app requests a bandwidth update, and that
count is made available in dumpsys.
Bug: 77498849
Test: runtest frameworks-net
Change-Id: I30d2ce85f9fa6747030cf4039d1080113a32e386
