When apps try to call factoryReset to do networking reset, it
will result in updating the setting in SettingsProvider.
ContentProvider will verify if the package name of the caller
that initiated the request being processed on the current thread.
The package should belong to the calling UID. The setting update
started from the ConnectivityService context, so the package will
be android but the calling UID will be the calling app. It will
cause a SecurityException. The behavior is fine previously as its
known caller(Settings) shares system UID. But it will be a
problem for other callers, such as CTS. Thus, clear the identity
since the necessary permission check should be examined at the
top of the method. The following actions should be fine to be
proceed from the system itself. Also replace the user restriction
check via hasUserRestrictionForUser with the UserHandle created
from the calling uid to ensure it's verified with correct user.
Bug: 186061922
Test: Factory reset from Settings
Change-Id: If2dd69f702a1eafff331f9e71f6b92aeadfb715d
The legacy design of "dumpsys connectivity" will only dump
information with NORMAL priority. It was updated to provide
both NORMAL and HIGH priority information in order to support
dump in bugreport. However, it will also affect the result
using dumpsys connectivity.
Update design to dump NORMAL priority only to align with legacy
design.
Bug: 188387185
Test: adb shell dumpsys connectivity
Test: adb bugreport and check the result in bugreport
Change-Id: I6825c5038e48e3060c0c3ad1512bd584ef6d10a7
PermissionMonitor register APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting observer to listen setting changed callback. Then update
or revoke permission for those apps.
Bug: 185149952
Test: atest FrameworksNetTests
Change-Id: I4b6a21bd3f47b7bcaac36fcabf1202a5a84a4520
Let PermissionMonitor read APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting and grant netd system permission to uids whose package
name is listed in setting.
Bug: 185149952
Test: atest FrameworksNetTests
Change-Id: I856b545c0339a262abbe9d432cfda125bc82dc12
As the feedback from API review, the clearAll method in Builder
does not match the actual usage. Thus, remove it and replace
with withoutDefaultCapabilities to provide clearer usage.
Bug: 184735772
Test: make update-api ; m
Change-Id: Ida8d25d57504864f046e3403f593cc606fbfe982
Merged-In: Ida8d25d57504864f046e3403f593cc606fbfe982
- Rename [set|get]RestrictedAllowedApps to
[set|get]AppsAllowedOnRestrictedNetworks
- Remove the regex of validate package name check
Bug: 188085693
Test: m update-api && m
Change-Id: I07966fb66093523a67e1e6a1ecfa05cc399e22f2
Address API review feedback, other APIs have been refering to
these as "interface" instead of "iface" so migrate the APIs named
*Iface* to *Interface*.
(cherry-picked from ag/14326779)
Bug: 183972554
Test: atest android.net.UnderlyingNetworkInfoTest
Merged-In: I38b476e762fb57fa88c4a789092d0af6f5330d80
Change-Id: I38b476e762fb57fa88c4a789092d0af6f5330d80
Move NetIdManager and ProfileNetworkPreferences from services/core to
packages/Connectivity/service.
This is a partial cherry-pick of a downstream change.
Bug: 186628461
Test: m
Merged-In: I454e8a0a8d0e0f9e6d21a8e8faf5a9e299962ad4
Change-Id: I6734c181dac39518b8d69be1e49d7f5f0a0a18da
The service-connectivity sources should be in
packages/modules/Connectivity. Move them to
frameworks/base/packages/Connectivity, so that the whole directory can
be moved to the dedicated packages/modules/Connectivity git project.
Bug: 186628461
Test: m
Merged-In: I26d1a274058fa38763ad4f605549d880865b4d76
Change-Id: Ie0562db92ebee269b901926d763ae907bde61b98
This CL adds APIs for telephony to perform filter matching based on
remote address if the socket is connected. Additional checks will be
performed on the state of socket to avoid the future callbacks in a
separate CL.
Bug: 181916576
Test: Manually verified in live T-Mobile network
atest ConnectivityServiceTest
atest com.android.internal.telephony.dataconnection.QosCallbackTrackerTest
Change-Id: I6fbd4e84c76bc4acbf4e59f06f8e86e0237bae29
This patch introduces the concept of a network offer that
providers send to Connectivity to register for relevant
requests. This lets them see only requests that they can
hope to satisfy considering their capabilities and score
filters.
This is meant to replace the filtering mechanism currently
implemented by NetworkFactory. The reason for replacing
this mechanism is that the old mechanism does caps and
score filtering on the factory side, which requires these
two filters to be contextless and available system-wide,
including in separate processes from the system server.
These constraints severely limit and complexify in
particular what the score comparisons may look like. In
the past the score comparison was only integer-based,
making the code duplication not much of a problem, but as
this scheme is becoming unsustainable by spreading the
complexity of the selection across the entire stack, a
centralized mechanism is now necessary.
This patch only introduces the new objects and has CS
keep track of them, but does not actually use them yet.
Followup patches will implement the logic of calling
the offer callbacks.
Test: FrameworksNetTests NetworkStackTests FrameworksWifiTests
Bug: 167544279
Merged-In: Idec1fe8eb4ac6f562bf098e3dd470f11024d04f2
(clean cherry-pick)
Change-Id: Idec1fe8eb4ac6f562bf098e3dd470f11024d04f2
Currently, NetworkCapabilities always redacts the TransportInfo
objects it contains whenever a defensive copy is made. This makes
it impossible to make a defensive copy on a TransportInfo
parcelled from another process without redacting it.
Stop redacting by default; instead rely on ConnectivityService
explicitly calling NetworkCapabilities' redacting constructor
when it returns a NetworkCapabilities object to an app via a
callback or synchronous call. This is currently done by
- createWithLocationInfoSanitizedIfNecessaryWhenParceled, which
is called from callCallbackForRequest, getNetworkCapabilities,
and getDefaultNetworkCapabilitiesForUser.
- getNetworkCapabilitiesWithoutUids, which is used when sending
ConnectivityDiagnosticsManager callbacks. In this method,
unconditionally redact all information, which is what the code
did previously due to the default redaction setting for empty
NetworkCapabilities objects being REDACT_ALL.
Bug: 183938194
Test: atest NetworkCapabilitiesTest
Test: atest FrameworksNetTests CtsNetTestCases HostsideVpnTests
Change-Id: I3108ee94cb0930958e071ba678c3554525b0db82
To satisfy OEM's requests, setting mobile data preference
should be by uid. Thus, update the getter/setter to
return/accept set of uids that need to apply mobile data
preference.
Bug: 171872461
Test: atest FrameworksNetTests
Change-Id: Id44efd2a6d820867f4405426c91e65b9ef155898
Move the tests together with packages/Connectivity code, so both can be
moved to packages/modules/Connectivity together.
Also reorganize unit tests in a unit/ directory, as other tests
(integration/, common/ etc.) have been added in tests/net since they
were created. This makes the directory structure consistent.
Test: atest FrameworksNetTests
Bug: 187814163
Merged-In: I254ffd1c08ec058d594b4ea55cbae5505f8497cc
Change-Id: I254ffd1c08ec058d594b4ea55cbae5505f8497cc
This setting is OEM upstream requirement for third party apps
using restricted networks.
Bug: 185149952
Test: atests FrameworksNetTests
Change-Id: I5e16b46cf2935f38ee1e516bb8b85fa487cf9f61
Use the jniThrowErrnoException that is available in JNIHelp, instead of
reimplementing in NetworkUtils.
Bug: 179229316
Test: device boots and has connectivity
Merged-In: I257a9d55ce1f5a7c588e209b4a89d3e7a3e09994
Change-Id: I257a9d55ce1f5a7c588e209b4a89d3e7a3e09994
Keep the utilities included via a library, but move them out of
core/jni, and prepare a library to package them together with
framework-connectivity.
Also remove unnecessary dependencies in framework-connectivity.
Bug: 171540887
Test: device boots and has connectivity
Merged-In: I0b55dfe92f3cb6e848d79ac7953756f39aaa2597
Change-Id: I0b55dfe92f3cb6e848d79ac7953756f39aaa2597
framework-connectivity needs to build only against stable APIs.
Bug: 171540887
Test: m framework-connectivity.impl
Merged-In: I2d51d37d067bf6fe86e4dedf05855a2dd67ed57c
Change-Id: I2d51d37d067bf6fe86e4dedf05855a2dd67ed57c
Addresses API council feedback.
Bug: 184890428
Test: atest FrameworksNetTests CtsNetTestCases
Test: atest CtsNetTestCasesLatestSdk:NetworkCapabilitiesTest on R device
Change-Id: Id7c68fbf56ee08fcad8e8e3aacf037fa1885936b
This will allow CTS to add the WIFI transport and others,
letting them test a number of essential features of the
ranking algorithm.
It's relatively safe because restricted networks can never
become the default, and NOT_RESTRICTED is a default
capability so very few apps would be affected by the shell
creating such a network.
Bug: 184037351
Test: NetworkScoreTest (which is under review)
Change-Id: I21055dc613fead6130adc2122f2cdd0af9b49adf
Update PrivateDnsMode from StringDef to IntDef because IntDef is
the normal way of representing multiple choices in public API.
Also update other related files.
Bug: 185311744
Test: 1. make update-api
2. atest FrameworksNetTests CtsNetTestCases CtsNetTestCasesLatestSdk
3. atest FrameworksServicesTests:DevicePolicyManagerTest
Change-Id: I23e7ec140066979726d769cabc5f7057bb2167e6
Merged-In: I23e7ec140066979726d769cabc5f7057bb2167e6
(Cherry-picked from ag/14227609)
