Carriers in Mainland China need to customize certain captive portal
urls. The main issue is that google servers are not accessible in
Mainland China.
Added the following captive portal resources to be targeted for overlay.
- config_captive_portal_http_url
- config_captive_portal_https_url
- config_captive_portal_fallback_urls (string-array)
- config_captive_portal_fallback_probe_specs (string-array)
These values can be customized for e g diffent countries
Bug: 111819230
Test: atest FrameworksNetTests NetworkStackTests
Test: Add a product RRO that targets a specific country code,
insert a SIM card that matches that country code and check the log
what URL is used.
Change-Id: I38a294a5e14417f65e96e76235ea153c53c4d7cc
The gnss@2.0 HAL and the framework GNSS Location Provider code is
updated in Q to not call the deprecated requestRouteToHost() method.
However, devices upgrading to Q which are still using gnss@1.1 or
earlier HAL must continued to be supported.
Fixes: 121222025
Test: Tested with gnss@1.1 HAL and first API level P. The
ConnectivityService log message "This method exists only for
app backwards compatibility and must not be called by system
services" is not present for devices with first API level P.
Change-Id: I10199776ea413dc256dbf0771e6cb3eedb334495
NetdService#getInstance() will get null object in
WrappedConnectivityService constructor. Then pass this null
INetd object to PermissionMonitor will case NPE in
PermissionMonitor#sendPackagePermissionsToNetd()
Bug: None
Test: atest FrameworksNetTests
Change-Id: Ia1c80f9600a19c4aaf3f3c1b497b355d96c49c8e
NetworkMonitor cannot do the private dns resolution due to lack
"mNetworkCapabilities". ConnectivityService will call
NetworkStackService#notifyPrivateDnsChanged() before doing
network validation. After NetworkMonitor received
CMD_PRIVATE_DNS_SETTINGS_CHANGED, it will call
isValidationRequired to check if the validation is required.
But mNetworkCapabilities didn't be set, so the
mPrivateDnsProviderHostname will be set to empty and make
EvaluatingPrivateDnsState doesn't do private dns resolution.
Bug: 129375892
Test: 1. Build pass
2. atest FrameworksNetTests
3. atest NetworkStackTests
Change-Id: I637212fb4746bb2e9a2f4a4457fd36c4c2701149
The kernel eBPF maps have a blacklist to store all the uids that doesn't
have internet permission. When an app is unintalled from the device and
it is the last package on device that uses that uid, make sure we
cleaned the uid from the map and do not add no longer used uids into the
eBPF map. This action helps reduce the number of entries stored in the
map and reduce the chance of overflow the eBPF map.
Bug: 128944261
Test: PermissionMonitorTest
Change-Id: I10dd0113d00d6cf9ca39902d9721f2591d387d4a
Add more tests to PermissionMonitor to verify the functionality related
to INTERNET permission and UPDATE_DEVIE_STATS permission. Modified some
of the class design of PermissionMonitor so that it is easier to test
the new functionalities.
Bug: 111560570
Test: PermissionMonitorTest
Change-Id: Ic5585f337db5de48e2f87bf4f01ed7d85c349827
- Restrict unprivileged apps to use
NetworkRequest.Builder#setSignalStrength.
- Remove the "throws NullPointerException" in
CaptivePortalProbeSpec constructor.
- Remove the null check in LinkProperties.
- Add annotataion into all ConnectivityManager.NetworkCallback
methods.
Change-Id: Id275cac1d6a30d7515cd7b113394f5e8a0179314
Fix: 129097486
Test: atest FrameworksNetTests
Currently, onStopped callback are synchronizely triggered when
stop() was called, since the framework don't really care
about the result of stopping keepalive.
However, if keepalive failed to stop for some reason, the
handleStopKeepalive was called mistakenly and trigger additional
callback that fail the test case.
This commit is the behavior change prior to state machine
refactoring, and introduce a stopping state for ignoring the
result in the stopping state.
Bug: 129512753
Bug: 123988249
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests
Change-Id: I4fa94e0740ba488fb5fe7ac7c3812c195dd0ec4c
The system server (in SystemServer.java) defines the boot
sequence, during which an event called SystemReady happens.
This corresponds to a time when critical system services
that are depended upon by other components in the system
server are ready to handle requests from their dependencies.
Some system services are listening to this event to defer
initializations that depend on the critical services.
Because the network stack is only started after SystemReady,
there is no way any NetworkMonitor may be started before
SystemReady. Remove the associated mechanism.
Fix: 129376083
Test: FrameworksNetTests
Change-Id: I071eeb10d0b7c4f71af6653d322c7b442b2cc7ee
NetworkMonitor obtained LinkProperties and NetworkCapabilities via
synchronous calls to ConnectivityManager after receiving an asynchronous
notification, which is prone to races: the network could be gone before
the LinkProperties/NetworkCapabilities can be fetched.
Fix the race by passing LinkProperties/NetworkCapabilities directly to
NetworkMonitor in the asynchronous notifications.
Test: atest FrameworksNetTests NetworkStackTests
Test: booted, WiFi works
Bug: 129375892
Change-Id: I200ac7ca6ff79590b11c9be705f650c92fd3cb63
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
VPN uid.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I9d8d0cc58d18002c1c96f8ddff780ef8dc452d21
Currently, socketKeepalive implementation is accepting null fd
due to backward compatibility with legacy packet keepalive API.
However, due to lack of the fd, the service cannot guarantee the
port is not reused by another app if the caller release the port
for any reason.
Thus, grant the null fd access only for priviledged apps.
This commit also address some comments from aosp/918533.
Bug: 126699232
Test: atest FrameworksNetTests
Change-Id: I0baf582ff4ca8af6082c3754e8dfbcd867f39792
Currently, if the lower layer, e.g. wifi, didn't successfully
start keepalive by any reason. Due to the startedState changed
to NOT_STARTED first, the logic inside stop() will skip the
removing process and cause leak.
Thus, moving the changing of startedState to proper place first
to unblock subsequent changes first.
Bug: 123988249
Bug: 129371366
Test: atest FrameworksNetTests
Change-Id: I4bba01bacc80e1dac2023ef831b5ade5501894e4
For native services such as mediaserver and audioserver, the permission
information cannot be retrieved from getInstalledPackages. Instead, the
high level permission information is avalaible in systemConfigs. With
those permission information, netd can store the complete list of uids
that have UPDATE_DEVICE_STATS permission.
Bug: 128944261
Test: dumpsys netd trafficcontroller
Change-Id: I0331d5a3a5b927a351fcfe6689ef1ba2b993db0c
Change the INTERNET permission implementation so it only block socket
creation when non of the packages under the same uid have internet
permission. Fix the UPDATE_DEVICE_STATS permission so only the uid that
own the permission can change it.
Bug: 111560570
Test: CtsNetTestCasesUpdateStatsPermission
CtsNetTestCasesInternetPermission
Change-Id: I42385526c191d4429f486cde01293b27fcc1374b
Per API review, change the use of FileDescriptor to
ParcelFileDescriptor.
This change also fix nullability according to API review
feedbacks.
Fix: 126698610
Fix: 126699425
Fix: 126699232
Fix: 126700278
Test: 1. m -j
2. atest FrameworksNetTests --generate-new-metrics 50
3. m -j doc-comment-check-docs
Change-Id: I19476c50dd1ca290bf3f41973829da2bd229796a
Fill correct TOS/TTL value by fetching them from kernel with
getsockopt.
bug: 123967966
Test: -build, flash, boot
-atest FrameworksNetTests
Change-Id: I75b1be51040b4a381163958b4cddd27dbb22bac1
- Remove CaptivePortal constructor from SystemApi. This constructor was
added in Q timeframe and ends up being unnecessary since
CaptivePortal creation was refactored to ConnectivityService because
of visibility issues on ICaptivePortal.
- Rename getAvoidBadWifi to shouldAvoidBadWifi
- Add permission annotation for shouldAvoidBadWifi
(already merged in internal as:
I09545c00af3519dbf141dd5951b28f49e37b3e80)
Test: flashed, WiFi and captive portal works
Bug: 128935314
Bug: 128935673
Merged-In: I09545c00af3519dbf141dd5951b28f49e37b3e80
Change-Id: I7395d4a4db6a64398a827692aee1956c011873e5
The framework cannot return URLs used by the updatable NetworkStack,
which may use configurable URLs, changing URLs, or mechanisms not
involving URLs to detect captive portals. NetworkMonitor has already
been using random fallback URLs for a while that do not match the value
returned by ConnectivityManager#getCaptivePortalServerUrl.
With this change, the default value returned by the framework is
configured in framework resources as
config_networkDefaultCaptivePortalServerUrl. NetworkMonitor behavior may
change as it is an updatable component, but the current URL is
configured in NetworkMonitor resources as
config_captive_portal_http_url.
Test: flashed, booted, WiFi and captive portal working
Test: ConnectivityManager#getCaptivePortalServerUrl returns correct
value.
Bug: 127908503
Change-Id: I371dedc5b22efa909d7fd58e1ebe9b8aaced9780
1. Some API's argument/return value must be marked either
@NonNull or @Nullable.
2. Change some system APIs to public APIs.
3. Modify the method name
Bug: 126700123
Bug: 126702339
Bug: 126699682
Bug: 118296575
Bug: 126699216
Bug: 126699675
Bug: 126699429
Bug: 126699193
Bug: 123586045
Test: atest FrameworksNetTests
Change-Id: Iaa2832cdcf83758ed0fec81b954a0c63bc5a7bf6
Replace TcpSocketInfo with TcpKeepalivePacketDataParcelable
because their structures are very similar.
bug: 128882321
Test: -build, flash, boot
-FrameworksNetTests
Change-Id: Iafb4031a64ba4775a495c156e2c997d890c6b261
The uid information of a removed package cannot be retrieved by the
packageName anymore once it is removed. So it would be useful to provide
the uid of removed package in the onPackageAdded and onPackageRemoved
method of the PackageListObserver. This modification helps simplify the
design in PermissionMonitor.
Bug: 125396053
Test: dumpsys netd trafficcontroller
Exempt-From-Owner-Approval: Already merged in internal master
Merged-In: I2bd4bdf924687960a4fa3a47235bae68d885e445
Change-Id: I2bd4bdf924687960a4fa3a47235bae68d885e445
With the @JavaOnlyStableParcelable annotation, Network can now be used
as-is as a framework parcelable.
Test: atest FrameworksNetTests NetworkStackTests
Bug: 126477266
Change-Id: I5d9695a31b3ac48d10edcf08ccd0c34375353b79
