As API review feedback, setting allowed on restricted networks
should be by uid instead of package name for security reason.
Thus, update the getter/setter to return/accept set of uids.
Bug: 188085693
Test: atest FrameworksNetTests
Merged-In: I979bf98075e6c9c0ed7e891582843fddb62643cb
Change-Id: I979bf98075e6c9c0ed7e891582843fddb62643cb
As API review feedback, setting allowed on restricted networks
should be by uid instead of package name for security reason.
Thus, update the getter/setter to return/accept set of uids.
Bug: 188085693
Test: atest FrameworksNetTests
Ignore-AOSP-First: Needs cherry-picks
Change-Id: I979bf98075e6c9c0ed7e891582843fddb62643cb
This CL updates ConnectivityDiagnostics permission checks in
ConnectivityService to only require location permission for Networks
that have TRANSPORT_WIFI. This change is consistent with the location
restrictions required for the transports themselves. Previously,
location permissions were required for all Network types.
Bug: 187310575
Test: atest ConnectivityServiceTest ConnectivityDiagnosticsManagerTest
Change-Id: I48806533e4e705d2d9be45f3b3d3931d9294b167
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
Merged-In: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This commit allows IKEv2/IPsec VPN to propose more algorithms that
newly added in IpSecAlgorithm. Those new algorithms have stronger
security guarantees and better performances.
This commit also removes algorithm name validation because all
algorithms are URL encoded to ensure no special characters create
problems due to their use by VpnProfile for list or field delimiting
(e.g. rfc7539esp(chacha20,poly1305))
Bug: 185265778
Test: atest FrameworksNetTests, CtsNetTestCases
Test: All new algorithms are manually verified
Change-Id: I1de322c95aacc8924e95bcdbcfdbd1ec441de99c
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
Merged-In: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
(cherry picked from commit f3d0fc49db)
Previous the API ignores subscriberId when network type is WIFI.
Allow caller to call querySummaryXXXX with TYPE: WIFI
+ subscriberId: IMSI to get carrier merged wifi usage which matches the wifi
network with the given IMSI.
Bug: 176396812
Test: atest -c NetworkStatsServiceTest
Change-Id: Ia033521a24e2bb56182d74a41bb2b39710571782
Merged-In: Ia033521a24e2bb56182d74a41bb2b39710571782
Let PermissionMonitor read APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting and grant netd system permission to uids whose package
name is listed in setting.
Bug: 185149952
Test: atest FrameworksNetTests
Merged-In: I856b545c0339a262abbe9d432cfda125bc82dc12
(clean cherry-pick)
Change-Id: I856b545c0339a262abbe9d432cfda125bc82dc12
Currently, unprivileged apps can call getAllNetworks() to see
all networks on the system, even networks that do not apply to
them. Allow them to do this via NetworkCallbacks as well.
This is the last piece of information that was only available
through getAllNetworks, so this CL deprecates that API.
Bug: 187921303
Test: new unit tests
Test: CTS test in other CL in topic
Change-Id: I30f1021927d3c8eae6525116c61ff4a4acecff6d
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
This CL updates ConnectivityService to check location permissions for
ConnectivityDiagnostics callbacks last in the permission check process.
This minimizes misattribution of location access for networks that an
app is not administering.
This CL also updates ConnectivityDiagnosticsManager documentation to
clearly state that location permissions are required in order to receive
callbacks.
Bug: 187310575
Test: atest ConnectivityDiagnosticsManagerTest
Test: atest ConnectivityServiceTest
Change-Id: I2dbeddac6273e2392ccaeae51a1c7776d6d3da75
PermissionMonitor register APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting observer to listen setting changed callback. Then update
or revoke permission for those apps.
Bug: 185149952
Test: atest FrameworksNetTests
Change-Id: I4b6a21bd3f47b7bcaac36fcabf1202a5a84a4520
PermissionMonitor register APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting observer to listen setting changed callback. Then update
or revoke permission for those apps.
Bug: 185149952
Test: atest FrameworksNetTests
Change-Id: I4b6a21bd3f47b7bcaac36fcabf1202a5a84a4520
Let PermissionMonitor read APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting and grant netd system permission to uids whose package
name is listed in setting.
Bug: 185149952
Test: atest FrameworksNetTests
Change-Id: I856b545c0339a262abbe9d432cfda125bc82dc12
Let PermissionMonitor read APPS_ALLOWED_ON_RESTRICTED_NETWORKS
setting and grant netd system permission to uids whose package
name is listed in setting.
Bug: 185149952
Test: atest FrameworksNetTests
Change-Id: I856b545c0339a262abbe9d432cfda125bc82dc12
Previous the API ignores subscriberId when network type is WIFI.
Allow caller to call querySummaryXXXX with TYPE: WIFI
+ subscriberId: IMSI to get carrier merged wifi usage which matches the wifi
network with the given IMSI.
Bug: 176396812
Test: atest -c NetworkStatsServiceTest
Change-Id: Ia033521a24e2bb56182d74a41bb2b39710571782
Previous the API ignores subscriberId when network type is WIFI.
Allow caller to call querySummaryXXXX with TYPE: WIFI
+ subscriberId: IMSI to get carrier merged wifi usage which matches the wifi
network with the given IMSI.
Bug: 176396812
Test: atest -c NetworkStatsServiceTest
Change-Id: Ia033521a24e2bb56182d74a41bb2b39710571782
Yielding cell wins to exiting wifi (whether good or bad).
It loses to bad wifi that's not exiting.
In R, yielding to bad wifi only affects wifis that are
unvalidated, but a wifi that is exiting should still be
dropped in favor of a cell that yields to bad wifi.
I had misunderstood the policy and implemented it wrong.
Now it's implemented right, and has careful tests.
Test: new tests for this
Bug: 186458024
Change-Id: Ib8637100d491e72a2edb837584ce55b7dda58524
Address API review feedback, other APIs have been refering to
these as "interface" instead of "iface" so migrate the APIs named
*Iface* to *Interface*.
(cherry-picked from ag/14326779)
Bug: 183972554
Test: atest android.net.UnderlyingNetworkInfoTest
Merged-In: I38b476e762fb57fa88c4a789092d0af6f5330d80
Change-Id: I38b476e762fb57fa88c4a789092d0af6f5330d80
Address API review feedback, other APIs have been refering to
these as "interface" instead of "iface" so migrate the APIs named
*Iface* to *Interface*.
(cherry-picked from ag/14326779)
Bug: 183972554
Test: atest android.net.UnderlyingNetworkInfoTest
Merged-In: I38b476e762fb57fa88c4a789092d0af6f5330d80
Change-Id: I38b476e762fb57fa88c4a789092d0af6f5330d80
As a part of internal core libraries cleanup move usages of
IoUtils#deleteContents from CorePlatformApi set to framework.
Bug: 154796679
Test: m update-api
Change-Id: If7037029026b6753ab64be09aa52c40e04d5c7b1
As a part of internal core libraries cleanup move usages of
IoUtils#deleteContents from CorePlatformApi set to framework.
Bug: 154796679
Test: m update-api
Change-Id: If7037029026b6753ab64be09aa52c40e04d5c7b1
Currently, NetworkCapabilities always redacts the TransportInfo
objects it contains whenever a defensive copy is made. This makes
it impossible to make a defensive copy on a TransportInfo
parcelled from another process without redacting it.
Stop redacting by default; instead rely on ConnectivityService
explicitly calling NetworkCapabilities' redacting constructor
when it returns a NetworkCapabilities object to an app via a
callback or synchronous call. This is currently done by
- createWithLocationInfoSanitizedIfNecessaryWhenParceled, which
is called from callCallbackForRequest, getNetworkCapabilities,
and getDefaultNetworkCapabilitiesForUser.
- getNetworkCapabilitiesWithoutUids, which is used when sending
ConnectivityDiagnosticsManager callbacks. In this method,
unconditionally redact all information, which is what the code
did previously due to the default redaction setting for empty
NetworkCapabilities objects being REDACT_ALL.
Bug: 183938194
Test: atest NetworkCapabilitiesTest
Test: atest FrameworksNetTests CtsNetTestCases HostsideVpnTests
Change-Id: I3108ee94cb0930958e071ba678c3554525b0db82
