Add more tests to PermissionMonitor to verify the functionality related
to INTERNET permission and UPDATE_DEVIE_STATS permission. Modified some
of the class design of PermissionMonitor so that it is easier to test
the new functionalities.
Bug: 111560570
Test: PermissionMonitorTest
Change-Id: Ic5585f337db5de48e2f87bf4f01ed7d85c349827
- Restrict unprivileged apps to use
NetworkRequest.Builder#setSignalStrength.
- Remove the "throws NullPointerException" in
CaptivePortalProbeSpec constructor.
- Remove the null check in LinkProperties.
- Add annotataion into all ConnectivityManager.NetworkCallback
methods.
Change-Id: Id275cac1d6a30d7515cd7b113394f5e8a0179314
Fix: 129097486
Test: atest FrameworksNetTests
Currently, onStopped callback are synchronizely triggered when
stop() was called, since the framework don't really care
about the result of stopping keepalive.
However, if keepalive failed to stop for some reason, the
handleStopKeepalive was called mistakenly and trigger additional
callback that fail the test case.
This commit is the behavior change prior to state machine
refactoring, and introduce a stopping state for ignoring the
result in the stopping state.
Bug: 129512753
Bug: 123988249
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests
Change-Id: I4fa94e0740ba488fb5fe7ac7c3812c195dd0ec4c
The system server (in SystemServer.java) defines the boot
sequence, during which an event called SystemReady happens.
This corresponds to a time when critical system services
that are depended upon by other components in the system
server are ready to handle requests from their dependencies.
Some system services are listening to this event to defer
initializations that depend on the critical services.
Because the network stack is only started after SystemReady,
there is no way any NetworkMonitor may be started before
SystemReady. Remove the associated mechanism.
Fix: 129376083
Test: FrameworksNetTests
Change-Id: I071eeb10d0b7c4f71af6653d322c7b442b2cc7ee
NetworkMonitor obtained LinkProperties and NetworkCapabilities via
synchronous calls to ConnectivityManager after receiving an asynchronous
notification, which is prone to races: the network could be gone before
the LinkProperties/NetworkCapabilities can be fetched.
Fix the race by passing LinkProperties/NetworkCapabilities directly to
NetworkMonitor in the asynchronous notifications.
Test: atest FrameworksNetTests NetworkStackTests
Test: booted, WiFi works
Bug: 129375892
Change-Id: I200ac7ca6ff79590b11c9be705f650c92fd3cb63
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
VPN uid.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I9d8d0cc58d18002c1c96f8ddff780ef8dc452d21
Currently, socketKeepalive implementation is accepting null fd
due to backward compatibility with legacy packet keepalive API.
However, due to lack of the fd, the service cannot guarantee the
port is not reused by another app if the caller release the port
for any reason.
Thus, grant the null fd access only for priviledged apps.
This commit also address some comments from aosp/918533.
Bug: 126699232
Test: atest FrameworksNetTests
Change-Id: I0baf582ff4ca8af6082c3754e8dfbcd867f39792
Currently, if the lower layer, e.g. wifi, didn't successfully
start keepalive by any reason. Due to the startedState changed
to NOT_STARTED first, the logic inside stop() will skip the
removing process and cause leak.
Thus, moving the changing of startedState to proper place first
to unblock subsequent changes first.
Bug: 123988249
Bug: 129371366
Test: atest FrameworksNetTests
Change-Id: I4bba01bacc80e1dac2023ef831b5ade5501894e4
For native services such as mediaserver and audioserver, the permission
information cannot be retrieved from getInstalledPackages. Instead, the
high level permission information is avalaible in systemConfigs. With
those permission information, netd can store the complete list of uids
that have UPDATE_DEVICE_STATS permission.
Bug: 128944261
Test: dumpsys netd trafficcontroller
Change-Id: I0331d5a3a5b927a351fcfe6689ef1ba2b993db0c
Change the INTERNET permission implementation so it only block socket
creation when non of the packages under the same uid have internet
permission. Fix the UPDATE_DEVICE_STATS permission so only the uid that
own the permission can change it.
Bug: 111560570
Test: CtsNetTestCasesUpdateStatsPermission
CtsNetTestCasesInternetPermission
Change-Id: I42385526c191d4429f486cde01293b27fcc1374b
Per API review, change the use of FileDescriptor to
ParcelFileDescriptor.
This change also fix nullability according to API review
feedbacks.
Fix: 126698610
Fix: 126699425
Fix: 126699232
Fix: 126700278
Test: 1. m -j
2. atest FrameworksNetTests --generate-new-metrics 50
3. m -j doc-comment-check-docs
Change-Id: I19476c50dd1ca290bf3f41973829da2bd229796a
Fill correct TOS/TTL value by fetching them from kernel with
getsockopt.
bug: 123967966
Test: -build, flash, boot
-atest FrameworksNetTests
Change-Id: I75b1be51040b4a381163958b4cddd27dbb22bac1
- Remove CaptivePortal constructor from SystemApi. This constructor was
added in Q timeframe and ends up being unnecessary since
CaptivePortal creation was refactored to ConnectivityService because
of visibility issues on ICaptivePortal.
- Rename getAvoidBadWifi to shouldAvoidBadWifi
- Add permission annotation for shouldAvoidBadWifi
(already merged in internal as:
I09545c00af3519dbf141dd5951b28f49e37b3e80)
Test: flashed, WiFi and captive portal works
Bug: 128935314
Bug: 128935673
Merged-In: I09545c00af3519dbf141dd5951b28f49e37b3e80
Change-Id: I7395d4a4db6a64398a827692aee1956c011873e5
- Remove CaptivePortal constructor from SystemApi. This constructor was
added in Q timeframe and ends up being unnecessary since
CaptivePortal creation was refactored to ConnectivityService because
of visibility issues on ICaptivePortal.
- Rename getAvoidBadWifi to shouldAvoidBadWifi
- Add permission annotation for shouldAvoidBadWifi
Test: flashed, WiFi and captive portal works
Bug: 128935314
Bug: 128935673
(clean cherry-pick of AOSP I7395d4a4db6a64398a827692aee1956c011873e5)
Change-Id: I09545c00af3519dbf141dd5951b28f49e37b3e80
The framework cannot return URLs used by the updatable NetworkStack,
which may use configurable URLs, changing URLs, or mechanisms not
involving URLs to detect captive portals. NetworkMonitor has already
been using random fallback URLs for a while that do not match the value
returned by ConnectivityManager#getCaptivePortalServerUrl.
With this change, the default value returned by the framework is
configured in framework resources as
config_networkDefaultCaptivePortalServerUrl. NetworkMonitor behavior may
change as it is an updatable component, but the current URL is
configured in NetworkMonitor resources as
config_captive_portal_http_url.
Test: flashed, booted, WiFi and captive portal working
Test: ConnectivityManager#getCaptivePortalServerUrl returns correct
value.
Bug: 127908503
Change-Id: I371dedc5b22efa909d7fd58e1ebe9b8aaced9780
