This is a Client-only solution.
- Add to NetdClient a per-process std::atomic_boolean
similar to netIdForProcess and netIdForResolv.
- The boolean says whether the process should be
allowed Internet connectivity.
- Add an @hide method to NetUtils.java to set the boolean;
call it from the initialization code of the new
process just after forking from zygote.
- Make netdClientSocket and dnsOpenProxy check the
boolean. If the boolean is false, return EPERM from
socket calls.
Bug: 150028556
Test: atest NetworkUtilsTest
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
Change-Id: If002280fbad493dfc2db3d9d505c0257d49a9056
Exempt-From-Owner-Approval: OWNERS already approved identical patchset 5
1. Previously, getDnsNetId doesn't handle all the cases.
Fix it with cosidering bypass private DNS flag.
2. Make getDnsNetId return Network instead of netId,
and change name from getDnsNetId to getDnsNetwork
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Change-Id: Ic8d45b802d72a266f9ec97bfea620c1ede6967e5
1. pass default network explicitly to fix potential
mis-sync network problem in DnsResolver#query
2. Add rfc6724 sort and related test
3. DnsResolver do rfc6724 sort before response InetAddress answers
4. move haveIpv* function from DnsResolver to DnsUtils
Bug: 129530368
Test: atest DnsResolverTest DnsUtilsTest
Change-Id: I4efa599c0605f6a9e4ef2dd1a36572c69b3c433f
To address the API review feedback provided by
the API council.
Bug: 129261432
Test: atest DnsResolverTest
Change-Id: I3de11c913682abf790850b45cd5d50ac28b3fc5c
The SocketUtils.attach*Filter and SocketUtils.addArpEntry methods
were added there because they could not be added as JNI inside
the NetworkStack. This was not possible because on Go devices,
the NetworkStack was a jar library. But now, Go also uses an APK.
Hence, move these methods to the NetworkStack.
Change-Id: I1d88a0f0be23f2b15d5103fa092b9bf982329d7c
Fix: 129433183
Test: atest NetworkStackTests FrameworksNetTests
This problem might cause double-close fd and result in app crash
or unexpected behaviour
Bug: 129317069
Test: atest DnsResolverTest
manual test with delaying response callback/cancel
Change-Id: I223234f527edafc51d34fa6be390419c05def8d8
When offload is starting, socket will be switched to repair
mode. Read and write on the socket will not be allowed until
repair mode is turned off. If remote packet arrives, repair
mode will be turned off automatically and a callback will
be raised to indicate that socket is ready to read from.
Bug: 114151147
Test: -atest FrameworksNetTests
-manual
Change-Id: I0c335865912e183e7ad32a8ea12188f02ccde5fd
This is to be used by the new DhcpServer to add ARP entries with new
addresses before sending unicast responses.
Test: manual: cat /proc/net/arp with implementation based on this
Bug: b/109584964
Change-Id: I3559893583aa3c49b188ad689a41ee2f3e9d9bf3
libnativehelper exports headers under nativehelper. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using frameworks/base find headers
Bug: 63762847
Change-Id: I0f9f231acdebe460f279135462f43d3e32eff64d
Listen for ICMP6 router advertisements on networks that support
packet filters. Construct packet filters and install them to
ignore redundant future ICMP6 router advertisements.
Bug: 26238573
Change-Id: If78300b9fda257c21f3ee6533e1da7de9f897cb4
These functions risk hitting an unchecked Exception due to ConnectivityManager
not being instantiated yet. Also, change Network.openConnection() to throw a
checked Exception rather than an unchecked Exception when ConnectivityManager
is not yet instantiated.
bug:19416463
Change-Id: Ie1e2b3238aec0343d267c76b64927073f2f05f85
Separate out starting DHCP (DISCOVER) and RENEW operations from fetching
the results. Add NetworkUtils.getDhcpResults(), to enable quick checks
of any available DhcpResults without extraneous interaction with the
DHCP daemon.
Bug: 19422416
Change-Id: I58808e529dda8429737e749f5caef56d923c0809
ICU, zlib & openssl export them using LOCAL_EXPORT_C_INCLUDE_DIRS.
The dependency on libc/dns/include was bogus and can be removed
trivially.
bug: 18581021
Change-Id: I4b8047ff0df1050ab48b61c0c886888b3f2f0c18
Do not use LOG_FATAL_IF in JNI setup. This is one-time on startup
and important enough to always check.
Add a header with common helper definitions. Move to inlined functions
instead of macros to clean up the code.
Change-Id: Ib12d0eed61b110c45d748e80ec36c563e9dec7e5
LinkProperties can represent way more complicated configurations
than what we can actually apply to interfaces. This makes it
error-prone to use it to represent static configuration, both
when trying to apply configuration coming from LinkProperties
and when trying to save configuration from current
LinkProperties.
Instead, move static configuration (IPv4 only, since we don't
support static IPv6 configuration) into a separate
StaticIpConfiguration class.
Bug: 16114392
Bug: 16893413
Change-Id: Ib33f35c004e30b6067bb20235ffa43c247d174df
This eliminates the need for the ConnectivityService.VpnCallback class.
This requires shifting VPNs to the new "network" netd API.
VpnService.protect() is modified to no longer go through ConnectivityService.
NetworkCapabilities is extended to add a transport type for VPNs and a
capability requiring a non-VPN (so the default NetworkRequest isn't satisfied
by a VPN).
bug:15409918
Change-Id: Ic4498f1961582208add6f375ad16ce376ee9eb95
This is implemented by calling through to netd_client.
Included are functions to bind-to-network-for-process strictly for DNS to
facilitate startUsingNetworkFeature() reimplementation.
Change-Id: Ib22c7d02ea81d251bdfeeb0f64a47ce32eefcb1b
This helps to prepare for future updates from external sources.
Bug: 9298955
Change-Id: I4c63ad5fc1ea3564aab38cfce955de19bad75c0c
(cherry picked from commit fb40801ed8c217ae01082fb1cbd0c30bbf5532ac)
