This change makes IPsec tunnel interfaces automatically get brought up
once they are created. Originally this was considered to be an
additional safety check, as they would not be start routing traffic
until explicitly brought up. However, in the intervening time, the
NetworkManagementController now requires the NETWORK_STACK permission to
set an interface as up. Additionally, that call is a hidden API, and
thus not usable for use cases such as IWLAN.
Bug: 149348618
Test: FrameworksNetTests, CtsNetTestCases passing.
Change-Id: I55b63a748463a388e1e2991d2d5d6b3023545e60
Validate route addition and deletion after linkProperties are
changed.
Test: atest ConnectivityServiceTest#testStackedLinkProperties
Change-Id: I18296b933e856a0f8a4c1dbd75bd35024853bfbb
Also add methods to set the legacy subtype and the APN name.
These have to be added together because they have to be used
together.
Bug: 138306002
Bug: 139268426
Test: atest FrameworksNetTests FrameworksWifiTests FrameworksTelephonyTests
Change-Id: Ie90b8d290eab490061d5cb066744b67d597b9469
Merged-In: Ie90b8d290eab490061d5cb066744b67d597b9469
(clean cherry-pick from internal branch)
This change adds permission checking to ensure that the following
conditions are enforced in order for apps to receive the owner UID:
1. The app must be the owner of the network
2. The app must hold the FINE_LOCATION permission/appop
3. The user must have their location toggle enabled.
Bug: 142072839
Test: atest FrameworksNetTests
Change-Id: I7a981a82f1219828ee89c8c96eb9d2efd153377f
For all networks, NetworkInfo.isAvailble has basically always
been true for all connected networks. The new NetworkAgent API
sets it to false, and this causes application breakage. Always
set it to true.
Bug: 148126438
Test: builds, boots, searching in maps works again
Change-Id: Ia9876b0ce7f02120bd05cab526346cad22cf62b3
Merged-In: Ia9876b0ce7f02120bd05cab526346cad22cf62b3
(clean cherry-pick from internal branch)
The non-updatable part of the platform now is built with
framework-tethering-stub, which is a stub library of
framework-tethering.
Bug: 147200698
Test: m
Change-Id: I97ef83f7f9b4c1376f373713036f5256318f1050
Merged-In: I97ef83f7f9b4c1376f373713036f5256318f1050
This commit allows the startLegacyVpn() call to start Platform VPN
profiles, allowing Settings to use the IKEv2/IPsec VPN options
When using an aliased private key, the
Ikev2VpnProfile.KEYSTORE_ALIAS_PREFIX must be prepended to the front of
the alias. This will in turn result in the fromVpnProfile() function to
pull the key from the KeyStore, as opposed to the inline-key that the
VpnManager API uses.
Bug: 148991741
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested
Change-Id: Icbca695c353b2e12e99305676404dbf1a4495949
This commit allows Platform VPNs to be started as part of always-on
mode.
Test: FrameworksNetTests passing, new tests added in subsequent CL
Test: Manually tested.
Change-Id: I5eda88e5b406a0e425eb7424665cf702e0979324
Merged-In: I5eda88e5b406a0e425eb7424665cf702e0979324
Routes will always have unique destinations. Update tests
to use unique destinations when adding multiple routes.
Test: treehugger
Change-Id: I238899b0643407a1be29eb66d28728ca5d5dbc80
Add the service manager argument that is added for the notification
manager.
Test: atest FrameworksNetIntegrationTests
Bug: 139269711
Change-Id: Ie657687000a068b3892d04440b20b3408e875a00
When new CaptivePortalData is received from NetworkMonitor, send a
LinkProperties updated callback.
The updated LinkProperties only contain CaptivePortalData if the
receiver has NETWORK_SETTINGS or MAINLINE_NETWORK_STACK permissions, as
defined in the current callback code.
Test: atest FrameworksNetTests
Bug: 139269711
Change-Id: I68595a519171b31792259849efff5f58c43cacd4
Revert "Use createRandomUnicastAddress from MacAddressUtils"
Revert "Add net-utils-framework-net to telephony-common"
Revert submission 1191997-net-utils-framework-net
Reason for revert: Droidcop-triggered revert due to breakage https://android-build.googleplex.com/builds/quarterdeck?branch=git_qt-qpr1-dev-plus-aosp&target=aosp_taimen-userdebug&lkgb=6208131&lkbb=6208273&fkbb=6208273, bug b/149551544
Reverted Changes:
Ib1c807d64:Use createRandomUnicastAddress from MacAddressUtil...
I9e0f297e0:Add net-utils-framework-net to telephony-common
Ieb8927f9a:Remove framework code that has moved to frameworks...
Change-Id: I2824f781babd9f7e0bb9df524dadf6b8397dcaa1
State override is only handled when state is changed from
CONNECTED to SUSPENDED but not reverse path. Handle both ways
for SUSPENDED state.
Bug: 148678431
Test: FrameworkNetTests
Change-Id: I9333f865d61bbf008fdb8ca162ad17dfdffd1d67
This CL adds checks to ensure restricted users cannot change or
start/stop platform VPNs. In addition, this also adds checks to the
ConnectivityManager#getConnectionOwnerUid() to ensure that only
VpnService based VPNs can identify connections
Bug: 148040659
Test: FrameworksNetTests run
Change-Id: Id47ada5766036bfc84f3ba47f66f2d2683af916d
Add the requestorUid & requestorPackageName fields to
NetworkCapabilities. This is populated by CS when
a new network request is received.
These 2 requestor fields are also optionally used for network
matching. All of the regular app initiated requests will have the
requestor uid and package name set by connectivity service. Network
agents can optionally set the requestorUid and requestorPackageName
to restrict the network created only to the app that requested the network.
This will help removing the necessity for the various specifiers to embed
the uid & package name info in the specifier for network matching.
Note: NetworkSpecifier.assertValidFromUid() is deprecated & removed in
favor of setting the uid/package name on the agent to restrict the
network to a certain app (useful for wifi peer to peer API & wifi aware).
Bug: 144102365
Test: Verified that wifi network request related CTS verifier tests
pass.
Test: Device boots up and connects to wifi networks
Merged-In: I207c446108afdac7ee2c25e6bbcbc37c4e3f6529
Change-Id: I58775e82aa7725aac5aa27ca9d2b5ee8f0be4242
* changes:
[NS B10] Cleanup : remove mRematchedNetworks
[NS B09] Create NetworkRanker
[NS B08] More simplification
[NS B07] More simplification
[NS B06] Simplification
[NS B05] Remove old dead code
[NS B04] Make the network selection request-major.
[NS B03] Add debug log showing the reassignment
[NS B02] Split out a function to apply a NetworkReassignment
[NS B01] Move the computation loop to a separate function
[NS A44 2/2] Apply requests after all networks rematching is computed
[NS A44 1/2] Update linger state before processing listens
This is better computed by the code that applies the change
than by the code that computes the reassignment
Test: FrameworksNetTests
Change-Id: I13e2764fd9b29145499085c3bb56de88a97d6c3c
Only computing the reassignment does not actually change the
default network.
Test: FrameworksNetTests
Change-Id: I21ddf5cc1e3d3817055dbda4246e38ceb0732407
This check is now unnecessary, seeing how the code adding these
changes is now guaranteed to only add at most one change for
each request.
Test: FrameworksNetTests
Change-Id: Ia0443602d9c89ee413e956df9c7b79f8f74813f7
This patch marks the most important turning point of this
refactoring. Cleanups removing unused code will follow.
Replace the old network-major reassignment computation with a
much simpler and faster loop that takes each request and assigns
it the highest-scoring network.
All tests pass, of course.
Bug: 113554781
Test: FrameworksNetTests
Change-Id: Ie143802995155151a38a4eb1d2f26c3f29e556bd
This makes the rematchAllNetworksAndRequests function, which
is the nexus of the rematching code, very straightforward and
easy to read.
Bug: 113554781
Test: FrameworksNetTests
Change-Id: I5cea4ed7e06439494700d88ab202b696402fa360
