Tethering currently inherits from the AIDL interface
INetworkManagementEventObserver, so it has to provide no-op
implementations of all the interface's methods. Inherit from
BaseNetworkObserver and get rid of the no-ops.
[Cherry-pick of f4e90eac87bc31611ddd80c46fc924d35ce66c1c]
Bug: 9180552
Change-Id: I74859b0d77951005651aaaa418185857e40eeedb
The VPN permission check required internal knowledge that
other checks in the system would ensure that
package "com.android.vpndialogs" was genuine. In the
off chance those other checks change, or someone is
able to spoof the package name, this will at least
check to see that the app is on the system image; one
more hurdle to jump.
The original code for this change came from
https://android-review.googlesource.com/62270
Change-Id: I55580bee0b30036b0fee9ca4e43de9b736b194fe
Signed-off-by: William Roberts <wroberts@tresys.com>
Stop the broadcast from being accidentally sent when PAC is in the process
of downloading / binding local proxy. Only send broadcast when valid port
is contained (i.e. sent by PacManager).
Bug: 11168706
Change-Id: I998711fcf0a6bd82bdef413726ec41317752a57b
Changes the PacManager to report message back to ConnectivityService
to send a broadcast once the download has completed. This allows the
ConnectivityService to store the correct proxy info for getProxy().
This made the problem arise that ProxyProperties was not handling port
while it had PAC. Added small fix for equals() and parcelization.
The combination of these fixes seems to resolve Bug: 11028616.
Bug: 11168706
Change-Id: I92d1343a8e804391ab77596b8167a2ef8d76b378
First, startTime's default value is -1 and not 0, so use it to test
if the startTime is set. Also, startTime isn't being set when connecting
legacy VPN; this change fixes that too.
Bug: 10985174
Change-Id: Ibf52b8f489b18c96efba501b76aa73e9a9e0e3e8
The PacManager now waits until the local proxy is bound and the PAC file
is downloaded before sending out the proxy broadcast.
Bug: 10895515
Change-Id: Iaa7fc0989b52453aeeb720b44df0fca0fcb959ca
PacManager previously would unbind service even when there was no
connection. This means that multiple set proxies of no PAC after a PAC was
present would cause the framework to crash.
Bug: 10801296
Change-Id: I4387b50b6510cea3ee73425c8a0a837f816b0ce1
This changes the PAC support to not broadcast the Proxy information until
the Local Proxy has started up and successfully bound to a port so that
the local proxy information can be guaranteed to be owned by the proxy.
Bug: 10459877
Change-Id: I175cd3388c758c55e341115e4a8241884b90d633
netd now tracks statistics for tethered interfaces across tethering
sessions, so switch to asking for all tethering stats. (Currently
we're double-counting all tethering data, ever since it started
tracking across sessions.)
Also catch OOME to handle corrupt stats files, which we then dump to
DropBox and then start over.
Bug: 5868832, 9796109
Change-Id: I2eb2a1bf01b993dd198597d770fe0e022466c6b9
The PAC Local Proxy priviously caught proxy broadcasts and started itself
when needed. Now it is bound by the system the same way the pac processing
service is started.
Bug: 10425091
Change-Id: I746daa21645a11aa18ef464f00c8cb5536d8c86f
This switches the PacProcessor over to an Android Service. The service
is bound and unbound by the PacManager, which also adds it to the
ServiceManager, allowing for Context-Free access by the PacProxySelector
in all DVMs.
bug:10182711
Change-Id: Id1ff7660be56e8976cdcccd76e041feb47a17a61
1. Add addressUpdated and addressRemoved methods to
INetworkManagementEventObserver. (The -Updated method is not
called -Added because it gets called for both adds and
changes.) Update all its callers in the tree.
2. Make NetworkManagementService parse IP address notifications
from NetlinkHandler and call the address{Removed,Updated} on
its observers.
Bug: 10232006
Change-Id: Ieb185dbba052bdbff03caafc0cf5397a7f04dc6d
PAC (Proxy auto-config) files contain a single javascript function,
FindProxyForURL(url, host). It gets called to determine what proxy should be
used for a specific request.
This adds PAC support to the system. The ProxyProperties has been modified
to hold the PAC file when one is present. The Proxy method
setHttpProxySystemProperty has been modified to insert a PacProxySelector
as the default ProxySelector when it is required. This new ProxySelector
makes calls to the ConnectivityService to parse the PAC file.
The ConnectivityService and the WifiConfigStore have been modified to support
saving the extra PAC file data.
The ConnectivityService now has a class attached (PacProxyNative) that
interfaces to the native calls for PAC files. The parsing of the PAC file
is handled by libpac (which is being added to external/) which utilizes
libv8 to parse the javascript.
As a fallback to applications that don't use the java ProxySelector, the proxy
is setup to point to a local proxy server that will handle the pac parsing.
bug:10182711
Change-Id: I5eb8df893c632fd3e1b732385cb7720ad646f401
It used to be set at boot, but that was too quick to pick up carrier
specific resources. With this change even if you switch sims subequent
checks get the new values.
bug:9865616
Change-Id: I8c270c6b02fc6bdd3c3d76ceea58172df25e058d
Move away from storing the configs in the Intent to prevent issues with
PendingIntents and multiple configs.
The Dialog now queries ConnectivityService for the configuration to
display in the management dialog.
Change-Id: I0e0ef52db840152914d117a24f776d8106e836ff
VPNs are now per user instead of global. A VPN set by user A routes only
user A's traffic and no other user can access it.
Change-Id: Ia66463637b6bd088b05768076a1db897fe95c46c
On stacked interfaces like 464xlat, Legacy VPN can't find the
default gateway because it uses getRoutes, which only returns
routes for the base link and not for the stacked links. It also
assumes that the interface that the default route points to is
the interface for the base link (e.g., rmnet0) instead of the
interface the route actually points to (e.g., clat4).
Fix this by calling getAllRoutes to find the default IPv4 route,
and get the interface name from the route we find instead of
assuming it's the base interface.
Bug: 9597516
Change-Id: Ia6ce0b6258a421cd22f60dedca7e94176b32176b
Various applications such as Skype and our legacy VPN code
do not understand routes pointed directly at point-to-point
interfaces and require a default gateway IPv4 address in
order to function.
Grudgingly accept that routes without default gateways Are Hard
and use gatewayed routes instead. This causes routing to go from:
default dev clat4 scope link
to:
default via 192.0.0.4 dev clat4 scope link
192.0.0.4 dev clat4 scope link
and those apps now work.
Bug: 9597256
Bug: 9597516
Change-Id: I7b7890873802d3cb99affd6eb70b8ab75e7a2cf6
This introduces four generic thread that services can
use in the system process:
- Background: part of the framework for all processes, for
work that is purely background (no timing constraint).
- UI: for time-critical display of UI.
- Foreground: normal foreground work.
- IO: performing IO operations.
I went through and moved services into these threads in the
places I felt relatively comfortable about understanding what
they are doing. There are still a bunch more we need to look
at -- lots of networking stuff left, 3 or so different native
daemon connectors which I didn't know how much would block,
audio stuff, etc.
Also updated Watchdog to be aware of and check these new
threads, with a new API for other threads to also participate
in this checking.
Change-Id: Ie2f11061cebde5f018d7383b3a910fbbd11d5e11
Recent changes started watching for CONNECTIVITY_ACTION broadcasts
to handle the case where a network is disconnected without the
interface going down.
However, when lockdown VPN is enabled, the broadcast contents are
augmented, and all connections appear disconnected until the VPN
comes online. This caused a reset feedback loop to occur.
Since LockdownVpnTracker already handles networks being disconnected
separately from interfaces going down, this change disables handling
the broadcast when lockdown is enabled.
Bug: 8755148
Change-Id: I70a348aa97a4b22eaaf23aa5ed344de3e9a9ab0b
VPN used to just watch the interface, but that is insufficient. There
is no promise that the interface will go down when we're done with it.
Now that wifi stays on in scan-only mode despite user turning it off
it seems that the interface is left up, even in AP mode.
Now listening for ConnectivityService broadcast that the network we were on
has disconnected and tearing down the VPN then or when the interface
goes away.
bug:8550083
Change-Id: Icf414497bc55bead69de04e91f39f90ac2e6578a
Normally, clatd is stopped when a connection disconnects.
However, if the connection's LinkProperties change, or if the
disconnect somehow gets lost (e.g., because of bug 8486114),
then we need to stop it (and possibly restart it).
Bug: 8276725
Change-Id: Ib8ad0d653ed8d0cd70b7414bcaa8fdaef8ba5fcc
1. Add a Nat464Xlat service that ConnectivityService can use
to start and stop clat. When clat is started, the service
waits for the clat interface to come up and then calls
ConnectivityService to add the appropriate routes.
2. Make ConnectivityService start clat when an IPv6-only mobile
interface is connected. We only support clat on mobile for
now.
3. Make tethering use the interface that has the IPv4 default
route insted of using the base interface of the
LinkProperties. This allows us to tether to a stacked
interface, which is needed for tethering with 464xlat.
Bug: 8276725
Change-Id: I24480af69ee280f504399062638af0836a56268e
Must remember the outer interface - undoes a change from a
couple months ago that broke things.
bug:7336302
Change-Id: Ia4f60862c60f3078853e151980e09cbf22a57222
When we add a second type of tethering we unify the notifications
into a single generic type. This is done by canceling the first
and replacing it, but this flow was improperly canceling, so
you could end up with orphaned tethering icons.
bug:7283605
Change-Id: I1d136f51592b4326d48578cf67b69122e45d4984
Fixed one setting that was migrated but not marked deprecated.
Removed a hidden setting that is no longer used by the new
power manager service.
Bug: 7231172
Change-Id: I332f020f876a18d519a1a20598a172f1c98036f7
Also fix a bunch of system services that should be doing this. And
while doing that, found I needed to fix PendingIntent to evaluate
USER_CURRENT at the point of sending, not creation.
Note that this may end up with us having some notification shown to
non-primary users that lead to settings UI that should only be for
the primary user (such as the vpn notification). I'm not sure what
to do about this, maybe we need a different UI to come up there or
something, but showing the actual notification for those users at
least seems less broken than not telling them at all.
Change-Id: Iffc51e2d7c847e3d05064d292ab93937646a1ab7
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.
ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.
This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.
Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
Generate the racoon and mtpd daemon arguments in system_server,
instead of accepting them from Settings.
Bug: 5756357
Change-Id: I42c1a644f6add477fe4222342640d7db15982cb8
Created base tracker that handles common bookkeeping, and move VPN
to become a tracker. VPN status is now reflected in NetworkInfo, and
is mapped to LegacyVpnInfo.
Legacy VPN now "babysits" any init services it starts, watching for
when they stop unexpectedly.
Bug: 5756357
Change-Id: Iba7ec79da69469f6bd9a970cc39cf6b885b4c9c4
