There are some design limitations in PacService (one-way aidl calls
from ConnectivityService) that causes it to be racy when PAC proxy are
set and cleared in quick succession. Attempt to mitigate them with the
following changes:
1. Make PacNative a singleton instead of one instance per binder. The
underlying v8 engine is singleton so it makes little sense to have
multiple instances of the PacNative wrapper.
2. Remove the startPacSystem and stopPacSystem API and bind the
PacNative lifecycle to the PacService. Otherwise the one-way
stopPacSystem() binder call could have raced with a next
startPacSystem() call when PAC proxy is cleared and then set.
For this change, startPacSystem() and stopPacSystem() and made no-op
only. They will be fully removed in the next change.
Test: atest --iterations 200 com.android.cts.devicepolicy.DeviceOwnerTest#testProxyPacProxyTest
Bug: 147359729
Change-Id: Ie3ce098167694421f8bd2a6dec85d7c437cfb0be
EDIT
Java and AIDL source files under frameworks/base are now modularized
using filegroup. Each filegroup has 'path' property set to the base
directory of the ssource files. This allows us to not rely on
aidl.[local_]include_dirs and srcs_lib_whitelist_dirs to get the base
directories.
Bug: 70046217
Test: m
Exempt-From-Owner-Approval: Approved internally
Merged-In: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
(cherry picked from commit b360931bf0f2d011dada18762829c0d0e47c54b6)
Change-Id: I0705ddf76b3c628127f65d75e0a8b06c6c250fe2
See build/soong/README.md for more information.
Bug: 122332340
Test: treehugger
Change-Id: I4ccc0a2e13fc49a0109e9823fbcb4077e11455d5
Merged-In: I4ccc0a2e13fc49a0109e9823fbcb4077e11455d5
In fact, libpac is just a normal C++ library, not a JNI library.
Remove it from LOCAL_JNI_SHARED_LIBRARIES. libjni_pacprocessor
is the actual JNI library.
libpac is still being used. libjni_pacprocessor, specified in
frameworks/base/packages/services/PacProcessor/jni/Android.bp,
depends on libpac as shared library.
This change is needed to move libpac into the Runtime APEX.
Bug: 121269980
Test: m droid
Change-Id: I2a985acddbf2083d59fa28cfa76e6e4b80fa5b20
- libpac will be moved into the Runtime APEX module.
Use the new stable C API interface provided by libpac
- The change also removes the following debug log when
error occurs.
ALOGE("Error Running PAC: %s", ret8.string());
When ProxyServerV8::GetProxyForURL != OK, ret8 may not
contain the error message, but the non-ASCII proxy names.
Bug: 121269980
Test: m droid
Change-Id: I0ea0ad7489a23cbc0476dcd66d320f80499f8be1
The implementation logs the error in Android.
libpac will provide C API, not C++ API. This change
prepares for the migration.
Bug: 121269980
Test: m droid
Change-Id: Ib39e76d1880c33656d5ddbffdc3c124e7e911c16
libpac is only used by the PacProcessor, so this prevents us
from installing both the 32 and 64 bit versions of the library
on the system partition.
Test: make
Change-Id: I61033ba66116cf21f5518657df8fcd9fa46cd1b5
This change sets LOCAL_SDK_VERSION for all packages where
this is possible without breaking the build, and
LOCAL_PRIVATE_PLATFORM_APIS := true otherwise.
Setting one of these two will be made required soon, and this
is a change in preparation for that. Not setting LOCAL_SDK_VERSION
makes the app implicitly depend on the bootclasspath, which is
often not required. This change effectively makes depending on
private apis opt-in rather than opt-out.
Test: make relevant packages
Bug: 73535841
Change-Id: Ibcffec873a693d1c792ca210fb597d2bf37e9068
Merged-In: I4233b9091d9066c4fa69f3d24aaf367ea500f760
libnativehelper exports headers under nativehelper. These were
available before incorrectly as global headers in order to give
access to jni.h.
Test: modules using frameworks/base find headers
Bug: 63762847
Change-Id: I0f9f231acdebe460f279135462f43d3e32eff64d
Mostly consists of removing the word "encryption" from most APIs,
since we can't actually make promises about the data being encrypted.
Bug: 27531029
Change-Id: Iace9d7c4e64716abf86ed11847c40f3947e1d625
Add granular StorageManager APIs for key creation/destruction and
unlocking/locking. Start passing through an opaque token as part
of the unlock command, but leave it empty for now. We now have a
separate "prepare" method that sanity checks that user directories
are correctly setup.
Define a handful of system properties used for marking devices that
should be operating in FBE mode, and if they're emulating FBE. Wire
a command to "sm", but persisting will come later.
Start using new "encryptionAware" flag on apps previously marked with
coreApp flag, which were apps running in the legacy CryptKeeper
model. Small tweaks to handle non-encryptionAware voice interaction
services. Switch PackageManager to consult StorageManager about the
unlocked state of a user.
Bug: 22358539
Change-Id: Ic2865f9b81c10ea39369c441422f7427a3c3c3d6
According to the spec (http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html):
When Request-URI is used to identify a resource on an origin server or
gateway, the absolute path of the URI MUST be transmitted as the
Request-URI.
Before the change,the proxy sent absolute_uri, which is used to send
HTTP requests to proxies: “The absoluteURI form is REQUIRED when the
request is being made to a proxy.”
Related Bug 18776631
Other changes:
1. Remove proxy-connection header when the request is sent to an
origin server.
2. Added “connection = close” header to indicate that the origin
server needs to close the connection right after the response.
Currently, our proxy does not support keep-alive (persistent)
connections because it analyses only the first request for a given
connection and; therefore, cannot perform required request content
substitutions.
3. Fixed an issue when a non-numeric host port number resulted in
forwarding requests to default 443 port for SSL connections, e.g.
request to https://google.com:ZZZ, would be translated to
https://google.com:443.
4. Fixed an issue when the proxy tries to establish direct connection
to the origin server even when it is not supposed to do that
according to PAC. That happened when PAC returned a proxy server
that is not available.
5. Prevent ProxyServer from crashing when PacService throws
an exception by intercepting all exception types.
Change-Id: I7d50b13b4cb24199a690a53c1925e87c15a8d45b
Do not throw NullPointerException from PacService
since the calling client may not expect it and crash.
Fix of Bug 18818567
Change-Id: Ic36e8a1ca13cdaa7f605b6ade9cc6783517cbf40
C++11 defines a real char16_t, which is not implicitly convertible to
uint16_t (and by extension jchar). Add casts as needed.
Bug: 18300613
Change-Id: I00752002ef2e938bdb57f70947e8fd53ec103293
PacProcessor relies on libpac from chromium, which is not built
for 64b right now.
(cherry picked from commit f8749200c06a8714ffd46f5e2ec81be57ad4f7f4)
Change-Id: Ic128e17b7437c130df29eeab3293b9c01f01d70b
This was found by a bug in Firefox where it expects the addresses from a
ProxySelector to be unresolved. Since ProxySelectorImpl returns unresolved
addresses the PAC version should as well to avoid breaking apps.
The ProxyServer also needed to be updated to reflect this change as it was
expecting a resolved InetSocketAddress.
Bug: 11443853
Change-Id: I3a4e9e248d22d7808603c147660df708e01cdf82
This changes the Local Proxy used in PAC to only accept connections coming
from the device.
Bug: 10230718
Change-Id: I5fbeb3aa018df5179a403301021f452e910a517d
This changes the PAC support to not broadcast the Proxy information until
the Local Proxy has started up and successfully bound to a port so that
the local proxy information can be guaranteed to be owned by the proxy.
Bug: 10459877
Change-Id: I175cd3388c758c55e341115e4a8241884b90d633
The PAC Local Proxy priviously caught proxy broadcasts and started itself
when needed. Now it is bound by the system the same way the pac processing
service is started.
Bug: 10425091
Change-Id: I746daa21645a11aa18ef464f00c8cb5536d8c86f
This verifies both the URL and host are valid before they are passed to the
javascript for PAC. This is to protect against injection attacks.
Bug: 10230771
Change-Id: Ib1996181971a49ccd390f181ec3848124801e4d5
This switches the PacProcessor over to an Android Service. The service
is bound and unbound by the PacManager, which also adds it to the
ServiceManager, allowing for Context-Free access by the PacProxySelector
in all DVMs.
bug:10182711
Change-Id: Id1ff7660be56e8976cdcccd76e041feb47a17a61
PAC (Proxy auto-config) files contain a single javascript function,
FindProxyForURL(url, host). It gets called to determine what proxy should be
used for a specific request.
This adds PAC support to the system. The ProxyProperties has been modified
to hold the PAC file when one is present. The Proxy method
setHttpProxySystemProperty has been modified to insert a PacProxySelector
as the default ProxySelector when it is required. This new ProxySelector
makes calls to the ConnectivityService to parse the PAC file.
The ConnectivityService and the WifiConfigStore have been modified to support
saving the extra PAC file data.
The ConnectivityService now has a class attached (PacProxyNative) that
interfaces to the native calls for PAC files. The parsing of the PAC file
is handled by libpac (which is being added to external/) which utilizes
libv8 to parse the javascript.
As a fallback to applications that don't use the java ProxySelector, the proxy
is setup to point to a local proxy server that will handle the pac parsing.
bug:10182711
Change-Id: I5eb8df893c632fd3e1b732385cb7720ad646f401
