Recent changes started watching for CONNECTIVITY_ACTION broadcasts
to handle the case where a network is disconnected without the
interface going down.
However, when lockdown VPN is enabled, the broadcast contents are
augmented, and all connections appear disconnected until the VPN
comes online. This caused a reset feedback loop to occur.
Since LockdownVpnTracker already handles networks being disconnected
separately from interfaces going down, this change disables handling
the broadcast when lockdown is enabled.
Bug: 8755148
Change-Id: I70a348aa97a4b22eaaf23aa5ed344de3e9a9ab0b
VPN used to just watch the interface, but that is insufficient. There
is no promise that the interface will go down when we're done with it.
Now that wifi stays on in scan-only mode despite user turning it off
it seems that the interface is left up, even in AP mode.
Now listening for ConnectivityService broadcast that the network we were on
has disconnected and tearing down the VPN then or when the interface
goes away.
bug:8550083
Change-Id: Icf414497bc55bead69de04e91f39f90ac2e6578a
Normally, clatd is stopped when a connection disconnects.
However, if the connection's LinkProperties change, or if the
disconnect somehow gets lost (e.g., because of bug 8486114),
then we need to stop it (and possibly restart it).
Bug: 8276725
Change-Id: Ib8ad0d653ed8d0cd70b7414bcaa8fdaef8ba5fcc
1. Add a Nat464Xlat service that ConnectivityService can use
to start and stop clat. When clat is started, the service
waits for the clat interface to come up and then calls
ConnectivityService to add the appropriate routes.
2. Make ConnectivityService start clat when an IPv6-only mobile
interface is connected. We only support clat on mobile for
now.
3. Make tethering use the interface that has the IPv4 default
route insted of using the base interface of the
LinkProperties. This allows us to tether to a stacked
interface, which is needed for tethering with 464xlat.
Bug: 8276725
Change-Id: I24480af69ee280f504399062638af0836a56268e
Must remember the outer interface - undoes a change from a
couple months ago that broke things.
bug:7336302
Change-Id: Ia4f60862c60f3078853e151980e09cbf22a57222
When we add a second type of tethering we unify the notifications
into a single generic type. This is done by canceling the first
and replacing it, but this flow was improperly canceling, so
you could end up with orphaned tethering icons.
bug:7283605
Change-Id: I1d136f51592b4326d48578cf67b69122e45d4984
Fixed one setting that was migrated but not marked deprecated.
Removed a hidden setting that is no longer used by the new
power manager service.
Bug: 7231172
Change-Id: I332f020f876a18d519a1a20598a172f1c98036f7
Also fix a bunch of system services that should be doing this. And
while doing that, found I needed to fix PendingIntent to evaluate
USER_CURRENT at the point of sending, not creation.
Note that this may end up with us having some notification shown to
non-primary users that lead to settings UI that should only be for
the primary user (such as the vpn notification). I'm not sure what
to do about this, maybe we need a different UI to come up there or
something, but showing the actual notification for those users at
least seems less broken than not telling them at all.
Change-Id: Iffc51e2d7c847e3d05064d292ab93937646a1ab7
You can now use ALL and CURRENT when sending broadcasts, to specify
where the broadcast goes.
Sticky broadcasts are now correctly separated per user, and registered
receivers are filtered based on the requested target user.
New Context APIs for more kinds of sending broadcasts as users.
Updating a bunch of system code that sends broadcasts to explicitly
specify which user the broadcast goes to.
Made a single version of the code for interpreting the requested
target user ID that all entries to activity manager (start activity,
send broadcast, start service) use.
Change-Id: Ie29f02dd5242ef8c8fa56c54593a315cd2574e1c
Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.
ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.
This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.
Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
Generate the racoon and mtpd daemon arguments in system_server,
instead of accepting them from Settings.
Bug: 5756357
Change-Id: I42c1a644f6add477fe4222342640d7db15982cb8
Created base tracker that handles common bookkeeping, and move VPN
to become a tracker. VPN status is now reflected in NetworkInfo, and
is mapped to LegacyVpnInfo.
Legacy VPN now "babysits" any init services it starts, watching for
when they stop unexpectedly.
Bug: 5756357
Change-Id: Iba7ec79da69469f6bd9a970cc39cf6b885b4c9c4
The activity notification is received from netd, an intent
DATA_ACTIVITY_CHANGE is then raised for other part of the system to
consume.
Change-Id: Idfcc4763c51c5b314c57f546c12557082f06bebf
These have been created to reduce the size and complexity
of frameworks/base.
mms-common was created by moving all of
frameworks/base/core/java/com/google/android/mms
to:
frameworks/opt/mms
telephony-common was created by moving some of
frameworks/base/telephony
to:
frameworks/opt/telephony
Change-Id: If6cb3c6ff952767fc10210f923dc0e4b343cd4ad
Tethering was re-evaluating everything on any connectivity change.
This was causing problems when mobile data was not available as each
re-eval was again requesting a connection which would fail and loop.
Ignore FAILED states to break this cycle in a minimal change.
bug:6668233
Change-Id: Ia1dfc6abff1fe464e9501b50185cdb8d0fbb7ff6
When we find a higher priority match for tethering traffic we should turn off
whatever we were trying before.
bug:6083611
Change-Id: I06ee41336df107353bf1a979150345e461574a48
This fixes a complaint from carriers (that we used 8.8.8.8), but also
fixes the case where there is only room for one live radio
connection: the secondary connection (tethering) doesn't have a
default route to prevent on-device traffic from slipping out on the
tethering connection, but tethered dns is proxied through dnsmasq, so
it is appearing as on-device traffic and is unroutable. By switching
to the carrier-indicated dns servers we can use the host-routes
already set for those and kill two bugs with one fix.
bug:5525764
bug:3045311
Change-Id: Ib1ccea81e0c0ed2d1462dc9721c2647124a790da
Outsiders asking for this list may cause the list to change on another thread.
Fixing general synchronization issues.
bug:5531630
Change-Id: I7a3ee0bba3db40f45bcb0159491942fa4cf38c37
Sometimes the interface is removed before we can untether leading to
errors when cleanup up various rules (iptables). Do as much as we can
and then let a re-tether result in error if needed.
bug:5536516
Change-Id: Ib1d064ecc8e9022566f9b0e4678b33144906971c
Two issues. A mcc/mnc-driven overlay means that the config at boot may not be
the config we wish to use - the sim card is read later which may switch the
config. Changed to read the configuration each time rather than once at boot.
Second, the secure-setting override was always trumping the resource config
as we weren't discriminating between a not-set default and a real setting.
This meant the config could never make DUN-required.
bug:5495862
Change-Id: Icd4e90ac1d32bbb704c0ff9cc69e954fb0a0b58c
Watch for changes to telephony network subtype, and update iface
mapping to persist stats under correct type. Update network stats
before removing tethering NAT rules.
Skip recording that would create empty historical buckets. Query UID
stats before iface stats to always skew positive when counters are
actively rolling forward.
Bug: 5360042, 5359860, 5335674, 5334448
Change-Id: I8aa37b568e8ffb70647218aa1aff5195d3e44d5a
Use new "gettetherstats" netd command to retrieve statistics for
active tethering connections. Keep tethering poll events separate
from UID poll, even though they end up same historical structures.
Bug: 5244846
Change-Id: Ia0c5165f6712c12b51586f86c331a2aad4ad6afb
As init now uses SIGKILL to stop daemons, performing graceful shutdown
becomes impossible. Here we implement our own solution by asking daemons
to monitor the control socket and terminate when it is closed.
Change-Id: I07a28807173a81b7f95e70f4193e974317acf88a
Currently legacy VPN only works on IPv4, and it should always
turn down when the addresses are changed. It assumed that the
interface will be brought down and up, so the event can be
detected via interfaceStatusChanged(). However, the assumption
was incorrect and the event is actually driver-dependent. To
fix this issue, ConnectivityService now tells VPN that the
interface is down when resetting IPv4 addresses.
Change-Id: I76d15e56552d86635c5b274ca980be5da905a6fb
Well, actually they do go out, but they won't try to start anybody now
until after boot.
bug:5088272
Change-Id: Iaaf7a1e4b300e0afc3901ecfd225a77084bd0954
The kernel sends an interface down event for usb0 when RNDIS is enabled.
Ignore this and only remove USB interfaces when we receive the
interface removed event.
Change-Id: I1458f259b96c9fab4d3a69a5692e630123fad136
Signed-off-by: Mike Lockwood <lockwood@android.com>
