From e60c308c0c2b853d927ee514756945f8a5cb723e Mon Sep 17 00:00:00 2001 From: Nathan Harold Date: Thu, 26 Apr 2018 11:47:14 -0700 Subject: [PATCH 01/32] Use INetd Constant for IpSec Interface Prefix Convert to using a constant in INetd to ensure that there is a consistent tunnel prefix between Java and native code. Bug: 74560705 Test: atest FramworksNetTest; atest CtsNetTestCases Change-Id: Ida233aac2e6c6b26567463964e0ebac9d52eff1e (cherry picked from commit 7be7f4596a77c83ce368c7825d1ca09a244b5f28) --- services/core/java/com/android/server/IpSecService.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 33ca02fecb..60f1877d37 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -107,7 +107,6 @@ public class IpSecService extends IIpSecService.Stub { static final int FREE_PORT_MIN = 1024; // ports 1-1023 are reserved static final int PORT_MAX = 0xFFFF; // ports are an unsigned 16-bit integer - static final String TUNNEL_INTERFACE_PREFIX = "ipsec"; /* Binder context for this service */ private final Context mContext; @@ -1270,7 +1269,7 @@ public class IpSecService extends IIpSecService.Stub { final int resourceId = mNextResourceId++; final int ikey = reserveNetId(); final int okey = reserveNetId(); - String intfName = String.format("%s%d", TUNNEL_INTERFACE_PREFIX, resourceId); + String intfName = String.format("%s%d", INetd.IPSEC_INTERFACE_PREFIX, resourceId); try { // Calls to netd: From ea2710c7993cc35a4fc3937317523494c86aa643 Mon Sep 17 00:00:00 2001 From: Remi NGUYEN VAN Date: Thu, 26 Apr 2018 17:52:03 +0900 Subject: [PATCH 02/32] Fix testRegisterUsageCallback failure in setUp LocalServices.addService in NetworkStatsService is currently failing with IllegalStateException "Overriding service registration". Setting up LocalServices in the test to avoid this issue might be possible, but moving the registration to the only non-test caller of that constructor as done here solves the issue and avoids side-effects from a constructor. Test: this test passes in master through runtest frameworks-net Bug: b/78487385 Bug: b/80082746 Change-Id: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0 --- .../java/com/android/server/net/NetworkStatsService.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 31072415dc..2e8e4a9a29 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -324,6 +324,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { wakeLock, getDefaultClock(), TelephonyManager.getDefault(), new DefaultNetworkStatsSettings(context), new NetworkStatsObservers(), getDefaultSystemDir(), getDefaultBaseDir()); + service.registerLocalService(); HandlerThread handlerThread = new HandlerThread(TAG); Handler.Callback callback = new HandlerCallback(service); @@ -333,6 +334,8 @@ public class NetworkStatsService extends INetworkStatsService.Stub { return service; } + // This must not be called outside of tests, even within the same package, as this constructor + // does not register the local service. Use the create() helper above. @VisibleForTesting NetworkStatsService(Context context, INetworkManagementService networkManager, AlarmManager alarmManager, PowerManager.WakeLock wakeLock, Clock clock, @@ -349,7 +352,9 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mSystemDir = checkNotNull(systemDir, "missing systemDir"); mBaseDir = checkNotNull(baseDir, "missing baseDir"); mUseBpfTrafficStats = new File("/sys/fs/bpf/traffic_uid_stats_map").exists(); + } + private void registerLocalService() { LocalServices.addService(NetworkStatsManagerInternal.class, new NetworkStatsManagerInternalImpl()); } From 02532fc4c27d1ccd7d53a473e21ad2ab010f5597 Mon Sep 17 00:00:00 2001 From: Brett Chabot Date: Mon, 23 Jul 2018 13:08:30 -0700 Subject: [PATCH 03/32] Migrate frameworks/base/services/tests/servicestests to androidx.test See go/jetpack-test-android-migration cherrypicked from ag/4608401 Test: atest FrameworksServicesTests Change-Id: I2d9641c681489135aa3167bb4c9b1296a1a6a4f7 --- .../src/com/android/server/net/IpConfigStoreTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/tests/servicestests/src/com/android/server/net/IpConfigStoreTest.java b/services/tests/servicestests/src/com/android/server/net/IpConfigStoreTest.java index 9f4b754621..7767a2810a 100644 --- a/services/tests/servicestests/src/com/android/server/net/IpConfigStoreTest.java +++ b/services/tests/servicestests/src/com/android/server/net/IpConfigStoreTest.java @@ -27,9 +27,10 @@ import android.net.LinkAddress; import android.net.NetworkUtils; import android.net.ProxyInfo; import android.net.StaticIpConfiguration; -import android.support.test.runner.AndroidJUnit4; import android.util.ArrayMap; +import androidx.test.runner.AndroidJUnit4; + import org.junit.Test; import org.junit.runner.RunWith; From ed334ebbd1b398b6454461f0ebe9b75127d490fb Mon Sep 17 00:00:00 2001 From: Mathew Inwood Date: Tue, 14 Aug 2018 14:17:44 +0100 Subject: [PATCH 04/32] Add @UnsupportedAppUsage annotations For packages: android.app.usage android.app.trust android.app.timezonedetector android.app.timezone android.app.timedetector android.app.job android.app.backup android.app.assist android.app.admin android.app This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: I618c5dc4462ae990d9df45c3e9ed3f092cc5138c --- core/java/android/app/usage/NetworkStatsManager.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/java/android/app/usage/NetworkStatsManager.java b/core/java/android/app/usage/NetworkStatsManager.java index 9f46f207d6..59ae3347f4 100644 --- a/core/java/android/app/usage/NetworkStatsManager.java +++ b/core/java/android/app/usage/NetworkStatsManager.java @@ -21,6 +21,7 @@ import static com.android.internal.util.Preconditions.checkNotNull; import android.annotation.Nullable; import android.annotation.SystemService; import android.annotation.TestApi; +import android.annotation.UnsupportedAppUsage; import android.app.usage.NetworkStats.Bucket; import android.content.Context; import android.net.ConnectivityManager; @@ -121,6 +122,7 @@ public class NetworkStatsManager { /** * {@hide} */ + @UnsupportedAppUsage public NetworkStatsManager(Context context) throws ServiceNotFoundException { this(context, INetworkStatsService.Stub.asInterface( ServiceManager.getServiceOrThrow(Context.NETWORK_STATS_SERVICE))); From ac005192eaba6433b64d092ed764851de31f404e Mon Sep 17 00:00:00 2001 From: Mathew Inwood Date: Wed, 8 Aug 2018 14:44:44 +0100 Subject: [PATCH 05/32] Add @UnsupportedAppUsage annotations For packages: android.net.wimax android.net.wifi.p2p.nsd android.net.wifi.p2p android.net.wifi.hotspot2.pps android.net.wifi.hotspot2.omadm android.net.wifi.hotspot2 android.net.wifi.aware android.net.wifi android.net.util android.net.sip android.net.rtp android.net.nsd android.net.metrics android.net.lowpan android.net.http android.net.captiveportal android.net This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: I520be7a4c79e68310c12e4f55bf66acaa94145a1 --- core/java/android/net/EthernetManager.java | 9 +++++ core/java/android/net/NetworkStats.java | 36 +++++++++++++++++++ .../java/android/net/NetworkStatsHistory.java | 18 ++++++++++ core/java/android/net/NetworkTemplate.java | 11 ++++++ core/java/android/net/TrafficStats.java | 7 ++++ core/java/android/net/nsd/NsdServiceInfo.java | 2 ++ 6 files changed, 83 insertions(+) diff --git a/core/java/android/net/EthernetManager.java b/core/java/android/net/EthernetManager.java index ecccda588a..72565024d3 100644 --- a/core/java/android/net/EthernetManager.java +++ b/core/java/android/net/EthernetManager.java @@ -17,6 +17,7 @@ package android.net; import android.annotation.SystemService; +import android.annotation.UnsupportedAppUsage; import android.content.Context; import android.os.Handler; import android.os.Message; @@ -66,6 +67,7 @@ public class EthernetManager { * @param iface Ethernet interface name * @param isAvailable {@code true} if Ethernet port exists. */ + @UnsupportedAppUsage void onAvailabilityChanged(String iface, boolean isAvailable); } @@ -84,6 +86,7 @@ public class EthernetManager { * Get Ethernet configuration. * @return the Ethernet Configuration, contained in {@link IpConfiguration}. */ + @UnsupportedAppUsage public IpConfiguration getConfiguration(String iface) { try { return mService.getConfiguration(iface); @@ -95,6 +98,7 @@ public class EthernetManager { /** * Set Ethernet configuration. */ + @UnsupportedAppUsage public void setConfiguration(String iface, IpConfiguration config) { try { mService.setConfiguration(iface, config); @@ -106,6 +110,7 @@ public class EthernetManager { /** * Indicates whether the system currently has one or more Ethernet interfaces. */ + @UnsupportedAppUsage public boolean isAvailable() { return getAvailableInterfaces().length > 0; } @@ -115,6 +120,7 @@ public class EthernetManager { * * @param iface Ethernet interface name */ + @UnsupportedAppUsage public boolean isAvailable(String iface) { try { return mService.isAvailable(iface); @@ -128,6 +134,7 @@ public class EthernetManager { * @param listener A {@link Listener} to add. * @throws IllegalArgumentException If the listener is null. */ + @UnsupportedAppUsage public void addListener(Listener listener) { if (listener == null) { throw new IllegalArgumentException("listener must not be null"); @@ -145,6 +152,7 @@ public class EthernetManager { /** * Returns an array of available Ethernet interface names. */ + @UnsupportedAppUsage public String[] getAvailableInterfaces() { try { return mService.getAvailableInterfaces(); @@ -158,6 +166,7 @@ public class EthernetManager { * @param listener A {@link Listener} to remove. * @throws IllegalArgumentException If the listener is null. */ + @UnsupportedAppUsage public void removeListener(Listener listener) { if (listener == null) { throw new IllegalArgumentException("listener must not be null"); diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index edf9bc1c6b..e270fc2e39 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -16,6 +16,7 @@ package android.net; +import android.annotation.UnsupportedAppUsage; import android.os.Parcel; import android.os.Parcelable; import android.os.SystemClock; @@ -110,25 +111,43 @@ public class NetworkStats implements Parcelable { * generated. */ private long elapsedRealtime; + @UnsupportedAppUsage private int size; + @UnsupportedAppUsage private int capacity; + @UnsupportedAppUsage private String[] iface; + @UnsupportedAppUsage private int[] uid; + @UnsupportedAppUsage private int[] set; + @UnsupportedAppUsage private int[] tag; + @UnsupportedAppUsage private int[] metered; + @UnsupportedAppUsage private int[] roaming; + @UnsupportedAppUsage private int[] defaultNetwork; + @UnsupportedAppUsage private long[] rxBytes; + @UnsupportedAppUsage private long[] rxPackets; + @UnsupportedAppUsage private long[] txBytes; + @UnsupportedAppUsage private long[] txPackets; + @UnsupportedAppUsage private long[] operations; public static class Entry { + @UnsupportedAppUsage public String iface; + @UnsupportedAppUsage public int uid; + @UnsupportedAppUsage public int set; + @UnsupportedAppUsage public int tag; /** * Note that this is only populated w/ the default value when read from /proc or written @@ -148,12 +167,17 @@ public class NetworkStats implements Parcelable { * getSummary(). */ public int defaultNetwork; + @UnsupportedAppUsage public long rxBytes; + @UnsupportedAppUsage public long rxPackets; + @UnsupportedAppUsage public long txBytes; + @UnsupportedAppUsage public long txPackets; public long operations; + @UnsupportedAppUsage public Entry() { this(IFACE_ALL, UID_ALL, SET_DEFAULT, TAG_NONE, 0L, 0L, 0L, 0L, 0L); } @@ -240,6 +264,7 @@ public class NetworkStats implements Parcelable { } } + @UnsupportedAppUsage public NetworkStats(long elapsedRealtime, int initialSize) { this.elapsedRealtime = elapsedRealtime; this.size = 0; @@ -263,6 +288,7 @@ public class NetworkStats implements Parcelable { } } + @UnsupportedAppUsage public NetworkStats(Parcel parcel) { elapsedRealtime = parcel.readLong(); size = parcel.readInt(); @@ -399,6 +425,7 @@ public class NetworkStats implements Parcelable { /** * Return specific stats entry. */ + @UnsupportedAppUsage public Entry getValues(int i, Entry recycle) { final Entry entry = recycle != null ? recycle : new Entry(); entry.iface = iface[i]; @@ -432,6 +459,7 @@ public class NetworkStats implements Parcelable { return SystemClock.elapsedRealtime() - elapsedRealtime; } + @UnsupportedAppUsage public int size() { return size; } @@ -460,6 +488,7 @@ public class NetworkStats implements Parcelable { * {@link #findIndex(String, int, int, int, int)} is unable to find match. Can * also be used to subtract values from existing rows. */ + @UnsupportedAppUsage public NetworkStats combineValues(Entry entry) { final int i = findIndex(entry.iface, entry.uid, entry.set, entry.tag, entry.metered, entry.roaming, entry.defaultNetwork); @@ -479,6 +508,7 @@ public class NetworkStats implements Parcelable { /** * Combine all values from another {@link NetworkStats} into this object. */ + @UnsupportedAppUsage public void combineAllValues(NetworkStats another) { NetworkStats.Entry entry = null; for (int i = 0; i < another.size; i++) { @@ -564,6 +594,7 @@ public class NetworkStats implements Parcelable { /** * Return list of unique UIDs known by this data structure. */ + @UnsupportedAppUsage public int[] getUniqueUids() { final SparseBooleanArray uids = new SparseBooleanArray(); for (int uid : this.uid) { @@ -582,6 +613,7 @@ public class NetworkStats implements Parcelable { * Return total bytes represented by this snapshot object, usually used when * checking if a {@link #subtract(NetworkStats)} delta passes a threshold. */ + @UnsupportedAppUsage public long getTotalBytes() { final Entry entry = getTotal(null); return entry.rxBytes + entry.txBytes; @@ -590,6 +622,7 @@ public class NetworkStats implements Parcelable { /** * Return total of all fields represented by this snapshot object. */ + @UnsupportedAppUsage public Entry getTotal(Entry recycle) { return getTotal(recycle, null, UID_ALL, false); } @@ -598,6 +631,7 @@ public class NetworkStats implements Parcelable { * Return total of all fields represented by this snapshot object matching * the requested {@link #uid}. */ + @UnsupportedAppUsage public Entry getTotal(Entry recycle, int limitUid) { return getTotal(recycle, null, limitUid, false); } @@ -610,6 +644,7 @@ public class NetworkStats implements Parcelable { return getTotal(recycle, limitIface, UID_ALL, false); } + @UnsupportedAppUsage public Entry getTotalIncludingTags(Entry recycle) { return getTotal(recycle, null, UID_ALL, true); } @@ -1085,6 +1120,7 @@ public class NetworkStats implements Parcelable { return 0; } + @UnsupportedAppUsage public static final Creator CREATOR = new Creator() { @Override public NetworkStats createFromParcel(Parcel in) { diff --git a/core/java/android/net/NetworkStatsHistory.java b/core/java/android/net/NetworkStatsHistory.java index a13ad659e7..d53e0326ae 100644 --- a/core/java/android/net/NetworkStatsHistory.java +++ b/core/java/android/net/NetworkStatsHistory.java @@ -30,6 +30,7 @@ import static android.text.format.DateUtils.SECOND_IN_MILLIS; import static com.android.internal.util.ArrayUtils.total; +import android.annotation.UnsupportedAppUsage; import android.os.Parcel; import android.os.Parcelable; import android.service.NetworkStatsHistoryBucketProto; @@ -89,16 +90,23 @@ public class NetworkStatsHistory implements Parcelable { public static class Entry { public static final long UNKNOWN = -1; + @UnsupportedAppUsage public long bucketDuration; + @UnsupportedAppUsage public long bucketStart; public long activeTime; + @UnsupportedAppUsage public long rxBytes; + @UnsupportedAppUsage public long rxPackets; + @UnsupportedAppUsage public long txBytes; + @UnsupportedAppUsage public long txPackets; public long operations; } + @UnsupportedAppUsage public NetworkStatsHistory(long bucketDuration) { this(bucketDuration, 10, FIELD_ALL); } @@ -125,6 +133,7 @@ public class NetworkStatsHistory implements Parcelable { recordEntireHistory(existing); } + @UnsupportedAppUsage public NetworkStatsHistory(Parcel in) { bucketDuration = in.readLong(); bucketStart = readLongArray(in); @@ -210,6 +219,7 @@ public class NetworkStatsHistory implements Parcelable { return 0; } + @UnsupportedAppUsage public int size() { return bucketCount; } @@ -218,6 +228,7 @@ public class NetworkStatsHistory implements Parcelable { return bucketDuration; } + @UnsupportedAppUsage public long getStart() { if (bucketCount > 0) { return bucketStart[0]; @@ -226,6 +237,7 @@ public class NetworkStatsHistory implements Parcelable { } } + @UnsupportedAppUsage public long getEnd() { if (bucketCount > 0) { return bucketStart[bucketCount - 1] + bucketDuration; @@ -245,6 +257,7 @@ public class NetworkStatsHistory implements Parcelable { * Return index of bucket that contains or is immediately before the * requested time. */ + @UnsupportedAppUsage public int getIndexBefore(long time) { int index = Arrays.binarySearch(bucketStart, 0, bucketCount, time); if (index < 0) { @@ -272,6 +285,7 @@ public class NetworkStatsHistory implements Parcelable { /** * Return specific stats entry. */ + @UnsupportedAppUsage public Entry getValues(int i, Entry recycle) { final Entry entry = recycle != null ? recycle : new Entry(); entry.bucketStart = bucketStart[i]; @@ -373,6 +387,7 @@ public class NetworkStatsHistory implements Parcelable { * Record an entire {@link NetworkStatsHistory} into this history. Usually * for combining together stats for external reporting. */ + @UnsupportedAppUsage public void recordEntireHistory(NetworkStatsHistory input) { recordHistory(input, Long.MIN_VALUE, Long.MAX_VALUE); } @@ -509,6 +524,7 @@ public class NetworkStatsHistory implements Parcelable { * Return interpolated data usage across the requested range. Interpolates * across buckets, so values may be rounded slightly. */ + @UnsupportedAppUsage public Entry getValues(long start, long end, Entry recycle) { return getValues(start, end, Long.MAX_VALUE, recycle); } @@ -517,6 +533,7 @@ public class NetworkStatsHistory implements Parcelable { * Return interpolated data usage across the requested range. Interpolates * across buckets, so values may be rounded slightly. */ + @UnsupportedAppUsage public Entry getValues(long start, long end, long now, Entry recycle) { final Entry entry = recycle != null ? recycle : new Entry(); entry.bucketDuration = end - start; @@ -701,6 +718,7 @@ public class NetworkStatsHistory implements Parcelable { return writer.toString(); } + @UnsupportedAppUsage public static final Creator CREATOR = new Creator() { @Override public NetworkStatsHistory createFromParcel(Parcel in) { diff --git a/core/java/android/net/NetworkTemplate.java b/core/java/android/net/NetworkTemplate.java index 74233fd990..bb75c63436 100644 --- a/core/java/android/net/NetworkTemplate.java +++ b/core/java/android/net/NetworkTemplate.java @@ -34,6 +34,7 @@ import static android.net.NetworkStats.ROAMING_NO; import static android.net.NetworkStats.ROAMING_YES; import static android.net.wifi.WifiInfo.removeDoubleQuotes; +import android.annotation.UnsupportedAppUsage; import android.os.Parcel; import android.os.Parcelable; import android.util.BackupUtils; @@ -96,6 +97,7 @@ public class NetworkTemplate implements Parcelable { * Template to match {@link ConnectivityManager#TYPE_MOBILE} networks with * the given IMSI. */ + @UnsupportedAppUsage public static NetworkTemplate buildTemplateMobileAll(String subscriberId) { return new NetworkTemplate(MATCH_MOBILE, subscriberId, null); } @@ -104,6 +106,7 @@ public class NetworkTemplate implements Parcelable { * Template to match {@link ConnectivityManager#TYPE_MOBILE} networks, * regardless of IMSI. */ + @UnsupportedAppUsage public static NetworkTemplate buildTemplateMobileWildcard() { return new NetworkTemplate(MATCH_MOBILE_WILDCARD, null, null); } @@ -112,11 +115,13 @@ public class NetworkTemplate implements Parcelable { * Template to match all {@link ConnectivityManager#TYPE_WIFI} networks, * regardless of SSID. */ + @UnsupportedAppUsage public static NetworkTemplate buildTemplateWifiWildcard() { return new NetworkTemplate(MATCH_WIFI_WILDCARD, null, null); } @Deprecated + @UnsupportedAppUsage public static NetworkTemplate buildTemplateWifi() { return buildTemplateWifiWildcard(); } @@ -133,6 +138,7 @@ public class NetworkTemplate implements Parcelable { * Template to combine all {@link ConnectivityManager#TYPE_ETHERNET} style * networks together. */ + @UnsupportedAppUsage public static NetworkTemplate buildTemplateEthernet() { return new NetworkTemplate(MATCH_ETHERNET, null, null); } @@ -173,6 +179,7 @@ public class NetworkTemplate implements Parcelable { private final int mRoaming; private final int mDefaultNetwork; + @UnsupportedAppUsage public NetworkTemplate(int matchRule, String subscriberId, String networkId) { this(matchRule, subscriberId, new String[] { subscriberId }, networkId); } @@ -293,10 +300,12 @@ public class NetworkTemplate implements Parcelable { } } + @UnsupportedAppUsage public int getMatchRule() { return mMatchRule; } + @UnsupportedAppUsage public String getSubscriberId() { return mSubscriberId; } @@ -460,6 +469,7 @@ public class NetworkTemplate implements Parcelable { * active merge set [A,B], we'd return a new template that primarily matches * A, but also matches B. */ + @UnsupportedAppUsage public static NetworkTemplate normalize(NetworkTemplate template, String[] merged) { if (template.isMatchRuleMobile() && ArrayUtils.contains(merged, template.mSubscriberId)) { // Requested template subscriber is part of the merge group; return @@ -471,6 +481,7 @@ public class NetworkTemplate implements Parcelable { } } + @UnsupportedAppUsage public static final Creator CREATOR = new Creator() { @Override public NetworkTemplate createFromParcel(Parcel in) { diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java index f033268698..a463afa2e1 100644 --- a/core/java/android/net/TrafficStats.java +++ b/core/java/android/net/TrafficStats.java @@ -19,6 +19,7 @@ package android.net; import android.annotation.SuppressLint; import android.annotation.SystemApi; import android.annotation.TestApi; +import android.annotation.UnsupportedAppUsage; import android.app.DownloadManager; import android.app.backup.BackupManager; import android.app.usage.NetworkStatsManager; @@ -141,6 +142,7 @@ public class TrafficStats { private static INetworkStatsService sStatsService; + @UnsupportedAppUsage private synchronized static INetworkStatsService getStatsService() { if (sStatsService == null) { sStatsService = INetworkStatsService.Stub.asInterface( @@ -536,6 +538,7 @@ public class TrafficStats { } /** {@hide} */ + @UnsupportedAppUsage public static long getMobileTcpRxPackets() { long total = 0; for (String iface : getMobileIfaces()) { @@ -551,6 +554,7 @@ public class TrafficStats { } /** {@hide} */ + @UnsupportedAppUsage public static long getMobileTcpTxPackets() { long total = 0; for (String iface : getMobileIfaces()) { @@ -584,6 +588,7 @@ public class TrafficStats { } /** {@hide} */ + @UnsupportedAppUsage public static long getTxBytes(String iface) { try { return getStatsService().getIfaceStats(iface, TYPE_TX_BYTES); @@ -593,6 +598,7 @@ public class TrafficStats { } /** {@hide} */ + @UnsupportedAppUsage public static long getRxBytes(String iface) { try { return getStatsService().getIfaceStats(iface, TYPE_RX_BYTES); @@ -948,6 +954,7 @@ public class TrafficStats { * Interfaces are never removed from this list, so counters should always be * monotonic. */ + @UnsupportedAppUsage private static String[] getMobileIfaces() { try { return getStatsService().getMobileIfaces(); diff --git a/core/java/android/net/nsd/NsdServiceInfo.java b/core/java/android/net/nsd/NsdServiceInfo.java index bccaf60e69..9ba17edfb9 100644 --- a/core/java/android/net/nsd/NsdServiceInfo.java +++ b/core/java/android/net/nsd/NsdServiceInfo.java @@ -17,6 +17,7 @@ package android.net.nsd; import android.annotation.NonNull; +import android.annotation.UnsupportedAppUsage; import android.os.Parcelable; import android.os.Parcel; import android.text.TextUtils; @@ -185,6 +186,7 @@ public final class NsdServiceInfo implements Parcelable { } /** @hide */ + @UnsupportedAppUsage public void setAttribute(String key, byte[] value) { if (TextUtils.isEmpty(key)) { throw new IllegalArgumentException("Key cannot be empty"); From ff57484594d94a432e1cc8d4c9a9a48b0f92fb53 Mon Sep 17 00:00:00 2001 From: Olivier Gaillard Date: Mon, 10 Sep 2018 15:35:58 +0100 Subject: [PATCH 06/32] Update a few runnable/handler to use a static class instead of a runnable. It will help collecting better data for handler stats (we can get a fully qualified class name). Test: tested manually Change-Id: I674cf03909153fd87d97f600e246e04800cbb624 --- .../java/com/android/server/net/NetworkStatsService.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 3f031699bd..6d3a3b69bc 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -105,6 +105,7 @@ import android.os.Handler; import android.os.HandlerThread; import android.os.IBinder; import android.os.INetworkManagementService; +import android.os.Looper; import android.os.Message; import android.os.Messenger; import android.os.PowerManager; @@ -323,6 +324,12 @@ public class NetworkStatsService extends INetworkStatsService.Stub { Clock.systemUTC()); } + private static final class NetworkStatsHandler extends Handler { + NetworkStatsHandler(Looper looper, Handler.Callback callback) { + super(looper, callback); + } + } + public static NetworkStatsService create(Context context, INetworkManagementService networkManager) { AlarmManager alarmManager = (AlarmManager) context.getSystemService(Context.ALARM_SERVICE); @@ -339,7 +346,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { HandlerThread handlerThread = new HandlerThread(TAG); Handler.Callback callback = new HandlerCallback(service); handlerThread.start(); - Handler handler = new Handler(handlerThread.getLooper(), callback); + Handler handler = new NetworkStatsHandler(handlerThread.getLooper(), callback); service.setHandler(handler, callback); return service; } From ef420e97543046f2320b721a83218f3ba02ca034 Mon Sep 17 00:00:00 2001 From: Adrian Roos Date: Tue, 11 Dec 2018 19:47:33 +0100 Subject: [PATCH 07/32] API: Clean up redundant and ineffective usages of SystemApi and TestApi Everything that is marked SystemApi or TestApi, but not @hide is still part of the public SDK, it is therefore not sound to have that combination. In the future, specifing such a combination will be considered an error to prevent inadvertently exposing SystemApi and TestApi as public API. Bug: 115333477 Change-Id: Ibd5d6a22862fdbc1e20a1cb3925280f5a682edea Test: METALAVA_PREPEND_ARGS="--error UnhiddenSystemApi" m checkapi Exempt-From-Owner-Approval: API cleanup --- core/java/android/net/TrafficStats.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java index 22dd4fc362..bbf8f97c88 100644 --- a/core/java/android/net/TrafficStats.java +++ b/core/java/android/net/TrafficStats.java @@ -274,7 +274,6 @@ public class TrafficStats { * Changes only take effect during subsequent calls to * {@link #tagSocket(Socket)}. */ - @SystemApi @SuppressLint("Doclava125") public static void setThreadStatsUid(int uid) { NetworkManagementSocketTagger.setThreadSocketStatsUid(uid); @@ -313,7 +312,6 @@ public class TrafficStats { * * @see #setThreadStatsUid(int) */ - @SystemApi @SuppressLint("Doclava125") public static void clearThreadStatsUid() { NetworkManagementSocketTagger.setThreadSocketStatsUid(-1); From 77c8591f9d424eae6dc81297bb56f50bad182a6f Mon Sep 17 00:00:00 2001 From: Mike SU Date: Mon, 26 Nov 2018 15:05:13 +0800 Subject: [PATCH 08/32] fix getIfaceStats and getTotalStats bug root cause: getIfaceStats and getTotalStats is directly reading iface_stat_fmt or eBPF, not include tether stats. solution: add tether stats to getIfaceStats and getTotalStats. Clean cherry-pick of aosp/848934 Bug: 120039819 Test case1: 1. tether offload is enabled on phone, enable MHS on phone. 2. Use test app to check getMobileRxBytes->getIfaceStats 3. Download 10M file on MHS client 4. Use test app to check getMobileRxBytes->getIfaceStats again result: getMobileRxBytes increased around 10M Test case2: 1. tether offload is disabled on phone, enable MHS on phone. repeat above step 2~4 result: getMobileRxBytes increased around 10M Following CTS cases passed run cts -m CtsNetTestCases --test android.net.cts.TrafficStatsTest run cts -m CtsUsageStatsTestCases --test android.app.usage.cts.NetworkUsageStatsTest Change-Id: I3d94acb71c142ec38b750e58822881ff383341cc --- .../server/net/NetworkStatsService.java | 56 ++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 8c274e42c9..bffd60bcb8 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -962,12 +962,64 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @Override public long getIfaceStats(String iface, int type) { - return nativeGetIfaceStat(iface, type, checkBpfStatsEnable()); + long nativeIfaceStats = nativeGetIfaceStat(iface, type, checkBpfStatsEnable()); + if (nativeIfaceStats == -1) { + return nativeIfaceStats; + } else { + // When tethering offload is in use, nativeIfaceStats does not contain usage from + // offload, add it back here. + // When tethering offload is not in use, nativeIfaceStats contains tethering usage. + // this does not cause double-counting of tethering traffic, because + // NetdTetheringStatsProvider returns zero NetworkStats + // when called with STATS_PER_IFACE. + return nativeIfaceStats + getTetherStats(iface, type); + } } @Override public long getTotalStats(int type) { - return nativeGetTotalStat(type, checkBpfStatsEnable()); + long nativeTotalStats = nativeGetTotalStat(type, checkBpfStatsEnable()); + if (nativeTotalStats == -1) { + return nativeTotalStats; + } else { + // Refer to comment in getIfaceStats + return nativeTotalStats + getTetherStats(IFACE_ALL, type); + } + } + + private long getTetherStats(String iface, int type) { + final NetworkStats tetherSnapshot; + final long token = Binder.clearCallingIdentity(); + try { + tetherSnapshot = getNetworkStatsTethering(STATS_PER_IFACE); + } catch (RemoteException e) { + Slog.w(TAG, "Error get TetherStats: " + e); + return 0; + } finally { + Binder.restoreCallingIdentity(token); + } + HashSet limitIfaces; + if (iface == IFACE_ALL) { + limitIfaces = null; + } else { + limitIfaces = new HashSet(); + limitIfaces.add(iface); + } + NetworkStats.Entry entry = tetherSnapshot.getTotal(null, limitIfaces); + if (LOGD) Slog.d(TAG, "TetherStats: iface=" + iface + " type=" + type + + " entry=" + entry); + switch (type) { + case 0: // TYPE_RX_BYTES + return entry.rxBytes; + case 1: // TYPE_RX_PACKETS + return entry.rxPackets; + case 2: // TYPE_TX_BYTES + return entry.txBytes; + case 3: // TYPE_TX_PACKETS + return entry.txPackets; + default: + return 0; + } } private boolean checkBpfStatsEnable() { From 1677ea7de5a3ac268f2cd25eec1038658fb72e91 Mon Sep 17 00:00:00 2001 From: junyulai Date: Fri, 25 Jan 2019 14:28:26 +0800 Subject: [PATCH 09/32] Hide Keepalive offload API in IpSec Since the new keepalive API is exported in ConnectivityManager, hide Keepalive API in IpSec, also make system-current.txt sync for this part. Bug: 114151147 Test: m -j Change-Id: I076030bdbab1cd7d69f6a034577d529970b050dc --- core/java/android/net/IpSecTransform.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/core/java/android/net/IpSecTransform.java b/core/java/android/net/IpSecTransform.java index 23c8aa368d..e519fdf65e 100644 --- a/core/java/android/net/IpSecTransform.java +++ b/core/java/android/net/IpSecTransform.java @@ -257,7 +257,6 @@ public final class IpSecTransform implements AutoCloseable { * * @hide */ - @SystemApi public static class NattKeepaliveCallback { /** The specified {@code Network} is not connected. */ public static final int ERROR_INVALID_NETWORK = 1; @@ -288,7 +287,6 @@ public final class IpSecTransform implements AutoCloseable { * * @hide */ - @SystemApi @RequiresPermission(anyOf = { android.Manifest.permission.MANAGE_IPSEC_TUNNELS, android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD @@ -331,7 +329,6 @@ public final class IpSecTransform implements AutoCloseable { * * @hide */ - @SystemApi @RequiresPermission(anyOf = { android.Manifest.permission.MANAGE_IPSEC_TUNNELS, android.Manifest.permission.PACKET_KEEPALIVE_OFFLOAD From 0fbf072ca6aa6b704f4d2ada992e3ec9f093b0a4 Mon Sep 17 00:00:00 2001 From: Andrei Onea Date: Mon, 25 Feb 2019 13:25:32 +0000 Subject: [PATCH 10/32] Add @UnsupportedAppUsage annotations For packages: android.net android.net.wifi android.nfc This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: I7489aad1dceeb18ed7ca48a1ed8829a668b3fa04 --- core/java/android/net/INetworkStatsService.aidl | 5 +++++ core/java/android/net/INetworkStatsSession.aidl | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/core/java/android/net/INetworkStatsService.aidl b/core/java/android/net/INetworkStatsService.aidl index 8e6f272388..92b685c4b5 100644 --- a/core/java/android/net/INetworkStatsService.aidl +++ b/core/java/android/net/INetworkStatsService.aidl @@ -29,6 +29,7 @@ import android.os.Messenger; interface INetworkStatsService { /** Start a statistics query session. */ + @UnsupportedAppUsage INetworkStatsSession openSession(); /** Start a statistics query session. If calling package is profile or device owner then it is @@ -37,9 +38,11 @@ interface INetworkStatsService { * PACKAGE_USAGE_STATS permission is always checked. If PACKAGE_USAGE_STATS is not granted * READ_NETWORK_USAGE_STATS is checked for. */ + @UnsupportedAppUsage INetworkStatsSession openSessionForUsageStats(int flags, String callingPackage); /** Return data layer snapshot of UID network usage. */ + @UnsupportedAppUsage NetworkStats getDataLayerSnapshotForUid(int uid); /** Get a detailed snapshot of stats since boot for all UIDs. @@ -52,6 +55,7 @@ interface INetworkStatsService { NetworkStats getDetailedUidStats(in String[] requiredIfaces); /** Return set of any ifaces associated with mobile networks since boot. */ + @UnsupportedAppUsage String[] getMobileIfaces(); /** Increment data layer count of operations performed for UID and tag. */ @@ -60,6 +64,7 @@ interface INetworkStatsService { /** Force update of ifaces. */ void forceUpdateIfaces(in Network[] defaultNetworks); /** Force update of statistics. */ + @UnsupportedAppUsage void forceUpdate(); /** Registers a callback on data usage. */ diff --git a/core/java/android/net/INetworkStatsSession.aidl b/core/java/android/net/INetworkStatsSession.aidl index 5229a3b3b9..f13f2cb664 100644 --- a/core/java/android/net/INetworkStatsSession.aidl +++ b/core/java/android/net/INetworkStatsSession.aidl @@ -27,13 +27,17 @@ interface INetworkStatsSession { NetworkStats getDeviceSummaryForNetwork(in NetworkTemplate template, long start, long end); /** Return network layer usage summary for traffic that matches template. */ + @UnsupportedAppUsage NetworkStats getSummaryForNetwork(in NetworkTemplate template, long start, long end); /** Return historical network layer stats for traffic that matches template. */ + @UnsupportedAppUsage NetworkStatsHistory getHistoryForNetwork(in NetworkTemplate template, int fields); /** Return network layer usage summary per UID for traffic that matches template. */ + @UnsupportedAppUsage NetworkStats getSummaryForAllUid(in NetworkTemplate template, long start, long end, boolean includeTags); /** Return historical network layer stats for specific UID traffic that matches template. */ + @UnsupportedAppUsage NetworkStatsHistory getHistoryForUid(in NetworkTemplate template, int uid, int set, int tag, int fields); /** Return historical network layer stats for specific UID traffic that matches template. */ NetworkStatsHistory getHistoryIntervalForUid(in NetworkTemplate template, int uid, int set, int tag, int fields, long start, long end); @@ -41,6 +45,7 @@ interface INetworkStatsSession { /** Return array of uids that have stats and are accessible to the calling user */ int[] getRelevantUids(); + @UnsupportedAppUsage void close(); } From 6cfd15e33ef946759b8a3391b0378537d178df0a Mon Sep 17 00:00:00 2001 From: Varun Anand Date: Thu, 7 Feb 2019 14:13:13 -0800 Subject: [PATCH 11/32] Remove ConnectivityManager and its usages from NetworkStatsService. NSS needed it for getting VpnInfo[], NetworkState[] and activeLinkProperties which it used to query via ConnectivityManager. For VpnInfo[], this was racy as NSS may ignore intermediate changes to a VPN's underlying networks. See http://b/123961098 for more context. It may also lead to deadlocks b/w ConnectivityService and NetworkStatsService. See http://b/126245192 for more info. This change will ensure that NSS is never contending on any of ConnectivityService locks. Bug: 123961098 Bug: 126245192 Bug: 120145746 Test: atest FrameworksNetTests Change-Id: I57e117bb4e9efe491b19d6b5a479f2d58d1c58e6 --- .../android/net/INetworkStatsService.aidl | 8 +++- .../server/net/NetworkStatsService.java | 46 +++++++++---------- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/core/java/android/net/INetworkStatsService.aidl b/core/java/android/net/INetworkStatsService.aidl index 8e6f272388..148b25dfa8 100644 --- a/core/java/android/net/INetworkStatsService.aidl +++ b/core/java/android/net/INetworkStatsService.aidl @@ -19,11 +19,13 @@ package android.net; import android.net.DataUsageRequest; import android.net.INetworkStatsSession; import android.net.Network; +import android.net.NetworkState; import android.net.NetworkStats; import android.net.NetworkStatsHistory; import android.net.NetworkTemplate; import android.os.IBinder; import android.os.Messenger; +import com.android.internal.net.VpnInfo; /** {@hide} */ interface INetworkStatsService { @@ -58,7 +60,11 @@ interface INetworkStatsService { void incrementOperationCount(int uid, int tag, int operationCount); /** Force update of ifaces. */ - void forceUpdateIfaces(in Network[] defaultNetworks); + void forceUpdateIfaces( + in Network[] defaultNetworks, + in VpnInfo[] vpnArray, + in NetworkState[] networkStates, + in String activeIface); /** Force update of statistics. */ void forceUpdate(); diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index bffd60bcb8..205ddb07ec 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -82,7 +82,6 @@ import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.net.DataUsageRequest; -import android.net.IConnectivityManager; import android.net.INetworkManagementEventObserver; import android.net.INetworkStatsService; import android.net.INetworkStatsSession; @@ -196,8 +195,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final boolean mUseBpfTrafficStats; - private IConnectivityManager mConnManager; - @VisibleForTesting public static final String ACTION_NETWORK_STATS_POLL = "com.android.server.action.NETWORK_STATS_POLL"; @@ -259,6 +256,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final ArrayMap mActiveUidIfaces = new ArrayMap<>(); /** Current default active iface. */ + @GuardedBy("mStatsLock") private String mActiveIface; /** Set of any ifaces associated with mobile networks since boot. */ @@ -269,6 +267,10 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @GuardedBy("mStatsLock") private Network[] mDefaultNetworks = new Network[0]; + /** Set containing info about active VPNs and their underlying networks. */ + @GuardedBy("mStatsLock") + private VpnInfo[] mVpnInfos = new VpnInfo[0]; + private final DropBoxNonMonotonicObserver mNonMonotonicObserver = new DropBoxNonMonotonicObserver(); @@ -382,10 +384,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mHandlerCallback = callback; } - public void bindConnectivityManager(IConnectivityManager connManager) { - mConnManager = checkNotNull(connManager, "missing IConnectivityManager"); - } - public void systemReady() { mSystemReady = true; @@ -864,13 +862,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } @Override - public void forceUpdateIfaces(Network[] defaultNetworks) { + public void forceUpdateIfaces( + Network[] defaultNetworks, + VpnInfo[] vpnArray, + NetworkState[] networkStates, + String activeIface) { mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG); assertBandwidthControlEnabled(); final long token = Binder.clearCallingIdentity(); try { - updateIfaces(defaultNetworks); + updateIfaces(defaultNetworks, vpnArray, networkStates, activeIface); } finally { Binder.restoreCallingIdentity(token); } @@ -1134,11 +1136,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } }; - private void updateIfaces(Network[] defaultNetworks) { + private void updateIfaces( + Network[] defaultNetworks, + VpnInfo[] vpnArray, + NetworkState[] networkStates, + String activeIface) { synchronized (mStatsLock) { mWakeLock.acquire(); try { - updateIfacesLocked(defaultNetworks); + mVpnInfos = vpnArray; + mActiveIface = activeIface; + updateIfacesLocked(defaultNetworks, networkStates); } finally { mWakeLock.release(); } @@ -1152,7 +1160,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { * {@link NetworkIdentitySet}. */ @GuardedBy("mStatsLock") - private void updateIfacesLocked(Network[] defaultNetworks) { + private void updateIfacesLocked(Network[] defaultNetworks, NetworkState[] states) { if (!mSystemReady) return; if (LOGV) Slog.v(TAG, "updateIfacesLocked()"); @@ -1164,18 +1172,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // will be persisted during next alarm poll event. performPollLocked(FLAG_PERSIST_NETWORK); - final NetworkState[] states; - final LinkProperties activeLink; - try { - states = mConnManager.getAllNetworkState(); - activeLink = mConnManager.getActiveLinkProperties(); - } catch (RemoteException e) { - // ignored; service lives in system_server - return; - } - - mActiveIface = activeLink != null ? activeLink.getInterfaceName() : null; - // Rebuild active interfaces based on connected networks mActiveIfaces.clear(); mActiveUidIfaces.clear(); @@ -1287,7 +1283,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { Trace.traceEnd(TRACE_TAG_NETWORK); // For per-UID stats, pass the VPN info so VPN traffic is reattributed to responsible apps. - VpnInfo[] vpnArray = mConnManager.getAllVpnInfo(); + VpnInfo[] vpnArray = mVpnInfos; Trace.traceBegin(TRACE_TAG_NETWORK, "recordUid"); mUidRecorder.recordSnapshotLocked(uidSnapshot, mActiveUidIfaces, vpnArray, currentTime); Trace.traceEnd(TRACE_TAG_NETWORK); From 687d8bd094be36b97bfa5e0bd9d162b844e7f47e Mon Sep 17 00:00:00 2001 From: Varun Anand Date: Thu, 7 Feb 2019 14:13:13 -0800 Subject: [PATCH 12/32] Remove ConnectivityManager and its usages from NetworkStatsService. NSS needed it for getting VpnInfo[], NetworkState[] and activeLinkProperties which it used to query via ConnectivityManager. For VpnInfo[], this was racy as NSS may ignore intermediate changes to a VPN's underlying networks. See http://b/123961098 for more context. It may also lead to deadlocks b/w ConnectivityService and NetworkStatsService. See http://b/126245192 for more info. This change will ensure that NSS is never contending on any of ConnectivityService locks. This change also is cherry-picking cleanup made to NSS in http://aosp/628368. Bug: 123961098 Bug: 126245192 Bug: 120145746 Test: atest FrameworksNetTests Change-Id: Ia687845888434c8ddd24bdf44b4c70dfe80e03f5 Merged-In: I57e117bb4e9efe491b19d6b5a479f2d58d1c58e6 --- .../android/net/INetworkStatsService.aidl | 8 ++- .../server/net/NetworkStatsService.java | 53 ++++++++----------- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/core/java/android/net/INetworkStatsService.aidl b/core/java/android/net/INetworkStatsService.aidl index 8e6f272388..148b25dfa8 100644 --- a/core/java/android/net/INetworkStatsService.aidl +++ b/core/java/android/net/INetworkStatsService.aidl @@ -19,11 +19,13 @@ package android.net; import android.net.DataUsageRequest; import android.net.INetworkStatsSession; import android.net.Network; +import android.net.NetworkState; import android.net.NetworkStats; import android.net.NetworkStatsHistory; import android.net.NetworkTemplate; import android.os.IBinder; import android.os.Messenger; +import com.android.internal.net.VpnInfo; /** {@hide} */ interface INetworkStatsService { @@ -58,7 +60,11 @@ interface INetworkStatsService { void incrementOperationCount(int uid, int tag, int operationCount); /** Force update of ifaces. */ - void forceUpdateIfaces(in Network[] defaultNetworks); + void forceUpdateIfaces( + in Network[] defaultNetworks, + in VpnInfo[] vpnArray, + in NetworkState[] networkStates, + in String activeIface); /** Force update of statistics. */ void forceUpdate(); diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 17ab29d747..2fef560afd 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -82,7 +82,6 @@ import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.net.DataUsageRequest; -import android.net.IConnectivityManager; import android.net.INetworkManagementEventObserver; import android.net.INetworkStatsService; import android.net.INetworkStatsSession; @@ -161,9 +160,8 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // Perform polling and persist all (FLAG_PERSIST_ALL). private static final int MSG_PERFORM_POLL = 1; - private static final int MSG_UPDATE_IFACES = 2; // Perform polling, persist network, and register the global alert again. - private static final int MSG_PERFORM_POLL_REGISTER_ALERT = 3; + private static final int MSG_PERFORM_POLL_REGISTER_ALERT = 2; /** Flags to control detail level of poll event. */ private static final int FLAG_PERSIST_NETWORK = 0x1; @@ -196,8 +194,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final boolean mUseBpfTrafficStats; - private IConnectivityManager mConnManager; - @VisibleForTesting public static final String ACTION_NETWORK_STATS_POLL = "com.android.server.action.NETWORK_STATS_POLL"; @@ -259,6 +255,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final ArrayMap mActiveUidIfaces = new ArrayMap<>(); /** Current default active iface. */ + @GuardedBy("mStatsLock") private String mActiveIface; /** Set of any ifaces associated with mobile networks since boot. */ @@ -269,6 +266,10 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @GuardedBy("mStatsLock") private Network[] mDefaultNetworks = new Network[0]; + /** Set containing info about active VPNs and their underlying networks. */ + @GuardedBy("mStatsLock") + private VpnInfo[] mVpnInfos = new VpnInfo[0]; + private final DropBoxNonMonotonicObserver mNonMonotonicObserver = new DropBoxNonMonotonicObserver(); @@ -371,10 +372,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mHandlerCallback = callback; } - public void bindConnectivityManager(IConnectivityManager connManager) { - mConnManager = checkNotNull(connManager, "missing IConnectivityManager"); - } - public void systemReady() { mSystemReady = true; @@ -853,13 +850,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } @Override - public void forceUpdateIfaces(Network[] defaultNetworks) { + public void forceUpdateIfaces( + Network[] defaultNetworks, + VpnInfo[] vpnArray, + NetworkState[] networkStates, + String activeIface) { mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG); assertBandwidthControlEnabled(); final long token = Binder.clearCallingIdentity(); try { - updateIfaces(defaultNetworks); + updateIfaces(defaultNetworks, vpnArray, networkStates, activeIface); } finally { Binder.restoreCallingIdentity(token); } @@ -1077,11 +1078,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } }; - private void updateIfaces(Network[] defaultNetworks) { + private void updateIfaces( + Network[] defaultNetworks, + VpnInfo[] vpnArray, + NetworkState[] networkStates, + String activeIface) { synchronized (mStatsLock) { mWakeLock.acquire(); try { - updateIfacesLocked(defaultNetworks); + mVpnInfos = vpnArray; + mActiveIface = activeIface; + updateIfacesLocked(defaultNetworks, networkStates); } finally { mWakeLock.release(); } @@ -1095,7 +1102,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { * {@link NetworkIdentitySet}. */ @GuardedBy("mStatsLock") - private void updateIfacesLocked(Network[] defaultNetworks) { + private void updateIfacesLocked(Network[] defaultNetworks, NetworkState[] states) { if (!mSystemReady) return; if (LOGV) Slog.v(TAG, "updateIfacesLocked()"); @@ -1107,18 +1114,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // will be persisted during next alarm poll event. performPollLocked(FLAG_PERSIST_NETWORK); - final NetworkState[] states; - final LinkProperties activeLink; - try { - states = mConnManager.getAllNetworkState(); - activeLink = mConnManager.getActiveLinkProperties(); - } catch (RemoteException e) { - // ignored; service lives in system_server - return; - } - - mActiveIface = activeLink != null ? activeLink.getInterfaceName() : null; - // Rebuild active interfaces based on connected networks mActiveIfaces.clear(); mActiveUidIfaces.clear(); @@ -1230,7 +1225,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { Trace.traceEnd(TRACE_TAG_NETWORK); // For per-UID stats, pass the VPN info so VPN traffic is reattributed to responsible apps. - VpnInfo[] vpnArray = mConnManager.getAllVpnInfo(); + VpnInfo[] vpnArray = mVpnInfos; Trace.traceBegin(TRACE_TAG_NETWORK, "recordUid"); mUidRecorder.recordSnapshotLocked(uidSnapshot, mActiveUidIfaces, vpnArray, currentTime); Trace.traceEnd(TRACE_TAG_NETWORK); @@ -1689,10 +1684,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mService.performPoll(FLAG_PERSIST_ALL); return true; } - case MSG_UPDATE_IFACES: { - mService.updateIfaces(null); - return true; - } case MSG_PERFORM_POLL_REGISTER_ALERT: { mService.performPoll(FLAG_PERSIST_NETWORK); mService.registerGlobalAlert(); From 08a1c3662a2ea2287161c87abd20de44880e8073 Mon Sep 17 00:00:00 2001 From: Jeff Sharkey Date: Thu, 28 Feb 2019 12:06:45 -0700 Subject: [PATCH 13/32] All Parcelable CREATOR fields are @NonNull. If they were null, then the Parcelable would fail to work. Bug: 126726802 Test: manual Change-Id: I7929ffa2f20e5de1c8e68e8263cca99496e9d014 Exempt-From-Owner-Approval: Trivial API annotations --- core/java/android/net/DataUsageRequest.java | 2 +- core/java/android/net/IpSecAlgorithm.java | 2 +- core/java/android/net/IpSecConfig.java | 2 +- core/java/android/net/IpSecSpiResponse.java | 2 +- core/java/android/net/IpSecTransformResponse.java | 2 +- core/java/android/net/IpSecTunnelInterfaceResponse.java | 2 +- core/java/android/net/IpSecUdpEncapResponse.java | 2 +- core/java/android/net/NetworkStats.java | 2 +- core/java/android/net/NetworkStatsHistory.java | 2 +- core/java/android/net/NetworkTemplate.java | 2 +- core/java/android/net/nsd/NsdServiceInfo.java | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) diff --git a/core/java/android/net/DataUsageRequest.java b/core/java/android/net/DataUsageRequest.java index ac9a5a3668..0ac8f7e794 100644 --- a/core/java/android/net/DataUsageRequest.java +++ b/core/java/android/net/DataUsageRequest.java @@ -69,7 +69,7 @@ public final class DataUsageRequest implements Parcelable { dest.writeLong(thresholdInBytes); } - public static final Creator CREATOR = + public static final @android.annotation.NonNull Creator CREATOR = new Creator() { @Override public DataUsageRequest createFromParcel(Parcel in) { diff --git a/core/java/android/net/IpSecAlgorithm.java b/core/java/android/net/IpSecAlgorithm.java index 8034bb62c9..38d9883f00 100644 --- a/core/java/android/net/IpSecAlgorithm.java +++ b/core/java/android/net/IpSecAlgorithm.java @@ -191,7 +191,7 @@ public final class IpSecAlgorithm implements Parcelable { } /** Parcelable Creator */ - public static final Parcelable.Creator CREATOR = + public static final @android.annotation.NonNull Parcelable.Creator CREATOR = new Parcelable.Creator() { public IpSecAlgorithm createFromParcel(Parcel in) { final String name = in.readString(); diff --git a/core/java/android/net/IpSecConfig.java b/core/java/android/net/IpSecConfig.java index 3552655983..a64014fe55 100644 --- a/core/java/android/net/IpSecConfig.java +++ b/core/java/android/net/IpSecConfig.java @@ -322,7 +322,7 @@ public final class IpSecConfig implements Parcelable { return strBuilder.toString(); } - public static final Parcelable.Creator CREATOR = + public static final @android.annotation.NonNull Parcelable.Creator CREATOR = new Parcelable.Creator() { public IpSecConfig createFromParcel(Parcel in) { return new IpSecConfig(in); diff --git a/core/java/android/net/IpSecSpiResponse.java b/core/java/android/net/IpSecSpiResponse.java index 71dfa03ac1..f99e570fb7 100644 --- a/core/java/android/net/IpSecSpiResponse.java +++ b/core/java/android/net/IpSecSpiResponse.java @@ -65,7 +65,7 @@ public final class IpSecSpiResponse implements Parcelable { spi = in.readInt(); } - public static final Parcelable.Creator CREATOR = + public static final @android.annotation.NonNull Parcelable.Creator CREATOR = new Parcelable.Creator() { public IpSecSpiResponse createFromParcel(Parcel in) { return new IpSecSpiResponse(in); diff --git a/core/java/android/net/IpSecTransformResponse.java b/core/java/android/net/IpSecTransformResponse.java index cfc176227f..a38488954f 100644 --- a/core/java/android/net/IpSecTransformResponse.java +++ b/core/java/android/net/IpSecTransformResponse.java @@ -60,7 +60,7 @@ public final class IpSecTransformResponse implements Parcelable { resourceId = in.readInt(); } - public static final Parcelable.Creator CREATOR = + public static final @android.annotation.NonNull Parcelable.Creator CREATOR = new Parcelable.Creator() { public IpSecTransformResponse createFromParcel(Parcel in) { return new IpSecTransformResponse(in); diff --git a/core/java/android/net/IpSecTunnelInterfaceResponse.java b/core/java/android/net/IpSecTunnelInterfaceResponse.java index c23d831a44..e3411e003d 100644 --- a/core/java/android/net/IpSecTunnelInterfaceResponse.java +++ b/core/java/android/net/IpSecTunnelInterfaceResponse.java @@ -65,7 +65,7 @@ public final class IpSecTunnelInterfaceResponse implements Parcelable { interfaceName = in.readString(); } - public static final Parcelable.Creator CREATOR = + public static final @android.annotation.NonNull Parcelable.Creator CREATOR = new Parcelable.Creator() { public IpSecTunnelInterfaceResponse createFromParcel(Parcel in) { return new IpSecTunnelInterfaceResponse(in); diff --git a/core/java/android/net/IpSecUdpEncapResponse.java b/core/java/android/net/IpSecUdpEncapResponse.java index 4679267cf9..4e7ba9b515 100644 --- a/core/java/android/net/IpSecUdpEncapResponse.java +++ b/core/java/android/net/IpSecUdpEncapResponse.java @@ -83,7 +83,7 @@ public final class IpSecUdpEncapResponse implements Parcelable { fileDescriptor = in.readParcelable(ParcelFileDescriptor.class.getClassLoader()); } - public static final Parcelable.Creator CREATOR = + public static final @android.annotation.NonNull Parcelable.Creator CREATOR = new Parcelable.Creator() { public IpSecUdpEncapResponse createFromParcel(Parcel in) { return new IpSecUdpEncapResponse(in); diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index 9cf582bef1..e892b650bf 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -1153,7 +1153,7 @@ public class NetworkStats implements Parcelable { } @UnsupportedAppUsage - public static final Creator CREATOR = new Creator() { + public static final @android.annotation.NonNull Creator CREATOR = new Creator() { @Override public NetworkStats createFromParcel(Parcel in) { return new NetworkStats(in); diff --git a/core/java/android/net/NetworkStatsHistory.java b/core/java/android/net/NetworkStatsHistory.java index d53e0326ae..f61260ee3e 100644 --- a/core/java/android/net/NetworkStatsHistory.java +++ b/core/java/android/net/NetworkStatsHistory.java @@ -719,7 +719,7 @@ public class NetworkStatsHistory implements Parcelable { } @UnsupportedAppUsage - public static final Creator CREATOR = new Creator() { + public static final @android.annotation.NonNull Creator CREATOR = new Creator() { @Override public NetworkStatsHistory createFromParcel(Parcel in) { return new NetworkStatsHistory(in); diff --git a/core/java/android/net/NetworkTemplate.java b/core/java/android/net/NetworkTemplate.java index bb75c63436..d42fce3a4c 100644 --- a/core/java/android/net/NetworkTemplate.java +++ b/core/java/android/net/NetworkTemplate.java @@ -482,7 +482,7 @@ public class NetworkTemplate implements Parcelable { } @UnsupportedAppUsage - public static final Creator CREATOR = new Creator() { + public static final @android.annotation.NonNull Creator CREATOR = new Creator() { @Override public NetworkTemplate createFromParcel(Parcel in) { return new NetworkTemplate(in); diff --git a/core/java/android/net/nsd/NsdServiceInfo.java b/core/java/android/net/nsd/NsdServiceInfo.java index 9ba17edfb9..459b140980 100644 --- a/core/java/android/net/nsd/NsdServiceInfo.java +++ b/core/java/android/net/nsd/NsdServiceInfo.java @@ -355,7 +355,7 @@ public final class NsdServiceInfo implements Parcelable { } /** Implement the Parcelable interface */ - public static final Creator CREATOR = + public static final @android.annotation.NonNull Creator CREATOR = new Creator() { public NsdServiceInfo createFromParcel(Parcel in) { NsdServiceInfo info = new NsdServiceInfo(); From c5965f1f4175f12f06dedc9caad21a74657e63ee Mon Sep 17 00:00:00 2001 From: Andrei Onea Date: Thu, 21 Mar 2019 13:57:17 +0000 Subject: [PATCH 14/32] Add @UnsupportedAppUsage annotations For packages: android.companion android.filterfw android.hardware.camera2.utils android.inputmethodservice android.net.nsd android.os android.preference android.security.keymaster android.service.dreams android.telecom android.telephony.ims.compat.feature android.telephony android.util android.view.accessibility android.media.effect This is an automatically generated CL. See go/UnsupportedAppUsage for more details. Exempted-From-Owner-Approval: Mechanical changes to the codebase which have been approved by Android API council and announced on android-eng@ Bug: 110868826 Test: m Change-Id: I9c2f8347952f3cc65759472b0e1a2717b285e44e --- core/java/android/net/nsd/INsdManager.aidl | 1 + 1 file changed, 1 insertion(+) diff --git a/core/java/android/net/nsd/INsdManager.aidl b/core/java/android/net/nsd/INsdManager.aidl index 3361a7b84b..9484c74bcb 100644 --- a/core/java/android/net/nsd/INsdManager.aidl +++ b/core/java/android/net/nsd/INsdManager.aidl @@ -25,6 +25,7 @@ import android.os.Messenger; */ interface INsdManager { + @UnsupportedAppUsage Messenger getMessenger(); void setEnabled(boolean enable); } From c1b3fc87127547314b92dcad5439a1f543c6099b Mon Sep 17 00:00:00 2001 From: Chenbo Feng Date: Fri, 1 Mar 2019 15:07:24 -0800 Subject: [PATCH 15/32] Move NetworkStatsFactory into service directory In order to notify netd to swap eBPF maps before pulling the networkStats from eBPF maps, NetworkStatsFactory need to use the NetdServices to issue binder calls. So it need to be moved from framework/base/core to framework/base/service since object in framework/base/core cannot get any system services. This change is also necessary for setting up a lock inside NetworkStatsFactory to prevent racing between two netstats caller since the lock need to be hold before netd trigger the map swap. Also fix the compile problem caused by moving the NetworkStatsFactory and the related tests. Rename the packages and the jni functions to a more proper name. Bug: 124764595 Bug: 128900919 Test: NetworkStatsFactoryTest android.app.usage.cts.NetworkUsageStatsTest android.net.cts.TrafficStatsTest Change-Id: Ifcfe4df81caf8ede2e4e66a76552cb3200378fa8 --- .../server}/net/NetworkStatsFactory.java | 2 +- .../server/net/NetworkStatsService.java | 1 - ...android_server_net_NetworkStatsFactory.cpp | 42 +++++++++---------- 3 files changed, 21 insertions(+), 24 deletions(-) rename {core/java/com/android/internal => services/core/java/com/android/server}/net/NetworkStatsFactory.java (99%) rename core/jni/com_android_internal_net_NetworkStatsFactory.cpp => services/core/jni/com_android_server_net_NetworkStatsFactory.cpp (88%) diff --git a/core/java/com/android/internal/net/NetworkStatsFactory.java b/services/core/java/com/android/server/net/NetworkStatsFactory.java similarity index 99% rename from core/java/com/android/internal/net/NetworkStatsFactory.java rename to services/core/java/com/android/server/net/NetworkStatsFactory.java index f8483461c2..af299cf66d 100644 --- a/core/java/com/android/internal/net/NetworkStatsFactory.java +++ b/services/core/java/com/android/server/net/NetworkStatsFactory.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.internal.net; +package com.android.server.net; import static android.net.NetworkStats.SET_ALL; import static android.net.NetworkStats.TAG_ALL; diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 205ddb07ec..15599111f6 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -130,7 +130,6 @@ import android.util.proto.ProtoOutputStream; import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; -import com.android.internal.net.NetworkStatsFactory; import com.android.internal.net.VpnInfo; import com.android.internal.util.ArrayUtils; import com.android.internal.util.DumpUtils; diff --git a/core/jni/com_android_internal_net_NetworkStatsFactory.cpp b/services/core/jni/com_android_server_net_NetworkStatsFactory.cpp similarity index 88% rename from core/jni/com_android_internal_net_NetworkStatsFactory.cpp rename to services/core/jni/com_android_server_net_NetworkStatsFactory.cpp index 8259ffcd41..9cd743b346 100644 --- a/core/jni/com_android_internal_net_NetworkStatsFactory.cpp +++ b/services/core/jni/com_android_server_net_NetworkStatsFactory.cpp @@ -21,9 +21,9 @@ #include #include -#include #include +#include #include #include #include @@ -333,29 +333,27 @@ static const JNINativeMethod gMethods[] = { (void*) readNetworkStatsDev }, }; -int register_com_android_internal_net_NetworkStatsFactory(JNIEnv* env) { - int err = RegisterMethodsOrDie(env, - "com/android/internal/net/NetworkStatsFactory", gMethods, +int register_android_server_net_NetworkStatsFactory(JNIEnv* env) { + int err = jniRegisterNativeMethods(env, "com/android/server/net/NetworkStatsFactory", gMethods, NELEM(gMethods)); + gStringClass = env->FindClass("java/lang/String"); + gStringClass = static_cast(env->NewGlobalRef(gStringClass)); - gStringClass = FindClassOrDie(env, "java/lang/String"); - gStringClass = MakeGlobalRefOrDie(env, gStringClass); - - jclass clazz = FindClassOrDie(env, "android/net/NetworkStats"); - gNetworkStatsClassInfo.size = GetFieldIDOrDie(env, clazz, "size", "I"); - gNetworkStatsClassInfo.capacity = GetFieldIDOrDie(env, clazz, "capacity", "I"); - gNetworkStatsClassInfo.iface = GetFieldIDOrDie(env, clazz, "iface", "[Ljava/lang/String;"); - gNetworkStatsClassInfo.uid = GetFieldIDOrDie(env, clazz, "uid", "[I"); - gNetworkStatsClassInfo.set = GetFieldIDOrDie(env, clazz, "set", "[I"); - gNetworkStatsClassInfo.tag = GetFieldIDOrDie(env, clazz, "tag", "[I"); - gNetworkStatsClassInfo.metered = GetFieldIDOrDie(env, clazz, "metered", "[I"); - gNetworkStatsClassInfo.roaming = GetFieldIDOrDie(env, clazz, "roaming", "[I"); - gNetworkStatsClassInfo.defaultNetwork = GetFieldIDOrDie(env, clazz, "defaultNetwork", "[I"); - gNetworkStatsClassInfo.rxBytes = GetFieldIDOrDie(env, clazz, "rxBytes", "[J"); - gNetworkStatsClassInfo.rxPackets = GetFieldIDOrDie(env, clazz, "rxPackets", "[J"); - gNetworkStatsClassInfo.txBytes = GetFieldIDOrDie(env, clazz, "txBytes", "[J"); - gNetworkStatsClassInfo.txPackets = GetFieldIDOrDie(env, clazz, "txPackets", "[J"); - gNetworkStatsClassInfo.operations = GetFieldIDOrDie(env, clazz, "operations", "[J"); + jclass clazz = env->FindClass("android/net/NetworkStats"); + gNetworkStatsClassInfo.size = env->GetFieldID(clazz, "size", "I"); + gNetworkStatsClassInfo.capacity = env->GetFieldID(clazz, "capacity", "I"); + gNetworkStatsClassInfo.iface = env->GetFieldID(clazz, "iface", "[Ljava/lang/String;"); + gNetworkStatsClassInfo.uid = env->GetFieldID(clazz, "uid", "[I"); + gNetworkStatsClassInfo.set = env->GetFieldID(clazz, "set", "[I"); + gNetworkStatsClassInfo.tag = env->GetFieldID(clazz, "tag", "[I"); + gNetworkStatsClassInfo.metered = env->GetFieldID(clazz, "metered", "[I"); + gNetworkStatsClassInfo.roaming = env->GetFieldID(clazz, "roaming", "[I"); + gNetworkStatsClassInfo.defaultNetwork = env->GetFieldID(clazz, "defaultNetwork", "[I"); + gNetworkStatsClassInfo.rxBytes = env->GetFieldID(clazz, "rxBytes", "[J"); + gNetworkStatsClassInfo.rxPackets = env->GetFieldID(clazz, "rxPackets", "[J"); + gNetworkStatsClassInfo.txBytes = env->GetFieldID(clazz, "txBytes", "[J"); + gNetworkStatsClassInfo.txPackets = env->GetFieldID(clazz, "txPackets", "[J"); + gNetworkStatsClassInfo.operations = env->GetFieldID(clazz, "operations", "[J"); return err; } From b2dc0fca0be06e098ff888391fec80864706edcf Mon Sep 17 00:00:00 2001 From: Lorenzo Colitti Date: Thu, 4 Apr 2019 09:18:29 -0700 Subject: [PATCH 16/32] Fix flaky UdpEncapsulationSocket test This commit reduces the flakiness of the testOpenAndCloseUdpEncapsulationSocket by retrying up to three times. Unfortunately, testing port-selected socket creation is racy against other applications. This helps to handle the same race condition as done in IpSecService#bindToRandomPort Bug: 128024100 Test: 200x runs of testOpenAndCloseUdpEncapsulationSocket Change-Id: I7e036ce821019dbac6c50899bd0894e89d2fe82a Merged-In: Idf040a67e53d9b9ec6e6c647ce24f8ada501d355 Merged-In: Iad9aea4b42cd8b31a5a2659bb9cb54dd1c64e8b7 (cherry picked from commit 614ab3dd4e49e9b664f5065983fb9067148fef12) --- services/core/java/com/android/server/IpSecService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 126bf65565..2cfcecca5f 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -96,9 +96,10 @@ public class IpSecService extends IIpSecService.Stub { new int[] {OsConstants.AF_INET, OsConstants.AF_INET6}; private static final int NETD_FETCH_TIMEOUT_MS = 5000; // ms - private static final int MAX_PORT_BIND_ATTEMPTS = 10; private static final InetAddress INADDR_ANY; + @VisibleForTesting static final int MAX_PORT_BIND_ATTEMPTS = 10; + static { try { INADDR_ANY = InetAddress.getByAddress(new byte[] {0, 0, 0, 0}); From 098b1e8ab04b3cd6c76a1d66378212028ccf891b Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Tue, 9 Apr 2019 11:31:46 -0700 Subject: [PATCH 17/32] Fix remove-before-add for IpSecService RefcountedResource This patch fixes a bug where if a binder dies before the linkToDeath call, the cleanup will be performed before the entry is added to the array. While it is safe in that quotas and tracking performs as per normal, the RefcountedRecord may not be cleaned up. Rethrowing this exception is safe, since the only paths that would hit this are all on binder threads coming from applications. Further, it seems there is only one real way of this getting hit - if the app that called the creation died during the binder call. Bug: 126802451 Test: Compiled, CTS tests passing Change-Id: Ib955acaa5e498c0e977cb5f2e48cffbc9fea8c7c Merged-In: I6db75853da9f29e1573512e26351623f22770c5d Merged-In: I416c2e43961ec0e1cc6b2fbcef970fbce858603b Merged-In: Ib955acaa5e498c0e977cb5f2e48cffbc9fea8c7c (cherry picked from commit 6c089d90bfa728e9842de0f5947f0c557c62dea0) --- services/core/java/com/android/server/IpSecService.java | 1 + 1 file changed, 1 insertion(+) diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 2cfcecca5f..2055b64483 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -208,6 +208,7 @@ public class IpSecService extends IIpSecService.Stub { mBinder.linkToDeath(this, 0); } catch (RemoteException e) { binderDied(); + e.rethrowFromSystemServer(); } } } From 8757df33e42ac7377a487e39955c98006fe30b52 Mon Sep 17 00:00:00 2001 From: Chiachang Wang Date: Tue, 9 Apr 2019 23:24:41 -0700 Subject: [PATCH 18/32] Enforce NETWORK_STACK permission for calling NSS#forceUpdateIfaces ConnectivityManager and its usages are removed from NetworkStatsService. After that, forceUpdateIfaces requires information that only ConnectivityService has, hence restricting the calling permission to NETWORK_STACK or MAINLINE_NETWORK_STACK permission. The required permission will be changed from READ_NETWORK_USAGE_HISTORY to NETWORK_STACK or MAINLINE_NETWORK_STACK. This change would make it impossible to call outside the system. Bug: 126830974 Test: atest FrameworksNetTests Merged-In: I1b26dc64eaab2151e6885fd01cc5e8d4e18c4e60 Change-Id: I4ea421e4126a45f65d25fe0bec74243a3b20aeab (cherry picked from commit 6b895dea25b4fca87d275bb78367411623ded1d4) --- .../core/java/com/android/server/net/NetworkStatsService.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index 15599111f6..f34ace55a7 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -25,6 +25,7 @@ import static android.content.Intent.ACTION_USER_REMOVED; import static android.content.Intent.EXTRA_UID; import static android.net.ConnectivityManager.ACTION_TETHER_STATE_CHANGED; import static android.net.ConnectivityManager.isNetworkTypeMobile; +import static android.net.NetworkStack.checkNetworkStackPermission; import static android.net.NetworkStats.DEFAULT_NETWORK_ALL; import static android.net.NetworkStats.IFACE_ALL; import static android.net.NetworkStats.INTERFACES_ALL; @@ -866,7 +867,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { VpnInfo[] vpnArray, NetworkState[] networkStates, String activeIface) { - mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG); + checkNetworkStackPermission(mContext); assertBandwidthControlEnabled(); final long token = Binder.clearCallingIdentity(); From 65081e4cf6a736e9300fb0a99ee531a9e446b4a6 Mon Sep 17 00:00:00 2001 From: Chalard Jean Date: Tue, 9 Apr 2019 11:16:56 +0900 Subject: [PATCH 19/32] Move TrafficStats tags for the network stack constants As per API council feedback, these constants should live in a place that is private to the network stack, only with a range defined in system API. Bug: 129433383 Test: m Change-Id: I84a90f84a9af6fef4667ee4d512ebd0413222086 (cherry picked from commit 79a6330650ca04bd7a08afbd63f8016a3b30bc72) --- core/java/android/net/TrafficStats.java | 55 +++++++++++++++++-------- 1 file changed, 37 insertions(+), 18 deletions(-) diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java index 49c6f74b1a..4332d8abbc 100644 --- a/core/java/android/net/TrafficStats.java +++ b/core/java/android/net/TrafficStats.java @@ -89,6 +89,42 @@ public class TrafficStats { */ public static final int UID_TETHERING = -5; + /** + * Tag values in this range are reserved for the network stack. The network stack is + * running as UID {@link android.os.Process.NETWORK_STACK_UID} when in the mainline + * module separate process, and as the system UID otherwise. + */ + /** @hide */ + @SystemApi + public static final int TAG_NETWORK_STACK_RANGE_START = 0xFFFFFD00; + /** @hide */ + @SystemApi + public static final int TAG_NETWORK_STACK_RANGE_END = 0xFFFFFEFF; + + /** + * Tags between 0xFFFFFF00 and 0xFFFFFFFF are reserved and used internally by system services + * like DownloadManager when performing traffic on behalf of an application. + */ + // Please note there is no enforcement of these constants, so do not rely on them to + // determine that the caller is a system caller. + /** @hide */ + @SystemApi + public static final int TAG_SYSTEM_IMPERSONATION_RANGE_START = 0xFFFFFF00; + /** @hide */ + @SystemApi + public static final int TAG_SYSTEM_IMPERSONATION_RANGE_END = 0xFFFFFF0F; + + /** + * Tag values between these ranges are reserved for the network stack to do traffic + * on behalf of applications. It is a subrange of the range above. + */ + /** @hide */ + @SystemApi + public static final int TAG_NETWORK_STACK_IMPERSONATION_RANGE_START = 0xFFFFFF80; + /** @hide */ + @SystemApi + public static final int TAG_NETWORK_STACK_IMPERSONATION_RANGE_END = 0xFFFFFF8F; + /** * Default tag value for {@link DownloadManager} traffic. * @@ -127,26 +163,9 @@ public class TrafficStats { */ public static final int TAG_SYSTEM_APP = 0xFFFFFF05; + // TODO : remove this constant when Wifi code is updated /** @hide */ - @SystemApi - @TestApi - public static final int TAG_SYSTEM_DHCP = 0xFFFFFF40; - /** @hide */ - public static final int TAG_SYSTEM_NTP = 0xFFFFFF41; - /** @hide */ - @SystemApi - @TestApi public static final int TAG_SYSTEM_PROBE = 0xFFFFFF42; - /** @hide */ - public static final int TAG_SYSTEM_NEIGHBOR = 0xFFFFFF43; - /** @hide */ - public static final int TAG_SYSTEM_GPS = 0xFFFFFF44; - /** @hide */ - public static final int TAG_SYSTEM_PAC = 0xFFFFFF45; - /** @hide */ - @SystemApi - @TestApi - public static final int TAG_SYSTEM_DHCP_SERVER = 0xFFFFFF46; private static INetworkStatsService sStatsService; From a69a73ece7228520fbf55d32f18b176105594787 Mon Sep 17 00:00:00 2001 From: Chalard Jean Date: Tue, 9 Apr 2019 15:46:21 +0900 Subject: [PATCH 20/32] Restrict access to dangerous methods to <= P Test: make Fixes: 130143562 Change-Id: I1a6a472f83cf00a1ab174a9c5e67d3e9357a0c45 Merged-In: I95107f7b628eecb54e9f4411785186b668e9f3d8 Merged-In: I890030580fdad45c3f8589bf6adbe5798d578cfe (cherry picked from commit 0bb53dbb64bbc937a23e1dc7641c8988a6d11d64) --- core/java/android/net/TrafficStats.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/java/android/net/TrafficStats.java b/core/java/android/net/TrafficStats.java index 49c6f74b1a..5a22747cb4 100644 --- a/core/java/android/net/TrafficStats.java +++ b/core/java/android/net/TrafficStats.java @@ -25,6 +25,7 @@ import android.app.backup.BackupManager; import android.app.usage.NetworkStatsManager; import android.content.Context; import android.media.MediaPlayer; +import android.os.Build; import android.os.RemoteException; import android.os.ServiceManager; import android.util.DataUnit; @@ -150,7 +151,7 @@ public class TrafficStats { private static INetworkStatsService sStatsService; - @UnsupportedAppUsage + @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 130143562) private synchronized static INetworkStatsService getStatsService() { if (sStatsService == null) { sStatsService = INetworkStatsService.Stub.asInterface( @@ -960,7 +961,7 @@ public class TrafficStats { * Interfaces are never removed from this list, so counters should always be * monotonic. */ - @UnsupportedAppUsage + @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 130143562) private static String[] getMobileIfaces() { try { return getStatsService().getMobileIfaces(); From aeb31b53c678a5f7ae4af2f856f0484d098a3938 Mon Sep 17 00:00:00 2001 From: Chenbo Feng Date: Thu, 11 Apr 2019 18:44:45 -0700 Subject: [PATCH 21/32] Add a lock to protect persistent stats snapshot Since the network stats could be polled from multiple services at runtime, it is not thread safe for networkStatsFactory to hold a persistent stats snapshot without any protection. Use a internal lock to prevent concurrent modification on mPersistentSnapshot to fix the problem. Bug: 124764595 Test: android.app.usage.cts.NetworkUsageStatsTest android.net.cts.TrafficStatsTest Change-Id: I73851336452110afb74d6dd1ca5e50047d5b3d4a Merged-In: I73851336452110afb74d6dd1ca5e50047d5b3d4a Merged-In: I22afb46f17697e8b6359d4f593802e0f4b95db8b (cherry picked from commit 25243b4eb93c234412a35f9e5d9f1649f8964f83) --- .../server/net/NetworkStatsFactory.java | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/services/core/java/com/android/server/net/NetworkStatsFactory.java b/services/core/java/com/android/server/net/NetworkStatsFactory.java index af299cf66d..174f60091d 100644 --- a/services/core/java/com/android/server/net/NetworkStatsFactory.java +++ b/services/core/java/com/android/server/net/NetworkStatsFactory.java @@ -28,6 +28,7 @@ import android.net.NetworkStats; import android.os.StrictMode; import android.os.SystemClock; +import com.android.internal.annotations.GuardedBy; import com.android.internal.annotations.VisibleForTesting; import com.android.internal.util.ArrayUtils; import com.android.internal.util.ProcFileReader; @@ -65,6 +66,7 @@ public class NetworkStatsFactory { private boolean mUseBpfStats; // A persistent Snapshot since device start for eBPF stats + @GuardedBy("mPersistSnapshot") private final NetworkStats mPersistSnapshot; // TODO: only do adjustments in NetworkStatsService and remove this. @@ -284,15 +286,17 @@ public class NetworkStatsFactory { stats = new NetworkStats(SystemClock.elapsedRealtime(), -1); } if (mUseBpfStats) { - if (nativeReadNetworkStatsDetail(stats, mStatsXtUid.getAbsolutePath(), UID_ALL, - null, TAG_ALL, mUseBpfStats) != 0) { - throw new IOException("Failed to parse network stats"); + synchronized (mPersistSnapshot) { + if (nativeReadNetworkStatsDetail(stats, mStatsXtUid.getAbsolutePath(), UID_ALL, + null, TAG_ALL, mUseBpfStats) != 0) { + throw new IOException("Failed to parse network stats"); + } + mPersistSnapshot.setElapsedRealtime(stats.getElapsedRealtime()); + mPersistSnapshot.combineAllValues(stats); + NetworkStats result = mPersistSnapshot.clone(); + result.filter(limitUid, limitIfaces, limitTag); + return result; } - mPersistSnapshot.setElapsedRealtime(stats.getElapsedRealtime()); - mPersistSnapshot.combineAllValues(stats); - NetworkStats result = mPersistSnapshot.clone(); - result.filter(limitUid, limitIfaces, limitTag); - return result; } else { if (nativeReadNetworkStatsDetail(stats, mStatsXtUid.getAbsolutePath(), limitUid, limitIfaces, limitTag, mUseBpfStats) != 0) { From 10fac71887cc3ed804693422497307a027cab50e Mon Sep 17 00:00:00 2001 From: Chenbo Feng Date: Wed, 27 Feb 2019 19:07:39 -0800 Subject: [PATCH 22/32] Ask netd to swap stats map before reading To avoid protentail race problem between netd and system_server when reading the network stats map. Always inform netd before reading the stats and let netd to do a swap between active stats map and inactive stats map. So the system_server can safely remove the stats after reading. Bug: 126620214 Test: android.app.usage.cts.NetworkUsageStatsTest android.net.cts.TrafficStatsTest Change-Id: I8fa37c26bec23ffca0b29b679e72ba1189f557f1 Merged-In: I8fa37c26bec23ffca0b29b679e72ba1189f557f1 (cherry picked from commit f729cb5fd654a0f099128734f849800fde9ba525) --- .../server/net/NetworkStatsFactory.java | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/services/core/java/com/android/server/net/NetworkStatsFactory.java b/services/core/java/com/android/server/net/NetworkStatsFactory.java index 174f60091d..69efd02dea 100644 --- a/services/core/java/com/android/server/net/NetworkStatsFactory.java +++ b/services/core/java/com/android/server/net/NetworkStatsFactory.java @@ -24,7 +24,10 @@ import static android.net.NetworkStats.UID_ALL; import static com.android.server.NetworkManagementSocketTagger.kernelToTag; import android.annotation.Nullable; +import android.net.INetd; import android.net.NetworkStats; +import android.net.util.NetdService; +import android.os.RemoteException; import android.os.StrictMode; import android.os.SystemClock; @@ -65,6 +68,8 @@ public class NetworkStatsFactory { private boolean mUseBpfStats; + private INetd mNetdService; + // A persistent Snapshot since device start for eBPF stats @GuardedBy("mPersistSnapshot") private final NetworkStats mPersistSnapshot; @@ -274,6 +279,19 @@ public class NetworkStatsFactory { return stats; } + @GuardedBy("mPersistSnapshot") + private void requestSwapActiveStatsMapLocked() throws RemoteException { + // Ask netd to do a active map stats swap. When the binder call successfully returns, + // the system server should be able to safely read and clean the inactive map + // without race problem. + if (mUseBpfStats) { + if (mNetdService == null) { + mNetdService = NetdService.getInstance(); + } + mNetdService.trafficSwapActiveStatsMap(); + } + } + // TODO: delete the lastStats parameter private NetworkStats readNetworkStatsDetailInternal(int limitUid, String[] limitIfaces, int limitTag, NetworkStats lastStats) throws IOException { @@ -287,6 +305,13 @@ public class NetworkStatsFactory { } if (mUseBpfStats) { synchronized (mPersistSnapshot) { + try { + requestSwapActiveStatsMapLocked(); + } catch (RemoteException e) { + throw new IOException(e); + } + // Stats are always read from the inactive map, so they must be read after the + // swap if (nativeReadNetworkStatsDetail(stats, mStatsXtUid.getAbsolutePath(), UID_ALL, null, TAG_ALL, mUseBpfStats) != 0) { throw new IOException("Failed to parse network stats"); From c45974b0d6c82eb6a0db8dc5a1375e81c86ab63b Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Mon, 16 Jul 2018 14:56:20 -0700 Subject: [PATCH 23/32] Add EPROTONOSUPPORT to IpSecManager SSE map This change maps EPROTONOSUPPORT to the list of error codes that map to UnsupportedOperationException in IpSecManager. Bug: 80103456 Test: Compiles, CTS tests ran Change-Id: Iec3d5fc4a9bcad7c104414afefae775232d46558 Merged-In: Iec3d5fc4a9bcad7c104414afefae775232d46558 (cherry picked from commit dcbc670688d815ce89954765fac46aa2ad6d8adb) --- core/java/android/net/IpSecManager.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java index 1145d5bd4d..7d34381f73 100644 --- a/core/java/android/net/IpSecManager.java +++ b/core/java/android/net/IpSecManager.java @@ -947,7 +947,8 @@ public final class IpSecManager { throw new IllegalArgumentException(sse); } else if (sse.errorCode == OsConstants.EAGAIN) { throw new IllegalStateException(sse); - } else if (sse.errorCode == OsConstants.EOPNOTSUPP) { + } else if (sse.errorCode == OsConstants.EOPNOTSUPP + || sse.errorCode == OsConstants.EPROTONOSUPPORT) { throw new UnsupportedOperationException(sse); } } From e9763752c7a015db13de6e29ec4d3b7988cb83d8 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Thu, 8 Nov 2018 19:45:34 -0800 Subject: [PATCH 24/32] Add IPsec checks for IPSEC_TUNNEL feature This patch adds checks to ensure that the IPSEC_TUNNEL feature flag is enabled. Bug: 117183273 Test: Compiles & tests passing Change-Id: I2699dda29e1eed139bc6fd1b70071e5ab33cad88 --- core/java/android/net/IpSecManager.java | 6 ++++++ core/java/android/net/IpSecTransform.java | 3 +++ .../java/com/android/server/IpSecService.java | 20 ++++++++++++------- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/core/java/android/net/IpSecManager.java b/core/java/android/net/IpSecManager.java index 1145d5bd4d..61fa04aed0 100644 --- a/core/java/android/net/IpSecManager.java +++ b/core/java/android/net/IpSecManager.java @@ -19,11 +19,13 @@ import static com.android.internal.util.Preconditions.checkNotNull; import android.annotation.IntDef; import android.annotation.NonNull; +import android.annotation.RequiresFeature; import android.annotation.RequiresPermission; import android.annotation.SystemApi; import android.annotation.SystemService; import android.annotation.TestApi; import android.content.Context; +import android.content.pm.PackageManager; import android.os.Binder; import android.os.ParcelFileDescriptor; import android.os.RemoteException; @@ -749,6 +751,7 @@ public final class IpSecManager { * @hide */ @SystemApi + @RequiresFeature(PackageManager.FEATURE_IPSEC_TUNNELS) @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) public void addAddress(@NonNull InetAddress address, int prefixLen) throws IOException { try { @@ -771,6 +774,7 @@ public final class IpSecManager { * @hide */ @SystemApi + @RequiresFeature(PackageManager.FEATURE_IPSEC_TUNNELS) @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) public void removeAddress(@NonNull InetAddress address, int prefixLen) throws IOException { try { @@ -886,6 +890,7 @@ public final class IpSecManager { */ @SystemApi @NonNull + @RequiresFeature(PackageManager.FEATURE_IPSEC_TUNNELS) @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) public IpSecTunnelInterface createIpSecTunnelInterface(@NonNull InetAddress localAddress, @NonNull InetAddress remoteAddress, @NonNull Network underlyingNetwork) @@ -916,6 +921,7 @@ public final class IpSecManager { * @hide */ @SystemApi + @RequiresFeature(PackageManager.FEATURE_IPSEC_TUNNELS) @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) public void applyTunnelModeTransform(@NonNull IpSecTunnelInterface tunnel, @PolicyDirection int direction, @NonNull IpSecTransform transform) throws IOException { diff --git a/core/java/android/net/IpSecTransform.java b/core/java/android/net/IpSecTransform.java index e519fdf65e..36111f2a37 100644 --- a/core/java/android/net/IpSecTransform.java +++ b/core/java/android/net/IpSecTransform.java @@ -21,9 +21,11 @@ import static com.android.internal.util.Preconditions.checkNotNull; import android.annotation.IntDef; import android.annotation.NonNull; +import android.annotation.RequiresFeature; import android.annotation.RequiresPermission; import android.annotation.SystemApi; import android.content.Context; +import android.content.pm.PackageManager; import android.os.Binder; import android.os.Handler; import android.os.IBinder; @@ -483,6 +485,7 @@ public final class IpSecTransform implements AutoCloseable { */ @SystemApi @NonNull + @RequiresFeature(PackageManager.FEATURE_IPSEC_TUNNELS) @RequiresPermission(android.Manifest.permission.MANAGE_IPSEC_TUNNELS) public IpSecTransform buildTunnelModeTransform( @NonNull InetAddress sourceAddress, diff --git a/services/core/java/com/android/server/IpSecService.java b/services/core/java/com/android/server/IpSecService.java index 2055b64483..fe22dcda96 100644 --- a/services/core/java/com/android/server/IpSecService.java +++ b/services/core/java/com/android/server/IpSecService.java @@ -30,6 +30,7 @@ import static com.android.internal.util.Preconditions.checkNotNull; import android.annotation.NonNull; import android.app.AppOpsManager; import android.content.Context; +import android.content.pm.PackageManager; import android.net.IIpSecService; import android.net.INetd; import android.net.IpSecAlgorithm; @@ -1276,7 +1277,7 @@ public class IpSecService extends IIpSecService.Stub { public synchronized IpSecTunnelInterfaceResponse createTunnelInterface( String localAddr, String remoteAddr, Network underlyingNetwork, IBinder binder, String callingPackage) { - enforceTunnelPermissions(callingPackage); + enforceTunnelFeatureAndPermissions(callingPackage); checkNotNull(binder, "Null Binder passed to createTunnelInterface"); checkNotNull(underlyingNetwork, "No underlying network was specified"); checkInetAddress(localAddr); @@ -1362,7 +1363,7 @@ public class IpSecService extends IIpSecService.Stub { @Override public synchronized void addAddressToTunnelInterface( int tunnelResourceId, LinkAddress localAddr, String callingPackage) { - enforceTunnelPermissions(callingPackage); + enforceTunnelFeatureAndPermissions(callingPackage); UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); // Get tunnelInterface record; if no such interface is found, will throw @@ -1391,7 +1392,7 @@ public class IpSecService extends IIpSecService.Stub { @Override public synchronized void removeAddressFromTunnelInterface( int tunnelResourceId, LinkAddress localAddr, String callingPackage) { - enforceTunnelPermissions(callingPackage); + enforceTunnelFeatureAndPermissions(callingPackage); UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); // Get tunnelInterface record; if no such interface is found, will throw @@ -1420,7 +1421,7 @@ public class IpSecService extends IIpSecService.Stub { @Override public synchronized void deleteTunnelInterface( int resourceId, String callingPackage) throws RemoteException { - enforceTunnelPermissions(callingPackage); + enforceTunnelFeatureAndPermissions(callingPackage); UserRecord userRecord = mUserResourceTracker.getUserRecord(Binder.getCallingUid()); releaseResource(userRecord.mTunnelInterfaceRecords, resourceId); } @@ -1549,7 +1550,12 @@ public class IpSecService extends IIpSecService.Stub { private static final String TUNNEL_OP = AppOpsManager.OPSTR_MANAGE_IPSEC_TUNNELS; - private void enforceTunnelPermissions(String callingPackage) { + private void enforceTunnelFeatureAndPermissions(String callingPackage) { + if (!mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_IPSEC_TUNNELS)) { + throw new UnsupportedOperationException( + "IPsec Tunnel Mode requires PackageManager.FEATURE_IPSEC_TUNNELS"); + } + checkNotNull(callingPackage, "Null calling package cannot create IpSec tunnels"); switch (getAppOpsManager().noteOp(TUNNEL_OP, Binder.getCallingUid(), callingPackage)) { case AppOpsManager.MODE_DEFAULT: @@ -1621,7 +1627,7 @@ public class IpSecService extends IIpSecService.Stub { IpSecConfig c, IBinder binder, String callingPackage) throws RemoteException { checkNotNull(c); if (c.getMode() == IpSecTransform.MODE_TUNNEL) { - enforceTunnelPermissions(callingPackage); + enforceTunnelFeatureAndPermissions(callingPackage); } checkIpSecConfig(c); checkNotNull(binder, "Null Binder passed to createTransform"); @@ -1729,7 +1735,7 @@ public class IpSecService extends IIpSecService.Stub { public synchronized void applyTunnelModeTransform( int tunnelResourceId, int direction, int transformResourceId, String callingPackage) throws RemoteException { - enforceTunnelPermissions(callingPackage); + enforceTunnelFeatureAndPermissions(callingPackage); checkDirection(direction); int callingUid = Binder.getCallingUid(); From 3c6fb30f243e0a62c02b3e7ef8f9e834188fc3f8 Mon Sep 17 00:00:00 2001 From: Lei Yu Date: Thu, 9 May 2019 11:53:57 -0700 Subject: [PATCH 25/32] Use merged NetworkTemplate to query data usage This CL uses merged NetworkTemplate so that it shows correct data for carrier which is a virtual that has multiple subscriberId under the hood. By doing this, this CL also adds several hidden API so settings can query by NetworkTemplate directly. Fixes: 120566366 Test: RunSettingsLibRoboTests Change-Id: I8b747697933c75b48b14387adafb5ac9ca165926 --- .../app/usage/NetworkStatsManager.java | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/core/java/android/app/usage/NetworkStatsManager.java b/core/java/android/app/usage/NetworkStatsManager.java index 59ae3347f4..8e40449fa5 100644 --- a/core/java/android/app/usage/NetworkStatsManager.java +++ b/core/java/android/app/usage/NetworkStatsManager.java @@ -278,6 +278,12 @@ public class NetworkStatsManager { return null; } + return querySummary(template, startTime, endTime); + } + + /** @hide */ + public NetworkStats querySummary(NetworkTemplate template, long startTime, + long endTime) throws SecurityException, RemoteException { NetworkStats result; result = new NetworkStats(mContext, template, mFlags, startTime, endTime, mService); result.startSummaryEnumeration(); @@ -296,6 +302,13 @@ public class NetworkStatsManager { NetworkStats.Bucket.TAG_NONE, NetworkStats.Bucket.STATE_ALL); } + /** @hide */ + public NetworkStats queryDetailsForUid(NetworkTemplate template, + long startTime, long endTime, int uid) throws SecurityException { + return queryDetailsForUidTagState(template, startTime, endTime, uid, + NetworkStats.Bucket.TAG_NONE, NetworkStats.Bucket.STATE_ALL); + } + /** * Query network usage statistics details for a given uid and tag. * @@ -340,6 +353,13 @@ public class NetworkStatsManager { NetworkTemplate template; template = createTemplate(networkType, subscriberId); + return queryDetailsForUidTagState(template, startTime, endTime, uid, tag, state); + } + + /** @hide */ + public NetworkStats queryDetailsForUidTagState(NetworkTemplate template, + long startTime, long endTime, int uid, int tag, int state) throws SecurityException { + NetworkStats result; try { result = new NetworkStats(mContext, template, mFlags, startTime, endTime, mService); From 921b3f3e85c684c2393c4cb1c641c52a1e8d93a6 Mon Sep 17 00:00:00 2001 From: Varun Anand Date: Sun, 17 Feb 2019 23:43:25 -0800 Subject: [PATCH 26/32] Take all VPN underlying networks into account when migrating traffic for VPN uid. (cherry picked from commit c8dbdf35debf616ca2ed13345c3bf7a3feace6da) Bug: 113122541 Bug: 120145746 Test: atest FrameworksNetTests Test: Manually verified on device that stats from VPN UID are moved appropriately based on its declared underlying network set. Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java Change-Id: I7f368c5970b2dcb969fe0daf5ef44edb1f51d09d --- core/java/android/net/NetworkStats.java | 330 +++++++++++------- .../server/net/NetworkStatsRecorder.java | 6 +- 2 files changed, 214 insertions(+), 122 deletions(-) diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index e892b650bf..f09f2ee223 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -18,6 +18,7 @@ package android.net; import static android.os.Process.CLAT_UID; +import android.annotation.NonNull; import android.annotation.UnsupportedAppUsage; import android.os.Parcel; import android.os.Parcelable; @@ -1175,133 +1176,217 @@ public class NetworkStats implements Parcelable { /** * VPN accounting. Move some VPN's underlying traffic to other UIDs that use tun0 iface. * - * This method should only be called on delta NetworkStats. Do not call this method on a - * snapshot {@link NetworkStats} object because the tunUid and/or the underlyingIface may - * change over time. + *

This method should only be called on delta NetworkStats. Do not call this method on a + * snapshot {@link NetworkStats} object because the tunUid and/or the underlyingIface may change + * over time. * - * This method performs adjustments for one active VPN package and one VPN iface at a time. - * - * It is possible for the VPN software to use multiple underlying networks. This method - * only migrates traffic for the primary underlying network. + *

This method performs adjustments for one active VPN package and one VPN iface at a time. * * @param tunUid uid of the VPN application * @param tunIface iface of the vpn tunnel - * @param underlyingIface the primary underlying network iface used by the VPN application - * @return true if it successfully adjusts the accounting for VPN, false otherwise + * @param underlyingIfaces underlying network ifaces used by the VPN application */ - public boolean migrateTun(int tunUid, String tunIface, String underlyingIface) { - Entry tunIfaceTotal = new Entry(); - Entry underlyingIfaceTotal = new Entry(); + public void migrateTun(int tunUid, @NonNull String tunIface, + @NonNull String[] underlyingIfaces) { + // Combined usage by all apps using VPN. + final Entry tunIfaceTotal = new Entry(); + // Usage by VPN, grouped by its {@code underlyingIfaces}. + final Entry[] perInterfaceTotal = new Entry[underlyingIfaces.length]; + // Usage by VPN, summed across all its {@code underlyingIfaces}. + final Entry underlyingIfacesTotal = new Entry(); - tunAdjustmentInit(tunUid, tunIface, underlyingIface, tunIfaceTotal, underlyingIfaceTotal); + for (int i = 0; i < perInterfaceTotal.length; i++) { + perInterfaceTotal[i] = new Entry(); + } - // If tunIface < underlyingIface, it leaves the overhead traffic in the VPN app. - // If tunIface > underlyingIface, the VPN app doesn't get credit for data compression. + tunAdjustmentInit(tunUid, tunIface, underlyingIfaces, tunIfaceTotal, perInterfaceTotal, + underlyingIfacesTotal); + + // If tunIface < underlyingIfacesTotal, it leaves the overhead traffic in the VPN app. + // If tunIface > underlyingIfacesTotal, the VPN app doesn't get credit for data compression. // Negative stats should be avoided. - Entry pool = tunGetPool(tunIfaceTotal, underlyingIfaceTotal); - if (pool.isEmpty()) { - return true; - } - Entry moved = - addTrafficToApplications(tunUid, tunIface, underlyingIface, tunIfaceTotal, pool); - deductTrafficFromVpnApp(tunUid, underlyingIface, moved); - - if (!moved.isEmpty()) { - Slog.wtf(TAG, "Failed to deduct underlying network traffic from VPN package. Moved=" - + moved); - return false; - } - return true; + final Entry[] moved = + addTrafficToApplications(tunUid, tunIface, underlyingIfaces, tunIfaceTotal, + perInterfaceTotal, underlyingIfacesTotal); + deductTrafficFromVpnApp(tunUid, underlyingIfaces, moved); } /** * Initializes the data used by the migrateTun() method. * - * This is the first pass iteration which does the following work: - * (1) Adds up all the traffic through the tunUid's underlyingIface - * (both foreground and background). - * (2) Adds up all the traffic through tun0 excluding traffic from the vpn app itself. + *

This is the first pass iteration which does the following work: + * + *

    + *
  • Adds up all the traffic through the tunUid's underlyingIfaces (both foreground and + * background). + *
  • Adds up all the traffic through tun0 excluding traffic from the vpn app itself. + *
+ * + * @param tunUid uid of the VPN application + * @param tunIface iface of the vpn tunnel + * @param underlyingIfaces underlying network ifaces used by the VPN application + * @param tunIfaceTotal output parameter; combined data usage by all apps using VPN + * @param perInterfaceTotal output parameter; data usage by VPN app, grouped by its {@code + * underlyingIfaces} + * @param underlyingIfacesTotal output parameter; data usage by VPN, summed across all of its + * {@code underlyingIfaces} */ - private void tunAdjustmentInit(int tunUid, String tunIface, String underlyingIface, - Entry tunIfaceTotal, Entry underlyingIfaceTotal) { - Entry recycle = new Entry(); + private void tunAdjustmentInit(int tunUid, @NonNull String tunIface, + @NonNull String[] underlyingIfaces, @NonNull Entry tunIfaceTotal, + @NonNull Entry[] perInterfaceTotal, @NonNull Entry underlyingIfacesTotal) { + final Entry recycle = new Entry(); for (int i = 0; i < size; i++) { getValues(i, recycle); if (recycle.uid == UID_ALL) { throw new IllegalStateException( "Cannot adjust VPN accounting on an iface aggregated NetworkStats."); - } if (recycle.set == SET_DBG_VPN_IN || recycle.set == SET_DBG_VPN_OUT) { + } + if (recycle.set == SET_DBG_VPN_IN || recycle.set == SET_DBG_VPN_OUT) { throw new IllegalStateException( "Cannot adjust VPN accounting on a NetworkStats containing SET_DBG_VPN_*"); } - - if (recycle.uid == tunUid && recycle.tag == TAG_NONE - && Objects.equals(underlyingIface, recycle.iface)) { - underlyingIfaceTotal.add(recycle); + if (recycle.tag != TAG_NONE) { + // TODO(b/123666283): Take all tags for tunUid into account. + continue; } - if (recycle.uid != tunUid && recycle.tag == TAG_NONE - && Objects.equals(tunIface, recycle.iface)) { + if (recycle.uid == tunUid) { + // Add up traffic through tunUid's underlying interfaces. + for (int j = 0; j < underlyingIfaces.length; j++) { + if (Objects.equals(underlyingIfaces[j], recycle.iface)) { + perInterfaceTotal[j].add(recycle); + underlyingIfacesTotal.add(recycle); + break; + } + } + } else if (tunIface.equals(recycle.iface)) { // Add up all tunIface traffic excluding traffic from the vpn app itself. tunIfaceTotal.add(recycle); } } } - private static Entry tunGetPool(Entry tunIfaceTotal, Entry underlyingIfaceTotal) { - Entry pool = new Entry(); - pool.rxBytes = Math.min(tunIfaceTotal.rxBytes, underlyingIfaceTotal.rxBytes); - pool.rxPackets = Math.min(tunIfaceTotal.rxPackets, underlyingIfaceTotal.rxPackets); - pool.txBytes = Math.min(tunIfaceTotal.txBytes, underlyingIfaceTotal.txBytes); - pool.txPackets = Math.min(tunIfaceTotal.txPackets, underlyingIfaceTotal.txPackets); - pool.operations = Math.min(tunIfaceTotal.operations, underlyingIfaceTotal.operations); - return pool; - } + /** + * Distributes traffic across apps that are using given {@code tunIface}, and returns the total + * traffic that should be moved off of {@code tunUid} grouped by {@code underlyingIfaces}. + * + * @param tunUid uid of the VPN application + * @param tunIface iface of the vpn tunnel + * @param underlyingIfaces underlying network ifaces used by the VPN application + * @param tunIfaceTotal combined data usage across all apps using {@code tunIface} + * @param perInterfaceTotal data usage by VPN app, grouped by its {@code underlyingIfaces} + * @param underlyingIfacesTotal data usage by VPN, summed across all of its {@code + * underlyingIfaces} + */ + private Entry[] addTrafficToApplications(int tunUid, @NonNull String tunIface, + @NonNull String[] underlyingIfaces, @NonNull Entry tunIfaceTotal, + @NonNull Entry[] perInterfaceTotal, @NonNull Entry underlyingIfacesTotal) { + // Traffic that should be moved off of each underlying interface for tunUid (see + // deductTrafficFromVpnApp below). + final Entry[] moved = new Entry[underlyingIfaces.length]; + for (int i = 0; i < underlyingIfaces.length; i++) { + moved[i] = new Entry(); + } - private Entry addTrafficToApplications(int tunUid, String tunIface, String underlyingIface, - Entry tunIfaceTotal, Entry pool) { - Entry moved = new Entry(); - Entry tmpEntry = new Entry(); - tmpEntry.iface = underlyingIface; + final Entry tmpEntry = new Entry(); for (int i = 0; i < size; i++) { - // the vpn app is excluded from the redistribution but all moved traffic will be - // deducted from the vpn app (see deductTrafficFromVpnApp below). - if (Objects.equals(iface[i], tunIface) && uid[i] != tunUid) { - if (tunIfaceTotal.rxBytes > 0) { - tmpEntry.rxBytes = pool.rxBytes * rxBytes[i] / tunIfaceTotal.rxBytes; - } else { - tmpEntry.rxBytes = 0; - } - if (tunIfaceTotal.rxPackets > 0) { - tmpEntry.rxPackets = pool.rxPackets * rxPackets[i] / tunIfaceTotal.rxPackets; - } else { - tmpEntry.rxPackets = 0; - } - if (tunIfaceTotal.txBytes > 0) { - tmpEntry.txBytes = pool.txBytes * txBytes[i] / tunIfaceTotal.txBytes; - } else { - tmpEntry.txBytes = 0; - } - if (tunIfaceTotal.txPackets > 0) { - tmpEntry.txPackets = pool.txPackets * txPackets[i] / tunIfaceTotal.txPackets; - } else { - tmpEntry.txPackets = 0; - } - if (tunIfaceTotal.operations > 0) { - tmpEntry.operations = - pool.operations * operations[i] / tunIfaceTotal.operations; - } else { - tmpEntry.operations = 0; - } - tmpEntry.uid = uid[i]; - tmpEntry.tag = tag[i]; + if (!Objects.equals(iface[i], tunIface)) { + // Consider only entries that go onto the VPN interface. + continue; + } + if (uid[i] == tunUid) { + // Exclude VPN app from the redistribution, as it can choose to create packet + // streams by writing to itself. + continue; + } + tmpEntry.uid = uid[i]; + tmpEntry.tag = tag[i]; + tmpEntry.metered = metered[i]; + tmpEntry.roaming = roaming[i]; + tmpEntry.defaultNetwork = defaultNetwork[i]; + + // In a first pass, compute each UID's total share of data across all underlyingIfaces. + // This is computed on the basis of the share of each UID's usage over tunIface. + // TODO: Consider refactoring first pass into a separate helper method. + long totalRxBytes = 0; + if (tunIfaceTotal.rxBytes > 0) { + // Note - The multiplication below should not overflow since NetworkStatsService + // processes this every time device has transmitted/received amount equivalent to + // global threshold alert (~ 2MB) across all interfaces. + final long rxBytesAcrossUnderlyingIfaces = + underlyingIfacesTotal.rxBytes * rxBytes[i] / tunIfaceTotal.rxBytes; + // app must not be blamed for more than it consumed on tunIface + totalRxBytes = Math.min(rxBytes[i], rxBytesAcrossUnderlyingIfaces); + } + long totalRxPackets = 0; + if (tunIfaceTotal.rxPackets > 0) { + final long rxPacketsAcrossUnderlyingIfaces = + underlyingIfacesTotal.rxPackets * rxPackets[i] / tunIfaceTotal.rxPackets; + totalRxPackets = Math.min(rxPackets[i], rxPacketsAcrossUnderlyingIfaces); + } + long totalTxBytes = 0; + if (tunIfaceTotal.txBytes > 0) { + final long txBytesAcrossUnderlyingIfaces = + underlyingIfacesTotal.txBytes * txBytes[i] / tunIfaceTotal.txBytes; + totalTxBytes = Math.min(txBytes[i], txBytesAcrossUnderlyingIfaces); + } + long totalTxPackets = 0; + if (tunIfaceTotal.txPackets > 0) { + final long txPacketsAcrossUnderlyingIfaces = + underlyingIfacesTotal.txPackets * txPackets[i] / tunIfaceTotal.txPackets; + totalTxPackets = Math.min(txPackets[i], txPacketsAcrossUnderlyingIfaces); + } + long totalOperations = 0; + if (tunIfaceTotal.operations > 0) { + final long operationsAcrossUnderlyingIfaces = + underlyingIfacesTotal.operations * operations[i] / tunIfaceTotal.operations; + totalOperations = Math.min(operations[i], operationsAcrossUnderlyingIfaces); + } + // In a second pass, distribute these values across interfaces in the proportion that + // each interface represents of the total traffic of the underlying interfaces. + for (int j = 0; j < underlyingIfaces.length; j++) { + tmpEntry.iface = underlyingIfaces[j]; + tmpEntry.rxBytes = 0; + // Reset 'set' to correct value since it gets updated when adding debug info below. tmpEntry.set = set[i]; - tmpEntry.metered = metered[i]; - tmpEntry.roaming = roaming[i]; - tmpEntry.defaultNetwork = defaultNetwork[i]; + if (underlyingIfacesTotal.rxBytes > 0) { + tmpEntry.rxBytes = + totalRxBytes + * perInterfaceTotal[j].rxBytes + / underlyingIfacesTotal.rxBytes; + } + tmpEntry.rxPackets = 0; + if (underlyingIfacesTotal.rxPackets > 0) { + tmpEntry.rxPackets = + totalRxPackets + * perInterfaceTotal[j].rxPackets + / underlyingIfacesTotal.rxPackets; + } + tmpEntry.txBytes = 0; + if (underlyingIfacesTotal.txBytes > 0) { + tmpEntry.txBytes = + totalTxBytes + * perInterfaceTotal[j].txBytes + / underlyingIfacesTotal.txBytes; + } + tmpEntry.txPackets = 0; + if (underlyingIfacesTotal.txPackets > 0) { + tmpEntry.txPackets = + totalTxPackets + * perInterfaceTotal[j].txPackets + / underlyingIfacesTotal.txPackets; + } + tmpEntry.operations = 0; + if (underlyingIfacesTotal.operations > 0) { + tmpEntry.operations = + totalOperations + * perInterfaceTotal[j].operations + / underlyingIfacesTotal.operations; + } + combineValues(tmpEntry); if (tag[i] == TAG_NONE) { - moved.add(tmpEntry); + moved[j].add(tmpEntry); // Add debug info tmpEntry.set = SET_DBG_VPN_IN; combineValues(tmpEntry); @@ -1311,38 +1396,45 @@ public class NetworkStats implements Parcelable { return moved; } - private void deductTrafficFromVpnApp(int tunUid, String underlyingIface, Entry moved) { - // Add debug info - moved.uid = tunUid; - moved.set = SET_DBG_VPN_OUT; - moved.tag = TAG_NONE; - moved.iface = underlyingIface; - moved.metered = METERED_ALL; - moved.roaming = ROAMING_ALL; - moved.defaultNetwork = DEFAULT_NETWORK_ALL; - combineValues(moved); + private void deductTrafficFromVpnApp( + int tunUid, + @NonNull String[] underlyingIfaces, + @NonNull Entry[] moved) { + for (int i = 0; i < underlyingIfaces.length; i++) { + // Add debug info + moved[i].uid = tunUid; + moved[i].set = SET_DBG_VPN_OUT; + moved[i].tag = TAG_NONE; + moved[i].iface = underlyingIfaces[i]; + moved[i].metered = METERED_ALL; + moved[i].roaming = ROAMING_ALL; + moved[i].defaultNetwork = DEFAULT_NETWORK_ALL; + combineValues(moved[i]); - // Caveat: if the vpn software uses tag, the total tagged traffic may be greater than - // the TAG_NONE traffic. - // - // Relies on the fact that the underlying traffic only has state ROAMING_NO and METERED_NO, - // which should be the case as it comes directly from the /proc file. We only blend in the - // roaming data after applying these adjustments, by checking the NetworkIdentity of the - // underlying iface. - int idxVpnBackground = findIndex(underlyingIface, tunUid, SET_DEFAULT, TAG_NONE, - METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); - if (idxVpnBackground != -1) { - tunSubtract(idxVpnBackground, this, moved); - } + // Caveat: if the vpn software uses tag, the total tagged traffic may be greater than + // the TAG_NONE traffic. + // + // Relies on the fact that the underlying traffic only has state ROAMING_NO and + // METERED_NO, which should be the case as it comes directly from the /proc file. + // We only blend in the roaming data after applying these adjustments, by checking the + // NetworkIdentity of the underlying iface. + final int idxVpnBackground = findIndex(underlyingIfaces[i], tunUid, SET_DEFAULT, + TAG_NONE, METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); + if (idxVpnBackground != -1) { + // Note - tunSubtract also updates moved[i]; whatever traffic that's left is removed + // from foreground usage. + tunSubtract(idxVpnBackground, this, moved[i]); + } - int idxVpnForeground = findIndex(underlyingIface, tunUid, SET_FOREGROUND, TAG_NONE, - METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); - if (idxVpnForeground != -1) { - tunSubtract(idxVpnForeground, this, moved); + final int idxVpnForeground = findIndex(underlyingIfaces[i], tunUid, SET_FOREGROUND, + TAG_NONE, METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); + if (idxVpnForeground != -1) { + tunSubtract(idxVpnForeground, this, moved[i]); + } } } - private static void tunSubtract(int i, NetworkStats left, Entry right) { + private static void tunSubtract(int i, @NonNull NetworkStats left, @NonNull Entry right) { long rxBytes = Math.min(left.rxBytes[i], right.rxBytes); left.rxBytes[i] -= rxBytes; right.rxBytes -= rxBytes; diff --git a/services/core/java/com/android/server/net/NetworkStatsRecorder.java b/services/core/java/com/android/server/net/NetworkStatsRecorder.java index a2e7e0cae9..bdff50053f 100644 --- a/services/core/java/com/android/server/net/NetworkStatsRecorder.java +++ b/services/core/java/com/android/server/net/NetworkStatsRecorder.java @@ -41,10 +41,10 @@ import com.android.internal.net.VpnInfo; import com.android.internal.util.FileRotator; import com.android.internal.util.IndentingPrintWriter; -import libcore.io.IoUtils; - import com.google.android.collect.Sets; +import libcore.io.IoUtils; + import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.File; @@ -234,7 +234,7 @@ public class NetworkStatsRecorder { if (vpnArray != null) { for (VpnInfo info : vpnArray) { - delta.migrateTun(info.ownerUid, info.vpnIface, info.primaryUnderlyingIface); + delta.migrateTun(info.ownerUid, info.vpnIface, info.underlyingIfaces); } } From 8481d9d55dda89bc6aa7f85ab683bf39c0b866de Mon Sep 17 00:00:00 2001 From: Varun Anand Date: Fri, 18 Jan 2019 19:22:48 -0800 Subject: [PATCH 27/32] NetworkStatsService: Fix getDetailedUidStats to take VPNs into account. (cherry picked from commit 720133f79d5b9ca9a87c1371695afb7b381b4042) This API is similar to one provided by NetworkStatsFactory with the difference that NSS also migrates traffic from VPN UID to other apps. Since traffic can only be migrated over NetworkStats delta, NSS therefore maintains NetworkStats snapshot across all UIDs/ifaces/tags. This snapshot gets updated whenever NSS records a new snapshot (based on various hooks such as VPN updating its underlying networks, network getting lost, etc.), or getDetailedUidStats API is invoked by one of its callers. Bug: 113122541 Bug: 120145746 Test: atest FrameworksNetTests Test: manually verified that battery stats are migrating traffic off of TUN (after patching above CL where we point BatteryStats to use this API). Change-Id: I4b8d7c5b6905a4a12c1806dfd35c2c4c63610404 --- core/java/android/net/NetworkStats.java | 29 +++++--- .../server/net/NetworkStatsFactory.java | 4 ++ .../server/net/NetworkStatsService.java | 70 ++++++++++++++++++- 3 files changed, 93 insertions(+), 10 deletions(-) diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index f09f2ee223..e8625f34f0 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -34,6 +34,7 @@ import libcore.util.EmptyArray; import java.io.CharArrayWriter; import java.io.PrintWriter; import java.util.Arrays; +import java.util.function.Predicate; import java.util.HashSet; import java.util.Map; import java.util.Objects; @@ -994,23 +995,33 @@ public class NetworkStats implements Parcelable { if (limitUid == UID_ALL && limitTag == TAG_ALL && limitIfaces == INTERFACES_ALL) { return; } + filter(e -> (limitUid == UID_ALL || limitUid == e.uid) + && (limitTag == TAG_ALL || limitTag == e.tag) + && (limitIfaces == INTERFACES_ALL + || ArrayUtils.contains(limitIfaces, e.iface))); + } + /** + * Only keep entries with {@link #set} value less than {@link #SET_DEBUG_START}. + * + *

This mutates the original structure in place. + */ + public void filterDebugEntries() { + filter(e -> e.set < SET_DEBUG_START); + } + + private void filter(Predicate predicate) { Entry entry = new Entry(); int nextOutputEntry = 0; for (int i = 0; i < size; i++) { entry = getValues(i, entry); - final boolean matches = - (limitUid == UID_ALL || limitUid == entry.uid) - && (limitTag == TAG_ALL || limitTag == entry.tag) - && (limitIfaces == INTERFACES_ALL - || ArrayUtils.contains(limitIfaces, entry.iface)); - - if (matches) { - setValues(nextOutputEntry, entry); + if (predicate.test(entry)) { + if (nextOutputEntry != i) { + setValues(nextOutputEntry, entry); + } nextOutputEntry++; } } - size = nextOutputEntry; } diff --git a/services/core/java/com/android/server/net/NetworkStatsFactory.java b/services/core/java/com/android/server/net/NetworkStatsFactory.java index 69efd02dea..473cc97b7e 100644 --- a/services/core/java/com/android/server/net/NetworkStatsFactory.java +++ b/services/core/java/com/android/server/net/NetworkStatsFactory.java @@ -263,6 +263,10 @@ public class NetworkStatsFactory { return stats; } + /** + * @deprecated Use NetworkStatsService#getDetailedUidStats which also accounts for + * VPN traffic + */ public NetworkStats readNetworkStatsDetail() throws IOException { return readNetworkStatsDetail(UID_ALL, null, TAG_ALL, null); } diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index f34ace55a7..a13368ff9d 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -293,6 +293,22 @@ public class NetworkStatsService extends INetworkStatsService.Stub { /** Data layer operation counters for splicing into other structures. */ private NetworkStats mUidOperations = new NetworkStats(0L, 10); + /** + * Snapshot containing most recent network stats for all UIDs across all interfaces and tags + * since boot. + * + *

Maintains migrated VPN stats which are result of performing TUN migration on {@link + * #mLastUidDetailSnapshot}. + */ + @GuardedBy("mStatsLock") + private NetworkStats mTunAdjustedStats; + /** + * Used by {@link #mTunAdjustedStats} to migrate VPN traffic over delta between this snapshot + * and latest snapshot. + */ + @GuardedBy("mStatsLock") + private NetworkStats mLastUidDetailSnapshot; + /** Must be set in factory by calling #setHandler. */ private Handler mHandler; private Handler.Callback mHandlerCallback; @@ -812,15 +828,39 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @Override public NetworkStats getDetailedUidStats(String[] requiredIfaces) { try { + // Get the latest snapshot from NetworkStatsFactory. + // TODO: Querying for INTERFACES_ALL may incur performance penalty. Consider restricting + // this to limited set of ifaces. + NetworkStats uidDetailStats = getNetworkStatsUidDetail(INTERFACES_ALL); + + // Migrate traffic from VPN UID over delta and update mTunAdjustedStats. + NetworkStats result; + synchronized (mStatsLock) { + migrateTunTraffic(uidDetailStats, mVpnInfos); + result = mTunAdjustedStats.clone(); + } + + // Apply filter based on ifacesToQuery. final String[] ifacesToQuery = NetworkStatsFactory.augmentWithStackedInterfaces(requiredIfaces); - return getNetworkStatsUidDetail(ifacesToQuery); + result.filter(UID_ALL, ifacesToQuery, TAG_ALL); + return result; } catch (RemoteException e) { Log.wtf(TAG, "Error compiling UID stats", e); return new NetworkStats(0L, 0); } } + @VisibleForTesting + NetworkStats getTunAdjustedStats() { + synchronized (mStatsLock) { + if (mTunAdjustedStats == null) { + return null; + } + return mTunAdjustedStats.clone(); + } + } + @Override public String[] getMobileIfaces() { return mMobileIfaces; @@ -1295,6 +1335,34 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // a race condition between the service handler thread and the observer's mStatsObservers.updateStats(xtSnapshot, uidSnapshot, new ArrayMap<>(mActiveIfaces), new ArrayMap<>(mActiveUidIfaces), vpnArray, currentTime); + + migrateTunTraffic(uidSnapshot, vpnArray); + } + + /** + * Updates {@link #mTunAdjustedStats} with the delta containing traffic migrated off of VPNs. + */ + @GuardedBy("mStatsLock") + private void migrateTunTraffic(NetworkStats uidDetailStats, VpnInfo[] vpnInfoArray) { + if (mTunAdjustedStats == null) { + // Either device booted or system server restarted, hence traffic cannot be migrated + // correctly without knowing the past state of VPN's underlying networks. + mTunAdjustedStats = uidDetailStats; + mLastUidDetailSnapshot = uidDetailStats; + return; + } + // Migrate delta traffic from VPN to other apps. + NetworkStats delta = uidDetailStats.subtract(mLastUidDetailSnapshot); + for (VpnInfo info : vpnInfoArray) { + delta.migrateTun(info.ownerUid, info.vpnIface, info.underlyingIfaces); + } + // Filter out debug entries as that may lead to over counting. + delta.filterDebugEntries(); + // Update #mTunAdjustedStats with migrated delta. + mTunAdjustedStats.combineAllValues(delta); + mTunAdjustedStats.setElapsedRealtime(uidDetailStats.getElapsedRealtime()); + // Update last snapshot. + mLastUidDetailSnapshot = uidDetailStats; } /** From 81e79803dea2c2c4474f1d9cf84384bed2ff65c0 Mon Sep 17 00:00:00 2001 From: Varun Anand Date: Fri, 24 May 2019 16:29:22 -0700 Subject: [PATCH 28/32] Addressing comments for http://ag/7700679. Note, that its in a separate CL so we could cherry-pick this CL to aosp. http://ag/7700679 is already in aosp. Bug: 113122541 Bug: 120145746 Test: atest FrameworksNetTests Change-Id: I7cfda226b4ed11b67002b83b38fba0f5caf96718 --- core/java/android/net/NetworkStats.java | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index e8625f34f0..bb344e2896 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -1300,7 +1300,8 @@ public class NetworkStats implements Parcelable { } final Entry tmpEntry = new Entry(); - for (int i = 0; i < size; i++) { + final int origSize = size; + for (int i = 0; i < origSize; i++) { if (!Objects.equals(iface[i], tunIface)) { // Consider only entries that go onto the VPN interface. continue; @@ -1316,8 +1317,9 @@ public class NetworkStats implements Parcelable { tmpEntry.roaming = roaming[i]; tmpEntry.defaultNetwork = defaultNetwork[i]; - // In a first pass, compute each UID's total share of data across all underlyingIfaces. - // This is computed on the basis of the share of each UID's usage over tunIface. + // In a first pass, compute this entry's total share of data across all + // underlyingIfaces. This is computed on the basis of the share of this entry's usage + // over tunIface. // TODO: Consider refactoring first pass into a separate helper method. long totalRxBytes = 0; if (tunIfaceTotal.rxBytes > 0) { @@ -1394,9 +1396,11 @@ public class NetworkStats implements Parcelable { * perInterfaceTotal[j].operations / underlyingIfacesTotal.operations; } - + // tmpEntry now contains the migrated data of the i-th entry for the j-th underlying + // interface. Add that data usage to this object. combineValues(tmpEntry); if (tag[i] == TAG_NONE) { + // Add the migrated data to moved so it is deducted from the VPN app later. moved[j].add(tmpEntry); // Add debug info tmpEntry.set = SET_DBG_VPN_IN; @@ -1412,8 +1416,8 @@ public class NetworkStats implements Parcelable { @NonNull String[] underlyingIfaces, @NonNull Entry[] moved) { for (int i = 0; i < underlyingIfaces.length; i++) { - // Add debug info moved[i].uid = tunUid; + // Add debug info moved[i].set = SET_DBG_VPN_OUT; moved[i].tag = TAG_NONE; moved[i].iface = underlyingIfaces[i]; From 3b8356c7ef63dce2bcb8156f9025ffe6a6022592 Mon Sep 17 00:00:00 2001 From: chen xu Date: Wed, 22 May 2019 14:10:29 -0700 Subject: [PATCH 29/32] NetworkStatAccess Should checkCarrierPrivileges cross all subscriptions Bug: 133236378 Test: Manual Change-Id: I49fbde1fe73b33aadcf8fd23ad224f363b137bf3 Merged-in: I49fbde1fe73b33aadcf8fd23ad224f363b137bf3 --- .../core/java/com/android/server/net/NetworkStatsAccess.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/net/NetworkStatsAccess.java b/services/core/java/com/android/server/net/NetworkStatsAccess.java index cebc472178..7c1c1c7ce4 100644 --- a/services/core/java/com/android/server/net/NetworkStatsAccess.java +++ b/services/core/java/com/android/server/net/NetworkStatsAccess.java @@ -109,7 +109,7 @@ public final class NetworkStatsAccess { final TelephonyManager tm = (TelephonyManager) context.getSystemService(Context.TELEPHONY_SERVICE); boolean hasCarrierPrivileges = tm != null && - tm.checkCarrierPrivilegesForPackage(callingPackage) == + tm.checkCarrierPrivilegesForPackageAnyPhone(callingPackage) == TelephonyManager.CARRIER_PRIVILEGE_STATUS_HAS_ACCESS; boolean isDeviceOwner = dpmi != null && dpmi.isActiveAdminWithPolicy(callingUid, DeviceAdminInfo.USES_POLICY_DEVICE_OWNER); From bebb34732de13fda4b70240904ff8e15464dcc70 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Thu, 6 Jun 2019 17:06:39 -0700 Subject: [PATCH 30/32] Revert "Addressing comments for http://ag/7700679." This reverts commit 81e79803dea2c2c4474f1d9cf84384bed2ff65c0. Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752. Bug: 134244752 Change-Id: I5fbb3443a39a21fc9d96442726cd10d20e8d61cd --- core/java/android/net/NetworkStats.java | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index bb344e2896..e8625f34f0 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -1300,8 +1300,7 @@ public class NetworkStats implements Parcelable { } final Entry tmpEntry = new Entry(); - final int origSize = size; - for (int i = 0; i < origSize; i++) { + for (int i = 0; i < size; i++) { if (!Objects.equals(iface[i], tunIface)) { // Consider only entries that go onto the VPN interface. continue; @@ -1317,9 +1316,8 @@ public class NetworkStats implements Parcelable { tmpEntry.roaming = roaming[i]; tmpEntry.defaultNetwork = defaultNetwork[i]; - // In a first pass, compute this entry's total share of data across all - // underlyingIfaces. This is computed on the basis of the share of this entry's usage - // over tunIface. + // In a first pass, compute each UID's total share of data across all underlyingIfaces. + // This is computed on the basis of the share of each UID's usage over tunIface. // TODO: Consider refactoring first pass into a separate helper method. long totalRxBytes = 0; if (tunIfaceTotal.rxBytes > 0) { @@ -1396,11 +1394,9 @@ public class NetworkStats implements Parcelable { * perInterfaceTotal[j].operations / underlyingIfacesTotal.operations; } - // tmpEntry now contains the migrated data of the i-th entry for the j-th underlying - // interface. Add that data usage to this object. + combineValues(tmpEntry); if (tag[i] == TAG_NONE) { - // Add the migrated data to moved so it is deducted from the VPN app later. moved[j].add(tmpEntry); // Add debug info tmpEntry.set = SET_DBG_VPN_IN; @@ -1416,8 +1412,8 @@ public class NetworkStats implements Parcelable { @NonNull String[] underlyingIfaces, @NonNull Entry[] moved) { for (int i = 0; i < underlyingIfaces.length; i++) { - moved[i].uid = tunUid; // Add debug info + moved[i].uid = tunUid; moved[i].set = SET_DBG_VPN_OUT; moved[i].tag = TAG_NONE; moved[i].iface = underlyingIfaces[i]; From 75fc9e4e1545fa722fe32a58e8b9c1f75967896a Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Thu, 6 Jun 2019 17:06:48 -0700 Subject: [PATCH 31/32] Revert "NetworkStatsService: Fix getDetailedUidStats to take VPNs into account." This reverts commit 8481d9d55dda89bc6aa7f85ab683bf39c0b866de. Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752. Bug: 134244752 Change-Id: I0c00e8f0e30cee987b71b561079a97bf09d4dae4 --- core/java/android/net/NetworkStats.java | 29 +++----- .../server/net/NetworkStatsFactory.java | 4 -- .../server/net/NetworkStatsService.java | 70 +------------------ 3 files changed, 10 insertions(+), 93 deletions(-) diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index e8625f34f0..f09f2ee223 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -34,7 +34,6 @@ import libcore.util.EmptyArray; import java.io.CharArrayWriter; import java.io.PrintWriter; import java.util.Arrays; -import java.util.function.Predicate; import java.util.HashSet; import java.util.Map; import java.util.Objects; @@ -995,33 +994,23 @@ public class NetworkStats implements Parcelable { if (limitUid == UID_ALL && limitTag == TAG_ALL && limitIfaces == INTERFACES_ALL) { return; } - filter(e -> (limitUid == UID_ALL || limitUid == e.uid) - && (limitTag == TAG_ALL || limitTag == e.tag) - && (limitIfaces == INTERFACES_ALL - || ArrayUtils.contains(limitIfaces, e.iface))); - } - /** - * Only keep entries with {@link #set} value less than {@link #SET_DEBUG_START}. - * - *

This mutates the original structure in place. - */ - public void filterDebugEntries() { - filter(e -> e.set < SET_DEBUG_START); - } - - private void filter(Predicate predicate) { Entry entry = new Entry(); int nextOutputEntry = 0; for (int i = 0; i < size; i++) { entry = getValues(i, entry); - if (predicate.test(entry)) { - if (nextOutputEntry != i) { - setValues(nextOutputEntry, entry); - } + final boolean matches = + (limitUid == UID_ALL || limitUid == entry.uid) + && (limitTag == TAG_ALL || limitTag == entry.tag) + && (limitIfaces == INTERFACES_ALL + || ArrayUtils.contains(limitIfaces, entry.iface)); + + if (matches) { + setValues(nextOutputEntry, entry); nextOutputEntry++; } } + size = nextOutputEntry; } diff --git a/services/core/java/com/android/server/net/NetworkStatsFactory.java b/services/core/java/com/android/server/net/NetworkStatsFactory.java index 473cc97b7e..69efd02dea 100644 --- a/services/core/java/com/android/server/net/NetworkStatsFactory.java +++ b/services/core/java/com/android/server/net/NetworkStatsFactory.java @@ -263,10 +263,6 @@ public class NetworkStatsFactory { return stats; } - /** - * @deprecated Use NetworkStatsService#getDetailedUidStats which also accounts for - * VPN traffic - */ public NetworkStats readNetworkStatsDetail() throws IOException { return readNetworkStatsDetail(UID_ALL, null, TAG_ALL, null); } diff --git a/services/core/java/com/android/server/net/NetworkStatsService.java b/services/core/java/com/android/server/net/NetworkStatsService.java index a13368ff9d..f34ace55a7 100644 --- a/services/core/java/com/android/server/net/NetworkStatsService.java +++ b/services/core/java/com/android/server/net/NetworkStatsService.java @@ -293,22 +293,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { /** Data layer operation counters for splicing into other structures. */ private NetworkStats mUidOperations = new NetworkStats(0L, 10); - /** - * Snapshot containing most recent network stats for all UIDs across all interfaces and tags - * since boot. - * - *

Maintains migrated VPN stats which are result of performing TUN migration on {@link - * #mLastUidDetailSnapshot}. - */ - @GuardedBy("mStatsLock") - private NetworkStats mTunAdjustedStats; - /** - * Used by {@link #mTunAdjustedStats} to migrate VPN traffic over delta between this snapshot - * and latest snapshot. - */ - @GuardedBy("mStatsLock") - private NetworkStats mLastUidDetailSnapshot; - /** Must be set in factory by calling #setHandler. */ private Handler mHandler; private Handler.Callback mHandlerCallback; @@ -828,39 +812,15 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @Override public NetworkStats getDetailedUidStats(String[] requiredIfaces) { try { - // Get the latest snapshot from NetworkStatsFactory. - // TODO: Querying for INTERFACES_ALL may incur performance penalty. Consider restricting - // this to limited set of ifaces. - NetworkStats uidDetailStats = getNetworkStatsUidDetail(INTERFACES_ALL); - - // Migrate traffic from VPN UID over delta and update mTunAdjustedStats. - NetworkStats result; - synchronized (mStatsLock) { - migrateTunTraffic(uidDetailStats, mVpnInfos); - result = mTunAdjustedStats.clone(); - } - - // Apply filter based on ifacesToQuery. final String[] ifacesToQuery = NetworkStatsFactory.augmentWithStackedInterfaces(requiredIfaces); - result.filter(UID_ALL, ifacesToQuery, TAG_ALL); - return result; + return getNetworkStatsUidDetail(ifacesToQuery); } catch (RemoteException e) { Log.wtf(TAG, "Error compiling UID stats", e); return new NetworkStats(0L, 0); } } - @VisibleForTesting - NetworkStats getTunAdjustedStats() { - synchronized (mStatsLock) { - if (mTunAdjustedStats == null) { - return null; - } - return mTunAdjustedStats.clone(); - } - } - @Override public String[] getMobileIfaces() { return mMobileIfaces; @@ -1335,34 +1295,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // a race condition between the service handler thread and the observer's mStatsObservers.updateStats(xtSnapshot, uidSnapshot, new ArrayMap<>(mActiveIfaces), new ArrayMap<>(mActiveUidIfaces), vpnArray, currentTime); - - migrateTunTraffic(uidSnapshot, vpnArray); - } - - /** - * Updates {@link #mTunAdjustedStats} with the delta containing traffic migrated off of VPNs. - */ - @GuardedBy("mStatsLock") - private void migrateTunTraffic(NetworkStats uidDetailStats, VpnInfo[] vpnInfoArray) { - if (mTunAdjustedStats == null) { - // Either device booted or system server restarted, hence traffic cannot be migrated - // correctly without knowing the past state of VPN's underlying networks. - mTunAdjustedStats = uidDetailStats; - mLastUidDetailSnapshot = uidDetailStats; - return; - } - // Migrate delta traffic from VPN to other apps. - NetworkStats delta = uidDetailStats.subtract(mLastUidDetailSnapshot); - for (VpnInfo info : vpnInfoArray) { - delta.migrateTun(info.ownerUid, info.vpnIface, info.underlyingIfaces); - } - // Filter out debug entries as that may lead to over counting. - delta.filterDebugEntries(); - // Update #mTunAdjustedStats with migrated delta. - mTunAdjustedStats.combineAllValues(delta); - mTunAdjustedStats.setElapsedRealtime(uidDetailStats.getElapsedRealtime()); - // Update last snapshot. - mLastUidDetailSnapshot = uidDetailStats; } /** From 612ac19261d2d2c24cda9ec589489940363337d5 Mon Sep 17 00:00:00 2001 From: Benedict Wong Date: Thu, 6 Jun 2019 17:08:02 -0700 Subject: [PATCH 32/32] Revert "Take all VPN underlying networks into account when migrating traffic for" This reverts commit 921b3f3e85c684c2393c4cb1c641c52a1e8d93a6. Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752. Bug: 134244752 Change-Id: Ibdaad3a4cbf0d8ef1ed53cfab1e454b9b878bae9 --- core/java/android/net/NetworkStats.java | 320 +++++++----------- .../server/net/NetworkStatsRecorder.java | 6 +- 2 files changed, 117 insertions(+), 209 deletions(-) diff --git a/core/java/android/net/NetworkStats.java b/core/java/android/net/NetworkStats.java index f09f2ee223..e892b650bf 100644 --- a/core/java/android/net/NetworkStats.java +++ b/core/java/android/net/NetworkStats.java @@ -18,7 +18,6 @@ package android.net; import static android.os.Process.CLAT_UID; -import android.annotation.NonNull; import android.annotation.UnsupportedAppUsage; import android.os.Parcel; import android.os.Parcelable; @@ -1176,217 +1175,133 @@ public class NetworkStats implements Parcelable { /** * VPN accounting. Move some VPN's underlying traffic to other UIDs that use tun0 iface. * - *

This method should only be called on delta NetworkStats. Do not call this method on a - * snapshot {@link NetworkStats} object because the tunUid and/or the underlyingIface may change - * over time. + * This method should only be called on delta NetworkStats. Do not call this method on a + * snapshot {@link NetworkStats} object because the tunUid and/or the underlyingIface may + * change over time. * - *

This method performs adjustments for one active VPN package and one VPN iface at a time. + * This method performs adjustments for one active VPN package and one VPN iface at a time. + * + * It is possible for the VPN software to use multiple underlying networks. This method + * only migrates traffic for the primary underlying network. * * @param tunUid uid of the VPN application * @param tunIface iface of the vpn tunnel - * @param underlyingIfaces underlying network ifaces used by the VPN application + * @param underlyingIface the primary underlying network iface used by the VPN application + * @return true if it successfully adjusts the accounting for VPN, false otherwise */ - public void migrateTun(int tunUid, @NonNull String tunIface, - @NonNull String[] underlyingIfaces) { - // Combined usage by all apps using VPN. - final Entry tunIfaceTotal = new Entry(); - // Usage by VPN, grouped by its {@code underlyingIfaces}. - final Entry[] perInterfaceTotal = new Entry[underlyingIfaces.length]; - // Usage by VPN, summed across all its {@code underlyingIfaces}. - final Entry underlyingIfacesTotal = new Entry(); + public boolean migrateTun(int tunUid, String tunIface, String underlyingIface) { + Entry tunIfaceTotal = new Entry(); + Entry underlyingIfaceTotal = new Entry(); - for (int i = 0; i < perInterfaceTotal.length; i++) { - perInterfaceTotal[i] = new Entry(); - } + tunAdjustmentInit(tunUid, tunIface, underlyingIface, tunIfaceTotal, underlyingIfaceTotal); - tunAdjustmentInit(tunUid, tunIface, underlyingIfaces, tunIfaceTotal, perInterfaceTotal, - underlyingIfacesTotal); - - // If tunIface < underlyingIfacesTotal, it leaves the overhead traffic in the VPN app. - // If tunIface > underlyingIfacesTotal, the VPN app doesn't get credit for data compression. + // If tunIface < underlyingIface, it leaves the overhead traffic in the VPN app. + // If tunIface > underlyingIface, the VPN app doesn't get credit for data compression. // Negative stats should be avoided. - final Entry[] moved = - addTrafficToApplications(tunUid, tunIface, underlyingIfaces, tunIfaceTotal, - perInterfaceTotal, underlyingIfacesTotal); - deductTrafficFromVpnApp(tunUid, underlyingIfaces, moved); + Entry pool = tunGetPool(tunIfaceTotal, underlyingIfaceTotal); + if (pool.isEmpty()) { + return true; + } + Entry moved = + addTrafficToApplications(tunUid, tunIface, underlyingIface, tunIfaceTotal, pool); + deductTrafficFromVpnApp(tunUid, underlyingIface, moved); + + if (!moved.isEmpty()) { + Slog.wtf(TAG, "Failed to deduct underlying network traffic from VPN package. Moved=" + + moved); + return false; + } + return true; } /** * Initializes the data used by the migrateTun() method. * - *

This is the first pass iteration which does the following work: - * - *

    - *
  • Adds up all the traffic through the tunUid's underlyingIfaces (both foreground and - * background). - *
  • Adds up all the traffic through tun0 excluding traffic from the vpn app itself. - *
- * - * @param tunUid uid of the VPN application - * @param tunIface iface of the vpn tunnel - * @param underlyingIfaces underlying network ifaces used by the VPN application - * @param tunIfaceTotal output parameter; combined data usage by all apps using VPN - * @param perInterfaceTotal output parameter; data usage by VPN app, grouped by its {@code - * underlyingIfaces} - * @param underlyingIfacesTotal output parameter; data usage by VPN, summed across all of its - * {@code underlyingIfaces} + * This is the first pass iteration which does the following work: + * (1) Adds up all the traffic through the tunUid's underlyingIface + * (both foreground and background). + * (2) Adds up all the traffic through tun0 excluding traffic from the vpn app itself. */ - private void tunAdjustmentInit(int tunUid, @NonNull String tunIface, - @NonNull String[] underlyingIfaces, @NonNull Entry tunIfaceTotal, - @NonNull Entry[] perInterfaceTotal, @NonNull Entry underlyingIfacesTotal) { - final Entry recycle = new Entry(); + private void tunAdjustmentInit(int tunUid, String tunIface, String underlyingIface, + Entry tunIfaceTotal, Entry underlyingIfaceTotal) { + Entry recycle = new Entry(); for (int i = 0; i < size; i++) { getValues(i, recycle); if (recycle.uid == UID_ALL) { throw new IllegalStateException( "Cannot adjust VPN accounting on an iface aggregated NetworkStats."); - } - if (recycle.set == SET_DBG_VPN_IN || recycle.set == SET_DBG_VPN_OUT) { + } if (recycle.set == SET_DBG_VPN_IN || recycle.set == SET_DBG_VPN_OUT) { throw new IllegalStateException( "Cannot adjust VPN accounting on a NetworkStats containing SET_DBG_VPN_*"); } - if (recycle.tag != TAG_NONE) { - // TODO(b/123666283): Take all tags for tunUid into account. - continue; + + if (recycle.uid == tunUid && recycle.tag == TAG_NONE + && Objects.equals(underlyingIface, recycle.iface)) { + underlyingIfaceTotal.add(recycle); } - if (recycle.uid == tunUid) { - // Add up traffic through tunUid's underlying interfaces. - for (int j = 0; j < underlyingIfaces.length; j++) { - if (Objects.equals(underlyingIfaces[j], recycle.iface)) { - perInterfaceTotal[j].add(recycle); - underlyingIfacesTotal.add(recycle); - break; - } - } - } else if (tunIface.equals(recycle.iface)) { + if (recycle.uid != tunUid && recycle.tag == TAG_NONE + && Objects.equals(tunIface, recycle.iface)) { // Add up all tunIface traffic excluding traffic from the vpn app itself. tunIfaceTotal.add(recycle); } } } - /** - * Distributes traffic across apps that are using given {@code tunIface}, and returns the total - * traffic that should be moved off of {@code tunUid} grouped by {@code underlyingIfaces}. - * - * @param tunUid uid of the VPN application - * @param tunIface iface of the vpn tunnel - * @param underlyingIfaces underlying network ifaces used by the VPN application - * @param tunIfaceTotal combined data usage across all apps using {@code tunIface} - * @param perInterfaceTotal data usage by VPN app, grouped by its {@code underlyingIfaces} - * @param underlyingIfacesTotal data usage by VPN, summed across all of its {@code - * underlyingIfaces} - */ - private Entry[] addTrafficToApplications(int tunUid, @NonNull String tunIface, - @NonNull String[] underlyingIfaces, @NonNull Entry tunIfaceTotal, - @NonNull Entry[] perInterfaceTotal, @NonNull Entry underlyingIfacesTotal) { - // Traffic that should be moved off of each underlying interface for tunUid (see - // deductTrafficFromVpnApp below). - final Entry[] moved = new Entry[underlyingIfaces.length]; - for (int i = 0; i < underlyingIfaces.length; i++) { - moved[i] = new Entry(); - } + private static Entry tunGetPool(Entry tunIfaceTotal, Entry underlyingIfaceTotal) { + Entry pool = new Entry(); + pool.rxBytes = Math.min(tunIfaceTotal.rxBytes, underlyingIfaceTotal.rxBytes); + pool.rxPackets = Math.min(tunIfaceTotal.rxPackets, underlyingIfaceTotal.rxPackets); + pool.txBytes = Math.min(tunIfaceTotal.txBytes, underlyingIfaceTotal.txBytes); + pool.txPackets = Math.min(tunIfaceTotal.txPackets, underlyingIfaceTotal.txPackets); + pool.operations = Math.min(tunIfaceTotal.operations, underlyingIfaceTotal.operations); + return pool; + } - final Entry tmpEntry = new Entry(); + private Entry addTrafficToApplications(int tunUid, String tunIface, String underlyingIface, + Entry tunIfaceTotal, Entry pool) { + Entry moved = new Entry(); + Entry tmpEntry = new Entry(); + tmpEntry.iface = underlyingIface; for (int i = 0; i < size; i++) { - if (!Objects.equals(iface[i], tunIface)) { - // Consider only entries that go onto the VPN interface. - continue; - } - if (uid[i] == tunUid) { - // Exclude VPN app from the redistribution, as it can choose to create packet - // streams by writing to itself. - continue; - } - tmpEntry.uid = uid[i]; - tmpEntry.tag = tag[i]; - tmpEntry.metered = metered[i]; - tmpEntry.roaming = roaming[i]; - tmpEntry.defaultNetwork = defaultNetwork[i]; - - // In a first pass, compute each UID's total share of data across all underlyingIfaces. - // This is computed on the basis of the share of each UID's usage over tunIface. - // TODO: Consider refactoring first pass into a separate helper method. - long totalRxBytes = 0; - if (tunIfaceTotal.rxBytes > 0) { - // Note - The multiplication below should not overflow since NetworkStatsService - // processes this every time device has transmitted/received amount equivalent to - // global threshold alert (~ 2MB) across all interfaces. - final long rxBytesAcrossUnderlyingIfaces = - underlyingIfacesTotal.rxBytes * rxBytes[i] / tunIfaceTotal.rxBytes; - // app must not be blamed for more than it consumed on tunIface - totalRxBytes = Math.min(rxBytes[i], rxBytesAcrossUnderlyingIfaces); - } - long totalRxPackets = 0; - if (tunIfaceTotal.rxPackets > 0) { - final long rxPacketsAcrossUnderlyingIfaces = - underlyingIfacesTotal.rxPackets * rxPackets[i] / tunIfaceTotal.rxPackets; - totalRxPackets = Math.min(rxPackets[i], rxPacketsAcrossUnderlyingIfaces); - } - long totalTxBytes = 0; - if (tunIfaceTotal.txBytes > 0) { - final long txBytesAcrossUnderlyingIfaces = - underlyingIfacesTotal.txBytes * txBytes[i] / tunIfaceTotal.txBytes; - totalTxBytes = Math.min(txBytes[i], txBytesAcrossUnderlyingIfaces); - } - long totalTxPackets = 0; - if (tunIfaceTotal.txPackets > 0) { - final long txPacketsAcrossUnderlyingIfaces = - underlyingIfacesTotal.txPackets * txPackets[i] / tunIfaceTotal.txPackets; - totalTxPackets = Math.min(txPackets[i], txPacketsAcrossUnderlyingIfaces); - } - long totalOperations = 0; - if (tunIfaceTotal.operations > 0) { - final long operationsAcrossUnderlyingIfaces = - underlyingIfacesTotal.operations * operations[i] / tunIfaceTotal.operations; - totalOperations = Math.min(operations[i], operationsAcrossUnderlyingIfaces); - } - // In a second pass, distribute these values across interfaces in the proportion that - // each interface represents of the total traffic of the underlying interfaces. - for (int j = 0; j < underlyingIfaces.length; j++) { - tmpEntry.iface = underlyingIfaces[j]; - tmpEntry.rxBytes = 0; - // Reset 'set' to correct value since it gets updated when adding debug info below. - tmpEntry.set = set[i]; - if (underlyingIfacesTotal.rxBytes > 0) { - tmpEntry.rxBytes = - totalRxBytes - * perInterfaceTotal[j].rxBytes - / underlyingIfacesTotal.rxBytes; + // the vpn app is excluded from the redistribution but all moved traffic will be + // deducted from the vpn app (see deductTrafficFromVpnApp below). + if (Objects.equals(iface[i], tunIface) && uid[i] != tunUid) { + if (tunIfaceTotal.rxBytes > 0) { + tmpEntry.rxBytes = pool.rxBytes * rxBytes[i] / tunIfaceTotal.rxBytes; + } else { + tmpEntry.rxBytes = 0; } - tmpEntry.rxPackets = 0; - if (underlyingIfacesTotal.rxPackets > 0) { - tmpEntry.rxPackets = - totalRxPackets - * perInterfaceTotal[j].rxPackets - / underlyingIfacesTotal.rxPackets; + if (tunIfaceTotal.rxPackets > 0) { + tmpEntry.rxPackets = pool.rxPackets * rxPackets[i] / tunIfaceTotal.rxPackets; + } else { + tmpEntry.rxPackets = 0; } - tmpEntry.txBytes = 0; - if (underlyingIfacesTotal.txBytes > 0) { - tmpEntry.txBytes = - totalTxBytes - * perInterfaceTotal[j].txBytes - / underlyingIfacesTotal.txBytes; + if (tunIfaceTotal.txBytes > 0) { + tmpEntry.txBytes = pool.txBytes * txBytes[i] / tunIfaceTotal.txBytes; + } else { + tmpEntry.txBytes = 0; } - tmpEntry.txPackets = 0; - if (underlyingIfacesTotal.txPackets > 0) { - tmpEntry.txPackets = - totalTxPackets - * perInterfaceTotal[j].txPackets - / underlyingIfacesTotal.txPackets; + if (tunIfaceTotal.txPackets > 0) { + tmpEntry.txPackets = pool.txPackets * txPackets[i] / tunIfaceTotal.txPackets; + } else { + tmpEntry.txPackets = 0; } - tmpEntry.operations = 0; - if (underlyingIfacesTotal.operations > 0) { + if (tunIfaceTotal.operations > 0) { tmpEntry.operations = - totalOperations - * perInterfaceTotal[j].operations - / underlyingIfacesTotal.operations; + pool.operations * operations[i] / tunIfaceTotal.operations; + } else { + tmpEntry.operations = 0; } - + tmpEntry.uid = uid[i]; + tmpEntry.tag = tag[i]; + tmpEntry.set = set[i]; + tmpEntry.metered = metered[i]; + tmpEntry.roaming = roaming[i]; + tmpEntry.defaultNetwork = defaultNetwork[i]; combineValues(tmpEntry); if (tag[i] == TAG_NONE) { - moved[j].add(tmpEntry); + moved.add(tmpEntry); // Add debug info tmpEntry.set = SET_DBG_VPN_IN; combineValues(tmpEntry); @@ -1396,45 +1311,38 @@ public class NetworkStats implements Parcelable { return moved; } - private void deductTrafficFromVpnApp( - int tunUid, - @NonNull String[] underlyingIfaces, - @NonNull Entry[] moved) { - for (int i = 0; i < underlyingIfaces.length; i++) { - // Add debug info - moved[i].uid = tunUid; - moved[i].set = SET_DBG_VPN_OUT; - moved[i].tag = TAG_NONE; - moved[i].iface = underlyingIfaces[i]; - moved[i].metered = METERED_ALL; - moved[i].roaming = ROAMING_ALL; - moved[i].defaultNetwork = DEFAULT_NETWORK_ALL; - combineValues(moved[i]); + private void deductTrafficFromVpnApp(int tunUid, String underlyingIface, Entry moved) { + // Add debug info + moved.uid = tunUid; + moved.set = SET_DBG_VPN_OUT; + moved.tag = TAG_NONE; + moved.iface = underlyingIface; + moved.metered = METERED_ALL; + moved.roaming = ROAMING_ALL; + moved.defaultNetwork = DEFAULT_NETWORK_ALL; + combineValues(moved); - // Caveat: if the vpn software uses tag, the total tagged traffic may be greater than - // the TAG_NONE traffic. - // - // Relies on the fact that the underlying traffic only has state ROAMING_NO and - // METERED_NO, which should be the case as it comes directly from the /proc file. - // We only blend in the roaming data after applying these adjustments, by checking the - // NetworkIdentity of the underlying iface. - final int idxVpnBackground = findIndex(underlyingIfaces[i], tunUid, SET_DEFAULT, - TAG_NONE, METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); - if (idxVpnBackground != -1) { - // Note - tunSubtract also updates moved[i]; whatever traffic that's left is removed - // from foreground usage. - tunSubtract(idxVpnBackground, this, moved[i]); - } + // Caveat: if the vpn software uses tag, the total tagged traffic may be greater than + // the TAG_NONE traffic. + // + // Relies on the fact that the underlying traffic only has state ROAMING_NO and METERED_NO, + // which should be the case as it comes directly from the /proc file. We only blend in the + // roaming data after applying these adjustments, by checking the NetworkIdentity of the + // underlying iface. + int idxVpnBackground = findIndex(underlyingIface, tunUid, SET_DEFAULT, TAG_NONE, + METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); + if (idxVpnBackground != -1) { + tunSubtract(idxVpnBackground, this, moved); + } - final int idxVpnForeground = findIndex(underlyingIfaces[i], tunUid, SET_FOREGROUND, - TAG_NONE, METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); - if (idxVpnForeground != -1) { - tunSubtract(idxVpnForeground, this, moved[i]); - } + int idxVpnForeground = findIndex(underlyingIface, tunUid, SET_FOREGROUND, TAG_NONE, + METERED_NO, ROAMING_NO, DEFAULT_NETWORK_NO); + if (idxVpnForeground != -1) { + tunSubtract(idxVpnForeground, this, moved); } } - private static void tunSubtract(int i, @NonNull NetworkStats left, @NonNull Entry right) { + private static void tunSubtract(int i, NetworkStats left, Entry right) { long rxBytes = Math.min(left.rxBytes[i], right.rxBytes); left.rxBytes[i] -= rxBytes; right.rxBytes -= rxBytes; diff --git a/services/core/java/com/android/server/net/NetworkStatsRecorder.java b/services/core/java/com/android/server/net/NetworkStatsRecorder.java index bdff50053f..a2e7e0cae9 100644 --- a/services/core/java/com/android/server/net/NetworkStatsRecorder.java +++ b/services/core/java/com/android/server/net/NetworkStatsRecorder.java @@ -41,10 +41,10 @@ import com.android.internal.net.VpnInfo; import com.android.internal.util.FileRotator; import com.android.internal.util.IndentingPrintWriter; -import com.google.android.collect.Sets; - import libcore.io.IoUtils; +import com.google.android.collect.Sets; + import java.io.ByteArrayOutputStream; import java.io.DataOutputStream; import java.io.File; @@ -234,7 +234,7 @@ public class NetworkStatsRecorder { if (vpnArray != null) { for (VpnInfo info : vpnArray) { - delta.migrateTun(info.ownerUid, info.vpnIface, info.underlyingIfaces); + delta.migrateTun(info.ownerUid, info.vpnIface, info.primaryUnderlyingIface); } }