Original CL has dependencies with unmerged settings change: https://googleplex-android-review.git.corp.google.com/c/platform/packages/apps/Settings/+/11524847
They should be in the same topic, revert it first. Will resume it and put the same with settings part CL.
This reverts commit 217d7b01f8.
Reason for revert: This break hotspot because it should merged with settings part together.
Bug: 158836492
Change-Id: I94d3ee25168cfb3d125030654c4bb8ddd670abfc
Tethering resource configuration is move from framwork to tethering
module. Since tethering resource would not be accessible from outside
of tethering module, EntitlementManager would tell Settings the
entitlement configuration via intent extra when run entitlement check.
Bug: 146918263
Test: atest TetheringTests
Change-Id: I6f23553bb1da5f0b767f920b32a86fafb9e00b9e
Currently tethering notification is sending a pending intent for
redirecting user to tether settings page. However, this intent
is implicit that only create with
Settings.ACTION_TETHER_SETTINGS. For security reasons, this
intetnt should specify an explicit component to be delivered to.
Thus, specify the settings package name to this intent.
Test: atest TetheringTests
Bug: 156353008
Change-Id: I49187aee8a004caa890e2a73c0a28d280215c7d4
Merged-In: I49187aee8a004caa890e2a73c0a28d280215c7d4
The BPF tethering coordinator listens to the forwarding rule
changes for updating data limit which is applied in the following
conditions.
- After adding the first rule on a given upstream, add data limit.
- After removing the last rule on a given upstream, clear data limit.
- The service applies a new data limit on current upstream.
The reason for relying on rule changes is because the Tethering and
IpServer objects have multi-internal state machines. It is hard to
synchronize all of their states.
Note that the data limit cleanup for stopping or switching upstream
relies on offload rules are all removed as well.
Bug: 150736748
Test: manual
Original-Change: https://android-review.googlesource.com/1302436
Merged-In: I829d36339973f9473fe6b616c48aa288f18d1c46
Change-Id: I829d36339973f9473fe6b616c48aa288f18d1c46
Verify that the coordinator could fetch tether stats from BPF maps and
report the network stats to the service.
Bug: 150736748
Test: atest BpfCoordinatorTest
Original-Change: https://android-review.googlesource.com/1305574
Merged-In: Ib1756159a2047c5db7d31359b0f288f840bd1bb1
Change-Id: Ib1756159a2047c5db7d31359b0f288f840bd1bb1
Make BPF tethering offload coordinator, BpfCoordinator,
registers a network stats provider, BpfTetherStatsProvider, and
provide the tethering stats from the BPF map.
Bug: 150736748
Test: new test BpfCoordinatorTest
Original-Change: https://android-review.googlesource.com/1256189
Merged-In: I22e71f87b67668f7e733e4f215d93bf5b2c9380d
Change-Id: I22e71f87b67668f7e733e4f215d93bf5b2c9380d
The BPF tethering coordinator listens to the forwarding rule
changes for updating data limit which is applied in the following
conditions.
- After adding the first rule on a given upstream, add data limit.
- After removing the last rule on a given upstream, clear data limit.
- The service applies a new data limit on current upstream.
The reason for relying on rule changes is because the Tethering and
IpServer objects have multi-internal state machines. It is hard to
synchronize all of their states.
Note that the data limit cleanup for stopping or switching upstream
relies on offload rules are all removed as well.
Bug: 150736748
Test: manual
Change-Id: I829d36339973f9473fe6b616c48aa288f18d1c46
Currently tethering notification is sending a pending intent for
redirecting user to tether settings page. However, this intent
is implicit that only create with
Settings.ACTION_TETHER_SETTINGS. For security reasons, this
intetnt should specify an explicit component to be delivered to.
Thus, specify the settings package name to this intent.
Test: atest TetheringTests
Bug: 156353008
Change-Id: I49187aee8a004caa890e2a73c0a28d280215c7d4
Shell has TETHER_PRIVILEGED permission. To avoid any service to adopt
shell identity by lunching service with Shell process, gate
exemptFromEentitlementCheck by NETWORK_STACK.
Bug: 157702014
Test: atest TetheringCoverageTests
Change-Id: I6ddfda23d36ea9981e3e1eb5a87767f452a65852
Merged-In: I6ddfda23d36ea9981e3e1eb5a87767f452a65852
* changes:
Make tethering module to use netd_aidl_interface-unstable-java
[BOT.5] Move class Ipv6ForwardingRule from IpServer to the coordinator
[BOT.3] Add unit test for polling network stats in the coordinator
[BOT.2] Create a coordinator and stats provider to provide tether stats
[BOT.1] Add a class ForwardedStats in TetheringUtils
- Add New class PrivateAddressCoordinator to coordinate the private
address conflict problem.
- Downstream prefix would be random in 192.168.0.0/24 ~
192.168.255.0/24.
- If new upstream prefix is conflict with existing downstream prefix,
downstream would be kicked out and it would request a new one.
- The last conflict upstream prefixes would be blacklist. Avoid to
select downstream prefix which is conflict with prefixes in blacklist.
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Merged-In: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
Change-Id: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
Verify that the coordinator could fetch tether stats from BPF maps and
report the network stats to the service.
Bug: 150736748
Test: atest BpfCoordinatorTest
Change-Id: Ib1756159a2047c5db7d31359b0f288f840bd1bb1
Make BPF tethering offload coordinator, BpfCoordinator,
registers a network stats provider, BpfTetherStatsProvider, and
provide the tethering stats from the BPF map.
Bug: 150736748
Test: new test BpfCoordinatorTest
Change-Id: I22e71f87b67668f7e733e4f215d93bf5b2c9380d
Shell has TETHER_PRIVILEGED permission. To avoid any service to adopt
shell identity by lunching service with Shell process, gate
exemptFromEentitlementCheck by NETWORK_STACK.
Bug: 157702014
Test: atest TetheringCoverageTests
Change-Id: I6ddfda23d36ea9981e3e1eb5a87767f452a65852
1. Call maybeRemoveDeprecatedUpstreams from Tethering rather than inside
PrivateAddressCoordinator because the building logic of this method based
on implementation details of Tethering.
2. Fix typo
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Change-Id: I7584253b728bc17fc648fc19e492ca9f7ad2ff46
KClass#getSimpleName need refer to kotlin-reflect.jar which need
include it in Andorid.bp. However, it's not necessary to use
KClass#getSimpleName but use Class#getSimpleName instead.
Test: atest TetheringTests
Bug: 157527499
Change-Id: I49bc336a276d30152402eba926cc583bc81e8e5c
Merged-In: I49bc336a276d30152402eba926cc583bc81e8e5c
KClass#getSimpleName need refer to kotlin-reflect.jar which need
include it in Andorid.bp. However, it's not necessary to use
KClass#getSimpleName but use Class#getSimpleName instead.
Test: atest TetheringTests
Bug: 157527499
Change-Id: I49bc336a276d30152402eba926cc583bc81e8e5c
- Add New class PrivateAddressCoordinator to coordinate the private
address conflict problem.
- Downstream prefix would be random in 192.168.0.0/24 ~
192.168.255.0/24.
- If new upstream prefix is conflict with existing downstream prefix,
downstream would be kicked out and it would request a new one.
- The last conflict upstream prefixes would be blacklist. Avoid to
select downstream prefix which is conflict with prefixes in blacklist.
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Change-Id: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
If upstream is cellular, set the TTL in Router Advertisements to
"network-set TTL - 1" for carrier requirement. For other non-cellular
upstream, set TTL as "network-set TTL + 1" to preventing arbitrary
distinction between tethered and untethered traffic.
Bug: 154776299
Test: atest TetheringTests
Merged-In: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Change-Id: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Bug: 154869719
Test: atest TetheringTests
Original-Change: https://android-review.googlesource.com/1288503
Fix TetheringServiceTest test WRITE_SETTINGS permission failure
AdoptShellPermissionIdentity can not pass permission check by
Settings#checkAndNoteWriteSettingsOperation. It would compare the caller
uid and its package name. See error below:
1. java.lang.SecurityException:
Specified package com.android.shell under uid 10239 but it is really 2000
2. java.lang.SecurityException:
uid 10245 does not have android.permission.UPDATE_APP_OPS_STATS.
Override the method and test if caller hold WRITE_SETTINGS directly.
Bug: 154869719
Test: TetheringTests, TetheringCoverageTests, NetworkStackNextTests,
NetworkStackCoverageTests
Original-Change: https://android-review.googlesource.com/1313806
Change-Id: I7beea3f011d930e433443ed62d772a3f8cce5d78
Merged-In: I7beea3f011d930e433443ed62d772a3f8cce5d78
If upstream is cellular, set the TTL in Router Advertisements to
"network-set TTL - 1" for carrier requirement. For other non-cellular
upstream, set TTL as "network-set TTL + 1" to preventing arbitrary
distinction between tethered and untethered traffic.
Bug: 154776299
Test: atest TetheringTests
Change-Id: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
AdoptShellPermissionIdentity can not pass permission check by
Settings#checkAndNoteWriteSettingsOperation. It would compare the caller
uid and its package name. See error below:
1. java.lang.SecurityException:
Specified package com.android.shell under uid 10239 but it is really 2000
2. java.lang.SecurityException:
uid 10245 does not have android.permission.UPDATE_APP_OPS_STATS.
Override the method and test if caller hold WRITE_SETTINGS directly.
Bug: 154869719
Test: TetheringTests, TetheringCoverageTests, NetworkStackNextTests,
NetworkStackCoverageTests
Change-Id: I2a60c4d66ef30028f9663159f85464ea815248e2
