Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
This CL adds NonNull annotations to a large
number of method returns and parameters as
part of API council feedback.
Bug: 72473424
Test: compilation (docstring-only change)
Merged-In: I2f865dde56fe12116c461ad98e9460bf1802ce18
Change-Id: I2f865dde56fe12116c461ad98e9460bf1802ce18
(cherry picked from commit 8fd26f67fdfdedb535ddb8c7d5ededa5dcba40f8)
This CL adds NonNull annotations to a large
number of method returns and parameters as
part of API council feedback.
Bug: 72473424
Test: compilation (docstring-only change)
Change-Id: I2f865dde56fe12116c461ad98e9460bf1802ce18
The owned by transform flag prevents the removal
of an SPI from accidentally deleting an associated
SA in the kernel. That flag wasn't actually being
checked, so deleting an SPI would result in the
transform being removed.
The existing code already guarantees that the SA is
deleted when the transform is deleted
Bug: 73258845
Test: runtest frameworks-net
Merged-In: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06
Change-Id: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06
(cherry picked from commit 22795302be4ec35449908cf566aa7c16945df836)
When exposing the APIs, these were missed.
The outer structure is exposed, so this exposes
the addAddress and removeAddress methods.
Bug: 75234273
Test: compilation
Merged-In: I79911434f9baa660e4d8564cc59d80da4a710c42
Change-Id: I79911434f9baa660e4d8564cc59d80da4a710c42
(cherry picked from commit a83601a511c3f11470109d78d1a736acdb9c6bd8)
This change adds implementation details for add/remove addresses onto a
VTI.
Bug: 73675031
Test: New tests added, passing on Walleye
Merged-In: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
Change-Id: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
(cherry picked from commit ecc9f7cc08804e3fa15fea04ae94ea1bc74edbfe)
Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.
Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Merged-In: Ia9a5cfee9c7786412846bc039f326420f6211c08
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
(cherry picked from commit bf013a3820c69348e034c6340b28e95f3441ebe8)
When exposing the APIs, these were missed.
The outer structure is exposed, so this exposes
the addAddress and removeAddress methods.
Bug: 75234273
Test: compilation
Change-Id: I79911434f9baa660e4d8564cc59d80da4a710c42
The owned by transform flag prevents the removal
of an SPI from accidentally deleting an associated
SA in the kernel. That flag wasn't actually being
checked, so deleting an SPI would result in the
transform being removed.
The existing code already guarantees that the SA is
deleted when the transform is deleted
Bug: 73258845
Test: runtest frameworks-net
Change-Id: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06
-Add anotations to usages of PolicyDirection for
apply...() methods.
-Update the comments on DIRECTION_IN and DIRECTION_OUT
to better reflect their current usage.
-Add a better explanation to the rekey procedure doc.
-Remove disused createTunnelInterface() stub.
Bug: 73751066
Test: make docs
Merged-In: I9f2ec864466148a18899f1e952c74a525902ccbc
Change-Id: I9f2ec864466148a18899f1e952c74a525902ccbc
(cherry picked from commit f4cdf25a906d0f52ffd76508d660b843b13b3ff8)
Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.
Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
-Add anotations to usages of PolicyDirection for
apply...() methods.
-Update the comments on DIRECTION_IN and DIRECTION_OUT
to better reflect their current usage.
-Add a better explanation to the rekey procedure doc.
-Remove disused createTunnelInterface() stub.
Bug: 73751066
Test: make docs
Change-Id: I9f2ec864466148a18899f1e952c74a525902ccbc
This change adds implementation details for add/remove addresses onto a
VTI.
Bug: 73675031
Test: New tests added, passing on Walleye
Change-Id: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
Use a MATCH_MOBILE_WILDCARD template to avoid filtering by
subscriberId when querying statistics from NetworkStatsService.
Bug: 74038898
Change-Id: I4b39e7031416cb33b23d89aa36ff0f774eaa942f
Fixes: 74038898
Test: runtest frameworks-net, CTS tests pass
Currently, when a network goes into CONNECTED state, we call
updateLinkProperties and then notifyIfacesChangedForNetworkStats.
The latter is unnecessary, as there are exactly two cases:
1. networkAgent.linkProperties != null: updateLinkProperties will
call notifyIfacesChangedForNetworkStats, because oldLp is null
and networkAgent.linkProperties is not null.
2. networkAgent.linkProperties is null: there is no need to call
notifyIfacesChangedForNetworkStats, because no interfaces were
added or removed. When they are, updateLinkProperties will be
called again.
Removing the call to notifyIfacesChangedForNetworkStats avoids
a stats poll, which is a minor performance improvement.
Also, remove the NetworkStatsService code to do asynchronous
interface updates, since it has no callers.
Bug: 72107146
Test: builds, boots
Test: runtest frameworks-net
Change-Id: I9337ea26c0505a1c66ceda01254b68e25cd7972c
When a single app is responsible for more than half of the data usage
that caused us to trigger a "rapid usage" alert, name that app in the
notification. Tests to verify.
Move NPMS->NSS direct calls to "Internal" pattern, following
best-practices to avoid unnecessary AIDL exposure.
Remove 3G/4G split mobile plan support, which has been deprecated for
years and was never supported in a shipping product.
Move MultipathPolicyTracker in tree to reflect its package name.
Test: bit FrameworksNetTests:*
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Bug: 69263587, 64221505, 73431080, 72746951
Exempt-From-Owner-Approval: approved in previous PS
Change-Id: I3e4ec1ae2222d51b232f76f32faca93d4f8cd272
We've seen system code continue to ask about network statistics
during a shutdown, so keep our objects around to avoid crashing
with NPEs.
Test: builds, boots
Bug: 73323432
Change-Id: I2654d37a59eb830ff32a2151ae6ad6a999a41677
Now that we have a nice Clock abstraction, we can use it to represent
a clock backed by an NTP fix. (This makes testing logic much easier
to write.)
We now rely completely on NetworkTimeUpdateService to keep our NTP
fix up to date, instead of trying to refresh in the middle of
critical paths which could trigger random ANRs.
Add internal FallbackClock to make it easier to handle missing NTP
fixes. Add internal SimpleClock to let implementers focus on single
millis() method.
Test: bit FrameworksNetTests:com.android.server.net.NetworkStatsServiceTest
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Bug: 69714690, 72320957
Change-Id: Ic32cdcbe093d08b73b0e4b23d6910b23ea8e1968
Exempt-From-Owner-Approval: approved in previous PS
This change prevents IpSecTransforms from being inadvertently modified
by changes to the IpSecConfig. Specifically, once the transform is
created, it takes a copy of the config, rather than a reference.
Bug: 69385347
Test: New tests added, and all test passing
Change-Id: I89b8660c175ca20aa70352dcda893434ff7fd42b
