This change fixes detailed UID stats to ensure network and battery stats
both take VPNs into account. NetworkStatsFactory is being made aware of
VPNs enabled, and the full set of underlying networks present.
Since traffic can only be migrated over a NetworkStats delta, NSF
maintains a NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSF records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or NetworkStatsService's
getDetailedUidStats() method being called.
This change widens the scope of the existing mPersistentSnapshot lock,
renaming it to mPersistentDataLock, and ensures that TUN migrations are
not done in parallel. Additionally, mVpnInfos is updated via
pointer-swapping, to reduce the scope of the mPersistentDataLock.
The safety of this change is predicated on:
1. NetworkStatsFactory lock not held, so services cannot deadlock through
the cyclical lock.
2. The broadening of the scope of the lock in NetworkStatsFactory has no
threading implications, as it is always the last (leaf node) lock held,
and therefore is impossible to have lock inversion.
Additionally, to ensure VPNs work with 464xlat, the VPN info passed to
the NetworkStatsFactory includes all underlying interfaces, instead of
only passing the first one.
This (partially) re-applies changes from:
aosp/972848: Add one more test for VPN usage stats.
aosp/972847: Addressing comments for http://ag/7700679.
aosp/885338: NetworkStatsService: Fix getDetailedUidStats to take VPNs
into account.
Co-developed with: Varun Anand <vaanand@google.com>
Bug: 113122541
Bug: 120145746
Bug: 129264869
Bug: 134244752
Test: FrameworksNetTest passing
Test: Manual tests show data usage fixes maintained.
Merged-In: I6466ec1411fc5ed6954125d27d353b6cd1be719e
Change-Id: Id45ae956ad7165be346ecc010e17d260563ac1c0
(cherry picked from commit 9fbbdebc61513982a6775460e1d400956f803bde)
This reverts commit d8220c20507f0c346f517d715c7b9826b04d64e2.
Reason for revert: Fix available for deadlocks.
Bug: 113122541
Bug: 134244752
Merged-In: Ib65214598837289bd39dbf040b56ab7835f893ba
Change-Id: Ia90bf2c72ef686e80800d113d03548e0efcadb66
(cherry picked from commit a84d9fa57247cf78a9297b0c6dbd3d81b69e235f)
This mostly serves to unindent code to make it locally more
readable. It is a functional no-op.
Bug: 135043192
Test: atest FrameworksNetTests
Merged-In: Iad0e9a28670e96a3c953518a0d0ccd77e2f2fa80
Change-Id: I80bebcd04c277f6e4b0665fe1253b2309e3bc535
(cherry picked from commit e1f5759319a4559b3cf89029449878dc56f92bb7)
PARTIAL and NO_INTERNET may happen in the real world for
those transport types that provide internet. These two
notification types should be reasonable notificaitons, not a
terrible failure as the log. For Q, it may be too risky to
display more notifications with other information instead of
SSID. Thus, suppress the wtf log for these two notifications.
Bug: 135043192
Test: atest FrameworksNetTests
Change-Id: I35f3718fa93b403858587d918f0bc596f6c92f3e
Merged-In: I91b92249dc7905aadbc59df50c3bc6da30a8590e
Merged-In: Ia1c2a765b0fb0cc8d440c02533bdc15774a5a3ef
(cherry picked from commit ed0a54bd07ea1c9072459bafeaf796eaa4dad4c5)
Wrap a part of factoryReset with Binder.withCleanCallingIdentity() so
that it doesn't crash thinking that a different uid connected to the
network stack.
Bug: 135029349
Test: build, manual
Change-Id: Iea246a4c1939a4e7e35434137051835ece81d92f
This reverts commit 97482de1fd.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: Ibdaad3a4cbf0d8ef1ed53cfab1e454b9b878bae9
This reverts commit 78d5ac4f8f.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I5fbb3443a39a21fc9d96442726cd10d20e8d61cd
If the device connects to a network automatically and not through
user action, a high-priority notification is intrusive and is
inconsistent with other networking notifications, which are
usually only high priority if the network is manually selected.
Bug: 130766237
Test: see next CL in patch series
Change-Id: I8824f2d1a0efeb6cb75e430ef5159ebce0018779
This will allow wifi to tell ConnectivityService that partial
connectivity is acceptable even if the network is not explicitly
selected.
This is needed when the user selects a partial connectivity
network and tells the system to connect to the network, and never
to ask again. In such cases, the system must switch to the
network even if it is not explicitly selected.
Bug: 130766237
Test: atest FrameworksNetTests
Test: unit tests in an upcoming CL
Change-Id: I13465090b7b1c0bf5dc83362387a5428d77b7e1d
Currently phone process fail to unparcel NattKeepalivePacketData
since it is not in framework. Moves NattKeepalivePacketData to
framework to make it can be utilized by telephony.
This change also removes the error feedback triggered by calling
add keepalive packet filter to an unsupported network agent. This
is misinterpreted by KeepaliveTracker that start keepalive is
failing.
Bug: 134048171
Test: 1. atest android.net.cts.ConnectivityManagerTest#testSocketKeepaliveLimitTelephony
2. atest android.net.cts.ConnectivityManagerTest
3. atest FrameworksNetTests
4. atest FrameworksTelephonyTests
Merged-In: If630d5b339aa722717258c721daa8ead8c431e2d
Change-Id: Ic0f168be6f5a6263a5e0565b6381dcb5c645660f
(cherry picked from commit 9ede677bb2c081ccdc41c8c3c19c949114bcc138)
If NetworkMonitor detects partial connectivity before
EVENT_PROMPT_UNVALIDATED arrives, show the partial
connectivity notification immediately. Re-notify
partial connectivity silently if no internet
notification already there.
Bug: 130683832
Bug: 130766237
Test: atest com.android.server.ConnectivityServiceTest
Change-Id: I7d4eddc643ec795c3961097dc1bdd314d168f6c7
Merged-In: I1b79d3faf96ffe792738935088e4ebbdfcc0d878
(cherry picked from commit 58d4e7304cfce68e338ab34022a0b29d45f42c38)
When the network stack crashes, the system will rebind to it.
Existing references are no longer useful (they just throw
RemoteException) but if the system is still up, then the user
can at least recover the situation by taking actions such as
going into airplane mode, toggling wifi, etc.
This CL stops ConnectivityService from crashing the system when
it cannot talk to NetworkMonitor. This is arguably better than
crashing the system, because crashing the system is disruptive
and carries the serious risk of a bootloop from which it is not
possible to recover.
NetworkStackClient already contains code to crash the system
when the network stack crashes. This change help ensure that
if a crash occurs, it is the result of an explicit decision by
that code instead of an unchecked exception in one of the callers
of the network stack.
Bug: 133725814
Test: builds, boots
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: Ib9a15fececd8579fc5b139fe0341275a45512e0f
Merged-In: Ib9a15fececd8579fc5b139fe0341275a45512e0f
(cherry picked from commit ac29a97d10fe8ea0720763f4ca4657cac85732a1)
System server | NetworkStack
|
NetworkMonitorCallbacks ←----|--- NetworkMonitorCallbacks$Stub$Proxy
↓ | ↑
NetworkAgentInfo | NetworkMonitor
↓ | ↑
NetworkMonitor$Stub$Proxy ----|---→ NetworkMonitorImpl
Bug: b/133174607
Test: Manual. The simplest artifact is observed by watching the output of
adb shell dumpsys meminfo -d com.android.networkstack | grep 'Proxy Binders'
while connecting and disconnecting multiple times to any network.
This will display the number of binder proxies. Before this, the binder
proxy count increases by 1 with each connection and never goes down (there
is some noise, as proxy objects are sometimes created for other reasons,
and get GC'd eventually). After this, the binder proxy count is always
eventually stable at 27 + connected network count.
See the bug for the complete analysis.
Merged-In: Ide2428dab3fcd6d7cd00aa2a9fd99d6c99b815a4
Change-Id: I6b74cf12bdbc72c0593d2a4d6f39c895d1ef3534
(cherry picked from commit eb43884fee35102a7fc886750d6a7e891a82ce33)
No internet notification may be prompted before partial
connectivity being detected. Partial connectivity status will
be set into NAI and prompted in the Setting. Behavior is not
aligned between Setting and notification. Thus, update
notification again if partial connectivity is detected.
Also, sliently show the updated notification if no internet
notification has already been shown to user to prevent alerting
user in short time.
Bug: 130683832
Test: Verified with simulated partial connectivity
Test: atest FrameworksNetTests
Change-Id: Ie16a8ce6e0fa437048e8c1eea240314ca30e9520
Merged-In: I004e78a33689e2208918d4316bcf9a8f50a0bac3
Merged-In: I14385a39d99a45c4a6a50a665f456f589c2f4da3
(cherry picked from commit a5c68348d89f256cb5f42283d983d05834c7e36c)
Auto-reconnecting to a network with no or limited Internet
connectivity is not useful. This is because such networks cannot
be used unless the user taps the notification and interacts with
the resulting dialog. But the notification is only shown if the
user manually connects to the network, not if the system
auto-connects to it.
Bug: 130683832
Bug: 130766237
Test: atest FrameworksNetTests
Change-Id: I5413393529c4bad3a707df229307542486bcff33
* changes:
Add one more test for VPN usage stats.
Addressing comments for http://ag/7700679.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
Note, that its in a separate CL so we could cherry-pick this CL to aosp.
http://ag/7700679 is already in aosp.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Change-Id: I7cfda226b4ed11b67002b83b38fba0f5caf96718
VPN uid.
(cherry picked from commit 612520f544)
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I7f368c5970b2dcb969fe0daf5ef44edb1f51d09d
Once a network is determined to have partial connectivity, it
cannot go back to full connectivity without a disconnect. This
is because NetworkMonitor can only communicate either
PARTIAL_CONNECTIVITY or VALID, but not both. Thus, multiple
validation results allow ConnectivityService to know the real
network status.
Bug: 129662877
Bug: 130683832
Test: atest FrameworksNetTests
Test: atest NetworkStackTests
Test: atest --generate-new-metrics 50
NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Test: Simulate partial connectvitiy
Change-Id: I406c9368617c03a2dd3ab15fb1f6dbf539d7c714
Merged-In: I243db4c406cca826e803c8035268bc0c6e6e01e2
(cherry picked from commit 4532abd4d2af9ad118873a63cafc6028ed87c52e)
The native services should specify their permissions in platform.xml if
they need internet permission, otherwise the eBPF program will block the
socket creation request. Fixing the known services that are in group
AID_INET but didn't specify their permission in the xml file.
Bug: 132217906
Test: CtsJdwpTestCases dumpsys netd trafficcontroller
Change-Id: I84cde7d3757953bc0bf761727d64a715bcdd68bb
Merged-In: I84cde7d3757953bc0bf761727d64a715bcdd68bb
(cherry picked from commit e5d6f0fa6c3fd77572f5b29f416acbf304abf9da)
This notification is shown when the user has already logged in to
the network, so it should not have a question mark on it.
Fix: 130526201
Test: atest FrameworksNetTests
Test: manually signed in to portal
Change-Id: I8250236bc4ba251492a6cb9bf23e67666ef860d3
Merged-In: I8250236bc4ba251492a6cb9bf23e67666ef860d3
(cherry picked from commit fce363555029b92b1532058555797d6ef1afb09c)
Caller should get SecurityException if called
ConnectivityManager#startCaptivePortalApp() w/o
MAINLINE_NETWORK_STACK permission. But now it will not get any
exception and can launch captive portal app successfully.
Bug: 132662433
Test: atest android.net.cts.ConnectivityManagerTest#testStartCaptivePortalApp
w and w/o MAINLINE_NETWORK_STACK permission
Test: atest FrameworksNetTests NetworkStackTests
Change-Id: Ib70fe6fad107f3e9dce9ce673188c5ce5dc1ad7b
Merged-In: I1025da29beb53259f57bd9ca5648b32f2847ed4a
Merged-In: Ib70fe6fad107f3e9dce9ce673188c5ce5dc1ad7b
(cherry picked from commit 72b3ab18ca302a3117f424a0f0ef6c08897c310e)
Delete the unused NetworkManagementService API for set/remove
permissions. Use PERMISSION_NONE to replace NO_PERMISSIONS so the
framework now use the same set of permission constant when communicate
with netd.
Bug: 128944261
Test: PermissionMonitorTest.java
Change-Id: I25224c9576f52d2a0a0bd2182325c7aac7b28eb5
Merged-In: I25224c9576f52d2a0a0bd2182325c7aac7b28eb5
(cherry picked from commit 05887f99c6ca6885db737af2f356023dc6de80a2)
Remove definition of TYPE_NATT and TYPE_TCP since the type
can be identified by checking message.obj is an instance of
NattKeepalivePacketData or TcpKeepalivePacketData.
It's more simple and won't have dependency on KeepaliveInfo.
Bug: 33530442
Test: atest FrameworksNetTests
atest NetworkStackTests
(Clean cherry-pick of aosp/955419)
Change-Id: Ic97ffe9ff5781778efd264460809f5059f0f4230
Merged-In: Ic97ffe9ff5781778efd264460809f5059f0f4230
In aosp/951200, the clean up function delete the item in the
hash map that holds the record while iterating it, where the
list used to iterate the records is backed by the hash map,
so changes to the map are reflected in the list and caused
the concurrent modification exception.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 300
2. atest FrameworksNetTests --generate-new-metrics 10
(Clean cherry-pick of aosp/959599)
Change-Id: I9cdfe6f6d11c5400c856cc30a33ff4a44ba9d811
Merged-In: I0481a469ee23231e5f0ab738a06b5e09f6cdb680
In general, keepalive slots are released after result of
stopping has returned. However, for network disconnect case,
the service side cannot communicate with network agent since
the async channel is broken.
Clean up keepalive slots right after stop in this case.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
Change-Id: Id3e4e159713c0ed7e03f45169e87b73ae6408e4f
(cherry picked from commit a5f6bd16062fba89bcf900aca93aa3514d93f662)
Merged-In: Id3e4e159713c0ed7e03f45169e87b73ae6408e4f
Merged-In: Icb5a1b5bb10617aa5a7b35db6cf48db3dc53b7fd
Currntly, keepalive slot is released when stop() is called. Next
starting keepalive can use the same slot number while previous
keepalive is still stopping. When the previous keepalive is
stopped, the incoming as will be processed by the new keepalive.
This change release keepalive slot after the result of stopping
has returned. Thus, newly created keepalive cannot allocate the
same slot number while lower layer is still processing stop event.
This change also disable flaky assertions that are caused by
test port has been occupied by other process.
Bug: 129512753
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
2. atest FrameworksNetTests --generate-new-metrics 10
3. simulate the fail case manually.
Change-Id: I790f6bbc5efc3f088034ac45ec379da5f781d0ca
Merged-In: I1991627545519ee5cb408a3df3a006f710f4af7b
(cherry picked from commit 3523a3d02a1f88a3990ab9cc4948c705ecc713c8)
Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.
Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests
Clean cherry-pick of aosp/954040
Merged-In: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
Change-Id: I92f6d977b6dfde4e1bf74df6b60c9a0b9e8eec40
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Clean cherry-pick of aosp/946359
Change-Id: I06840834d0ee8121358bf4829fe47ecf9964d395
Merged-In: I0218f3674628c13ead63fc9a873895ba7f113033
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
(cherry picked from commit 414b8c8b1ce8ae2ad6ef95c1ffba19062077d3e6)
rethrowFromSystemServer is throwing DeadSystemException which
is different from the original log message. Thus, update the
way to rethrow the same RemoteException.
Bug: 130028724
Test: atest FrameworksNetTest
Test: Kill NetworkStack and check the log message
Change-Id: I60862e276dd4e2d143278b272a9ba54219acce26
Merged-In: Ic1766e839f8f06b539d5f6cfecd29547021fd1d9
Merged-In: I67005a5384888e8acaf1249af79484e2d5ed6f1f
(cherry picked from commit 7f581219e1a4706ea2b4438322a299986847b1c2)
* changes:
Reinstate new VPN uid filtering unit tests
Revert new tests and PackageManager mock
Block incoming non-VPN packets to apps under fully-routed VPN
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16bf49f678d4a43c220e1d67393170459)
This freezes the interface as of the latest beta build, not the tip of
tree. IIpClient#setL2KeyAndGroupHint is not in the frozen definition in
particular.
Generated with:
m networkstack-aidl-interfaces-freeze-api \
ipmemorystore-aidl-interfaces-freeze-api
Test: flashed, booted, WiFi and captive portal working
Bug: 128803828
Change-Id: Ideabe73fc93bbefca2d624ee9ca190cf31419424
Merged-In: Ideabe73fc93bbefca2d624ee9ca190cf31419424
(cherry picked from commit 9b89cdaaf401a6b77e160807039c06e537fa600a)
Test: new test for this
Fixes: 62650382
Change-Id: I918b8271d3c3c058553ca888cb54cd36a6efba66
Merged-In: I0fc408d546ae9d72b7dd9415e502252b484d4329
Merged-In: I9282930106d1eee3274d9e5c4e89de60e929a0e6
As per API council feedback, these constants should live in
a place that is private to the network stack, only with a
range defined in system API.
Bug: 129433383
Test: m
Change-Id: I84a90f84a9af6fef4667ee4d512ebd0413222086
(cherry picked from commit 79a6330650ca04bd7a08afbd63f8016a3b30bc72)
This commit re-enables enforcement of the MANAGE_TEST_NETWORK
permission, which is only granted to the shell. CTS tests using this
permission should use UiAutomation.adoptShellPermissionIdentity() to
gain access.
Bug: 72950854
Test: IPsec CTS tests using this passing
Change-Id: I98573a5c68e45abbbaddef01f6ac74a6a18e26f9
Merged-In: I98573a5c68e45abbbaddef01f6ac74a6a18e26f9
(cherry picked from commit 3ec38dc5530db151388879a521d6d3b94679a0de)
This follow-up change performs some cleanup changes without affecting
functionality
Bug: 72950854
Test: Compiles, CTS tests using this pass
Change-Id: Ic7394f24f11d713c9374b438182e29d2a02ea236
Merged-In: Ic7394f24f11d713c9374b438182e29d2a02ea236
(cherry picked from commit 7df36ed96a807f258aef43e558ef127b27b90756)
