Revert submission 2745215-npmsbpf
DroidMonitor: Potential culprit for Bug 307256512 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reason for revert: 307256512
Reverted changes: /q/submissionid:2745215-npmsbpf
Change-Id: I27119a7484453d1369bbdf71ad2479edec7d664f
Currently, data saver switch is controlled in NPMS, which
calls into NetworkManagementService and netd when switching
status. In netd, BandwidthController manipulates the
bw_data_saver chain to control the overall behavior.
However, this code are all platform implementation, which
are not updatable. In order to migrate data saver switch
from iptables to bpf, this API is needed for Connectivity to
change the implementation to directly write bpf in later
patches.
Test: atest CtsHostsideNetworkTests:com.android.cts.net.HostsideRestrictBackgroundNetworkTests
Test: atest FrameworksServicesTests:NetworkManagementServiceTest
Bug: 297836825
Change-Id: I71fa41ca739fef8e191fba91b02758ad5f732d5c
This doesn't do anything at this patchset, but the whole
pipe from the agent to ConnectivityService is built.
LocalNetworkInfo will be the name of the public information
sent in callbacks to clients.
Test: CSLocalAgentTests
Change-Id: I70e133031ef3b0aaf6c3e59ccc2ad895c66d339c
The ConnectivityResources class is only usable with QUERY_ALL_PACKAGES
permission, so it is not generally usable in framework-connectivity. It
is also backed by the ServiceConnectivityResources APK, which is
intended as resources for service-connectivity.
Move the class to service-connectivity and update callers. CTS needs a
way to determine the supported keepalive count as it used the
resources from KeepaliveUtils as @hide API, so provide a
ConnectivityManager @hide API for testing.
Bug: 279108992
Test: atest
Change-Id: I3c9a77c580b5ab87c922c32778bce15dc33b4d1d
registerSystemDefaultNetworkCallback is required by WifiTrackerLib to
detect the system default network for UI purposes. Currently this API is
allowed for holders of the NETWORK_SETTINGS permission, but not
NETWORK_SETUP_WIZARD. Since SUW also uses WifiTrackerLib, we should
allow this API for NETWORK_SETUP_WIZARD as well.
Bug: 230643853
Test: atest ConnectivityServiceTest
Change-Id: Ic01a186f91ed67b4603b6b8964921be7473a483a
Removed usages of throws with @link that generates bad HTML and added
@CallbackExecutor on executors.
Bug: 268170423
Test: atest ConnectivityServiceTest
Change-Id: I2e4264c201b1779b1636e3f1c581237490fd0930
The default TCP polling alarm timer is very large(2 mins).
It's expensive in the CTS to wait for a couple alarms.
The polling alarm should be deprecated soon and replace
with callback design, so add the hidden method for testing
purpose to support the short term usage until design is
replaced with callbacks.
With the hidden method, the alarm timer will decrease to
1 second for a specified time period. The TCP sockets status
could be verified every 1 second.
Bug: 259000745
Test: m ; atest HostsideVpnTests with the follow up test
Change-Id: I99d494d3b50b2fbee73b926e92e97b1e194d43d4
This is much simpler and less error-prone, as well as less
subject to race conditions.
It also allows for cleaning up some TODOs.
Test: FrameworksNetTests
CtsNetTestCases
Bug: 267116236
Change-Id: I470c709446946ef35a0324427defe2f58b434339
Upcoming CLs use this method to add chain status to failure log of
ConnectivityManagerTest#testFirewallBlocking which is a flaky test
Test: m
Bug: 262141231
Change-Id: Ieb6b4402a3435571decbd8a26fdf666b2db732fe
Create a new API - setVpnNetworkPreference() for the caller to
set VPN as the preference network.
VPN will be disconnected when its underlying network is gone.
To prevent packets going through an underlying network when the
underlying network is back but VPN is not connected yet, set VPN
as the only preferred network for specific apps.
Bug: 231749077
Test: 1. atest FrameworksNetTests
2. Create a test app to register default network and check if
the VPN is the only default network for the test app.
Change-Id: Iabcd38e2fec2aefedbf78d20e338f222d83a9e7f
This change introduces a limited library for dependencies on
framework-connectivity from Tethering,
connectivity-internal-api-util, where all classes are annotated with
@RequiresApi(S) to ensure proper API checks are done before usage.
Bug: 245972418
Change-Id: I82bafd9063341adc71d07f0858e6d68283d081f0
Some callers (e.g. iwlan) need to learn about system default
network but they cannot have NETWORK_SETTINGS permission.
To allow them to use this API but prevent from misuse by
unprivileged apps, enforce USE_RESTRICTED_NETWORKS for this API.
Test: atest com.android.server.ConnectivityServiceTest#testRegisterPrivilegedDefaultCallbacksRequireNetworkSettings android.net.cts.ConnectivityManagerTest#testRegisterNetworkCallback
Fix: 242456635
Change-Id: I80ab27445af874328c9c0f4814a8fbf035ae5df4
The instance of ConnectivityManager is static, and so its inner class
should be static to avoid the memory leak. Otherwise, the inner class
will get the reference to the mContext.
Bug:248184860
Signed-off-by: zhujiatai <zhujiatai@xiaomi.com>
Change-Id: I2c755f04a689f3e9e5f829d9be48765816257366
Currently, data usage of all test networks are all attributed to
the same NetworkIdentity, which does not allow services to
distinguish upload & download traffic of different test networks.
Thus, this CL put specifier that comes along with
TestNetworkAgent into wifiNetworkKey field to build different
NetworkIdentity to attribute data usage to different for
individual networks. And allow querying test network usage with
wifiNetworkKeys.
Bug: 139774492
Test: atest FrameworksNetTests
atest android.net.cts.ConnectivityManagerTest
Change-Id: I1bb38fd20781eaf3105735440a04b27bef36fcae
State that the chains are equivalent and independent.
As requested by API council.
Fix: 235973271
Test: documentation-only change
Change-Id: I036b7f23a40d038920f308c81daf7532afbae242
"{@see" aren't rendered properly. Replace them with "See {@link"
or @see depending on the usage.
Bug: 238753273
Test: make doc-comment-check-docs ; Check the doc result
Change-Id: I70cb2f36e7c5fa8102b5949054df5184d755202c
This commit adds ConnectivityManager#getFirewallChainEnabled to read the
current firewall chain status
Bug: 208371987
Test: m
Change-Id: I1eadb69f953af5d031cd8dabde3e1f098cf0f4df
LOCKDOWN_VPN was in the FirewallChain IntDef but this was not a right
place because LOCKDOWN_VPN was not a valid value for Connectivity APIs
that take an argument annotated with @FirewallChain(setUidFirewallRule,
setFirewallChainEnabled, replaceFirewallChain).
LOCKDOWN_VPN was in the FirewallChain IntDef because
BpfNetMaps#setUidRule was used to add/remove LOCKDOWN_VPN entries.
This commit adds BpfNetMaps#updateUidLockdownRule and uses this to
add/remove LOCKDOWN_VPN entries instead of BpfNetMaps#setUidRule and
removes LOCKDOWN from FirewallChain.
Bug: 206482423
Test: atest TrafficControllerTest ConnectivityServiceTest
PermissionMonitorTest HostsideVpnTests#testBlockIncomingPacket
Change-Id: Iff9b9792fc0f208f153e10e396c6d5034b412d7c
Currently, even when VPN Lockdown mode is enabled, incoming packets are
not dropped if VPN is not connected.
This commit fixed this issue.
After this commit, If VPN Lockdown mode is enabled, incoming packets
are dropped regardless of the VPN connectivity.
Bug: 206482423
Test: atest TrafficControllerTest ConnectivityServiceTest PermissionMonitorTest
Change-Id: If52ece613c8aac1073355e43b6fb9cb3fcc87d1d
ConnectivityManager have a self reference static instance. This
causes a leak if context is refernce from a static variable. Using
the applicationContext, which will never be freed for the life of the
application, for the sInstance static instance.
Bug: 202978965
Test: atest ConnectivityManagerTest
Change-Id: I87206e1bfbb1f877b5a10f5fdbc25e2f9f11bef4
Split the updateXXX methods into an addXXX and removeXXX instead of using
a boolean parameter to indicate whether the uid should be added or removed
Bug: 218494748
Test: atest FrameworksNetTests
Change-Id: I868cf35c8f51b25d8719e618c6c48a5cd642da7f
swapActiveStatsMap is temporary added for the NetworkStatsFactory to
call BpfNetMaps#swapActiveStatsMap in tethering mainline module. Now
NetworkStatsFactory already be mainlined, calling BpfNetMaps#swapActiveStatsMap
directly.
Bug: 218494448
Test: atest ConnectivityCoverageTests
atest FrameworksNetTests
Change-Id: I3358e4ac5fb7ed0964273afdbccd1b4128ca7645
The API won't modify the passed NetworkCapabilities and
LinkProperties, but redactNetworkCapabilitiesForPackage and
redactLinkPropertiesForPackage sound like they will. To reduce
the confusion, rename the API with prefix "getRedacted".
Also modify the javadoc to describe more about what the API will
do if the given UID doesn't have location permission.
Bug: 220367512
Test: atest CtsNetTestCases
Change-Id: I964f1062da1ae96df9b369b911486da1379b8a19
Some system components like VPN need to know how to redact
NetworkCapabilities & LinkProperties that they received from
the system but need to send to third-party applications with
less privilege than themselves. To make sure the redaction is
consistent, expose system API methods to do it that are wired
to the same redaction code used by ConnectivityService.
Bug: 191413541
Test: atest CtsNetTestCases, which includes new CTS for these
Change-Id: Ia3ae4755b5192884c147d6828f96cedac000a25b
