Everything that is marked SystemApi or TestApi, but not @hide is still
part of the public SDK, it is therefore not sound to have that combination.
In the future, specifing such a combination will be considered an error
to prevent inadvertently exposing SystemApi and TestApi as public API.
Bug: 115333477
Change-Id: Ibd5d6a22862fdbc1e20a1cb3925280f5a682edea
Merged-In: Ibd5d6a22862fdbc1e20a1cb3925280f5a682edea
Test: METALAVA_PREPEND_ARGS="--error UnhiddenSystemApi" m checkapi
Exempt-From-Owner-Approval: API cleanup
In follow-up commits, current API would create new NetworkStats
every time when 464xlatAdjustment wants to filtered out some
uids.
This commit refactors it to delete stats in-place to get better
performance.
Bug: 118602783
Test: atest FrameworksNetTests
Change-Id: I858f95d1fa7733111786243b4e261ce8a70a068d
This change adds support for XFRM-I to all IpSecService netd calls.
Fallback logic is in netd, and thus both VTI and XFRM-I parameters are
always passed down to IpSecService.
Bug: 78589502
Test: All java, CTS tests passing
Change-Id: Ie4186f0ad7e50763b21831f6fa411b5ee436de78
SA marks are never updated during the UPDSA call. This change disables
the attempts to update the specified SAs, ensuring that the config
stored in IpSecService matches that of the allocated kernel resources.
Bug: 111854872
Test: Unit, CTS tests passing
Change-Id: Ic1fb862c8021ffa260c3e262ec698d8af0a826d9
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Use stable aidl generated structure instead of UidRange
Test: runtest frameworks-net passes
Test: manual testing of UidRange related function works
Change-Id: Iaf1c10777dc1e71df2be2a57533a10257b12626b
This first version can serve discover/request/release, although there
are some small behavior changes with current implementation which will
be addressed later.
Also removes final modifiers on start() and stop() in FdEventsReader, to
allow mocking the methods in tests with the current mockito lib.
Test: Added tests pass, manual: flashed a device using the server
Change-Id: I025366ff7d51c4ba31152af50f3dd2b5e280a54d
For packages:
android.net.wimax
android.net.wifi.p2p.nsd
android.net.wifi.p2p
android.net.wifi.hotspot2.pps
android.net.wifi.hotspot2.omadm
android.net.wifi.hotspot2
android.net.wifi.aware
android.net.wifi
android.net.util
android.net.sip
android.net.rtp
android.net.nsd
android.net.metrics
android.net.lowpan
android.net.http
android.net.captiveportal
android.net
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ie25423113ee1a8071cd5039382c00de6ce0af7fd
Merged-In: I520be7a4c79e68310c12e4f55bf66acaa94145a1
For packages:
android.app.usage
android.app.trust
android.app.timezonedetector
android.app.timezone
android.app.timedetector
android.app.job
android.app.backup
android.app.assist
android.app.admin
android.app
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I5d15d50344d7178617418846917f693cfabf006b
Merged-In: I618c5dc4462ae990d9df45c3e9ed3f092cc5138c
We've seen reports of negative values flowing through to attempt
being recorded, which will outright crash. This change does one
last-ditch check to see if we're about to work with negative values,
reporting any trouble and clamping them to zero so we don't crash.
This gives us the data we need to continue investigating without
triggering runtime restarts in the field.
Bug: 80057433
Test: atest android.net.NetworkStatsTest
Change-Id: I8174391c6cf5dadc2c2c10a8d841ee07e1f7d934
In order to properly support EOPNOTSUPP this CL
applies a consistent approach to handling Exceptions.
Hereafter, all exceptions that aren't of a special
method-specific type (such as SpiUnavailableException)
will all be returned to the calling process unchanged.
At the API call site, the ServiceSpecificException,
which is really an Errno, will be inspected and either
converted to an unchecked exception for types we know,
or it will be converted to an IOException in cases where
that method can return a checked exception. In cases
where we do not expect an errno, we will simply throw
a generic RuntimeException. This means all API calls
will now properly throw UnsupportedOperationException
and may be CTS tested accordingly.
Bug: 72420898
Test: runtest frameworks-net
Change-Id: I4a00e221618896223fcdb4b4279fb14cd14e34d8
Collecting network statistics is pretty heavy, which is why we're
throttling callers. However, to keep CTS running fast, we provide a
way for tests to force a poll event, instead of making them wait for
the throttle timeout.
Bug: 77908520
Test: atest cts/tests/tests/app.usage/src/android/app/usage/cts/NetworkUsageStatsTest.java
Change-Id: Ia792f0cd495023366ff8c4839df54e7da2ae8331
Hide the tunnel mode of the IpSec API because
there is a disincentive to launch it without
a supported customer use case. That use case,
IWLAN is having its APIs hidden, so we should
hide these as well to avoid constraining future
implementation.
Also, due to issues with the lifetime of the NATT
management object, this API needs to be hidden
until such time as the lifetime of the Keepalive
can be handled independently of the lifetime of
a Transform.
Bug: 72523623
Test: compilation (api removal)
Change-Id: I076030bdbab1cd7d69f6a034577d529970b050dc
This also avoids returning a nonzero multipath preference
if remaining data is low but nonzero.
Bug: b/72877610
Change-Id: I2459ded06de77d284ae1fe81a60d9e1df56b0c26
Fixes: b/72877610
Test: Tests in go/ag/3842960 pass
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
This change forces Socket and DatagramSocket to populate the
SocketImpl, ensuring that the socket file descriptor can be
retrieved when applying Transport mode Transforms
This is done by calling getSoLinger(), triggering a getImpl(), which
triggers setImpl() if needed.
Bug: 77491294
Test: Added tests in IpSecManagerTest, ran on walleye
Merged-In: I40da08b031357710eb794e0f866aec5660c79594
Change-Id: I40da08b031357710eb794e0f866aec5660c79594
(cherry picked from commit d175a3d3a01cfdb5ab6d4e61d15950583f8006d6)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
Usage stats corrections for 464xlat in NetworkStatsFactory are not applied
to tethered traffic. Add adjustments in NetworkStatsService. After
migrating external callers off NetworkStatsFactory, we will be able to
only apply adjustments in NetworkStatsService and remove stacked
interface tracking from NetworkStatsFactory.
Bug: 72107146
Fixes: 72107146
Test: runtest frameworks-net & manual - checked corrected network usage
Merged-In: Ieb25c41c651499fdd01225ae5ac21d95e3d823f5
Merged-In: I016722f3a0ae2ae0a1d48bfacc4fe07ee3578ef7
(cherry-pick of aosp I5ce450e616b4fddf21f2a491fe5d0c9e9f969bda)
Change-Id: Id41cf22a0f9a63cb1832e9375bfb045861f08e52
Currently the NetworkStatsManager APIs allow applications to
query for their own data usage by UID and tag, but do not allow
applications to query by foreground/background state.
This is causing popular apps to resort to parsing xt_qtaguid
stats files directly. Because this is no longer allowed for apps
targeting P and above, provide replacement functionality.
This API allows apps to query for data usage for a given state,
but not to receive data usage broken down by state. This is
consistent with how the current UID and tag APIs work. It is also
not an undue burden on apps: there are currently only two states
of interest (FOREGROUND and everything else), and even if we add
states in the future, unmodified apps can still obtain total
traffic using STATE_ALL.
Bug: 72977484
Test: New CTS test added in other change in this topic.
Change-Id: Ic8c9194569ffd599b49e4a8197c5c2ea0ec3f7f7
Useful for clients such as BatteryStats which currently rely
on NetworkStatsFactory. Data at that stage is incomplete as
it does not account for tethering, VT data and corresponding
464xlat corrections.
Test: runtest frameworks-net, CTS tests pass.
Bug: b/72107146
Merged-In: I31c5b9b4a7c6e72910152415894a137f000a5858
Merged-In: I2527d95000c7500c824ede70f87ecb38e21ed323
(cherry picked from aosp 088ff6824f13145ea52207bdead0d7e454a6f3ce)
Change-Id: Ie80f1bb21124241f3414f9be77aceac9a44ec6d1
Disallow the allocation of SPIs in the range
reserved for future use by RFC 4303.
Bug: 77205120
Test: runtest frameworks-net
Merged-In: I05e26ed34b5871f1a07d5bd7b58b79a64cd74b67
Change-Id: I05e26ed34b5871f1a07d5bd7b58b79a64cd74b67
(cherry picked from commit 7f606ee8e57d9d8b7c5d0cb2a78421aa02efb385)
Instead of providing default truncation lengths (based on RFC or
otherwise), this change imposes a restriction that the truncation length
must be supplied for all auth or aead algorithms.
Bug: 77204048
Test: Updated tests, ran on walleye
Merged-In: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97
Change-Id: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97
(cherry picked from commit bb7f2820f5bcccf8618078c2cbe4ea9836797e3b)
This change updates the getSocket() methods for IPsec to improve clarity
of the return types, both for public APIs, and internal-only methods.
Bug: 72473753
Test: APIs updated, CTS + unit tests ran.
Merged-In: I0afebd432c5d04c47c93daa1ce616d712aa323d7
Change-Id: I0afebd432c5d04c47c93daa1ce616d712aa323d7
(cherry picked from commit 4c987ebade580d4abc8a3d549e0df90baab33140)
Use a MATCH_MOBILE_WILDCARD template to avoid filtering by
subscriberId when querying statistics from NetworkStatsService.
Bug: 74038898
Change-Id: I8296220472a9ba37044dd1a5ede9bdb45d3ed339
Fixes: 74038898
Test: runtest frameworks-net, CTS tests pass
Merged-In: I1e4e283c6eaecf33d12488e41e0c524f6ff83954
Merged-In: Ia84d2c7cc63bf8b8bf30f133e0382fd7103bf490
(cherry-picked from aosp I4b39e7031416cb33b23d89aa36ff0f774eaa942f)
Updates API documentation to mention that TCP sockets where transforms
are deactivated will not send FIN packets.
Bug: 74851550
Test: API updates only
Merged-In: I8169f221c8c747538a8bddfbf02dcc73c9337189
Change-Id: I8169f221c8c747538a8bddfbf02dcc73c9337189
(cherry picked from commit 7d31a2f3579eff80c3cef07feadf77dbfcbfcd17)
Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
This CL adds NonNull annotations to a large
number of method returns and parameters as
part of API council feedback.
Bug: 72473424
Test: compilation (docstring-only change)
Merged-In: I2f865dde56fe12116c461ad98e9460bf1802ce18
Change-Id: I2f865dde56fe12116c461ad98e9460bf1802ce18
(cherry picked from commit 8fd26f67fdfdedb535ddb8c7d5ededa5dcba40f8)
When exposing the APIs, these were missed.
The outer structure is exposed, so this exposes
the addAddress and removeAddress methods.
Bug: 75234273
Test: compilation
Merged-In: I79911434f9baa660e4d8564cc59d80da4a710c42
Change-Id: I79911434f9baa660e4d8564cc59d80da4a710c42
(cherry picked from commit a83601a511c3f11470109d78d1a736acdb9c6bd8)
This change adds implementation details for add/remove addresses onto a
VTI.
Bug: 73675031
Test: New tests added, passing on Walleye
Merged-In: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
Change-Id: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
(cherry picked from commit ecc9f7cc08804e3fa15fea04ae94ea1bc74edbfe)
Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.
Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Merged-In: Ia9a5cfee9c7786412846bc039f326420f6211c08
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
(cherry picked from commit bf013a3820c69348e034c6340b28e95f3441ebe8)
