Currently, registerNetworkStatsProvider requires the
UPDATE_DEVICE_STATS permission. This is a privileged permission
so it can be granted to preinstalled apps. Thus, apps like
GmsCore, or preinstalled apps will be able to update network stats.
This change checks for a new permission that would only allow
signature apps to declare that. Also check
MAINLINE_NETWORK_STACK permission to allow NetworkStack process
to use it.
Test: adb shell dumpsys netstats
Test: atest FrameworksNetTests
Bug: 149652079
Change-Id: Idfebd0a1988c3dcfd812d87e30f6a2034d6fbf6b
This is shameless copied from ConnectivityService and plan to be
used in follow-up change. For long term perspective we should
have a permission util that contains those util in one place.
Test: m -j
Change-Id: I837545b54f36c8f21c878cbb1fd028ff23be6cb8
From current design, the traffic accounted by stats providers
will be updated asynchronously when force polling. When upper
layer make two subsequently queries. They will get stale
stats upon the first query, and may get newest/stale stats
base on the result of race.
Thus, wait for a bit of time to allow asynchronous stats update
complete to reduce the chance of race. In pratice, it would
be finished in ~2ms when testing.
Test: systrace.py network
Test: atest FrameworksNetTests
Bug: 147460444
Change-Id: I22a00fc4049cddf77fd578e25769ae1979f2cc6d
Currently NetworkStatsService holding a lock when invoking
getVtDataUsage, which causes a lot of deadlock problems since
Phone will also have binder calls to system_server.
Thus, this change uses a new set of API to break such situation,
that allows VT to report stats asynchronously.
Test: atest FrameworksNetTests FrameworksTelephonyTests
Bug: 130855321
Fix: 143923500
Change-Id: Ifdb8599c3bade09208b4730710fc99da1afad71d
DnsSdTxtRecord is moved to frameworks/libs/net for mainline
support. Also change the import path using this class.
Bug: 139268426
Bug: 135998869
Test: atest FrameworksNetTests
./frameworks/opt/net/wifi/tests/wifitests/runtests.sh
Change-Id: I6118b313ce668707d598aa2eab9baee2f7622dbc
This change provides an API that allow external modules to
register a custom provider of NetworkStats to merge the
network statistics that cannot be seen by the kernel to system.
Test: atest FrameworksNetTests CtsUsageStatsTestCases
Test: atest NetworkPolicyManagerServiceTest
Test: m doc-comment-check-docs
Bug: 130855321
Change-Id: I265bc637c40666cde505fde5056d2d9bfc5fb204
In order to let external module report their network stats,
expose necessary APIs to construct NetworkStats object.
Test: atest FrameworksNetTests CtsUsageStatsTestCases
Test: m doc-comment-check-docs
Bug: 130855321
Change-Id: Id3ec8aaff3df67948c25eac2319a74cf33a27979
This is part of 3 commits in 3 diff git repos, the main one is:
https://android-review.googlesource.com/c/platform/system/netd/+/1200479
"share eBPF struct definitions between ebpf and C++ netd"
as a side effect of which 'android::bpf::Stats' becomes simply '::Stats'
Test: builds
Bug: 146787904
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8548b27d1d8a7938f96c9fd9a185dae882e406f6
Not only is it more concise, but it's also just a tad more correct:
since it really should have been 'sizeof(stats)' not 'sizeof(Stats)'.
Test: builds, atest
Bug: 146787904
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6cf0295878c7b34cedfe3ae44ff7410ef419f8b9
In previous design, interface quota limit does not changed
when network stats are updated. However, this is incorrect
today since there are some offloaded traffic that cannot
be seen by kernel. If the limit is not updated, the offloaded
traffic might still be able to use whole quota as if there is
no embedded traffic.
This change also removes the re-arm global alert after
advising persist threshold if not changed, given that it will
cause an additional alert while updating interface quota limit.
Bug: 145792619
Test: 1. atest NetworkStatsServiceTest
2. atest NetworkPolicyManagerServiceTest
3. manual test: run speedtest, check dumpsys netd
Change-Id: I8d2203e713730d536430a234b1aa8b2468badee3
We want to eventually migrate some of these APIs to be @SystemApi for mainline modules.
The #dumpDebug name is more appropriate than #writeToProto.
Bug: 142279786
Test: Manual
Change-Id: I60793e91cedf6b720d4ecef6a8484f4fed4ff30f
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
Merged-In: I8f2dd1cd0609056494eaf612d39820e273ae093f
Now tethering would be run in dedicated service.
TetheringManager is the interface used to communicate with
TetheringService. The new call flow would be: ConnectivityManager
-> ConnectivityService -> TetheringManager -> TetheringService.
Note: the return value of #tether(), #untether() and #setUsbTethering()
APIs would always be no error. Client can use #getLastTetherError()
or #getTetheredIfaces or listen tether state change to check
status of corresponding interface.
Bug: 136040414
Bug: 144742179
Test: -build, flash, boot
-atest TetheringTests
-atest FrameworksNetTests
Change-Id: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
Merged-In: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
Now tethering would be run in dedicated service.
TetheringManager is the interface used to communicate with
TetheringService. The new call flow would be: ConnectivityManager
-> ConnectivityService -> TetheringManager -> TetheringService.
Note: the return value of #tether(), #untether() and #setUsbTethering()
APIs would always be no error. Client can use #getLastTetherError()
or #getTetheredIfaces or listen tether state change to check
status of corresponding interface.
Bug: 136040414
Bug: 144742179
Test: -build, flash, boot
-atest TetheringTests
-atest FrameworksNetTests
Change-Id: I7e78c0e0a3e70f940a749ba2a39ece7c7ec5b9b3
IpSecService.applyTunnelModeTransform() currently does not take an
SpiRecord instance, yet implicitly requires that the SpiRecord instance
is still alive based on the stored SpiRecord resourceId in
the TransformRecord's IpSecConfig.
This check is unnecessary, as the SpiRecord has been subsumed into the
TransformRecord, and the kernel resources are kept alive whether or
not the SpiRecord is still held by the user.
This allows users of the IpSecManager API to allocate short-lived SPIs
during the creation of an IpSecTransform, without having to keep track
of both of them (even though the SPI is no longer usable).
The TransformRecord.getSpiRecord() call is already used in
multiple other places in the same method.
Bug: 142072071
Test: New tests added, passing.
Change-Id: I1959f3080946267243564459ff4207647922566e
The utilities help using ConnectivityService in tests, and will be used
to write integration tests for ConnectivityService.
Test: atest FrameworksNetTests
Change-Id: Ie895ad05139cd5768d3d8a9bd5589d72571f47e6
