There maybe some copy paste error about mNetworkCapabilities
and mUnwantedNetworkCapabilities in NetworkCapability#toString()
Test: manual + CodeDEX scan
Change-Id: I9997163e8b557590c27d15f0b2184ce6e1a53647
This change adds support for XFRM-I to all IpSecService netd calls.
Fallback logic is in netd, and thus both VTI and XFRM-I parameters are
always passed down to IpSecService.
Bug: 78589502
Test: All java, CTS tests passing
Change-Id: Ie4186f0ad7e50763b21831f6fa411b5ee436de78
Currently, PermissionMonitor listen to user add/remove and
package add/remove intent respectively, and so does VPN.
Thus, races might occurr between them.
This commit refactor PermissionMonitor part by using
ConnectivityService to listen to intents and dispatch events
to PermissionMonitor.
Bug: 118811303
Test: 1. atest FrameworksNetTests
2. manually add/remove package
Change-Id: I6e45b5870d5b1300cad252d25bdb4da78f9bf70e
To allow vendor code to construct LinkAddress, which is
one of the parameter in the system API DataCallResponse.
Test: Build
Bug: 73659459
Merged-In: I3e203781d3a03285fa0e047cc8837ccb4a09016a
Change-Id: I3e203781d3a03285fa0e047cc8837ccb4a09016a
Add a utility method to convert an EUI-48 to an IPv6 link-local
address based on RFC 4291 (EUI-64 generation) followed by RFC 4862.
Bug: 117605977
Test: atest MacAddressTest
Merged-In: I80b683e69da6beff3b37fc345fc15aa9610d09b7
Change-Id: I80b683e69da6beff3b37fc345fc15aa9610d09b7
The previous patch was applied to the wrong member and did not actually
fix the issue.
Bug: b/117516272
Test: remote run passed
Change-Id: I3f9c27ebd6c339e98a71cb179b0be65950f9b864
Previously, we were calling ParcelFileDescriptor.fromSocket on a newly
initialized Socket, which doesn't actually create a file descriptor
until the Socket is bound or connected.
Bind the Socket to a random port to force the file descriptor to be
allocated.
Test: treehugger
Change-Id: Id92a3e1316881d1c5382485aa2d6a41fc37e9651
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Merged-In: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
(cherry picked from commit c33ac0d43b594f6154accf03ae7e3fd34dedc79d)
If time since boot is lower than the rate limit, notifications would not
be shown.
This is causing tests to fail on continuous testing.
Test: atest FrameworksNetTests
Bug: b/117516272
Change-Id: I03da28f2ca61119fa0ef9534bb4ce3f6406c1ff2
Some native daemons legacy design work with SYSTEM_UID. If none of
SYSTEM_UID apps declare the restricted network permission, it will
result in permission denial in daemons. Allow SYSTEM_UID in the
devices shipped before Q to support backward compatibility.
Bug:114245686
Test: 1. runtest frameworks-net
2. atest FrameworksNetTests
3. Native daemons with SYSTEM_UID can work normally
Change-Id: I6f3f0d83bcae74ef5389535b528af3baf649fa48
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Currently, if VPN lockdown is disabled, the blocking judgement
inside VPN will return false immediately. It will make
ConnectivityService hard to check blocked status by a given
VPN lockdown status.
Thus, move this check into ConnectivityService and check it
externally.
Bug: 117814902
Test: 1. manual test with 3rd-party vpn app
2. runtest frameworks-net
Change-Id: Ia8319b1a1a12f1058c24badf2431f2ec69bc78e7
Use stable aidl generated structure instead of UidRange
Test: runtest frameworks-net passes
Test: manual testing of UidRange related function works
Change-Id: Iaf1c10777dc1e71df2be2a57533a10257b12626b
Based on some analysis, these fields/methods are likely false positives.
Set maxTargetSdk=P so that any apps using them are required to migrate off
them in future. See the bug for more details.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Merged-In: I719b5c94e5b1f4fa562dd5d655953422958ad37e
Change-Id: I719b5c94e5b1f4fa562dd5d655953422958ad37e
(cherry picked from commit 2622bdf569)
Make log of ConnectivityService configurable by system property.
Two levels:
VERBOSE: whole VDBG log.
DEBUG: selected necessary log for debug purpose.
Relevant log can be enbled in either way:
1. use adb command at run time.
2. config init.xx.rc file at compile time by adding.
on boot && property:ro.build.type=userdebug
setprop log.tag.ConnectivityService DEBUG
Bug: 117632924
Change-Id: I43cc84878c64c5b448853c7393393a02262afd15
