Adds methods needed by app developers to avoid them having to call
non-SDK APIs.
Test: tests added to cts
Bug: 78686891
Change-Id: Ic0eadfdab2b111d5ca4becb753f4fe3557806433
Start tracking default upstream from boot.This is useful for
entitlement refine in following change. EntitlementManager can
decide if it needs to process entitlement provisioning before
tethering started.
Test: -atest FrameworksNetTests
-build, flash, booted
-manually turnoff/on tethering with different upstream
bug: 111490073
Change-Id: I8fdbd64c52f26b5363693bb5bd8050930e8ea961
Currently, PermissionMonitor listen to user add/remove and
package add/remove intent respectively, and so does VPN.
Thus, races might occurr between them.
This commit refactor VPN part by using ConnectivityService to
listen to intents and dispatch events to VPN.
Bug: 118811303
Test: 1. atest FrameworksNetTests
2. manually add/remove package
3. cts-tradefed run cts -m CtsHostsideNetworkTests
Change-Id: Id76fd77c5fcfb2b0e21f211f63f007b1ea1aa53f
Add a generic transport-specific information container interface and
access methods. These can be used by a network factory to pass transport
(bearer)-specific network parameters to the app.
Bug: 117605977
Test: atest frameworks/base/tests/net/java/android/net (+new unit tests)
Change-Id: Ib7c83b677e1c02a2212265719813e648b0c9cc1b
In follow-up commits, current API would create new NetworkStats
every time when 464xlatAdjustment wants to filtered out some
uids.
This commit refactors it to delete stats in-place to get better
performance.
Bug: 118602783
Test: atest FrameworksNetTests
Change-Id: I858f95d1fa7733111786243b4e261ce8a70a068d
Netd use this parameter to determine which network it should use for
DNS query when VPN is enabled. But it is no more reliable when we have
seamless vpn handover, since the parameter does not make update to
netd if we have DNS configuration change. Netd should call resolver
API to get latest DNS information rather than this one.
Bug: 116539103
Test: runtest frameworks-net passes
Change-Id: I6491114ab6de0ff66322f1da69056e6f3c999b5a
updateTcpBufferSizes() only need tcp buffer size as its
parameter. Also unify the logic to check default network
outside the function.
Bug: 120119769
Test: 1. Build pass.
2. runtest frameworks-net
Change-Id: Iee9fec3efe7d5be5b590dd1c1f67ec5de636e613
In previous design, it will always assign newLp to nai in
handleUpdateLinkProperties(). And Private dns configuration
will be missing when the same LinkProperties are updated
because the updated LinkProperties is not assigned back to
NetworkAgentInfo.
Bug: 118518971
Test: 1.Build pass.
2.runtest frameworks-net
Change-Id: I405c8f29497fec438082a2cf30eb5c7b9497e1c4
Stable aidl won't support FileDescriptor but ParcelFileDescriptor.
In order to migrate to stable aidl, replace all FileDescriptor in
INdetd.aidl.
Test: runtest frameworks-net passes
Change-Id: Icdf37aed0e0cce0352070a437066e77c0f2fd85a
The system server is controlling the tcp buffer now by writing to
/sys/kernel/ipv4/tcp_{rmem,wmem}_{min,def,max}. Those files are
basically the same as /proc/sys/net/ipv4/tcp_{rmem,wmem} except those
latter ones contain all three values in one file. Netd can directly write
to those files so we no longer need to depend on these android specific
files.
Test: netd_integration_test
Bug: 118572798
Change-Id: I588b48be29ecf61fd5bbf94f97f63738be4eae25
If dns resolver on a network get consecutively timeout then it
is a strong signal that the network is no longer usable.
Reevaluate the network once it's data stall suspected
Test: 1. runtest frameworks-net
2. SettingsBackupTest passes
2. Run on wifi w/o internet capability
Bug: 112653893, 113916551
Change-Id: I74287b174d933f97a91fa1529b1809856ac3b38d
This change adds support for XFRM-I to all IpSecService netd calls.
Fallback logic is in netd, and thus both VTI and XFRM-I parameters are
always passed down to IpSecService.
Bug: 78589502
Test: All java, CTS tests passing
Change-Id: Ie4186f0ad7e50763b21831f6fa411b5ee436de78
Currently, PermissionMonitor listen to user add/remove and
package add/remove intent respectively, and so does VPN.
Thus, races might occurr between them.
This commit refactor PermissionMonitor part by using
ConnectivityService to listen to intents and dispatch events
to PermissionMonitor.
Bug: 118811303
Test: 1. atest FrameworksNetTests
2. manually add/remove package
Change-Id: I6e45b5870d5b1300cad252d25bdb4da78f9bf70e
To allow vendor code to construct LinkAddress, which is
one of the parameter in the system API DataCallResponse.
Test: Build
Bug: 73659459
Merged-In: I3e203781d3a03285fa0e047cc8837ccb4a09016a
Change-Id: I3e203781d3a03285fa0e047cc8837ccb4a09016a
Add a utility method to convert an EUI-48 to an IPv6 link-local
address based on RFC 4291 (EUI-64 generation) followed by RFC 4862.
Bug: 117605977
Test: atest MacAddressTest
Merged-In: I80b683e69da6beff3b37fc345fc15aa9610d09b7
Change-Id: I80b683e69da6beff3b37fc345fc15aa9610d09b7
The previous patch was applied to the wrong member and did not actually
fix the issue.
Bug: b/117516272
Test: remote run passed
Change-Id: I3f9c27ebd6c339e98a71cb179b0be65950f9b864
If time since boot is lower than the rate limit, notifications would not
be shown.
This is causing tests to fail on continuous testing.
Test: atest FrameworksNetTests
Bug: b/117516272
Change-Id: I03da28f2ca61119fa0ef9534bb4ce3f6406c1ff2
Some native daemons legacy design work with SYSTEM_UID. If none of
SYSTEM_UID apps declare the restricted network permission, it will
result in permission denial in daemons. Allow SYSTEM_UID in the
devices shipped before Q to support backward compatibility.
Bug:114245686
Test: 1. runtest frameworks-net
2. atest FrameworksNetTests
3. Native daemons with SYSTEM_UID can work normally
Change-Id: I6f3f0d83bcae74ef5389535b528af3baf649fa48
When using xt_qtaguid to count per uid stats,
NetworkStatsService needs to adjust the 464xlat traffic since
iptables module would double count for ipv4 and ipv6 packet.
But for eBPF, the per uid stats is collected in a different
hook, so the adjustment on root uid would only be needed in tx
direction.
Bug: 112226716
Test: 1. Make ipv4 traffic in ipv6-only network and check data
usage.
2. Make ipv4 traffic in a client which connect to
ipv6-only hotspot.
3. runtest frameworks-net
4. cts-tradefed run cts -m CtsNetTestCases -t \
android.net.cts.TrafficStatsTest
5. cts-tradefed run cts -m CtsUsageStatsTestCases
Change-Id: Ic9a84f5446eddc943c255d5f3b89dad171f53cac
Currently, if VPN lockdown is disabled, the blocking judgement
inside VPN will return false immediately. It will make
ConnectivityService hard to check blocked status by a given
VPN lockdown status.
Thus, move this check into ConnectivityService and check it
externally.
Bug: 117814902
Test: 1. manual test with 3rd-party vpn app
2. runtest frameworks-net
Change-Id: Ia8319b1a1a12f1058c24badf2431f2ec69bc78e7
Use stable aidl generated structure instead of UidRange
Test: runtest frameworks-net passes
Test: manual testing of UidRange related function works
Change-Id: Iaf1c10777dc1e71df2be2a57533a10257b12626b
