This commit checks if UDP-encapsulation is used
for unsupported address family and throws
IllegalArgumentException when it happens.
Bug: 74213459
Test: Tests added in testCreateTransportModeTransformWithEncap
and testCreateTunnelModeTransformWithEncap.
Command: runtest frameworks-net
Verified on taimen.
Change-Id: I10c01f2bad6aca23430849ea9ef6c1eb157ae131
By skipping updates if an alert is already scheduled, this avoids firing
the global alert too often on devices with high transfer speeds and high
quota.
Test: with tethering watching videos. Also runtest frameworks-net
Bug: 117243748
Change-Id: Idce6059832db7a0e4a7117bbb3e424ec62ae3b21
The proc file of xt_qtaguid module is not necessarily exist on future
devices. We should only check it if the device need to read the stats
file for network usage information.
Bug: 79938294
Test: NetworkUsageStatsTest TrafficStatsTest
Change-Id: I5ac6feef8b9a26daa68b381a985925e24b0d80af
This patch ensures that creation and modification of IPsec tunnels
requires the MANAGE_IPSEC_TUNNELS appop.
Bug: 115685048
Test: IpSecManagerTunnelTest fails without appops set
Change-Id: I6c60a2573ca521717877f36e28a392b0d3b62754
This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
This patch changes tunnel mode security policies to use the actual
tunnel's local and remote addresses to select the SA.
This prevents the kernel from calling xfrm_get_saddr(), which does a
route lookup, potentially resolving an incorrect saddr.
Bug: 79384676
Test: CTS, IpSecService* tests passing
Change-Id: I8223225e2363a79591a0bb0040aa8619cf84c184
This first version can serve discover/request/release, although there
are some small behavior changes with current implementation which will
be addressed later.
Also removes final modifiers on start() and stop() in FdEventsReader, to
allow mocking the methods in tests with the current mockito lib.
Test: Added tests pass, manual: flashed a device using the server
Change-Id: I025366ff7d51c4ba31152af50f3dd2b5e280a54d
For packages:
android.net.wimax
android.net.wifi.p2p.nsd
android.net.wifi.p2p
android.net.wifi.hotspot2.pps
android.net.wifi.hotspot2.omadm
android.net.wifi.hotspot2
android.net.wifi.aware
android.net.wifi
android.net.util
android.net.sip
android.net.rtp
android.net.nsd
android.net.metrics
android.net.lowpan
android.net.http
android.net.captiveportal
android.net
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ie25423113ee1a8071cd5039382c00de6ce0af7fd
Merged-In: I520be7a4c79e68310c12e4f55bf66acaa94145a1
For packages:
android.app.usage
android.app.trust
android.app.timezonedetector
android.app.timezone
android.app.timedetector
android.app.job
android.app.backup
android.app.assist
android.app.admin
android.app
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I5d15d50344d7178617418846917f693cfabf006b
Merged-In: I618c5dc4462ae990d9df45c3e9ed3f092cc5138c
LocalServices.addService in NetworkStatsService is currently failing
with IllegalStateException "Overriding service registration". Setting up
LocalServices in the test to avoid this issue might be possible, but
moving the registration to the only non-test caller of that constructor
as done here solves the issue and avoids side-effects from a constructor.
Test: atest FrameworksNetTests does not choke on this test
Bug: b/78487385
Bug: b/80082746
Change-Id: I5dba98fc79aec0800c8b71e6c7e23d1cfbcae852
Merged-In: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0
(Clean cherry-pick of go/ag/4061255)
The current networkStats getIfaceStats implementation check if
bpf is enabled, and use bpf to get all traffic stats. However,
the bpf implementation did not contain tcp packet counts. So
data stall detection in DcTracker could not get the packet
count to trigger data stall. Hence the data stall never
triggers for device that enables bpf.
This solution is for short term solution that rollback the
design to use xt_qtaguid for bpf enabled device.
Bug: 110443385
Test: 1. fake data stall to trigger data stall recovery
2. enable debug log to make sure tcp packet count is
correct
3. runtest frameworks-net
4. run cts -m CtsUsageStatsTestCases
Change-Id: I1ce9e92fe194da2ea0a3eec014fd50bb50cdd44a
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Manually merging this due to skipping a merge
conflict at ef9f2740a790feceaa47a24b1a179e93c4ffb5e6
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
In order to properly support EOPNOTSUPP this CL
applies a consistent approach to handling Exceptions.
Hereafter, all exceptions that aren't of a special
method-specific type (such as SpiUnavailableException)
will all be returned to the calling process unchanged.
At the API call site, the ServiceSpecificException,
which is really an Errno, will be inspected and either
converted to an unchecked exception for types we know,
or it will be converted to an IOException in cases where
that method can return a checked exception. In cases
where we do not expect an errno, we will simply throw
a generic RuntimeException. This means all API calls
will now properly throw UnsupportedOperationException
and may be CTS tested accordingly.
Bug: 72420898
Test: runtest frameworks-net
Merged-In: I4a00e221618896223fcdb4b4279fb14cd14e34d8
Change-Id: I4a00e221618896223fcdb4b4279fb14cd14e34d8
(cherry picked from commit beed0b61b7)
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit d39837f7e2)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 65ef843176)
Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Merged-In: I0f618373b500c493ef2211bece681f74652a1833
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
(cherry picked from commit 00e77247eb)
The current implementation check for bpf map existance whenever a
NetworkStats request comes in. The check is not efficient and may
require additional permission for threads. So a member variable is added
to NetworkStatsService to store the bpf configuration status and is
initialized when NetworkStatsService start.
Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
-m CtsUsageStatsTestCases -t android.app.usage.cts.NetworkUsageStatsTest
Bug: 79994577
Change-Id: I872ae18fb3e9631a4e6c4d773fefbba32e60a03b
Merged-In: I872ae18fb3e9631a4e6c4d773fefbba32e60a03b
