Clean cherry-pick of ag/3580901
Bug: 72871435
Test: flashed and verified, also ran runtest framework-net
Merged-In: I177eff1237dd59514ccf91397a3d307148bc37b1
Change-Id: Ic5919a32f91f7baee5f1370703ad166e6ea52b58
NTP may be necessary in order to validate Private DNS certificates,
so it should be allowed to bypass Private DNS.
Test: as follows
- built, flashed, booted
- tcpdump for port 53; adb shell am restart
queries for the NTP hostname appear in the clear
- runtest frameworks-net passes
Bug: 64133961
Bug: 80118648
Merged-In: I4655e3ce5691098c73bf070b8a9e4759485bb17a
Merged-In: I327b816a9f472e94328232157a3b8887d17b0baf
Change-Id: Id9ceb3fcaaffb48cbbd4cd381d48cae991572c9e
(cherry picked from commit e0f762ec65)
The probes allow testing for a configurable status code and location
header (regexes). They are disabled by default, so this CL is a
no-op unless the probe configurations are pushed.
Bug: b/79499239
Test: tests in CL pass, manual: captive portal login works
Merged-In: Iec7a74bbf2569a91e958c497200d77e8451cbf7b
Merged-In: Ia958815325d1466345e9626efc8f62fc9d08d774
(clean cherry-pick of pi-dev I785723aaed06054b9aa8ebff77803f23d7836db9)
Change-Id: I18b3f263fed08fa4fee20d5e88f3ec8647d7f835
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Merged-In: Ia48b32307a51a66f2672d7112f71166dd6db41b1
Merged-In: I5df7ee9f16bc6be4f02353d40a843a383dd4cbd9
(Clean cherry-pick of pi-dev I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299)
Change-Id: I3c416c1a91ebfdf914fd528ff8ab73e3eb490562
ApfFilter maintains separate counters for each reason why a packet was
passed or dropped by the filter logic.
There's also a total which should match the individual counters,
*unless* the APF interpreter aborted execution early due to an illegal
instruction or an out-of-bounds access.
Test: both on APFv2 and APFv4-capable device:
runtest -x tests/net/java/android/net/ip/IpClientTest.java
runtest -x tests/net/java/android/net/apf/ApfTest.java
manual tests connected to an AP
Bug: 73804303
Change-Id: I54b17fcbb95dfaea5db975d282314ce73d79d6ec
Merged-In: I54b17fcbb95dfaea5db975d282314ce73d79d6ec
(cherry picked from commit e53225a4ff)
Support keeping IpClient logs around and dumping them
during dumpsys. Previously we got this benefit for
wifi by virtue of WifiStateMachine's long-lived nature.
Now that this is changing we need to be sure we have
logs, and this method gets us Ethernet logs as well.
Bug: 62476366
Bug: 77999594
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net passes
- dumpsys connmetrics [ipclient] works
Merged-In: Ib4daf0902cae91acadbe9965de1fb73c96a47bec
Merged-In: Ie947394fabcaca7fc1d067f095c2442ee2704593
Change-Id: I1136a83de8097fdb4130debe1eaf689be7132fe5
(cherry picked from commit 0613af7a7f)
noteOp (introduced in go/ag/3897834) checks that the calling uid matches
the calling package, which is not correct when using a fake calling
package. Use the real package of the test so permissions are checked
properly.
The test currently only fails this way in pi-dev as noteOp is only used
in pi-dev.
Change-Id: I9ac3717af9335ba9efa0b8842a2df0d7b69ec9ab
Test: Fixed test now passes in pi-dev
Bug: b/78487385
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
Relies on events sent from netd in aosp/578162.
Test: Added tests to ConnectivityServiceTest. Added a new test
class DnsManagerTest. Built a simple app that appears to
receive onLinkProperties events correctly upon manual changes
to the private DNS settings on a Pixel.
Bug: 71828272
Change-Id: I68665aaf74b7d59182cc6f9586b80b55b0dfe427
Moves this out of ConnectivityService and into each NetworkMonitor
(where it's more self-contained).
Test: as follows
- builds, flashes, boots
- runtest frameworks-net passes
- manual testing with working and non-working hostnames behaves
somewhat (but not entirely) as expected, and not always quickly
Bug: 64133961
Bug: 72345192
Bug: 73872000
Bug: 77140445
Change-Id: Ic4322af3cb49149f2d975cb31f54b2ac7927f907
This change forces Socket and DatagramSocket to populate the
SocketImpl, ensuring that the socket file descriptor can be
retrieved when applying Transport mode Transforms
This is done by calling getSoLinger(), triggering a getImpl(), which
triggers setImpl() if needed.
Bug: 77491294
Test: Added tests in IpSecManagerTest, ran on walleye
Change-Id: I40da08b031357710eb794e0f866aec5660c79594
This change comprises the following parts:
[1] android.net.dns.ResolvUtil, containing methods that encapsulate the
use of the high bit in netids used in DNS resolution contexts.
[2] Updates to captive portal apps to call the ResolvUtil method that
enables DNS-over-TLS bypass for the captive portal app process.
Test: as follows
- builds
- flashes
- boots
- runtest frameworks-net passes
Bug: 64133961
Bug: 72345192
Change-Id: I2072c1f68d6978fa0d7e9d8693135a2c51bb0f87
Tethering currently wants access to complex isTetheringSupported
logic that is only available in ConnectivityService. Instead of
trying to access that via ConnectivityManager, pass this capability
in to Tethering directly, in the TetheringDependencies object.
Also:
- ConnectivityManager is only a source of static constants now,
so "import static" all the constants that are actually used.
Test: as follows
- built
- flashed
- booted
- runtest frameworks-net works
- manual USB towards WiFi tethering works
Bug: 68951715
Change-Id: Ia64faaadefb4a5d84a50da98bdebd544b6fda101
Bug: 68762530
Exempt-From-Owner-Approval: OWNERS have approved, but gerrit doesn't see it
Test: runtest -x frameworks/base/tests/net/ -c android.net.NetworkCapabilitiesTest
Change-Id: Ieadef7c42634d890281543226203530fb18eb0a3
In evaluating whether "most" of the addressing space is
covered, the list of routes are obtained from a third-party
app, so it's possbile the system service stalls unless
some limit is enforced on how much work it has to do.
This change limits the number of routes to 400, as determined
by time measurement on various devices.
Bug: 74176086
Test: runtest framework-net
Change-Id: Ie4a96098bc044ade87b188839586f14dd101c100
Instead of providing default truncation lengths (based on RFC or
otherwise), this change imposes a restriction that the truncation length
must be supplied for all auth or aead algorithms.
Bug: 77204048
Test: Updated tests, ran on walleye
Change-Id: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97
Usage stats corrections for 464xlat in NetworkStatsFactory are not applied
to tethered traffic. Add adjustments in NetworkStatsService. After
migrating external callers off NetworkStatsFactory, we will be able to
only apply adjustments in NetworkStatsService and remove stacked
interface tracking from NetworkStatsFactory.
Bug: 72107146
Fixes: 72107146
Test: runtest frameworks-net & manual - checked corrected network usage
Change-Id: I5ce450e616b4fddf21f2a491fe5d0c9e9f969bda
This change updates the getSocket() methods for IPsec to improve clarity
of the return types, both for public APIs, and internal-only methods.
Bug: 72473753
Test: APIs updated, CTS + unit tests ran.
Change-Id: I0afebd432c5d04c47c93daa1ce616d712aa323d7
This will let ConnectivityService send the right callbacks to the
relevant apps.
Test: manual with apps
runtest frameworks-net
cts
new tests for this functionality
Bug: 67408339
Change-Id: I6f08efd9e73c7e191f833d7f307a3bf4c9e2f0b4
Useful for clients such as BatteryStats which currently rely
on NetworkStatsFactory. Data at that stage is incomplete as
it does not account for tethering, VT data and corresponding
464xlat corrections.
Test: runtest frameworks-net, CTS tests pass.
Change-Id: I763b77f601c827fd2963204694fb5b45425cc791
Bug: 73217368
Test: manual
Using Datally on work profile. Before this, enabling the VPN
does not show the key icon. After this it does.
Change-Id: I454eb8f3881a48af1b0187c2b14a2a399d3c2445
The owned by transform flag prevents the removal
of an SPI from accidentally deleting an associated
SA in the kernel. That flag wasn't actually being
checked, so deleting an SPI would result in the
transform being removed.
The existing code already guarantees that the SA is
deleted when the transform is deleted
Bug: 73258845
Test: runtest frameworks-net
Change-Id: I4c26aea7af817a5d9e54da5db1cdf4f943bcae06
