For 464xlat scenarios on IPv6 networks, the clatd interface setup
introduces double counting of apps ipv4 traffic. NetworkStatsFactory was
accounting for this on the tx path, but not on the rx path. Also it did
not accounted for the 20 bytes added by the IPv6 header.
This patch subtract correctly the rx and tx traffic from the root uid on
the underlying interface, and also adds correctly the 20 bytes cost per
packet on the stacked interface for 464xlat traffic.
Test: added several new unit tests, based on synthetic data and real
data also.
Bug: 33681750
Change-Id: I2675643b220acbc6110179fa937d4c313b6f5e32
This patch adds test coverage for NsdManager#registerService() and
NsdManager#unregisterService(). This test shows a potential defect in
the api: if unregisterService() fails, the associated listener is always
unregistered from NsdManager. If the service initially registered is
still registered, this potentially make it impossible to unregister.
Test: added new unit test
Bug: 37013369, 33298084
Change-Id: Ia089b6d2f2a349907a8b29d9a3acd7f59e177887
These classes, originally planned to be part of the
public API, are not ready for public consumption.
They are planned to be un-hidden in a future release.
Bug: 37681043
Test: make update-api and make
Change-Id: I8caccd3f8455341cb56a2256354eacbadedff047
This prepares some refactoring and the addition of a timeout to
resolveService.
Test: new tests pass
Bug: 37013369, 33298084
Change-Id: Ie8277bd5983278507bfa70495b4ce7d13895b24b
These methods do not currently work for IPv4 sockets,
so they need to be hidden until the underlying kernel
code can be made to work properly in a dual-stack
environment.
Bug: 36073210
Test: compilation
Change-Id: Idce367f638a42da374a7f1dc5ebb8931c9555e06
Because there is no way using the Java sockets API to actually
get a socket of AF_INET on mode machines, it is necessary to
provide a way to apply transforms to sockets made using the
native wrapper API, which uses POSIX APIs and will create a
socket that is AF_INET.
Bug: 36073210
Test: b/34811227
Change-Id: I28ac7cc4f36045ce523a54111e5be975b0331356
-Add a reserveSecurityParamterIndex() function that allows the
system to select an SPI.
-Disallow INVALID_SECURITY_PARAMETER_INDEX from being passed as
an explicit SPI request.
-Remove the ALGO_ prefix from constants in IpSecAlgorithm
Bug: 36073210
Test: Updated CTS tests still pass on bullhead
Change-Id: Ic94809996076b0718f153f550b82192fe7048a2e
This patch adds basic logging to NsdManager and NsdService, and improves
the facilities for pretty printing the event ids defined in NsdManager.
It also includes a few minor cleanups:
- adding 'final' on effectively final instance variables of NsdManager
and NsdService.
- similarly, adding 'static' on effectively static class fields.
- regrouping instance variables together.
Test: no functional changes
Bug: 33074219
Change-Id: I360d539e73cc8e4b45d4e0d20b2e345455fdb10c
-Plumb IpSecManager APIs to NetD
-Add Resource Management to IpSecService
Bug: 33695893
Test: CTS verifies nearly all of these paths
Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920
-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 34811227
Test: Service boots (and dumpsys works), more via b/34811227
Merged-In: I4cdcb643421141202f77a0e2f87a37012de0cd92
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
This CL adds an API to set up an IPSec Security Association
and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation
of IP Packets.
Bug: 30984788
Bug: 34811752
Test: 34812052, 34811227
Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a
Dependent on ag/1550196 where API is defined.
Bug: 31015360
Bug: 26545374
Test: runtest --path
frameworks/base/core/tests/coretests/src/android/net/NetworkStatsTest.java,
other test classes.
(cherry picked from commit 357f8fabc8)
Change-Id: I46da93ba4afa968facf98f7c3d844fd0c469095a
This is a continuation of b/26545374, since now we can also set the
metered bit with NetworkScorer. The tracking of metered state changes
will be implemented in a seperate CL.
Bug: 31015360
Bug: 26545374
Test: N/A
(cherry picked from commit ed7fcb4d26)
Change-Id: I6a2fcc8577d62daa8823dff9e0128a5cf39ede7b
Properly account for VPN apps that make heavy use of the tun
interface. Prior to this change a VPN app could be incorrectly charged
for more data than it actually used if it sent more traffic through
the tun interface than the underlying interface.
This change excludes VPN app traffic on the tun interface from the
adjustment pool and doesn't redistribute traffic to the VPN app.
Instead all of the redistributed traffic is deducted from the VPN app
which effectively represents any overhead incurred by the VPN app.
BUG: 30557871
(cherry picked from commit 12255e3655)
Change-Id: I06f01aa8fe5fdc06b2d36cfb9c68feb244c2e5de
Define some constants for early use in AOSP code.
Test: builds, boots, all common traffic tagged
Bug: 30943431
Change-Id: Ia58a8933bccfddbc027afb78c63ae65bd71ce562
When the mobile network is not active, querying the network
information might trigger the misleading debug messages. Added
some condition checks to prevent this.
bug: 30850733
Change-Id: Ice6d548a56f98bac7fe2ca6a06148350b505533d
- Throwing SecurityExceptionand and IllegalArgumentException instead of null for new APIs
- removing @removed APIs
Bug:27530098,27379882
Change-Id: Ifbe65bfc5051aa33aff2baa22cfa8e67b0f7c358
Callbacks
- DataUsageCallback renamed to UsageCallback
- DataUsagePolicy removed; passing in params directly to register method
- making it an abstract class
- passing in (networkType, subscriberId) that reached its threshold
- renaming onLimitReached to onThresholdReached to match existing naming
- only monitor single network,subscriberId
- no monitoring of specific uids; using device or user wide instead
Tags
- only owner uid can read its tags
- exposing only TAG_NONE to match service side
BUG: 27530098
Change-Id: I2b2664da71806868a1e937d2bf4d1f234637509b
Which owns the native UidRange.cpp, so it makes more sense for the
declaration to live there since frameworks/base depends on netd but not
vice versa.
Bug: 26694104
Change-Id: I0efda77713ee6f0ec8070fb0e09a694b95f6cd25
Added not_metered capability to a mobile network if none
of its associated APN types are metered. Also used not_metered
capability to determine if a network should be accounted for
data usage or not instead of using network type, which is
always MOBILE after refactoring. Will add VT usage support
in next phase.
bug: 20888836
Change-Id: Id692cb856be9a47d0e918371112630128965b1bb
Granular per-UID network statistics can be used to infer user
behavior over time, so they fall under the umbrella of the
PACKAGE_USAGE_STATS permission.
Since we can't check app-ops based permissions in the kernel, the
best we can do is redirect users to the NetworkStatsManager class,
which offers a much more robust historical data set.
Bug: 27577101
Change-Id: I696bdc5e0b3d7e24acf35f388d0ab13617ed8af3
Apps making calls into the system server may end up persisting
internal state or making security decisions based on the perceived
success or failure of a call, or the default values returned.
The reality is that if the system process just died, init will be
along shortly to kill all running apps, so we should have no problem
rethrowing the RemoteException as a RuntimeException.
Bug: 27364859
Change-Id: Ife0bcb079636c88d54c44d17eb580409fd79028b
Similar to first patch, but now using new "rethrowFromSystemServer()"
method which internally translates DeadObjectException into
DeadSystemException. New logic over in Log.printlns() now
suppresses the DeadSystemException stack traces, since they're
misleading and just added pressure to the precious log buffer space.
Add some extra RuntimeInit checks to suppress logging-about-logging
when the system server is dead.
Bug: 27364859
Change-Id: I05316b3e8e42416b30a56a76c09cd3113a018123
NetworkStatsService will register data usage requests
and keep data usage stats scoped to the request.
There are different types of data usage requests
- scoped to a set of NetworkTemplate; these are restrictred to
device owners and carrier apps and allow the caller to monitor
all activity on the specified interfaces.
- scoped to all uids visible to the user, if the user has
android.Manifest.permission#PACKAGE_USAGE_STATS permission.
The set of uids may change over time, so we keep track of that.
- scoped to a set of uids given by the caller, granted that
the caller has access to those uids.
- scoped to the caller's own data usage. This doesn't require
PACKAGE_USAGE_STATS.
Bug: 25812785
Change-Id: Ie11f35fc1f29d0dbe82f7fc924b169bb55c76708
Allow holders of android.Manifest.permission#PACKAGE_USAGE_STATS
to be notified when data usage has exceeded a given threshold.
This allows an app to update its data usage metrics without
polling.
Bug: 25812785
Change-Id: I3a4904a97f3c7fbaf8071b460f9ee6ca9c1ba4ed
Network tags could be set since ICS but was not exposed
through the SDK. This CL extends existing functionality
of NetworkStatsManager to return network tags.
Bug: 25813338
Change-Id: I414b98193249ba88a3f2d64cb2e0d2633f64fa3f
Apps with PACKAGE_USAGE_STATS app op or READ_NETWORK_USAGE_HISTORY
granted can query the summarized device data usage (but not individual
uids running in other users or profiles).
Bug:26677052
Change-Id: Id51631638f338a8cf48172c9b41746228a335084
Whether a network is deemed roaming or not was already being tracked
as part of the NetworkIdentitySet, so the underlying data store
already tracks roaming and native data separately. However, this data
was being aggregated together in NetworkStatsCollection#getSummary,
since the NetworkIdentitySet is converted to an iface name for the
purposes of matching, and the iface name will be identical whether or
not the iface is considered roaming. Now it is separated.
Also fixes a long-standing bug in NetworkIdentitySet where an identity
read from a saved file would always be considered roaming == false,
even if it wasn't at the time it was written.
Bug: 25813438
Change-Id: I11ab5b51182ed8da7af8fde468df065f9fdc3dad
These are analagous to the state buckets for tracking whether usage is
incurred while the app is in the foreground or background. We will
additionally track whether data usage is incurred over a metered or
unmetered network, and whether it is incurred over a roaming or native
network.
The APIs are not implemented in this CL; the existing buckets are
still returned with METERING_ALL and ROAMING_ALL to indicate that this
is not yet being tracked.
Bug: 25813438
Bug: 25813958
Change-Id: I76dd3dd063ed28ef5579ca3a978570532e7836bc
Currently, access to network usage history and statistics requires a
signature|privileged permission, an AppOps bit (associated with the
PACKAGE_USAGE_STATS permission), or device/profile ownership. Once
access is granted via one of these mechanisms, it generally applies to
any UID running in the same user as the caller.
This CL expands access as follows:
-Any app can access its own usage history with no extra requirements.
-Carrier-privileged applications can access usage history for the
entire device.
-Device owners can access per-UID breakdowns for usage. Previously
they could access the summary for the whole device, but not the
individual breakdowns.
We simplify the permission model by defining three access levels -
DEFAULT (own app only), USER (all apps in the same user), and DEVICE
(all apps on the device), and propagate these levels throughout.
Finally, this CL fixes an apparent bug in
NetworkStatsSerice#hasAppOpsPermissions - if the AppOp bit was in
MODE_DEFAULT, hasAppOpsPermission would always return false instead of
falling back to the PackageManager permission check.
Bug: 25812859
Bug: 25813856
Change-Id: Ic96e0776e2a4215a400163872acea1ededfaced9
