The current utilities map the higher-order bytes of ints to the
lower-order bytes of IPv4 addresses, which makes applying masks and
generating series of addresses confusing.
For example, the current utilities would convert 1.2.3.4 to 0x04030201,
or generate 0x0080ffff for a /17 subnet mask. The utilities in this CL
convert 1.2.3.4 to 0x01020304, and a /17 subnet mask is represented as
0xffff8000.
Includes tests for all the above methods and migration of
NetworkUtilsTest to JUnit4.
Test: added tests pass
Change-Id: I5f5aa2e6e3b054b66b9dc507dab64f41be9139b1
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit 2ea91aee42)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 68a7edf1cb)
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Clean cherry-pick of ag/4083952
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Iafe074126132a82af37f4bf056c4a7b8d56bdc83
Merged-In: Ia5bebf8a233775367bbf1b788870528934ecbcfb
Merged-In: I13d7782a6c0c7b1f94137995bbb0d257a58d89c1
This change forces Socket and DatagramSocket to populate the
SocketImpl, ensuring that the socket file descriptor can be
retrieved when applying Transport mode Transforms
This is done by calling getSoLinger(), triggering a getImpl(), which
triggers setImpl() if needed.
Bug: 77491294
Test: Added tests in IpSecManagerTest, ran on walleye
Change-Id: I40da08b031357710eb794e0f866aec5660c79594
Bug: 68762530
Exempt-From-Owner-Approval: OWNERS have approved, but gerrit doesn't see it
Test: runtest -x frameworks/base/tests/net/ -c android.net.NetworkCapabilitiesTest
Change-Id: Ieadef7c42634d890281543226203530fb18eb0a3
Instead of providing default truncation lengths (based on RFC or
otherwise), this change imposes a restriction that the truncation length
must be supplied for all auth or aead algorithms.
Bug: 77204048
Test: Updated tests, ran on walleye
Change-Id: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97
Usage stats corrections for 464xlat in NetworkStatsFactory are not applied
to tethered traffic. Add adjustments in NetworkStatsService. After
migrating external callers off NetworkStatsFactory, we will be able to
only apply adjustments in NetworkStatsService and remove stacked
interface tracking from NetworkStatsFactory.
Bug: 72107146
Fixes: 72107146
Test: runtest frameworks-net & manual - checked corrected network usage
Change-Id: I5ce450e616b4fddf21f2a491fe5d0c9e9f969bda
This change updates the getSocket() methods for IPsec to improve clarity
of the return types, both for public APIs, and internal-only methods.
Bug: 72473753
Test: APIs updated, CTS + unit tests ran.
Change-Id: I0afebd432c5d04c47c93daa1ce616d712aa323d7
Useful for clients such as BatteryStats which currently rely
on NetworkStatsFactory. Data at that stage is incomplete as
it does not account for tethering, VT data and corresponding
464xlat corrections.
Test: runtest frameworks-net, CTS tests pass.
Change-Id: I763b77f601c827fd2963204694fb5b45425cc791
This change adds implementation details for add/remove addresses onto a
VTI.
Bug: 73675031
Test: New tests added, passing on Walleye
Change-Id: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
Use a MATCH_MOBILE_WILDCARD template to avoid filtering by
subscriberId when querying statistics from NetworkStatsService.
Bug: 74038898
Change-Id: I4b39e7031416cb33b23d89aa36ff0f774eaa942f
Fixes: 74038898
Test: runtest frameworks-net, CTS tests pass
Follow up clean up for aosp/606338
Bug: 72828388
Test: frameworks/base/tests/net/ -c android.net.NetworkCapabilitiesTest
Change-Id: I2d2cfeb51caaa339602f7d97ffffed6e4cfad432
Add another bit mask into NetworkCapabilities class that represents
unwanted capabilities and corresponding methods to add and remove them.
Bug: 72828388
Bug: 68762530
Test: runtest -x frameworks/base/tests/net/
Change-Id: Ie291167eb74fdb696c7ee145c8cc46ea8115d6ba
testCreateTransformsWithSameConfigEqual used assertFalse rather than
assertTrue
Bug: 69385347
Test: Passing on walleye
Change-Id: I8caa26e184e8bfc3e8acc9061d85c22d27ebf448
NOT_SUSPENDED and FOREGROUND are capabilities that need to
be public so as to reach feature parity with what information
can be gotten through the use of CONNECTIVITY_ACTION and
synchronous calls to ConnectivityManager. This change makes
them public, and wires up the NOT_SUSPENDED capability.
This deprecates in effect the old onSuspended and onResumed
callbacks, but these have never been public.
This also converts the onAvailable path from a multiple
binder call design to a simpler, single binder call. This
is only for internal convenience
Test: runtest frameworks-net
Test: cts
Test: also manual testing
Change-Id: I6ea524bb361ecef0569ea2f9006c1e516378bc25
This change prevents IpSecTransforms from being inadvertently modified
by changes to the IpSecConfig. Specifically, once the transform is
created, it takes a copy of the config, rather than a reference.
Bug: 69385347
Test: New tests added, and all test passing
Change-Id: I89b8660c175ca20aa70352dcda893434ff7fd42b
Use SecureRandom instead of Random since Random is time based and can
increase the chance of generating same MAC address across multiple
devices.
createRandomUnicastAddress should randomize all bits of the address,
except for locally assigned bit and unicast bit. The previous method
that only randomizes NIC and use Google Base OUI is renamed to
createRandomUnicastAddressWithGoogleBase.
Bug: 72450936
Test: runtest frameworks-net
Change-Id: Icda650638c2c1c9fd90d509a87e86347c0e05f2d
Test: runtest frameworks-net
Test: also new specific tests for this new code
Test: also tested with VPN app
Test: also cts passing
Change-Id: If0311bae2bf99dedac959febadecf4f92f3064b8
This allows us to maintain NetworkStats entries that track
whether the traffic was on the default network.
At the moment, the stats collection code always passes in
DEFAULT_NETWORK_NO. However, this value is a no-op, since it is
not persisted to disk. Only the ident, the uid/set/tag, and the
packet/byte/operation counters are persisted.
A future change will add defaultNetwork to the ident and start
persisting it.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: Ifa291c62c0fa389b88e5561086a29dcd7cee2253
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
This patch adds to the MacAddress class:
- getAddressType() method which replaces addressType(), for naming
consistency
- @NonNull annotations on all input and output reference values for
all public methods (@hide and public).
TYPE_UNKNOWN, which currently cannot be observed with a non @hide
method, is also removed from the public api.
Bug: 71866627
Test: $ runtest frameworks-net
Change-Id: I2af70408d46f431b7b32183e6b48ddae9a261a2c
1) toSafeString() is renamed to toOuiString()
2) toOuiString() returns a String that only contains the first 3 bytes
of the mac address.
Bug: 70336442
Test: runtest frameworks-net
Change-Id: I798d8fec32dbff5687a682028e5d90eb941f81c1
Throughout the IPsec code (API, system server, netd) we use "reserve"
SPI and "allocate" SPI interchangeably. This renames to use "allocate"
everywhere for self-consistency and consistency with the kernel
(ALLOCSPI).
In javadoc, I am leaving the word "reserve" in several places because it
is still an accurate description of how the method behaves.
Bug: 69128142
Test: TreeHugger should be enough
Change-Id: I8ea603b4612303b0393beef04032671fa53d2106
