NOT_SUSPENDED and FOREGROUND are capabilities that need to
be public so as to reach feature parity with what information
can be gotten through the use of CONNECTIVITY_ACTION and
synchronous calls to ConnectivityManager. This change makes
them public, and wires up the NOT_SUSPENDED capability.
This deprecates in effect the old onSuspended and onResumed
callbacks, but these have never been public.
This also converts the onAvailable path from a multiple
binder call design to a simpler, single binder call. This
is only for internal convenience
Test: runtest frameworks-net
Test: cts
Test: also manual testing
Change-Id: I6ea524bb361ecef0569ea2f9006c1e516378bc25
Prior to this change ConnectivityManager used to patch in the UID
of the requesting app inside the NetworkCapabilities sent to it.
The rationale was that the app may not know what other apps may
use the network, so the view it should have of the network should
always say the network only applies to that app.
But this has an unfortunate side effect : apps can't match the
received network against a default NetworkCapabilities. Ostensibly
this only applies to the system because all involved calls are
@hide, but still : system code would get some NetworkCapabilities,
for example using networkCapabilitiesForType, and then try to
match the capabilities of an available network using
satisfiedByNetworkCapabilities. Because the passed network is
declared to only apply to one's own UID and the UIDs of the
NetworkCapabilities are set to null meaning "I need this network
to apply to all UIDs", the answer will be "false".
While this is WAI in a sense, it is very counter-intuitive that
code trying to match a network would be required to patch in its
own UIDs.
There are three ways of fixing this :
1. Require all apps to do the above. It's correct, but it's
cumbersome and counterintuitive. Multiple places in existing
code needs to be fixed, Tethering is an example.
2. Write the UIDs of the caller in any NetworkCapabilities object
that is created. This is not very practical, because it imposes
the converse requirement on all NetworkAgents, which would then
have to clear the UIDs before they send the capabilities to
ConnectivityService. All NetworkAgents need to be fixed.
3. Instead of sending an object with a list of one UID to apps,
send a null list. The drawback is that the networks nominally
look to apps like they apply to all apps. I argue this does
not matter ; what matters is that the UID lists do not leak.
Clients just see a null list of UIDs (and third party can't
even access them without using reflection). No other changes
are required besides this two-line patch.
This patch implements 3. I believe it is the saner approach, with
both the most intuitive behavior and the best backward compatibility
characteristics, as well as the easiest change.
This does not encroach on the future plans to make the actual
UID list available to apps with NETWORK_SETTINGS.
Test: runtest frameworks-net
Change-Id: I978d91197668119e051c24e1d04aafe1644a41cf
When switching from a validated default network to a new validated
default network (typically because of a better score),
DefaultNetworkMetrics would not reset the last validation timestamp.
This would cause the new default network to have a total recorded
validation time overcounted by the validation time of the previous
default network.
The following fix should be applied downstream for consumers of
previously recorded data:
validation_time = min validation_time, duration_time);
Test: runtest -x frameworks/base/tests/net/../IpConnectivityMetricsTest
Change-Id: I303d11023527c19435f5f5e796a0295ae3f76d9f
The shutdown method in NetworkManagementServiceTest was trying to close
the local socket on the test side, causing the NativeDaemonConnector
internal to NetworkManagementService to sometime crash due to the
output stream on NetworkManagementService side to throw on pending
reads.
The correct fix would be to shutdown the NativeDaemonConnector
inside NetworkManagementService and implement NetworkManagementService's
shutdown method, however there is no way to cleanly close a
NativeDaemonConnector.
Instead, this patch doesn't do any cleanup of the listening socket, the
test local socket, and its output stream. These objects' resources get
eventually collected by the system when the test process exits.
Test: runtest frameworks-net
Change-Id: I72c9aa43403754b55e9d23bf4f3ba8b7b4a3e10a
This change adds one KernelResourceRecord type (TunnelInterfaceRecord),
and adds methods for the creation of TunnelInterfaces, as well as the
application of Transforms to the given TunnelInterfaces
As part of the generation of ikeys/okeys, a ReserveKeyTracker manages a
java bitset to avoid collisions and reserve/release keys.
Bug: 63588681
Test: Compiles, CTS, unit tests all pass on AOSP_marlin
Change-Id: I9e9b6455e27073acd4491eae666aa966b3b10e0f
Test: this is the exact code these changes were meant to give
without conflict had the auto-merger not squashed them
together before it tried to merge them. It was tested on
master in this state.
Change-Id: I5cbde17fb6016e5e6b5d0b04c8f41858d708ef4a
* changes:
Let network requests see VPNs.
Move constants into a new file.
Make sure listen requests from VPN apps see their own networks
Add a test for new UID checking code.
Remove UID_RANGES_ADDED and REMOVED.
Move VPN allowed UIDs into NetworkCapabilities.
Pre-import to remove a conflict.
This test has been failing for a while, and we are do not have
bandwidth to fix it during the next week.
Test: make -j64 FrameworksNetTests RUN_ERROR_PRONE=true
Test: atest FrameworksNetTests:IpConnectivityMetricsTest
Test: runtest -x frameworks/base/tests/net/java/com/android/server/connectivity/IpConnectivityMetricsTest.java
Change-Id: I59d73c1773e160a726996f3ab4ad20312decc127
Merged-In: I59d73c1773e160a726996f3ab4ad20312decc127
This change adds an additional check in CheckIpsecConfig to prevent
users from using the same SPI twice. This allows for a more granular
error message.
Bug: 70642141
Test: Tests added in IpSecServiceParameterizedTest
Change-Id: I9621fb05c6b162bd8ae8db4ac1e64feaa9d0ac73
This test has been failing for a while, and we are do not have
bandwidth to fix it during the next week.
Test: make -j64 FrameworksNetTests RUN_ERROR_PRONE=true
Test: atest FrameworksNetTests:IpConnectivityMetricsTest
Test: runtest -x frameworks/base/tests/net/java/com/android/server/connectivity/IpConnectivityMetricsTest.java
Change-Id: I59d73c1773e160a726996f3ab4ad20312decc127
CreateTransportModeTransform and DeleteTransportModeTransform are both
agnostic as far as which mode of transform it creates/deletes. As such,
to facilitate the implementation of tunnel mode, this patch renames them
to CreateTransform and DeleteTransform, along with all test names.
Bug: 63588681
Test: frameworks/base unit tests and CTS tests run, passed
Change-Id: I1f015eb7ad0e85fca966658a9402485ca2b44091
* changes:
Track and persist in stats whether traffic is on the default network.
Add the default network to NetworkStats and NetworkStatsCollection.
Pass all default networks to NetworkStatsService
This change adds the defaultNetwork to the ident based on current
system networking state, and persists that value to flash.
Bug: 35142602
Test: runtest frameworks-net
Test: downloaded files using default/non-default networks while watching dumpsys netstats
Change-Id: Id8776d149b2977548a9eb455ad4926af55e25aba
This allows us to maintain NetworkStats entries that track
whether the traffic was on the default network.
At the moment, the stats collection code always passes in
DEFAULT_NETWORK_NO. However, this value is a no-op, since it is
not persisted to disk. Only the ident, the uid/set/tag, and the
packet/byte/operation counters are persisted.
A future change will add defaultNetwork to the ident and start
persisting it.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: Ifa291c62c0fa389b88e5561086a29dcd7cee2253
This will allow NetworkStatsService to treat traffic on these
networks differently from traffic where the app selects a network
that is not the default.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: I5ea9d200d9fb153490c6108bb9390bf152f297da
Added some extra comments on reference counting and moved a few methods
around. No significant logical changes made in this CL
Bug: 63409385
Test: CTS, Unit tests (both frameworks-base and netd) and binder tests
all pass
Change-Id: I89f1f4a021db48ae406fefefa6aca7406045736c
Can be used by a network to indicate when it's congested, meaning that
apps should defer network traffic that could be done at a later time.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.,com.android.server.connectivity.VpnTest,com.android.server.ConnectivityServiceTest
Bug: 64133169
Change-Id: I8a60b6f02dd0f42268b59690556c16335d34e220
Because IpSecTransforms are now unidirectional,
and because the only mechanism for removing Transforms
removes it from both directions, the API can no longer
use the Transform parameter to meaningfully validate
that the caller had applied a transform. Since that
functionality was as-yet unimplemented and is now
infeasible, the transform parameter is removed.
Bug: 72079356
Test: cts - IpSecManagerTest; runtest frameworks-net
Change-Id: If19b0d34bdc6daf31a40d6d62bff326dcbca08c0
The IpSecService Unit tests relied on the
directionality of the IpSecConfig and previously
did not specify a source address. Unit tests
updated without functional change other than to
address these two requirements.
Bug: 71717213
Test: runtest frameworks-net
Change-Id: Iedbed735bc50fd4fdfe985f9e173956062a7b0d1
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
