Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.
Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Merged-In: Ia9a5cfee9c7786412846bc039f326420f6211c08
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
(cherry picked from commit bf013a3820c69348e034c6340b28e95f3441ebe8)
-Add anotations to usages of PolicyDirection for
apply...() methods.
-Update the comments on DIRECTION_IN and DIRECTION_OUT
to better reflect their current usage.
-Add a better explanation to the rekey procedure doc.
-Remove disused createTunnelInterface() stub.
Bug: 73751066
Test: make docs
Merged-In: I9f2ec864466148a18899f1e952c74a525902ccbc
Change-Id: I9f2ec864466148a18899f1e952c74a525902ccbc
(cherry picked from commit f4cdf25a906d0f52ffd76508d660b843b13b3ff8)
When a single app is responsible for more than half of the data usage
that caused us to trigger a "rapid usage" alert, name that app in the
notification. Tests to verify.
Move NPMS->NSS direct calls to "Internal" pattern, following
best-practices to avoid unnecessary AIDL exposure.
Remove 3G/4G split mobile plan support, which has been deprecated for
years and was never supported in a shipping product.
Move MultipathPolicyTracker in tree to reflect its package name.
Test: bit FrameworksNetTests:*
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Bug: 69263587, 64221505, 73431080, 72746951
Exempt-From-Owner-Approval: approved in previous PS
Change-Id: I3e4ec1ae2222d51b232f76f32faca93d4f8cd272
We've seen system code continue to ask about network statistics
during a shutdown, so keep our objects around to avoid crashing
with NPEs.
Test: builds, boots
Bug: 73323432
Change-Id: I2654d37a59eb830ff32a2151ae6ad6a999a41677
Now that we have a nice Clock abstraction, we can use it to represent
a clock backed by an NTP fix. (This makes testing logic much easier
to write.)
We now rely completely on NetworkTimeUpdateService to keep our NTP
fix up to date, instead of trying to refresh in the middle of
critical paths which could trigger random ANRs.
Add internal FallbackClock to make it easier to handle missing NTP
fixes. Add internal SimpleClock to let implementers focus on single
millis() method.
Test: bit FrameworksNetTests:com.android.server.net.NetworkStatsServiceTest
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Bug: 69714690, 72320957
Change-Id: Ic32cdcbe093d08b73b0e4b23d6910b23ea8e1968
Exempt-From-Owner-Approval: approved in previous PS
This change prevents IpSecTransforms from being inadvertently modified
by changes to the IpSecConfig. Specifically, once the transform is
created, it takes a copy of the config, rather than a reference.
Bug: 69385347
Test: New tests added, and all test passing
Change-Id: I89b8660c175ca20aa70352dcda893434ff7fd42b
We're already trying to protect against zero elsewhere in this file,
but we've seen evidence of it still happening, so add last-ditch
protections.
Test: builds, boots
Bug: 73060623
Change-Id: I0549ed08f906521a8dbd9ff6162f80fa9b388434
At least until further permissions are agreed upon,
the NETWORK_STACK permission is sufficient to ensure
that access to the tunnel mode APIs is secure, and
this permission will always be a sufficient condition.
Thus, adding NETWORK_STACK.
Bug: 66955045
Test: compilation
Change-Id: I2dc36896a52d2e71fad55041507d68ca91191ffc
Add @GuardedBy for simple functions that require a single lock
and are named XYZLocked.
Derived by errorprone.
Bug: 73000847
Test: m
Test: m javac-check-framework RUN_ERROR_PRONE=true
Change-Id: I6993325b11c71a4ec27c21935fb54a954d95455f
This change makes sure tunnel mode transforms are properly activated
upon construction, and corrects bugs with how policy selectors were being
generated for tunnel mode policies. Specifically, the source/destination could
not be empty strings, even for cases where an empty selector was desired.
Bug: 72457770
Test: GTS tests run
Change-Id: I9a9f64c34b07883a02a5c996614f958486d214fc
The current implementation of getMobileRxBytes and all the similiar
method adds up the return values for multiple calls to getRxBytes so if
all of them return UNSUPPORTED for any reason, getMobileRxBytes() would
return a value such as -3. This behavior is not compliance with the cts
TrafficStatsTest which always assume getMobileRxBytes to return a
non-negetive value. The method now will check tha stats get from
getRxBytes method and add them up only if the stats is valid.
Bug: 72473294
Test: run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
Change-Id: I656970ebc8f6506cf17c4353ad46c0178bb65cfd
- add Ethernet interface configurations to config.xml; no vendors can
specify network capabilities (in particular they can mark network as
restricted which make sense for embedded applications + static IP
configuration)
- extend EthernetManager to support multiple interfaces, use interface
name as an identificator
- extend IpConfigStore to store IP configuration based on string
identifier (e.g. ethernet name)
Test: runtest -x frameworks/base/services/tests/servicestests/ -c com.android.server.net.IpConfigStoreTest
Change-Id: Ic1e70003f2380ca8edb4469d6b34e27c5e8cf059
The lifecycle of Keepalive offloading is, unfortunately
different from that of an IpSecTransform. Because starting
a keepalive is fundamentally asynchronous, and isn't valid
until after a transform exists, it will now be a separate
optional procedure that may succeed or fail. It remains
linked with a Transform by the need for a Transform to exist
in order to initiate a Keepalive.
Bug: 38350389
Test: compilation
Change-Id: Ia76fccee41f86d694dff436043293d0c0762c041
This change adds one KernelResourceRecord type (TunnelInterfaceRecord),
and adds methods for the creation of TunnelInterfaces, as well as the
application of Transforms to the given TunnelInterfaces
As part of the generation of ikeys/okeys, a ReserveKeyTracker manages a
java bitset to avoid collisions and reserve/release keys.
Bug: 63588681
Test: Compiles, CTS, unit tests all pass on AOSP_marlin
Change-Id: I9e9b6455e27073acd4491eae666aa966b3b10e0f
Simple change to expose systemAPI for applyTunnelModeTransform
Bug: 36033193
Test: All CTS, unit tests passing
Change-Id: I2d857c048bc0dc80c3949387f946b1f5adf0527e
