-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
(cherry picked from commit 48b566557d5a66d4476008b3c59b815eb78cb373)
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
(cherry picked from commit c4f879925b58b1b5ca9a3cfdc898c20cbf56355a)
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 30984788
Test: b/34812052, b/34811227
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
(cherry picked from commit 28084d89ec136b56f5012be33a0dea147962f9f6)
This patch adds basic logging to NsdManager and NsdService, and improves
the facilities for pretty printing the event ids defined in NsdManager.
It also includes a few minor cleanups:
- adding 'final' on effectively final instance variables of NsdManager
and NsdService.
- similarly, adding 'static' on effectively static class fields.
- regrouping instance variables together.
Test: no functional changes
Bug: 33074219
Change-Id: I360d539e73cc8e4b45d4e0d20b2e345455fdb10c
-Plumb IpSecManager APIs to NetD
-Add Resource Management to IpSecService
Bug: 33695893
Test: CTS verifies nearly all of these paths
Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920
-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 34811227
Test: Service boots (and dumpsys works), more via b/34811227
Merged-In: I4cdcb643421141202f77a0e2f87a37012de0cd92
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
This CL adds an API to set up an IPSec Security Association
and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation
of IP Packets.
Bug: 30984788
Bug: 34811752
Test: 34812052, 34811227
Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a
Network usage is tracked by the kernel at the UID level, which is
granular enough for normal apps, but large components (such as the
system server) are impossible to debug without adding additional
socket tagging to help identify subsystems within a UID.
To help ensure that system components tag all their network traffic,
this change offers a new StrictMode option to detect and report
untagged sockets.
Test: builds, boots, all common traffic tagged
Bug: 30943431, 30414041
Change-Id: I825c7941076054732264690247de2863342638e2
Dependent on ag/1550196 where API is defined.
Bug: 31015360
Bug: 26545374
Test: runtest --path
frameworks/base/core/tests/coretests/src/android/net/NetworkStatsTest.java,
other test classes.
(cherry picked from commit 357f8fabc8)
Change-Id: I46da93ba4afa968facf98f7c3d844fd0c469095a
This is a continuation of b/26545374, since now we can also set the
metered bit with NetworkScorer. The tracking of metered state changes
will be implemented in a seperate CL.
Bug: 31015360
Bug: 26545374
Test: N/A
(cherry picked from commit ed7fcb4d26)
Change-Id: I6a2fcc8577d62daa8823dff9e0128a5cf39ede7b
Properly account for VPN apps that make heavy use of the tun
interface. Prior to this change a VPN app could be incorrectly charged
for more data than it actually used if it sent more traffic through
the tun interface than the underlying interface.
This change excludes VPN app traffic on the tun interface from the
adjustment pool and doesn't redistribute traffic to the VPN app.
Instead all of the redistributed traffic is deducted from the VPN app
which effectively represents any overhead incurred by the VPN app.
BUG: 30557871
(cherry picked from commit 12255e3655)
Change-Id: I06f01aa8fe5fdc06b2d36cfb9c68feb244c2e5de
Define some constants for early use in AOSP code.
Test: builds, boots, all common traffic tagged
Bug: 30943431
Change-Id: Ia58a8933bccfddbc027afb78c63ae65bd71ce562
Dependent on ag/1550196 where API is defined.
Bug: 31015360
Bug: 26545374
Test: runtest --path
frameworks/base/core/tests/coretests/src/android/net/NetworkStatsTest.java,
other test classes.
Change-Id: I968b9e3352d7880e3fc438f12de628a2da057e0a
This is a continuation of b/26545374, since now we can also set the
metered bit with NetworkScorer. The tracking of metered state changes
will be implemented in a seperate CL.
Bug: 31015360
Bug: 26545374
Test: N/A
Change-Id: I0eccd10c0316357abb03af4d9cf0c4191a66abfb
Properly account for VPN apps that make heavy use of the tun
interface. Prior to this change a VPN app could be incorrectly charged
for more data than it actually used if it sent more traffic through
the tun interface than the underlying interface.
This change excludes VPN app traffic on the tun interface from the
adjustment pool and doesn't redistribute traffic to the VPN app.
Instead all of the redistributed traffic is deducted from the VPN app
which effectively represents any overhead incurred by the VPN app.
BUG: 30557871
Change-Id: I62a75a0c0c0111e052b7903baa9f5d6d94ef57fd
When the mobile network is not active, querying the network
information might trigger the misleading debug messages. Added
some condition checks to prevent this.
bug: 30850733
Change-Id: Ice6d548a56f98bac7fe2ca6a06148350b505533d
Properly account for VPN apps that make heavy use of the tun
interface. Prior to this change a VPN app could be incorrectly charged
for more data than it actually used if it sent more traffic through
the tun interface than the underlying interface.
This change excludes VPN app traffic on the tun interface from the
adjustment pool and doesn't redistribute traffic to the VPN app.
Instead all of the redistributed traffic is deducted from the VPN app
which effectively represents any overhead incurred by the VPN app.
BUG: 30557871
Change-Id: I62a75a0c0c0111e052b7903baa9f5d6d94ef57fd
When fetching system services early during boot, if the underlying
binder interface hasn't been published yet, we end up caching a
manager class that is broken for the remainder of the process
lifetime, and innocent downstream callers end up using the broken
cached manager.
Fix this by using an explicit exception to quickly abort manager
creation when the underlying binder is missing. The exception is
only used to skip the remainder of the manager creation, and it
doesn't actually crash the process.
Bug: 28634953
Change-Id: I0cb62261e6d6833660704b93a11185aa11a2ac97
- Throwing SecurityExceptionand and IllegalArgumentException instead of null for new APIs
- removing @removed APIs
Bug:27530098,27379882
Change-Id: Ifbe65bfc5051aa33aff2baa22cfa8e67b0f7c358
am: 8b2dd44f2f
* commit '8b2dd44f2f30a9dd22799ee30dd4b9c5a093aae5':
Addressing API council comments on NetworkStatsManager.
Change-Id: Ie6455799758f0bdb67440f72c266effaf412e22f
Callbacks
- DataUsageCallback renamed to UsageCallback
- DataUsagePolicy removed; passing in params directly to register method
- making it an abstract class
- passing in (networkType, subscriberId) that reached its threshold
- renaming onLimitReached to onThresholdReached to match existing naming
- only monitor single network,subscriberId
- no monitoring of specific uids; using device or user wide instead
Tags
- only owner uid can read its tags
- exposing only TAG_NONE to match service side
BUG: 27530098
Change-Id: I2b2664da71806868a1e937d2bf4d1f234637509b
Which owns the native UidRange.cpp, so it makes more sense for the
declaration to live there since frameworks/base depends on netd but not
vice versa.
Bug: 26694104
Change-Id: I0efda77713ee6f0ec8070fb0e09a694b95f6cd25
Added not_metered capability to a mobile network if none
of its associated APN types are metered. Also used not_metered
capability to determine if a network should be accounted for
data usage or not instead of using network type, which is
always MOBILE after refactoring. Will add VT usage support
in next phase.
bug: 20888836
Change-Id: Id692cb856be9a47d0e918371112630128965b1bb
