In Android 10 additional restrictions were required to access the
subscriberId. The NetworkStatsManager has several methods that accept
a subscriberId of the mobile network for which usage should be queried.
This commit updates the docs for these methods to reference the new
access restrictions and offer null as an option to obtain the usage
for all mobile networks.
Fixes: 157871064
Test: m docs
Change-Id: I95c730c9418fced6312eb3ba4e0d69e6299f3ded
This should no longer be needed after all the cleanups.
Test: atest NetworkStatsTest NetworkStatsFactoryTest
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I289d935f84b616ed857ef4c5a7427d57c282d00c
Merged-In: I289d935f84b616ed857ef4c5a7427d57c282d00c
This is due to the previous addition of the ip6tables raw PREROUTING
drop rules for incoming ipv6 clat traffic pre-translation to ipv4.
Since we no longer double account, we no longer need these fixups.
Test: atest bpf_module_test clatd_test libbpf_android_test libnetdbpf_test
netd_integration_test netd_unit_test netdutils_test
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia171b7797cdc99367064d0649bf1293c71579941
Merged-In: Ia171b7797cdc99367064d0649bf1293c71579941
In NetworkStatsService, mStatsLock will be held when
iterating through the provider list. This is to protect the list
from concurrent broadcast that triggered by
NetworkPolicyManagerService. This is not good since the binder
call is oneway, it does not make sense to block every
access to the providers.
This change also remove unuse variable and reduce verbose log.
Test: atest FrameworksNetTests TetheringTests
Bug: 150418178
Change-Id: If74e9f2ea597a0d5ae4668c3358bc687f342bbb5
Merged-In: If74e9f2ea597a0d5ae4668c3358bc687f342bbb5
(cherry picked from commit 5d8f96c6967d5b1a42ba374521078e75a9e6f187)
IpSecService.applyTunnelModeTransform() currently does not take an
SpiRecord instance, yet implicitly requires that the SpiRecord instance
is still alive based on the stored SpiRecord resourceId in
the TransformRecord's IpSecConfig.
This check is unnecessary, as the SpiRecord has been subsumed into the
TransformRecord, and the kernel resources are kept alive whether or
not the SpiRecord is still held by the user.
This allows users of the IpSecManager API to allocate short-lived SPIs
during the creation of an IpSecTransform, without having to keep track
of both of them (even though the SPI is no longer usable).
The TransformRecord.getSpiRecord() call is already used in
multiple other places in the same method.
Bug: 142072071
Test: New tests added, passing.
Change-Id: I1959f3080946267243564459ff4207647922566e
Merged-In: I1959f3080946267243564459ff4207647922566e
(cherry picked from commit 5258b1b82f39bf17e0751bcb94479464250aaec5)
There is a corner case which may cause the deadlock:
When NetworkStatsService tried to broadcast the intent,
NetworkStatsService was waiting for a lock which was hold by
ActivityManagerService. In the same time, ActivityManagerService
was waiting for ActiveService#startServiceInnerLocked() to get a
lock which was hold by ConnectivityService. ConnectivityService
was waiting for a lock which was hold by BatteryStatsImpl.
BatteryStatsImpl was waiting for a lock which was hold by
NetworkStatsService, and the lock was locked by
NetworkStatsService when NetworkStatsService tried to broadcast
the intent.
To prevent deadlock when broadcasting the intent in
performPollLocked(), move the intent broadcasting from
performPollLocked() to NetworkStatsHandler.
Bug: 150418178
Bug: 155155473
Test: 1. Create the second user and see if the device will
do factory reset or not.
2. Factory reset manually and see if there is a deadlock.
Change-Id: I80569cb4388beb3fd6cbf64a7885bccee8b1c53c
Merged-In: Icf88d3e7a38562ab15187f6c71bc8fb0486d37c0
(cherry picked from commit 3f8ab0350450202910ea702799570c538e96d5cd)
NetworkStats calculation needs to filter out debug entries to
prevent over counting. While NetworkStatsFactory migrates data
usage over a VPN to the TUN network, NetworkStatsFactory does
not filter out debug entries per vpn which will cause debug
entries left and cause exception.
Bug: 152678151
Test: atest com.android.server.net.NetworkStatsFactoryTest
and verify no exception
Change-Id: I3525edc385b07858b48c7add2d331c4b5a2e84ad
Merged-In: I3525edc385b07858b48c7add2d331c4b5a2e84ad
The NetworkStatsService.getUidStats() currently doesn't have any
permission check to make sure unpriviledged apps cannot read the stats
of a different uid. It will protentially have security problem since
apps with ACCESS_NETWORK_STATS permission can directly calling into
NetworkStatsService and bypass the check in TrafficStats. Move the uid
check from TrafficStats to NetworkStatsService to fix the problem.
Bug: 129151407
Test: atest AppSecurityTests#testAppFailAccessPrivateData_full
Test: atest AppSecurityTests#testAppFailAccessPrivateData_instant
Test: atest android.app.usage.cts.NetworkUsageStatsTest
Test: atest NetworkStatsBinderTest
Change-Id: Iae85676cfe5f114da69ec278afc2c904bc907234
This method is used in TrafficStats to obtain the snapshot for the
calling UID, so narrow it to only return data for that specific case.
We might be tempted to throw an exception or adjust the method
signature, but apps are using the raw AIDL in the greylist, so we
return them an empty NetworkStats if they ask about other UIDs.
Bug: 119672472
Test: manual
Change-Id: I3064630039f1d8473d6425dd663f17813a4ae3a1
In current design, Rat type change in NSS is only for default
subscription. This is only correct for single sim project.
However, it does not correct for multi-sim scenarios such as
CBRS or DSDS, given that all data usage will be attributed
to the Rat type of default sub.
Thus, add a helper class to monitor subscription change event,
and register/unregister dynamically for Rat type change for
every subscription.
Note that unit test of the helper class will be addressed
in follow-up patch.
Test: m -j
Bug: 146415925
Change-Id: I0055f6b55c209a073ce997fc7a144477f9db7069
Merged-In: I0055f6b55c209a073ce997fc7a144477f9db7069
(cherry picked from commit 306de26c138ec135846f2a74a952464cf00dce54)
In current design, entries with zeros are preserved after
addition/subtraction. These entries are not very useful
and lead to difficulty of verifying the result of
addition/subtraction.
However, change the behavior in the original NetworkStats
is considered risky in current stage.
Thus, this change provide a function that could remove these
empty entries in tests.
Test: atest FrameworksNetTests
Bug: 152827872
Bug: 150644692
Change-Id: I40a76935d55712b8083ee1e17e137a8a4ef5e029
Merged-In: I40a76935d55712b8083ee1e17e137a8a4ef5e029
(cherry picked from commit 6c7bef3064dbe949b7b213036b8e70c125ddd343)
This change makes IPsec tunnel interfaces automatically get brought up
once they are created. Originally this was considered to be an
additional safety check, as they would not be start routing traffic
until explicitly brought up. However, in the intervening time, the
NetworkManagementController now requires the NETWORK_STACK permission to
set an interface as up. Additionally, that call is a hidden API, and
thus not usable for use cases such as IWLAN.
Bug: 149348618
Test: FrameworksNetTests, CtsNetTestCases passing.
Change-Id: I55b63a748463a388e1e2991d2d5d6b3023545e60
Merged-In: I55b63a748463a388e1e2991d2d5d6b3023545e60
(cherry picked from commit 7c5704d177a903034ae1b6ae4800cc3b8457977a)
IPsec resource counts were selected to be conservative, due to unknowns
about device capabilities. Since then, it appears that we no longer need
such stringent quotas, and this can be relaxed.
Bug: 152368091
Test: FrameworksNetTest passing
Change-Id: Id53d14e5698e5fcc410868424176b00350c7ae79
Merged-In: Id53d14e5698e5fcc410868424176b00350c7ae79
(cherry picked from commit 224699fc0b485dd75e6157a88f66a53d64e5a6fd)
This CL adds a setIncludeTestInterfaces method to EthernetManager
that, when called, causes the Ethernet service to recognize and
manage test interfaces created by TestNetworkManager.
Bug: 150644681
Test: Tested by EthernetTetheringTest in same topic
Change-Id: I86eef7a93267f800dbfc8eafd307effa76a344ca
Merged-In: I86eef7a93267f800dbfc8eafd307effa76a344ca
(cherry picked from commit 3410fb0aa92bbd4f9d7dc031e89f6f528ff34245)
Note that enabling/disabling would not take effect until device
reboot. This will be addressed in follow-up patch.
Test: 1. atest NetworkStatsServieTest SettingsBackupTest
2. adb shell settings put global netstats_combine_subtype_enabled 1|0
Bug: 146415925
Change-Id: Ic94da540afa479ed18f1b6fbda4ae3216c37476b
Merged-In: Ic94da540afa479ed18f1b6fbda4ae3216c37476b
(cherry picked from commit c4f77ac90bf2e48a655ad19b162fe74a23bf3fb0)
Switch on the recording in device side. Metrics will be
collected in follow-up patches which can be independently
enabled/disabled.
This change also fix the fail in NetworkStatsCollectionTest
which caused by enabling this feature, where the rounding
problem happened when records are distributed into smaller
buckets and categorized into more NetworkIdentity.
Test: atest FrameworksNetTests
Bug: 129082217
Change-Id: If330e85330a4ff713dd420c98d42fa741eabd90a
Merged-In: If330e85330a4ff713dd420c98d42fa741eabd90a
(cherry picked from commit 2d4fa2c0fae8c2d79a25093d9f732a33c2f91dd4)
Add a NetworkTemplate build function that allows user to specify
subType. NetworkStats corresponding to the same group would
be retrieved.
Test: atest FrameworksNetTests
Bug: 129082217
Change-Id: Ie2d229be0b6bd239f799989c070475c73a096d71
Merged-In: Ie2d229be0b6bd239f799989c070475c73a096d71
(cherry picked from commit e19045cc4ab1f2cd133ce5dc0c3a38e3275417ad)
Previously network stats could be recorded by different rat type.
However, the feature was disabled by ag/173504 since rat type
frequently flapping between HSPA+ and UMTS.
Given that this feature might be useful for collecting metrics,
re-implement it based on current architecture and reduce the
overhead introduced by frequently flapping by:
1. only react when rat type changes between 2G/3G/4G/5G.
2. reduce the number of records by only recording a subset
of rat type that represented for a given network class.
3. enforce 1 second rate limit if flapping too much.
Note that the feature is still disabled but will be enabled
in follow-up patches.
Test: manual test
Bug: 129082217
Change-Id: Ic6b2f10f2c8b082820e0662eb9cee70d70d28cd6
Merged-In: Ic6b2f10f2c8b082820e0662eb9cee70d70d28cd6
(cherry picked from commit 15ab452e7e3f00289fbedbdb86c512ad560dda7e)
Currently, in NetworkStats, there are many methods to manipulate
the records. However, some methods are similar and ambiguous,
such as addEntry, addValues, setValues, addIfaceValues,
combineValues and combineAllValues.
Thus, properly grouping and renaming methods are necessary.
In this change, for methods that add one record conditionally,
name them addEntry.
addValues -> addEntry
Test: atest FrameworksNetTests ImsPhoneCallTrackerTest TetheringTests
Fix: 148895143
Change-Id: I9495a198cf247e6c79100f7ac1edcea370b071de
Currently, in NetworkStats, there are many methods to manipulate
the records. However, some methods are similar and ambiguous,
such as addEntry, addValues, setValues, addIfaceValues,
combineValues and combineAllValues.
Thus, properly grouping and renaming methods are necessary.
In this change, for methods that add one record unconditionally,
name them insertEntry.
setIfaceValues -> insertEntry
addEntry -> insertEntry
Test: atest FrameworksNetTests ImsPhoneCallTrackerTest TetheringTests
Test: m doc-comment-check-docs
Bug: 148895143
Change-Id: I801ddc49e283a254b9586700c9b597c0adb0d459
Merged-In: I801ddc49e283a254b9586700c9b597c0adb0d459
(cherry picked from aosp/1256352)
