This change adds one KernelResourceRecord type (TunnelInterfaceRecord),
and adds methods for the creation of TunnelInterfaces, as well as the
application of Transforms to the given TunnelInterfaces
As part of the generation of ikeys/okeys, a ReserveKeyTracker manages a
java bitset to avoid collisions and reserve/release keys.
Bug: 63588681
Test: Compiles, CTS, unit tests all pass on AOSP_marlin
Change-Id: I9e9b6455e27073acd4491eae666aa966b3b10e0f
Simple change to expose systemAPI for applyTunnelModeTransform
Bug: 36033193
Test: All CTS, unit tests passing
Change-Id: I2d857c048bc0dc80c3949387f946b1f5adf0527e
Currently, NetworkStatsManager queries and callbacks only allow
selecting network traffic based on network identifiers:
networkType, subscriptionId and networkId. The code ends up
converting these into a template under the hood.
Now that templates can express more fine-grained queries (e.g.,
select only roaming traffic, or select only traffic that's not
on the default network) add a hidden method to pass in a
template. This should have no security implications, as all the
access controls are performed in NetworkStatsService.
Bug: 35142602
Test: android.app.usage.cts.NetworkUsageStatsTest passes
Change-Id: Iab4afa26b34544299d2a9c501c1b0feb470e90a9
Merged-In: Iab4afa26b34544299d2a9c501c1b0feb470e90a9
This will allow data usage clients to query for and receive
callbacks on data usage matching these conditions.
Bug: 35142602
Test: atest FrameworksNetTests
Change-Id: I4d985a2734eeab7ee454c09cc2098b6b3c671c23
Merged-In: I4d985a2734eeab7ee454c09cc2098b6b3c671c23
This is in its own commit because AOSP has diverged from internal
master.
Bug: 35142602
Test: builds, boots
Change-Id: I75fc85b961bc919e3d6c2adce6d6861c6f2c8379
Merged-In: I75fc85b961bc919e3d6c2adce6d6861c6f2c8379
This allows an app using the public API to know whether the
traffic in a particular bucket was on the default network
(i.e., the network was selected by the system), or not (i.e.,
the network was selected by the app).
Bug: 35142602
Test: builds, boots
Test: added coverage to NetworkUsageStatsTest CTS test, still passes
Change-Id: I9f6669908fa119743b9c0aa0c31a03e5ebafa7db
Merged-In: I9f6669908fa119743b9c0aa0c31a03e5ebafa7db
If the qtaguid proc file is no longer exist, the device is running new
eBPF module to do traffic accounting. So the NetworkStatsFactory need to
use the proc/net/dev interface to get the per interface traffic stats
summary. Also, adding a test to verify the helper function work properly
Bug: 30950746
Test: run NetworkStatsFactoryTest
Change-Id: Ia36808bf02f1637dd41a3e7c50917b91b1a77524
Add the native method used to read the detail information of network
stats from bpf maps. The native method of NetworkStatsFactory should
choose the correct implementation to get the stats detail depending on
the kernel version. Currently the bpf result is printed as a reference
and the actual behavior of NetworkStatsFactory should not change.
Test: NetworkStatsFactory related cts test should not fail.
Bug: 30950746
Change-Id: I4715a23559b5b2306bd556cea0431f0ed172a993
Currently, NetworkStatsManager queries and callbacks only allow
selecting network traffic based on network identifiers:
networkType, subscriptionId and networkId. The code ends up
converting these into a template under the hood.
Now that templates can express more fine-grained queries (e.g.,
select only roaming traffic, or select only traffic that's not
on the default network) add a hidden method to pass in a
template. This should have no security implications, as all the
access controls are performed in NetworkStatsService.
Bug: 35142602
Test: android.app.usage.cts.NetworkUsageStatsTest passes
Change-Id: Iab4afa26b34544299d2a9c501c1b0feb470e90a9
This will allow data usage clients to query for and receive
callbacks on data usage matching these conditions.
Bug: 35142602
Test: atest FrameworksNetTests
Change-Id: I4d985a2734eeab7ee454c09cc2098b6b3c671c23
The only caller is telephony code, and it's being fixed in this
topic.
Bug: 35142602
Test: builds, boots
Change-Id: Ia77a1c2c297037f311c2355610c206cd8e3192c4
CreateTransportModeTransform and DeleteTransportModeTransform are both
agnostic as far as which mode of transform it creates/deletes. As such,
to facilitate the implementation of tunnel mode, this patch renames them
to CreateTransform and DeleteTransform, along with all test names.
Bug: 63588681
Test: frameworks/base unit tests and CTS tests run, passed
Change-Id: I1f015eb7ad0e85fca966658a9402485ca2b44091
This is in its own commit because AOSP has diverged from internal
master.
Bug: 35142602
Test: builds, boots
Change-Id: I75fc85b961bc919e3d6c2adce6d6861c6f2c8379
This allows an app using the public API to know whether the
traffic in a particular bucket was on the default network
(i.e., the network was selected by the system), or not (i.e.,
the network was selected by the app).
Bug: 35142602
Test: builds, boots
Test: added coverage to NetworkUsageStatsTest CTS test, still passes
Change-Id: I9f6669908fa119743b9c0aa0c31a03e5ebafa7db
This change adds the defaultNetwork to the ident based on current
system networking state, and persists that value to flash.
Bug: 35142602
Test: runtest frameworks-net
Test: downloaded files using default/non-default networks while watching dumpsys netstats
Change-Id: Id8776d149b2977548a9eb455ad4926af55e25aba
This allows us to maintain NetworkStats entries that track
whether the traffic was on the default network.
At the moment, the stats collection code always passes in
DEFAULT_NETWORK_NO. However, this value is a no-op, since it is
not persisted to disk. Only the ident, the uid/set/tag, and the
packet/byte/operation counters are persisted.
A future change will add defaultNetwork to the ident and start
persisting it.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: Ifa291c62c0fa389b88e5561086a29dcd7cee2253
This will allow NetworkStatsService to treat traffic on these
networks differently from traffic where the app selects a network
that is not the default.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: I5ea9d200d9fb153490c6108bb9390bf152f297da
Add a new interface and a new management object,
IpSecTunnelInterface to the IpSecManager surface.
This object will be used to control IPsec tunnels.
-Add IpSecTunnelInterface object
-Add methods to create and use an IpSecTunnelInterface
-Update the IpSecTransform builder to create Tunnel
mode IpSecTransform objects (usable with an IpSecTunnel)
Bug: 36033193
Test: compilation
Change-Id: Ib6948b12c15c93674234dc36288058ae44435b90
Because IpSecTransforms are now unidirectional,
and because the only mechanism for removing Transforms
removes it from both directions, the API can no longer
use the Transform parameter to meaningfully validate
that the caller had applied a transform. Since that
functionality was as-yet unimplemented and is now
infeasible, the transform parameter is removed.
Bug: 72079356
Test: cts - IpSecManagerTest; runtest frameworks-net
Change-Id: If19b0d34bdc6daf31a40d6d62bff326dcbca08c0
The version of applyTransportModeTransform() and
removeTransportModeTransform() that accepted
Socket and DatagramSocket were closing the underlying
FDs upon return. It's unclear whether this is due to
a behavior change elsewhere in ParcelFileDescriptor,
but either way, converting to using getFileDescriptor$
and then calling dup() explicitly rather than relying
on ParcelFileDescriptor seems like a better idea anyway.
Bug: 72047396
Test: CTS - IpSecManagerTest.testCreateTransform()
Change-Id: Ia2f02564e1289f25bf113dbb861fcfd2240537a7
Convert the IpSecTransform from being a bi-directional
pair of SAs to a unidirectional single SA. This CL
also removes the concept of "direction from SAs meaning
that a IpSecTransform may now be applied to a socket
in either direction.
-Make transforms unidirectional
-Add Convert allocateSpi() to use destination rather
than direction and remote address
-Remove directionality from builders for IpSecTransform
-Change applyTransportModeTransform() to take a
direction in which to apply the transform object.
-Additional minor naming updates
-Restrict IpSecConfig to only print keys on eng builds
-Move DIRECTION constants to IpSecManager
-Add sourceAddress parameter to IpSecTransform to provide
additional guarantees about the source address of data;
(explicit failure rather than implicit failure).
-Move SPI to the build() method of IpSecTransform
Bug: 71717213
Test: runtest frameworks-net, CTS - IpSecManagerTest
Change-Id: I0824b37f443f4b8c62536d9801238c63ed8f2a1c
Mirrors the design of TimeUnit and ChronoUnit which many developers
are already familiar with, making it easy to pick up and use.
Yes, this is an enum.
Bug: 70915728
Test: bit FrameworksCoreTests:android.util.DataUnitTest
Change-Id: Id0cfdac5c81ed89c3c9ece23c964acba4a4f8471
Adds checks to ensure that users can only set the correct types of
algorithms for the Authentication, Encryption and Authenticated
Encryption algorithms.
Bug: 65223935
Test: Added tests in IpSecConfigTest, and passed on aosp_marlin-eng
Change-Id: I462c77d9eb5710b8d03a48866453649d3b6fc6bf
To facilitate error checking we should invalidate
the resource IDs of all objects when we close() them.
Today, the resource ID is invalidated on the Transform
object but not on the SPI or Encap Socket. This CL
unifies the behavior.
Bug: 70641274
Test: cts - IpSecManagerTest
Change-Id: I28caec3e913902c748c6a50b4ef742ccef8b1b09
Move the native implementation of TrafficStats to NetworkStatsService
and apps need to get the NetworkStatsService binder interface from
system_server in order to get the network usage stats since boot. This
implementation can hide the detail of retrieving network traffic
information from apps and the NetworkStatsService can choose which
methoed it use to get the data depending on the kernel version of the
device.
Bug: 30950746
Test: CtsNetTestCases -t android.net.cts.TrafficStatsTest
Change-Id: I53bbefd19aa0b783b9b4b42ea4d76db3e9ec07a3
Added calls to tag encap sockets to that of the UID for which the encap
socket is being created on behalf of. This ensures that all data
accounting generated for the UDP-encap-ESP socket is correctly billed to
the right UID.
Bug: 62994731
Test: New tests added to IpSecServiceTest.java, passing
Change-Id: I15365ea9c982fd7b4e3cdeff314ddfba2289c86e
This enables app A to create a socket, pass it to app B, and have
app B accept blame for the traffic performed on that socket.
Also adds helpful public APIs for tagging raw FileDescriptor sockets
instead of making developers go through shady SocketImpl wrappers.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests#testAppFailAccessPrivateData
Bug: 63932076
Change-Id: I08925c843974675fc82e4080cec2eaab9ab7cd41
Merged-In: I08925c843974675fc82e4080cec2eaab9ab7cd41
(cherry picked from commit 4e164f9e94)
