am: b418a13a90 -s ours
am skip reason: change_id I49c35541eb21e91f8c36215456df703d2fe70d2c with SHA1 cf54864ccc is in history
Change-Id: Id22f11ec1e377c801ea5b7dd9692c6243907fa9e
am: 78bc2fb752 -s ours
am skip reason: change_id Idaa7238a5c9acdae9f6cff13095ee9436c7c92c8 with SHA1 621463a0c0 is in history
Change-Id: I0db6221a54e4aba83fc792561e48c9d448163239
am: 65caa406e7 -s ours
am skip reason: change_id I9b9a51dc5dc06c90229fb36c34c24258991c4146 with SHA1 47c7eec480 is in history
Change-Id: Ie1cdb9a928f97681ab4083b68db3fd453b0399e5
am: 511a7bf235 -s ours
am skip reason: change_id I9f708a252ab606b782f5f828dce8c1690c3703bf with SHA1 9dc3a9e437 is in history
Change-Id: Ia333cf3cbe2368146ac701bb83e52e131291503c
Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I403cd14ac9aa6b001c4e580abbb33a615931a192
Merged-In: Idaa7238a5c9acdae9f6cff13095ee9436c7c92c8
(cherry picked from commit 038c11d564452c9e08f25119423049339ff93c57)
am: 533f3bcdba -s ours
am skip reason: change_id I67005a5384888e8acaf1249af79484e2d5ed6f1f with SHA1 b7f02e19b0 is in history
Change-Id: I0a8d0cb21631db7909daef449dbf14b810a3b9f5
For implementing parcelable interface for NattKeepalivePacketData.
Move this class out of framework.jar and move to services.jar
This class is used in telephony-common.jar and it also loads
service.jar.
Bug: 33530442
Test: - build pass
- atest NetworkStackTests
- atest ConnectivityServiceTest
Change-Id: Ie1d02bb7bccb76415cf71824147466cabf6b88b6
Merged-In: Ie1d02bb7bccb76415cf71824147466cabf6b88b6
Merged-In: Idf7c25b6b553d8c0cc4ef2ea8193438480420fb4
(cherry picked from commit 58a1f931eba8716c4a630863f658b070cda623de)
Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I4961d5da343d8700600269632787c28112f0f9f1
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I895d2b57da658d5bed28ebe128611d5d15835742
Merged-In: I9f708a252ab606b782f5f828dce8c1690c3703bf
Merged-In: I895d2b57da658d5bed28ebe128611d5d15835742
(cherry picked from commit cc21fbd483138771dae04f4d86ab411e2e88e575)
rethrowFromSystemServer is throwing DeadSystemException which
is different from the original log message. Thus, update the
way to rethrow the same RemoteException.
Bug: 130028724
Test: atest FrameworksNetTest
Test: Kill NetworkStack and check the log message
Change-Id: I60862e276dd4e2d143278b272a9ba54219acce26
Merged-In: Ic1766e839f8f06b539d5f6cfecd29547021fd1d9
Merged-In: I67005a5384888e8acaf1249af79484e2d5ed6f1f
(cherry picked from commit 7f581219e1a4706ea2b4438322a299986847b1c2)
am: f3420c999f -s ours
am skip reason: change_id Ic2faef44831575b2d03bc00ef2553d5c549adc95 with SHA1 f8905980dc is in history
Change-Id: I4775263c2f422a9738812b02be61e2af95e9c472
* changes:
Reinstate new VPN uid filtering unit tests
Revert new tests and PackageManager mock
Block incoming non-VPN packets to apps under fully-routed VPN
am: cce8a9da85 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ie9bfef68a5c78272d4c7b31e9427ba2f5c57d056
am: cd616ebc95 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ic26258dd1ef7a0f3c7c802d764f83a272c3d519f
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Merged-In: Ic2faef44831575b2d03bc00ef2553d5c549adc95
Change-Id: Ic2faef44831575b2d03bc00ef2553d5c549adc95
(cherry picked from commit 4469b1d8a543613d91a58a88488fd2022a0696b9)
rethrowFromSystemServer is throwing DeadSystemException which
is different from the original log message. Thus, update the
way to rethrow the same RemoteException.
Bug: 130028724
Test: atest FrameworksNetTest
Test: Kill NetworkStack and check the log message
Change-Id: I60862e276dd4e2d143278b272a9ba54219acce26
A mocked PackageManager caused test failures in existing tests.
Revert that for now to make tests pass again.
Bug: 114231106
Bug: 130397860
Test: atest FrameworksNetTests
Merged-In: Ib59e211d4329f885108de9ea0a74669ffb144e17
(cherry picked from commit 8574c9bf350ca60e2b21c759aa75bc3843ffde17)
Change-Id: I603a0b0dfb67a942679a668c182aa650774c80b2
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16bf49f678d4a43c220e1d67393170459)
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Change-Id: Ib921700eda417f411d7a2c77c1140fba9ab50bbb
