Add back compat config for RUN_NATIVE_NSD_ONLY_IF_LEGACY_APPS, which was
lost when moving NsdManager to framework-connectivity-t.
This causes NsdManager to start mdnsresponder again when used by apps
with target SDK < 31.
The change also changes the compat ID used, to make sure it does not
conflict with the ID already in use in S and below, when the module is
installed on such a platform. This is the only ChangeId used by
framework-t.
Also add a CtsNetTestCasesMaxTargetSdk30 test to verify that behavior.
Bug: 235355681
Test: atest CtsNetTestCasesMaxTargetSdk30
Change-Id: I7ca6051d0a4ba5aff3e44bece2cbac22eb1be32d
Underscore character may cause bpf prog/map naming collision. For
example, x.o with map y_z and x_y.o with map z both result in x_y_z
prog/map name, which should be prevented during compile-time.
aosp/2147825 will prohibit underscore character in bpf source name
(source name derives the obj name). Existing bpf modules with underscore
characters in source name need to be updated accordingly.
Bug: 236706995
Test: atest bpf_existence_test
Test: adb root; adb shell ls -l sys/fs/bpf/net_shared | grep dscpPolicy
Change-Id: Ibe98944d09d42bd11b78b5e9ae35ded48c70416d
(This rolls forward part of a previous change, now that jarjar was fixed
to not get very slow when the number of rules increases).
Autogenerate connectivity jarjar rules at build time, to avoid issues
with forgotten jarjar rules or hard-to-diagnose errors introduced by
incorrect rules.
This change causes all classes in framework-connectivity(-t) and
service-connectivity to be jarjared into android.net.connectivity, but
still avoids jarjaring classes in com.android.server as before, to keep
it small.
For many classes this differs from the original jarjar rule.
Notes on implementation:
- connectivity-jarjar-rules now has a subset
framework-connectivity-jarjar-rules containing only the rules
necessary for framework-connectivity. This is necessary because
framework-connectivity cannot depend on rules generated based on
service-connectivity, as there would be a dependency cycle
(service-connectivity depends on framework-connectivity); Soong even
crashes with a stack overflow.
- framework-wifi.stubs.module_lib is added to
framework-connectivity-pre-jarjar as it is necessary to build it (it
is already in impl_only_libs in the defaults).
It is unclear why framework-connectivity-pre-jarjar could build
before that (possibly because it was only used as "lib" ?)
- Fix package-private visibility; for example NattSocketKeepalive,
TcpSocketKeepalive are not API so should be jarjared, but are used
by ConnectivityManager which is not jarjared, so they are not in the
same package after the change. Package-private members in the
former 2 need to be public to be accessible. Changes in this commit
are all that is needed, as demonstrated by followup commits that move
the classes to a different package without further changes, and that
enforce that no class in an API package gets jarjared.
- framework-connectivity-internal-test-defaults is separated from
framework-connectivity-test-defaults, for unit tests that need to
access internal jarjared classes. Such tests need to use the jarjar
rules themselves too, so this is only appropriate for connectivity
internal unit tests.
Test: atest ConnectivityCoverageTests CtsNetTestCases
Bug: 217129444
Change-Id: Ib1bd939b71c0171d945fc01b96195d2f620ff13b
InProcessTethering runs as system_server (uid/gid AID_SYSTEM)
instead of as the network_stack (uid/gid AID_NETWORK_STACK).
Additionally only the network_stack has access to the default
selinux context of /sys/fs/bpf/tethering, which is fs_bpf_tethering,
so we need to use 'fs_bpf_net_shared' instead.
Bug: 190523685
Bug: 236925089
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ibb6ae255dcd8a8e8049be112055f60c3b2cf7df0
The objdump -x visible changes between old and new versions of the
mainline shipped .o files are really very minimal: just the inclusion
of a new .BTF section and changes/removals of some 'l' entries from
the symbol table. However, it turns out a change to symbol ordering
is incompatible with BpfLoader <v0.10 which doesn't know to skip
non-function symbols, and as such enabling btf requires a little
bit of gymnastics.
After:
$ adbz shell ls -l /apex/com.android.tethering/etc/bpf/*.o
-rw-r--r-- 1 system system 118352 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/offload.o
-rw-r--r-- 1 system system 123424 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/offload@btf.o
-rw-r--r-- 1 system system 2232 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/test.o
-rw-r--r-- 1 system system 6376 1969-12-31 16:00 /apex/com.android.tethering/etc/bpf/test@btf.o
$ adbz shell logcat -d | egrep offload.*[.]o
07-15 13:10:43.358 0 0 D LibBpfLoader: Loading critical for tethering ELF object /apex/com.android.tethering/etc/bpf/offload.o with license Apache 2.0
07-15 13:10:43.359 0 0 I LibBpfLoader: BpfLoader version 0x00019 ignoring ELF object /apex/com.android.tethering/etc/bpf/offload.o with max ver 0x00019
07-15 13:10:43.359 0 0 I bpfloader: Loaded object: /apex/com.android.tethering/etc/bpf/offload.o
07-15 13:10:43.374 0 0 D LibBpfLoader: Loading critical for tethering ELF object /apex/com.android.tethering/etc/bpf/offload@btf.o with license Apache 2.0
07-15 13:10:43.375 0 0 I LibBpfLoader: BpfLoader version 0x00019 processing ELF object /apex/com.android.tethering/etc/bpf/offload@btf.o with ver [0x00019,0x10000)
07-15 13:10:43.452 0 0 D LibBpfLoader: map_fd found at 0 is 6 in /apex/com.android.tethering/etc/bpf/offload@btf.o
...
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id658818d1d42763358747523615b7918d312588e
This change results in the existence of either:
/apex/com.android.tethering/etc/flag/out-of-process
(Phones with mainline updatable Tethering in network_stack process)
or
/apex/com.android.tethering/etc/flag/in-process
(Android Go with InProcessTethering in system_server process)
These flags provide an easy way for the BpfLoader to
detect the required selinux context for /sys/fs/bpf/tethering
directory.
Bug: 190523685
Bug: 236925089
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I8e66806d81893885a5ebe8a6dd4194c5b9dae219
This reverts commit 53eb35cd82.
Reason for revert: b/233081774, caused long build times in FrameworkNetTests
Change-Id: Ide01c994f694b55fc0e87bb0e81584ac44196e68
Jarjar rules are hard to keep in sync with code, and hard to maintain
manually as the distinction between what should and should not be
jarjared is not always clear. This results in unsafe binaries that are
manually maintained, and developer frustration when something fails due
to incorrect jarjar rules.
Autogenerate jarjar rules at build time instead. This is achieved by
introducing a jarjar-rules-generator python-based library, which scans
pre-jarjar intermediate artifacts, and outputs jarjar rules for every
class to put it in a package specific to the module. The only exceptions
are:
- Classes that are API (module-lib API is the largest API surface of
the module)
- Classes that have unsupportedappusage symbols
- Classes that are excluded manually (for example, because they have
hardcoded external references, like for
ConnectivityServiceInitializer in SystemServer).
This change causes all classes in framework-connectivity(-t) and
service-connectivity to be jarjared into android.net.connectivity, but
still avoids jarjaring classes in com.android.server as before, to keep
it small.
For many classes this differs from the original jarjar rule.
Notes on implementation:
- connectivity-jarjar-rules now has a subset
framework-connectivity-jarjar-rules containing only the rules
necessary for framework-connectivity. This is necessary because
framework-connectivity cannot depend on rules generated based on
service-connectivity, as there would be a dependency cycle
(service-connectivity depends on framework-connectivity); Soong even
crashes with a stack overflow.
- framework-wifi.stubs.module_lib is added to
framework-connectivity-pre-jarjar as it is necessary to build it (it
is already in impl_only_libs in the defaults).
It is unclear why framework-connectivity-pre-jarjar could build
before that (possibly because it was only used as "lib" ?)
- Fix package-private visibility; for example NattSocketKeepalive,
TcpSocketKeepalive are not API so should be jarjared, but are used
by ConnectivityManager which is not jarjared, so they are not in the
same package after the change. Package-private members in the
former 2 need to be public to be accessible. Changes in this commit
are all that is needed, as demonstrated by followup commits that move
the classes to a different package without further changes, and that
enforce that no class in an API package gets jarjared.
- framework-connectivity-internal-test-defaults is separated from
framework-connectivity-test-defaults, for unit tests that need to
access internal jarjared classes. Such tests need to use the jarjar
rules themselves too, so this is only appropriate for connectivity
internal unit tests.
Test: atest ConnectivityCoverageTests CtsNetTestCases
Bug: 217129444
Change-Id: Ied17c3955ea2fda130089265d02908937ad8af1e
this hack is no longer needed now that duplicate target in system/netd
is no longer an issue due to automerger to sc-mainline-prod being
turned off
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Id2c1dfac3bc4e6a8f5376a41ca2d1432b838da38
Gate presence of excluded routes in LinkProperties on target sdk T.
Bug: 186082280
Test: atest LinkPropertiesTest
Change-Id: If8fdb468a0a4968c5f2a878b7aacfeb4f7d9a9e5
Change https://r.android.com/2020995 was a cherry pick of a downstream
change that was updated to remove these tabs. Unfortunately, the
cherry pick was not updated to match making this change necessary to
ensure consistency.
Bug: 194063708
Test: m out/soong/hiddenapi/hiddenapi-flags.csv
Change-Id: Id03bbbb749eb91a4f26b5c12b77eed03a72a83c4
Merged-In: Iaa1207799a44ab892dc30b55f363c6e7deb94d86
Ran the following to compute the set of split_packages and
package_prefixes properties.
m analyze_bcpf &&
analyze_bcpf --bcpf com.android.tethering-bootclasspath-fragment --apex framework-tethering --sdk tethering-module-sdk
Bug: 194063708
Test: m out/soong/hiddenapi/hiddenapi-flags.csv
Change-Id: Iaa1207799a44ab892dc30b55f363c6e7deb94d86
Merged-In: Iaa1207799a44ab892dc30b55f363c6e7deb94d86
New Connectivity Service exposed to vendor for
restricting certain ports for use only in vendor.
Bug: 179733303
Change-Id: Iad9aff6924498ede5a08cfa5482082f094c0a90b
In /packages/modules/common/sdk/ModuleDefaults.bp file, some
apex_defaults are added to provide common parameters corresponding to
Q, R, S, and T releases.
(Refer to CL link for above mentioned change -
https://android-review.googlesource.com/c/platform/packages/modules/common/+/2005890?forceReload=true)
This CL is using the apex_default corresponding to R release for the
com.google.android.tethering module.
Bug: 172589606
Test: USE_RBE=true m
Since there are no runtime changes, successful code build is enough for
testing.
Change-Id: I4b3b3d6add96da1ee4421227996b54f7b96bc2c2
This is separated from ag/16766427 to avoid merge
conflict at downstream branches. For some downstream branches,
the library does not exist and this part is commented out.
Bug: 197717846
Test: atest FrameworksNetTests
Merged-In: Idb6da7ce678fbb3f4839604726cbdbdf223144c1
Merged-In: Iae44344701a3267110e5cbf271120201134d59e5
Change-Id: I9d7f6cea1cdb3c8117e677d8c204e3985295ada0
This is separated from ag/16657723 to avoid merge
conflict at downstream branches. For some downstream branches,
the library does not exist and this part is commented out.
Test: TH
Bug: 197717846
Merged-In: I4eeb7ea9cfc3139991caf0fc22474e0052a0391c
Merged-In: I33e0d699086c87ce8e940036c9a52908bbbcf6c5
Change-Id: I031e5687fa47594b50ca1b40570e01cdec356827
The allowlist will now be in the apex instead.
Test: boots && check permissions.xml is bundled
Bug: 190375768
Change-Id: Ia7434cba54d2b51479e52323f22c7f454499991d
Allow framework-connectivity to depend on framework-connectivity-t
stubs, and framework-connectivity-t to depend on prebuilt (to avoid
circular dependencies) framework-connectivity stubs to compile its own
stubs, and framework-connectivity.impl to compile its implementation.
Also reorganize jarjar rules so that service and framework jar can use
static libraries in framework-connectivity without packaging their own,
reducing duplicate code.
Bug: 204830222
Test: m
Change-Id: I75c34986e7c479de23cdb2e9b360fa1fede018c9
* changes:
Prevent native_init from starting TrafficController
Remove libutils dependency from libservice-connectivity
Merge libtraffic_controller_jni into libservice-connectivity
[NETD-TC#15] Make ConnectivityService and PermissionMonitor calls BpfNetMaps on T
There is not really a point to separate these two as they are all used
in ConnectivityService.
As a future TODO, we might want to rename libservice-connectivity to
libcom_android_server_jni to be more inline with the jarjar'ed jni lib
versions.
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I1b9f4fde345038bda6b3ffcf8e3f47cf9262e052
1. Add libnetd_updatable.so in com.android.tethering. The library is
loaded by netd. Currently, it mainly targets on a few functions which
access BPF maps. The functionality may extend in the future.
2. Attach gcroup progs from libnetd_updatable.so.
3. Move (privileged)TagSocket and untagSocket implementation to mainline
module. Combine privilegedTagSocket and untagSocket into a single
function.
4. Split related unit tests from netd_unit_test to
libnetd_updatable_unit_test as well.
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: Ib556458103a4cbb643c1342d9b689ac692160de0
* changes:
Don't enable DscpPolicyTracker on pre-T devices.
Allow service JNI in FrameworksNetIntegrationTests.
Don't manually load the JNI library in DscpPolicyTracker.
Process DSCP QoS events for policies
Allow using BpfMap and TcUtils in unit tests.
New events to handle adding and removing of DSCP QoS policies.
Async indication sends status back to client if the policy
has been added, failed, or if the policy limit has been
reached.
Bug: 202871011
Change-Id: I7988d22ae625ad0dd415927d2943de4a749e6fb8
This is necessary to disable the .inprocess APEX, in branches that only
use stable APIs, as it depends on unstable stubs. override_apex does not
support defaults.
Bug: 190249673
Test: m
Change-Id: Ib4a27b65f3c5b6d4b0ac69e85cf671038efc5744
This CL provides native methods to access BPF maps via a native library.
Bug: 202086915
Test: m; flash; boot;
Change-Id: I2e5d03d0c2e31ba11996d1b28ead9b552397fe29
This is a clean move. The content of netd.c is not changed. The object
name is still netd.o. But the module name is renamed to netd.o_mainline
to avoid name collision in sc-mainline-prod branch.
Modified Android.bp according to the file location. The sub_dir is
newly specified. The object file will be compiled to:
- apex/com.android.tethering/etc/bpf/net_shared/netd.o
The extracted programs and maps will be in:
- sys/fs/bpf/net_shared/
The netd.o will not be loaded in pre-T because the bpfloader before T
does not load objects from paths other than:
- apex/com.android.tethering/etc/bpf/
- /system/etc/bpf/
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: I5281c851341f9258a37d8aad6da4196c06342940
- Add a default to framework-connectivity-tiramisu for disabling
T-only build rules.
- Separate the tiramisu hidden apis from hiddenapi txt files, so
that the framework-connectivity-tiramisu file can avoid being
referenced by the APEX when the JAR is not part of it.
Bug: 206893064
Test: m
Merged-In: I37c7385b456e4d71789aafe33cc8375adf40a681
Change-Id: I37c7385b456e4d71789aafe33cc8375adf40a681
Set clatd privs to clat:clat:-r-sr-sr-x and set its parent
directory privs to root:system:dr-xr-x---. Makes sure that
only root and system group members can execute the binary.
Test: flash and check the file permission
$ adb shell ls -lZ /apex/com.android.tethering/bin
dr-xr-x--- 2 root system u:object_r:system_file:s0 4096 1970-01-01 08:00 for-system
$ adb shell ls -lZ /apex/com.android.tethering/bin/for-system
-r-sr-sr-x 1 clat clat u:object_r:clatd_exec:s0 24352 1970-01-01 08:00 clatd
Bug: 212345928
Test: test clat
1. Connect to ipv6-only wifi.
2. Make IPv4 traffic.
$ ping 8.8.8.8
Change-Id: I9537d47b135e6e0324fb40ece2b9f7befb159244
Ship clatd binary with apex. This makes that the clatd binary becomes
updatable.
Bug: 212345928
Test: manual test
1. Connect to ipv6-only wifi.
2. Make IPv4 traffic.
$ ping 8.8.8.8
Change-Id: I4f6f0944e94e165983a19a5d3c3a117274f6bbac
This is the preparing CL for connectivity module to use bpf.
Bug: 179733303
Bug: 205088391
Test: atest ConnectivityCoverageTests
Change-Id: Ibe49d7f671b5050461e2c63c080d9457ad76c26c
`service-connectivity` is a jar that system_server loads dynamically.
Such jars can be dexopted now. This CL adds `service-connectivity` to a
`systemserverclasspath_fragment`, which does not actually add the jar to
the classpath, but tells the build system to dexopt it.
NOTE: The corresponding `exported_systemserverclasspath_fragments` needs
to be added to the `prebuilt_apex` once a new prebuilt is dropped.
Bug: 203198541
Test: m com.android.tethering
Change-Id: I53745baaf1bc7142cc12a1e6cd8d84c9b338ac9d
Merged-In: I53745baaf1bc7142cc12a1e6cd8d84c9b338ac9d
Merged-In: I9a009493fe0482967ab1f92516514715cfd457d6
The defaults can be used to enable/disable connectivity next targets
depending on the branch, while minimizing merge conflicts.
The "next" target may use unstable APIs. It need to be disabled in the
branch which only have the last stable SDK available.
Also correct TetheringTestsLatestSdkLib which should use stable API.
Test: TH
Change-Id: I00d91bbd513277c1cedf67d18ac9f56cc4037309
To avoid much code diverge between aosp and its downstream, we need to
separate the build target which build with latest stable sdk in release
branch and build with unfreeze sdk in dev branch. So we could use new
API with APIshim in dev branch without impacting release branch.
BYPASS_INCLUSIVE_LANGUAGE_REASON=the wording is the file name of
existing file.
Bug: 204265450
Test: m
Change-Id: I949fd83b1eed7461e0b381193b190cf15080bc1b
Previously, the hidden API encoding of the tethering boot dex jars,
i.e. those dex jars that tethering contributes to the bootclasspath
were done as part of the monolithic hidden API processing. This change
causes the encoding to be done by the tethering's
bootclasspath_fragment.
This change involves the following:
* Addition of the fragments property to the tethering's
bootclasspath_fragment module to list all the other
bootclasspath_fragment modules on which this depends.
* Addition of the additional_stubs property to add stubs for APIs that
are not provided by another bootclasspath_fragment.
* Moving hidden API flag file entries related to tethering from the
flag files in frameworks/base/boot/hiddenapi directory into the
tethering directory with an appropriate OWNERS file to allow them to
be managed by the Soong and compat team.
* Addition of a PREUPLOAD.cfg hook script to ensure that the flag files
are sorted.
The build automatically checks that the hidden API flags which are
computed by tethering and encoded into its boot dex jars match those
that are generated by the monolithic processing so this is guaranteed
to be safe.
Bug: 179354495
Test: m com.android.tethering
- ensure that the generated APEX is byte-for-byte identical
before and after these changes.
m out/soong/hiddenapi/hiddenapi-flags.csv
- make sure that they are not changed by this.
Change-Id: I4d9621325c7fcea5043cbca4c577ba2ac6125c0c
Ignore-AOSP-First: merge conflicts
Allows SdkExtensions to inspect its version to decide what the extension
sdk version is on-device.
Bug: 188787081
Test: m com.android.tethering and inspect
Ignore-AOSP-first: internal topic, will cherry-pick after submission
Change-Id: If2d28b02be871594fed1fbb40b7aad284b553afb
Note that the contents of the bootclasspath_fragment are added as
dependencies to an apex, so there is no need to duplicate them in
java_libs.
Bug: 180105615
Test: atest CtsClasspathsTestCases
Ignore-AOSP-First: multiple previous changes aren't cherry-picked yet
Change-Id: Ia19ed0d5e13676882239dd5a1456c97549119994
