This is being added as the lowest priority score factor, just
above the tie-breakers. It ensures that a network that has been
destroyed will lose to another identical network that has not
been destroyed, but will otherwise be scored identically.
The flag is a CS-managed flag that is stored in NetworkAgentInfo.
Currently it is always false, but it will be populated in
future CLs.
Bug: 216567577
Test: atest FrameworksNetTests
Change-Id: Ib1cd342ab7dfc4df45715da19b743d711fe8d605
These don't break compilation because NetworkAgentInfo doesn't
expose any APIs and thus doesn't generate javadoc, but they
are flagged by the IDE.
Test: treehugger
Change-Id: I2b63c24b2afbc98950f53c38f80d27474aab0622
This makes the code easier to maintain because we do not need to
manually add string representations, and because it will throw at
static initialization time if the clas contains duplicate
POLICY_xxx values. The memory overhead is likely negligible.
Bug: 216567577
Test: new coverage in FullScoreTest
Change-Id: Iab23d414c8e28ff7f26060ad44fa996f277d361f
Currently, there are two EVENT_NETWORK_TESTED message types in
ConnectivityService. One is used by the ConnectivityService
handler to process validation results, and one is used by
ConnectivityDiagnosticsHandler to send connectivity reports.
The two messages have different contents so it is confusing that
they have the same integer and the same name. Rename the second
one to CMD_SEND_CONNECTIVITY_REPORT.
Test: atest ConnectivityServiceTest
Test: atest CtsNetTestCases:android.net.cts.ConnectivityDiagnosticsManagerTest
Change-Id: I77d63dad477315e1fcc7225a5ef03aff2bed8c35
TestNetworkAgentWrapper does not set the interface name in its
LinkProperties causing logwtf to fail tests on -eng build.
Test: atest FrameworksNetTests:ConnectivityServiceTest on -eng build
Change-Id: Ieba0453ce897aa1052cb98f1de4c7bb099383c8d
Add some happy path logging that informs about active rate limits.
Test: TreeHugger
Bug: 218840346
Change-Id: Iddd50583ca2e90afe83a5c68611418fa794afb3f
All NetworkMonitor messages contain the netId of the source
NetworkMonitor. But the netId is in various places in the
message. It's most frequently in arg2, but sometimes it's boxed
into an Integer in obj, and sometimes it's in another object.
Always pass the netId into arg2. This allows us to write
common code at the beginning of the function that extracts the
netId and nai, and performs common actions on all messages.
Bug: 216567577
Test: atest FrameworksNetTests FrameworksNetIntegrationTests
Test: atest CtsNetTestCases:ConnectivityManageTest
Test: atest CtsNetTestCases:NetworkAgentTest
Change-Id: Idbbe3cddfc5475a2d56df387f840439dc4c9514c
Some system components like VPN need to know how to redact
NetworkCapabilities & LinkProperties that they received from
the system but need to send to third-party applications with
less privilege than themselves. To make sure the redaction is
consistent, expose system API methods to do it that are wired
to the same redaction code used by ConnectivityService.
Bug: 191413541
Test: atest CtsNetTestCases, which includes new CTS for these
Change-Id: Ia3ae4755b5192884c147d6828f96cedac000a25b
Adds ingress rate limiting functionality to ConnectivityService. The tc
rate limit is installed before we tell netd about the interface, and
removed after the network is removed from netd. When the setting
changes, the old rate limit needs to be removed before a new one can be
added (unfortunately, we cannot use NLM_F_REPLACE when configuring the
tc-police filter).
Currently, this functionality is always enabled, but may or may not work
based on kernel support.
Bug: 157552970
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I4e64b2c40490f061e42b40a1b1b3a6618c3d1a87
When the network is a VPN, NetworkMonitor needs to know whether
the VPN requests validation, and that information is stored in
NetworkAgentConfig. Pass it.
Test: FrameworksNetTests
Change-Id: I3616f0796b69ce054d92213aafdef43ba7041596
This reverts commit 13b96bc651.
Reason for revert:
- The reverted CL fixes a bootloop on Fi devices and must be submitted again for droidfood stability purposes.
- It's not clear whether the revert actually fixes the test that prompted it.
Change-Id: I68200501d1c587d1c6b3ad81053175c74961a440
This reverts commit a7d4766d0d.
Reason for revert: DroidMonitor: Potential culprit for Bug 218308105 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Change-Id: Ia9953d023c1eb84846834f92d4f38a72fa14bd30
UIDs can't be sent to netd until the native network is created.
Also, it's possible that the interface disappears at any moment,
so in that case catch the ServiceSpecificException.
Test: FrameworksNetTests
Bug: 218100554
Change-Id: I79285166acf5d89aa34107e00dfff963ccc22d52
Passing one of RECEIVER_EXPORTED or RECEIVER_NOT_EXPORTED is
required for all code targeting T or above. The correct value
here is RECEIVER_NOT_EXPORTED because the receiver is being
registered in the system server and the broadcast comes from
the system server itself (same UID).
This does not need to be guarded by OS version because
CarrierPrivilegeAuthenticator is only used on T+.
Test: m
Fix: 217642082
Change-Id: I09840b17bd54352896607737b56c6a692ffbd2c2
* changes:
Use packBitList to prevent long-related mistakes
Introduce ensureListenableCapabilities
Accept accessUids from telephony when it's the carrier config app
Renamed from ensureValid, this is an easier to understand name.
It is also a lot clearer when requestable capabilities also
have to be listenable.
Also move the 2 functions together.
Test: FrameworksNetTests
Change-Id: I685f924a3720846d740837a4a0fee3d88a26725a
* changes:
Prevent native_init from starting TrafficController
Remove libutils dependency from libservice-connectivity
Merge libtraffic_controller_jni into libservice-connectivity
[NETD-TC#15] Make ConnectivityService and PermissionMonitor calls BpfNetMaps on T
calls BpfNetMaps on T
Since TrafficController moves to mainline module for T, so some netd binder
interfaces revelant to BPF are going to deprecated. Provide JNI APIs to
call TrafficController inside mainline module for T.
Bug: 209935649
Test: atest CtsHostsideNetworkTests
Change-Id: Ib3b43cf2840e02806395af9f1e019ca6fccd032e
For now, all entry points reject this. Followup changes
will allow the supported use cases.
Test: new unit tests and CTS for this in this patch
Change-Id: I7262811a2e46336d3bb63c80886fc0578a36da94
NetworkAgents send NetworkCapabilities to ConnectivityService but
there are limits to what exactly they can send. Going forward,
some of these checks will have to happen on the handler thread,
which is already the case when an agent updates its capabilities,
but not upon registration.
This patches moves the sanitization on the handler thread, after
the network monitor is created for a network agent.
Before this patch, upon registration of a new agent, the binder
thread would copy and sanitize the capabilities, then store them
in nai.networkCapabilities. It would store the original caps from
the agent in the NAI, mix in what is known from the network info,
process the LinkProperties, and then proceed to create the
network monitor, but not yet store the NAI in the internal
structures because its registration is not finalized, so other
methods should not see it yet. After the monitor is created in
the network stack process, the NAI is stored in the internal
structures which publishes it for all methods to see. After
that is done, the NAI calls to the network monitor to warn it
that it's registered, what its capabilities are, and that it's
time to start validation if applicable.
With this patch, the validation no longer happens on the binder
thread. Instead, the binder thread stores the capabilities and
link properties as is, before sanitization, in the NAI. This is
fine because no other method can access these until the
registration completes upon notification that the monitor has
been created ; this agent is only stored in the network monitor
callbacks in a self-destructing object precisely to make sure
that's the case.
When the monitor is created and CS receives notification of the
same, it will sanitize the capabilities before adding the NAI
to the internal structures, to protect the invariant that the
un-sanitized capabilities inside the NAI can't ever be seen by
any other method. After that's done, it will call to the
monitor to start validation as usual.
Test: FrameworksNetTests CtsNetTestsCases
Change-Id: I7d43ef0e25955e0349903b4801b9dfd8c3c92586
* changes:
Don't enable DscpPolicyTracker on pre-T devices.
Allow service JNI in FrameworksNetIntegrationTests.
Don't manually load the JNI library in DscpPolicyTracker.
Process DSCP QoS events for policies
Allow using BpfMap and TcUtils in unit tests.
The code cannot work before T because before T the tethering
module can only load BPF programs/maps into /sys/fs/tethering/bpf
and the system server cannot access that directory.
Additionally, this is causing unit tests to fail on pre-T devices
because on those devices the seccomp filter blocks the bpf
syscall from apps (including Java tests).
Test: revert aosp/1907693 and atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I6c398031dffb840da1d723b11ea4d0845ad6c6f2
This is not necessary because TcUtils already loads its library,
and unlike this code, it correctly loads it using JniUtils so
will succeed even when the code is jarjard in unit tests.
Test: atest ConnectivityServiceTest
Change-Id: I57eb46178d58777769f5497a0ea93cd037d598cb
New events to handle adding and removing of DSCP QoS policies.
Async indication sends status back to client if the policy
has been added, failed, or if the policy limit has been
reached.
Bug: 202871011
Change-Id: I7988d22ae625ad0dd415927d2943de4a749e6fb8
For those functions which return statusFromErrno() in TrafficController,
it would return positive errno so shouldn't construct with -errno.
Test: m
Change-Id: I94b9294c4e200c43e33f8280469dfad9e9fbf5ea
ParcelFileDescriptor rely on garbage collection to close handler.
When there is any error during starting clat or quick on/off
IPv6 only network, the file descriptor may not be able to be closed
before next clatStart is called. This may be problematic. For
example, the same v4- tun interface has not closed yet and clatStart
has been called again.
Test: connect/disconnect to IPv6 only network and ping 8.8.8.8
repeat 10 times
Change-Id: I8e1c66206dc221827a039213ecc86d5cbd777dff
provide clatd stop function which stops clatd by pid.
Bug: 212345928
Test: flash and boot
Run "atest ClatCoordinatorTest" in a follow commit.
Change-Id: Icd9c4f9038bf75113fbc5608f213145e58a061d9
