The tc police filter attaches to the clsact qdisc, so the rate limit
cannot be enabled before the qdisc is added to the interface.
The clsact qdisc is added as part of INetd#networkAddInterface, which is
called from inside updateLinkProperties.
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I0713605ff3684f8271eb3f0e29ab7116561963f1
In the previous design of NSS and NPMS, those only had IMSI to identify
the cell network. Now the telephony has created the "subId" handle,
which is the preferred mechanism for identifying subscribers.
This commit adds NetworkStats support for subscriberId as a part of
the network identity key
Bug: 80526261
Test: atest NetworkTemplateTest NetworkStatsCollectionTest
NetworkStatsServiceTest NetworkIdentityTest
Ignore-AOSP-First: merge conflict resolutions
(cherry-picked from ag/16826535)
Change-Id: I8549b11d0fcfc5a9426724d6b90de27b707cb77c
Merged-In: I8549b11d0fcfc5a9426724d6b90de27b707cb77c
This is being added as the lowest priority score factor, just
above the tie-breakers. It ensures that a network that has been
destroyed will lose to another identical network that has not
been destroyed, but will otherwise be scored identically.
The flag is a CS-managed flag that is stored in NetworkAgentInfo.
Currently it is always false, but it will be populated in
future CLs.
Bug: 216567577
Test: atest FrameworksNetTests
Change-Id: Ib1cd342ab7dfc4df45715da19b743d711fe8d605
These also cause ConnectivityCoverageTests to fail when built
from master and run on S. They are used in Vpn.java, not
LockdownVpnTracker.
They were not addressed in the previous CL because running this
test locally is difficult.
Test: forrest
Change-Id: I7d687338fd6bc7468b1abcae58898322554e647b
LockdownVpnTracker directly uses resources from
com.android.internal.R. This is acceptable because it's platform
code. But ConnectivityServiceTest uses the LockdownVpnTracker
built from the module source tree, and when that code fetches
resources on a previous Android release, it crashes because the
resource IDs don't exist; non-public resource IDs aren't stable.
Fix this by mocking the resources used by LockdownVpnTracker.
Test: atest ConnectivityCoverageTests
Change-Id: I239a18a38d4f1082f76f5ff1b831c15ee753bdfd
This patch adjusts the behavior of the NetworkMonitor mock
to behave the same way as the real one – accept either
notifyNetworkConnected or notifyNetworkConnectedParcel as
a signal a network is connected. This is necessary because
the Connectivity module will call either of these depending
on versions of other software it finds on the device.
Test: ConnectivityServiceTest
NetworkMonitorTest
Change-Id: I5900a019b3b033f4365d8a82b1e522336012064e
This makes the code easier to maintain because we do not need to
manually add string representations, and because it will throw at
static initialization time if the clas contains duplicate
POLICY_xxx values. The memory overhead is likely negligible.
Bug: 216567577
Test: new coverage in FullScoreTest
Change-Id: Iab23d414c8e28ff7f26060ad44fa996f277d361f
NetworkStatsService was mainlined in T, so the test does not need to be
run on previous Android versions.
Test: atest CtsNetTestCases:NetworkStatsServiceTest
Change-Id: I8e69746a03ef029b1121cc8fa71e299ac12c2905
Refer to the same constant definition as other tests instead of
hard coding locally, so that it won't be missed as changing to
Build.VERSION_CODES.SC_V2.
Bug: 184750836
Test: atest FrameworksNetTests
Change-Id: I3c17c414d830af03e2719c5dab1a664c55f6df2a
Adds ingress rate limiting functionality to ConnectivityService. The tc
rate limit is installed before we tell netd about the interface, and
removed after the network is removed from netd. When the setting
changes, the old rate limit needs to be removed before a new one can be
added (unfortunately, we cannot use NLM_F_REPLACE when configuring the
tc-police filter).
Currently, this functionality is always enabled, but may or may not work
based on kernel support.
Bug: 157552970
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I4e64b2c40490f061e42b40a1b1b3a6618c3d1a87
Address API review feedback to change naming of
setExcludedLocalRoutesVpn and getter.
Bug: 217742354
Test: atest FrameworksNetTests
Change-Id: I57bbf55c7aba1c86ec8687d2431a50b37e63c6d0
When the network is a VPN, NetworkMonitor needs to know whether
the VPN requests validation, and that information is stored in
NetworkAgentConfig. Pass it.
Test: FrameworksNetTests
Change-Id: I3616f0796b69ce054d92213aafdef43ba7041596
This adds a new API that lets VPN apps using VpnManager request
that the platform run its basic validation check on the resulting
network.
Bug: 184750836
Test: atest FrameworksNetTests
Change-Id: I00092eee857d3e33529b19461cfd5dd060a0fe20
Passing one of RECEIVER_EXPORTED or RECEIVER_NOT_EXPORTED is
required for all code targeting T or above. The correct value
here is RECEIVER_NOT_EXPORTED because the receiver is being
registered in the system server and the broadcast comes from
the system server itself (same UID).
This does not need to be guarded by OS version because
CarrierPrivilegeAuthenticator is only used on T+.
Test: m
Fix: 217642082
Change-Id: I09840b17bd54352896607737b56c6a692ffbd2c2
Test that NsdManager specifies the correct network when a service is
discovered, and that services can be resolved on a specified network.
Also test that service discovery can be started on a specific network.
Bug: 190249673
Test: atest NsdManagerTest
Change-Id: Ie8b551ce9e33e3adf35f75508f91bbd0df71f837
* changes:
Prevent native_init from starting TrafficController
Remove libutils dependency from libservice-connectivity
Merge libtraffic_controller_jni into libservice-connectivity
[NETD-TC#15] Make ConnectivityService and PermissionMonitor calls BpfNetMaps on T
* changes:
Expose access UIDs.
Send access UIDs to netd
Add accessUids to NetworkCapabilities.
Clean up restrictions on network agent capabilities
Sanitize NetworkCapabilities from agent on the handler thread
