The proc file of xt_qtaguid module is not necessarily exist on future
devices. We should only check it if the device need to read the stats
file for network usage information.
Bug: 79938294
Test: NetworkUsageStatsTest TrafficStatsTest
Change-Id: I5ac6feef8b9a26daa68b381a985925e24b0d80af
This patch ensures that creation and modification of IPsec tunnels
requires the MANAGE_IPSEC_TUNNELS appop.
Bug: 115685048
Test: IpSecManagerTunnelTest fails without appops set
Change-Id: I6c60a2573ca521717877f36e28a392b0d3b62754
This change makes all requestIDs use the UID of the creator, ensuring
that rekeys always use the same requestID. This also has the nice
property of separating app's resources from each other, and allowing for
identification of which app/UID allocated the resources from
command-line dumps (eg ip xfrm state show)
Bug: 111841561
Test: Updated tests & passing taimen
Change-Id: I4f1eadcdb795766ae4682b15e41727359c52fa38
This patch changes tunnel mode security policies to use the actual
tunnel's local and remote addresses to select the SA.
This prevents the kernel from calling xfrm_get_saddr(), which does a
route lookup, potentially resolving an incorrect saddr.
Bug: 79384676
Test: CTS, IpSecService* tests passing
Change-Id: I8223225e2363a79591a0bb0040aa8619cf84c184
This first version can serve discover/request/release, although there
are some small behavior changes with current implementation which will
be addressed later.
Also removes final modifiers on start() and stop() in FdEventsReader, to
allow mocking the methods in tests with the current mockito lib.
Test: Added tests pass, manual: flashed a device using the server
Change-Id: I025366ff7d51c4ba31152af50f3dd2b5e280a54d
For packages:
android.net.wimax
android.net.wifi.p2p.nsd
android.net.wifi.p2p
android.net.wifi.hotspot2.pps
android.net.wifi.hotspot2.omadm
android.net.wifi.hotspot2
android.net.wifi.aware
android.net.wifi
android.net.util
android.net.sip
android.net.rtp
android.net.nsd
android.net.metrics
android.net.lowpan
android.net.http
android.net.captiveportal
android.net
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: Ie25423113ee1a8071cd5039382c00de6ce0af7fd
Merged-In: I520be7a4c79e68310c12e4f55bf66acaa94145a1
For packages:
android.app.usage
android.app.trust
android.app.timezonedetector
android.app.timezone
android.app.timedetector
android.app.job
android.app.backup
android.app.assist
android.app.admin
android.app
This is an automatically generated CL. See go/UnsupportedAppUsage
for more details.
Exempted-From-Owner-Approval: Mechanical changes to the codebase
which have been approved by Android API council and announced on
android-eng@
Bug: 110868826
Test: m
Change-Id: I5d15d50344d7178617418846917f693cfabf006b
Merged-In: I618c5dc4462ae990d9df45c3e9ed3f092cc5138c
LocalServices.addService in NetworkStatsService is currently failing
with IllegalStateException "Overriding service registration". Setting up
LocalServices in the test to avoid this issue might be possible, but
moving the registration to the only non-test caller of that constructor
as done here solves the issue and avoids side-effects from a constructor.
Test: atest FrameworksNetTests does not choke on this test
Bug: b/78487385
Bug: b/80082746
Change-Id: I5dba98fc79aec0800c8b71e6c7e23d1cfbcae852
Merged-In: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0
(Clean cherry-pick of go/ag/4061255)
The current networkStats getIfaceStats implementation check if
bpf is enabled, and use bpf to get all traffic stats. However,
the bpf implementation did not contain tcp packet counts. So
data stall detection in DcTracker could not get the packet
count to trigger data stall. Hence the data stall never
triggers for device that enables bpf.
This solution is for short term solution that rollback the
design to use xt_qtaguid for bpf enabled device.
Bug: 110443385
Test: 1. fake data stall to trigger data stall recovery
2. enable debug log to make sure tcp packet count is
correct
3. runtest frameworks-net
4. run cts -m CtsUsageStatsTestCases
Change-Id: I1ce9e92fe194da2ea0a3eec014fd50bb50cdd44a
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Manually merging this due to skipping a merge
conflict at ef9f2740a790feceaa47a24b1a179e93c4ffb5e6
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
