This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Manually merging this due to skipping a merge
conflict at ef9f2740a790feceaa47a24b1a179e93c4ffb5e6
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
* changes:
Disable the AppOp Restriction for IpSec Tunnels
Rework Exception Handling for IpSecManager
Update IpSecManager to use InetAddress and prefixLen
Add AppOps Checks for MANAGE_IPSEC_TUNNELS
Add MANAGE_IPSEC_TUNNELS Permission
This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
In order to properly support EOPNOTSUPP this CL
applies a consistent approach to handling Exceptions.
Hereafter, all exceptions that aren't of a special
method-specific type (such as SpiUnavailableException)
will all be returned to the calling process unchanged.
At the API call site, the ServiceSpecificException,
which is really an Errno, will be inspected and either
converted to an unchecked exception for types we know,
or it will be converted to an IOException in cases where
that method can return a checked exception. In cases
where we do not expect an errno, we will simply throw
a generic RuntimeException. This means all API calls
will now properly throw UnsupportedOperationException
and may be CTS tested accordingly.
Bug: 72420898
Test: runtest frameworks-net
Merged-In: I4a00e221618896223fcdb4b4279fb14cd14e34d8
Change-Id: I4a00e221618896223fcdb4b4279fb14cd14e34d8
(cherry picked from commit beed0b61b7)
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit d39837f7e2)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 65ef843176)
Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Merged-In: I0f618373b500c493ef2211bece681f74652a1833
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
(cherry picked from commit 00e77247eb)
The current implementation check for bpf map existance whenever a
NetworkStats request comes in. The check is not efficient and may
require additional permission for threads. So a member variable is added
to NetworkStatsService to store the bpf configuration status and is
initialized when NetworkStatsService start.
Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
-m CtsUsageStatsTestCases -t android.app.usage.cts.NetworkUsageStatsTest
Bug: 79994577
Change-Id: I872ae18fb3e9631a4e6c4d773fefbba32e60a03b
Merged-In: I872ae18fb3e9631a4e6c4d773fefbba32e60a03b
LocalServices.addService in NetworkStatsService is currently failing
with IllegalStateException "Overriding service registration". Setting up
LocalServices in the test to avoid this issue might be possible, but
moving the registration to the only non-test caller of that constructor
as done here solves the issue and avoids side-effects from a constructor.
Test: this test passes in master through runtest frameworks-net
Bug: b/78487385
Bug: b/80082746
Change-Id: I884a7a8bd7db3fcd220b785ba9914ac8c77720f0
We've seen reports of negative values flowing through to attempt
being recorded, which will outright crash. This change does one
last-ditch check to see if we're about to work with negative values,
reporting any trouble and clamping them to zero so we don't crash.
This gives us the data we need to continue investigating without
triggering runtime restarts in the field.
Bug: 80057433
Test: atest android.net.NetworkStatsTest
Change-Id: I8174391c6cf5dadc2c2c10a8d841ee07e1f7d934
The current implementation check for bpf map existance whenever a
NetworkStats request comes in. The check is not efficient and may
require additional permission for threads. So a member variable is added
to NetworkStatsService to store the bpf configuration status and is
initialized when NetworkStatsService start.
Test: -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
-m CtsUsageStatsTestCases -t android.app.usage.cts.NetworkUsageStatsTest
Bug: 79994577
Change-Id: I872ae18fb3e9631a4e6c4d773fefbba32e60a03b
Convert to using a constant in INetd to ensure
that there is a consistent tunnel prefix between
Java and native code.
Bug: 74560705
Test: atest FramworksNetTest; atest CtsNetTestCases
Change-Id: Ida233aac2e6c6b26567463964e0ebac9d52eff1e
(cherry picked from commit 7be7f4596a)
Convert to using a constant in INetd to ensure
that there is a consistent tunnel prefix between
Java and native code.
Bug: 74560705
Test: atest FramworksNetTest; atest CtsNetTestCases
Change-Id: Ida233aac2e6c6b26567463964e0ebac9d52eff1e
(cherry picked from commit 7be7f4596a)
Convert to using a constant in INetd to ensure
that there is a consistent tunnel prefix between
Java and native code.
Bug: 74560705
Test: atest FramworksNetTest; atest CtsNetTestCases
Change-Id: Ida233aac2e6c6b26567463964e0ebac9d52eff1e
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
Merged-In: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
(cherry picked from aosp commit b815c978b81eee4b1494bd0b9d25bfad52f08b72)
After adding the xt_bpf module and ifaceStatsMap, eBPF tool can now
support reading per interface data. So networkStatsFactory should move
away from parsing proc/net/dev and use the eBPF map stats instead.
Bug: 72111305
Test: atest com.android.server.net.NetworkStatsServiceTest
Change-Id: Ibcc6150d00835b3bd33af22a72e4a86e172581cf
Merged-In: Ibcc6150d00835b3bd33af22a72e4a86e172581cf
(cherry picked from aosp commit dcc56783f5b945b16c9f5e50333fba557a7c3603)
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
