am: b05b4d609f -s ours
am skip reason: change_id Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257 with SHA1 0586a60292 is in history
Change-Id: I64a66b8c08963428d409908f93c1d557fd9e4ff6
Public APIs for creating unprivileged NATT socket keepalive
might allow users to exhaust resource if malicious apps try
to create keepalives with fd which is not created by
IpSecService through binder call. Thus, this change add
customizable limitation per uid to prevent resource exhaustion
attack.
Bug: 129371366
Bug: 132307230
Test: atest FrameworksNetTests
Clean cherry-pick of aosp/954040
Merged-In: Ibcb91105e46f7e898b8aa7c2babc3344ef2c6257
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
Change-Id: I92f6d977b6dfde4e1bf74df6b60c9a0b9e8eec40
This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Clean cherry-pick of aosp/946359
Change-Id: I06840834d0ee8121358bf4829fe47ecf9964d395
Merged-In: I0218f3674628c13ead63fc9a873895ba7f113033
Merged-In: Ia667386c1a8949839871a6949d79552d9c8b88f0
In aosp/951200, the clean up function delete the item in the
hash map that holds the record while iterating it, where the
list used to iterate the records is backed by the hash map,
so changes to the map are reflected in the list and caused
the concurrent modification exception.
Bug: 132341736
Test: 1. atest com.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 300
2. atest FrameworksNetTests --generate-new-metrics 10
Change-Id: I0481a469ee23231e5f0ab738a06b5e09f6cdb680
am: 1140cb3dbb -s ours
am skip reason: change_id Id3f0d1c19a76c7987b69e449203fc50423f5e531 with SHA1 e6a0ed54d3 is in history
Change-Id: I0dc150eb7a4c72f381df12919de8e7ccfb341ba0
am: 4506469d8e -s ours
am skip reason: change_id Icfd80943212430b2a0e6a4b55f53270cbc3d1693 with SHA1 3f11892c07 is in history
Change-Id: I759c399eedf0e111de92b5d4538409b0a14759bb
am: 3d8ee7e355 -s ours
am skip reason: change_id I8d36177cbf4f39da602331e091a60a40f6eaea33 with SHA1 612724480f is in history
Change-Id: Icc484c8d0c483e3306a892f2ed0300109d1328e3
am: e3dc775c7f -s ours
am skip reason: change_id I85891485157ed86e069039dfe3092028ff703dd5 with SHA1 ecbcb7fbfc is in history
Change-Id: If9c8aa41c4e96a79b71c88f199a4f3b0483e31cd
am: 6e0c162246 -s ours
am skip reason: change_id I85891485157ed86e069039dfe3092028ff703dd5 with SHA1 ecbcb7fbfc is in history
Change-Id: Iec27ecd2f0c0636b066fa0fe83c049fff656343f
Bug: 132435820
Bug: 132437254
Original CL description:
Add FrameworksNetTests dependency on libcgrouprc
The tests are currently broken without this dependency.
Bug: 129902619
Test: atest FrameworksNetTests
Merged-In: I85891485157ed86e069039dfe3092028ff703dd5
Change-Id: I7daf6bdf8a9f8836d17746e1e352f8f75cd34adc
am: 5c31d4ff79 -s ours
am skip reason: change_id Iaa78a7edcf23755c89d7b354edbc28d37d74d891 with SHA1 2fca7e3cb3 is in history
Change-Id: I83461198c27a7252d5328283ae37cd52f3902863
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
Merged-In: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
(cherry picked from commit 414b8c8b1ce8ae2ad6ef95c1ffba19062077d3e6)
am: 29510ea4d8 -s ours
am skip reason: change_id I7de4f23370bdf9c9df5e74ed074c794080d93d95 with SHA1 afc8845452 is in history
Change-Id: I82ccab369a264ac6e7629a83d0ed9b1dbca67725
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
