Shell has TETHER_PRIVILEGED permission. To avoid any service to adopt
shell identity by lunching service with Shell process, gate
exemptFromEentitlementCheck by NETWORK_STACK.
Bug: 157702014
Test: atest TetheringCoverageTests
Change-Id: I6ddfda23d36ea9981e3e1eb5a87767f452a65852
Merged-In: I6ddfda23d36ea9981e3e1eb5a87767f452a65852
- Add New class PrivateAddressCoordinator to coordinate the private
address conflict problem.
- Downstream prefix would be random in 192.168.0.0/24 ~
192.168.255.0/24.
- If new upstream prefix is conflict with existing downstream prefix,
downstream would be kicked out and it would request a new one.
- The last conflict upstream prefixes would be blacklist. Avoid to
select downstream prefix which is conflict with prefixes in blacklist.
Bug: 130879722
Test: -build, flash, boot
-atest TetheringTests
Merged-In: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
Change-Id: Ib45b87bcd9eeb5da03fb7ec90b1af9ca53998cf5
This effectively reverts:
commit da0fb1bca8
Author: Maciej Żenczykowski <maze@google.com>
Date: Wed Feb 19 01:24:39 2020 -0800
Reduce advertised ipv6 mtu by 16 to fit ethernet header
This is a temporary hack to workaround the inability of current
kernel's ebpf bpf_skb_change_mode() function to prefix a 14-byte
ethernet header on to a packet without going over the upstream
(source, rawip) interface's mtu *before* we bpf_redirect() to
the downstream (destination, ethernet) interface.
Test: build, atest, atest TetheringTests
Bug: 149816401
Test: flashed a flame with new kernel and it works at 1500 mtu
Bug: 149816401
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I76a75a16fa27b47d78816b2f9379ef4bb68beb00
If upstream is cellular, set the TTL in Router Advertisements to
"network-set TTL - 1" for carrier requirement. For other non-cellular
upstream, set TTL as "network-set TTL + 1" to preventing arbitrary
distinction between tethered and untethered traffic.
Bug: 154776299
Test: atest TetheringTests
Merged-In: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Change-Id: I7f2696a642f96c6aafb5613b980bf5bcdd08bbda
Bug: 154869719
Test: atest TetheringTests
Original-Change: https://android-review.googlesource.com/1288503
Fix TetheringServiceTest test WRITE_SETTINGS permission failure
AdoptShellPermissionIdentity can not pass permission check by
Settings#checkAndNoteWriteSettingsOperation. It would compare the caller
uid and its package name. See error below:
1. java.lang.SecurityException:
Specified package com.android.shell under uid 10239 but it is really 2000
2. java.lang.SecurityException:
uid 10245 does not have android.permission.UPDATE_APP_OPS_STATS.
Override the method and test if caller hold WRITE_SETTINGS directly.
Bug: 154869719
Test: TetheringTests, TetheringCoverageTests, NetworkStackNextTests,
NetworkStackCoverageTests
Original-Change: https://android-review.googlesource.com/1313806
Change-Id: I7beea3f011d930e433443ed62d772a3f8cce5d78
Merged-In: I7beea3f011d930e433443ed62d772a3f8cce5d78
Add the specific implementation of onNewPrefixRequest callback
on IpServer side, also refactor some common code.
Bug: 130741856
Test: atest TetheringTests
Merged-In: If2871bf899cb5890bbfee18063a194c92b6f474e
Change-Id: If2871bf899cb5890bbfee18063a194c92b6f474e
1. Move isTetheringSupport logic from TetheringService to Tethering.
2. Small readability improvement in TetheringTest. Also change
config_tether_upstream_automatic from false to true in TetheringTest.
So TetheringTests would default run automatic select upstream flow
instead of selecting by legacy perferred network type list.
Bug: 153609486
Test: atest TetheringTest
Change-Id: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
Merged-In: I5a82a6347f62d3a7031db5c56e8e0c8530dafd8f
- Correct description and spelling in the code and xml files.
- Add a TODO for refactoring the IpServer constructor.
- Refine the if-statement for starting IP neighbor monitor.
Bug: 149997301
Test: atest IpServerTest
Original-Change: https://android-review.googlesource.com/1309273
Merged-In: If9c8bc6f785fa80575db56de4e223292e9807ace
Change-Id: If9c8bc6f785fa80575db56de4e223292e9807ace
The tether bpf offload can be enabled by resource config and
device config. The device config has higher priority and it
could override this config which is set by resource config.
Bug: 149997301
Test: -build, flash, boot
-atest TetheringConfigurationTest
Original-Change: https://android-review.googlesource.com/1276007
Use device option to control BPF offload features
If BPF offload device config is not enabled:
- Does not add/remove offload forwarding rules through disabling IP
neighbor monitor.
- Does not apply the RA MTU reduction.
Bug: 149997301
Test: atest IpServerTest
Original-Change: https://android-review.googlesource.com/1284578
Merged-In: I2d6f80f0229f580c4b16243a064e889a6c37f77a
Change-Id: I2d6f80f0229f580c4b16243a064e889a6c37f77a
To exempt from entitlement check, caller need to hold TETHER_PRIVILEGED
permission.
Bug: 141256482
Test: atest TetheringTests
Change-Id: I2eb37f5e92f5f5150a7fb7c25b945e28704d27a0
Merged-In: I2eb37f5e92f5f5150a7fb7c25b945e28704d27a0
1. Change ArraySet usage to BitSet
2. Change mCellularUpstreamPermitted to mLastCellularUpstreamPermitted.
Before this change:
a member variable(mCellularUpstreamPermitted) is
used to check whether cellular upstream is permitted, the code must
ensure to update this variable once entitlement result is changed or the
entitlement check is triggered but does not have a result yet.
In this change:
Instead of storing the information about whether cellular is permitted in
a member variable. The information is recalculated every time when user
call isCellularUpstreamPermitted(). Now isCellularUpstreamPermitted() is
always be used to check whether cellular upstream is permitted no matter
inside or outside EntitlementManager.
This make the code be easier to maintain that we do not need to care
when mCellularUpstreamPermitted need to be updated because the
information would be recalculated every time. And the recalculation is
lock free because this is only used inside tethering while running in
the same thread.
Bug: 141256482
Test: atest TetheringTests
Merged-In: Ic83f42ff4eec38adf039d55d80fcb9b0f16373cc
Change-Id: Ic83f42ff4eec38adf039d55d80fcb9b0f16373cc
In order to mock constant in unit test, a dependency object is
introduced with minimum code change to achieve this.
Test: atest TetheringTests
Bug: 149467454
Change-Id: I38628daddcb7be7c74846e78d36dc88f065b97d9
Merged-In: I38628daddcb7be7c74846e78d36dc88f065b97d9
(cherry picked from commit 29aee20bfa)
The OEM implemented tether offload does not support
data warning since the HAL only tells the hardware about data limit
but not warning. However, to add such interface in HAL needs OEM to
comply and implement in hardware.
Thus, as a short-term solution, polls network statistics from HAL
and notify upper layer when it reaches the alert quota set by
NetworkStatsService.
Note that when CPU is sleeping, the data warning of tethering offload
will not work since the polling is also suspended.
Test: manual
Test: atest OffloadControllerTest
Bug: 149467454
Change-Id: I2467b64779b74cd5fec73b42fb303584f52cb1cb
Merged-In: I2467b64779b74cd5fec73b42fb303584f52cb1cb
(cherry picked from commit 93660e382c)
Address issues found during AIDL review:
- Rename clientAddr to singleClientAddr
- Do not use a ParcelableBundle for notifyNetworkTested or
notifyDataStallSuspected; instead use AIDL parcelables for stronger
backwards compatibility guarantees.
Test: atest NetworkMonitorTest ConnectivityServiceTest
ConnectivityServiceIntegrationTest, manual
Bug: 153500847
Merged-In: Id9b71784e5f6294d203230e57737979e063ff0f8
Change-Id: Id9b71784e5f6294d203230e57737979e063ff0f8
Stop depending on Preconditions that is not released on the same cadence
as the module, and is maintained as part of the framework.
Bug: 148636687
Test: atest TetheringTests NetworkStackNextTests
Merged-In: Id0dcec44f362f79bc8c046d722635687a7388aa2
Change-Id: Id0dcec44f362f79bc8c046d722635687a7388aa2
Catch NoSuchElementException to unbreak no offload devices.
To consistent with fetching offload config service, retry fetcheing
offload control service.
b/152430668#comment4 assert that the fetch will be retried only
if the service is installed on the device.
Bug: 155026033
Test: run TetheringCoverageTests in virtual devices(do not support
offload)
Merged-In: Ie0a32a9062c722327a27c6de13e3bb8d9588bebb
Change-Id: Ie0a32a9062c722327a27c6de13e3bb8d9588bebb
1. Let restricted notification that can be dismissed.
2. Only put up restricted notification when any of tethering is
activating.
Bug: 154214549
Test: atest TetheringTests
Change-Id: Ib980aca154036828abdab35e3bb11d42f85ff610
Merged-In: Ib980aca154036828abdab35e3bb11d42f85ff610
(cherry picked from commit 2eb66bdbe4, aosp/1290334)
All carriers discarded the requirement to put up a standing
notification when tethering is on. Thus, remove the "tethering
is on" notification.
Bug: 154438388
Test: atest TetheringTests
Change-Id: Ife3915837b6b7b83d3eaaa84b71b6409ff37b71c
Merged-In: Ife3915837b6b7b83d3eaaa84b71b6409ff37b71c
(cherry picked from commit 0171c07d05dd2625c6dcfd47977a701ddc2d5d36, aosp/1289107)
The CL that moved the initialization of the tethering offload
config HAL from C++ to Java caused the code not to retry
fetching the service if it is not ready when tethering is
started. This is because the C++ version of getService() retries,
but the Java version only retries if getService(true) is called.
Make the new code retry as well.
b/152430668#comment4 asserts that the fetch will be retried only
if the service is installed on the device, so the retries should
be attempted (and thus should not have any startup time impact)
on devices that do not support tethering offload.
Bug: 152430668
Test: builds, boots, tethering offload works
Merged-In: I093f127d90b2aa1b13eb0748378a24726d419472
Change-Id: I093f127d90b2aa1b13eb0748378a24726d419472
Warn user of potential data charges if the backhaul is
cellular and user is roaming.
Bug: 145629001
Test: atest TetheringTests
Change-Id: I74b4f87c2f6aad09e05d3f2a779f880396885953
Merged-In: I74b4f87c2f6aad09e05d3f2a779f880396885953
(cherry picked from commit 1af69e5b8f339bde5b70886d80960ce22c847245, aosp/1237026)
EntitlementManager and its callers(Tethering and UpstreamNetworkMonitor)
run in the same threads.
Bug: 141256482
Test: atest TetheringTests
Merged-In: I0a376d28b123eaab2e8d00a98a4719ce983d3bb2
Change-Id: I0a376d28b123eaab2e8d00a98a4719ce983d3bb2
Reminder user of unavailable tethering status if there is no
internet access.
Bug: 147818698
Test: atest TetheringTests
Change-Id: Ic6557f9f7703337596100cd6a477fd7239217166
Merged-In: Ic6557f9f7703337596100cd6a477fd7239217166
(cherry picked from commit ac1b098acc504b60e85b3dcd22941f4e293865ae, aosp/1237036)
This is used to fix the race when quickly OFF/ON wifi tethering.
When IpServer is started/stopped, there is callback update tethering
interface status. Before this change, IpServer is stopped when wifi
ap is disabling. Then the next startTethering may fail in wifi because
wifi is in disabling state.
Error pattern: WifiService: Tethering is already active.
No unitest for this CL but it fixed the CtsTetheringTest flakty rate
than around 30% to 0 for more than 100 runs.
Bug: 153925821
Test: atest CtsTetheringTest --iteration 100
Merged-In: I8b65f621abe20799a3a0d410ba1f06368746ee49
Change-Id: I8b65f621abe20799a3a0d410ba1f06368746ee49
These events don't have MAC addresses, so the code attempts to
create an Ipv6ForwardingRule with a null MAC address. This
crashes when attempting to get the raw MAC address bytes to send
to netd in the TetherOffloadRuleParcel.
This was not caught by unit tests because the test exercise this
code path in a way that is not correct (by sending RTM_DELNEIGH
and NUD_FAILED events with MAC addresses). Fix the unit tests to
properly pass in null MAC addresses for these events.
Bug: 153697068
Test: fixed existing tests to be more realistic
Merged-In: I26d89a81f1c448d9b4809652b079a5f5eace3924
Change-Id: I26d89a81f1c448d9b4809652b079a5f5eace3924
1. Add TETHERING_ETHERNET to vaild downstream type. So starting
ethernet tethering will do entitlement check as well.
2. Ignore request with invalid downstream type on
handleRequestLatestTetheringEntitlementValue()
Bug: 152828758
Bug: 152828142
Test: atests TetheringTests CtsTetheringTest
Change-Id: Id0cb59cc4681f5ffbde7be54de05a05e46f0ffb8
Merged-In: Id0cb59cc4681f5ffbde7be54de05a05e46f0ffb8
(cherry picked from commit c502e050fd9543e8bde45014dd66ea1be91c90ef)
The netd tethering offload IPCs are changing from taking a list
of primitives to taking a TetherOffloadRuleParcel. Modify their
only caller.
Bug: 140541991
Test: atest IpServerTest
Merged-In: I83718c80ef9d31199c87021b4dd5821717fd5ba5
Change-Id: I83718c80ef9d31199c87021b4dd5821717fd5ba5
Tethering service is created after boot complete which means most of
the services are ready before tethering. Once tethering register the
callback, callback event may come-in immediately. Make sure all of
tethering related object is created, then register the callback,
receiver, or listener.
Bug: 149965121
Test: atest TetheringTests
manual on/off tethering
Change-Id: Ifdc427341db7d1313ad4b61207a96ab379d100aa
Merged-In: I3941a186770679e7b476073d774e2310e25e44c6
(cherry picked from commit 285be1ee938ddc9728ccc3e951ed0ed1b2fa7117)
Otherwise, if another downstream of the same type reappears, the
code would fire a callback with the previous list of clients.
Bug: 150644681
Test: atest TetheringIntegrationTests:EthernetTetheringTest --rerun-until-failure 100
Change-Id: I6b34ea747ae1831001077f44879bb6828dcecc96
Merged-In: I6b34ea747ae1831001077f44879bb6828dcecc96
(cherry picked from commit 3984360f642ddd5820ced5a6935e37a8ae0d9d76)
If tethering is restricted to the user, show restricted
notification to notify the user.
Bug: 122085773
Test: atest TetheringTests
Change-Id: Ic5baca2d6102886f4c3530ce1e321b5dab6ea9d7
Merged-In: Ic5baca2d6102886f4c3530ce1e321b5dab6ea9d7
(cherry picked from aosp/1188867)
