This change specifies the required minimum supported keepalives
in SDK, and allows OEMs to customize supported keepalive count
per network through resource overlay.
Bug: 129371366
Test: 1. m -j doc-comment-check-docs
2. atest FrameworksNetTests
Change-Id: I0218f3674628c13ead63fc9a873895ba7f113033
The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
Merged-In: I9b65a2eef94567d2b79a9955619938e64906080d
Merged-In: I78d78dd421cc3ffea774ff5eaa6aa758debc9cf2
(cherry picked from commit 9e046d509a37c6f37b4757f1681846cee60cfd5c)
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I895d2b57da658d5bed28ebe128611d5d15835742
Merged-In: I9f708a252ab606b782f5f828dce8c1690c3703bf
Merged-In: I895d2b57da658d5bed28ebe128611d5d15835742
(cherry picked from commit cc21fbd483138771dae04f4d86ab411e2e88e575)
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16bf49f678d4a43c220e1d67393170459)
The tests are run both in unit and CTS tests.
Test: atest FrameworksNetTests NetworkStackTestCases
Bug: 129200175
Change-Id: I52976bbbaca26fb317836e8461e372c25df02a22
This reverts commit bc571c7cc8.
Reason for revert: Rolling forward, will fix tests in same CL stack.
Bug: 114231106
Bug: 130397860
Test: FrameworksNetTests
Change-Id: Ia8a0c99b4e1fd5dff26c881715cd876618ca4321
This reverts commit 4773027064.
This change does not have any topic: not reverting the other 2 commits in the original topic.
Reason for revert: broke FrameworksNetTests presubmit: b/130397860
Change-Id: Iff41d9fe97fafea44680c8d67d1ce19277548cc0
This adds the moved tests to CTS as well.
The moved unit tests are appropriate for CTS as they test data holder
classes that need to function properly for apps to work.
Test: atest FrameworksNetTests
Test: atest CtsNetTestCases: added tests pass
Bug: 129199900
Change-Id: I4c3d31ed595024af84093ca9110ed43633c383f4
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: Ic78ff947250871fa773252c924f1dee9395c6074
(cherry picked from commit 054e3e0f5ebfffe5d9fdd0095abac309552ae0cd)
The common package covers tests that should be included both in CTS and
unit tests.
Test: atest FrameworksBaseTests
Bug: 129199908
Change-Id: I9c138d49ce010edde095e4bd3c47e36ca301634a
The argument of IpPreFix#contains() has been marked as @NonNull.
So the IpPrefixTest#testContainsInetAddress should not test
contains() method wiht null object.
Bug: None
Test: atest FrameworksNetTests
atest IpPrefixTest#testContainsInetAddress
Change-Id: I2f6bee19514dc47702f64d2a2bbf02d8b7b1b407
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
This API is similar to one provided by NetworkStatsFactory with the
difference that NSS also migrates traffic from VPN UID to other apps.
Since traffic can only be migrated over NetworkStats delta, NSS
therefore maintains NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSS records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or getDetailedUidStats API is invoked by
one of its callers.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: manually verified that battery stats are migrating traffic off of
TUN (after patching above CL where we point BatteryStats to use this
API).
Change-Id: Ib0f0c2d4d41ee1d7a027ea9da457baaf198d649e
VPN uid.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I9d8d0cc58d18002c1c96f8ddff780ef8dc452d21
Fill correct TOS/TTL value by fetching them from kernel with
getsockopt.
bug: 123967966
Test: -build, flash, boot
-atest FrameworksNetTests
Change-Id: I75b1be51040b4a381163958b4cddd27dbb22bac1
1. Some API's argument/return value must be marked either
@NonNull or @Nullable.
2. Change some system APIs to public APIs.
3. Modify the method name
Bug: 126700123
Bug: 126702339
Bug: 126699682
Bug: 118296575
Bug: 126699216
Bug: 126699675
Bug: 126699429
Bug: 126699193
Bug: 123586045
Test: atest FrameworksNetTests
Change-Id: Iaa2832cdcf83758ed0fec81b954a0c63bc5a7bf6
Replace TcpSocketInfo with TcpKeepalivePacketDataParcelable
because their structures are very similar.
bug: 128882321
Test: -build, flash, boot
-FrameworksNetTests
Change-Id: Iafb4031a64ba4775a495c156e2c997d890c6b261
This is necessary to allow usage of ApfCapabilities as-is in AIDL,
instead of relying on ApfCapabilitiesParcelable, assuming that stable
AIDL starts allowing usage of @SystemApi classes. The Parcelable
implementation would be convenient for clients in any case.
Bug: 126477266
Test: atest FrameworksNetTests
Change-Id: Id2ef3cad261832a2918ccb6bb6bc154d99d75746
In some networks, network validation may only get success
result for http probe but fail result for https probe.
For this kind of network, it may still work at some websites
or apps, but user didn't know about that. In order to fix this
issue, we will check if network has partial connectivity and
notify user to make a choice if they want to use this partial
connectivity or not.
Bug: 113450764
Test: 1. Build pass.
2. Fake partial connectivity case for testing.
3. atest FrameworksNetTests
4. atest NetworkStackTests
Change-Id: I69ed00ac4850904ff708c9fef22e148879a10e92
When offload is starting, socket will be switched to repair
mode. Read and write on the socket will not be allowed until
repair mode is turned off. If remote packet arrives, repair
mode will be turned off automatically and a callback will
be raised to indicate that socket is ready to read from.
Bug: 114151147
Test: -atest FrameworksNetTests
-manual
Change-Id: I0c335865912e183e7ad32a8ea12188f02ccde5fd
Depending on usage move into NetworkStackUtils or shared
Inet4AddressUtils.
Test: atest FrameworksNetTests NetworkStackTests
Bug: 112869080
(Cherry-pick of aosp/881952)
Change-Id: Ie20dcee375b377236004a7689890729493aca857
