NetworkStatsService uses an internal boolean to know when it has
started for the purpose of preventing access to other internal
variables before they are initialized.
However that boolean is set to true in systemReady() non-atomically
with respect to the initialization of the other variables it guards,
which can cause the system server to crash.
This patch fixes this concurrency bug by moving setting the internal
boolean flag and the variable it guards in one atomic synchronized
block.
This patch also removes code checking if bandwidth control is enabled,
because this is now always true.
Bug: 132767673
Test: Compiled.
Change-Id: Ia089b5767ce271d669879c975508654d4dd03429
Also a few utilities that were in the way, and some opportunistic
cleanups.
Test: FrameworksNetTest NetworkStackTest
Change-Id: I385070e2044fd967cb18f1ffea9a86a4627b742e
This change removes the now-unused VPN arrays in the network stats
observer and recorder classes. These are always null values in every
call site.
Bug: 113122541
Bug: 120145746
Bug: 129264869
Bug: 134244752
Test: FrameworksNetTest passing
Test: Manual tests show data usage fixes maintained.
Change-Id: Ieb8645acc400fdaeb0df7092c5369b96f9f35af9
This change fixes detailed UID stats to ensure network and battery stats
both take VPNs into account. NetworkStatsFactory is being made aware of
VPNs enabled, and the full set of underlying networks present.
Since traffic can only be migrated over a NetworkStats delta, NSF
maintains a NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSF records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or NetworkStatsService's
getDetailedUidStats() method being called.
This change widens the scope of the existing mPersistentSnapshot lock,
renaming it to mPersistentDataLock, and ensures that TUN migrations are
not done in parallel. Additionally, mVpnInfos is updated via
pointer-swapping, to reduce the scope of the mPersistentDataLock.
The safety of this change is predicated on:
1. NetworkStatsFactory lock not held, so services cannot deadlock through
the cyclical lock.
2. The broadening of the scope of the lock in NetworkStatsFactory has no
threading implications, as it is always the last (leaf node) lock held,
and therefore is impossible to have lock inversion.
Additionally, to ensure VPNs work with 464xlat, the VPN info passed to
the NetworkStatsFactory includes all underlying interfaces, instead of
only passing the first one.
This (partially) re-applies changes from:
aosp/972848: Add one more test for VPN usage stats.
aosp/972847: Addressing comments for http://ag/7700679.
aosp/885338: NetworkStatsService: Fix getDetailedUidStats to take VPNs
into account.
Co-developed with: Varun Anand <vaanand@google.com>
Bug: 113122541
Bug: 120145746
Bug: 129264869
Bug: 134244752
Test: FrameworksNetTest passing
Test: Manual tests show data usage fixes maintained.
Change-Id: I6466ec1411fc5ed6954125d27d353b6cd1be719e
This change removes a redundant line in the xt_qtaguid_with_clat test
file.
Bug: 134244752
Test: FrameworksNetTest passing
Change-Id: I87deb82ba960102b617ab27362e8c5899fa478f8
This reverts commit 612520f544.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I2f1839d7776a613ca571af8a542755ddc5fc8760
Merged-In: Ibdaad3a4cbf0d8ef1ed53cfab1e454b9b878bae9
This reverts commit 2af0b66aba.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I37f75c2b243ea548a88ef1dae88287405c6ef55f
Merged-In: I0c00e8f0e30cee987b71b561079a97bf09d4dae4
This reverts commit 4d83f3e073.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I12ab724e2ef8a5c1b42078330ba74713ff86fdd1
Merged-In: I5fbb3443a39a21fc9d96442726cd10d20e8d61cd
This reverts commit 635b441ff9.
Reason for revert: This change has been implicated in 4-way deadlocks as seen in b/134244752.
Bug: 134244752
Change-Id: I87ddc0af9ff6fbd9b7afd6d4d24985b9b7205416
Merged-In: I64b48d575f2e6ec4cb7d2d100a859a30af0501dc
(cherry picked from commit 20204cdf6a)
Covers the case where the majority of traffic through the VPN is
caused by the VPN app itself, and ensures that that traffic is
correctly attributed to the VPN app as opposed to spread between
the other apps that use the VPN.
Bug: 120145746
Test: atest NetworkStatsServiceTest
Change-Id: Ibd7646dc088fa4180abd696e89c3148ff34ce190
Merged-In: Iffd3f95fc2e11d311691a797b010edb38d2ef3c6
(cherry picked from commit 78d5ac4f8f)
Note, that its in a separate CL so we could cherry-pick this CL to aosp.
http://ag/7700679 is already in aosp (http://aosp/865073).
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Change-Id: Ic1767bc8bf1460e4223f86465fc72344428e6055
Merged-In: I7cfda226b4ed11b67002b83b38fba0f5caf96718
Split-tunnel VPN (which are the only ones affected by this change)
always fall through to the default network for routes they don't
handle, and even if the underlying network(s) don't provide access
this may be a pinhole that can actually reach the broader network.
In practice this behaves like the original release of P and is the
safest thing to do for Q. In R we should evaluate giving the VPN
app the ability to simply tell the network stack whether it does
provide Internet access or not.
Bug: 119216095
Test: FrameworksNetTests NetworkStackTests
Change-Id: I262ca41fe0225660551c9a421562405366b6acac
This is the most common test library for Connectivity tests. It is
meant to be usable in framework tests, network stack tests, CTS,
GTS. To achieve that, it can only depend on framework classes.
Bug: none
Test: NetworkMonitorTest
Test: NsdManagerTest
Test: ConnectivityServiceTest
Test: OffloadControllerTest
Test: NetworkStatsObserversTest
Test: NetworkStatsServiceTest
(all the touched classes)
Change-Id: Ic47cbe7ba0e407145fa6bc49bb2adb3c5937dbc4
Also :
- Fix testUidFilteringDuringVpnConnectDisconnectAndUidUpdates that
was failing on devices with a first released SDK >= Q
- Add a test actually tests that the system has the permission, as
the test was only testing what's in the mock
Bug: 119770201
Test: New test making sure this stays true
Change-Id: I74cf5f0fa17fcf818f1fed78c7e3e4375c20152e
This is a follow-up commit for aosp/955431 to update commets
and minor updates in unit test.
Test: atest com.android.server.ConnectivityServiceTest#testCaptivePortalOnPartialConnectivity
Bug: 130683832
Change-Id: I581eae8daeddd2c4c186e7b40e27fef2aaa7ab43
Once a network is determined to have partial connectivity, it
cannot go back to full connectivity without a disconnect. This
is because NetworkMonitor can only communicate either
PARTIAL_CONNECTIVITY or VALID, but not both. Thus, multiple
validation results allow ConnectivityService to know the real
network status.
Bug: 129662877
Bug: 130683832
Test: atest FrameworksNetTests
Test: atest NetworkStackTests
Test: atest --generate-new-metrics 50
NetworkStackTests:com.android.server.connectivity.NetworkMonitorTest
Test: Simulate partial connectvitiy
Change-Id: I406c9368617c03a2dd3ab15fb1f6dbf539d7c714
When unregistering callback due to ON_UNAVAILABLE did not check for
a non-null callback.
Bug: 132950880
Test: atest ConnectivityServiceTest
Change-Id: I8f3322963f322e6690f1403681bf66e8b38b35f8
Currently, strict mode private DNS does not work on VPNs because
NetworkMonitor does not validate VPNs. When a VPN connects, it
immediately transitions to ValidatedState, skipping private DNS
hostname resolution.
This change makes NetworkMonitor perform private DNS hostname
resolution and evaluation even on VPNs.
In order to ensure that the system always immediately switches to
the VPN as soon as it connects, remove the unvalidated penalty
for VPN networks. This ensures that the VPN score is always 101
and the VPN always outscores other networks as soon as it
connects. Previously, it would only outscore other networks
when no-op validation completed.
Bug: 122652057
Test: atest FrameworksNetTests NetworkStackTests
Test: manually ran a VPN with private DNS in strict mode
atest android.net.cts.ConnectivityManagerTest com.android.cts.net.HostsideVpnTests
Change-Id: Iaa78a7edcf23755c89d7b354edbc28d37d74d891
This reverts commit bdf7048571.
Reason for revert: Adds dependency between IpSecService and
ConnectivityService may lead to future deadlock
problems. Uses a simpler approach instead,
hence the solution is not needed.
See aosp/954040.
Change-Id: Ibff278a6eee666cd85dba81c2bed94d568679b02
The onUnavailable semantics promise that it is equivalent to calling
the unregister callback method. But - it doesn't unregister the callback
allowing it to be reused. Fixed.
Additionally, modified the unregisterNetworkCallback method to not fail
on duplicate unregistration (since a callback could now self
unregister). Instead simply print a log.
Bug: 130651445
Test: atest ConnectivityServiceTest
Change-Id: I4c54b003a733eb0b1e4fd8674ed13081b1bef8e3
This reverts commit 2bb85a0bc0.
Reason for revert: Adds dependency between IpSecService and
ConnectivityService may lead to future deadlock
problems. Uses a simpler approach instead,
hence the solution is not needed.
See aosp/954040.
Change-Id: If6d537a39595cf132d3ed81d4eaac6700f5f0ab3
Delete the unused NetworkManagementService API for set/remove
permissions. Use PERMISSION_NONE to replace NO_PERMISSIONS so the
framework now use the same set of permission constant when communicate
with netd.
Bug: 128944261
Test: PermissionMonitorTest.java
Change-Id: I25224c9576f52d2a0a0bd2182325c7aac7b28eb5
Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I4961d5da343d8700600269632787c28112f0f9f1
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Change-Id: Ib921700eda417f411d7a2c77c1140fba9ab50bbb
Since socket keepalive APIs for UDP encapsulation sockets are
public to generic app. In order to ensure the given fd is valid,
this change verifies the resource id inside the UDP
encapsulation socket by using methods provided by IpSecService.
Bug: 125517194
Fix: 123968920
Test: 1. atest FrameworksNetTests --generate-new-metrics 10
2. atestcom.android.server.ConnectivityServiceTest \
#testNattSocketKeepalives --generate-new-metrics 100
Change-Id: I408aacc19b364683854d15a095c34e72389a6e5b
Some names were still wrong somehow, and the wrappers were
missing.
Test: NetworkStack & FrameworkNetTests
Change-Id: I475bd011ad9bc714a07021a9dfd85c4876f8e9ad
Merged-In: I475bd011ad9bc714a07021a9dfd85c4876f8e9ad
This change adds a new NATTKeepalive resource type, along with the
associated allocation/deallocation. Additionally, this change allows
ReferenceCountedResource(s) to not be binder-linked, to allow the
ConnectivityService to verify ownership and allocate a NattKeepalive
without double-registering for binder-death notifications.
Bug: 125517194
Test: IpSecService frameworks tests ran
Change-Id: I8293f79940ad57dabb6f2b9de5e334d06b869443
