am: 533f3bcdba -s ours
am skip reason: change_id I67005a5384888e8acaf1249af79484e2d5ed6f1f with SHA1 b7f02e19b0 is in history
Change-Id: I0a8d0cb21631db7909daef449dbf14b810a3b9f5
Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I4961d5da343d8700600269632787c28112f0f9f1
rethrowFromSystemServer is throwing DeadSystemException which
is different from the original log message. Thus, update the
way to rethrow the same RemoteException.
Bug: 130028724
Test: atest FrameworksNetTest
Test: Kill NetworkStack and check the log message
Change-Id: I60862e276dd4e2d143278b272a9ba54219acce26
Merged-In: Ic1766e839f8f06b539d5f6cfecd29547021fd1d9
Merged-In: I67005a5384888e8acaf1249af79484e2d5ed6f1f
(cherry picked from commit 7f581219e1a4706ea2b4438322a299986847b1c2)
am: f3420c999f -s ours
am skip reason: change_id Ic2faef44831575b2d03bc00ef2553d5c549adc95 with SHA1 f8905980dc is in history
Change-Id: I4775263c2f422a9738812b02be61e2af95e9c472
* changes:
Reinstate new VPN uid filtering unit tests
Revert new tests and PackageManager mock
Block incoming non-VPN packets to apps under fully-routed VPN
am: cce8a9da85 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ie9bfef68a5c78272d4c7b31e9427ba2f5c57d056
am: cd616ebc95 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ic26258dd1ef7a0f3c7c802d764f83a272c3d519f
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Merged-In: Ic2faef44831575b2d03bc00ef2553d5c549adc95
Change-Id: Ic2faef44831575b2d03bc00ef2553d5c549adc95
(cherry picked from commit 4469b1d8a543613d91a58a88488fd2022a0696b9)
rethrowFromSystemServer is throwing DeadSystemException which
is different from the original log message. Thus, update the
way to rethrow the same RemoteException.
Bug: 130028724
Test: atest FrameworksNetTest
Test: Kill NetworkStack and check the log message
Change-Id: I60862e276dd4e2d143278b272a9ba54219acce26
A mocked PackageManager caused test failures in existing tests.
Revert that for now to make tests pass again.
Bug: 114231106
Bug: 130397860
Test: atest FrameworksNetTests
Merged-In: Ib59e211d4329f885108de9ea0a74669ffb144e17
(cherry picked from commit 8574c9bf350ca60e2b21c759aa75bc3843ffde17)
Change-Id: I603a0b0dfb67a942679a668c182aa650774c80b2
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16bf49f678d4a43c220e1d67393170459)
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Change-Id: Ib921700eda417f411d7a2c77c1140fba9ab50bbb
am: c2f1cc8b8e -s ours
am skip reason: change_id Ideabe73fc93bbefca2d624ee9ca190cf31419424 with SHA1 683df1d39a is in history
Change-Id: I39438b1a3204aa82550ac83117a96f7549d19e42
This freezes the interface as of the latest beta build, not the tip of
tree. IIpClient#setL2KeyAndGroupHint is not in the frozen definition in
particular.
Generated with:
m networkstack-aidl-interfaces-freeze-api \
ipmemorystore-aidl-interfaces-freeze-api
Test: flashed, booted, WiFi and captive portal working
Bug: 128803828
Change-Id: Ideabe73fc93bbefca2d624ee9ca190cf31419424
Merged-In: Ideabe73fc93bbefca2d624ee9ca190cf31419424
(cherry picked from commit 9b89cdaaf401a6b77e160807039c06e537fa600a)
am: d6222a41c4 -s ours
am skip reason: change_id I0fc408d546ae9d72b7dd9415e502252b484d4329 with SHA1 ac1bcee0b8 is in history
Change-Id: I5ebe636715e8cf1ea5e42d12236c1f5fa07c38d0
This freezes the interface as of the latest beta build, not the tip of
tree. IIpClient#setL2KeyAndGroupHint is not in the frozen definition in
particular.
Generated with:
m networkstack-aidl-interfaces-freeze-api \
ipmemorystore-aidl-interfaces-freeze-api
Test: flashed, booted, WiFi and captive portal working
Bug: 128803828
Change-Id: Ideabe73fc93bbefca2d624ee9ca190cf31419424
