This CL temporarily removes the AppOp restriction
that disallows creation of IpSec tunnels due to
the lack of the appropriate AppOp in AOSP/master.
When the relevant framework merges out to master,
this CL should be reverted.
Bug: none
Test: compilation
Change-Id: Ic06c193f85f6bcdd0ead4238825c1add78703cde
LinkAddress constructors are currently @hide; this change updates
IpSecManager to use InetAddress and prefixLen, and then construct a
LinkAddress internally. LinkAddress is used over the binder interface to
IpSecService to ensure validity.
Bug: 77528639
Test: CTS, Java unit tests ran on walleye
Merged-In: I19e124adef6d9f4992d8293db3190bcf74c95848
Change-Id: I19e124adef6d9f4992d8293db3190bcf74c95848
(cherry picked from commit 8d2b143a65)
Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Merged-In: I17a4a286225b432c3e15ea1587d946189931b4f4
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
(cherry picked from commit 34633df7e9)
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Clean cherry-pick of ag/4113809
Bug: 79748782
Test: runtest frameworks-net
Change-Id: Ie6ace6bd95139605ffcfa8cd6c15cf28f8fa28c8
Merged-In: If19b85325e7d684e645470293b3c8a674084c641
Merged-in: I22f80a6a39d4a19ff74aa61fcbd66f1a041b1003
Fixes come later. This is complex enough as it is.
Clean cherry-pick of ag/4083953
Bug: 79748782
Test: new test passes, old tests still pass
Change-Id: If7276fe1f751be7b9c18f689e97699e566e5bde0
Merged-In: I12c948ebeb2b74290908f8320ff77220dc4a9fb9
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Clean cherry-pick of ag/4083952
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Iafe074126132a82af37f4bf056c4a7b8d56bdc83
Merged-In: Ia5bebf8a233775367bbf1b788870528934ecbcfb
Merged-In: I13d7782a6c0c7b1f94137995bbb0d257a58d89c1
Almost clean cherry-pick of ag/3889538.
Bug: 77737389
Test: runtest framework-net
new test don't pass without the main code change, but they
do with it
Change-Id: I0cd83a935ab0b349aa47e065b830e5a43ab9a091
Merged-In: Iaa0285825735d3f16bba6e4946723a437fd9b0b9
Merged-In: Ia8f985b448251f911484e6bd63fa562bffc1b0e4
Clean cherry-pick of ag/3918295
One-line adjustment for ag/3638326 which has not been put in AOSP.
Bug: 77737389
Test: runtest frameworks-net
Change-Id: I03ae2bbb08559f2cd44979e291c1f5d50eb215da
Merged-In: Iaa0285825735d3f16bba6e4946723a437fd9b0b9
Merged-In: Ia8f985b448251f911484e6bd63fa562bffc1b0e4
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Merged-In: Ia48b32307a51a66f2672d7112f71166dd6db41b1
Merged-In: I5df7ee9f16bc6be4f02353d40a843a383dd4cbd9
(Clean cherry-pick of pi-dev I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299)
Change-Id: I3c416c1a91ebfdf914fd528ff8ab73e3eb490562
Before this change, VPNs having no underlying networks would be
marked as metered as the safe option, but VPNs having only
disconnected underlying networks would be marked as unmetered.
Fix this discrepancy.
Bug: 79748782
Test: runtest frameworks-net
Change-Id: I51c3badde29f43f692f383553bd98327d2da8dd1
Fixes come later. This is complex enough as it is.
Bug: 79748782
Test: new test passes, old tests still pass
Change-Id: I30009f88e68a534c332ca88bae517cacc39a60bb
This is necessary to resolve visibility issues for the next change.
Bug: b/79499239
Test: runtest frameworks-net
Change-Id: I50bc96afe6ae88c8f58a693f0a4e821f1f9b3299
P introduced setSSID, UIDs and unwanted capabilities.
None of these exhibit commutative behavior through combineCapabilities
because their semantics don't allow it. Therefore
NetworkRequest.setCapabilities() is badly broken around any of
these. Look at the comments in the new tests to realize the
extent of the damage.
Bug: 79748782
Test: new tests written, old tests pass
Change-Id: Ie46581bdaf9ecc2f14aab44788bbdb27a3fec8c1
noteOp (introduced in go/ag/3897834) checks that the calling uid matches
the calling package, which is not correct when using a fake calling
package. Use the real package of the test so permissions are checked
properly.
The test currently only fails this way in pi-dev as noteOp is only used
in pi-dev.
Change-Id: I9ac3717af9335ba9efa0b8842a2df0d7b69ec9ab
Test: Fixed test now passes in pi-dev
Bug: b/78487385
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
Merged-In: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
(cherry picked from aosp commit 6a2a9c93b0)
With the new xt_bpf support for iface stats. We no longer need to parse
the per interface stats from /proc/net/dev. And since the old xt_qtaguid
code path also not depend on it, we can completly remove that helper
function since no caller is depending on it now.
Bug: 72111305
Test: runtest frameworks-net -c com.android.internal.net.NetworkStatsFactoryTest
Change-Id: Icb7eaeef0eeb9fdffd32a90316c76ee05bafffbe
Bug: 77737389
Test: runtest framework-net
new test don't pass without the main code change, but they
do with it
Change-Id: I0cd83a935ab0b349aa47e065b830e5a43ab9a091
Per email feedback, we should be using "noteOp" instead of "checkOp"
when testing if caller holds OP_GET_USAGE_STATS, so that we record
that caller used the operation.
Bug: 77662908
Test: builds, boots
Exempt-From-Owner-Approval: keep tests passing
Change-Id: I3a60345d590534fdbc2c1248e0d30dc85a5d6772
