Support adding NATT keepalive packet filter to APF
filter.
Generating APF program will be addressed in another CL.
Bug: 33530442
Test: - atest NetworkStackTests
- atest FrameworksNetTests
Change-Id: I4961d5da343d8700600269632787c28112f0f9f1
am: 0def675765 -s ours
am skip reason: change_id Ic2faef44831575b2d03bc00ef2553d5c549adc95 with SHA1 f8905980dc is in history
Change-Id: I5ff169bc9e974665a034a0a46c853ee10cfb9d1b
am: f3420c999f -s ours
am skip reason: change_id Ic2faef44831575b2d03bc00ef2553d5c549adc95 with SHA1 f8905980dc is in history
Change-Id: I4775263c2f422a9738812b02be61e2af95e9c472
* changes:
Reinstate new VPN uid filtering unit tests
Revert new tests and PackageManager mock
Block incoming non-VPN packets to apps under fully-routed VPN
am: f93c79666f -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Id15d4dc0e60c8506cd9b7b7a4f91d0d5348dd896
am: cce8a9da85 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ie9bfef68a5c78272d4c7b31e9427ba2f5c57d056
am: 1f71bd90d3 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ie9270d639d3faad1efd58fb8190365ca6a128882
am: cd616ebc95 -s ours
am skip reason: change_id I6dc9029af0df0d3b391210bd315516bdf1b5e4c9 with SHA1 89ddc90b91 is in history
Change-Id: Ic26258dd1ef7a0f3c7c802d764f83a272c3d519f
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Merged-In: Ic2faef44831575b2d03bc00ef2553d5c549adc95
Change-Id: Ic2faef44831575b2d03bc00ef2553d5c549adc95
(cherry picked from commit 4469b1d8a543613d91a58a88488fd2022a0696b9)
rethrowFromSystemServer is throwing DeadSystemException which
is different from the original log message. Thus, update the
way to rethrow the same RemoteException.
Bug: 130028724
Test: atest FrameworksNetTest
Test: Kill NetworkStack and check the log message
Change-Id: I60862e276dd4e2d143278b272a9ba54219acce26
A mocked PackageManager caused test failures in existing tests.
Revert that for now to make tests pass again.
Bug: 114231106
Bug: 130397860
Test: atest FrameworksNetTests
Merged-In: Ib59e211d4329f885108de9ea0a74669ffb144e17
(cherry picked from commit 8574c9bf350ca60e2b21c759aa75bc3843ffde17)
Change-Id: I603a0b0dfb67a942679a668c182aa650774c80b2
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Merged-In: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
Change-Id: I5af81bc80dadd086261ba4b1eb706cc873bb7cfa
(cherry picked from commit 65968ea16bf49f678d4a43c220e1d67393170459)
am: 7cfad41d70 -s ours
am skip reason: change_id Ideabe73fc93bbefca2d624ee9ca190cf31419424 with SHA1 683df1d39a is in history
Change-Id: I4407d6f86052f0a31615b387d98c1f0df770889a
Mock out PackageManager and returns correct information corresponding
to the test app package itself.
Test: atest --generate-new-metrics 10 com.android.server.ConnectivityServiceTest
Bug: 114231106
Bug: 130397860
Change-Id: Ib921700eda417f411d7a2c77c1140fba9ab50bbb
am: c2f1cc8b8e -s ours
am skip reason: change_id Ideabe73fc93bbefca2d624ee9ca190cf31419424 with SHA1 683df1d39a is in history
Change-Id: I39438b1a3204aa82550ac83117a96f7549d19e42
