Currently, adding a history to a NetworkStatsCollection.Builder
will overwrite any history that was previously passed in with the
same key. This breaks the importer (which is the primary/only
caller of this code), because the importer re-uses the same
NetworkStatsCollection object to import multiple files.
Instead, simply add any passed-in entries after the ones that
were already there. Require the caller to pass in entries in
order, because NetworkStatsHistory internally assumes that
entris are always sorted.
Bug: 230289468
Test: manually verified this unbreaks the importer
Change-Id: Ic8647ff28fca78d579d5f759f96a864877f8158b
Merged-In: Ic8647ff28fca78d579d5f759f96a864877f8158b
(pure cherry-picked from ag/18453213)
Read migration snapshot both from the platform API and the legacy
method, and Log.wtf if they are different. Use the legacy method data if
they are.
This ensures that using the migration API is a no-op, and that errors
are reported (through Log.wtf) if it would not have been if used as-is.
Test: NetworkStatsServiceTest
Bug: 230289468
Change-Id: I857ad18183d63d1aa16e89f89eb24009648720a2
Merged-In: I857ad18183d63d1aa16e89f89eb24009648720a2
(pure cherry-picked from ag/18452103)
This includes:
1. Provide NetworkStatsRecorder#importCollectionLocked to
allow caller to write a NetworkStatsCollection object to
a standalone file.
2. Do not clear the collection in NetworkStatsRecorder#
CombiningRewriter, this is safe since pending set will
still be cleared during forcePersistLocked.
3. Implement the migration process, including recovery and
safety measures.
Test: NetworkStatsServiceTest NetworkStatsCollectionTest
Test: manual test with
adb shell device_config put tethering \
netstats_store_files_in_apexdata true
adb shell device_config put tethering \
netstats_import_legacy_target_attempts 1
Bug: 230289468
Change-Id: Ic2002cbfd5a6b3c2226fa8dab22481f8ce656574
Merged-In: Ic2002cbfd5a6b3c2226fa8dab22481f8ce656574
(pure cherry-picked from ag/18367994)
This implements a simple integer written to disk backed by
AtomicFile.
Bug: 230289468
Test: new unit test
Change-Id: I1c73c8ac2429f92153cfba3b006b4374e75e65df
Merged-In: I1c73c8ac2429f92153cfba3b006b4374e75e65df
(pure cherry-picked from ag/18437645)
Currently, even when VPN Lockdown mode is enabled, incoming packets are
not dropped if VPN is not connected.
This commit fixed this issue.
After this commit, If VPN Lockdown mode is enabled, incoming packets
are dropped regardless of the VPN connectivity.
Bug: 206482423
Test: atest TrafficControllerTest ConnectivityServiceTest PermissionMonitorTest
Change-Id: If52ece613c8aac1073355e43b6fb9cb3fcc87d1d
* changes:
Catch new exceptions from BpfMap
Revert "Open and close clat bpf map while clat is starting and stoping"
Revert "ClatCoordinator: replace BpfMap with IBpfMap"
This is needed to ensure corrupted data can be clean up if
the data migration process dones't go well.
Test: NetworkStatsCollectionTest
Bug: 197717846
Change-Id: Ic76ad6f3e96f03791b48988fb2622c9c647ffc7c
VPN configurations in T should automatically include the corresponding
SDK sandbox UID of an application.
The existing tests used a UID range outside the regular application
range, which means the new sandbox UIDs wouldn't be tested. Modified the
UIDs to run in the regular UID range of [10000, 19999]. Changed the
tests to include the SDK sandbox UID where necessary.
Also, changed the entire class to only run on T+, since that is the only
place where the SDK sandbox UIDs will be added. Since VPN code is not
mainline updatable, having coverage on earlier releases doesn't really
help anyway.
Finally, fixed up testNetworkBlockedStatusAlwaysOnVpn() in
ConnectivityServiceTest to include the sandbox UIDs as well.
Bug: 225317905
Test: atest VpnTest
Test: atest ConnectivityServiceTest
Change-Id: I83009344c270e520ac8ad1558c067cf7e46b1d2e
This is a follow-up commit from aosp/2076483. Mainly to update:
1. Update the hex string to human understandable code instead of
byte code.
2. Use IgnoreUpTo() to do the SDK check
3. Avoid relying on the code being tested
Bug: 192078259
Test: atest FrameworksNetTests
Change-Id: I8973d248a1d30fdcb597677dbf051e146041f905
Currently, there is no limtation for an app to request
data usage callback, which is dangerous if the app fire
hundreds of thousands requests and potientially this might
cause OOM if the apps don't free them.
Test: atest NetworkStatsObserversTest#testRegister_limit
Bug: 229103088
Change-Id: I8299f46fd47a82ec9b25ba2e0d3c95db5512c331
1) alowFallback flag was incorrectly not reset while setting profile
preference. Corrected it.
2) Threw exception if default preference and enterprise preference are
set together
3) renamed clearUser to withoutUser
Bug: 231670730
Test: ConnectivityServiceTest
Change-Id: Iaf49237bdc791c7e1dd884d069eff64e74757477
Normally if an app calls requestNetwork with capabilities that it
does not have permission to request, it gets a SecurityException,
except if it requests NET_CAPABILITY_CBS, in which case the request
will not throw but the app will get an onUnavailable callback.
Make this codepath throw as well. This simplifies the code and makes
the app-visible behaviour more consistent (and consistent with what
happens in S and below). The reason the code was written this way is because the carrier privilege app should receive a callback if it
loses permission. But onUnavailable is also not the best callback to
send, since it is used very rarely and also releases the app's
request. It seems better to leave the request registered and send
onLost.
Test: atest FrameworksNetTests
Bug: 194332512
Change-Id: I5eaeb415a6654851246e38599a996fbd9366fde0
Multiple enterprise slice can be setup within single user profile based
on different uids. So do not remove profile network preference with same
user profile but with different uids
Bug: 229644102
Test: manual system test and ConnectivityServciceTest
Change-Id: I897b643e01240958fff575de9e15182069efc698
1. Test that adding a new preference replaces the existing preference.
2. Test that if we pass in two simultaneous preferences for the same user.
(e.g., two different groups of apps), the second overrides the first.
Bug: 229644102
Test: ConnectivityServciceTest
Change-Id: I819247711f8457b12792585216ff47be31457ae8
BpfMap class supports AutoCloseable interface which closes
file descriptor only in try-exit. BpfMap class doesn't close
fds while the object is released.
Change the timing of opening and closing bpf map file descriptors
to clat is starting and stoping.
Moreover, the reason that manual close BPF map file descriptors is
as follows. Just don't rely on that GC releasing to close the file
descriptors even if class BpfMap supports close file descriptor in
finalize(). If the interfaces are added and removed quickly, too
many unclosed file descriptors may cause unexpected problems.
Bug: 230880517
Test: manual test
Steps:
1. Connect to IPv6 only wifi (GoogleGuest) and mobile data
2. Check that map fds are appeared:
/proc/$(system_server_pid)/fd/$(bpf_map_fd)
$ adb shell ps | grep system_server
system 1929 825 20311224 730060 do_epoll_wait 0 S system_server
$ adb shell ls -all proc/1929/fd | grep bpf-map
.. system system 64 2022-05-05 13:36:42 .. 331 -> anon_inode:bpf-map
.. system system 64 2022-05-05 13:36:42 .. 348 -> anon_inode:bpf-map
3. Check the clat maps are added.
$ adb shell dumpsys connectivity
NetworkAgentInfo{network{105} handle{454377263117} ni{WIFI ..
Nat464Xlat:
..
Forwarding rules:
BPF ingress map: iif nat64Prefix v6Addr -> v4Addr oif
47 /64:ff9b::/96 /2a00:79e1:abc:6f02:f182:6c29:ab56:9961 -> /192.0.0.4 62
BPF egress map: iif v4Addr -> v6Addr nat64Prefix oif
62 /192.0.0.4 -> /2a00:79e1:abc:6f02:f182:6c29:ab56:9961 /64:ff9b::/96 47 ether
NetworkAgentInfo{network{106} handle{458672230413} ni{MOBILE[LTE] ..
Nat464Xlat:
<not start>
4. Disconnect from wifi
5. Check that map fds are disappeared:
/proc/$(system_server_pid)/fd/$(bpf_map_fd)
$ adb shell ls -all proc/1929/fd | grep bpf-map
(fd 331 and 348 were not found)
Change-Id: I60c0301bf00beae5cf5ab3535c6a3da68a2a4a9b
Adding unit tests to QosSocketFilterTest
Bug: 203146631
Test: atest & verified on LTE test equipment
Change-Id: I0cd82dde0067d754dfab01ed0406370d7debb937
In order to have better logging to gather information
about the callers. This change includes:
1. Add pid and package name into RequestInfo for better logging.
2. Print current observers in dumpsys section.
3. Enable register/unregister usage request logging by default.
The log added in the dumpsys section looks like:
Stats Observers:
RequestInfo from pid/uid:2001/1000(android) for DataUsageRequest [...] accessLevel:3
...
Test: NetworkStatsObserversTest
Bug: 229103088
Change-Id: Ide68776dc279610e8dee0efd924b59a1fac2b7b6
isMangedProfile returns true for managed profiles.
But enterprise device can be fully managed like device owner.
Hence check specifically if request is coming on fully managed
device.
Bug: 226966328
Bug: 231071836
Test: ran DevicePolicyManager CTS and ConnectivityServiceTest
Change-Id: I7827466bd61e24ba9c36c3a2e25043257e2ed602
* changes:
Test VpnManager event for CATEGORY_EVENT_NETWORK_ERROR
Test VpnManager event for CATEGORY_EVENT_IKE_ERROR
Test VpnManager event for CATEGORY_EVENT_ALWAYS_ON_STATE_CHANGED
Test VpnManager event for CATEGORY_EVENT_DEACTIVATED_BY_USER
ConnectivityManager have a self reference static instance. This
causes a leak if context is refernce from a static variable. Using
the applicationContext, which will never be freed for the life of the
application, for the sInstance static instance.
Bug: 202978965
Test: atest ConnectivityManagerTest
Change-Id: I87206e1bfbb1f877b5a10f5fdbc25e2f9f11bef4
The sInstance static instance which self reference to
ConnectivityManager which holds a reference to a ConnectivityManager
instance causes the Context referenced by that instance to never be
GCed.
Bug: 202978965
Test: atest ConnectivityManagerTest
Change-Id: I0227f63dbc27688ea5f4ef9275fd0f9c247ad14c
(this is safe because on pre-T none of these maps and programs are mainlined
and thus safe to access from mainline code anyway)
Test: TreeHugger, manual
Bug: 218408035
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I23e565d665247f33e084978890a1ee8ffe0fe568
- For clatd start and stop, use ClatdCoordinator on T+ and Netd on S-
- Fix the unit test for T+ and S- devices
Note that mokito.verify(.., times(1)) is replaced by verify(..)
because times(1) is the default and can be omitted.
See verify in mockito/src/main/java/org/mockito/Mockito.java
Note that this commit needs to be merged with aosp/1956072.
Bug: 212345928
Test: atest FrameworksNetTests
manual test
1. Connect to ipv6-only wifi.
2. Try IPv4 traffic.
$ ping 8.8.8.8
3. Check bpf entries are added
4. Disconnect from ipv6-only wifi.
5. Check bpf entries are removed
6. testipv4.com shows 10/10
Change-Id: I7dfda6eec19de94e4258971effcd8a1210542473
Currently dumpCheckin passes a null object to create
the contructor of NetworkStatsCollection.Key but the
constructor requires non-null object. Thus, it caused
the NPE in dumpCheckin. To fix this exception, create
an NetworkIdentitySet() object instead of using an
null object.
Bug: 225131008
Bug: 226539404
Test: dumpsys netstats --checkin is fine
FrameworksNetTests
Change-Id: I7f2dadf0647b3f42e0f667d96291d2ae37e23faf
