The kernel eBPF maps have a blacklist to store all the uids that doesn't
have internet permission. When an app is unintalled from the device and
it is the last package on device that uses that uid, make sure we
cleaned the uid from the map and do not add no longer used uids into the
eBPF map. This action helps reduce the number of entries stored in the
map and reduce the chance of overflow the eBPF map.
Bug: 128944261
Test: PermissionMonitorTest
Change-Id: I10dd0113d00d6cf9ca39902d9721f2591d387d4a
Add more tests to PermissionMonitor to verify the functionality related
to INTERNET permission and UPDATE_DEVIE_STATS permission. Modified some
of the class design of PermissionMonitor so that it is easier to test
the new functionalities.
Bug: 111560570
Test: PermissionMonitorTest
Change-Id: Ic5585f337db5de48e2f87bf4f01ed7d85c349827
- Restrict unprivileged apps to use
NetworkRequest.Builder#setSignalStrength.
- Remove the "throws NullPointerException" in
CaptivePortalProbeSpec constructor.
- Remove the null check in LinkProperties.
- Add annotataion into all ConnectivityManager.NetworkCallback
methods.
Change-Id: Id275cac1d6a30d7515cd7b113394f5e8a0179314
Fix: 129097486
Test: atest FrameworksNetTests
NetworkMonitor obtained LinkProperties and NetworkCapabilities via
synchronous calls to ConnectivityManager after receiving an asynchronous
notification, which is prone to races: the network could be gone before
the LinkProperties/NetworkCapabilities can be fetched.
Fix the race by passing LinkProperties/NetworkCapabilities directly to
NetworkMonitor in the asynchronous notifications.
Test: atest FrameworksNetTests NetworkStackTests
Test: booted, WiFi works
Bug: 129375892
Change-Id: I200ac7ca6ff79590b11c9be705f650c92fd3cb63
* changes:
Move BatteryStats and StatsCompanionService to use NetworkStatsService.
NetworkStatsService: Fix getDetailedUidStats to take VPNs into account.
Take all VPN underlying networks into account when migrating traffic for VPN uid.
This API is similar to one provided by NetworkStatsFactory with the
difference that NSS also migrates traffic from VPN UID to other apps.
Since traffic can only be migrated over NetworkStats delta, NSS
therefore maintains NetworkStats snapshot across all UIDs/ifaces/tags.
This snapshot gets updated whenever NSS records a new snapshot
(based on various hooks such as VPN updating its underlying networks,
network getting lost, etc.), or getDetailedUidStats API is invoked by
one of its callers.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: manually verified that battery stats are migrating traffic off of
TUN (after patching above CL where we point BatteryStats to use this
API).
Change-Id: Ib0f0c2d4d41ee1d7a027ea9da457baaf198d649e
VPN uid.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Test: Manually verified on device that stats from VPN UID are moved
appropriately based on its declared underlying network set.
Test: vogar --mode app_process --benchmark NetworkStatsBenchmark.java
Change-Id: I9d8d0cc58d18002c1c96f8ddff780ef8dc452d21
Currently, socketKeepalive implementation is accepting null fd
due to backward compatibility with legacy packet keepalive API.
However, due to lack of the fd, the service cannot guarantee the
port is not reused by another app if the caller release the port
for any reason.
Thus, grant the null fd access only for priviledged apps.
This commit also address some comments from aosp/918533.
Bug: 126699232
Test: atest FrameworksNetTests
Change-Id: I0baf582ff4ca8af6082c3754e8dfbcd867f39792
There are 2 problems will make testPartialConnectivity flaky:
1. If we call setNetworkValid() before expectCapabilitiesWith(),
there may be a timing issue that network will become VALID before
NetworkMonitor send PARTIAL_CONNECTIVITY to ConnectivityService.
Solution:
We should set network to valid after ConnectivityService received
NETWORK_TEST_RESULT_PARTIAL_CONNECTIVITY to ensure NetworkMonitor
will send PARTIAL_CONNECTIVITY to ConnectivityService first then
send VALID.
2. When test case call explicitlySelected(true) first then call
connect(true), NetworkMonitor will report the network validation
test result twice because ConnectivityServiceTest() will trigger
notifyNetworkTested() when setAcceptPartialConnectivity() is
called, it may cause a timing that before the second test result
send to ConnectivityService, connect() already called
setNetworkInvalid. So, NET_CAPABILITY_VALIDATED will be removed
and ConnectivityService will trigger onCapabilitiesChanged()
unexpectedly.
Solution:
Don't trigger notifyNetworkTested() when
setAcceptPartialConnectivity() is called. If there is needed,
use mCm.reportNetworkConnectivity() to report the test result
instead.
Bug: 128426024
Test: 1. atest FrameworksNetTests: \
ConnectivityServiceTest#testPartialConnectivity \
--generate-new-metrics 1000
Change-Id: I7200528378201a3c7c09a78ff827b41f2741dfa1
Currently, the fails in testTcpSocketKeepalives are triggered by
fail() inside the executor, which is hiding the actual call trace
but only message remains. And it made the fail case hard to
debug.
So this commit is to bubble up the Exception by using a custom
functional interface.
Bug: 123987272
Test: 1. atest FrameworksNetTests
2. manually fail the test case and see the call trace
Change-Id: I125e673938a5e9d1de86f83c1a732227a4bd3207
Per API review, change the use of FileDescriptor to
ParcelFileDescriptor.
This change also fix nullability according to API review
feedbacks.
Fix: 126698610
Fix: 126699425
Fix: 126699232
Fix: 126700278
Test: 1. m -j
2. atest FrameworksNetTests --generate-new-metrics 50
3. m -j doc-comment-check-docs
Change-Id: I19476c50dd1ca290bf3f41973829da2bd229796a
network.
This is to establish a baseline for the existing behavior, and to ensure
that following changes are not causing a regression in existing
behavior.
This CL is also adding missing cleanup for NetworkStatsCollectionTest
which was forcing all network types in NetworkTemplate that was causing
NetworkStatsService related tests to fail.
Bug: 113122541
Bug: 120145746
Test: atest FrameworksNetTests
Change-Id: I285f186cfb16bc9fa704c797996b1e4f8a73dee4
With the @JavaOnlyStableParcelable annotation, Network can now be used
as-is as a framework parcelable.
Test: atest FrameworksNetTests NetworkStackTests
Bug: 126477266
Change-Id: I5d9695a31b3ac48d10edcf08ccd0c34375353b79
Currently, client side of keepalive event handling rely on a
newly created thread, looper, messenger and handler per object.
However, by creating oneway AIDL interface with the executor,
the callbacks can be invoked on the binder thread with user
specified context, which not only greatly simplify the design
but also reduce the cost of current thread modeling.
Bug: 114151147
Bug: 123969871
Test: 1. atest FrameworksNetTests --generate-new-metric 10
2. atest-deflake.sh
Change-Id: I27504074cd28d5b5eb94a7ec0e97ebaaaaa1ae3d
