am: bdd12ec7b3
* commit 'bdd12ec7b3cb77dc29854cb8b6c2357aa4efb6ea':
Make android_net_NetUtils include what it actually uses.
Change-Id: I84a143e1922c7180a0a1926d2cfd87b59bca137d
By changing some member refs into arguments and having one of the
functions create the UID range instead of adding to mVpnUsers.
This will be useful for other layers of UID filtering like having
UIDs explicitly blocked from the VPN.
Deleted one broken line of code that cleared the status intent when
a restricted profile is removed. Other than that, this commit shouldn't
change any behaviour. If it does, that's a bug.
Bug: 26694104
Change-Id: Ieb656835d3282a8ba63cc3f12a80bfae166bcf44
NetworkPolicyManagerService (NPMS) manages 4 type of network restriction
when apps are running on background:
- Data Saver Mode (data usage restriction on metered-networks)
- Battery Saver Mode (power restriction on all networks)
- Doze Mode (power restriction on all networks)
- App Idle (power restriction on all networks)
These restrictions affects 2 parts of the system:
- Internal framework state on NPMS which is propagated to other internal
classes.
- External firewall rules (managed by netd).
Although each of the power-related restrictions have their own external firewall
rules, internally apps are whitelisted to them through the same
whitelist, and the current code is only updating the internal state (and
notifying the internal listeners) when Battery Saver Mode is on.
As a consequence of this problem, there are scenarios where an app
correctly does not have internet access (because the firewall rules are
properly set), but the NetworkInfo state returns the wrong state (like
CONNECTED / CONNECTED).
This CL fixes this problem by splitting the power-related logic from
updateRulesForRestrictBackgroundLocked() into its own
method (updateRulesForPowerRestrictionsLocked()), and making sure such
method is called whenever the firewall rules are updated.
Externally to this change, the CTS tests were also improved to verify
the apps get the proper connection state; it can be verified by running:
cts-tradefed run commandAndExit cts -m CtsHostsideNetworkTests \
-t com.android.cts.net.HostsideRestrictBackgroundNetworkTests
BUG: 28521946
Change-Id: Id5187eb7a59c549ef30e2b17627ae2d734afa789
am: de224ba451
* commit 'de224ba451547fcc139ec6c565243e0f450ece46':
Addressing API council comments on NetworkStatsManager.
Change-Id: I1383b3c11653daaa3a0ca34600dbc7e28af24641
am: 6fe5aa1af4
* commit '6fe5aa1af45379cc93ec8456b2b947b3a0cfed4a':
Addressing API council comments on NetworkStatsManager.
Change-Id: Ia886e1ce98520c1618ba501097a2c979a628bbb4
am: dc5f558640
* commit 'dc5f558640da8785fabc274167ec37a0fda30cd6':
Addressing API council comments on NetworkStatsManager.
Change-Id: I952e69e7cfbd8cebcbac7c3b19ede300e26777e8
Callbacks
- DataUsageCallback renamed to UsageCallback
- DataUsagePolicy removed; passing in params directly to register method
- making it an abstract class
- passing in (networkType, subscriberId) that reached its threshold
- renaming onLimitReached to onThresholdReached to match existing naming
- only monitor single network,subscriberId
- no monitoring of specific uids; using device or user wide instead
Tags
- only owner uid can read its tags
- exposing only TAG_NONE to match service side
BUG: 27530098
Change-Id: I2b2664da71806868a1e937d2bf4d1f234637509b
am: 87d20317bf
* commit '87d20317bf26e87ef58798d3c5aafb81aa163788':
Fixed connectivity state in some restricted network scenarios.
Change-Id: Ifeb332fbf00c554b78d0ad724b34e3a8ebfc9894
am: 4e40ea69d0
* commit '4e40ea69d0e4cdba9f0215509eadd54d7706eb34':
Fixed connectivity state in some restricted network scenarios.
Change-Id: I76e419d0d010652699b9081418f5f654763887d1
am: 638a6e8140
* commit '638a6e8140a22a0ddb5d5dacb02173795073bd1a':
Fixed connectivity state in some restricted network scenarios.
Change-Id: I0fd66b16c83680940f294ea8e117443ffd8a50cd
NetworkPolicyManagerService (NMPS) keeps an internal list of uid
rules (mUidRules) for network restrictions, and when these rules
changes it needs to notify external listeners (such as
ConnectivityService / CS).
Prior to Android N, both Data Saver mode (the feature previously known
as "Restrict Baground Data") and Battery Save mode used the same set of
firewall rules to implement their restrictions: when Battery Saver mode
NPMS would mark all networks as metered and set the proper firewall
rules externally.
Recently, these 2 modes were split in 2 distinct firewall rules and
NMPS.updateRuleForRestrictBackgroundLocked() was changed to update
the mUidRules logic based on the Data Saver firewall (since the Battery
Saver firewall changes are handled externally, on
updateRuleForRestrictPowerLocked()). As such, CS was not notified when
the power-related changes were made, which would cause apps to get a
state of CONNECTED / CONNECTED when querying its active connection.
Another scenario that is not properly handled is when a UID whitelisted
for Data Saver is brought back to foreground: although the proper
firewall rules are set, CS is not notified, and the apps state would be
DISCONNECTED / BLOCKED.
This CL introduces many changes that fix this issue:
- Fixed updateRuleForRestrictBackgroundLocked() to invoke
onUidRulesChanged() when the Battery Saver status changed.
- Fixed updateRuleForRestrictBackgroundLocked() to invoke
onUidRulesChanged() when an app whitelisted for Data Saver is brought
back to the foreground.
- Added a new API (onRestrictPowerChanged() and getRestrictPower())
to notify external services about Battery Saver mode changes.
- Fixed CS logic to properly handle the Battery Saver changes.
Externally to this change, the CTS tests were also improved to verify
the apps get the proper connection state; they can be verified running:
cts-tradefed run commandAndExit cts -m CtsHostsideNetworkTests \
-t com.android.cts.net.HostsideRestrictBackgroundNetworkTests
BUG: 28521946
Change-Id: I8eaccd39968eb4b8c6b34f462fbc541e5daf55f1
NetworkPolicyManagerService (NMPS) keeps an internal list of uid
rules (mUidRules) for network restrictions, and when these rules
changes it needs to notify external listeners (such as
ConnectivityService / CS).
Prior to Android N, both Data Saver mode (the feature previously known
as "Restrict Baground Data") and Battery Save mode used the same set of
firewall rules to implement their restrictions: when Battery Saver mode
NPMS would mark all networks as metered and set the proper firewall
rules externally.
Recently, these 2 modes were split in 2 distinct firewall rules and
NMPS.updateRuleForRestrictBackgroundLocked() was changed to update
the mUidRules logic based on the Data Saver firewall (since the Battery
Saver firewall changes are handled externally, on
updateRuleForRestrictPowerLocked()). As such, CS was not notified when
the power-related changes were made, which would cause apps to get a
state of CONNECTED / CONNECTED when querying its active connection.
This change refactores the mUidRules to use bitmasks, in preparation for
another change that will fix the issue.
It also fixes a minor bug that was preventing removed packages to be
removed from the whitelist.
BUG: 28521946
Change-Id: I9f0e1509a6192cad403f740c1cd76a6b7dab7d26
am: f2796025ed
* commit 'f2796025edb2dbc53cef002fa92760352e55b6af':
Start VPN as early as possible during startup
Split network agent created state from connected state
Change-Id: Ibb02f2731536ebafaa4c24ef5cd2113f7cd43632
am: 31b3676cce
* commit '31b3676ccec847b1e86c23b2f5073dc1cc83abf4':
Start VPN as early as possible during startup
Split network agent created state from connected state
Change-Id: I6bb605a83b96a3efab36ab6a7bdb5859e1eafea8
am: c58c9ae0a9
* commit 'c58c9ae0a931b6c71d7924cfd4e900e8919a6fcc':
Start VPN as early as possible during startup
Split network agent created state from connected state
Change-Id: I55167ad8f3cde11407a2d35b0f859c263c0fbbec
- Switch from USER_STARTING to USER_STARTED which is the foreground
version of the broadcast
- Set the new VPN network as CONNECTING initially to avoid spamming
apps with useless notifications ahead of the network being fully
available
Bug: 26694104
Fix: 28335277
Change-Id: I31d5260dda62ff440c31c44eb0aa5c891e2717e5
Network creation setup sometimes involves extra steps after actually
calling into netd to create the underlying network, rules & routes &
to begin allowing sockets bound to it.
For example, VPN networks can set a UID whitelist or blacklist. This
should happen:
- AFTER there is a netID & network created in netd as
network-specific rules will need to be tied to / point at it. Those
rules are tied to the lifecycle of netd's network which is tracked
by `NetworkAgentInfo.created` on the frameworks side.
- BEFORE the CONNECTED broadcast and network callbacks have been sent
out so that we don't create a race condition between clients that
want to use the network and the server actually having the network
ready
The race condition existed prior to this change and required any client
making use of network callbacks to sleep for a short amount of time after
receiving to actually be able to use the network.
Among other things, that race condition is now fixed.
Bug: 26694104
Change-Id: Ied92f5588a98c3e97f456bc98b676bf201ab5472
Allows callers to opt-out of blockading network traffic during boot and
on VPN app failure.
Bug: 26694104
Change-Id: Ibfbd43ad09a25f2e38053fcd6306df3711f8bde2
am: 0c5c67f743
* commit '0c5c67f743abeba5c30112634ce82fd63ae2d1a1':
Flag to mark foreground jobs, fix data saver.
Change-Id: Idbf3bdfc76cadfbcb6bbf17ac1aa99df72a7a0a1
am: 4b6d6eb09f
* commit '4b6d6eb09fe922be19fac9fa1b289584e84d1bb0':
Flag to mark foreground jobs, fix data saver.
Change-Id: I30b87193a1d5d45f4ffeb919276a70ae709a1cdc
