Before (aosp_cf_x86_phone-userdebug):
$ adbz shell ls -l /apex/com.android.tethering/lib
-rw-r--r-- 1 system system 251404 1969-12-31 16:00 libbase.so
-rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
-rw-r--r-- 1 system system 64560 1969-12-31 16:00 libcom_android_connectivity_com_android_net_module_util_jni.so
-rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
-rw-r--r-- 1 system system 45776 1969-12-31 16:00 libnetd_updatable.so
-rw-r--r-- 1 system system 948032 1969-12-31 16:00 libservice-connectivity.so
After (aosp_cf_x86_phone-userdebug):
$ adbz shell ls -l /apex/com.android.tethering/lib
-rw-r--r-- 1 system system 713636 1969-12-31 16:00 libc++.so
-rw-r--r-- 1 system system 64560 1969-12-31 16:00 libcom_android_connectivity_com_android_net_module_util_jni.so
-rw-r--r-- 1 system system 13596 1969-12-31 16:00 libframework-connectivity-jni.so
-rw-r--r-- 1 system system 212624 1969-12-31 16:00 libnetd_updatable.so
-rw-r--r-- 1 system system 948032 1969-12-31 16:00 libservice-connectivity.so
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I19c9d73ba3555bbc1987fbdc0be19af1f0511948
* changes:
Prevent native_init from starting TrafficController
Remove libutils dependency from libservice-connectivity
Merge libtraffic_controller_jni into libservice-connectivity
[NETD-TC#15] Make ConnectivityService and PermissionMonitor calls BpfNetMaps on T
* changes:
Expose access UIDs.
Send access UIDs to netd
Add accessUids to NetworkCapabilities.
Clean up restrictions on network agent capabilities
Sanitize NetworkCapabilities from agent on the handler thread
TrafficController is currently still started by netd, and this should
not happen in two places. Instead, native_init should init (open) the
maps.
Test: atest FrameworksNetTests
Change-Id: Ifd6be50aa5f62e59a5b1c5c0a97550389fd0e7e1
There is not really a point to separate these two as they are all used
in ConnectivityService.
As a future TODO, we might want to rename libservice-connectivity to
libcom_android_server_jni to be more inline with the jarjar'ed jni lib
versions.
Test: atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I1b9f4fde345038bda6b3ffcf8e3f47cf9262e052
calls BpfNetMaps on T
Since TrafficController moves to mainline module for T, so some netd binder
interfaces revelant to BPF are going to deprecated. Provide JNI APIs to
call TrafficController inside mainline module for T.
Bug: 209935649
Test: atest CtsHostsideNetworkTests
Change-Id: Ib3b43cf2840e02806395af9f1e019ca6fccd032e
CTS already have basic tests for this since they run the common tests,
which were using these hidden methods already.
Test: CtsNetTestCases
Change-Id: Id5e5b911f5c63bdd3b05e5ac1d3dd89c1c525ab7
For now, all entry points reject this. Followup changes
will allow the supported use cases.
Test: new unit tests and CTS for this in this patch
Change-Id: I7262811a2e46336d3bb63c80886fc0578a36da94
NetworkAgents send NetworkCapabilities to ConnectivityService but
there are limits to what exactly they can send. Going forward,
some of these checks will have to happen on the handler thread,
which is already the case when an agent updates its capabilities,
but not upon registration.
This patches moves the sanitization on the handler thread, after
the network monitor is created for a network agent.
Before this patch, upon registration of a new agent, the binder
thread would copy and sanitize the capabilities, then store them
in nai.networkCapabilities. It would store the original caps from
the agent in the NAI, mix in what is known from the network info,
process the LinkProperties, and then proceed to create the
network monitor, but not yet store the NAI in the internal
structures because its registration is not finalized, so other
methods should not see it yet. After the monitor is created in
the network stack process, the NAI is stored in the internal
structures which publishes it for all methods to see. After
that is done, the NAI calls to the network monitor to warn it
that it's registered, what its capabilities are, and that it's
time to start validation if applicable.
With this patch, the validation no longer happens on the binder
thread. Instead, the binder thread stores the capabilities and
link properties as is, before sanitization, in the NAI. This is
fine because no other method can access these until the
registration completes upon notification that the monitor has
been created ; this agent is only stored in the network monitor
callbacks in a self-destructing object precisely to make sure
that's the case.
When the monitor is created and CS receives notification of the
same, it will sanitize the capabilities before adding the NAI
to the internal structures, to protect the invariant that the
un-sanitized capabilities inside the NAI can't ever be seen by
any other method. After that's done, it will call to the
monitor to start validation as usual.
Test: FrameworksNetTests CtsNetTestsCases
Change-Id: I7d43ef0e25955e0349903b4801b9dfd8c3c92586
1. Add libnetd_updatable.so in com.android.tethering. The library is
loaded by netd. Currently, it mainly targets on a few functions which
access BPF maps. The functionality may extend in the future.
2. Attach gcroup progs from libnetd_updatable.so.
3. Move (privileged)TagSocket and untagSocket implementation to mainline
module. Combine privilegedTagSocket and untagSocket into a single
function.
4. Split related unit tests from netd_unit_test to
libnetd_updatable_unit_test as well.
Bug: 202086915
Test: cd system/netd; atest
Test: atest TrafficStatsTest NetworkUsageStatsTest
Change-Id: Ib556458103a4cbb643c1342d9b689ac692160de0
NetworkManagementSocketTagger#kernelToTag is moving to
NetworkStatsFactory. Fix the import path in the test.
Test: atest FrameworksNetTest
Change-Id: I8797d9e589e68b4980ff5b38ba09d091420d30fd
* changes:
Don't enable DscpPolicyTracker on pre-T devices.
Allow service JNI in FrameworksNetIntegrationTests.
Don't manually load the JNI library in DscpPolicyTracker.
Process DSCP QoS events for policies
Allow using BpfMap and TcUtils in unit tests.
Added SPDX-license-identifier-Apache-2.0 to:
service/native/Android.bp
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Change-Id: Ibfaed81348fca9e5cf313a4d29fd0b72bc746e06
The code cannot work before T because before T the tethering
module can only load BPF programs/maps into /sys/fs/tethering/bpf
and the system server cannot access that directory.
Additionally, this is causing unit tests to fail on pre-T devices
because on those devices the seccomp filter blocks the bpf
syscall from apps (including Java tests).
Test: revert aosp/1907693 and atest FrameworksNetTests:ConnectivityServiceTest
Change-Id: I6c398031dffb840da1d723b11ea4d0845ad6c6f2
Add libcom_android_connectivity_com_android_net_module_util_jni
to the JNI libraries for FrameworksNetIntegrationTests. This is
needed for service code (e.g., ConnectivityService,
DscpPolicyTracker) to use JNI.
Test: atest FrameworksNetIntegrationTests
Change-Id: Iebe7ef31057c7a3b10bd7bad42ca74a25fe24473
This is not necessary because TcUtils already loads its library,
and unlike this code, it correctly loads it using JniUtils so
will succeed even when the code is jarjard in unit tests.
Test: atest ConnectivityServiceTest
Change-Id: I57eb46178d58777769f5497a0ea93cd037d598cb
New events to handle adding and removing of DSCP QoS policies.
Async indication sends status back to client if the policy
has been added, failed, or if the policy limit has been
reached.
Bug: 202871011
Change-Id: I7988d22ae625ad0dd415927d2943de4a749e6fb8
Create a Java library that allows the BpfMap class and the
TcUtils class to find their JNI code when they are jarjard to the
package name we use in our unit tests.
Test: atest ConnectivityServiceTest
Change-Id: I2f17b1c366b2b8164eac34b94c9659bc7c0f68e0
Append a random number between 0 and 999999999 to the service name,
instead of 0 to 999 (and historically 0 to 9999). This reduces chances
that a collision can happen, if the test is run simultaneously on
devices on the same network.
Bug: 190249673
Test: atest NsdManagerTest
Change-Id: I14a7a60a45c41b920f50d9ccc4dd3f98fd623c42
The "current" targets are only necessary in branches that can use
non-stable APIs, and can fail to build otherwise.
Apply ConnectivityNextEnableDefaults so they are disabled on such
branches. Also deprecate NetworkStackNextEnableDefaults, so
ConnectivityNextEnableDefaults is used everywhere.
Bug: 190249673
Test: m
Change-Id: I1b152f3cc22f1bed6444d280f0066e480980e949
This is necessary to disable the .inprocess APEX, in branches that only
use stable APIs, as it depends on unstable stubs. override_apex does not
support defaults.
Bug: 190249673
Test: m
Change-Id: Ib4a27b65f3c5b6d4b0ac69e85cf671038efc5744
For those functions which return statusFromErrno() in TrafficController,
it would return positive errno so shouldn't construct with -errno.
Test: m
Change-Id: I94b9294c4e200c43e33f8280469dfad9e9fbf5ea
Property "exclude_kotlinc_generated_files" is recently added to exclude some kotlinc generated files that are not needed if kotlin reflection is not used. Currently it defaults to false since there are test failures(b/213966211) which is in FullScoreTest#testToString and FullScoreTest#testMinMaxPolicyConstants that uses kotlin reflection and fails if exclude_kotlinc_generated_files defaults to true. By setting explicitly exclude_kotlinc_generated_files to false on tests like FullScoreTest#testToString, we will be able to finally default this property to true so the kotlinc generated files can be removed for most modules that don't need them.
Bug: 204888276
Bug: 213966211
Test: atest
FrameworksNetTests: com.android.server.connectivity.FullScoreTest
Change-Id: I4ed2d27c27841cb7127f669c8db34c90b4a41b1f
