Because there is no way using the Java sockets API to actually
get a socket of AF_INET on mode machines, it is necessary to
provide a way to apply transforms to sockets made using the
native wrapper API, which uses POSIX APIs and will create a
socket that is AF_INET.
Bug: 36073210
Test: b/34811227
Change-Id: I28ac7cc4f36045ce523a54111e5be975b0331356
-Add a reserveSecurityParamterIndex() function that allows the
system to select an SPI.
-Disallow INVALID_SECURITY_PARAMETER_INDEX from being passed as
an explicit SPI request.
-Remove the ALGO_ prefix from constants in IpSecAlgorithm
Bug: 36073210
Test: Updated CTS tests still pass on bullhead
Change-Id: Ic94809996076b0718f153f550b82192fe7048a2e
-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
(cherry picked from commit 48b566557d5a66d4476008b3c59b815eb78cb373)
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
(cherry picked from commit c4f879925b58b1b5ca9a3cfdc898c20cbf56355a)
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 30984788
Test: b/34812052, b/34811227
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
(cherry picked from commit 28084d89ec136b56f5012be33a0dea147962f9f6)
Minor cleanups in switches of processMessage and handleNativeEvent.
Test: no functional changes
Bug: 33074219
Change-Id: I9ad4ce812c0d2c02a671a7a871ad427e4ce29b4a
This patch adds basic logging to NsdManager and NsdService, and improves
the facilities for pretty printing the event ids defined in NsdManager.
It also includes a few minor cleanups:
- adding 'final' on effectively final instance variables of NsdManager
and NsdService.
- similarly, adding 'static' on effectively static class fields.
- regrouping instance variables together.
Test: no functional changes
Bug: 33074219
Change-Id: I360d539e73cc8e4b45d4e0d20b2e345455fdb10c
This change introduces new methods on DumpUtils that can check if the
caller has DUMP and/or PACKAGE_USAGE_STATS access. It then moves all
existing dump() methods to use these checks so that we emit
consistent error messages.
Test: cts-tradefed run commandAndExit cts-dev -m CtsSecurityTestCases -t android.security.cts.ServicePermissionsTest
Bug: 32806790
Change-Id: Iaff6b9506818ee082b1e169c89ebe1001b3bfeca
-Plumb IpSecManager APIs to NetD
-Add Resource Management to IpSecService
Bug: 33695893
Test: CTS verifies nearly all of these paths
Change-Id: Ic43965c6158f28cac53810adbf5cf50d2c54f920
-Remove Int-based SPI usage from the IpSecTransform.Builder
This is essentially a less-safe method overload, and it is both
unnecessary and difficult to implement: the cross-validation
between SPI and Transform is actually useful, and the kernel
requires two different mechanisms to use an unreserved vs a
reserved (alloc'd) SPI: CREATESA vs UPDATESA, which makes this
hard to support. API Council has questioned the value of this,
and they are right: everything points to "remove this". In the
future, if we find that SPI reservation is overhead, we can
always add it back.
-Hiding the TunnelMode builder method and application/remove
methods. These will not land by the time the next API
stabilizes, so better to hide them now that this is a
near-certainty. Expectation is to un-hide them in the subsequent
API bump.
Bug: 36073210
Test: Compilation, verified nobody is calling these stubs
Change-Id: Ic1a3f2cf7128633318ac175d6b56b45eb8d21cab
To make the SPI reservation more semantically consistent with the
transform creation API, and to ensure that we always create SPI
reservations relative to a well-known remote, we should take the
SPI request relative to a remote (rather than to a destination).
This necessitates that we now consider direction separately, which
is used for keying the SA-Id.
Bug: 36073210
Test: compilation
Change-Id: I81e955c20128c1f8e04fd68eb26669561f827a78
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 34811227
Test: Service boots (and dumpsys works), more via b/34811227
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
-Add IpSecService with the necessary glue to connect to netd
-Add code to retrieve IpSecService from System Server
Bug: 34811227
Test: Service boots (and dumpsys works), more via b/34811227
Merged-In: I4cdcb643421141202f77a0e2f87a37012de0cd92
Change-Id: I4cdcb643421141202f77a0e2f87a37012de0cd92
Symptom:
NPE occurred while performing NetworkStatsService.removeUidsLocked().
Root cause:
NetworkStatsService refers to mUidRecorder at
NetworkStatsService.removeUidsLocked() when mUserReceiver received
Intent.ACTION_USER_REMOVED.
However NetworkStatsService sets mUidRecorder to null without
unregistering mUserReceiver when mShutdownReceiver received
Intent.ACTION_SHUTDOWN.
Therefore NPE occurred when mUserReceiver received
Intent.ACTION_USER_REMOVED after mShutdownReceiver received
Intent.ACTION_SHUTDOWN.
Solution:
Unregister mUserReceiver before setting mUidRecorder to null when
mShutdownReceiver received Intent.ACTION_SHUTDOWN.
Bug: 36015339
Change-Id: I9279e4c6ae07d94e7ec519c40b2d973c84d8fef1
This CL adds an API to set up an IPSec Security Association
and Security Policy to perform Transport-Mode and Tunnel-Mode encapuslation
of IP Packets.
Bug: 30984788
Bug: 34811752
Test: 34812052, 34811227
Change-Id: Ic9f63c7bb366302a24baa3e1b79020210910ac0a
* commit 'a19056c35d16ddb5a6c1d3343729701b8939f1e1': (35 commits)
NetworkMonitor: send one DNS probe per web probe
NetworkMonitor metrics: add first validation information
APF: also drop any ICMPv6 RSs
ConnectivityServiceTest: fix testAvoidBadWifiSettings
Fix ConnectivityServiceTest testRequestBenchmark
Switch over to new "time.android.com" NTP pool.
Define API for metering network stats buckets.
Refactored NetworkStatsServiceTest to use Mockito instead of EasyMock.
Use @Ignore to explicitly disable a @Test method.
Fixed NetworkStatsServiceTest and converted it to JUnit4.
VPN network stat accounting changes.
ConnectivityThread: use lazy holder idiom
ConnectivityManager: use ConnectivityThread looper
ConnectivityManager: a simpler CallbackHandler
Indicate the NsdServiceInfo attributes are only filled in for a resolved service.
Add a null check for the OnStartTetheringCallback.
TokenBucket for rate-limiting and throttling
IpConnectivityMetrics reads buffer size in settings
CaptivePortalLogin: set mixed content policy to compatibility.
Add IP conn metrics to dumpsys and bug reports
...
Dependent on ag/1550196 where API is defined.
Bug: 31015360
Bug: 26545374
Test: runtest --path
frameworks/base/core/tests/coretests/src/android/net/NetworkStatsTest.java,
other test classes.
(cherry picked from commit 357f8fabc8)
Change-Id: I46da93ba4afa968facf98f7c3d844fd0c469095a
