This change adds one KernelResourceRecord type (TunnelInterfaceRecord),
and adds methods for the creation of TunnelInterfaces, as well as the
application of Transforms to the given TunnelInterfaces
As part of the generation of ikeys/okeys, a ReserveKeyTracker manages a
java bitset to avoid collisions and reserve/release keys.
Bug: 63588681
Test: Compiles, CTS, unit tests all pass on AOSP_marlin
Change-Id: I9e9b6455e27073acd4491eae666aa966b3b10e0f
* changes:
Let network requests see VPNs.
Move constants into a new file.
Make sure listen requests from VPN apps see their own networks
Add a test for new UID checking code.
Remove UID_RANGES_ADDED and REMOVED.
Move VPN allowed UIDs into NetworkCapabilities.
Pre-import to remove a conflict.
Simple change to expose systemAPI for applyTunnelModeTransform
Bug: 36033193
Test: All CTS, unit tests passing
Change-Id: I2d857c048bc0dc80c3949387f946b1f5adf0527e
Test: runtest frameworks-net
Test: CTS pass, including with the next patch which is what this
actually matters for
Change-Id: I09a94042acbefa24ab884f95326e30d6ab280b82
Test: runtest frameworks-net
Test: also new specific tests for this new code
Test: also tested with VPN app
Test: also cts passing
Change-Id: If0311bae2bf99dedac959febadecf4f92f3064b8
Currently, NetworkStatsManager queries and callbacks only allow
selecting network traffic based on network identifiers:
networkType, subscriptionId and networkId. The code ends up
converting these into a template under the hood.
Now that templates can express more fine-grained queries (e.g.,
select only roaming traffic, or select only traffic that's not
on the default network) add a hidden method to pass in a
template. This should have no security implications, as all the
access controls are performed in NetworkStatsService.
Bug: 35142602
Test: android.app.usage.cts.NetworkUsageStatsTest passes
Change-Id: Iab4afa26b34544299d2a9c501c1b0feb470e90a9
Merged-In: Iab4afa26b34544299d2a9c501c1b0feb470e90a9
This will allow data usage clients to query for and receive
callbacks on data usage matching these conditions.
Bug: 35142602
Test: atest FrameworksNetTests
Change-Id: I4d985a2734eeab7ee454c09cc2098b6b3c671c23
Merged-In: I4d985a2734eeab7ee454c09cc2098b6b3c671c23
This is in its own commit because AOSP has diverged from internal
master.
Bug: 35142602
Test: builds, boots
Change-Id: I75fc85b961bc919e3d6c2adce6d6861c6f2c8379
Merged-In: I75fc85b961bc919e3d6c2adce6d6861c6f2c8379
This allows an app using the public API to know whether the
traffic in a particular bucket was on the default network
(i.e., the network was selected by the system), or not (i.e.,
the network was selected by the app).
Bug: 35142602
Test: builds, boots
Test: added coverage to NetworkUsageStatsTest CTS test, still passes
Change-Id: I9f6669908fa119743b9c0aa0c31a03e5ebafa7db
Merged-In: I9f6669908fa119743b9c0aa0c31a03e5ebafa7db
When the libcutils constant was added there a merge conflict, which
caused the AID_WEBVIEW_ZYGOTE value to land with a different value than
the Java-side Process value. Nothing yet uses the Process constant, so
there were no ill effects.
Test: m
Change-Id: I8cc87bce1ddbdcdaf79d85c828d86837e96cce21
The only caller is telephony code, and it's being fixed in this
topic.
Bug: 35142602
Test: builds, boots
Change-Id: Ia77a1c2c297037f311c2355610c206cd8e3192c4
CreateTransportModeTransform and DeleteTransportModeTransform are both
agnostic as far as which mode of transform it creates/deletes. As such,
to facilitate the implementation of tunnel mode, this patch renames them
to CreateTransform and DeleteTransform, along with all test names.
Bug: 63588681
Test: frameworks/base unit tests and CTS tests run, passed
Change-Id: I1f015eb7ad0e85fca966658a9402485ca2b44091
* changes:
Track and persist in stats whether traffic is on the default network.
Add the default network to NetworkStats and NetworkStatsCollection.
Pass all default networks to NetworkStatsService
This change adds the defaultNetwork to the ident based on current
system networking state, and persists that value to flash.
Bug: 35142602
Test: runtest frameworks-net
Test: downloaded files using default/non-default networks while watching dumpsys netstats
Change-Id: Id8776d149b2977548a9eb455ad4926af55e25aba
This allows us to maintain NetworkStats entries that track
whether the traffic was on the default network.
At the moment, the stats collection code always passes in
DEFAULT_NETWORK_NO. However, this value is a no-op, since it is
not persisted to disk. Only the ident, the uid/set/tag, and the
packet/byte/operation counters are persisted.
A future change will add defaultNetwork to the ident and start
persisting it.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: Ifa291c62c0fa389b88e5561086a29dcd7cee2253
This will allow NetworkStatsService to treat traffic on these
networks differently from traffic where the app selects a network
that is not the default.
Bug: 35142602
Test: runtest frameworks-net
Change-Id: I5ea9d200d9fb153490c6108bb9390bf152f297da
Add classloader support to android.os.Debug.attachJvmtiAgent. For
the original version without a given classloader, look up the
application's main classloader.
Bug: 65016018
Bug: 70901841
Test: m
Test: cts-tradefed run commandAndExit cts-dev
Change-Id: I649b6883e05dc2f75073fe1f978423f6a7b880df
In a future set of CLs, NPMS will offer to override a handful of
capabilities on a per-subId basis. Define a no-op version of the
interface to make it easier to add new methods in the future.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.
Test: bit FrameworksTelephonyTests:com.android.internal.telephony.dataconnection.DataConnectionTest
Bug: 64133169
Change-Id: I03dfd98463861f0338c4174e8d8a88c300ea5b55
Add a new interface and a new management object,
IpSecTunnelInterface to the IpSecManager surface.
This object will be used to control IPsec tunnels.
-Add IpSecTunnelInterface object
-Add methods to create and use an IpSecTunnelInterface
-Update the IpSecTransform builder to create Tunnel
mode IpSecTransform objects (usable with an IpSecTunnel)
Bug: 36033193
Test: compilation
Change-Id: Ib6948b12c15c93674234dc36288058ae44435b90
Before this change, seccomp filter setup is as early as in zygote's main
function. To make it possible to split app and system server's filter,
this postpone the setup to after fork. It also starts to call app
specific and system server specific setup function.
The filter setup is done in Zygote's ForkAndSpecializeCommon. This is
because adding a seccomp filter must be done when either the caller has
CAP_SYS_ADMIN or after the PR_SET_NO_NEW_PRIVS bit is set. Given that
setting PR_SET_NO_NEW_PRIVS breaks SELinux domain transition
(b/71859146), this must be done after Zygote forks but before
CAP_SYS_ADMIN is droppped.
Test: (cts) -m CtsSecurityTestCases -t android.security.cts.SeccompTest
Test: no selinux denial flood in dmesg with selinux enforced
Test: debuggerd -b `pidof com.android.phone` # logcat shows tombstoned
received crash request
Bug: 63944145
Bug: 71859146
Change-Id: I8215c8530d3d0de504a270488f8e29635805e8b0
The API can be used to obtain the maximum number of connected
devices for A2DP or HFP.
Test: Manual
Bug: 64767509
Change-Id: I80b8a1c85e33ae0b23fdc4812f8991a4202d9abc
Can be used by a network to indicate when it's congested, meaning that
apps should defer network traffic that could be done at a later time.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.,com.android.server.connectivity.VpnTest,com.android.server.ConnectivityServiceTest
Bug: 64133169
Change-Id: I8a60b6f02dd0f42268b59690556c16335d34e220
Because IpSecTransforms are now unidirectional,
and because the only mechanism for removing Transforms
removes it from both directions, the API can no longer
use the Transform parameter to meaningfully validate
that the caller had applied a transform. Since that
functionality was as-yet unimplemented and is now
infeasible, the transform parameter is removed.
Bug: 72079356
Test: cts - IpSecManagerTest; runtest frameworks-net
Change-Id: If19b0d34bdc6daf31a40d6d62bff326dcbca08c0
