He prefers to use his @android.com account.
Test: Treehugger
Bug: 63673347
Exempt-From-Owner-Approval: Allow @android.com to approve this CL :)
Change-Id: Ie80cc7864de7b91ae44ad57f0bae9b859d034803
Another CL in this topic moves the classes from
libcore.net.http
to
com.squareup.okhttp.internalandroidapi.
In jarjar'ed build targets, this becomes
com.android.okhttp.internalandroidapi.
This facade constitutes the API via which non-libcore parts
of the Android platform (currently framework) may access
OkHttp. It's moving because libcore.net.http is already
part of libcore, and the overlap of packages is problematic
for builds with EXPERIMENTAL_USE_OPENJDK9 set to true.
Bug: 68220880
Test: Treehugger
Change-Id: Ia79966563cc0b5ab0923d54c21e54b6192d8c990
Exempt-From-Owner-Approval: Jeff Sharkey is an owner, but only one of his accounts is listed as an owner (@android.com vs. @google.com)
This patch takes advantage of the direct DefaultNetworkMetrics interface
between ConnectivityService and IpConnectivityMetrics and removes the
Parcelable interface from DefaultNetworkEvent.
IpConnectivityMetrics, IpConnectivityEventBuilder and associated tests
are updated as necessary.
Bug: 34901696
Test: runtest frameworks-net
Change-Id: I59b6e04fc126051320d08a422cfbd4d27042123e
Add IntDef for constants, and rely on new auto-documentation feature
to expand all of them at usage sites.
Test: docs-only change
Bug: 64133169
Change-Id: I8a6b5f54c8eb9d4fc7ae3d0d3fb673d52320664b
This patch adds a rolling time order logs of basic statistics of
connect and dns, grouped by network id and including:
- average error rate
- average latency
- max latency
- total number of operations
The log is segmented in buckets of 5 minutes, and covers the last 4
hours.
Note that only blocking connect() calls latencies are recorded with the
current netd logging infrastructure.
Example of logs:
05:30:00.000: {netId=100, WIFI, dns avg=92ms max=525ms err=00.0% tot=37, connect avg=0ms max=23ms err=00.0% tot=25}
05:35:00.000: {netId=100, WIFI, dns avg=94ms max=537ms err=05.3% tot=57, connect avg=0ms max=0ms err=00.0% tot=69}
05:40:00.000: {netId=100, WIFI, dns avg=220ms max=350ms err=00.0% tot=4, connect avg=0ms max=0ms err=00.0% tot=2}
05:45:00.000: {netId=100, WIFI, dns avg=112ms max=113ms err=00.0% tot=1, connect avg=0ms max=0ms err=00.0% tot=1}
05:50:00.000: {netId=100, WIFI, dns avg=131ms max=269ms err=00.0% tot=2, connect avg=0ms max=0ms err=00.0% tot=1}
Bug: 65700460
Test: runtest frameworks-net
Change-Id: I54e76d18fbaaa92639fb675f93ea90b7615fd6bf
Allows native AES-GCM-ESP to be used as an IPSec transport/tunnel mode
algorithm with kernel support
Bug: 63589918
Test: IPsecService tests added, existing ones pass
Change-Id: Ie1a9a902be205f269aa37bf956198f2e5b177c21
This is a follow-up CL to address comments
on aosp/466677
-Rename ManagedResourceArray.get()
-Comment cleanup
Bug: 38397094
Test: runtest frameworks-net
Change-Id: I6fbdd89c4a864fe1d8a19c68947f582d7b1f0f21
Add equality testing methods to support tests
for parceling and un-parceling IpSecConfig.
Bug: 38397094
Test: runtest -x IpSecConfigTest.java
Change-Id: I31e318334d39ed6e9daf5ec8f3be7dcec75e12ad
All of the input to IpSecService over the Binder
interface needs to be validated both for sanity
and for safety.
-Sanity check all the parameters coming from binder.
-Added setters for IpSecConfig to decouple the test
from the IpSecManager. This was needed because the
input validation caused the tests to fail due to a
null parameter that was previously un-tested.
-Added the mode flag to the IpSecConfig bundle this
oversight was found during testing.
-Expose the getResourceId() methods for testing in
UdpEncapsulationSocket, SecurityParameterIndex, and
IpSecTransform classes.
-Remove the unneeded getIpSecConfig() from
IpSecTransform: unneeded now that we can synthesize
configs.
Bug: 38397094
Test: runtest frameworks-net
Change-Id: I5241fc7fbfa9816d54219acd8d81a9f7eef10dd4
...just return false instead.
Test: Made an app to test this. Made sure it doesn't have
Test: the required permission. Checked it crashes with
Test: SecurityException without this change. Checked that it
Test: doesn't with it.
Merged-In: Ib5b17a7f68c1327f47fe1f54c0454c51f4226907
Change-Id: Id20d3c240ec5d70d085e0366b92ab3a514f3e7c8
(cherry picked from commit 8f76fc38ec)
adds privileged permission for getCaptivePortalServerUrl
adds tether privileged permission for
startTethering,isTetheringSupported
bug:62348162
Test: make and manual testing
Change-Id: I8eb8e3c9dcd7201abe9ea303ee57fe99073d67eb
This patch addresses a few post-submit comment for
commits f562ac34a51dc and 60c9f63b66921.
Bug: 34901696
Bug: 62179647
Test: runtest frameworks-net
Change-Id: I4abec57e0c6bc869dc57b5eb54582dd977b64c30
This patch defines a new WakeupStats event in ipconnectivity.proto and
populates these events from the NFLOG wakeup events stored in
NetdEventListenerService.
There is one WakeupStats object per known interface on which ingress
packets arrive and may wake the system up.
Example from $ adb shell dumpsys connmetrics list:
UPDATEME
...
WakeupStats(wlan0, total: 58, root: 0, system: 3, apps: 38, non-apps: 0, unrouted: 17, 6111s)
WakeupEvent(13:36:31.686, iface wlan0, uid -1)
WakeupEvent(13:38:50.846, iface wlan0, uid -1)
WakeupEvent(13:39:16.676, iface wlan0, uid 10065)
WakeupEvent(13:40:32.144, iface wlan0, uid 1000)
WakeupEvent(13:40:35.827, iface wlan0, uid 1000)
WakeupEvent(13:40:47.913, iface wlan0, uid 10004)
WakeupEvent(13:40:52.622, iface wlan0, uid 10014)
WakeupEvent(13:41:06.036, iface wlan0, uid 10004)
...
Bug: 34901696
Bug: 62179647
Test: runtest frameworks-net
Change-Id: Ie2676b20bfb411a1902f4942643df0c20e268d99
This patch stores NFLOG packet wakeup events sent by Netd to the system
server into a ring buffer inside NetdEventListenerService. The content
of this buffer is accessible by $ dumpsys connmetrics or $ dumpsys
connmetrics list, and is added to bug reports.
The wakeup event buffer stores currently uid and timestamps.
Bug: 34901696
Bug: 62179647
Test: runtest frameworks-net, new unit tests
Change-Id: Ie8db6f8572b1a929a20398d8dc03e189bc488382
Move all corner case logic from call sites to CompareResult's implementation,
add a constructor to directly do the comparison.
Test: runtest frameworks-core -c android.net.LinkPropertiesTest
Change-Id: I95bba82ec38d295b18c49c025dffab5f17271cbd
Rename the opt-out flag in AndroidManifest to
SERVICE_META_DATA_SUPPORTS_ALWAYS_ON
as directed by the API Council.
Bug: 64331776
Bug: 36650087
Test: runtest --path java/com/android/server/connectivity/VpnTest.java
Change-Id: I24326fad7a89083a2409134640bda81ee0359d08
Merged-In: I24326fad7a89083a2409134640bda81ee0359d08
(cherry picked from commit c57a01c166)
Always-on VPN is a feature introduced in N. Since then, all VPN apps
targeting N+ are assumed to support the feature, and the user or the DPC
can turn on / off always-on for any such VPN app. However, a few VPN
apps are not designed to support the always-on feature. Enabling
always-on for these apps will result in undefined behavior and confusing
"Always-on VPN disconnected" notification.
This feature provides a new manifest meta-data field through which a VPN
app can opt out of the always-on feature explicitly. This will stop the
always-on feature from being enabled for the app, both by the user and
by the DPC, and will clear its existing always-on state.
A @hide API is provided to check whether an app supports always-on VPN.
Documentation is updated to reflect the behavior change.
Bug: 36650087
Test: runtest --path java/com/android/server/connectivity/VpnTest.java
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Change-Id: I477897a29175e3994d4ecf8ec546e26043c90f13
Merged-In: I477897a29175e3994d4ecf8ec546e26043c90f13
(cherry picked from commit 3673863f3b)
This patch ensures that subtract() between two NetworkStats object will
return a delta with no negative entries in all cases.
When the stats delta contains some negative values, there are clamped to
0. Some logging is added when this happens.
This is what's expected by NetworkStatsHistory#recordData().
Bug: 64365917
Bug: 65439160
Test: runtest frameworks-net
Merged-In: I16e97e73f600225f80e0ce517e80c07c6f399196
Merged-In: I2ac0bc3914cb65ae8ee27921856d698dc59624b2
Merged-In: I67d5dc4b52b254748ff17fe1e16c2eeb1d03c30d
Merged-In: Ib488fb034f72c92f19916490981342a3ef2eb33b
(cherry picked from commit ad5e2827ea)
Change-Id: Ic86b65a65a2517c871221f8784088ec1de18f534
For some networks such as mobile data connections, its LinkProperties
does not contain routes for the local subnet so no such route is added
to the interface's routing table. This can be problematic especially
if the device is in VPN lockdown mode where there exists high-priority
PROHIBIT routing rule which in turn blocks the network's default gateway
route from being added (next hop address hitting the prohibit rule).
We fix this by patching LinkProperties to always include direct connected routes
when they are received by ConnectivityService. This has the added advantage that
when apps get LinkProperties, they see the directly connected routes as well.
Bug: 63662962
Test: runtest frameworks-core -c android.net.LinkPropertiesTest
Test: runtest frameworks-services -c com.android.server.ConnectivityServiceTest
Test: Start with device with mobile data, set up ics-OpenVPN in always-on
lockdown mode. Turn off mobile data then turn it back on, observe
mobile data connectivity is restored and VPN successfully reconnects.
Change-Id: I35b614eebccfd22c4a5270f40256f9be1e25abfb
