Adds support for a new AppOp to permit services to
use IpSec tunnel mode. The IpSecService now needs
a context so change the service mode to a cached
service rather than a static service.
Bug: 66955045
Test: runtest frameworks-net
Change-Id: I17a4a286225b432c3e15ea1587d946189931b4f4
Usage stats corrections for 464xlat in NetworkStatsFactory are not applied
to tethered traffic. Add adjustments in NetworkStatsService. After
migrating external callers off NetworkStatsFactory, we will be able to
only apply adjustments in NetworkStatsService and remove stacked
interface tracking from NetworkStatsFactory.
Bug: 72107146
Fixes: 72107146
Test: runtest frameworks-net & manual - checked corrected network usage
Merged-In: Ieb25c41c651499fdd01225ae5ac21d95e3d823f5
Merged-In: I016722f3a0ae2ae0a1d48bfacc4fe07ee3578ef7
(cherry-pick of aosp I5ce450e616b4fddf21f2a491fe5d0c9e9f969bda)
Change-Id: Id41cf22a0f9a63cb1832e9375bfb045861f08e52
Useful for clients such as BatteryStats which currently rely
on NetworkStatsFactory. Data at that stage is incomplete as
it does not account for tethering, VT data and corresponding
464xlat corrections.
Test: runtest frameworks-net, CTS tests pass.
Bug: b/72107146
Merged-In: I31c5b9b4a7c6e72910152415894a137f000a5858
Merged-In: I2527d95000c7500c824ede70f87ecb38e21ed323
(cherry picked from aosp 088ff6824f)
Change-Id: Ie80f1bb21124241f3414f9be77aceac9a44ec6d1
Disallow the allocation of SPIs in the range
reserved for future use by RFC 4303.
Bug: 77205120
Test: runtest frameworks-net
Merged-In: I05e26ed34b5871f1a07d5bd7b58b79a64cd74b67
Change-Id: I05e26ed34b5871f1a07d5bd7b58b79a64cd74b67
(cherry picked from commit 7f606ee8e5)
Instead of providing default truncation lengths (based on RFC or
otherwise), this change imposes a restriction that the truncation length
must be supplied for all auth or aead algorithms.
Bug: 77204048
Test: Updated tests, ran on walleye
Merged-In: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97
Change-Id: I4a0e2e71aa97259e56f44e7c8a2ce53135708d97
(cherry picked from commit bb7f2820f5)
This change updates the getSocket() methods for IPsec to improve clarity
of the return types, both for public APIs, and internal-only methods.
Bug: 72473753
Test: APIs updated, CTS + unit tests ran.
Merged-In: I0afebd432c5d04c47c93daa1ce616d712aa323d7
Change-Id: I0afebd432c5d04c47c93daa1ce616d712aa323d7
(cherry picked from commit 4c987ebade)
This is the counterpart to Network.getNetworkHandle() and facilitates
native code calling back to Java with network handle values from
getNetworkHandle.
Bug: 77210159
Bug: 64148938
Test: make CtsNetTestCases
Change-Id: I032b959d84180c063a79ddd97c35e7384b0f50a1
Currently we are using PROCESS_STATE_BOUND_FOREGROUND_SERVICE to
decide whether to allow network access for an uid or not but
PROCESS_STATE_TOP is used for bucketizing data in fg vs bg states.
It's possible that even though user restricts background data uasge
for an app, the bg data usage amount displayed to the user is > 0.
As this could be confusing, use PROCESS_STATE_BOUND_FOREGROUND_SERVICE
for bucketizing in fg vs bg states too.
Bug: 63907204
Test: atest com.android.server.NetworkPolicyManagerServiceTest
Test: manual
Change-Id: Ib506e421043fbe1052b6d0068ebf01d288faba21
Allow apps to specify a list of capabilities that network must not have
in order to satisfy the request.
Bug: 72828388
Test: m -j
Change-Id: I91ee54963f7b92899c7a107b3a450b268c62fd8d
If you put values into the Builder, you should be able to observe
those values on the built object.
Test: atest android.net.cts.NetworkRequestTest
Bug: 74945408
Change-Id: I9aacceb82c98f7881f0eb5e1106d89d469b816a7
Some system apps should be able to request OEM_PAID networks. This
makes a lot of sense when Android is used as in-vehicle infotainment
systems.
Bug: 68762530
Test: runtest -x frameworks/base/tests/net/ -c android.net.NetworkCapabilitiesTest
Change-Id: Ic916de7522a9f803a2410bc4e3e82101fd9d0dbd
Updates API documentation to mention that TCP sockets where transforms
are deactivated will not send FIN packets.
Bug: 74851550
Test: API updates only
Merged-In: I8169f221c8c747538a8bddfbf02dcc73c9337189
Change-Id: I8169f221c8c747538a8bddfbf02dcc73c9337189
(cherry picked from commit 7d31a2f357)
This will let ConnectivityService send the right callbacks to the
relevant apps.
Test: manual with apps
runtest frameworks-net
cts
new tests for this functionality
Bug: 67408339
Change-Id: I6f08efd9e73c7e191f833d7f307a3bf4c9e2f0b4
Add a new MANAGE_IPSEC_TUNNELS permission and
protect all IPsec Tunnel mode APIs with it.
This permission is only granted to the system or
through an AppOp.
Bug: 66955045
Test: compilation
Change-Id: I0f618373b500c493ef2211bece681f74652a1833
Permits syncing over a specific network instead of the default for
the process. This was causing an issue with Android Wear devices
paired with iOS where the default network is bluetooth
(see b/32663274).
This CL is in support of ag/3776564
Bug: 32663274
Test: adb shell am instrument -e class android.net.SntpClientTest -w \
com.android.frameworks.coretests/android.support.test.runner.AndroidJUnitRunner
Change-Id: Ic9fc169cf75457810d4992121d85d7642e350b90
Bug: 73217368
Test: manual
Using Datally on work profile. Before this, enabling the VPN
does not show the key icon. After this it does.
Change-Id: I454eb8f3881a48af1b0187c2b14a2a399d3c2445
This CL adds NonNull annotations to a large
number of method returns and parameters as
part of API council feedback.
Bug: 72473424
Test: compilation (docstring-only change)
Merged-In: I2f865dde56fe12116c461ad98e9460bf1802ce18
Change-Id: I2f865dde56fe12116c461ad98e9460bf1802ce18
(cherry picked from commit 8fd26f67fd)
When exposing the APIs, these were missed.
The outer structure is exposed, so this exposes
the addAddress and removeAddress methods.
Bug: 75234273
Test: compilation
Merged-In: I79911434f9baa660e4d8564cc59d80da4a710c42
Change-Id: I79911434f9baa660e4d8564cc59d80da4a710c42
(cherry picked from commit a83601a511)
This change adds implementation details for add/remove addresses onto a
VTI.
Bug: 73675031
Test: New tests added, passing on Walleye
Merged-In: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
Change-Id: Idde9d943a5285d2c13c5c6b0f7b8a9faf718e6a5
(cherry picked from commit ecc9f7cc08)
Kernel limitations prevent auth-only SAs from being created. Explicitly
request a null encryption algorithm instead of omitting the algorithm
to comply with the kernel requirement for ESP.
Bug: 75049573
Test: CTS tests for auth-only, crypt-only transforms added for all
combinations of (UDP, TCP, IPv4, IPv6, UDP-encap) Also added unit
tests to ensure correct triggering of NULL_CRYPT usage.
Merged-In: Ia9a5cfee9c7786412846bc039f326420f6211c08
Change-Id: Ia9a5cfee9c7786412846bc039f326420f6211c08
(cherry picked from commit bf013a3820)
-Add anotations to usages of PolicyDirection for
apply...() methods.
-Update the comments on DIRECTION_IN and DIRECTION_OUT
to better reflect their current usage.
-Add a better explanation to the rekey procedure doc.
-Remove disused createTunnelInterface() stub.
Bug: 73751066
Test: make docs
Merged-In: I9f2ec864466148a18899f1e952c74a525902ccbc
Change-Id: I9f2ec864466148a18899f1e952c74a525902ccbc
(cherry picked from commit f4cdf25a90)
getType, getTypeName, isConnectedOrConnecting, isConnected,
isAvaisable, isFailover, isRoaming, getState, getDetailedState,
getReason, and the TYPE_* constants in ConnectivityManager
along with methods that use them are now stacked on a boat
bound for the other side of the Styx.
Test: no code changes
Bug: 62844794
Change-Id: Idd70763de5b1af5580b4734cd443ac4b570069cc
We want to catch potential exceptions that occur when restoring
NetworkPolicy settings. Here, a DateTimeException can be thrown when
we try to read the recurrence rule from the backup data and cannot
parse a timezone.
We also add GTS tests to validate that these catches persist and that
we don't crash when given unexpected backup data to restore.
Bug: 73942796
Test: gts-tradefed run gts -m GtsBackupHostTestCases -t com.google.android.gts.backup.NetworkPolicyRestoreHostSideTest
Change-Id: I6f6ea09d2fff60b8d704c6160234e6f032321103
(cherry picked from commit 853097ca2c)
Addresses a long-standing TODO. Now, when calling IpClient's
startProvisioning(), the interface has to be available (i.e.
InterfaceParams#getByName() must return non-null).
Also:
- add a test
- refactor for testability
- delete some constructors no longer used
- properly handle passed-in null IpClient.Callback
- some more IpManager -> IpClient renaming
- permit recording metrics before starting a provisioning
attempt (logging immediate errors) without Log.wtf().
Test: as follows
- built
- flashed
- booted
- runtest frameworks/opt/net/wifi/tests/wifitests/runtests.sh passes
- runtest frameworks-net passes
- basic WiFi IpClient connections works fine
Bug: 62476366
Bug: 73487570
Merged-In: I68e5e24122dc31e730cdbe8d75e33847e6332da4
Merged-In: Ifd27f5d908947cd7b4e1b8d54f9fa87e43ebb11b
Merged-In: Ief3c8e1652f69af0276fe35946ae1bf6e6b1b57e
Change-Id: Ic83ad2a65637277dcb273feb27b2d1bb7a11eb2b
(cherry picked from commit b152cd0aa4)
