Previously we use blacklist to get all blacklists, to maintain the consistency
between blacklist and whitelist, and to move blacklist processing to GPU
service, we added blacklists to store all blacklists, and now blacklist will
only represent one blacklist.
BUG: 120869311
Test: Build, flash and boot. Verified in master patch ag/6288554
Change-Id: Ifac875177ad959705c8f80672341c4cbee7bbc93
Merged-In: Ifac875177ad959705c8f80672341c4cbee7bbc93
Exempt-From-Owner-Approval: Change in CoreSettingsObserver.java is too minor
GPU Service is used to monitor all GPU and graphics driver related features.
This patch implements GPU service into System Server, and implements
functionality to extract the whitelist out of game driver package when the
package is upgraded or removed. This will move the whitelist processing off
critical path when app launches.
BUG: 123290424
Test: Build, flash and boot. Verify by upgrading game driver apk.
Change-Id: I563a138bfe0c4c1bb17ed28dab5d6a8df244021d
Merged-In: I563a138bfe0c4c1bb17ed28dab5d6a8df244021d
Instead of keeping reading the whitelist everytime, we want to store it in
Settings.Global variable and reuse it later.
BUG: 120869311
Test: Build, flash and boot.
Change-Id: I5e39757383c5ba7d31af7efb3e6e8a2996e669f4
Merged-In: I5e39757383c5ba7d31af7efb3e6e8a2996e669f4
When a blacklist is set, we must not use driver package for those applications
on the blacklist.
BUG: 120869311
Test: Build, flash, boot. Verify with command line.
Change-Id: I1c9f10a3086007038c328a20346ffadeff1861ae
Merged-In: I1c9f10a3086007038c328a20346ffadeff1861ae
This change also fixes typos and adds some missing comments
Bug: 119221883
Test: Build, flash and boot, verify with prototype
Change-Id: Ida976c4fb3d4af5ffc1d9b977f00fa9c7239a434
Merged-In: Ida976c4fb3d4af5ffc1d9b977f00fa9c7239a434
We updated the development opt in mechanism for GUP. Now we have
GUP_DEV_OPT_IN_APPS for applications selected to use GUP and
GUP_DEV_OPT_OUT_APPS for applications selected not to use GUP.
Bug: 119221883
Test: Build, flash and boot, verify with prototype
Change-Id: I52869ecf9e411a8dbdc1146f00c82023ba41bebf
Merged-In: I52869ecf9e411a8dbdc1146f00c82023ba41bebf
We have rebranded this project to Game Update Package, and GUP for short.
BUG: 119221883
Test: Build, flash and boot. Verify by going to developer options.
Change-Id: If284bd3e0b29cb025833be29fa33179011c151d7
Merged-In: If284bd3e0b29cb025833be29fa33179011c151d7
Allowing customized whitelist filename could result in inconsistency and
fragmentations in toolings.
BUG: 120870520
Test: Build, flash and boot
Change-Id: Ibe9337b358b6a67600048f1661d73574d7bea607
Merged-In: Ibe9337b358b6a67600048f1661d73574d7bea607
We provide a way in developer option to opt-in an application to use updated
graphics driver. To make sure we set up the graphics environment correctly, we
need to access the package name of the selected application. This patch
introduces a global property to store the package name.
BUG: 119221883
Test: Build, flash and boot, verify with prototype
Change-Id: I49dfcccf387169c072fb9345f7a50c00fcdb0737
Merged-In: I49dfcccf387169c072fb9345f7a50c00fcdb0737
This patch adds the ability to load whitelist from updatable graphcis driver
apk. Typically a whitelist is part of the graphics driver apk, and the name is
set by overwriting ro.gfx.driver.whitelist.0
BUG: 117241379
Test: Build, flash and boot, whitelist an app and verify.
Change-Id: Ie36ca0173a90a8e48acaca2979ab64bbf92eeaed
Merged-In: Ie36ca0173a90a8e48acaca2979ab64bbf92eeaed
Call onError for caller of BugreportManager.start() if any io error
occurs during runtime.
Test: Tested manually by throwing IO exception in the code when
bugreport is being generated, onError of the callback successfully
called.
Change-Id: I9033d85d392b926041fc26a86806a370752d062d
This reverts commit 3897df2e36.
Reason for revert: Rolling forward, will fix tests in same CL stack.
Bug: 114231106
Bug: 130397860
Test: FrameworksNetTests
Change-Id: Ia8a0c99b4e1fd5dff26c881715cd876618ca4321
This reverts commit fd8f96d719.
This change does not have any topic: not reverting the other 2 commits in the original topic.
Reason for revert: broke FrameworksNetTests presubmit: b/130397860
Change-Id: Iff41d9fe97fafea44680c8d67d1ce19277548cc0
screenshotFd needs to be optional in Bugreport API. For some bugreports
such as wifi,telephony, interactive etc taking a screenshot is not
required.
Initially, the API was sending invalid file descriptor to the Binder, but
that binder transaction could not be completed as Binder validates the
file descriptor to be valid and not-null.
Adding a tmp.png screenshot file to pass to bugreport API call. In a
separate CL in frameworks/native, added check that the bugreports that
don't require screenshots would not use this file descriptor value.
Bug: 128981582
Test: Tested by taking bugreports using Bugreport API in shell
Merged-In: I3233f5753506ae159c9fa591742e6b99e361039b
Change-Id: I3233f5753506ae159c9fa591742e6b99e361039b
(cherry picked from commit b462e2e499)
To address the API review feedback provided by
the API council.
Bug: 129261432
Test: atest DnsResolverTest
Change-Id: I3de11c913682abf790850b45cd5d50ac28b3fc5c
When a fully-routed VPN is running, we want to prevent normal apps
under the VPN from receiving packets originating from any local non-VPN
interfaces. This is achieved by using eBPF to create a per-UID input
interface whitelist and populate the whitelist such that all
non-bypassable apps under a VPN can only receive packets from the VPN's
TUN interface (and loopback implicitly)
This is the framework part of the change that build the whitelist.
The whitelist needs to be updated in the following cases:
* When a VPN is connected and disconnected
This will cover the change to allowBypass bit, since that can't be
changed without reconnecting.
* When a VPN's NetworkCapabilites is changed (whitelist/blacklist app changes)
* When a new app is installed
* When an existing app is removed
* When a VPN becomes fully-routed or is no longer fully-routed
New user/profile creation will automatically result in a whitelist app change
transition so it doesn't need to be handled specially here.
Due to the limitation of the kernel IPSec interacting with eBPF (sk_buf->ifindex
does not point to the virtual tunnel interface for kernel IPSec), the whitelist
will only apply to app VPNs but not legacy VPN connections, to prevent breaking
connectivity with kernel IPSec entirely.
Test: atest PermissionMonitorTest
Test: atest android.net.RouteInfoTest
Test: atest com.android.server.ConnectivityServiceTest
Test: atest HostsideVpnTests
Bug: 114231106
Change-Id: I143b03d60e46cb1b04732b4a4034f5847b4d1b1a
From mainline perspective, we should use android flag api
instead of using Settings. Thus, move the definitions into
NetworkStack.
Bug:120013793
Test: atest NetworkStackTests SettingsBackupTest
Change-Id: I8e1fb5b47fff3bf624131ba1f5732daabd991e6d
Merged-In: I8e1fb5b47fff3bf624131ba1f5732daabd991e6d
Merged-In: I0a2a1e5d3de14ea86556ca471e26064df3481412
This follow-up change performs some cleanup changes without affecting
functionality
Bug: 72950854
Test: Compiles, CTS tests using this pass
Change-Id: Ic7394f24f11d713c9374b438182e29d2a02ea236
ConnectivityManager and its usages are removed from
NetworkStatsService. After that, forceUpdateIfaces requires
information that only ConnectivityService has, hence
restricting the calling permission to NETWORK_STACK or
MAINLINE_NETWORK_STACK permission. The required permission
will be changed from READ_NETWORK_USAGE_HISTORY to
NETWORK_STACK or MAINLINE_NETWORK_STACK. This change would make
it impossible to call outside the system.
Bug: 126830974
Test: atest FrameworksNetTests
Change-Id: I776484921b2dbb6735d7940c558fb5e4baed6d1e
