Adds support for always-on VPN profiles, also called "lockdown." When
enabled, LockdownVpnTracker manages the netd firewall to prevent
unencrypted traffic from leaving the device. It creates narrow rules
to only allow traffic to the selected VPN server. When an egress
network becomes available, LockdownVpnTracker will try bringing up
the VPN connection, and will reconnect if disconnected.
ConnectivityService augments any NetworkInfo based on the lockdown
VPN status to help apps wait until the VPN is connected.
This feature requires that VPN profiles use an IP address for both
VPN server and DNS. It also blocks non-default APN access when
enabled. Waits for USER_PRESENT after boot to check KeyStore status.
Bug: 5756357
Change-Id: If615f206b1634000d78a8350a17e88bfcac8e0d0
The activity notification is received from netd, an intent
DATA_ACTIVITY_CHANGE is then raised for other part of the system to
consume.
Change-Id: Idfcc4763c51c5b314c57f546c12557082f06bebf
Logging exec time on startUsingNetworkFeature as we've had some reports suggesting it's
causing ANRs.
Remove some logging from NDC so it's local log is more useful.
bug:6492166
Change-Id: I258ff6c59bff2c65935242d50496d84720c5d493
When netd drops its socket connection to framework, assume that it
has restarted, and push any existing rules to keep netd and iptables
consistent.
Bug: 6376246
Change-Id: Id93138938321bcf885eb0e4fecaff8b150cfdfcf
Add method to parse new iface_stat_fmt proc stats, or return null
when kernel support is unavailable. Add test and remove older, unused
parsing code. Create new "xt" recorder to persist the new xtables
counters when available.
Add SSID support to NetworkIdentity to fix policy tests.
Bug: 6422414
Change-Id: I77f70e9acb79a559ab626f3af5c4f3599801ed43
Create a LocalLog class for logging within a service for dumping in dumps.
Use it in the NativeDaemonConnector so we can get some insight into what
is happening in these lockups.
bug:5864209
Change-Id: I68ddc58847f3c8de613be9528570f8c3157d8274
Uses argument escaping inside NativeDaemonConnector, using varargs
to separate boundaries. Also introduces Command object to help build
argument lists.
Bug: 5472606
Change-Id: I357979fc19bb0171a056e690064e01b5a7119501
Perform uniform argument escaping inside NativeDaemonConnector, using
varargs to separate boundaries. Also move to parsed NativeDaemonEvent
instances instead of raw Strings.
Bug: 5472606
Change-Id: I1270733e2b2eeb2f6b810240df82ab24d38ebf40
Secondary nets sometimes come up with no routes, but parsing errors end up with null
routes getting added. Trim that away. Also added some dumpstate logging of the secondary
route tables and rules.
bug:5615697
Change-Id: I94c9d888bab958df44891b9117236436e046cc7f
Replace TrafficStats calls by reading values from xt_qtaguid kernel
module. To keep BatteryStatsImpl changes lightweight, cache recently
parsed stats. Tracks mobile ifaces from ConnectivityService.
Refactor xt_qtaguid parsing into factory outside of NMS. Add stats
grouping based on UID, and total based on limiting filters like iface
prefix and UID.
Bug: 4902271
Change-Id: I533f116c434b77f93355bf95b839e7478528505b
When available, use single "iface_stat_all" file instead of reading
values from dozens of files scattered across proc. Tests to verify.
Bug: 5397840
Change-Id: I0247be518436c1f79b32c4b72216739f49a9e8cc
Begin tracking xtables summary of data usage to compare with values
reported from /proc/net/dev. Roll tethering directly into UID stats
to trigger UID stats persisting when crossing threshold.
Include xtables summary and authoritative time in samples.
Bug: 5373561, 5397882, 5381980
Change-Id: Ib7945522caadfbe0864fdf391582dc820f4f371e
Use new "gettetherstats" netd command to retrieve statistics for
active tethering connections. Keep tethering poll events separate
from UID poll, even though they end up same historical structures.
Bug: 5244846
Change-Id: Ia0c5165f6712c12b51586f86c331a2aad4ad6afb
When ifaces change, poll UID stats without persisting, since they
depend on knowing active iface to store correctly. Log dropped UID
stats when iface is unknown. Switch to using flags when calling
performPoll().
Enforce that "idx" values are consistent from xt_qtaguid. Transition
to using Log.wtf() for important checks, mostly around file I/O,
kernel stats parsing, and kernel module control. Increase stats
persist threshold to 2MB to reduce churn.
Bug: 5269476, 5270106
Change-Id: I721215bfb65127f95775c71cf135e907cd567e92
Only combine /proc/net/dev and xt_qtaguid stats when iface is marked
as active. When inactive, only return xt_qtaguid stats. When iface
is unknown to xt_qtaguid, always pass through /proc/net/dev stats.
Bug: 5242730
Change-Id: I469fc6abe45309f794afebca814cbb39e4f13af5
When reading network counters, always splice in xt_qtaguid values
to avoid counting backwards. Test to verify.
Remove verbose logging around global alerts, and add dumpsys debug
info for NMS and MDST. Also fix subtle bug around stats persisting
and dumping.
Bug: 5212893, 5211028
Change-Id: I783e5286637a67ee2dd2b09878198711a926d0cb
When recording data usage, measure the actual active time, since
buckets can be quite long. Offer incrementOperationCount() version
that reads thread stats tag for caller. Rethrow any NPE as ISE
during stats parsing, which callers already handle.
Bug: 5171812, 5184508, 5180659
Change-Id: I6da80ccc0162be68bee279529e3a23b6f98ebd87
Instead of polling every 15 minutes, register for alerts that trigger
when system-wide traffic passes a threshold. Still mixed with polling
to persist UID stats, but relaxed to 30 minutes. Currently watches
for every 512kB.
Make persistence decision separately for network versus UID, and use
total delta bytes when making decision. Use light bootstrap during
systemReady() instead of heavy poll, which had been force-loading all
UID data unnecessarily.
Bug: 5023631
Change-Id: I04b723d6c4bf872fb1028071122dba66a8e1b576
