Currently, registerNetworkStatsProvider requires the
UPDATE_DEVICE_STATS permission. This is a privileged permission
so it can be granted to preinstalled apps. Thus, apps like
GmsCore, or preinstalled apps will be able to update network stats.
This change checks for a new permission that would only allow
signature apps to declare that. Also check
MAINLINE_NETWORK_STACK permission to allow NetworkStack process
to use it.
Test: adb shell dumpsys netstats
Test: atest FrameworksNetTests
Bug: 149652079
Change-Id: Idfebd0a1988c3dcfd812d87e30f6a2034d6fbf6b
Module IPsec(IKE) will not be in bootclasspath or expose API
from frameworks/base anymore. Instead it will be built as a
java_sdk_library and expose APIs under its own directory.
This commit:
- Removes API from frameworks/base
- Adds ike to FrameworksNetTests manifest so that VpnTest is
able to load it.
Bug: 145995723
Test: build, flash, boot
Test: atest FramewokrsIkeTests (passed)
Test: m mts && mts-tradefed run mts-ipsec (passed)
Test: manually tested that FrameworksNetTests can use ike.jar
Change-Id: I37ba02eb3003ea28e66f50ca0b612597ef48f6d5
Merged-In: I37ba02eb3003ea28e66f50ca0b612597ef48f6d5
A number of connectivity checks that protect system-only methods
check for CONNECTIVITY_INTERNAL, but CONNECTIVITY_INTERNAL is a
signature|privileged permission. We should audit the permission
checks, and convert checks that protect code that should not be
called outside the system to a signature permission. So replace
all CONNECTIVITY_INTERNAL to other proper permissions.
Bug: 32963470
Test: atest FrameworksNetTests NetworkPolicyManagerServiceTest
Change-Id: I8f2dd1cd0609056494eaf612d39820e273ae093f
Merged-In: I8f2dd1cd0609056494eaf612d39820e273ae093f
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
The UPDATE_DEVICE_STATS permission has become the de-facto mechanism
that platform components use to shift blame for resource usage, so
it's confusing to also have a separate MODIFY_NETWORK_ACCOUNTING
permission. So this change replaces MODIFY_NETWORK_ACCOUNTING with
UPDATE_DEVICE_STATS.
Bug: 62483389
Test: builds, boots
Exempt-From-Owner-Approval: Bug 63673347
Change-Id: I872759f02327b6d531ec2338bd876890aded60ad
This will give us a good place to put all the networking tests.
Fix: 31479480
Test: adb shell am instrument -w -e notClass com.android.server.connectivity.tethering.TetherInterfaceStateMachineTest 'com.android.frameworks.tests.net/android.support.test.runner.AndroidJUnitRunner' # PASS
Change-Id: I4b389f7f4e33a996885b38670f585e58ca66f777
