Make Nat464Xlat talk to netd directly instead of through
NetworkManagementService. The methods in NetworkmanagementService
don't really provide any value: since the only thing they do is
call into netd, we might as well have the callers talk to netd
directly,
In order to do this, pass INetworkManagementService and INetd to
the NetworkAgentInfo constructor, and update callers appropriately.
Bug: 65674744
Test: builds, boots
Test: atest FrameworksNetTests
Change-Id: Iac4cfe709c6279e4d9682b6754963e533707bd12
Since the CTS test for android.os is build with test_current.
Bug: 78650449
Test: android.os.cts
Change-Id: If784f4949af931c6c4efc284f1d16414705fe2d4
Merged-In: If784f4949af931c6c4efc284f1d16414705fe2d4
Add dummy implementations for status, error and finished callbacks.
Next step: wire these up end-to-end; change Shell's listener to be
BugreportManager.BugreportListener, and make it communicate with the
native service explicitly through the new system api.
BUG: 111441001
Test: Verified progress in interactive bugreport still works
Change-Id: Iad0bb7b23b04f6bc7e3b31e5071df42409c78684
The API is mostly implemented; except for hooking up the listener
and handling an already running bugreport.
BugreportManager is the handle to the new API exposed to apps.
Generating bugreports requires root privileges. To limit the footprint
of the root access, the actual bugreport generation in Dumpstate binary,
is accessed as a oneshot service and dies after it finishes
running.
System server accesses Dumpstate via a binder interface since it does
not have root privileges.
Starting a oneshot service is done via setting a system property, which
needs to be done from system server. BugreportManagerService is the
new system server service that does this. BugreportManager calls into
BugreportManagerService via a binder interface, since the former is in
the app's process.
Both app to system server as well as system server to native service
calls are via implementations of IDumpstate binder interface.
Bug: 111441001
Test: builds. Flashed & verified it boots.
Test: wrote a test client (not included) and verified invoking
startBugreport works.
Change-Id: I4abeb753388c055c36ae0dd916af1ec8d40b7bf0
Merged-In: I4abeb753388c055c36ae0dd916af1ec8d40b7bf0
Add an AIDL for ParcelableException so that the
type can be explicitly used in other AIDLs.
Bug: 120489428
Test: compilation
Change-Id: I5839cc0c62744be856ea41fdf6ed1d77150259b5
Members modified herein are suspected to be false positives: i.e. things
that were added to the greylist in P, but subsequent data analysis
suggests that they are not, in fact, used after all.
Add a maxTargetSdk=P to these APIs. This is lower-risk that simply
removing these things from the greylist, as none of out data sources are
perfect nor complete.
For APIs that are not supported yet by annotations, move them to
hiddenapi-greylist-max-p.txt instead which has the same effect.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Change-Id: Ia937d8c41512e7f1b6e7f67b9104c1878b5cc3a0
Merged-In: I020a9c09672ebcae64c5357abc4993e07e744687
The app is not started yet, and does not contain any service for now.
Test: built, booted
Bug: b/112869080
Change-Id: Id5a0fd02c891100e85d86b1040e53beec3581950
Don't use Os.dup(), as it creates file handles which leak across exec()
boundaries. Instead, use fcntl(F_DUPFD_CLOEXEC);
O_CLOEXEC is essential for ensuring that file descriptors do not leak
across an exec() boundary. Setting O_CLOEXEC ensures that file
descriptors can't linger around unnecessarily in an exec()ed process
which doesn't use them, making more efficient use of resources.
Additionally, O_CLOEXEC is important in ensuring that untrusted
exec()ed code cannot take advantage of leaked file descriptors.
Test: Android compiles and boots
Bug: 120983106
Change-Id: I99a66834cc6b9bb25e1b4daf75384ec6a91ae9e2
Everything that is marked SystemApi or TestApi, but not @hide is still
part of the public SDK, it is therefore not sound to have that combination.
In the future, specifing such a combination will be considered an error
to prevent inadvertently exposing SystemApi and TestApi as public API.
Bug: 115333477
Change-Id: Ibd5d6a22862fdbc1e20a1cb3925280f5a682edea
Merged-In: Ibd5d6a22862fdbc1e20a1cb3925280f5a682edea
Test: METALAVA_PREPEND_ARGS="--error UnhiddenSystemApi" m checkapi
Exempt-From-Owner-Approval: API cleanup
This reverts commit 2473b08b07.
Reason for revert: Fixed build breakage
sysprop_cpp and sysprop_java directly have been linking against
libprotobuf-cpp-full and do not set proto.type field, which could
cause ASAN error due to linking against both libproto version of full
and lite.
Change-Id: I96eb47444d7b6f6b5fef092efc1514fcdd6f33b6
Merged-In: I8e04f643197b6c8a60cc38c6979e41c5de3469f5
Currently, 464xlat counts its ipv6 tx traffic into root uid.
When user is making ipv4 upload over ipv6-only network, ipv4
tx traffic may sometimes be counted faster then ipv6 tx
traffic.
Thus, NetworkStatsService may detect non-monotonic values due
to 464xlat adjustment.
So the solution is that: for clatd, make ipv6 tx traffic counts
into clat uid, and then ignore it in the framework side.
Bug: 118602783
Test: 1. manually verify clatd traffic on clat uid.
2. runtest frameworks-net
Change-Id: Ifb478b79e3e281918c70e16d1f90682c78f33db1
Some models such as LDU, WIFI do not have "gsm.version.baseband",
which should return "null" when it is called.
However it returns "" not "null"
Bug: 120685535
Test: Self-Test
Change-Id: Idc1363d45a0ece3a35f46da287e21015ac1387af
Netd use this parameter to determine which network it should use for
DNS query when VPN is enabled. But it is no more reliable when we have
seamless vpn handover, since the parameter does not make update to
netd if we have DNS configuration change. Netd should call resolver
API to get latest DNS information rather than this one.
Bug: 116539103
Test: runtest frameworks-net passes
Change-Id: I6491114ab6de0ff66322f1da69056e6f3c999b5a
Properties accessed across partitions are now schematized and will
become APIs to make explicit interfaces among partitions.
Bug: 117924132
Test: m -j
Change-Id: I8e04f643197b6c8a60cc38c6979e41c5de3469f5
Merged-In: I8e04f643197b6c8a60cc38c6979e41c5de3469f5
If these values are ever changed (or their parceling), we'll also need
to update libbinder.
Bug: 115607973
Test: N/A
Change-Id: Id9c594ea039687855047c005a0c3a9bfe0002732
Fix up resolves to minimize differences to internal code.
Test: m
Change-Id: Idbacb6ad14c43aff8030d70b5e17427b86e92d6e
Merged-In: I4e06b3f93e30ed1c7868ec9e018709a7e796e441
This had to be called from native because serialization
was done from native, but now that serialization is in Java
we can move this back to a more logical place.
Also, this allows us to dump the per-UID proxy counts in
this situation again.
Bug: 109888955
Test: sailfish builds, proxy debug info shown on hitting limits
Merged-In: I4e06b3f93e30ed1c7868ec9e018709a7e796e441
Change-Id: I4e06b3f93e30ed1c7868ec9e018709a7e796e441
Bug: 110380403
Test: Tested in ARC++ (with Settings and vold changes in separate CLS)
- able to see the external storage under StorageSettings. Also tested
the sm command to print stubvolumes.
Change-Id: I7517260a40399bd9800424bb394512601f6af617
Bug: 110380403
Test: Manual test in ARC++, prototyped a way that reset reaches ARC++
service.
Change-Id: Icc7dcc8b5c726ed9f61226569227c4d47f44b386
Merged-In: Icc7dcc8b5c726ed9f61226569227c4d47f44b386
Based on some analysis, these fields/methods are likely false positives.
Set maxTargetSdk=P so that any apps using them are required to migrate off
them in future. See the bug for more details.
Exempted-From-Owner-Approval: Automatic changes to the codebase
affecting only @UnsupportedAppUsage annotations, themselves added
without requiring owners approval earlier.
Bug: 115609023
Test: m
Merged-In: I719b5c94e5b1f4fa562dd5d655953422958ad37e
Change-Id: I719b5c94e5b1f4fa562dd5d655953422958ad37e
(cherry picked from commit 8c854f86a4)
DumpstateOptions will be used to pass options to Dumpstate service
for specifying arguments for taking bugreports.
Test: m
Test: adb bugreport
Change-Id: I4dc9511f0be2f86239ea9094a3c527b6ce0d1d41
Allow VPN apps to lookup the UID owner of a network connection.
Requires specifying the:
- IP address and port for both the source and destination of a TCP
connection.
- IP address and port for either source and destination or just
source for a UDP connection.
Only TCP and UDP protocols are supported. Only connections for UIDs
that apply to the calling VPN app will be resolved. This is intended
to replace direct app access to /proc/net/{tcp,tcp6,udp,udp6}.
The implementation uses netlink inet_diag sockets[1] to perform
the lookup on TCP sockets as well as UDP sockets when supported
(kernel has CONFIG_INET_UDP_DIAG=y).
[1] http://man7.org/linux/man-pages/man7/sock_diag.7.html
Bug: 9496886
Bug: 109758967
Test: atest HostsideVpnTests
Test: atest InetDiagSocketTest on Taimen with CONFIG_INET_UDP_DIAG
and on Sailfish without CONFIG_INET_UDP_DIAG.
Change-Id: I2bbc7072dd091e2e653dadf6dc05024c04180f34
