For some networks such as mobile data connections, its LinkProperties
does not contain routes for the local subnet so no such route is added
to the interface's routing table. This can be problematic especially
if the device is in VPN lockdown mode where there exists high-priority
PROHIBIT routing rule which in turn blocks the network's default gateway
route from being added (next hop address hitting the prohibit rule).
We fix this by patching LinkProperties to always include direct connected routes
when they are received by ConnectivityService. This has the added advantage that
when apps get LinkProperties, they see the directly connected routes as well.
Bug: 63662962
Test: runtest frameworks-core -c android.net.LinkPropertiesTest
Test: runtest frameworks-services -c com.android.server.ConnectivityServiceTest
Test: Start with device with mobile data, set up ics-OpenVPN in always-on
lockdown mode. Turn off mobile data then turn it back on, observe
mobile data connectivity is restored and VPN successfully reconnects.
(cherry picked from commit 1bb5c0818f)
Change-Id: Ia14f88bcf49d37286519c26dff6b7180303e2cbe
When a carrier provides an "anchor" of data usage at a specific
moment in time, augment the network statistics used by warning/limit
thresholds and Settings UI. For example, if the OS measured 500MB
of usage, but the carrier says only 400MB has been used, we "squish"
down the OS measured usage to match that anchor.
Callers using the hidden API will have their data augmented by
default, and the public API offers a way to opt-into augmentation.
Thorough testing to verify behavior.
Test: bit FrameworksNetTests:android.net.,com.android.server.net.
Test: cts-tradefed run commandAndExit cts-dev -m CtsUsageStatsTestCases -t android.app.usage.cts.NetworkUsageStatsTest
Bug: 64534190
Change-Id: Id3d4d7625bbf04f57643e51dbf376e3fa0ea8eca
Change the evalRequests() API to protected to allow network factory
implementations to call the API.
A use-case of the API change is for factories temporarily reject a
request since they cannot fullfill it immediately but retry it at a
later time if/when conditions change.
Bug: 63866251
Test: integration tests
Change-Id: Idc50ce0799c67634b7b2fdbad78a26e443caf2e4
Currently, we only count add tethering traffic to per-UID
stats, but not to total data usage (i.e., dev and XT stats). This
is correct for software tethering, because all software forwarded
packets are already included in interface counters, but it is
incorrect for hardware offload, because such packets do not
increment interface counters.
To fix this:
1. Add an argument to ITetheringStatsProvider#getTetherStats to
indicate whether per-UID stats are requested. For clarity,
define integer constants STATS_PER_IFACE and STATS_PER_UID
to represent these operations.
2. Make NetdTetheringStatsProvider return stats only if per-UID
stats are requested. (Otherwise tethering traffic would be
double-counted).
3. Make OffloadController's stats provider return the same
stats regardless of whether per-UID stats were requested or
not.
4. Make NetworkStatsService add non-per-UID tethering stats to
the dev and XT snapshots. The per-UID snapshots were already
correctly adding in per-UID stats.
Bug: 29337859
Bug: 32163131
Test: runtest frameworks-net
Test: runtest frameworks-telephony
Change-Id: I7a4d04ab47694d754874136179f8edad71099638
Also moving relevant test files into tests/net as part of runtest
framworks-net.
Also removes testHashCode in LinkAddress() because this test relies on
the assumption that hashCode() is stable across releases or jdk
versions, which is absolutely not true.
This creates maintenance work for little benefit since hashCode is
already tested as part of the equality test.
For instance this test is now broken because hashing for InetAddress
changed.
Bug: 62988545
Bug: 62918393
Test: runtest frameworks-net, added coverage in tests
Merged-In: I695bc3f0e801bf13bc4fc0706565758f12b775b4
Merged-In: I6d3f3c50eaec44e3a0787e849ab28e89f6f4a72d
Merged-In: Iddfec82a08f845e728adadfa6ec58a60a078d6af
Merged-In: I8d6dd5efd226a8b1c4b05d1e1102362b58e094a1
Merged-In: Ied0cc53ac34c7c5f5539507b1979cbf9c215262e
Merged-In: I3b2b7dcb1a9a194fc08643b27bbb5a0e84e01412
(cherry picked from commit 1dfb6b6755)
Change-Id: I9a17094bfdc54b9dec671306618e132a4beb59fc
This patch loosens the validation checks when a NetworkAgent updates it
NetworkCapabilities: instead of checking that capabilities labeled as
"immutable" stay identical across updates, it is now accepted to change
immutable capabilities in a way that the new NetworkCapabilities
satisfies the old NetworkCapabilities.
This allows a NetworkAgent to update itself in order to match more
requests, but will still catch NetworkAgents that sends degradation
updates causing potentially requests to not match anymore.
Bug: 64125969
Test: runtest frameworks-net
Merged-In: I2a1b3f9c0be6415e40edc989d0c1b03b5631f7b1
Merged-In: I0ab76de59e87c46a6961229399ff7200bce49838
Merged-In: Ied592bf6112574399a1e808da337004e1c35f244
Merged-In: I01e287b4df82a53a522566d33b3166f7801badca
Merged-In: I7ee60daa9c4266e9b9179032815dd7267e06377f
Merged-In: I31ef741eb83d64c476e5930d5762514b5d4cb16f
(cherry picked from commit bae105a5cc)
Change-Id: I9d630d63336f4db69f3eb52faa8483f1b1e35d16
Rename the opt-out flag in AndroidManifest to
SERVICE_META_DATA_SUPPORTS_ALWAYS_ON
as directed by the API Council.
Bug: 64331776
Bug: 36650087
Test: runtest --path java/com/android/server/connectivity/VpnTest.java
Change-Id: I24326fad7a89083a2409134640bda81ee0359d08
Since they're both measuring app code (APKs), name this API
consistently with StorageStats.getAppBytes().
Bug: 64331226
Test: builds, boots
Change-Id: I1b00427b619a78c043b1b5fac2d0e6406b51d454
This patch ensures that subtract() between two NetworkStats object will
return a delta with no negative entries in all cases.
When the stats delta contains some negative values, there are clamped to
0. Some logging is added when this happens.
This is what's expected by NetworkStatsHistory#recordData().
Bug: 64365917
Test: runtest frameworks-net
Change-Id: I16e97e73f600225f80e0ce517e80c07c6f399196
This patch fixes the mask used in describeImmutableDifferences which did
not correctly turn NET_CAPABILITY_NOT_METERED into bit flag.
Bug: 63326103
Test: added unit tests, runtest frameworks-net
Merged-In: Ib6b390b1daef5912859302692af7dcd6cfd3e39a
Merged-In: If38efacdeec8476880835657938e435f9b598525
Merged-In: Ieccad46fcffcaf748f5644b04617e9a82527000e
Merged-In: I533ef8fe369cec19d283ff2950314fce6e28cffd
Merged-In: I12636c6699ff60487a28570208e819ea0b66fa2e
Merged-In: Ie5df14e0ea1c12e0cfabe87978ac6c9b744353b2
(cherry picked from commit 2ecb9408f4)
Change-Id: I74ecf34a2c079c74152d00caea2c220e9c6d1fa5
Any NetworkRecommendationProvider bound to by the system must have
access to location (i.e. it holds the location permission and
location is enabled on the device).
If the location permission is revoked then the binding will be
disconnected and the system will revert to the default network
recommendation provider (if set and valid). If location access
is disabled on the device then the binding will be disconnected
but the system won't fall back to the default provider (because
it won't have location either), instead the current provider will
be re-enabled when location access is enabled again.
BUG:62263953
Test: runtest frameworks-services -c com.android.server.NetworkScoreServiceTest
Test: runtest frameworks-services -c com.android.server.NetworkScorerAppManagerTest
Change-Id: I93c37eeda47840d92f3ca52767e878dc19b46740
(cherry picked from commit d816abe97b)
This patch simplifies argument validation in NsdManager public api and
regroup duplicated validation into common methods.
This makes stack traces more actionable as now specific errors will
cause the api to throw exception from specific methods, whereas before
IllegalArgumentException would be thrown from inside the same api method
for different reasons.
This patch also includes a couple of other small cleanups.
Test: $ runtest -x frameworks/base/tests/net/../NsdManagerTest.java
Bug: 35362108
Bug: 37013369
Bug: 62044295
Bug: 63826516
Merged-In: Iaad13e13976e9bf8f508d7188f823f8184ac414b
(cherry pick from commit ff3e6ccca1)
Change-Id: I5e6a1ecc6b98069ef0089bbceecf73f7692df227
This patch improves the wtf() logging in updateCapabilities to
better distinguish between the cases of a changed specifiers, changed
transports, or changed capabilities. The case of NOT_METERED being added
or removed is ignored.
Bug: 63326103
Test: runtest frameworks-net, runtest frameworks-wifi
Change-Id: I05c6e78891e1eac658f1cf883223af520a9a4f8f
Clean up SubscriptionPlan, add docs, and expose as public API.
Deprecate older constants in CarrierConfigManager, and point users
towards new API. (The goal of CarrierConfigManager is to express
key/value pairs that are identical for all users on a particular
carrier, not to configure details that vary between users.)
Since a CarrierService may itself not have access to the plan
details, allow them to "delegate" the capability to configure plans
to another package name.
Factor out new RecurrenceRule class which is used by both
NetworkPolicy and SubscriptionPlan internally. Polish it to support
arbitrary periods, and continue to test it through NPMST.
Bug: 63391323
Test: bit FrameworksCoreTests:android.util.RecurrenceRuleTest
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Exempt-From-Owner-Approval: Bug 63673347
Change-Id: I93fae4a43e58e9e4c32f8bf345a257dcd607f088
Currently, netd is the only source of tethering statistics.
In order to support multiple sources, define a new
ITetheringStatsProvider interface that can be registered with
NetworkManagmentService. Convert the existing code into the
first ITetheringStatsProvider.
(cherry picked from commit ef7b2a13ce)
Bug: 29337859
Bug: 32163131
Test: builds, boots
Test: tethering stats continue to be collected
Change-Id: Ie1b5a5e47ae4bf5af922365b09fa241e834236e4
Merged-In: Ie1b5a5e47ae4bf5af922365b09fa241e834236e4
Always-on VPN is a feature introduced in N. Since then, all VPN apps
targeting N+ are assumed to support the feature, and the user or the DPC
can turn on / off always-on for any such VPN app. However, a few VPN
apps are not designed to support the always-on feature. Enabling
always-on for these apps will result in undefined behavior and confusing
"Always-on VPN disconnected" notification.
This feature provides a new manifest meta-data field through which a VPN
app can opt out of the always-on feature explicitly. This will stop the
always-on feature from being enabled for the app, both by the user and
by the DPC, and will clear its existing always-on state.
A @hide API is provided to check whether an app supports always-on VPN.
Documentation is updated to reflect the behavior change.
Bug: 36650087
Test: runtest --path java/com/android/server/connectivity/VpnTest.java
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackage'
Test: cts-tradefed run cts --module CtsDevicePolicyManagerTestCases --test 'com.android.cts.devicepolicy.MixedManagedProfileOwnerTest#testAlwaysOnVpnUnsupportedPackageReplaced'
Change-Id: I477897a29175e3994d4ecf8ec546e26043c90f13
Add new SubscriptionPlan API to describe the various types of carrier
data plans. Internally the OS will only use the first plan for
driving policy, but it will blindly plumb through the details for
Settings to display any secondary plans.
As part of getting Settings ready to roll towards SubscriptionPlan,
reduce references to NetworkPolicy internal fields. All usage cycle
details are now obtained from an Iterator which converts to
SubscriptionPlan under the hood.
Replace all data usage cycle calculation with new SubscriptionPlan
implementation, and retrofit large suite of existing tests to
exercise and verify the new logic.
Offer a debugging property that can be used to return "fake" plan
examples for testing.
Bug: 63391323
Test: bit FrameworksServicesTests:com.android.server.NetworkPolicyManagerServiceTest
Exempt-From-Owner-Approval: Bug 63673347
Change-Id: I889c653980eeb7887abdfa4f5b6986f35855ee6d
For a long time we've had a nasty tangled dependency between Wi-Fi
and NPMS, since they both persisted different details for configured
networks. As part of preparing for new carrier data plan APIs, move
the tracking of meteredness over to WifiConfiguration.
This also cleans up how meteredness is communicated through
NetworkAgents to rely completely on NET_CAPABILITY_NOT_METERED by
removing the metered flag on NetworkInfo, which has caused confusion
and staleness.
Migrates any existing user-configured metered networks over to
WifiConfiguration once the device finishes booting.
Remove support for NetworkQuotaInfo, since this information can no
longer be made available to apps. Frustratingly, some apps are
using it, so keep the object around returning stub values, and shame
them in the logs.
Bug: 63391323
Test: builds, boots, Wi-Fi policy is upgraded
Exempt-From-Owner-Approval: Bug 63673347
Change-Id: I64f865ddeb65cfcd330f8d2a847368abdf960a07
Add note for VPN developers that VPN apps started in the background must transition to the foreground in Android O to avoid the system stopping them.
Staged at: go/dac-stage/reference/android/net/VpnService.html
Test: make ds-docs
Bug: 38023983
Change-Id: I33c7ca1717c332ffab495eb51c4c6b9c5c304cef
