Currently, getAllCollapsedRatTypes is used to retrieve
all RAT types which will be recorded into NetworkStatsService.
However, there is a missing part that 5G NSA virtual RAT type
is not added into this list. This makes callers such as statsd
do not aware of 5G NSA RAT type and missed to collect data
usage of it.
Test: atest NetworkStatsSubscriptionsMonitorTest#test5g
Test: adb shell cmd stats pull-source 10082
Test: ./out/host/linux-x86/bin/statsd_testdrive 10082
Test: atest UidAtomTests#testMobileBytesTransfer \
UidAtomTests#testMobileBytesTransferByFgBg \
UidAtomTests#testDataUsageBytesTransfer
Bug: 163021464
Change-Id: I0faeda20f0506a48ac1131b234c5fc40d95dfbe0
Merged-In: I0faeda20f0506a48ac1131b234c5fc40d95dfbe0
For non-telephony networks, this was always set to 0 before R.
In R, it is currently set to the same value as the network type.
This is incorrect because the two have different namespaces.
or example, currently, any network of type WIFI (==1) will have
a subtype of NETWORK_TYPE_GPRS (==1). Similarly, all ETHERNET
networks will have subtype NETWORK_TYPE_1XRTT, all VPN networks
will have a subtype of NETWORK_TYPE_TD_SCDMA, etd.
Bug: 161653721
Test: builds, boots
Change-Id: I07e111c1762e0021c931cefc27f193f78578748b
This class might be used by some mainline modules.
Bug: 151052811
Test: atest DnsPacketTest
Test: atest DnsResolverTest
Change-Id: I8841d91456952ded5efbf8ea221289aecc7746ad
This is a Client-only solution.
- Add to NetdClient a per-process std::atomic_boolean
similar to netIdForProcess and netIdForResolv.
- The boolean says whether the process should be
allowed Internet connectivity.
- Add an @hide method to NetUtils.java to set the boolean;
call it from the initialization code of the new
process just after forking from zygote.
- Make netdClientSocket and dnsOpenProxy check the
boolean. If the boolean is false, return EPERM from
socket calls.
Bug: 150028556
Test: atest NetworkUtilsTest
Test: atest CtsAppSecurityHostTestCases:UseProcessTest
Change-Id: If002280fbad493dfc2db3d9d505c0257d49a9056
Exempt-From-Owner-Approval: OWNERS already approved identical patchset 5
On Android different interfaces usually use different routing tables.
As a result, a change in interface should not be treated as route
update, but rather a remove and an add.
This change fixes a bug in VPN seamless handover where routes
failed to be updated when a new tunnel interface replaces the existing
one within the same network.
Bug: 158696878
Test: atest com.android.cts.net.HostsideVpnTests
Test: atest NetworkStackTests
Test: atest CtsNetTestCases
Test: atest FrameworksNetTests
Original-Change: https://android-review.googlesource.com/1331916
Merged-In: I57987233d42a0253eaee2e1ca5f28728c2354620
Change-Id: I57987233d42a0253eaee2e1ca5f28728c2354620
This commit changes agentConnect to set the owner UID as the mOwnerUid
field instead of the Binder.getCallingUid().
Binder.getCallingUid() can return incorrect results for platform VPNs,
as agentConnect() is called under a clean calling UID.
Additionally, this relaxes the ownerUid sanitization check to allow a
VPN network's owner to see it's own ownership information.
Vpn.mOwnerUid is guaranteed to be correct, as all VPNs MUST have called
prepareInternal() at some previous point, which sets mOwnerUid as the
package's UID (or SYSTEM_UID if this is legacy VPN).
Bug: 150135470
Test: CTS tests showing ownership information
Merged-In: Ic979dad73983d722365849fbfb0becfd432b894c
Change-Id: Ic979dad73983d722365849fbfb0becfd432b894c
(cherry picked from commit e29bf99a7f)
The classes should not be picked up from frameworks/base, as they are
part of several mainline modules.
Also refine comments in DhcpResults following feedback in previous
change.
Bug: 151052811
Test: m; manual: flashed, wifi and telephony working
Test: atest NetworkStackCoverageTests
Change-Id: I7074651c6a2a7a6b11bcf13cc4bb03833d7d655f
Some developers have been surprised by this limitation and had trouble
figuring out what the issue was. Add documentation to address this.
This also includes a drive-by removal of a duplicate check.
Bug: 149867479
Test: doc-only change
Original-Change: https://android-review.googlesource.com/1313813
Merged-In: I5911d01984695550b6c9afe7a8eb535bf5e320a1
Change-Id: I5911d01984695550b6c9afe7a8eb535bf5e320a1
config_mobile_hotspot_provision_app would be move out of framework and
only private for tethering only.
enforceTetherChangePermission is no longer needed because its only
caller PanService already gate by other privileged permission
(BLUETOOTH_PRIVILEGED).
Bug: 146918263
Test: m
Change-Id: I030871c2bc46bc09c4e52970b4995f98d31bb90e
Merged-In: I030871c2bc46bc09c4e52970b4995f98d31bb90e
Avoid using the "iff" abbreviation in our Javadoc.
Bug: 158092978
Test: m doc-comment-check-docs and check the generated doc
Merged-In: I41bf8a6ddad200f00524d9b2dd1bf169810ee460
Change-Id: I41bf8a6ddad200f00524d9b2dd1bf169810ee460
The extra info is taken into NetworkMonitor from while creating
it. The NetworkMonitor is created when a new agent is registered
but the extra info is not available at that time. Make sure the
field is set in the NetworkInfo when registering.
Bug: 156173829
Test: adb shell dumpsys network and check the apn in the extra
info shown correctly
Test: atest FrameworkNetTests
Merged-In: Ieaad8cbf1a28af3b97c7f98f74358e417fcad661
Change-Id: Ieaad8cbf1a28af3b97c7f98f74358e417fcad661
Ethernet networks using tap interfaces should have TRANSPORT_TEST so
they are not considered by network selection.
Test: atest CaptivePortalApiTest FrameworksNetTests
Bug: 156319532
Original-Change: https://android-review.googlesource.com/1317238
Merged-In: I0d9477977c88aa055625ab4046577a41e76b05ff
Change-Id: I0d9477977c88aa055625ab4046577a41e76b05ff
This change adds the @RequiresFeature annotation to Ikev2VpnProfile
Builder methods, and checks before provisioning VPN profiles.
Bug: 156681625
Test: New tests added, passing.
Change-Id: I125d8fbe5d67fb877ad7d0636c007cb3e1a9f59b
Merged-In: I125d8fbe5d67fb877ad7d0636c007cb3e1a9f59b
(cherry picked from commit e84a17dd17)
This should no longer be needed after all the cleanups.
Test: atest NetworkStatsTest NetworkStatsFactoryTest
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I289d935f84b616ed857ef4c5a7427d57c282d00c
Merged-In: I289d935f84b616ed857ef4c5a7427d57c282d00c
This is due to the previous addition of the ip6tables raw PREROUTING
drop rules for incoming ipv6 clat traffic pre-translation to ipv4.
Since we no longer double account, we no longer need these fixups.
Test: atest bpf_module_test clatd_test libbpf_android_test libnetdbpf_test
netd_integration_test netd_unit_test netdutils_test
Bug: 150738490
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ia171b7797cdc99367064d0649bf1293c71579941
Merged-In: Ia171b7797cdc99367064d0649bf1293c71579941
This CL forwards suspected Data Stall events detected with unknown
detection methods to ConnectivityDiagnostics.
Currently, ConnectivityService drops any data stall events with unknown
detection methods, which leads to false negatives for Connectivity
Diagnostics registrants. This change ensures that registrants will still
be notified as NetworkStack is updated to use new detection methods.
The documentation for ConnectivityDiagnosticsManager#DataStallReport is
also updated to reflect that the detection methods included in the
report are a bit mask of detection methods used. Implicitly, this means
that data stalls detected via unknown methods will have an empty bit
mask (0x00).
Bug: 156294356
Test: atest ConnectivityDiagnosticsManager
Change-Id: I62d0bf91fcc17c7921afd519c72551399906bd6b
Merged-In: I62d0bf91fcc17c7921afd519c72551399906bd6b
(cherry picked from commit a1d9d811a0)
This change adds the ability for IKEv2/IPsec VPN profiles to run on Test
Networks. If enabled, the IKEv2/IPsec VPN profiles will request ONLY
test networks.
Bug: 148582947
Test: FrameworksNetTests passing
Test: Added for testing
Change-Id: I2511b39b27a1e29ae97907cdb12728d13fb1628f
Merged-In: I2511b39b27a1e29ae97907cdb12728d13fb1628f
(cherry picked from commit 9e18eeb4a6)
This change adds a TestApi for simulating a Data Stall to
ConnectivityService. This allows for Data Stalls to be triggered without
having to manipulate the signals used by NetworkMonitor . This also
allows NetworkMonitor to update the ways it detects Data Stalls without
affecting CTS tests for ConnectivityDiagnosticsManager.
Bug: 148032944
Test: atest ConnectivityDiagnosticsManagerTest
Change-Id: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
Merged-In: Icad439efa2ab4c872c21d3ee6ceaae8c5b49f18d
(cherry picked from commit b06463a002)
This change sets the owner and administrator UIDs for test networks when
their initial values match the UID for the app creating the test
network. This ensures that apps registering test networks can only make
themselves owners / administrators of the network.
Bug: 153449964
Test: atest NetworkAgentTest
Change-Id: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
Merged-In: I3a974700aa1d83cb285295ed1de0aa263e2e5b58
(cherry picked from commit 35782280a2)
These were previously being suppressed by doclava but with this change,
all failures are fixed and the suppression logic has been removed.
To fix the issues, there were a few possible changes made:
- broken reference to a public API (such as incorrect parameters): fixed
- unnecessary @link inside an @see tag: fixed
- @see referring to an @hide or @SystemApi: reference removed
- broken references to inner class constructors
- worked around by fully qualifying the constructor
Bug: 6963924
Test: make doc-comment-check-docs
Exempt-From-Owner-Approval: cherry-picked from master
Change-Id: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
Merged-In: Ifbdce2de96cdffa560bd90f549fa7184d1f9af85
(cherry picked from commit e0624c7a40)
This commit adds support for validating and filtering IPsec algorithms.
Without a public API exposing IKEv2 algorithms (and their respective
public APIs), the allowedAlgorithms can only filter the proposals for
IPsec (Child) SA algorithms.
Additionally, this removes the HMAC_SHA1 from the IKE SA's integrity
algorithm proposals due to insecurity
Bug: 153701879
Test: FrameworksNetTests passing, new tests added
Change-Id: I7e61a1612692db275b751330af5bacbf86836a8c
Merged-In: I7e61a1612692db275b751330af5bacbf86836a8c
(cherry picked from commit 94e1c08a9a)
TelephonyNetworkSpecifier will now treat null as matching nothing. When
the request specifies a TelephonyNetworkSpecifier while the network does
not, this should not be treated as a match.
Bug: 154703135
Test: atest android.net.TelephonyNetworkSpecifierTest
Change-Id: I329110e929995c9eae6c6ce33b5414777acea1e1
The NetworkStatsService.getUidStats() currently doesn't have any
permission check to make sure unpriviledged apps cannot read the stats
of a different uid. It will protentially have security problem since
apps with ACCESS_NETWORK_STATS permission can directly calling into
NetworkStatsService and bypass the check in TrafficStats. Move the uid
check from TrafficStats to NetworkStatsService to fix the problem.
Bug: 129151407
Test: atest AppSecurityTests#testAppFailAccessPrivateData_full
Test: atest AppSecurityTests#testAppFailAccessPrivateData_instant
Test: atest android.app.usage.cts.NetworkUsageStatsTest
Test: atest NetworkStatsBinderTest
Change-Id: Iae85676cfe5f114da69ec278afc2c904bc907234
An earlier CL with benchmarks has shown that sending strings as UTF-8
is 50% faster for US-ASCII strings, and still 68% faster for complex
strings referencing higher Unicode planes. (So an improvement in
both cases!)
Since code across the OS still makes heavy assumptions about Parcel
strings typically being UTF-16, we need to carefully migrate
Parcelables by hand, which is what this CLs begins doing.
This is a purely mechanical refactoring with no functional changes.
Bug: 154436100
Test: manual
Exempt-From-Owner-Approval: trivial refactoring
Change-Id: Ia9e581efd7c40269342b7528ca07363deb843c0f
- Let any process with NETWORK_SETTINGS register for signal strength
wakeup.
- Allow agents registering test networks to assign them a signal
strength.
Test: NetworkAgentTest
Bug: 139268426
Change-Id: Iebfeb9316bcbd8472459c517abb16f1f9d879871
Merged-In: I2b4b89be3e69f4853fd6978d2c8f5c8eb4271f21
(cherry picked from commit 5cc7b18fe7, aosp/1284585)
Test: NetworkAgentTest, new tests using this API
Bug: 139268426
Change-Id: I0b65be788bb742fd1a8c0ca624e97368462f9b6a
Merged-In: Ia83b1c896df63bb18e2aa4b74d6cc09eba990eb5
(cherry picked from commit d89dcb9765, aosp/1284574)
Okay so this is really not a behavior change as it converts an
NPE into an illegal argument exception, but still, that's what
should happen (and that's what the upcoming test actually tests
for).
Test: upcoming NetworkAgentTest
Bug: 139268426
Change-Id: I0d9b8cb8f8dcb587b9430b486b863efb9e9e77ef
Merged-In: I3e17211c03bc74426bf5e2e414ec322d73b0060b
(cherry picked from commit 827d7ceea1, aosp/1277595)
In current design, entries with zeros are preserved after
addition/subtraction. These entries are not very useful
and lead to difficulty of verifying the result of
addition/subtraction.
However, change the behavior in the original NetworkStats
is considered risky in current stage.
Thus, this change provide a function that could remove these
empty entries in tests.
Test: atest FrameworksNetTests
Bug: 152827872
Bug: 150644692
Change-Id: I40a76935d55712b8083ee1e17e137a8a4ef5e029
Merged-In: I40a76935d55712b8083ee1e17e137a8a4ef5e029
(cherry picked from commit 6c7bef3064)
Added a new network capability TEMOPORARILY_NOT_METERED to support
the case that a network can temporarily become unmetered. This
allows carriers to deploy unmetered 5G network. When devices
camp on 5G network, this capability will be dynamically added
to the network and will be removed once leaving 5G coverage.
Bug: 153081494
Test: Manual
Change-Id: I10e26cb0852e67f614e7b9c4e49f95e078602e21
VPN is considered fully routed if both IPv4 and IPv6 have
either a default route or a prohibit route.
Bug: 145332510
Test: atest FrameworksNetTests
Merged-In: I59cf48552bca98092d1212e3d718fd420add5458
Change-Id: I59cf48552bca98092d1212e3d718fd420add5458
* changes:
Update CS helper for clearing NetworkCapabilities UIDs.
Simplify unregister logic for Connectivity Diagnostics callbacks.
Clarify comments for Connectivity Diagnostics reports.
Sort administrator UIDs for NetworkCapabilities.
Add combine() and equals() for NetworkCapabilities admin UIDs.
Use IBinder as key for ConnectivityDiagnostics storage in CS.
Decrement networkRequestPerUid when callbacks are unregistered.
Invoke onConnectivityReport on registering ConnectivityDiagnostics.
