Commit graph

55 commits

Author SHA1 Message Date
Motomu Utsumi
9e75aad888 Add blocked reason for OEM deny firewall chains
FIREWALL_CHAIN_OEM_DENY_x chains were added by aosp/2114533 but
corresponding blocked reasons were not added.
Upcoming aosp/3027488 updates CS to generate blocked reasons based on
bpf map contents.
Without blocked reasons for oem deny chains, onBlockedStatusChanged
callback will have inconsistency from the actual network blocked status.
This CL adds BLOCKED_REASON_OEM_DENY for FIREWALL_CHAIN_OEM_DENY_x chains

Bug: 328732146
Test: TH
Change-Id: I3793aa0e231d32fea5eb202ed69e170f74d66b02
2024-05-07 18:31:07 +09:00
Paul Duffin
8a4c9f6485 Make com.android.tethering the flag container instead of system
It was set to "system" incorrectly.

Bug: 312769710
Test: m all_aconfig_declarations
      printflags | grep android.ne
Change-Id: Ie65dcb8c987cc0677b80ba9f8f84fe604ebbf1d2
2024-04-25 09:46:33 +01:00
Motomu Utsumi
e6295a2326 Add flag definition for metered network firewall chains
aosp/3020885 added metered network firewall chains API but this CL
missed to add flag definition.

Test: TH
Bug: 332628891
Change-Id: I450370c6ff15da110502f8111fa491516fecbc9a
2024-04-25 13:15:34 +09:00
Yang Sun
68d68d82ed Merge "Separate Struct.java into its own lib." into main 2024-03-28 06:23:57 +00:00
Yang Sun
3aa62e6773 Separate Struct.java into its own lib.
* Struct.java is removed from net-utils-device-common-bpf and
  net-utils-device-common-struct's source list
* Created a lib net-utils-device-common-struct-base for Struct.java
* Updated libs that require Struct.java to include
  net-utils-device-common-struct-base.
* Replaced net-utils-multicast-forwarding-structs with
  net-utils-device-common-struct in service-connectivity

Bug: 323503345

Test: build tethering module.
Change-Id: I3f60715c3d8043b7569db7612dee9d4fa1ccba59
2024-03-27 20:15:17 +08:00
Maciej Żenczykowski
8b3f9d9e3e clat bpf: add byte/packet counter
Bug: 285124667
Test: TreeHugger,
  atest FrameworksNetTests:android.net.connectivity.com.android.server.connectivity.ClatCoordinatorTest
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5b59f0c05d41030f99160f68058c61eadd24fbbd
2024-03-19 07:54:36 +00:00
Oriol Prieto Gasco
646b09fc91 Export flags used in FlaggedApi annotations
Before calling a flagged API, client code must check the value of the flag
which gates it. Those flags must be exported in order to be accessible from
containers other than the container where the flag and the API are hosted.

Bug: 320984775
Bug: 322839671

Test: m all_aconfig_declarations
Test: printflags --format='{fully_qualified_name}:{is_exported}' | grep true

Change-Id: I61f18732a5c8a69acb6e645b6bf04b7a08adb513
2024-03-08 14:14:36 +00:00
Motomu Utsumi
d1dcb3b3f3 Merge "Remove register_nsd_offload_engine flag from module flags.aconfig" into main 2024-02-28 08:26:40 +00:00
Kangping Dong
8fb80dd075 [Thread] add Thread aconfig_declaration to java_sdk_library
This commit also moves Thread flags to Connectivity/common to ease
maintenance.

Test: m framework-connectivity-t
Bug: 317290555
Merged-In: I50f3d3b8205a5a9ee8154a649318a2c175edbb71
Merged-In: I8a71f4ee49cc68a9512f432e454469200f2a5058
Change-Id: I8a71f4ee49cc68a9512f432e454469200f2a5058
2024-02-26 11:18:03 +08:00
Yahav Nussbaum
c92872e3d5 Merge "Move Nearby flags to common and add specify it in java_sdk_library" into main 2024-02-22 12:37:57 +00:00
Yahav Nussbaum
259be7bd4e Move Nearby flags to common and add specify it in java_sdk_library
Bug: 324993608
Test: TH
Change-Id: I1dc79353e9bae3d977db88e572e871cd459fc7fc
2024-02-22 06:49:15 +00:00
Motomu Utsumi
d1e01dc498 Remove register_nsd_offload_engine flag from module flags.aconfig
register_nsd_offload_engine is moved to platform flags.aconfig since
this flag is used from platform and not used from module

Bug: 325591785
Test: TH
Merged-In: If8a8426dbbb10253fd5046f639de13519396ddac
Change-Id: If8a8426dbbb10253fd5046f639de13519396ddac
2024-02-19 06:58:45 +00:00
Motomu Utsumi
52f294cbc4 Update flags.aconfig to follow the current APIs
This CL also specifies aconfig_declaration module in java_sdk_library
register_nsd_offload_engine will be moved to the platform flags.aconfig
in the followup CL.

Test: TH
Change-Id: I430a5f0b1e1ef2e3394cf6aa8efebbd46da41765
2024-02-19 06:58:35 +00:00
Quang Luong
211e7862b6 Merge "Make TetheringRequest parcelable" into main 2024-02-15 04:20:03 +00:00
Quang Anh Luong
1252f7f428 Make TetheringRequest parcelable
Make TetheringRequest parcelable so we can pass it via Wifi APIs and map
Soft AP state changes to the correct request.

Bug: 216524590
Test: build
Change-Id: I63a45b14e9abc288b353159dfdcbe96fde485cb7
2024-02-15 10:15:05 +09:00
Motomu Utsumi
e9e28ce2b4 Merge "Include FlaggedApi.bp" into main 2024-02-14 05:48:26 +00:00
Yan Yan
4862fd52d5 Define the IpSecTransformState API flag in Connectivity module
The flag com.android.net.flags.ipsec_transform_state gates APIs
exposed by the Tethering module, and thus should also be included
in Connectivity/common/flags.aconfig

Bug: 324278950
Test: make
Change-Id: Ia1fe733a4971ac56cae65870a5339362594322e6
2024-02-12 21:08:37 +00:00
Oriol Prieto Gasco
6eec17aa97 Set the container field of aconfig flags
Test: m
Bug: 312769710
Change-Id: I1eed7982b40d28947aa3f9575c568eac325dc832
2024-02-03 02:39:14 +00:00
Aditya Choudhary
01b5ede2b2 [DON'T BLOCK] Test ownership migration rules
This CL is created as a best effort to migrate test targets
to the new android ownership model. If you find incorrect or unnecessary
attribution in this CL, please create a separate CL to fix that.

For more details please refer to the link below,
<add g3 doc link>

Bug: 304529413
Test: N/A
Change-Id: I243f17b3f0ad7af9ffa15ca242456e36688733f5
Merged-In: I243f17b3f0ad7af9ffa15ca242456e36688733f5
2024-01-31 12:34:50 +00:00
Motomu Utsumi
98a7630a1f Include FlaggedApi.bp
Merged-In to avoid merging this change to ump branch

Test: TH
Bug: 321624552
Merged-In: I4ef7eff6567b848c8cfa52c51c734642ce929589
Change-Id: Ie9728714614e4fd43fd845b50c8bdd4856cf47e3
2024-01-30 23:58:25 +00:00
Motomu Utsumi
3a586fc095 Add aconfig flags for Connectivity FlaggedAPI annotations
Bug: 321624552
Test: TH
Change-Id: Idbec5e8af0f3764b5bf432e3dd5e6ba7f35aa81f
2024-01-23 17:20:03 +09:00
Motomu Utsumi
b17d60144a Remove TrunkStable.bp
Aconfig Flag for android network is defined in the platform and
TrunkStable.bp is not used.

Test: TH
Bug: 315302281
Change-Id: I46d988f25a366e51da52af01ad34e2ce1511c942
2023-12-11 15:12:01 +09:00
Motomu Utsumi
31abe92c36 Use flags.aconfig in platform for android networking
flags.aconfig for android networking is under
packages/modules/Connectivity.
But, currently, mainline code should not read trunk stable flag.
To avoid confusion, this CL moves flags.aconfig to platform.

Bug: 315302281
Test: TH
Change-Id: I3a667cfa14d51e481bb4e99301c10319d2600e00
Merged-In: I44c111577643bacb35b532cb156a61d30cfea31a
2023-12-08 11:42:35 +09:00
Yan Yan
318b1abbaf Add a flag for getIpSecTransformState and IpSecTransformState
Bug: 308011229
Test: make
Change-Id: Ib148b62b375f4f7b6a5d5ca82c74808bffa2e531
2023-12-07 18:47:24 +00:00
Paul Hu
af9e181b28 Remove unused aconfig
Remove nsd_expired_services_removal aconfig, since it is no
longer used.

Bug: 312669635
Test: m
Change-Id: I9b21b6102ed9a8160be3d853d44d9b051997d09e
2023-11-23 02:37:03 +00:00
Yuyang Huang
104cf3cff7 Add feature flag for REGISTER_NSD_OFFLOAD_ENGINE permission
Bug: 304478692
Test: TH
Change-Id: Ib7234b2e3b5c725bde0db9b93ac96d745a65f57d
2023-11-16 11:26:49 +09:00
Suprabh Shukla
2d893b68a9 New firewall chain for default background restrictions
A new firewall chain is needed to configure background network
restrictions for apps.
This change only adds the API stubs and traffic controller constants to
make the chain work. Policy changes using this chain will follow in
the framework code.

Test: atest CtsNetTestCases:ConnectivityManagerTest
Test: atest ConnectivityServiceTest

NO_IFTTT=The Lint rule along with the relevant code in Common.h is
being deleted in aosp/2819759

Bug: 304347838
Change-Id: I33e2db6671431f7c576fc931d9f96e684fc1e78a
2023-11-08 10:17:30 +00:00
Motomu Utsumi
d872c3c960 Merge "Add methods for updating ingressDiscardRule bpf map to BpfNetMaps" into main 2023-11-06 10:41:53 +00:00
Junyu Lai
bb59480733 [BR03.1] Expose isUidNetworkingBlocked
Test: atest CtsHostsideNetworkTests:com.android.cts.net.HostsideNetworkCallbackTests
Bug: 297836825
Change-Id: I70b2351b9cd1c3c6fa34258397e0bf22cb8150b2
2023-11-06 13:26:19 +08:00
Motomu Utsumi
77b49996d2 Add methods for updating ingressDiscardRule bpf map to BpfNetMaps
Bug 295800201
Test: NetworkStaticLibsTests

Change-Id: I42bc0adc22c3018480029d624053f758d815e526
2023-10-31 17:07:46 +09:00
Motomu Utsumi
d4fe2c3a50 Add java class for Ingress discard bpf map key value
Bug: 295800201
Test: TH
Change-Id: Ic9ac423aee2a8fb9709b0acf012ec57cdfa019f9
2023-10-26 15:48:22 +09:00
Junyu Lai
0cfaea8d98 Merge "Revert "Revert "[BR07.1] Expose setDataSaverEnabled from Connect..."" into main 2023-10-25 01:59:12 +00:00
Junyu Lai
df210365fe Revert "Revert "[BR07.1] Expose setDataSaverEnabled from Connect..."
Revert submission 2799494-revert-2745215-npmsbpf-OBOPDXREUI

Reason for revert: Need to 1. Merge API first. 2. Wait for prebuilt. 3. Merge the caller.

Reverted changes: /q/submissionid:2799494-revert-2745215-npmsbpf-OBOPDXREUI

Change-Id: Icd5f3d40595a0d2a221b016cec70568bf3597c16
2023-10-24 07:30:23 +00:00
Jordan Silva
457ae0f00f Revert "[BR07.1] Expose setDataSaverEnabled from ConnectivityManager"
Revert submission 2745215-npmsbpf

DroidMonitor: Potential culprit for Bug 307256512 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.


Reason for revert: 307256512

Reverted changes: /q/submissionid:2745215-npmsbpf

Change-Id: I27119a7484453d1369bbdf71ad2479edec7d664f
2023-10-23 13:23:01 +00:00
Junyu Lai
626045a601 [BR01.1] Support BpfNetMapsReader
A helper class to *read* java BpfMaps. This is designed to
provide direct bpf access in the caller process through
ConnectivityManager APIs.

The change also removes any statical link to
net-utils-device-common-struct from service-connectivity.
This is because net-utils-device-common-struct is already
included in framework-connectivity. Including it again in
service-connectivity would create a r8 build fail by circular
dependency.

Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.BpfNetMapsTest
Test: atest ConnectivityCoverageTests:android.net.connectivity.com.android.net.module.util.StructTest
Test: atest FrameworksNetTests:android.net.connectivity.android.net.BpfNetMapsReaderTest
Bug: 297836825
Change-Id: I7a6d2eb816d0dc7343167bddd672806b199f44fe
2023-10-23 20:11:02 +08:00
Junyu Lai
c279f1830e [BR07.1] Expose setDataSaverEnabled from ConnectivityManager
Currently, data saver switch is controlled in NPMS, which
calls into NetworkManagementService and netd when switching
status. In netd, BandwidthController manipulates the
bw_data_saver chain to control the overall behavior.

However, this code are all platform implementation, which
are not updatable. In order to migrate data saver switch
from iptables to bpf, this API is needed for Connectivity to
change the implementation to directly write bpf in later
patches.

Test: atest CtsHostsideNetworkTests:com.android.cts.net.HostsideRestrictBackgroundNetworkTests
Test: atest FrameworksServicesTests:NetworkManagementServiceTest
Bug: 297836825
Change-Id: I71fa41ca739fef8e191fba91b02758ad5f732d5c
2023-10-19 17:43:44 +08:00
Paul Hu
f3fe3333d3 Add expired services removal flag
The TTL check and removal of expired services is currently only
performed when a mDNS query is sent. This can result in expired
services remaining in the cache if no queries are sent. To
address this, the remaining TTL will be checked when retrieving
services from the MdnsServiceCache. Add a new flag to enable
the expired services removal feature. This feature will be
implemented in subsequent changes.

Bug: 265787401
Bug: 304649384
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I30f0eea568ee45d363cc02821de0921d6040f981
2023-10-18 17:48:46 +08:00
Chalard Jean
cf7dbcae41 Prepare exposing Network{Request,Caps}.forbiddenCapabilities
This is useful going forward in particular because there will
be a default forbidden capability for LOCAL_NETWORKS. This
means it will be useful to be able to remove it.

It is also generally useful and we have been wanting to open
this API to the public, so this is a good opportunity to do so.

Test: new tests for NetworkRequest
      NetworkCapabilitiesTest already has tests because it
      already was @SystemApi
Change-Id: Ibb8d33b799f2d274326fd9cd0b05a2c33a18032a
2023-10-11 17:02:52 +09:00
Motomu Utsumi
e63d38ff37 Add aconfig_declarations for flags in android_core_networking
Add aconfig_declarations so that platform code can use this flag.
Following CLs(aosp/2606670) use this flag to sync the mainline behavior
change and platform behavior change.
Having merged-in to avoid being merged to udc-mainline-prod where
aconfig soong targets are not supported

Bug: 267870186
Test: TH
Merged-In: I4870fbe882ce0ec995dcaeb8a2624071fee6dce7
Change-Id: I2260dc3d60689da9328fe4f98c3f3048d96bbf6d
2023-10-06 20:10:20 +09:00
Motomu Utsumi
dca83676dd Add aconfig flag file
This CL does not have Merged-In since all the branches should have the
aconfig file so that adding flags to the file does not have conflicts.
Following CL adds aconfig_declarations to Android.bp only on branches
where aconfig soong targets are supported

Bug: 267870186
Test: TH
Change-Id: I621228a2c9594bf7bfe1cf335619c417e9339743
2023-10-06 10:51:23 +09:00
Maciej Żenczykowski
3fa9dceabc Connectivity: bump min sdk 29(Q) to 30(R)
Mainline push to Q was stopped in February 2023.

Test: TreeHugger
Bug: 283996141
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic645cce4df5780cdd62eda4e8c596396c2f83b25
2023-06-15 00:22:48 +00:00
Cole Faust
22f05839f5 Fix errorprone warnings that should be errors
This commit is part of a large scale change to fix errorprone
errors that have been downgraded to warnings in the android
source tree, so that they can be promoted to errors again.
The full list of changes include the following, but not all
will be present in any one individual commit:

BadAnnotationImplementation
BadShiftAmount
BanJNDI
BoxedPrimitiveEquality
ComparableType
ComplexBooleanConstant
CollectionToArraySafeParameter
ConditionalExpressionNumericPromotion
DangerousLiteralNull
DoubleBraceInitialization
DurationFrom
DurationTemporalUnit
EmptyTopLevelDeclaration
EqualsNull
EqualsReference
FormatString
FromTemporalAccessor
GetClassOnAnnotation
GetClassOnClass
HashtableContains
IdentityBinaryExpression
IdentityHashMapBoxing
InstantTemporalUnit
InvalidTimeZoneID
InvalidZoneId
IsInstanceIncompatibleType
JUnitParameterMethodNotFound
LockOnBoxedPrimitive
MathRoundIntLong
MislabeledAndroidString
MisusedDayOfYear
MissingSuperCall
MisusedWeekYear
ModifyingCollectionWithItself
NoCanIgnoreReturnValueOnClasses
NonRuntimeAnnotation
NullableOnContainingClass
NullTernary
OverridesJavaxInjectableMethod
ParcelableCreator
PeriodFrom
PreconditionsInvalidPlaceholder
ProtoBuilderReturnValueIgnored
ProtoFieldNullComparison
RandomModInteger
RectIntersectReturnValueIgnored
ReturnValueIgnored
SelfAssignment
SelfComparison
SelfEquals
SizeGreaterThanOrEqualsZero
StringBuilderInitWithChar
TreeToString
TryFailThrowable
UnnecessaryCheckNotNull
UnusedCollectionModifiedInPlace
XorPower

See https://errorprone.info/bugpatterns for more
information on the checks.

Bug: 253827323
Test: m RUN_ERROR_PRONE=true javac-check
Change-Id: I7625fa386afe93823b97cb2ecb8fd09a5856c05b
2022-11-02 10:13:14 -07:00
Maciej Żenczykowski
0ba23a5ac8 CookieTagMapValue.java - uid U32 -> S32
The kernel is actually not consistent in whether uids & gids
are signed or unsigned, and neither is our Java code, which
also commonly uses just 'int' for uid.  In practice values
greater or equal to 2**31 often don't quite work right.
For example icmp sockets are enabled via a sysctl that
takes a minimum and maximum gid - and these are signed int32s.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6576798cfeb52bf5574bf6853f0f7378022b3a2f
2022-09-17 01:53:47 +00:00
Maciej Żenczykowski
e1e03ea435 Merge "ClatEgress4Value.java - replace U32 ifindex with S32" 2022-09-16 17:58:32 +00:00
Maciej Żenczykowski
53a5c00d41 Merge "ClatEgress4Key.java - replace U32 ifindex with S32" 2022-09-16 17:54:30 +00:00
Maciej Żenczykowski
6dbae5ceef Merge changes I9008e20f,I96403646,Ic05adfc4
* changes:
  ClatIngress6Key.java - replace U32 ifindex with S32
  TetherStatsKey.java - replace U32 ifindex with S32
  handle "TODO: remove equals/hashCode/toString once aosp/1536721 merged"
2022-09-16 17:52:14 +00:00
Maciej Żenczykowski
def4359b85 ClatEgress4Value.java - replace U32 ifindex with S32
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9c157a57278dcd43b464c853d1107a933c1fd8df
2022-09-16 06:57:45 +00:00
Maciej Żenczykowski
b62de2887b ClatIngress6Value.java - replace U32 ifindex with S32
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.

Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iab2d4a13bf7ba45bbe8627adfdfb830f3219bc7b
2022-09-16 06:57:40 +00:00
Maciej Żenczykowski
5d034e7f7a ClatEgress4Key.java - replace U32 ifindex with S32
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.

Surprisingly it appears no further fixups are required
to make this compile, due to other places already being 'int's.

Bug: 245472520
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5a48f12e0fc6274debf645a087f5f3857d90be62
2022-09-16 06:40:07 +00:00
Maciej Żenczykowski
b56f69c600 ClatIngress6Key.java - replace U32 ifindex with S32
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.

Surprisingly it appears no further fixups are required
to make this compile, due to other places already being 'int's.

Bug: 245472520
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9008e20f40c983a1bb8a0547a61190f28042b22a
2022-09-16 06:39:57 +00:00