FIREWALL_CHAIN_OEM_DENY_x chains were added by aosp/2114533 but
corresponding blocked reasons were not added.
Upcoming aosp/3027488 updates CS to generate blocked reasons based on
bpf map contents.
Without blocked reasons for oem deny chains, onBlockedStatusChanged
callback will have inconsistency from the actual network blocked status.
This CL adds BLOCKED_REASON_OEM_DENY for FIREWALL_CHAIN_OEM_DENY_x chains
Bug: 328732146
Test: TH
Change-Id: I3793aa0e231d32fea5eb202ed69e170f74d66b02
It was set to "system" incorrectly.
Bug: 312769710
Test: m all_aconfig_declarations
printflags | grep android.ne
Change-Id: Ie65dcb8c987cc0677b80ba9f8f84fe604ebbf1d2
aosp/3020885 added metered network firewall chains API but this CL
missed to add flag definition.
Test: TH
Bug: 332628891
Change-Id: I450370c6ff15da110502f8111fa491516fecbc9a
* Struct.java is removed from net-utils-device-common-bpf and
net-utils-device-common-struct's source list
* Created a lib net-utils-device-common-struct-base for Struct.java
* Updated libs that require Struct.java to include
net-utils-device-common-struct-base.
* Replaced net-utils-multicast-forwarding-structs with
net-utils-device-common-struct in service-connectivity
Bug: 323503345
Test: build tethering module.
Change-Id: I3f60715c3d8043b7569db7612dee9d4fa1ccba59
Before calling a flagged API, client code must check the value of the flag
which gates it. Those flags must be exported in order to be accessible from
containers other than the container where the flag and the API are hosted.
Bug: 320984775
Bug: 322839671
Test: m all_aconfig_declarations
Test: printflags --format='{fully_qualified_name}:{is_exported}' | grep true
Change-Id: I61f18732a5c8a69acb6e645b6bf04b7a08adb513
This commit also moves Thread flags to Connectivity/common to ease
maintenance.
Test: m framework-connectivity-t
Bug: 317290555
Merged-In: I50f3d3b8205a5a9ee8154a649318a2c175edbb71
Merged-In: I8a71f4ee49cc68a9512f432e454469200f2a5058
Change-Id: I8a71f4ee49cc68a9512f432e454469200f2a5058
register_nsd_offload_engine is moved to platform flags.aconfig since
this flag is used from platform and not used from module
Bug: 325591785
Test: TH
Merged-In: If8a8426dbbb10253fd5046f639de13519396ddac
Change-Id: If8a8426dbbb10253fd5046f639de13519396ddac
This CL also specifies aconfig_declaration module in java_sdk_library
register_nsd_offload_engine will be moved to the platform flags.aconfig
in the followup CL.
Test: TH
Change-Id: I430a5f0b1e1ef2e3394cf6aa8efebbd46da41765
Make TetheringRequest parcelable so we can pass it via Wifi APIs and map
Soft AP state changes to the correct request.
Bug: 216524590
Test: build
Change-Id: I63a45b14e9abc288b353159dfdcbe96fde485cb7
The flag com.android.net.flags.ipsec_transform_state gates APIs
exposed by the Tethering module, and thus should also be included
in Connectivity/common/flags.aconfig
Bug: 324278950
Test: make
Change-Id: Ia1fe733a4971ac56cae65870a5339362594322e6
This CL is created as a best effort to migrate test targets
to the new android ownership model. If you find incorrect or unnecessary
attribution in this CL, please create a separate CL to fix that.
For more details please refer to the link below,
<add g3 doc link>
Bug: 304529413
Test: N/A
Change-Id: I243f17b3f0ad7af9ffa15ca242456e36688733f5
Merged-In: I243f17b3f0ad7af9ffa15ca242456e36688733f5
Aconfig Flag for android network is defined in the platform and
TrunkStable.bp is not used.
Test: TH
Bug: 315302281
Change-Id: I46d988f25a366e51da52af01ad34e2ce1511c942
flags.aconfig for android networking is under
packages/modules/Connectivity.
But, currently, mainline code should not read trunk stable flag.
To avoid confusion, this CL moves flags.aconfig to platform.
Bug: 315302281
Test: TH
Change-Id: I3a667cfa14d51e481bb4e99301c10319d2600e00
Merged-In: I44c111577643bacb35b532cb156a61d30cfea31a
A new firewall chain is needed to configure background network
restrictions for apps.
This change only adds the API stubs and traffic controller constants to
make the chain work. Policy changes using this chain will follow in
the framework code.
Test: atest CtsNetTestCases:ConnectivityManagerTest
Test: atest ConnectivityServiceTest
NO_IFTTT=The Lint rule along with the relevant code in Common.h is
being deleted in aosp/2819759
Bug: 304347838
Change-Id: I33e2db6671431f7c576fc931d9f96e684fc1e78a
Revert submission 2799494-revert-2745215-npmsbpf-OBOPDXREUI
Reason for revert: Need to 1. Merge API first. 2. Wait for prebuilt. 3. Merge the caller.
Reverted changes: /q/submissionid:2799494-revert-2745215-npmsbpf-OBOPDXREUI
Change-Id: Icd5f3d40595a0d2a221b016cec70568bf3597c16
Revert submission 2745215-npmsbpf
DroidMonitor: Potential culprit for Bug 307256512 - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.
Reason for revert: 307256512
Reverted changes: /q/submissionid:2745215-npmsbpf
Change-Id: I27119a7484453d1369bbdf71ad2479edec7d664f
A helper class to *read* java BpfMaps. This is designed to
provide direct bpf access in the caller process through
ConnectivityManager APIs.
The change also removes any statical link to
net-utils-device-common-struct from service-connectivity.
This is because net-utils-device-common-struct is already
included in framework-connectivity. Including it again in
service-connectivity would create a r8 build fail by circular
dependency.
Test: atest FrameworksNetTests:android.net.connectivity.com.android.server.BpfNetMapsTest
Test: atest ConnectivityCoverageTests:android.net.connectivity.com.android.net.module.util.StructTest
Test: atest FrameworksNetTests:android.net.connectivity.android.net.BpfNetMapsReaderTest
Bug: 297836825
Change-Id: I7a6d2eb816d0dc7343167bddd672806b199f44fe
Currently, data saver switch is controlled in NPMS, which
calls into NetworkManagementService and netd when switching
status. In netd, BandwidthController manipulates the
bw_data_saver chain to control the overall behavior.
However, this code are all platform implementation, which
are not updatable. In order to migrate data saver switch
from iptables to bpf, this API is needed for Connectivity to
change the implementation to directly write bpf in later
patches.
Test: atest CtsHostsideNetworkTests:com.android.cts.net.HostsideRestrictBackgroundNetworkTests
Test: atest FrameworksServicesTests:NetworkManagementServiceTest
Bug: 297836825
Change-Id: I71fa41ca739fef8e191fba91b02758ad5f732d5c
The TTL check and removal of expired services is currently only
performed when a mDNS query is sent. This can result in expired
services remaining in the cache if no queries are sent. To
address this, the remaining TTL will be checked when retrieving
services from the MdnsServiceCache. Add a new flag to enable
the expired services removal feature. This feature will be
implemented in subsequent changes.
Bug: 265787401
Bug: 304649384
Test: atest FrameworksNetTests CtsNetTestCases
Change-Id: I30f0eea568ee45d363cc02821de0921d6040f981
This is useful going forward in particular because there will
be a default forbidden capability for LOCAL_NETWORKS. This
means it will be useful to be able to remove it.
It is also generally useful and we have been wanting to open
this API to the public, so this is a good opportunity to do so.
Test: new tests for NetworkRequest
NetworkCapabilitiesTest already has tests because it
already was @SystemApi
Change-Id: Ibb8d33b799f2d274326fd9cd0b05a2c33a18032a
Add aconfig_declarations so that platform code can use this flag.
Following CLs(aosp/2606670) use this flag to sync the mainline behavior
change and platform behavior change.
Having merged-in to avoid being merged to udc-mainline-prod where
aconfig soong targets are not supported
Bug: 267870186
Test: TH
Merged-In: I4870fbe882ce0ec995dcaeb8a2624071fee6dce7
Change-Id: I2260dc3d60689da9328fe4f98c3f3048d96bbf6d
This CL does not have Merged-In since all the branches should have the
aconfig file so that adding flags to the file does not have conflicts.
Following CL adds aconfig_declarations to Android.bp only on branches
where aconfig soong targets are supported
Bug: 267870186
Test: TH
Change-Id: I621228a2c9594bf7bfe1cf335619c417e9339743
Mainline push to Q was stopped in February 2023.
Test: TreeHugger
Bug: 283996141
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Ic645cce4df5780cdd62eda4e8c596396c2f83b25
This commit is part of a large scale change to fix errorprone
errors that have been downgraded to warnings in the android
source tree, so that they can be promoted to errors again.
The full list of changes include the following, but not all
will be present in any one individual commit:
BadAnnotationImplementation
BadShiftAmount
BanJNDI
BoxedPrimitiveEquality
ComparableType
ComplexBooleanConstant
CollectionToArraySafeParameter
ConditionalExpressionNumericPromotion
DangerousLiteralNull
DoubleBraceInitialization
DurationFrom
DurationTemporalUnit
EmptyTopLevelDeclaration
EqualsNull
EqualsReference
FormatString
FromTemporalAccessor
GetClassOnAnnotation
GetClassOnClass
HashtableContains
IdentityBinaryExpression
IdentityHashMapBoxing
InstantTemporalUnit
InvalidTimeZoneID
InvalidZoneId
IsInstanceIncompatibleType
JUnitParameterMethodNotFound
LockOnBoxedPrimitive
MathRoundIntLong
MislabeledAndroidString
MisusedDayOfYear
MissingSuperCall
MisusedWeekYear
ModifyingCollectionWithItself
NoCanIgnoreReturnValueOnClasses
NonRuntimeAnnotation
NullableOnContainingClass
NullTernary
OverridesJavaxInjectableMethod
ParcelableCreator
PeriodFrom
PreconditionsInvalidPlaceholder
ProtoBuilderReturnValueIgnored
ProtoFieldNullComparison
RandomModInteger
RectIntersectReturnValueIgnored
ReturnValueIgnored
SelfAssignment
SelfComparison
SelfEquals
SizeGreaterThanOrEqualsZero
StringBuilderInitWithChar
TreeToString
TryFailThrowable
UnnecessaryCheckNotNull
UnusedCollectionModifiedInPlace
XorPower
See https://errorprone.info/bugpatterns for more
information on the checks.
Bug: 253827323
Test: m RUN_ERROR_PRONE=true javac-check
Change-Id: I7625fa386afe93823b97cb2ecb8fd09a5856c05b
The kernel is actually not consistent in whether uids & gids
are signed or unsigned, and neither is our Java code, which
also commonly uses just 'int' for uid. In practice values
greater or equal to 2**31 often don't quite work right.
For example icmp sockets are enabled via a sysctl that
takes a minimum and maximum gid - and these are signed int32s.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I6576798cfeb52bf5574bf6853f0f7378022b3a2f
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9c157a57278dcd43b464c853d1107a933c1fd8df
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: Iab2d4a13bf7ba45bbe8627adfdfb830f3219bc7b
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.
Surprisingly it appears no further fixups are required
to make this compile, due to other places already being 'int's.
Bug: 245472520
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I5a48f12e0fc6274debf645a087f5f3857d90be62
These are allocated in order by the kernel, if we go
over 2 billion, we've got other problems... besides
U32 to S32 conversion will work just fine anyway.
Surprisingly it appears no further fixups are required
to make this compile, due to other places already being 'int's.
Bug: 245472520
Test: TreeHugger
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Change-Id: I9008e20f40c983a1bb8a0547a61190f28042b22a