Loading core/java/android/net/IConnectivityManager.aidl +0 −2 Original line number Diff line number Diff line Loading @@ -120,8 +120,6 @@ interface IConnectivityManager LegacyVpnInfo getLegacyVpnInfo(int userId); VpnInfo[] getAllVpnInfo(); boolean updateLockdownVpn(); boolean isAlwaysOnVpnPackageSupported(int userId, String packageName); boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown); Loading core/java/android/net/INetworkStatsService.aidl +7 −1 Original line number Diff line number Diff line Loading @@ -19,11 +19,13 @@ package android.net; import android.net.DataUsageRequest; import android.net.INetworkStatsSession; import android.net.Network; import android.net.NetworkState; import android.net.NetworkStats; import android.net.NetworkStatsHistory; import android.net.NetworkTemplate; import android.os.IBinder; import android.os.Messenger; import com.android.internal.net.VpnInfo; /** {@hide} */ interface INetworkStatsService { Loading Loading @@ -58,7 +60,11 @@ interface INetworkStatsService { void incrementOperationCount(int uid, int tag, int operationCount); /** Force update of ifaces. */ void forceUpdateIfaces(in Network[] defaultNetworks); void forceUpdateIfaces( in Network[] defaultNetworks, in VpnInfo[] vpnArray, in NetworkState[] networkStates, in String activeIface); /** Force update of statistics. */ void forceUpdate(); Loading services/core/java/com/android/server/ConnectivityService.java +66 −11 Original line number Diff line number Diff line Loading @@ -867,7 +867,8 @@ public class ConnectivityService extends IConnectivityManager.Stub mPermissionMonitor = new PermissionMonitor(mContext, mNetd); //set up the listener for user state for creating user VPNs // Set up the listener for user state for creating user VPNs. // Should run on mHandler to avoid any races. IntentFilter intentFilter = new IntentFilter(); intentFilter.addAction(Intent.ACTION_USER_STARTED); intentFilter.addAction(Intent.ACTION_USER_STOPPED); Loading @@ -875,7 +876,11 @@ public class ConnectivityService extends IConnectivityManager.Stub intentFilter.addAction(Intent.ACTION_USER_REMOVED); intentFilter.addAction(Intent.ACTION_USER_UNLOCKED); mContext.registerReceiverAsUser( mUserIntentReceiver, UserHandle.ALL, intentFilter, null, null); mUserIntentReceiver, UserHandle.ALL, intentFilter, null /* broadcastPermission */, mHandler); mContext.registerReceiverAsUser(mUserPresentReceiver, UserHandle.SYSTEM, new IntentFilter(Intent.ACTION_USER_PRESENT), null, null); Loading Loading @@ -3738,12 +3743,14 @@ public class ConnectivityService extends IConnectivityManager.Stub } /** * Return the information of all ongoing VPNs. This method is used by NetworkStatsService * and not available in ConnectivityManager. * Return the information of all ongoing VPNs. * * <p>This method is used to update NetworkStatsService. * * <p>Must be called on the handler thread. */ @Override public VpnInfo[] getAllVpnInfo() { enforceConnectivityInternalPermission(); private VpnInfo[] getAllVpnInfo() { ensureRunningOnConnectivityServiceThread(); synchronized (mVpns) { if (mLockdownEnabled) { return new VpnInfo[0]; Loading Loading @@ -3815,17 +3822,27 @@ public class ConnectivityService extends IConnectivityManager.Stub * handler thread through their agent, this is asynchronous. When the capabilities objects * are computed they will be up-to-date as they are computed synchronously from here and * this is running on the ConnectivityService thread. * TODO : Fix this and call updateCapabilities inline to remove out-of-order events. */ private void updateAllVpnsCapabilities() { Network defaultNetwork = getNetwork(getDefaultNetwork()); synchronized (mVpns) { for (int i = 0; i < mVpns.size(); i++) { final Vpn vpn = mVpns.valueAt(i); vpn.updateCapabilities(); NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork); updateVpnCapabilities(vpn, nc); } } } private void updateVpnCapabilities(Vpn vpn, @Nullable NetworkCapabilities nc) { ensureRunningOnConnectivityServiceThread(); NetworkAgentInfo vpnNai = getNetworkAgentInfoForNetId(vpn.getNetId()); if (vpnNai == null || nc == null) { return; } updateCapabilities(vpnNai.getCurrentScore(), vpnNai, nc); } @Override public boolean updateLockdownVpn() { if (Binder.getCallingUid() != Process.SYSTEM_UID) { Loading Loading @@ -4132,21 +4149,27 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void onUserAdded(int userId) { Network defaultNetwork = getNetwork(getDefaultNetwork()); synchronized (mVpns) { final int vpnsSize = mVpns.size(); for (int i = 0; i < vpnsSize; i++) { Vpn vpn = mVpns.valueAt(i); vpn.onUserAdded(userId); NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork); updateVpnCapabilities(vpn, nc); } } } private void onUserRemoved(int userId) { Network defaultNetwork = getNetwork(getDefaultNetwork()); synchronized (mVpns) { final int vpnsSize = mVpns.size(); for (int i = 0; i < vpnsSize; i++) { Vpn vpn = mVpns.valueAt(i); vpn.onUserRemoved(userId); NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork); updateVpnCapabilities(vpn, nc); } } } Loading @@ -4165,6 +4188,7 @@ public class ConnectivityService extends IConnectivityManager.Stub private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { ensureRunningOnConnectivityServiceThread(); final String action = intent.getAction(); final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL); if (userId == UserHandle.USER_NULL) return; Loading Loading @@ -4650,6 +4674,19 @@ public class ConnectivityService extends IConnectivityManager.Stub return getNetworkForRequest(mDefaultRequest.requestId); } @Nullable private Network getNetwork(@Nullable NetworkAgentInfo nai) { return nai != null ? nai.network : null; } private void ensureRunningOnConnectivityServiceThread() { if (mHandler.getLooper().getThread() != Thread.currentThread()) { throw new IllegalStateException( "Not running on ConnectivityService thread: " + Thread.currentThread().getName()); } } private boolean isDefaultNetwork(NetworkAgentInfo nai) { return nai == getDefaultNetwork(); } Loading Loading @@ -5197,6 +5234,8 @@ public class ConnectivityService extends IConnectivityManager.Stub updateTcpBufferSizes(newNetwork); mDnsManager.setDefaultDnsSystemProperties(newNetwork.linkProperties.getDnsServers()); notifyIfacesChangedForNetworkStats(); // Fix up the NetworkCapabilities of any VPNs that don't specify underlying networks. updateAllVpnsCapabilities(); } private void processListenRequests(NetworkAgentInfo nai, boolean capabilitiesChanged) { Loading Loading @@ -5630,6 +5669,10 @@ public class ConnectivityService extends IConnectivityManager.Stub // doing. updateSignalStrengthThresholds(networkAgent, "CONNECT", null); if (networkAgent.isVPN()) { updateAllVpnsCapabilities(); } // Consider network even though it is not yet validated. final long now = SystemClock.elapsedRealtime(); rematchNetworkAndRequests(networkAgent, ReapUnvalidatedNetworks.REAP, now); Loading Loading @@ -5775,6 +5818,7 @@ public class ConnectivityService extends IConnectivityManager.Stub * Must be called on the handler thread. */ private Network[] getDefaultNetworks() { ensureRunningOnConnectivityServiceThread(); ArrayList<Network> defaultNetworks = new ArrayList<>(); NetworkAgentInfo defaultNetwork = getDefaultNetwork(); for (NetworkAgentInfo nai : mNetworkAgentInfos.values()) { Loading @@ -5790,8 +5834,15 @@ public class ConnectivityService extends IConnectivityManager.Stub * properties tracked by NetworkStatsService on an active iface has changed. */ private void notifyIfacesChangedForNetworkStats() { ensureRunningOnConnectivityServiceThread(); String activeIface = null; LinkProperties activeLinkProperties = getActiveLinkProperties(); if (activeLinkProperties != null) { activeIface = activeLinkProperties.getInterfaceName(); } try { mStatsService.forceUpdateIfaces(getDefaultNetworks()); mStatsService.forceUpdateIfaces( getDefaultNetworks(), getAllVpnInfo(), getAllNetworkState(), activeIface); } catch (Exception ignored) { } } Loading Loading @@ -5823,7 +5874,11 @@ public class ConnectivityService extends IConnectivityManager.Stub success = mVpns.get(user).setUnderlyingNetworks(networks); } if (success) { mHandler.post(() -> notifyIfacesChangedForNetworkStats()); mHandler.post(() -> { // Update VPN's capabilities based on updated underlying network set. updateAllVpnsCapabilities(); notifyIfacesChangedForNetworkStats(); }); } return success; } Loading services/core/java/com/android/server/connectivity/Vpn.java +52 −14 Original line number Diff line number Diff line Loading @@ -273,7 +273,7 @@ public class Vpn { mNetworkCapabilities = new NetworkCapabilities(); mNetworkCapabilities.addTransportType(NetworkCapabilities.TRANSPORT_VPN); mNetworkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN); updateCapabilities(); updateCapabilities(null /* defaultNetwork */); loadAlwaysOnPackage(); } Loading @@ -300,18 +300,39 @@ public class Vpn { updateAlwaysOnNotification(detailedState); } public void updateCapabilities() { final Network[] underlyingNetworks = (mConfig != null) ? mConfig.underlyingNetworks : null; updateCapabilities(mContext.getSystemService(ConnectivityManager.class), underlyingNetworks, mNetworkCapabilities); /** * Updates {@link #mNetworkCapabilities} based on current underlying networks and returns a * defensive copy. * * <p>Does not propagate updated capabilities to apps. * * @param defaultNetwork underlying network for VPNs following platform's default */ public synchronized NetworkCapabilities updateCapabilities( @Nullable Network defaultNetwork) { if (mConfig == null) { // VPN is not running. return null; } if (mNetworkAgent != null) { mNetworkAgent.sendNetworkCapabilities(mNetworkCapabilities); Network[] underlyingNetworks = mConfig.underlyingNetworks; if (underlyingNetworks == null && defaultNetwork != null) { // null underlying networks means to track the default. underlyingNetworks = new Network[] { defaultNetwork }; } applyUnderlyingCapabilities( mContext.getSystemService(ConnectivityManager.class), underlyingNetworks, mNetworkCapabilities); return new NetworkCapabilities(mNetworkCapabilities); } @VisibleForTesting public static void updateCapabilities(ConnectivityManager cm, Network[] underlyingNetworks, public static void applyUnderlyingCapabilities( ConnectivityManager cm, Network[] underlyingNetworks, NetworkCapabilities caps) { int[] transportTypes = new int[] { NetworkCapabilities.TRANSPORT_VPN }; int downKbps = NetworkCapabilities.LINK_BANDWIDTH_UNSPECIFIED; Loading @@ -323,6 +344,7 @@ public class Vpn { boolean hadUnderlyingNetworks = false; if (null != underlyingNetworks) { for (Network underlying : underlyingNetworks) { // TODO(b/124469351): Get capabilities directly from ConnectivityService instead. final NetworkCapabilities underlyingCaps = cm.getNetworkCapabilities(underlying); if (underlyingCaps == null) continue; hadUnderlyingNetworks = true; Loading Loading @@ -993,9 +1015,8 @@ public class Vpn { } /** * Establish a VPN network and return the file descriptor of the VPN * interface. This methods returns {@code null} if the application is * revoked or not prepared. * Establish a VPN network and return the file descriptor of the VPN interface. This methods * returns {@code null} if the application is revoked or not prepared. * * @param config The parameters to configure the network. * @return The file descriptor of the VPN interface. Loading Loading @@ -1242,6 +1263,11 @@ public class Vpn { return ranges; } /** * Updates UID ranges for this VPN and also updates its internal capabilities. * * <p>Should be called on primary ConnectivityService thread. */ public void onUserAdded(int userHandle) { // If the user is restricted tie them to the parent user's VPN UserInfo user = UserManager.get(mContext).getUserInfo(userHandle); Loading @@ -1252,8 +1278,9 @@ public class Vpn { try { addUserToRanges(existingRanges, userHandle, mConfig.allowedApplications, mConfig.disallowedApplications); // ConnectivityService will call {@link #updateCapabilities} and apply // those for VPN network. mNetworkCapabilities.setUids(existingRanges); updateCapabilities(); } catch (Exception e) { Log.wtf(TAG, "Failed to add restricted user to owner", e); } Loading @@ -1263,6 +1290,11 @@ public class Vpn { } } /** * Updates UID ranges for this VPN and also updates its capabilities. * * <p>Should be called on primary ConnectivityService thread. */ public void onUserRemoved(int userHandle) { // clean up if restricted UserInfo user = UserManager.get(mContext).getUserInfo(userHandle); Loading @@ -1274,8 +1306,9 @@ public class Vpn { final List<UidRange> removedRanges = uidRangesForUser(userHandle, existingRanges); existingRanges.removeAll(removedRanges); // ConnectivityService will call {@link #updateCapabilities} and // apply those for VPN network. mNetworkCapabilities.setUids(existingRanges); updateCapabilities(); } catch (Exception e) { Log.wtf(TAG, "Failed to remove restricted user to owner", e); } Loading Loading @@ -1483,6 +1516,12 @@ public class Vpn { return success; } /** * Updates underlying network set. * * <p>Note: Does not updates capabilities. Call {@link #updateCapabilities} from * ConnectivityService thread to get updated capabilities. */ public synchronized boolean setUnderlyingNetworks(Network[] networks) { if (!isCallerEstablishedOwnerLocked()) { return false; Loading @@ -1499,7 +1538,6 @@ public class Vpn { } } } updateCapabilities(); return true; } Loading services/core/java/com/android/server/net/NetworkStatsService.java +22 −31 Original line number Diff line number Diff line Loading @@ -82,7 +82,6 @@ import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.net.DataUsageRequest; import android.net.IConnectivityManager; import android.net.INetworkManagementEventObserver; import android.net.INetworkStatsService; import android.net.INetworkStatsSession; Loading Loading @@ -161,9 +160,8 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // Perform polling and persist all (FLAG_PERSIST_ALL). private static final int MSG_PERFORM_POLL = 1; private static final int MSG_UPDATE_IFACES = 2; // Perform polling, persist network, and register the global alert again. private static final int MSG_PERFORM_POLL_REGISTER_ALERT = 3; private static final int MSG_PERFORM_POLL_REGISTER_ALERT = 2; /** Flags to control detail level of poll event. */ private static final int FLAG_PERSIST_NETWORK = 0x1; Loading Loading @@ -196,8 +194,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final boolean mUseBpfTrafficStats; private IConnectivityManager mConnManager; @VisibleForTesting public static final String ACTION_NETWORK_STATS_POLL = "com.android.server.action.NETWORK_STATS_POLL"; Loading Loading @@ -259,6 +255,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final ArrayMap<String, NetworkIdentitySet> mActiveUidIfaces = new ArrayMap<>(); /** Current default active iface. */ @GuardedBy("mStatsLock") private String mActiveIface; /** Set of any ifaces associated with mobile networks since boot. */ Loading @@ -269,6 +266,10 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @GuardedBy("mStatsLock") private Network[] mDefaultNetworks = new Network[0]; /** Set containing info about active VPNs and their underlying networks. */ @GuardedBy("mStatsLock") private VpnInfo[] mVpnInfos = new VpnInfo[0]; private final DropBoxNonMonotonicObserver mNonMonotonicObserver = new DropBoxNonMonotonicObserver(); Loading Loading @@ -371,10 +372,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mHandlerCallback = callback; } public void bindConnectivityManager(IConnectivityManager connManager) { mConnManager = checkNotNull(connManager, "missing IConnectivityManager"); } public void systemReady() { mSystemReady = true; Loading Loading @@ -853,13 +850,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } @Override public void forceUpdateIfaces(Network[] defaultNetworks) { public void forceUpdateIfaces( Network[] defaultNetworks, VpnInfo[] vpnArray, NetworkState[] networkStates, String activeIface) { mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG); assertBandwidthControlEnabled(); final long token = Binder.clearCallingIdentity(); try { updateIfaces(defaultNetworks); updateIfaces(defaultNetworks, vpnArray, networkStates, activeIface); } finally { Binder.restoreCallingIdentity(token); } Loading Loading @@ -1077,11 +1078,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } }; private void updateIfaces(Network[] defaultNetworks) { private void updateIfaces( Network[] defaultNetworks, VpnInfo[] vpnArray, NetworkState[] networkStates, String activeIface) { synchronized (mStatsLock) { mWakeLock.acquire(); try { updateIfacesLocked(defaultNetworks); mVpnInfos = vpnArray; mActiveIface = activeIface; updateIfacesLocked(defaultNetworks, networkStates); } finally { mWakeLock.release(); } Loading @@ -1095,7 +1102,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { * {@link NetworkIdentitySet}. */ @GuardedBy("mStatsLock") private void updateIfacesLocked(Network[] defaultNetworks) { private void updateIfacesLocked(Network[] defaultNetworks, NetworkState[] states) { if (!mSystemReady) return; if (LOGV) Slog.v(TAG, "updateIfacesLocked()"); Loading @@ -1107,18 +1114,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // will be persisted during next alarm poll event. performPollLocked(FLAG_PERSIST_NETWORK); final NetworkState[] states; final LinkProperties activeLink; try { states = mConnManager.getAllNetworkState(); activeLink = mConnManager.getActiveLinkProperties(); } catch (RemoteException e) { // ignored; service lives in system_server return; } mActiveIface = activeLink != null ? activeLink.getInterfaceName() : null; // Rebuild active interfaces based on connected networks mActiveIfaces.clear(); mActiveUidIfaces.clear(); Loading Loading @@ -1230,7 +1225,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { Trace.traceEnd(TRACE_TAG_NETWORK); // For per-UID stats, pass the VPN info so VPN traffic is reattributed to responsible apps. VpnInfo[] vpnArray = mConnManager.getAllVpnInfo(); VpnInfo[] vpnArray = mVpnInfos; Trace.traceBegin(TRACE_TAG_NETWORK, "recordUid"); mUidRecorder.recordSnapshotLocked(uidSnapshot, mActiveUidIfaces, vpnArray, currentTime); Trace.traceEnd(TRACE_TAG_NETWORK); Loading Loading @@ -1689,10 +1684,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mService.performPoll(FLAG_PERSIST_ALL); return true; } case MSG_UPDATE_IFACES: { mService.updateIfaces(null); return true; } case MSG_PERFORM_POLL_REGISTER_ALERT: { mService.performPoll(FLAG_PERSIST_NETWORK); mService.registerGlobalAlert(); Loading Loading
core/java/android/net/IConnectivityManager.aidl +0 −2 Original line number Diff line number Diff line Loading @@ -120,8 +120,6 @@ interface IConnectivityManager LegacyVpnInfo getLegacyVpnInfo(int userId); VpnInfo[] getAllVpnInfo(); boolean updateLockdownVpn(); boolean isAlwaysOnVpnPackageSupported(int userId, String packageName); boolean setAlwaysOnVpnPackage(int userId, String packageName, boolean lockdown); Loading
core/java/android/net/INetworkStatsService.aidl +7 −1 Original line number Diff line number Diff line Loading @@ -19,11 +19,13 @@ package android.net; import android.net.DataUsageRequest; import android.net.INetworkStatsSession; import android.net.Network; import android.net.NetworkState; import android.net.NetworkStats; import android.net.NetworkStatsHistory; import android.net.NetworkTemplate; import android.os.IBinder; import android.os.Messenger; import com.android.internal.net.VpnInfo; /** {@hide} */ interface INetworkStatsService { Loading Loading @@ -58,7 +60,11 @@ interface INetworkStatsService { void incrementOperationCount(int uid, int tag, int operationCount); /** Force update of ifaces. */ void forceUpdateIfaces(in Network[] defaultNetworks); void forceUpdateIfaces( in Network[] defaultNetworks, in VpnInfo[] vpnArray, in NetworkState[] networkStates, in String activeIface); /** Force update of statistics. */ void forceUpdate(); Loading
services/core/java/com/android/server/ConnectivityService.java +66 −11 Original line number Diff line number Diff line Loading @@ -867,7 +867,8 @@ public class ConnectivityService extends IConnectivityManager.Stub mPermissionMonitor = new PermissionMonitor(mContext, mNetd); //set up the listener for user state for creating user VPNs // Set up the listener for user state for creating user VPNs. // Should run on mHandler to avoid any races. IntentFilter intentFilter = new IntentFilter(); intentFilter.addAction(Intent.ACTION_USER_STARTED); intentFilter.addAction(Intent.ACTION_USER_STOPPED); Loading @@ -875,7 +876,11 @@ public class ConnectivityService extends IConnectivityManager.Stub intentFilter.addAction(Intent.ACTION_USER_REMOVED); intentFilter.addAction(Intent.ACTION_USER_UNLOCKED); mContext.registerReceiverAsUser( mUserIntentReceiver, UserHandle.ALL, intentFilter, null, null); mUserIntentReceiver, UserHandle.ALL, intentFilter, null /* broadcastPermission */, mHandler); mContext.registerReceiverAsUser(mUserPresentReceiver, UserHandle.SYSTEM, new IntentFilter(Intent.ACTION_USER_PRESENT), null, null); Loading Loading @@ -3738,12 +3743,14 @@ public class ConnectivityService extends IConnectivityManager.Stub } /** * Return the information of all ongoing VPNs. This method is used by NetworkStatsService * and not available in ConnectivityManager. * Return the information of all ongoing VPNs. * * <p>This method is used to update NetworkStatsService. * * <p>Must be called on the handler thread. */ @Override public VpnInfo[] getAllVpnInfo() { enforceConnectivityInternalPermission(); private VpnInfo[] getAllVpnInfo() { ensureRunningOnConnectivityServiceThread(); synchronized (mVpns) { if (mLockdownEnabled) { return new VpnInfo[0]; Loading Loading @@ -3815,17 +3822,27 @@ public class ConnectivityService extends IConnectivityManager.Stub * handler thread through their agent, this is asynchronous. When the capabilities objects * are computed they will be up-to-date as they are computed synchronously from here and * this is running on the ConnectivityService thread. * TODO : Fix this and call updateCapabilities inline to remove out-of-order events. */ private void updateAllVpnsCapabilities() { Network defaultNetwork = getNetwork(getDefaultNetwork()); synchronized (mVpns) { for (int i = 0; i < mVpns.size(); i++) { final Vpn vpn = mVpns.valueAt(i); vpn.updateCapabilities(); NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork); updateVpnCapabilities(vpn, nc); } } } private void updateVpnCapabilities(Vpn vpn, @Nullable NetworkCapabilities nc) { ensureRunningOnConnectivityServiceThread(); NetworkAgentInfo vpnNai = getNetworkAgentInfoForNetId(vpn.getNetId()); if (vpnNai == null || nc == null) { return; } updateCapabilities(vpnNai.getCurrentScore(), vpnNai, nc); } @Override public boolean updateLockdownVpn() { if (Binder.getCallingUid() != Process.SYSTEM_UID) { Loading Loading @@ -4132,21 +4149,27 @@ public class ConnectivityService extends IConnectivityManager.Stub } private void onUserAdded(int userId) { Network defaultNetwork = getNetwork(getDefaultNetwork()); synchronized (mVpns) { final int vpnsSize = mVpns.size(); for (int i = 0; i < vpnsSize; i++) { Vpn vpn = mVpns.valueAt(i); vpn.onUserAdded(userId); NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork); updateVpnCapabilities(vpn, nc); } } } private void onUserRemoved(int userId) { Network defaultNetwork = getNetwork(getDefaultNetwork()); synchronized (mVpns) { final int vpnsSize = mVpns.size(); for (int i = 0; i < vpnsSize; i++) { Vpn vpn = mVpns.valueAt(i); vpn.onUserRemoved(userId); NetworkCapabilities nc = vpn.updateCapabilities(defaultNetwork); updateVpnCapabilities(vpn, nc); } } } Loading @@ -4165,6 +4188,7 @@ public class ConnectivityService extends IConnectivityManager.Stub private BroadcastReceiver mUserIntentReceiver = new BroadcastReceiver() { @Override public void onReceive(Context context, Intent intent) { ensureRunningOnConnectivityServiceThread(); final String action = intent.getAction(); final int userId = intent.getIntExtra(Intent.EXTRA_USER_HANDLE, UserHandle.USER_NULL); if (userId == UserHandle.USER_NULL) return; Loading Loading @@ -4650,6 +4674,19 @@ public class ConnectivityService extends IConnectivityManager.Stub return getNetworkForRequest(mDefaultRequest.requestId); } @Nullable private Network getNetwork(@Nullable NetworkAgentInfo nai) { return nai != null ? nai.network : null; } private void ensureRunningOnConnectivityServiceThread() { if (mHandler.getLooper().getThread() != Thread.currentThread()) { throw new IllegalStateException( "Not running on ConnectivityService thread: " + Thread.currentThread().getName()); } } private boolean isDefaultNetwork(NetworkAgentInfo nai) { return nai == getDefaultNetwork(); } Loading Loading @@ -5197,6 +5234,8 @@ public class ConnectivityService extends IConnectivityManager.Stub updateTcpBufferSizes(newNetwork); mDnsManager.setDefaultDnsSystemProperties(newNetwork.linkProperties.getDnsServers()); notifyIfacesChangedForNetworkStats(); // Fix up the NetworkCapabilities of any VPNs that don't specify underlying networks. updateAllVpnsCapabilities(); } private void processListenRequests(NetworkAgentInfo nai, boolean capabilitiesChanged) { Loading Loading @@ -5630,6 +5669,10 @@ public class ConnectivityService extends IConnectivityManager.Stub // doing. updateSignalStrengthThresholds(networkAgent, "CONNECT", null); if (networkAgent.isVPN()) { updateAllVpnsCapabilities(); } // Consider network even though it is not yet validated. final long now = SystemClock.elapsedRealtime(); rematchNetworkAndRequests(networkAgent, ReapUnvalidatedNetworks.REAP, now); Loading Loading @@ -5775,6 +5818,7 @@ public class ConnectivityService extends IConnectivityManager.Stub * Must be called on the handler thread. */ private Network[] getDefaultNetworks() { ensureRunningOnConnectivityServiceThread(); ArrayList<Network> defaultNetworks = new ArrayList<>(); NetworkAgentInfo defaultNetwork = getDefaultNetwork(); for (NetworkAgentInfo nai : mNetworkAgentInfos.values()) { Loading @@ -5790,8 +5834,15 @@ public class ConnectivityService extends IConnectivityManager.Stub * properties tracked by NetworkStatsService on an active iface has changed. */ private void notifyIfacesChangedForNetworkStats() { ensureRunningOnConnectivityServiceThread(); String activeIface = null; LinkProperties activeLinkProperties = getActiveLinkProperties(); if (activeLinkProperties != null) { activeIface = activeLinkProperties.getInterfaceName(); } try { mStatsService.forceUpdateIfaces(getDefaultNetworks()); mStatsService.forceUpdateIfaces( getDefaultNetworks(), getAllVpnInfo(), getAllNetworkState(), activeIface); } catch (Exception ignored) { } } Loading Loading @@ -5823,7 +5874,11 @@ public class ConnectivityService extends IConnectivityManager.Stub success = mVpns.get(user).setUnderlyingNetworks(networks); } if (success) { mHandler.post(() -> notifyIfacesChangedForNetworkStats()); mHandler.post(() -> { // Update VPN's capabilities based on updated underlying network set. updateAllVpnsCapabilities(); notifyIfacesChangedForNetworkStats(); }); } return success; } Loading
services/core/java/com/android/server/connectivity/Vpn.java +52 −14 Original line number Diff line number Diff line Loading @@ -273,7 +273,7 @@ public class Vpn { mNetworkCapabilities = new NetworkCapabilities(); mNetworkCapabilities.addTransportType(NetworkCapabilities.TRANSPORT_VPN); mNetworkCapabilities.removeCapability(NetworkCapabilities.NET_CAPABILITY_NOT_VPN); updateCapabilities(); updateCapabilities(null /* defaultNetwork */); loadAlwaysOnPackage(); } Loading @@ -300,18 +300,39 @@ public class Vpn { updateAlwaysOnNotification(detailedState); } public void updateCapabilities() { final Network[] underlyingNetworks = (mConfig != null) ? mConfig.underlyingNetworks : null; updateCapabilities(mContext.getSystemService(ConnectivityManager.class), underlyingNetworks, mNetworkCapabilities); /** * Updates {@link #mNetworkCapabilities} based on current underlying networks and returns a * defensive copy. * * <p>Does not propagate updated capabilities to apps. * * @param defaultNetwork underlying network for VPNs following platform's default */ public synchronized NetworkCapabilities updateCapabilities( @Nullable Network defaultNetwork) { if (mConfig == null) { // VPN is not running. return null; } if (mNetworkAgent != null) { mNetworkAgent.sendNetworkCapabilities(mNetworkCapabilities); Network[] underlyingNetworks = mConfig.underlyingNetworks; if (underlyingNetworks == null && defaultNetwork != null) { // null underlying networks means to track the default. underlyingNetworks = new Network[] { defaultNetwork }; } applyUnderlyingCapabilities( mContext.getSystemService(ConnectivityManager.class), underlyingNetworks, mNetworkCapabilities); return new NetworkCapabilities(mNetworkCapabilities); } @VisibleForTesting public static void updateCapabilities(ConnectivityManager cm, Network[] underlyingNetworks, public static void applyUnderlyingCapabilities( ConnectivityManager cm, Network[] underlyingNetworks, NetworkCapabilities caps) { int[] transportTypes = new int[] { NetworkCapabilities.TRANSPORT_VPN }; int downKbps = NetworkCapabilities.LINK_BANDWIDTH_UNSPECIFIED; Loading @@ -323,6 +344,7 @@ public class Vpn { boolean hadUnderlyingNetworks = false; if (null != underlyingNetworks) { for (Network underlying : underlyingNetworks) { // TODO(b/124469351): Get capabilities directly from ConnectivityService instead. final NetworkCapabilities underlyingCaps = cm.getNetworkCapabilities(underlying); if (underlyingCaps == null) continue; hadUnderlyingNetworks = true; Loading Loading @@ -993,9 +1015,8 @@ public class Vpn { } /** * Establish a VPN network and return the file descriptor of the VPN * interface. This methods returns {@code null} if the application is * revoked or not prepared. * Establish a VPN network and return the file descriptor of the VPN interface. This methods * returns {@code null} if the application is revoked or not prepared. * * @param config The parameters to configure the network. * @return The file descriptor of the VPN interface. Loading Loading @@ -1242,6 +1263,11 @@ public class Vpn { return ranges; } /** * Updates UID ranges for this VPN and also updates its internal capabilities. * * <p>Should be called on primary ConnectivityService thread. */ public void onUserAdded(int userHandle) { // If the user is restricted tie them to the parent user's VPN UserInfo user = UserManager.get(mContext).getUserInfo(userHandle); Loading @@ -1252,8 +1278,9 @@ public class Vpn { try { addUserToRanges(existingRanges, userHandle, mConfig.allowedApplications, mConfig.disallowedApplications); // ConnectivityService will call {@link #updateCapabilities} and apply // those for VPN network. mNetworkCapabilities.setUids(existingRanges); updateCapabilities(); } catch (Exception e) { Log.wtf(TAG, "Failed to add restricted user to owner", e); } Loading @@ -1263,6 +1290,11 @@ public class Vpn { } } /** * Updates UID ranges for this VPN and also updates its capabilities. * * <p>Should be called on primary ConnectivityService thread. */ public void onUserRemoved(int userHandle) { // clean up if restricted UserInfo user = UserManager.get(mContext).getUserInfo(userHandle); Loading @@ -1274,8 +1306,9 @@ public class Vpn { final List<UidRange> removedRanges = uidRangesForUser(userHandle, existingRanges); existingRanges.removeAll(removedRanges); // ConnectivityService will call {@link #updateCapabilities} and // apply those for VPN network. mNetworkCapabilities.setUids(existingRanges); updateCapabilities(); } catch (Exception e) { Log.wtf(TAG, "Failed to remove restricted user to owner", e); } Loading Loading @@ -1483,6 +1516,12 @@ public class Vpn { return success; } /** * Updates underlying network set. * * <p>Note: Does not updates capabilities. Call {@link #updateCapabilities} from * ConnectivityService thread to get updated capabilities. */ public synchronized boolean setUnderlyingNetworks(Network[] networks) { if (!isCallerEstablishedOwnerLocked()) { return false; Loading @@ -1499,7 +1538,6 @@ public class Vpn { } } } updateCapabilities(); return true; } Loading
services/core/java/com/android/server/net/NetworkStatsService.java +22 −31 Original line number Diff line number Diff line Loading @@ -82,7 +82,6 @@ import android.content.IntentFilter; import android.content.pm.ApplicationInfo; import android.content.pm.PackageManager; import android.net.DataUsageRequest; import android.net.IConnectivityManager; import android.net.INetworkManagementEventObserver; import android.net.INetworkStatsService; import android.net.INetworkStatsSession; Loading Loading @@ -161,9 +160,8 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // Perform polling and persist all (FLAG_PERSIST_ALL). private static final int MSG_PERFORM_POLL = 1; private static final int MSG_UPDATE_IFACES = 2; // Perform polling, persist network, and register the global alert again. private static final int MSG_PERFORM_POLL_REGISTER_ALERT = 3; private static final int MSG_PERFORM_POLL_REGISTER_ALERT = 2; /** Flags to control detail level of poll event. */ private static final int FLAG_PERSIST_NETWORK = 0x1; Loading Loading @@ -196,8 +194,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final boolean mUseBpfTrafficStats; private IConnectivityManager mConnManager; @VisibleForTesting public static final String ACTION_NETWORK_STATS_POLL = "com.android.server.action.NETWORK_STATS_POLL"; Loading Loading @@ -259,6 +255,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { private final ArrayMap<String, NetworkIdentitySet> mActiveUidIfaces = new ArrayMap<>(); /** Current default active iface. */ @GuardedBy("mStatsLock") private String mActiveIface; /** Set of any ifaces associated with mobile networks since boot. */ Loading @@ -269,6 +266,10 @@ public class NetworkStatsService extends INetworkStatsService.Stub { @GuardedBy("mStatsLock") private Network[] mDefaultNetworks = new Network[0]; /** Set containing info about active VPNs and their underlying networks. */ @GuardedBy("mStatsLock") private VpnInfo[] mVpnInfos = new VpnInfo[0]; private final DropBoxNonMonotonicObserver mNonMonotonicObserver = new DropBoxNonMonotonicObserver(); Loading Loading @@ -371,10 +372,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mHandlerCallback = callback; } public void bindConnectivityManager(IConnectivityManager connManager) { mConnManager = checkNotNull(connManager, "missing IConnectivityManager"); } public void systemReady() { mSystemReady = true; Loading Loading @@ -853,13 +850,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } @Override public void forceUpdateIfaces(Network[] defaultNetworks) { public void forceUpdateIfaces( Network[] defaultNetworks, VpnInfo[] vpnArray, NetworkState[] networkStates, String activeIface) { mContext.enforceCallingOrSelfPermission(READ_NETWORK_USAGE_HISTORY, TAG); assertBandwidthControlEnabled(); final long token = Binder.clearCallingIdentity(); try { updateIfaces(defaultNetworks); updateIfaces(defaultNetworks, vpnArray, networkStates, activeIface); } finally { Binder.restoreCallingIdentity(token); } Loading Loading @@ -1077,11 +1078,17 @@ public class NetworkStatsService extends INetworkStatsService.Stub { } }; private void updateIfaces(Network[] defaultNetworks) { private void updateIfaces( Network[] defaultNetworks, VpnInfo[] vpnArray, NetworkState[] networkStates, String activeIface) { synchronized (mStatsLock) { mWakeLock.acquire(); try { updateIfacesLocked(defaultNetworks); mVpnInfos = vpnArray; mActiveIface = activeIface; updateIfacesLocked(defaultNetworks, networkStates); } finally { mWakeLock.release(); } Loading @@ -1095,7 +1102,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { * {@link NetworkIdentitySet}. */ @GuardedBy("mStatsLock") private void updateIfacesLocked(Network[] defaultNetworks) { private void updateIfacesLocked(Network[] defaultNetworks, NetworkState[] states) { if (!mSystemReady) return; if (LOGV) Slog.v(TAG, "updateIfacesLocked()"); Loading @@ -1107,18 +1114,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { // will be persisted during next alarm poll event. performPollLocked(FLAG_PERSIST_NETWORK); final NetworkState[] states; final LinkProperties activeLink; try { states = mConnManager.getAllNetworkState(); activeLink = mConnManager.getActiveLinkProperties(); } catch (RemoteException e) { // ignored; service lives in system_server return; } mActiveIface = activeLink != null ? activeLink.getInterfaceName() : null; // Rebuild active interfaces based on connected networks mActiveIfaces.clear(); mActiveUidIfaces.clear(); Loading Loading @@ -1230,7 +1225,7 @@ public class NetworkStatsService extends INetworkStatsService.Stub { Trace.traceEnd(TRACE_TAG_NETWORK); // For per-UID stats, pass the VPN info so VPN traffic is reattributed to responsible apps. VpnInfo[] vpnArray = mConnManager.getAllVpnInfo(); VpnInfo[] vpnArray = mVpnInfos; Trace.traceBegin(TRACE_TAG_NETWORK, "recordUid"); mUidRecorder.recordSnapshotLocked(uidSnapshot, mActiveUidIfaces, vpnArray, currentTime); Trace.traceEnd(TRACE_TAG_NETWORK); Loading Loading @@ -1689,10 +1684,6 @@ public class NetworkStatsService extends INetworkStatsService.Stub { mService.performPoll(FLAG_PERSIST_ALL); return true; } case MSG_UPDATE_IFACES: { mService.updateIfaces(null); return true; } case MSG_PERFORM_POLL_REGISTER_ALERT: { mService.performPoll(FLAG_PERSIST_NETWORK); mService.registerGlobalAlert(); Loading
